www.secnews.physaphae.fr

www.secnews.physaphae.fr This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-12T09:17:38+00:00 www.secnews.physaphae.fr RiskIQ - cyber risk firms (now microsoft) DPRK IT Workers | A Network of Active Front Companies and Their Links to China 2024-11-26T20:22:49+00:00 https://community.riskiq.com/article/d3dd2b00 www.secnews.physaphae.fr/article.php?IdArticle=8617941 False Tool,Threat,Mobile None 2.0000000000000000 Dark Reading - Informationweek Branch Salt Typhoon Builds Out Malware Arsenal With GhostSpider The APT, aka Earth Estries, is one of China\'s most effective threat actors, performing espionage for sometimes years on end against telcos, ISPs, and governments before being detected.]]> 2024-11-26T20:13:20+00:00 https://www.darkreading.com/application-security/salt-typhoon-malware-arsenal-ghostspider www.secnews.physaphae.fr/article.php?IdArticle=8617938 False Malware,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) Hexon Stealer the Long Journey of Copying Hiding and Rebranding 2024-11-26T19:33:51+00:00 https://community.riskiq.com/article/19796350 www.secnews.physaphae.fr/article.php?IdArticle=8617934 False Ransomware,Spam,Malware,Tool,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) CISA Adds One Known Exploited Vulnerability to Catalog: CVE-2023-28461 ## Snapshot The Cybersecurity and Infrastructure Security Agency (CISA) reports the active exploitation of CVE-2023-28461. ## Description CISA has added a new vulnerability to its [Known E]]> 2024-11-26T18:21:06+00:00 https://community.riskiq.com/article/4d4a4d34 www.secnews.physaphae.fr/article.php?IdArticle=8617924 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks The Russia-aligned threat actor known as RomCom has been linked to the zero-day exploitation of two security flaws, one in Mozilla Firefox and the other in Microsoft Windows, as part of attacks designed to deliver the eponymous backdoor on victim systems. "In a successful attack, if a victim browses a web page containing the exploit, an adversary can run arbitrary code – without any user]]> 2024-11-26T16:04:00+00:00 https://thehackernews.com/2024/11/romcom-exploits-zero-day-firefox-and.html www.secnews.physaphae.fr/article.php?IdArticle=8617860 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries The China-linked threat actor known as Earth Estries has been observed using a previously undocumented backdoor called GHOSTSPIDER as part of its attacks targeting Southeast Asian telecommunications companies. Trend Micro, which described the hacking group as an aggressive advanced persistent threat (APT), said the intrusions also involved the use of another cross-platform backdoor dubbed]]> 2024-11-26T15:49:00+00:00 https://thehackernews.com/2024/11/chinese-hackers-use-ghostspider-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8617861 False Malware,Hack,Threat None 3.0000000000000000 ProofPoint - Cyber Firms House Call: Why the World\\'s Largest Home Services Company Chose Proofpoint Over Abnormal Security 2024-11-26T14:46:13+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/home-services-company-chooses-proofpoint-over-abnormal www.secnews.physaphae.fr/article.php?IdArticle=8617920 False Ransomware,Spam,Malware,Tool,Threat None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC What Are Computer Worms? 2024-11-26T14:37:00+00:00 https://levelblue.com/blogs/security-essentials/what-are-computer-worms www.secnews.physaphae.fr/article.php?IdArticle=8618712 False Ransomware,Data Breach,Spam,Malware,Tool,Vulnerability,Threat,Patching,Mobile,Industrial,Medical,Technical Wannacry 2.0000000000000000 Security Intelligence - Site de news Américain 83% of organizations reported insider attacks in 2024 According to Cybersecurity Insiders’ recent 2024 Insider Threat Report, 83% of organizations reported at least one insider attack in the last year. Even more surprising than this statistic is that organizations that experienced 11-20 insider attacks saw an increase of five times the amount of attacks they did in 2023 — moving from just 4% […]

>According to Cybersecurity Insiders’ recent 2024 Insider Threat Report, 83% of organizations reported at least one insider attack in the last year. Even more surprising than this statistic is that organizations that experienced 11-20 insider attacks saw an increase of five times the amount of attacks they did in 2023 — moving from just 4% […] ]]> 2024-11-26T14:00:00+00:00 https://securityintelligence.com/articles/83-percent-organizations-reported-insider-threats-2024/ www.secnews.physaphae.fr/article.php?IdArticle=8618407 False Threat None 3.0000000000000000 Checkpoint - Fabricant Materiel Securite The Black Friday Cybercrime Economy The holidays are here, and as people all over the world prepare to celebrate with their families, cyber criminals are putting in overtime. With Black Friday and Cyber Monday approaching, threat actors are poised to take advantage of consumers hoping to shop the yearly discounts. The scams have already started: Check Point Research has already identified a major increase in malicious websites related to the start of the shopping season. Threats against retailers are already up year over year, indicating that we might be in for a particularly risky holiday window. There are a few simple ways to shop securely […]

>The holidays are here, and as people all over the world prepare to celebrate with their families, cyber criminals are putting in overtime. With Black Friday and Cyber Monday approaching, threat actors are poised to take advantage of consumers hoping to shop the yearly discounts. The scams have already started: Check Point Research has already identified a major increase in malicious websites related to the start of the shopping season. Threats against retailers are already up year over year, indicating that we might be in for a particularly risky holiday window. There are a few simple ways to shop securely […] ]]> 2024-11-26T13:00:51+00:00 https://blog.checkpoint.com/security/the-black-friday-cybercrime-economy/ www.secnews.physaphae.fr/article.php?IdArticle=8617884 False Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Aggressive Chinese APT Group Targets Governments with New Backdoors A Trend Micro analysis of Earth Estries found that the Chinese threat actor is using new backdoors to avoid detection during espionage operations]]> 2024-11-26T13:00:00+00:00 https://www.infosecurity-magazine.com/news/chinese-apt-governments-backdoors/ www.secnews.physaphae.fr/article.php?IdArticle=8617871 False Threat,Prediction None 3.0000000000000000 ANSSI - Flux Étatique Francais Forum économique mondial de Genève 2024 : l\'ANSSI au cœur des enjeux de cybersécurité anssiadm mar 26/11/2024 - 10:34 L\'ANSSI a pris part pour la première fois à la réunion annuelle sur la cybersécurité du 11 au 13 novembre 2024 à Genève dans le cadre du Forum économique mondial. Chaque année, dans le cadre du Forum économique mondial - World Economic Forum (WEF), think-tank international basé en Suisse, se tient la réunion annuelle sur la cybersécurité. Plus de 150 des plus grands leaders mondiaux de la cybersécurité issus de gouvernements, d\'organisations internationales, d\'entreprises publiques et privées, de la société civile et du monde universitaire, se réunissent afin de dialoguer sur des stratégies et des solutions en matière de cyber résilience et de cyberdéfense, pour rester à l\'avant-garde des cybermenaces. Vincent Strubel, directeur général de l\'ANSSI a été convié pour l\'édition 2024 qui s\'est tenue du 11 au 13 novembre à Genève. Pour cette première participation de l\'ANSSI, Vincent Strubel a introduit la table-ronde " Recalibrating the Cyber Resilience Compass " sur la résilience cyber aux côtés d\'experts de l\'industrie, de la finance et d\'universitaires. L\'occasion de partager la vision de l\'Agence sur ce thème et de faire un retour d\'expérience sur la préparation et le déroulement des Jeux Olympiques et Paralympiques de Paris 2024. Parmi les autres sujets abordés pendant l\'événement, ont été débattus : les " angles morts " de l\'adoption de l\'IA ; le rôle de RSSI en 2030 ; les secteurs oubliés face aux cyberattaques ; les menaces quantiques, l\'IA comme opportunité unique dans la lutte contre la cybercriminalité ; le rôle de l\'IA dans la cybercriminalité ; ou encore la cyber résilience des chaînes d\'approvisionnement. C\'est depuis 2018 que le Forum économique mondial a créé un Centre cyber afin de structurer une communauté d\'acteurs majeurs de la cybersécurité. Il regroupe aujourd\'hui 180 membres, dont 70% iss]]> 2024-11-26T10:34:13+00:00 https://cyber.gouv.fr/actualites/forum-economique-mondial-de-geneve-2024-lanssi-au-coeur-des-enjeux-de-cybersecurite www.secnews.physaphae.fr/article.php?IdArticle=8617854 False Threat None 3.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET RomCom exploits Firefox and Windows zero days in the wild ESET Research details the analysis of a previously unknown vulnerability in Mozilla products exploited in the wild and another previously unknown Microsoft Windows vulnerability, combined in a zero-click exploit]]> 2024-11-26T10:00:00+00:00 https://www.welivesecurity.com/en/eset-research/romcom-exploits-firefox-and-windows-zero-days-in-the-wild/ www.secnews.physaphae.fr/article.php?IdArticle=8648736 False Vulnerability,Threat None 3.0000000000000000 Global Security Mag - Site de news francais New Report Reveals: Identity Fraud and Authentication Breaches Costing Retailers Millions in Lost Revenue, Recovery Expenses, and Damaged Reputation Special Reports / affiche

Retail\'s Biggest Threat Isn\'t Shoplifting, It\'s Cyber-Related Attacks by HYPR New Report Reveals: Identity Fraud and Authentication Breaches Costing Retailers Millions in Lost Revenue, Recovery Expenses, and Damaged Reputation - Special Reports / affiche]]> 2024-11-26T08:30:30+00:00 https://www.globalsecuritymag.fr/new-report-reveals-identity-fraud-and-authentication-breaches-costing-retailers.html www.secnews.physaphae.fr/article.php?IdArticle=8617841 False Threat None 3.0000000000000000 Bleeping Computer - Magazine Américain Hackers exploit critical bug in Array Networks SSL VPN products America\'s Cyber Defense Agency has received evidence of hackers actively exploiting a remote code execution vulnerability in SSL VPN products Array Networks AG and vxAG ArrayOS. [...]]]> 2024-11-26T08:26:33+00:00 https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-bug-in-array-networks-ssl-vpn-products/ www.secnews.physaphae.fr/article.php?IdArticle=8617877 False Vulnerability,Threat None 2.0000000000000000 InformationSecurityBuzzNews - Site de News Securite Malware Turns Trusted Avast Driver Into a Weapon In a chilling discovery, Trellix Advanced Research Center has uncovered a malicious campaign that turns trusted security tools into instruments of attack. The malware manipulates Avast’s Anti-Rootkit driver (aswArPot.sys) to gain deep system access, disable protective measures, and take full control of compromised systems. This sophisticated campaign is an example of a growing threat: the [...]]]> 2024-11-26T05:42:19+00:00 https://informationsecuritybuzz.com/malware-turns-avast-driver-a-weapon/ www.secnews.physaphae.fr/article.php?IdArticle=8617829 False Malware,Tool,Threat None 3.0000000000000000 The State of Security - Magazine Américain The Role of Continuous Penetration Testing in Cyber Resilience In recent years, organizations have learned how crucial penetration testing is for enhancing cyber resilience. However, traditional penetration testing is insufficient in today\'s dynamic threat landscape. Recent trends highlight the need for a more continuous and proactive approach to security testing, and continuous penetration testing is set to record huge growth over the next few years, both among large enterprises as well as SMEs. Understanding Cyber Resilience Cyber resilience, as against traditional cybersecurity, works from the standpoint of acknowledging the inevitability of cyber...]]> 2024-11-26T03:28:04+00:00 https://www.tripwire.com/state-of-security/role-continuous-penetration-testing-cyber-resilience www.secnews.physaphae.fr/article.php?IdArticle=8617851 False Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) Warning Against Malware in SVG Format Distributed via Phishing Emails 2024-11-25T22:13:05+00:00 https://community.riskiq.com/article/2758cf39 www.secnews.physaphae.fr/article.php?IdArticle=8617800 False Ransomware,Malware,Tool,Threat,Medical None 3.0000000000000000 Palo Alto Network - Site Constructeur Stoked - Manifesting Innovation in Shared Threat Intelligence Explore how skateboarding\'s collaborative spirit mirrors sharing threat intelligence in cybersecurity, fostering innovation and collective defense against emerging threats.

>Explore how skateboarding\'s collaborative spirit mirrors sharing threat intelligence in cybersecurity, fostering innovation and collective defense against emerging threats. ]]> 2024-11-25T19:21:27+00:00 https://www.paloaltonetworks.com/blog/2024/11/innovation-in-shared-threat-intelligence/ www.secnews.physaphae.fr/article.php?IdArticle=8617738 False Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) Sophos MDR blocks and tracks activity from probable Iranian state actor MuddyWater 2024-11-25T17:40:22+00:00 https://community.riskiq.com/article/ed3704da www.secnews.physaphae.fr/article.php?IdArticle=8617714 False Tool,Threat None 3.0000000000000000 McAfee Labs - Editeur Logiciel This Holiday Season, Watch Out for These Cyber-Grinch Tricks Used to Scam Holiday Shoppers

McAfee threat researchers have identified several consumer brands and product categories most frequently used by cybercriminals to trick consumers into...

McAfee threat researchers have identified several consumer brands and product categories most frequently used by cybercriminals to trick consumers into... ]]> 2024-11-25T16:23:38+00:00 https://www.mcafee.com/blogs/internet-security/holiday-season-tricks-survey-us/ www.secnews.physaphae.fr/article.php?IdArticle=8617659 False Threat None 2.0000000000000000 Checkpoint Research - Fabricant Materiel Securite 25th November – Threat Intelligence Report For the latest discoveries in cyber research for the week of 25th November, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The Library of Congress, part of the US Capitol complex and home to the world’s largest media collection, was hacked by a foreign adversary, exposing email communications between Library staff and congressional […]

>For the latest discoveries in cyber research for the week of 25th November, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The Library of Congress, part of the US Capitol complex and home to the world’s largest media collection, was hacked by a foreign adversary, exposing email communications between Library staff and congressional […] ]]> 2024-11-25T14:09:07+00:00 https://research.checkpoint.com/2024/25th-november-threat-intelligence-report/ www.secnews.physaphae.fr/article.php?IdArticle=8617609 False Threat None 2.0000000000000000 McAfee Labs - Editeur Logiciel SpyLoan: A Global Threat Exploiting Social Engineering

Authored by: Fernando Ruiz The McAfee mobile research team recently identified a significant global increase of SpyLoan, also known as...

Authored by: Fernando Ruiz The McAfee mobile research team recently identified a significant global increase of SpyLoan, also known as... ]]> 2024-11-25T13:00:06+00:00 https://www.mcafee.com/blogs/other-blogs/mcafee-labs/spyloan-a-global-threat-exploiting-social-engineering/ www.secnews.physaphae.fr/article.php?IdArticle=8617576 False Threat,Mobile None 2.0000000000000000 Dragos - CTI Society Get Your OT Cyber Threat Questions Answered in the “Ask Dragos Intel” Blog Series We are excited to announce the launch of the new “Ask Dragos Intel” blog series, created to provide you with... The post Get Your OT Cyber Threat Questions Answered in the “Ask Dragos Intel” Blog Series first appeared on Dragos.

>We are excited to announce the launch of the new “Ask Dragos Intel” blog series, created to provide you with... The post Get Your OT Cyber Threat Questions Answered in the “Ask Dragos Intel” Blog Series first appeared on Dragos.]]> 2024-11-25T13:00:00+00:00 https://www.dragos.com/blog/get-your-ot-cyber-threat-questions-answered-by-dragos-threat-intelligence/ www.secnews.physaphae.fr/article.php?IdArticle=8617575 False Threat,Industrial None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Google Deindexes Chinese Propaganda Network Google\'s threat intelligence team uncovered four Chinese PR firms operating networks of inauthentic news sites]]> 2024-11-25T12:30:00+00:00 https://www.infosecurity-magazine.com/news/google-deindexes-chinese/ www.secnews.physaphae.fr/article.php?IdArticle=8617553 False Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) Weekly OSINT Highlights, 25 November 2024 2024-11-25T12:11:18+00:00 https://community.riskiq.com/article/2bbfcf8e www.secnews.physaphae.fr/article.php?IdArticle=8617686 False Ransomware,Malware,Tool,Vulnerability,Threat,Patching,Industrial,Prediction,Cloud APT 10 2.0000000000000000 DarkTrace - DarkTrace: AI bases detection Why artificial intelligence is the future of cybersecurity This blog explores the impact of AI on the threat landscape, the benefits of AI in cybersecurity, and the role it plays in enhancing security practices and tools.]]> 2024-11-25T11:49:00+00:00 https://darktrace.com/blog/why-artificial-intelligence-is-the-future-of-cybersecurity www.secnews.physaphae.fr/article.php?IdArticle=8618009 False Tool,Threat None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial US, Australian cybersecurity agencies update BianLian ransomware threat, following recent attacks The U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Australian Cyber...

>The U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Australian Cyber... ]]> 2024-11-25T11:48:57+00:00 https://industrialcyber.co/ransomware/us-australian-cybersecurity-agencies-update-bianlian-ransomware-threat-following-recent-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8617523 False Ransomware,Threat None 2.0000000000000000 Kaspersky - Kaspersky Research blog Advanced threat predictions for 2025 Kaspersky\'s Global Research and Analysis Team monitors over 900 APT (Advanced Persistent Threat) groups and operations. In this piece of KSB series, we review the advanced threat trends from the past year and offer insights into what we can expect in 2025.]]> 2024-11-25T10:00:25+00:00 https://securelist.com/ksb-apt-predictions-2025/114582/ www.secnews.physaphae.fr/article.php?IdArticle=8617462 False Threat,Prediction None 3.0000000000000000 Korben - Bloger francais Casio CRW-001-1JR - La montre-bague rétro futuriste CRW-001-1JR. Il s’agit d’un petit bijou technologique qui célèbre les 50 ans des montres numériques Casio en miniaturisant leur design iconique dans un format très surprenant de bague. Porter au doigt tout ce qui a fait le charme des montres Casio de notre enfance, personne n’en a jamais rêvé parce que c’est bien chelou mais c’est possible ! Cette bague intelligente réussit l’exploit de condenser l’essentiel dans moins d’un pouce : un écran LCD rétro à 6 segments affichant heures, minutes et secondes avec style, et elle propose aussi l’affichage de la date, un second fuseau horaire et même un chronomètre. De quoi ravir les collectionneurs et amateurs de gadgets vintage originaux.

Vous cherchez LE cadeau de Noël original qui fera briller les yeux des geeks nostalgiques ? Casio va vous ravir avec sa première montre-bague connectée, la CRW-001-1JR. Il s’agit d’un petit bijou technologique qui célèbre les 50 ans des montres numériques Casio en miniaturisant leur design iconique dans un format très surprenant de bague. Porter au doigt tout ce qui a fait le charme des montres Casio de notre enfance, personne n’en a jamais rêvé parce que c’est bien chelou mais c’est possible ! Cette bague intelligente réussit l’exploit de condenser l’essentiel dans moins d’un pouce : un écran LCD rétro à 6 segments affichant heures, minutes et secondes avec style, et elle propose aussi l’affichage de la date, un second fuseau horaire et même un chronomètre. De quoi ravir les collectionneurs et amateurs de gadgets vintage originaux.]]> 2024-11-24T18:42:29+00:00 https://korben.info/casio-crw-001-1jr-montre-bague-connectee-noel.html www.secnews.physaphae.fr/article.php?IdArticle=8617154 False Threat None 2.0000000000000000 ProofPoint - Cyber Firms AI, Data Security, and CISO Shifts: Top Cybersecurity Trends to Watch in 2025 2024-11-24T17:40:19+00:00 https://www.proofpoint.com/us/blog/ciso-perspectives/ai-data-security-and-ciso-shifts-top-cybersecurity-trends-watch-2025 www.secnews.physaphae.fr/article.php?IdArticle=8617520 False Ransomware,Malware,Tool,Threat,Mobile,Prediction,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google Exposes GLASSBRIDGE: A Pro-China Influence Network of Fake News Sites Government agencies and non-governmental organizations in the United States have become the target of a nascent China state threat actor known as Storm-2077. The adversary, believed to be active since at least January 2024, has also conducted cyber attacks against the Defense Industrial Base (DIB), aviation, telecommunications, and financial and legal services across the world, Microsoft said.]]> 2024-11-23T17:40:00+00:00 https://thehackernews.com/2024/11/google-exposes-glassbridge-pro-china.html www.secnews.physaphae.fr/article.php?IdArticle=8616541 False Threat,Industrial None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn The North Korea-linked threat actor known as Sapphire Sleet is estimated to have stolen more than $10 million worth of cryptocurrency as part of social engineering campaigns orchestrated over a six-month period. These findings come from Microsoft, which said that multiple threat activity clusters with ties to the country have been observed creating fake profiles on LinkedIn, posing as both]]> 2024-11-23T17:23:00+00:00 https://thehackernews.com/2024/11/north-korean-hackers-steal-10m-with-ai.html www.secnews.physaphae.fr/article.php?IdArticle=8616542 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) APT-K-47 Uses Hajj-Themed Lures to Deliver Advanced Asyncshell Malware The threat actor known as Mysterious Elephant has been observed using an advanced version of malware called Asynshell. The attack campaign is said to have used Hajj-themed lures to trick victims into executing a malicious payload under the guise of a Microsoft Compiled HTML Help (CHM) file, the Knownsec 404 team said in an analysis published today. Mysterious Elephant, which is also known as]]> 2024-11-22T22:29:00+00:00 https://thehackernews.com/2024/11/apt-k-47-uses-hajj-themed-lures-to.html www.secnews.physaphae.fr/article.php?IdArticle=8616130 False Malware,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) CISA Adds Two Known Exploited Vulnerabilities to Catalog: CVE-2024-38812 & CVE-2024-38813 ## Snapshot Broadcom has issued a warning that attackers are actively exploiting two vulnerabilities in VMware vCenter Server. ## Description [CVE-2024-38812](https://security.microsoft.com/intel-explorer/cves/CVE-2024-38812/) and [CVE-2024-38813](https://security.microsoft.com/intel-explorer/cves/CVE-2024-38813/) were added to the [Known Exploited Vulnerabilities Catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-38812+CVE-2024-38813+&field_date_added_wrapper=all&field_cve=&sort_by=field_date_added&items_per_page=20&url=) after the vulnerabilites were found to be exploited in the wild. Binding Operational Directive (BOD) 22-01 requires Federal Civilian Executive Branch (F]]> 2024-11-22T22:22:18+00:00 https://community.riskiq.com/article/2eda898d www.secnews.physaphae.fr/article.php?IdArticle=8616276 False Vulnerability,Threat,Cloud None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) Helldown Ransomware: An Overview of this Emerging Threat 2024-11-22T21:45:45+00:00 https://community.riskiq.com/article/2af97093 www.secnews.physaphae.fr/article.php?IdArticle=8616252 False Ransomware,Malware,Tool,Vulnerability,Threat APT 45 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) Unveiling the Past and Present of APT-K-47 Weapon: Asyncshell 2024-11-22T21:40:13+00:00 https://community.riskiq.com/article/aac966a9 www.secnews.physaphae.fr/article.php?IdArticle=8616253 True Malware,Tool,Vulnerability,Threat None 2.0000000000000000 The Register - Site journalistique Anglais 1000s of Palo Alto Networks firewalls hijacked as miscreants exploit critical hole PAN-PAN! Intruders inject web shell backdoors, crypto-coin miners, more Thousands of Palo Alto Networks firewalls were compromised by attackers exploiting two recently patched security bugs. The intruders were able to deploy web-accessible backdoors to remotely control the equipment as well as cryptocurrency miners and other malware.…]]> 2024-11-22T21:27:09+00:00 https://go.theregister.com/feed/www.theregister.com/2024/11/22/palo_alto_firewalls_under_exploit/ www.secnews.physaphae.fr/article.php?IdArticle=8616227 False Malware,Threat None 2.0000000000000000 HackRead - Chercher Cyber Operation Lunar Peek: More Than 2,000 Palo Alto Network Firewalls Hacked The Shadowserver Foundation reports over 2,000 Palo Alto Networks firewalls have been hacked via two zero-day vulnerabilities: CVE-2024-0012…]]> 2024-11-22T18:31:26+00:00 https://hackread.com/operation-lunar-peek-palo-alto-firewalls-hacked/ www.secnews.physaphae.fr/article.php?IdArticle=8616159 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia Threat actors with ties to Russia have been linked to a cyber espionage campaign aimed at organizations in Central Asia, East Asia, and Europe. Recorded Future\'s Insikt Group, which has assigned the activity cluster the name TAG-110, said it overlaps with a threat group tracked by the Computer Emergency Response Team of Ukraine (CERT-UA) as UAC-0063, which, in turn, overlaps with APT28. The]]> 2024-11-22T17:36:00+00:00 https://thehackernews.com/2024/11/russian-hackers-deploy-hatvibe-and.html www.secnews.physaphae.fr/article.php?IdArticle=8615986 False Malware,Threat APT 28 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) Unveiling WolfsBane: Gelsemium\\'s Linux counterpart to Gelsevirine 2024-11-22T17:24:02+00:00 https://community.riskiq.com/article/fc22b3bb www.secnews.physaphae.fr/article.php?IdArticle=8616156 False Ransomware,Malware,Tool,Vulnerability,Threat,Prediction None 2.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain The Scale of Geoblocking by Nation analysis: We introduce and explore a little-known threat to digital equality and freedomwebsites geoblocking users in response to political risks from sanctions. U.S. policy prioritizes internet freedom and access to information in repressive regimes. Clarifying distinctions between free and paid websites, allowing trunk cables to repressive states, enforcing transparency in geoblocking, and removing ambiguity about sanctions compliance are concrete steps the U.S. can take to ensure it does not undermine its own aims. The paper: “...

Interesting analysis: We introduce and explore a little-known threat to digital equality and freedomwebsites geoblocking users in response to political risks from sanctions. U.S. policy prioritizes internet freedom and access to information in repressive regimes. Clarifying distinctions between free and paid websites, allowing trunk cables to repressive states, enforcing transparency in geoblocking, and removing ambiguity about sanctions compliance are concrete steps the U.S. can take to ensure it does not undermine its own aims. The paper: “...]]> 2024-11-22T12:06:07+00:00 https://www.schneier.com/blog/archives/2024/11/the-scale-of-geoblocking-by-nation.html www.secnews.physaphae.fr/article.php?IdArticle=8615984 False Threat None 3.0000000000000000 Volexity - Cyber Firms The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access KEY TAKEAWAYS Russian APT GruesomeLarch deployed a new attack technique leveraging Wi-Fi networks in close proximity to the intended target. The threat actor primarily leveraged living-off-the-land techniques. A zero-day privilege escalation was used to further gain access. Ukrainian-related work and projects were targeted in this attack, just ahead of Russian Invasion of Ukraine. In early February 2022, notably just ahead of the Russian invasion of Ukraine, Volexity made a discovery that led to one of the most fascinating and complex incident investigations Volexity had ever worked. The investigation began when an alert from a custom detection signature Volexity had deployed at a customer site (“Organization A”) indicated a threat actor had compromised a server on the customer\'s network. While Volexity quickly investigated the threat activity, more questions were raised than answers due to a very motivated and skilled advanced persistent threat (APT) actor, who was using a novel attack vector Volexity […]

>KEY TAKEAWAYS Russian APT GruesomeLarch deployed a new attack technique leveraging Wi-Fi networks in close proximity to the intended target. The threat actor primarily leveraged living-off-the-land techniques. A zero-day privilege escalation was used to further gain access. Ukrainian-related work and projects were targeted in this attack, just ahead of Russian Invasion of Ukraine. In early February 2022, notably just ahead of the Russian invasion of Ukraine, Volexity made a discovery that led to one of the most fascinating and complex incident investigations Volexity had ever worked. The investigation began when an alert from a custom detection signature Volexity had deployed at a customer site (“Organization A”) indicated a threat actor had compromised a server on the customer\'s network. While Volexity quickly investigated the threat activity, more questions were raised than answers due to a very motivated and skilled advanced persistent threat (APT) actor, who was using a novel attack vector Volexity […] ]]> 2024-11-22T11:55:27+00:00 https://www.volexity.com/blog/2024/11/22/the-nearest-neighbor-attack-how-a-russian-apt-weaponized-nearby-wi-fi-networks-for-covert-access/ www.secnews.physaphae.fr/article.php?IdArticle=8615982 False Vulnerability,Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Five Ransomware Groups Responsible for 40% of Cyber-Attacks in 2024 Corvus Insurance highlighted the growing complexity and competition within the ransomware ecosystem, with the threat level remaining elevated]]> 2024-11-22T10:45:00+00:00 https://www.infosecurity-magazine.com/news/five-ransomware-groups-40-of/ www.secnews.physaphae.fr/article.php?IdArticle=8615960 False Ransomware,Threat None 2.0000000000000000 Mandiant - Blog Sécu de Mandiant Seeing Through a GLASSBRIDGE: Understanding the Digital Marketing Ecosystem Spreading Pro-PRC Influence Operations This blog post details GLASSBRIDGE-an umbrella group of four different companies that operate networks of inauthentic news sites and newswire services tracked by the Google Threat Intelligence Group (consisting of Google\'s Threat Analysis Group (TAG) and Mandiant). Collectively these firms bulk-create and operate hundreds of domains that pose as independent news websites from dozens of countries, but are in fact publishing thematically similar, inauthentic content that emphasizes narratives aligned to the political interests of the People\'s Republic of China (PRC). Since 2022, Google has blocked more than a thousand GLASSBRIDGE-operated websites from eligibility to appear in Google News features and Google Discover because these sites violated our policies that prohibit deceptive behavior and require editorial transparency. We cannot attribute who hired these services to create the sites and publish content, but assess the firms may be taking directions from a shared customer who has outsourced the distribution of pro-PRC content via imitation news websites. These campaigns are another example of private public relations (PR) firms conducting coordinated influence campaigns-in this case, spreading content aligned with the PRC\'s views and political agenda to audiences dispersed across the globe. By using private PR firms, the actors behind the information operations (IO) gain plausible deniability, obscuring their role in the dissemination of coordinated inauthentic content. The Basics These inauthentic news sites are operated by a small number of stand-alone digital PR firms that offer newswire, syndication and marketing services. They pose as independent outlets that republish articles from PRC state media, press releases, and other content likely commissioned by other PR agency clients. In some cases, they publish localized news content copied from legitimate news outlets. We have also observed content from DRAGONBRIDGE, the most prolific IO actor TAG tracks, disseminated in these campaigns. Although the four PR firms discussed in this post are separate from one another, they operate in a similar fashion, bulk-creating dozens of domains at a time and sharing thematically similar inauthentic content. Based on the set of inauthentic news domain names, the firms target audiences outside the PRC, including Australia, Austria, Czechia, Egypt, France, Germany, Hungary, Kenya, India, Indonesia, Japan, Luxemburg, Macao, Malaysia, New Zealand, Nigeria, Poland, Portugal, Qatar, Russia, Saudi Arabia, Singapore, South Korea, Spain, Switzerland, Taiwan, Thailand, Turkey, the United States, Vietnam, and the Chinese-speaking diaspora. The us]]> 2024-11-22T10:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/glassbridge-pro-prc-influence-operations/ www.secnews.physaphae.fr/article.php?IdArticle=8615957 False Threat,Legislation,Cloud,Technical,Commercial None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC DSPM vs CSPM: Key Differences and Their Roles in Data Protection DPSM) and cloud security posture management (CPSM) come in. Both technologies play critical roles in cloud data security and can be easily confused at first glance. So, let’s explore their key differences and their role in data protection. Understanding DPSM As the name suggests, DPSM is a data security tool. It is based on the idea that securing an organization’s sensitive information requires a deep understanding of the data itself. As such, DPSM solutions discover and classify sensitive data in cloud repositories, identifying vulnerabilities and potential risks associated with that data. DPSM tools work in four phases. First, they discover an organization’s data across all its off-premises (cloud) platforms and classify it by its sensitivity to provide a comprehensive, contextualized data inventory. They then monitor cloud environments in real-time to identify any vulnerabilities or misconfigurations that could present a risk to data—the more sensitive the information, the higher the priority for remediation. By protecting data in this way, DPSM helps organizations maintain compliance with relevant regulations such as GDPR, HIPAA, and PCI DSS. Understanding CPSM Again, as the name suggests, CPSM is a cloud security tool. Rather than focusing on the data stored in cloud environments – as DPSM does – it focuses on securing the cloud infrastructure itself, continuously monitoring for misconfigurations, compliance issues, and security threats to help entities manage data access and data risk. These solutions scan for misconfigurations – including vulnerabilities in cloud settings, permissions, and access controls – monitor for compliance with regulatory requirements and industry standards like CIS, NIST, CCPA, and GDPR, and ultimately help organizations remediate any issues before they turn into genuine security incidents. Key Differences Between DPSM and CPSM Although both DSPM and CSPM play vital roles in cloud security, their focus areas, tools and techniques, and use cases differ as follows: Focus Area: DSPM is primarily data-centric, concentrating on protecting sensitive information stored in the cloud. In contrast, CSPM focuses on the broader infrastructure, ensuring the cloud environment is secure. Tools and Techniques: DSPM uses data classification and encryption techniques, while CSPM employs tools for monitoring, detecting misconfigurations, and managing security policies. Use Cases: DSPM is ideal for protecting data assets and ensuring compliance, especially in heavily regulated industries. CSPM is more suitable for preventing infrastructure-based vulnerabilities and maintaining cloud security hygiene. These differences highlight that while DSPM ensures that data is properly secured and compliant, CSPM works to keep the underlying cloud infrastructure safe from threats and vulnerabilities. Real-World Use Cases To put al]]> 2024-11-22T07:00:00+00:00 https://levelblue.com/blogs/security-essentials/dspm-vs-cspm-key-differences-and-their-roles-in-data-protection www.secnews.physaphae.fr/article.php?IdArticle=8615860 False Tool,Vulnerability,Threat,Medical,Cloud None 3.0000000000000000 InformationSecurityBuzzNews - Site de News Securite Unmasking WolfsBane: Gelsemium\\'s New Linux Weapon ESET researchers have uncovered WolfsBane, a Linux cyberespionage backdoor attributed with high confidence to the Gelsemium advanced persistent threat (APT) group. This discovery is a major development, as it is the first public report of Gelsemium deploying Linux malware. The newly identified backdoors and tools are designed for cyberespionage, targeting sensitive data, including system information, [...]]]> 2024-11-22T05:28:42+00:00 https://informationsecuritybuzz.com/unmasking-wolfsbane-new-linux-weapon/ www.secnews.physaphae.fr/article.php?IdArticle=8615837 False Malware,Tool,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) Differential analysis raises red flags over @lottiefiles/lottie-player 2024-11-22T02:40:41+00:00 https://community.riskiq.com/article/86e2a9b6 www.secnews.physaphae.fr/article.php?IdArticle=8615796 False Malware,Hack,Tool,Vulnerability,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) Financially Motivated Threat Actor Leveraged Google Docs and Weebly Services to Target Telecom and Financial Sectors 2024-11-21T21:51:24+00:00 https://community.riskiq.com/article/29972b65 www.secnews.physaphae.fr/article.php?IdArticle=8615686 False Tool,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor The China-aligned advanced persistent threat (APT) actor known as Gelsemium has been observed using a new Linux backdoor dubbed WolfsBane as part of cyber attacks likely targeting East and Southeast Asia. That\'s according to findings from cybersecurity firm ESET based on multiple Linux samples uploaded to the VirusTotal platform from Taiwan, the Philippines, and Singapore in March 2023.]]> 2024-11-21T21:20:00+00:00 https://thehackernews.com/2024/11/chinese-apt-gelsemium-targets-linux.html www.secnews.physaphae.fr/article.php?IdArticle=8615525 False Threat None 2.0000000000000000 TechRepublic - Security News US Apple Patches Two Zero-Day Attack Vectors Threat actors exploited two vulnerabilities in Intel-based machines. Google\'s Threat Analysis Group discovered the flaws.]]> 2024-11-21T19:55:01+00:00 https://www.techrepublic.com/article/apple-patches-zero-day-vulnerabilities/ www.secnews.physaphae.fr/article.php?IdArticle=8615637 False Vulnerability,Threat None 2.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Microsoft seizes websites tied to Egypt-based DIY phishing kit-maker The kits, which the company said were a sophisticated approach to bypassing multifactor authentication, pose a particular threat to the financial services sector.

>The kits, which the company said were a sophisticated approach to bypassing multifactor authentication, pose a particular threat to the financial services sector. ]]> 2024-11-21T19:36:05+00:00 https://cyberscoop.com/microsoft-seizes-websites-tied-to-egypt-based-diy-phishing-kit-maker/ www.secnews.physaphae.fr/article.php?IdArticle=8615613 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) North Korean Front Companies Impersonate U.S. IT Firms to Fund Missile Programs Threat actors with ties to the Democratic People\'s Republic of Korea (DPRK) are impersonating U.S.-based software and technology consulting businesses in order to further their financial objectives as part of a broader information technology (IT) worker scheme. "Front companies, often based in China, Russia, Southeast Asia, and Africa, play a key role in masking the workers\' true origins and]]> 2024-11-21T17:34:00+00:00 https://thehackernews.com/2024/11/north-korean-front-companies.html www.secnews.physaphae.fr/article.php?IdArticle=8615398 False Threat None 3.0000000000000000 Bleeping Computer - Magazine Américain Over 2,000 Palo Alto firewalls hacked using recently patched bugs Hackers have already compromised thousands of Palo Alto Networks firewalls in attacks exploiting two recently patched zero-day vulnerability vulnerabilities. [...]]]> 2024-11-21T14:46:48+00:00 https://www.bleepingcomputer.com/news/security/over-2-000-palo-alto-firewalls-hacked-using-recently-patched-bugs/ www.secnews.physaphae.fr/article.php?IdArticle=8615616 False Vulnerability,Threat None 3.0000000000000000 Fortinet - Fabricant Materiel Securite Threat Predictions for 2025: Get Ready for Bigger, Bolder Attacks From more sophisticated playbooks to a rise in cloud attacks, cybercriminals are upping the ante to execute more targeted and harmful activities. Learn more.]]> 2024-11-21T14:00:00+00:00 https://www.fortinet.com/blog/threat-research/threat-predictions-for-2025-get-ready-for-bigger-bolder-attacks www.secnews.physaphae.fr/article.php?IdArticle=8615519 False Threat,Prediction,Cloud None 3.0000000000000000 Cisco - Security Firm Blog Cisco Secure Workload: Leading in Segmentation Maturity

As cyber threats evolve, defending workloads in today\'s multi-cloud environments requires more than traditional security. Attackers are no longer simply at the perimeter; they may already be inside, waiting to exploit vulnerabilities. This reality demands a shift from just keeping threats out to minimizing their impact when they breach. Cisco Secure Workload is at the […]]]> 2024-11-21T13:00:00+00:00 https://feedpress.me/link/23535/16893107/cisco-secure-workload-leading-in-segmentation-maturity www.secnews.physaphae.fr/article.php?IdArticle=8615395 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) NodeStealer Malware Targets Facebook Ad Accounts, Harvesting Credit Card Data Threat hunters are warning about an updated version of the Python-based NodeStealer that\'s now equipped to extract more information from victims\' Facebook Ads Manager accounts and harvest credit card data stored in web browsers. "They collect budget details of Facebook Ads Manager accounts of their victims, which might be a gateway for Facebook malvertisement," Netskope Threat Labs researcher]]> 2024-11-21T12:04:00+00:00 https://thehackernews.com/2024/11/nodestealer-malware-targets-facebook-ad.html www.secnews.physaphae.fr/article.php?IdArticle=8615222 False Malware,Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Lumma Stealer Proliferation Fueled by Telegram Activity Spreading malware via Telegram channels allows threat actors to bypass traditional detection mechanisms and reach a broad, unsuspecting audience]]> 2024-11-21T11:30:00+00:00 https://www.infosecurity-magazine.com/news/lumma-stealer-proliferation-fueled/ www.secnews.physaphae.fr/article.php?IdArticle=8615366 False Malware,Threat None 3.0000000000000000 Global Security Mag - Site de news francais Thales présente sa solution d\'IA générative dédiée aux SOC Produits

Thales présente sa solution d\'IA générative dédiée aux Centres opérationnels de cybersécurité (SOC) 21 Nov 2024 Les équipes de cortAIx, l\'accélérateur d\'IA de Thales, ont développé GenAI4SOC, une solution inédite en France de génération de règles de détection d\'incidents de cybersécurité sur les systèmes d\'information des entreprises s\'appuyant sur l\'IA générative et la connaissance métier des opérateurs dans le domaine des activités critiques, civiles et défense. L\'IA assiste les analystes pour mettre en œuvre des stratégies de détection adaptées à l\'évolution des menaces, qui sont devenues plus sophistiquées, plus nombreuses et plus dommageables, notamment grâce à l\'IA utilisée par les attaquants. Les analystes, aux capacités augmentées par l\'IA générative, voient leur potentiel d\'anticipation accru et peuvent couvrir de plus larges périmètres de supervision. - Produits]]> 2024-11-21T08:25:14+00:00 https://www.globalsecuritymag.fr/thales-presente-sa-solution-d-ia-generative-dediee-aux-soc.html www.secnews.physaphae.fr/article.php?IdArticle=8615275 False Threat None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Stories from the SOC: Registry Clues to PDF Blues: A Tale of PUA Persistence T1547) and abusing scheduled task functions (T1053). However, legitimate application activity also frequently involves AutoStart Execution and scheduled task functions, so defending against these techniques requires not only detection monitoring but also analysis by a cybersecurity professional. During a recent incident involving a LevelBlue MDR SOC customer, an alarm that triggered for a Windows Autorun registry key for persistence was traced back to a potentially unwanted application (PUA). The PUA purportedly was acting as a PDF conversion application. A review of the initial alarm and relevant events revealed that the application had established a double layer of persistence by using both Scheduled Task creation and Autorun registry keys to execute JavaScript under the guise of a Chrome browser extension. Additional open-source intelligence (OSINT) tools identified the application as either a PUA or a potentially malicious file. An investigation was created for the customer with remediation recommendations and ultimately it was confirmed that the application was neither expected nor authorized within the customer’s environment, and it was removed. The same application was later detected in another customer’s environment, but in this case, the customer had added a related file hash to an exclusion list. Because the LevelBlue MDR SOC analyst had recently investigated the application and identified it as potentially malicious, they were able to recommend removing the hash from the exclusion list and instead adding it to a blocklist. Investigation Initial Alarm Review The investigation began with the LevelBlue analyst receiving an alarm that a Windows Autorun registry key named “ChromeBrowserAutoLaunch” had been added on an endpoint in the customer environment. While at first glance this appeared to be a key set to auto-launch Chrome with a browser extension loaded, analysis of the source process command line revealed several items that warranted further investigation. levelblue soc alarm

Figure 1: The initial alarm for the autorun registry key creation The “–no-startup-window” option: although this is commonly used for legitimate purposes, it can also indicate an attempt to hide activity from the end user. The pathway of the extension being loaded showed it was not an extension that the user had installed from the Chrome webstore. The expected pathway for extensions from the webstore would be “C:\Users\\AppData\Local\Google\Chrome\User Data\Default\Extensions”. While a sideloaded extension could still be legitimate, this gave additional cause to identify the origin of the registry key and extension. No verifiable browser extension with the name “Extension Optimizer” was found in OSINT queries. Abuse of browser extensions (T1176) is a known technique and malicious extensions have a history of being used for infostealing, adware, and browser hijack or redirect behaviors. Expanded Investigation Events Search The analyst conducted an event search to identify the origin of the browser extension “ExtensionOptimizer”. This search returned pro]]> 2024-11-21T07:00:00+00:00 https://levelblue.com/blogs/security-essentials/stories-from-the-soc-registry-clues-to-pdf-blues-a-tale-of-pua-persistence www.secnews.physaphae.fr/article.php?IdArticle=8615221 False Tool,Threat,Cloud None 2.0000000000000000 The State of Security - Magazine Américain The Role of Security Configuration Management in Achieving Zero Trust Security Architectures Zero Trust is a network security model that dictates that no one or no system should be trusted by default and that every attempt to access a network or application is a threat. For those who are naturally trusting of others, this concept is difficult to accept. However, distrusting every entity on a network until it has been verified is imperative today. Security Configuration in Zero Trust When you have a multitude of platforms from a variety of vendors with different asset models, it becomes a challenge to ensure consistency across these assets. Therefore, it is crucial to ensure not only...]]> 2024-11-21T03:08:46+00:00 https://www.tripwire.com/state-of-security/role-security-configuration-management-achieving-zero-trust-security www.secnews.physaphae.fr/article.php?IdArticle=8615304 False Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) FrostyGoop\\'s Zoom-In: A Closer Look into the Malware Artifacts, Behaviors and Network Communications #### Targeted Geolocations - Ukraine ## Snapshot Unit 42 researchers at Palo Alto Networks, have identified the OT-centric malware FrostyGoop, also known as BUSTLEBERM, which targets Operational Technology (OT) systems. First observed in a [January 2024 attack](https://sip.security.microsoft.com/intel-explorer/articles/cf8f]]> 2024-11-21T00:18:57+00:00 https://community.riskiq.com/article/993b88fe www.secnews.physaphae.fr/article.php?IdArticle=8615094 False Ransomware,Malware,Vulnerability,Threat,Industrial,Medical None 2.0000000000000000 Intigrity - Blog The cyber threat landscape part 3: Evolving attack techniques and tactics As cyber attackers refine their skills, their methods evolve to exploit vulnerabilities in innovative and increasingly difficult-to-detect ways. The modern cyber threat landscape includes new attack vectors, rapid weaponization cycles, and strategic targeting, making it essential for organizations to stay informed and ready to adapt. This part of our cyber threat landscape seri…]]> 2024-11-21T00:00:00+00:00 https://blog.intigriti.com/business-insights/the-cyber-threat-landscape-part-3-evolving-attack-techniques-and-tactics www.secnews.physaphae.fr/article.php?IdArticle=8615930 False Vulnerability,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) AiTM Phishing, Hold the Gabagool: Analyzing the Gabagool Phishing Kit 2024-11-20T22:24:05+00:00 https://community.riskiq.com/article/e95dd16f www.secnews.physaphae.fr/article.php?IdArticle=8615042 False Spam,Malware,Tool,Threat,Mobile None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) Threat Assessment: Ignoble Scorpius, Distributors of BlackSuit Ransomware 2024-11-20T22:01:06+00:00 https://community.riskiq.com/article/b873fbaf www.secnews.physaphae.fr/article.php?IdArticle=8615043 False Ransomware,Malware,Tool,Threat None 2.0000000000000000 Bleeping Computer - Magazine Américain Cyberattack at French hospital exposes health data of 750,000 patients A data breach at an unnamed French hospital exposed the medical records of 750,000 patients after a threat actor gained access to its electronic patient record system. [...]]]> 2024-11-20T21:20:19+00:00 https://www.bleepingcomputer.com/news/security/cyberattack-at-french-hospital-exposes-health-data-of-750-000-patients/ www.secnews.physaphae.fr/article.php?IdArticle=8615120 False Data Breach,Threat,Medical None 2.0000000000000000 Dark Reading - Informationweek Branch China\\'s \\'Liminal Panda\\' APT Attacks Telcos, Steals Phone Data In US Senate testimony, a CrowdStrike exec explained how this advanced persistent threat penetrated telcos in Asia and Africa, gathering SMS messages, unique identifiers, and other metadata along the way.]]> 2024-11-20T20:35:09+00:00 https://www.darkreading.com/threat-intelligence/china-liminal-panda-telcos-phone-data www.secnews.physaphae.fr/article.php?IdArticle=8614965 False Threat None 3.0000000000000000 Techworm - News Apple Releases Urgent Updates To Patch Actively Exploited Zero-Day macOS Vulnerabilities said in an advisory published on Tuesday. The first vulnerability, CVE-2024-44308, is related to JavaScriptCore, which could lead to arbitrary code execution when processing maliciously crafted web content. On the other hand, the second vulnerability, CVE-2024-44309, is related to WebKit, the engine that powers Safari and web content on Apple devices. It could lead to a cross-site scripting (CSS) attack when processing maliciously crafted web content. While the CVE-2024-44308 vulnerability was addressed with improved checks, the CVE-2024-44309 flaw, a cookie management issue, was addressed with improved state management. These vulnerabilities were discovered and reported by Clément Lecigne and Benoît Sevens of Google’s Threat Analysis Group (TAG), which tracks cyberattacks mostly linked to government-backed actors. Apple has not provided any information on how the above vulnerabilities were exploited. However, it has strongly urged its macOS users to immediately update to macOS Sequoia 15.1.1, which addresses the security flaws. It has also released the latest versions of iOS and iPadOS and recommends that iPhone and iPad users update promptly to mitigate potential security threats. To download macOS software updates, go to Apple menu > System Settings, click General in the sidebar of the window that opens, then click Software Update on the right. For software updates on iPhone or iPad, go to Settings > General > Software Update > Check for the update and install.

Apple has rolled out urgent security updates to fix two zero-day critical vulnerabilities affecting Mac users that have been actively exploited in the wild. According to the Cupertino giant, the zero-day vulnerabilities, CVE-2024-44308 and CVE-2024-44309, are only actively exploited on Intel-based Mac systems. “Apple is aware of a report that this issue may have been exploited,” the company said in an advisory published on Tuesday. The first vulnerability, CVE-2024-44308, is related to JavaScriptCore, which could lead to arbitrary code execution when processing maliciously crafted web content. On the other hand, the second vulnerability, CVE-2024-44309, is related to WebKit, the engine that powers Safari and web content on Apple devices. It could lead to a cross-site scripting (CSS) attack when processing maliciously crafted web content. While the CVE-2024-44308 vulnerability was addressed with improved checks, the CVE-2024-44309 flaw, a cookie management issue, was addressed with improved state management. These vulnerabilities were discovered and reported by Clément Lecigne and Benoît Sevens of Google’s Threat Analysis Group (TAG), which tracks cyberattacks mostly linked to government-backed actors. Apple has not provided any information on how the above vulnerabilities were exploited. ]]> 2024-11-20T19:35:24+00:00 https://www.techworm.net/2024/11/apple-release-patch-zero-day-macos-vulnerabilities.html www.secnews.physaphae.fr/article.php?IdArticle=8630528 False Vulnerability,Threat,Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Ghost Tap: Hackers Exploiting NFCGate to Steal Funds via Mobile Payments Threat actors are increasingly banking on a new technique that leverages near-field communication (NFC) to cash out victim\'s funds at scale. The technique, codenamed Ghost Tap by ThreatFabric, enables cybercriminals to cash-out money from stolen credit cards linked to mobile payment services such as Google Pay or Apple Pay and relaying NFC traffic. "Criminals can now misuse Google Pay and Apple]]> 2024-11-20T18:39:00+00:00 https://thehackernews.com/2024/11/ghost-tap-hackers-exploiting-nfcgate-to.html www.secnews.physaphae.fr/article.php?IdArticle=8614757 False Threat,Mobile None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) NHIs Are the Future of Cybersecurity: Meet NHIDR The frequency and sophistication of modern cyberattacks are surging, making it increasingly challenging for organizations to protect sensitive data and critical infrastructure. When attackers compromise a non-human identity (NHI), they can swiftly exploit it to move laterally across systems, identifying vulnerabilities and compromising additional NHIs in minutes. While organizations often take]]> 2024-11-20T17:00:00+00:00 https://thehackernews.com/2024/11/nhis-are-future-of-cybersecurity-meet.html www.secnews.physaphae.fr/article.php?IdArticle=8614689 False Vulnerability,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) Malware Spotlight: A Deep-Dive Analysis of WezRat 2024-11-20T16:15:55+00:00 https://community.riskiq.com/article/7480fde2 www.secnews.physaphae.fr/article.php?IdArticle=8614872 False Spam,Malware,Tool,Vulnerability,Threat None 2.0000000000000000 Bleeping Computer - Magazine Américain Fintech giant Finastra investigates data breach after SFTP hack Finastra has confirmed it warned customers of a cybersecurity incident after a threat actor began selling allegedly stolen data on a hacking forum. [...]]]> 2024-11-20T15:56:59+00:00 https://www.bleepingcomputer.com/news/security/fintech-giant-finastra-investigates-data-breach-after-sftp-hack/ www.secnews.physaphae.fr/article.php?IdArticle=8614958 False Data Breach,Hack,Threat None 2.0000000000000000 knowbe4 - cybersecurity services Threat Actors are Sending Malicious QR Codes Via Snail Mail

]]> 2024-11-20T15:40:54+00:00 https://blog.knowbe4.com/threat-actors-are-sending-malicious-qr-codes-via-snail-mail www.secnews.physaphae.fr/article.php?IdArticle=8614815 False Threat None 2.0000000000000000 Dark Reading - Informationweek Branch Apple Urgently Patches Actively Exploited Zero-Days Though the information regarding the exploits is limited, the company did report that Intel-based Mac systems have been targeted by cybercriminals looking to exploit CVE-2024-44308 and CVE-2024-44309.]]> 2024-11-20T15:05:05+00:00 https://www.darkreading.com/cyberattacks-data-breaches/apple-patches-actively-exploited-zero-days www.secnews.physaphae.fr/article.php?IdArticle=8614847 False Threat None 3.0000000000000000 Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique Python NodeStealer Targets Facebook Ads Manager with New Techniques Summary In September 2024, Netskope Threat Labs reported a Python-based NodeStealer targeting Facebook business accounts. NodeStealer collects Facebook and other credentials stored in the browser and its cookie data. For over a year, we have tracked and discovered multiple variants of this infostealer. It is now targeting new victims and extracting new information using new […]

>Summary In September 2024, Netskope Threat Labs reported a Python-based NodeStealer targeting Facebook business accounts. NodeStealer collects Facebook and other credentials stored in the browser and its cookie data. For over a year, we have tracked and discovered multiple variants of this infostealer. It is now targeting new victims and extracting new information using new […] ]]> 2024-11-20T15:00:00+00:00 https://www.netskope.com/blog/python-nodestealer-targets-facebook-ads-manager-with-new-techniques www.secnews.physaphae.fr/article.php?IdArticle=8614783 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Decades-Old Security Vulnerabilities Found in Ubuntu\\'s Needrestart Package Multiple decade-old security vulnerabilities have been disclosed in the needrestart package installed by default in Ubuntu Server (since version 21.04) that could allow a local attacker to gain root privileges without requiring user interaction. The Qualys Threat Research Unit (TRU), which identified and reported the flaws early last month, said they are trivial to exploit, necessitating that]]> 2024-11-20T14:46:00+00:00 https://thehackernews.com/2024/11/decades-old-security-vulnerabilities.html www.secnews.physaphae.fr/article.php?IdArticle=8614620 False Vulnerability,Threat None 2.0000000000000000 HackRead - Chercher Cyber Hackers Exploit Misconfigured Jupyter Servers for Illegal Sports Streaming Aqua Nautilus\' research reveals hackers are leveraging vulnerable and misconfigured Jupyter Notebook servers to steal live sports streams.…]]> 2024-11-20T14:44:14+00:00 https://hackread.com/hackers-exploit-misconfigured-jupyter-servers-sports-streaming/ www.secnews.physaphae.fr/article.php?IdArticle=8614786 False Threat None 2.0000000000000000 Dark Reading - Informationweek Branch \\'Water Barghest\\' Sells Hijacked IoT Devices for Proxy Botnet Misuse An elusive, sophisticated cybercriminal group has used known and zero-day vulnerabilities to compromise more than 20,000 SOHO routers and other IoT devices so far, and then puts them up for sale on a residential proxy marketplace for state-sponsored cyber-espionage actors and others to use.]]> 2024-11-20T14:14:02+00:00 https://www.darkreading.com/cloud-security/water-barghest-sells-hijacked-iot-devices-proxy-botnet-misuse www.secnews.physaphae.fr/article.php?IdArticle=8614785 False Vulnerability,Threat None 2.0000000000000000 Checkpoint - Fabricant Materiel Securite Quantum Firewall Software R82: AI-Powered Security for Zero-Day Threats Security needs to constantly evolve, as organizations must protect against the latest threats while meeting changing business needs. Check Point\'s newest security software for Quantum Firewalls and Cloud Guard Network is designed for the future: to deliver protection against unknown threats and enable nimble, adaptive security that can rapidly meet operational needs. As security becomes increasingly complicated due to hybrid environments, operational agility is more important than ever. R82 is designed to simplify management and scale security across segmented security postures. These operational advancements are combined with powerful new threat prevention engines for unprecedented security. R82 introduces over 50 new […]

>Security needs to constantly evolve, as organizations must protect against the latest threats while meeting changing business needs. Check Point\'s newest security software for Quantum Firewalls and Cloud Guard Network is designed for the future: to deliver protection against unknown threats and enable nimble, adaptive security that can rapidly meet operational needs. As security becomes increasingly complicated due to hybrid environments, operational agility is more important than ever. R82 is designed to simplify management and scale security across segmented security postures. These operational advancements are combined with powerful new threat prevention engines for unprecedented security. R82 introduces over 50 new […] ]]> 2024-11-20T13:00:12+00:00 https://blog.checkpoint.com/security/the-best-security-simplicity-and-scale-just-got-better/ www.secnews.physaphae.fr/article.php?IdArticle=8614717 False Vulnerability,Threat,Cloud None 2.0000000000000000 GoogleSec - Firm Security Blog Leveling Up Fuzzing: Finding more vulnerabilities with AI 26 new vulnerabilities to open source project maintainers, including one vulnerability in the critical OpenSSL library (CVE-2024-9143) that underpins much of internet infrastructure. The reports themselves aren\'t unusual-we\'ve reported and helped maintainers fix over 11,000 vulnerabilities in the 8 years of the project. But these particular vulnerabilities represent a milestone for automated vulnerability finding: each was found with AI, using AI-generated and enhanced fuzz targets. The OpenSSL CVE is one of the first vulnerabilities in a critical piece of software that was discovered by LLMs, adding another real-world example to a recent Google discovery of an exploitable stack buffer underflow in the widely used database engine SQLite.This blog post discusses the results and lessons over a year and a half of work to bring AI-powered fuzzing to this point, both in introducing AI into fuzz target generation and expanding this to simulate a developer\'s workflow. These efforts continue our explorations of how AI can transform vulnerability discovery and strengthen the arsenal of defenders everywhere.The story so farIn August 2023, the OSS-Fuzz team announced ]]> 2024-11-20T11:55:46+00:00 http://security.googleblog.com/2024/11/leveling-up-fuzzing-finding-more.html www.secnews.physaphae.fr/article.php?IdArticle=8614873 False Tool,Vulnerability,Threat,Patching,Technical None 3.0000000000000000 Global Security Mag - Site de news francais Les cybermenaces en évolution : Cato Networks dévoile les nouvelles tendances du paysage de la cybersécurité Malwares

Les cybermenaces en évolution : Cato Networks dévoile les nouvelles tendances du paysage de la cybersécurité Le nouveau rapport trimestriel sur les menaces met également en lumière les dangers du shadow AI et l\'importance de l\'inspection TLS. - Malwares]]> 2024-11-20T10:35:55+00:00 https://www.globalsecuritymag.fr/les-cybermenaces-en-evolution-cato-networks-devoile-les-nouvelles-tendances-du.html www.secnews.physaphae.fr/article.php?IdArticle=8614656 False Threat None 2.0000000000000000 Zimperium - cyber risk firms for mobile Zimperium Predicts Data Privacy Emphasis, More Evasive Phishing Attacks and Rise of Sideloading in 2025 This blog shares Zimperium\'s 2025 mobile security trends and threat predictions. ]]> 2024-11-20T10:25:00+00:00 https://www.zimperium.com/blog/zimperium-2025-predictions/ www.secnews.physaphae.fr/article.php?IdArticle=8614646 False Threat,Mobile None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Hackers Hijack Jupyter Servers for Sport Stream Ripping Aqua Security has observed threat actors using compromised Jupyter servers in a bid to illegally stream sporting events]]> 2024-11-20T10:15:00+00:00 https://www.infosecurity-magazine.com/news/hijack-jupyter-servers-sport/ www.secnews.physaphae.fr/article.php?IdArticle=8614663 False Threat None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial Claroty now part of DHS\\' Continuous Diagnostics and Mitigation approved product list Cyber-physical systems (CPS) protection company Claroty announced its Continuous Threat Detection (CTD) solution has been added to the...

>Cyber-physical systems (CPS) protection company Claroty announced its Continuous Threat Detection (CTD) solution has been added to the... ]]> 2024-11-20T10:12:56+00:00 https://industrialcyber.co/news/claroty-now-part-of-dhs-continuous-diagnostics-and-mitigation-approved-product-list/ www.secnews.physaphae.fr/article.php?IdArticle=8614649 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities Apple has released security updates for iOS, iPadOS, macOS, visionOS, and its Safari web browser to address two zero-day flaws that have come under active exploitation in the wild. The flaws are listed below - CVE-2024-44308 - A vulnerability in JavaScriptCore that could lead to arbitrary code execution when processing malicious web content CVE-2024-44309 - A cookie management vulnerability in]]> 2024-11-20T10:07:00+00:00 https://thehackernews.com/2024/11/apple-releases-urgent-updates-to-patch.html www.secnews.physaphae.fr/article.php?IdArticle=8614510 False Vulnerability,Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Cybercriminals Exploit Weekend Lull to Launch Ransomware Attacks Ransomware groups are targeting weekends and holidays to exploit understaffed security teams in order to get the best chance of a pay day]]> 2024-11-20T08:45:00+00:00 https://www.infosecurity-magazine.com/news/cybercriminals-exploit-weekend/ www.secnews.physaphae.fr/article.php?IdArticle=8614589 False Ransomware,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) Fake North Korean IT Worker Linked to BeaverTail Video Conference App Phishing Attack 2024-11-19T23:40:47+00:00 https://community.riskiq.com/article/9a2e8410 www.secnews.physaphae.fr/article.php?IdArticle=8614383 False Malware,Threat,Conference None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) Spot the Difference: Earth Kasha\'s New LODEINFO Campaign And The Correlation Analysis With The APT10 Umbrella 2024-11-19T21:54:53+00:00 https://community.riskiq.com/article/e1cbba96 www.secnews.physaphae.fr/article.php?IdArticle=8614334 False Malware,Tool,Vulnerability,Threat,Prediction APT 10 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) Threat Brief: Operation Lunar Peek, Activity Related to CVE-2024-0012 ## Snapshot Unit 42 has identified a threat activity dubbed Operation Lunar Peek, which involves the exploitation of CVE-2024-0012, an authentication bypass vulnerability in Palo Alto Networks PAN-OS software. ## Description This vulnerability allows an unauthenticated attacker with network access to the management interface to gain PAN-OS administrator privileges, enabling them to perform administrative actions, tamper with configurations, or exploit other vulnerabilities such as CVE-2024-9474. The risk associated with CVE-2024-0012 is significantly reduced when access to the management web interface is restricted to trusted internal IP addresses. The vulnerability affects PAN-OS versions 10.2, 11.0, 11.1, and 11.2, but Cloud NGFW and Prisma Access are not impacted. The threat actors have been targeting a limited number of device management web interfaces, primarily using IP addresses known to proxy or tunnel traffic for anonymous VPN services. Post-exploitation activities observed include interactive command execution and the deployment of malware, such as webshells, on the compromised firewalls. ## Recommendations Mitigations and updates from Palo Alto can be found here: [CVE-2024-0012 PAN-OS: Authentication Bypass in the Management Web Interface](https://security.paloaltonetworks.com/CVE-2024-0012) ## References [Threat Brief: Operation Lunar Peek, Activity Related to CVE-2024-0012](https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/) Palo Alto Unit 42 (Accessed 2024-11-18) ## Copyright **© Microsoft 2024**. All rights reserved. Reproduction or distribution of the content of this site, or any part thereof, without written permission of Microsoft is prohibited.]]> 2024-11-19T18:45:20+00:00 https://community.riskiq.com/article/07ad7a2e www.secnews.physaphae.fr/article.php?IdArticle=8614264 False Malware,Vulnerability,Threat,Cloud None 2.0000000000000000 Techworm - News Chinese Hackers Exploit Fortinet Zero-Day To Harvest VPN Credentials wrote in a technical blog post on Friday. The techniques applied by this plugin resemble a similar vulnerability discovered in 2016, in which credentials could be discovered in memory based on hardcoded offsets. However, Volexity confirmed that the 2024 vulnerability is new and present in FortiClient version 7.4.0, which was the latest version at the time of the flaw’s discovery. The cybersecurity firm reported the credential disclosure vulnerability to Fortinet on July 18, 2024, which was acknowledged on July 24, 2024. However, the issue remains unpatched to date, and no CVE has been assigned to it. “Volexity\'s analysis provides evidence that BrazenBamboo is a well-resourced threat actor who maintains multi-platform capabilities with operational longevity. The breadth and maturity of their capabilities indicates both a capable development function and operational requirements driving development output,” the cybersecurity firm notes. Besides DEEPDATA, BrazenBamboo has also developed DEEPPOST, a post-exploitation data exfiltration tool for sending files to a remote system using HTTPS. DEEPDATA and DEEPPOST, along with LIGHTSPY, a multi-platform malware family known to target multiple operating systems, including iOS and Windows, showcase the threat actor\'s advanced and powerful cyber espionage capabilities and the risk posed to unpatched systems and sensitive user data. Until Fortinet officially acknowledges the reported vulnerability and rolls out a security patch, limiting VPN access and monitoring login activity for any irregularities is advisable. Organizations that rely on Fortinet solutions are encouraged to remain vigilant, as the flaw could expose sensitive credentials if exploited.

Cybersecurity researchers at Volexity recently reported that a Chinese state-af]]> 2024-11-19T18:44:28+00:00 https://www.techworm.net/2024/11/chinese-hackers-exploit-fortinet-zero-day-vpn-credentials.html www.secnews.physaphae.fr/article.php?IdArticle=8630529 False Malware,Tool,Vulnerability,Threat,Technical None 2.0000000000000000 Checkpoint - Fabricant Materiel Securite Navigating the Evolving Threat Landscape Ahead of Black Friday As Thanksgiving and Black Friday approach, so do the risks of fraudulent shopping scams. Cyber criminals take advantage of shoppers eager to benefit from the exceptional sales available on Black Friday. In preparation for this shopping season, Check Point Research has examined the activities of these cyber criminals. They found a significant increase in malicious websites related to Black Friday. Additionally, researchers noted that phishing emails have remained consistent, indicating that it is easy for cyber attackers to recreate these scams. In this blog, we will explore the new websites and phishing emails that appear ahead of Black Friday. New […]

>As Thanksgiving and Black Friday approach, so do the risks of fraudulent shopping scams. Cyber criminals take advantage of shoppers eager to benefit from the exceptional sales available on Black Friday. In preparation for this shopping season, Check Point Research has examined the activities of these cyber criminals. They found a significant increase in malicious websites related to Black Friday. Additionally, researchers noted that phishing emails have remained consistent, indicating that it is easy for cyber attackers to recreate these scams. In this blog, we will explore the new websites and phishing emails that appear ahead of Black Friday. New […] ]]> 2024-11-19T18:35:08+00:00 https://blog.checkpoint.com/research/navigating-the-evolving-threat-landscape-ahead-of-black-friday/ www.secnews.physaphae.fr/article.php?IdArticle=8614239 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Privileged Accounts, Hidden Threats: Why Privileged Access Security Must Be a Top Priority Privileged accounts are well-known gateways for potential security threats. However, many organizations focus solely on managing privileged access-rather than securing the accounts and users entrusted with it. This emphasis is perhaps due to the persistent challenges of Privileged Access Management (PAM) deployments. Yet, as the threat landscape evolves, so must organizational priorities. To]]> 2024-11-19T17:00:00+00:00 https://thehackernews.com/2024/11/privileged-accounts-hidden-threats-why.html www.secnews.physaphae.fr/article.php?IdArticle=8614066 False Threat None 2.0000000000000000 Global Security Mag - Site de news francais Exabeam and Wiz Partner Business News

Exabeam and Wiz Partner to Strengthen Cloud Security Threat Detection New integration combines Exabeam AI-powered analytics with Wiz\'s comprehensive cloud security insights to boost threat detection, investigation, and response capabilities - Business News]]> 2024-11-19T15:22:11+00:00 https://www.globalsecuritymag.fr/exabeam-and-wiz-partner.html www.secnews.physaphae.fr/article.php?IdArticle=8614160 False Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) New \\'Helldown\\' Ransomware Variant Expands Attacks to VMware and Linux Systems Cybersecurity researchers have shed light on a Linux variant of a relatively new ransomware strain called Helldown, suggesting that the threat actors are broadening their attack focus. "Helldown deploys Windows ransomware derived from the LockBit 3.0 code," Sekoia said in a report shared with The Hacker News. "Given the recent development of ransomware targeting ESX, it appears that the group]]> 2024-11-19T15:10:00+00:00 https://thehackernews.com/2024/11/new-helldown-ransomware-expands-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=8614009 False Ransomware,Threat None 2.0000000000000000 Bleeping Computer - Magazine Américain Ford rejects breach allegations, says customer data not impacted Ford is investigating allegations that it suffered a data breach after a threat actor claimed to leak 44,000 customer records on a hacking forum. [...]]]> 2024-11-19T15:09:14+00:00 https://www.bleepingcomputer.com/news/security/ford-rejects-breach-allegations-says-customer-data-not-impacted/ www.secnews.physaphae.fr/article.php?IdArticle=8615277 False Data Breach,Threat None 2.0000000000000000 Security Through Education - Security Through Education Social Engineering Tactics: Sympathy and Assistance Themes In today’s interconnected world, bad actors use cunning psychological tactics to exploit our natural instincts. Social engineering scams frequently exploit […]]]> 2024-11-19T14:00:22+00:00 https://www.social-engineer.org/general-blog/social-engineering-tactics-sympathy-and-assistance-themes/ www.secnews.physaphae.fr/article.php?IdArticle=8616157 False Threat None 3.0000000000000000 Mandiant - Blog Sécu de Mandiant Empowering Gemini for Malware Analysis with Code Interpreter and Google Threat Intelligence Code Interpreter extension, Gemini can now dynamically create and execute code to help deobfuscate specific strings or code sections, while Google Threat Intelligence (GTI) function calling enables it to query GTI for additional context on URLs, IPs, and domains found within malware samples. These tools are a step toward transforming Gemini into a more adaptive agent for malware analysis, enhancing its ability to interpret obfuscated elements and gather contextual information based on the unique characteristics of each sample. Building on this foundation, we previously explored critical preparatory steps with Gemini 1.5 Pro, leveraging its expansive 2-million-token input window to process substantial sections of decompiled code in a single pass. To further enhance scalability, we introduced Gemini 1.5 Flash, incorporating automated binary unpacking through Mandiant Backscatter before the decompilation phase to tackle certain obfuscation techniques. Yet, as any seasoned malware analyst knows, the true challenge often begins once the code is exposed. Malware developers frequently employ obfuscation tactics to conceal critical IOCs and underlying logic. Malware may also download additional malicious code, making it challenging to fully understand the behavior of a given sample. For large language models (LLMs), obfuscation techniques and additional payloads create unique challenges. When dealing with obfuscated strings such as URLs, IPs, domains, or file names, LLMs often “hallucinate” without explicit decoding methods. Additionally, LLMs cannot access, for example, URLs that host additional payloads, often resulting in speculative interpretations about the sample\'s behavior. To help with these challenges, Code Interpreter and GTI function calling tools provide targeted solutions. Code Interpreter enables Gemini to autonomously create and execute custom scripts, as needed, using its own judgment to decode obfuscated elements within a sample, such as strings encoded with XOR-based algorithms. This capability minimizes interpretation errors and enhances Gemini\'s ability to reveal hidden logic without requiring manual intervention. ]]> 2024-11-19T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/gemini-malware-analysis-code-interpreter-threat-intelligence/ www.secnews.physaphae.fr/article.php?IdArticle=8614158 False Malware,Tool,Threat,Cloud None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Ransomware Gangs on Recruitment Drive for Pen Testers Ransomware groups are recruiting pen testers from the dark web to expand their operations, as revealed by Cato Network\'s Q3 2024 SASE Threat Report]]> 2024-11-19T13:35:00+00:00 https://www.infosecurity-magazine.com/news/ransomware-gangs-pen-testers/ www.secnews.physaphae.fr/article.php?IdArticle=8614092 False Ransomware,Threat None 2.0000000000000000 ProofPoint - Cyber Firms Protecting Your Inbox: 5 Best Practices for Microsoft 365 Email Security 2024-11-19T13:19:57+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/microsoft-office-365-security-best-practices www.secnews.physaphae.fr/article.php?IdArticle=8614107 False Tool,Threat,Cloud None 2.0000000000000000 Global Security Mag - Site de news francais Cybersécurité en 2025 : l\'émergence des LLM comme nouvelles menaces et la montée des services de vérification d\'identité Points de Vue

Cybersécurité en 2025 : l\'émergence des LLM comme nouvelles menaces et la montée des services de vérification d\'identité. Len Noe, biohacker chez CyberArk, révèle ses prédictions sur les tendances en cybersécurité pour 2025 - Points de Vue]]> 2024-11-19T12:45:01+00:00 https://www.globalsecuritymag.fr/cybersecurite-en-2025-l-emergence-des-llm-comme-nouvelles-menaces-et-la-montee.html www.secnews.physaphae.fr/article.php?IdArticle=8614064 False Threat None 2.0000000000000000