This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-11T22:17:04+00:00 www.secnews.physaphae.fr Security Affairs - Blog Secu 2021-01-29T14:49:07+00:00 https://securityaffairs.co/wordpress/113990/apt/zinc-apt-targets-security-experts.html?utm_source=rss&utm_medium=rss&utm_campaign=zinc-apt-targets-security-experts www.secnews.physaphae.fr/article.php?IdArticle=2267129 False Vulnerability,Medical APT 38 None Bleeping Computer - Magazine Américain 2021-01-28T14:47:45+00:00 https://www.bleepingcomputer.com/news/security/microsoft-dprk-hackers-likely-hit-researchers-with-chrome-exploit/ www.secnews.physaphae.fr/article.php?IdArticle=2261838 False Vulnerability,Medical APT 38 None Bleeping Computer - Magazine Américain 2020-12-24T12:00:11+00:00 https://www.bleepingcomputer.com/news/security/north-korean-state-hackers-breach-covid-19-research-entities/ www.secnews.physaphae.fr/article.php?IdArticle=2125285 False Medical APT 38,APT 28 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2020-12-23T23:24:40+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/B8Tg68yvkZc/north-korean-hackers-trying-to-steal.html www.secnews.physaphae.fr/article.php?IdArticle=2124093 False Threat,Medical APT 38,APT 28 None Kaspersky - Kaspersky Research blog 2020-12-23T10:00:08+00:00 https://securelist.com/lazarus-covets-covid-19-related-intelligence/99906/ www.secnews.physaphae.fr/article.php?IdArticle=2122402 False Threat,Medical APT 38,APT 28 None The State of Security - Magazine Américain Read More ]]> 2020-12-03T04:01:42+00:00 https://www.tripwire.com/state-of-security/featured/protect-your-business-from-multi-platform-malware-systems/ www.secnews.physaphae.fr/article.php?IdArticle=2073744 False Malware,Medical APT 38 None InformationSecurityBuzzNews - Site de News Securite Hackers Pose As WHO Officials To Attack COVID-19 Vaccines]]> 2020-11-17T14:10:55+00:00 https://www.informationsecuritybuzz.com/expert-comments/hackers-pose-as-who-officials-to-attack-covid-19-vaccines/ www.secnews.physaphae.fr/article.php?IdArticle=2040126 False Medical APT 38,APT 28 None IT Security Guru - Blog Sécurité 2020-11-17T11:19:05+00:00 https://www.itsecurityguru.org/2020/11/17/covid-19-vaccine-research-firms-targeted-by-russian-and-north-korean-hackers/?utm_source=rss&utm_medium=rss&utm_campaign=covid-19-vaccine-research-firms-targeted-by-russian-and-north-korean-hackers www.secnews.physaphae.fr/article.php?IdArticle=2039786 False Medical APT 38,APT 28,APT 43 None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2020-11-16T18:23:36+00:00 https://threatpost.com/hacked-software-south-korea-supply-chain-attack/161257/ www.secnews.physaphae.fr/article.php?IdArticle=2038512 False Medical APT 38 None Security Affairs - Blog Secu 2020-11-16T15:18:44+00:00 https://securityaffairs.co/wordpress/110996/apt/lazarus-supply-chain-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=lazarus-supply-chain-attacks www.secnews.physaphae.fr/article.php?IdArticle=2038300 False Malware,Medical APT 38 None The State of Security - Magazine Américain Read More ]]> 2020-11-16T12:34:50+00:00 https://www.tripwire.com/state-of-security/security-data-protection/lazarus-group-used-supply-chain-attack-to-target-south-korean-users-with-malware/ www.secnews.physaphae.fr/article.php?IdArticle=2038112 False Malware,Medical APT 38 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2020-11-16T02:29:40+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/0DGOd787cuc/trojanized-security-software-hits-south.html www.secnews.physaphae.fr/article.php?IdArticle=2037856 False Threat,Medical APT 38 None Security Affairs - Blog Secu 2020-11-13T17:18:12+00:00 https://securityaffairs.co/wordpress/110871/apt/apt-groups-covid-19-vaccine.html?utm_source=rss&utm_medium=rss&utm_campaign=apt-groups-covid-19-vaccine www.secnews.physaphae.fr/article.php?IdArticle=2032995 False Medical APT 38,APT 28,APT 43 None ZD Net - Magazine Info 2020-11-13T14:00:00+00:00 https://www.zdnet.com/article/microsoft-says-three-apts-have-targeted-seven-covid-19-vaccine-makers/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=2032686 False Medical APT 38,APT 28,APT 43 None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Grindr Fixed a Bug Allowing Full Takeover of Any User Account (published: October 3, 2020) Grindr, an LGBT networking platform, has fixed a vulnerability that could allow any account to be hijacked. The vulnerability was identified by security researcher Wassime Bouimadaghene, finding that the reset token was leaked in the page’s response content. This would enable anyone who knows a users’ email address to generate the reset link that is sent via email. Gaining account access would enable an attacker to obtain sensitive information such as pictures stored on the app (including NSFW), HIV status, location, and messages. Grindr has announced a bug bounty program. Recommendation: If your account has been breached, you can reset the password using the reset link sent to the associated email address. Tags: Browser, Exposed tokens, Grindr, Sensitive Info XDSpy: Stealing Government Secrets Since 2011 (published: October 2, 2020) Security researchers from ESET have identified a new Advanced Persistent Threat (APT) group that has been targeting Eastern European governments and businesses for up to nine years. Dubbed “XDSpy,” ESET was unable to identify any code similarity or shared infrastructure with other known groups and believe the group operates in a UTC+2 or UTC+3 time zone, Monday to Friday. XDSpy mainly uses spearphishing emails with some variance, some will contain attachments or links to malicious files, usually a ZIP or RAR archive. When the malicious file has infected a victim, it will install “XDDown,” a downloader that will begin to install additional plugins that will begin to exfiltrate files, passwords, and nearby SSIDs. XDSpy has also been observed using “CVE-2020-0968” (Internet Explorer legacy JavaScript vulnerability) bearing some resemblance to DarkHotel campaigns and Operation Domino, ESET do not believe these campaigns are related but may be using the same exploit broker. Recommendation: Defense-in-depth (layering of security mechanisms, redundancy, fail-safe defense processes) is the best way to ensure safety from APTs, including a focus on both network and host-based security. Prevention and detection capabilities should also be in place. Furthermore, all employees should be educated on the risks of spearphishing and how to identify such attempts. MITRE ATT&CK: [MITRE ATT&CK] Exploitation for Client Execution - T1203 | [MITRE ATT&CK] System Owner/User Discovery - T1033 | [MITRE ATT&CK] System Information Discovery - T1082 | [MITRE ATT&CK] System Information Discovery - T1082 | [MITRE ATT&CK] File and Directory Discovery ]]> 2020-10-06T14:00:00+00:00 https://www.anomali.com/blog/weekly-threat-briefing-ransomware-ipstorm-apt-group-and-more www.secnews.physaphae.fr/article.php?IdArticle=2103278 False Ransomware,Malware,Vulnerability,Threat,Medical APT 38 5.0000000000000000 Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence ‘Baka’ Javascript Skimmer Identified (published: September 6, 2020) Visa have issued a security alert based on identification of a new skimmer, named “Baka”. Based on analysis by Visa Payment Fraud Disruption, the skimmer appears to be more advanced, loading dynamically and using an XOR cipher for obfuscation. The attacks behind Baka are injecting it into checkout pages using a script tag, with the skimming code downloading from the Command and Control (C2) server and executing in memory to steal customer data. Recommendation: eCommerce site owners must take every step necessary to secure their data and safeguard their payment card information. Visa has also released best practices in the security advisory. Tags: Baka, Javascript, Skimmer Netwalker Ransomware Hits Argentinian Government, Demands $4 Million (published: September 6, 2020) The Argentinian immigration agency, Dirección Nacional de Migaciones suffered a ransomware attack that shut down border crossings. After receiving many tech support calls, the computer networks were shut down to prevent further spread of the ransomware, which led to a cecission in border crossings until systems were up again. The ransomware used in this attack is Netwalker ransomware, that left a ransom note demanding initalling $2 million, however when this wasn’t paid in the first week, the ransom increased to $4 million. Recommendation: Ransomware can potentially be blocked by using endpoint protection solutions (HIDS). Always keep your important files backed up following the 3-2-1 rule: have at least 3 different copies, on 2 different mediums, with 1 off-site. In the case of ransomware infection, the affected system must be wiped and reformatted. Other devices on the network should be checked for similar infections. Always check for a decryptor before considering payment; avoid payment at all costs. Ransomware should be reported to law enforcement agencies who are doing their best to track these actors and prevent ransom from being a profitable business for cyber criminals. MITRE ATT&CK: [MITRE ATT&CK] Data Encrypted for Impact - T1486 Tags: Argentina, Government, Netwalker, Ransomware No Rest for the Wicked: Evilnum Unleashes PyVil RAT (published: September 3, 2020) Researchers on the Cybereason Nocturnus team have published their research tracking the threat actor group known as Evilnum, and an ongoing change in their tooling and attack procedures. This includes a new Remote Access Trojan (RAT), written in python that they have begun to use. The actor group attacks targets in the financial services sector using highly targeted spearphishing. The phishing lures leverage "Know Your Customer" (KY]]> 2020-09-09T16:24:00+00:00 https://www.anomali.com/blog/weekly-threat-briefing-skimmer-ransomware-apt-group-and-more www.secnews.physaphae.fr/article.php?IdArticle=2103283 False Ransomware,Malware,Tool,Vulnerability,Threat,Medical APT 38,APT 28 4.0000000000000000 Security Affairs - Blog Secu 2020-08-26T06:43:13+00:00 https://securityaffairs.co/wordpress/107519/apt/lazarus-targets-cryptocurrency.html?utm_source=rss&utm_medium=rss&utm_campaign=lazarus-targets-cryptocurrency www.secnews.physaphae.fr/article.php?IdArticle=1882664 False Medical APT 38 None Bleeping Computer - Magazine Américain 2020-07-28T12:15:00+00:00 https://www.bleepingcomputer.com/news/security/north-korean-hackers-created-vhd-ransomware-for-enterprise-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=1829725 False Ransomware,Medical APT 38 None Security Affairs - Blog Secu 2020-07-23T14:46:05+00:00 https://securityaffairs.co/wordpress/106267/apt/mata-multi-platform-malware-framework.html?utm_source=rss&utm_medium=rss&utm_campaign=mata-multi-platform-malware-framework www.secnews.physaphae.fr/article.php?IdArticle=1820999 False Ransomware,Malware,Threat,Medical APT 38 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2020-07-23T02:18:46+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/DVxmjqiYd-s/lazarus-north-korean-hackers.html www.secnews.physaphae.fr/article.php?IdArticle=1820424 False Malware,Medical APT 38 None InformationSecurityBuzzNews - Site de News Securite Comment: North Korean Hackers Linked to Credit Card Stealing Attacks on US Stores]]> 2020-07-06T12:28:02+00:00 https://www.informationsecuritybuzz.com/expert-comments/comment-north-korean-hackers-linked-to-credit-card-stealing-attacks-on-us-stores/ www.secnews.physaphae.fr/article.php?IdArticle=1793117 True Medical APT 38 None Dark Reading - Informationweek Branch 2020-05-12T16:30:00+00:00 https://www.darkreading.com/vulnerabilities---threats/dhs-fbi-and-dod-report-on-new-north-korean-malware/d/d-id/1337795?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple www.secnews.physaphae.fr/article.php?IdArticle=1705623 False Malware,Medical APT 38 None Bleeping Computer - Magazine Américain 2020-05-12T11:36:58+00:00 https://www.bleepingcomputer.com/news/security/us-govt-exposes-new-north-korean-malware-phishing-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=1705223 False Malware,Medical APT 38 None Security Affairs - Blog Secu 2020-05-09T22:14:52+00:00 https://securityaffairs.co/wordpress/102981/apt/lazarus-apt-mac-dacls-rat.html?utm_source=rss&utm_medium=rss&utm_campaign=lazarus-apt-mac-dacls-rat www.secnews.physaphae.fr/article.php?IdArticle=1700919 False Malware,Medical APT 38 None Bleeping Computer - Magazine Américain 2020-05-09T12:39:40+00:00 https://www.bleepingcomputer.com/news/security/north-korean-hackers-infect-real-2fa-app-to-compromise-macs/ www.secnews.physaphae.fr/article.php?IdArticle=1700555 False Malware,Medical APT 38 None InformationSecurityBuzzNews - Site de News Securite Comment: Lazarus Group Hides macOS Spyware In 2FA Application]]> 2020-05-08T15:16:23+00:00 https://www.informationsecuritybuzz.com/expert-comments/comment-lazarus-group-hides-macos-spyware-in-2fa-application/ www.secnews.physaphae.fr/article.php?IdArticle=1698781 True Medical APT 38 None IT Security Guru - Blog Sécurité 2020-05-07T09:56:52+00:00 https://www.itsecurityguru.org/2020/05/07/lazarus-macos-spyware-hidden-in-two-factor-authentication-application/?utm_source=rss&utm_medium=rss&utm_campaign=lazarus-macos-spyware-hidden-in-two-factor-authentication-application www.secnews.physaphae.fr/article.php?IdArticle=1696506 False Medical APT 38 None Malwarebytes Labs - MalwarebytesLabs The Lazarus group improves their toolset with a new RAT specifically designed for the Mac. Categories: Mac Malware Threat analysis Tags: APTDaclsLazarusmacmalwarerattinkaOTP (Read more...) ]]> 2020-05-06T15:59:36+00:00 https://blog.malwarebytes.com/threat-analysis/2020/05/new-mac-variant-of-lazarus-dacls-rat-distributed-via-trojanized-2fa-app/ www.secnews.physaphae.fr/article.php?IdArticle=1694730 False Medical APT 38 None Bleeping Computer - Magazine Américain 2020-03-02T17:35:17+00:00 https://www.bleepingcomputer.com/news/security/us-charges-two-with-laundering-100m-for-north-korean-hackers/ www.secnews.physaphae.fr/article.php?IdArticle=1577651 False Medical APT 38 None Wired Threat Level - Security News 2020-02-25T12:00:00+00:00 https://www.wired.com/story/malware-reuse-north-korea-lazarus-group www.secnews.physaphae.fr/article.php?IdArticle=1564513 False Tool,Medical APT 38 None Security Affairs - Blog Secu 2020-02-14T21:07:17+00:00 https://securityaffairs.co/wordpress/97863/apt/hidden-cobra-malware-mars-reports.html www.secnews.physaphae.fr/article.php?IdArticle=1541692 False Malware,Medical APT 38 None Bleeping Computer - Magazine Américain 2019-12-17T13:05:00+00:00 https://www.bleepingcomputer.com/news/security/lazarus-hackers-target-linux-windows-with-new-dacls-malware/ www.secnews.physaphae.fr/article.php?IdArticle=1493802 False Malware,Medical APT 38 None SecureMac - Security focused on MAC 2019-12-10T17:00:00+00:00 https://www.securemac.com/news/new-fileless-malware-for-macos-linked-to-lazarus-group www.secnews.physaphae.fr/article.php?IdArticle=1493817 False Malware,Medical APT 38 None InformationSecurityBuzzNews - Site de News Securite Experts Reactions On North Korean Malware Found On Indian Nuclear Plants Network]]> 2019-10-31T16:15:13+00:00 https://www.informationsecuritybuzz.com/expert-comments/experts-reactions-on-north-korean-malware-found-on-indian-nuclear-plants-network/ www.secnews.physaphae.fr/article.php?IdArticle=1437020 False Malware,Medical APT 38 None Security Affairs - Blog Secu 2019-10-25T06:49:12+00:00 https://securityaffairs.co/wordpress/92916/malware/nukesped-rat-north-korea.html www.secnews.physaphae.fr/article.php?IdArticle=1425600 False Malware,Medical APT 38 None SecurityWeek - Security News 2019-09-24T18:56:47+00:00 http://feedproxy.google.com/~r/Securityweek/~3/8axGgUcMDJg/north-korean-linked-dtrack-rat-discovered www.secnews.physaphae.fr/article.php?IdArticle=1361222 False Malware,Medical APT 38 None Security Affairs - Blog Secu 2019-09-13T20:21:12+00:00 https://securityaffairs.co/wordpress/91208/apt/us-treasury-north-korea-sanctions.html www.secnews.physaphae.fr/article.php?IdArticle=1326010 False Medical APT 38 None ZD Net - Magazine Info 2019-09-13T16:47:00+00:00 https://www.zdnet.com/article/us-treasury-sanctions-three-north-korean-hacking-groups/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1325375 False Medical APT 38 None Dark Reading - Informationweek Branch 2019-09-13T15:00:00+00:00 https://www.darkreading.com/attacks-breaches/us-sanctions-3-cyber-attack-groups-tied-to-dprk/d/d-id/1335805?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple www.secnews.physaphae.fr/article.php?IdArticle=1325874 False Medical APT 38 None InformationSecurityBuzzNews - Site de News Securite US Government Unveils New North Korean Hacking Tool]]> 2019-05-13T18:50:03+00:00 https://www.informationsecuritybuzz.com/expert-comments/us-government-unveils-new-north-korean-hacking-tool/ www.secnews.physaphae.fr/article.php?IdArticle=1105723 False Malware,Tool,Medical APT 38 None Security Affairs - Blog Secu 2019-05-10T13:53:03+00:00 https://securityaffairs.co/wordpress/85302/apt/north-korea-electricfish-tool.html www.secnews.physaphae.fr/article.php?IdArticle=1102136 False Malware,Tool,Medical APT 38 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2019-05-10T03:04:03+00:00 https://thehackernews.com/2019/05/north-korean-hacking-tool.html www.secnews.physaphae.fr/article.php?IdArticle=1101860 False Malware,Medical APT 38 None IT Security Guru - Blog Sécurité 2019-04-11T12:28:03+00:00 https://hellofromhony.com/goaway?temp=5&/2019/04/11/new-hoplight-malware-marks-re-emergence-of-lazarus-group/ www.secnews.physaphae.fr/article.php?IdArticle=1092926 False Malware,Medical APT 38 None Security Affairs - Blog Secu 2019-03-28T08:20:04+00:00 https://securityaffairs.co/wordpress/82985/apt/lazarus-targets-mac.html www.secnews.physaphae.fr/article.php?IdArticle=1084744 False Malware,Medical APT 38 None SecurityWeek - Security News 2019-03-27T15:00:02+00:00 https://www.securityweek.com/north-korea-linked-hackers-target-macos-users www.secnews.physaphae.fr/article.php?IdArticle=1084549 False Medical APT 38 None ZD Net - Magazine Info 2019-03-27T10:52:01+00:00 https://www.zdnet.com/article/north-korean-hackers-continue-attacks-on-cryptocurrency-businesses/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1083251 False Malware,Medical APT 38 None Malwarebytes Labs - MalwarebytesLabs A roundup of security news from March 11–17 covering our most recent blogs and other news, including Lazarus Group, Emotet, PSD2, reputation management, Google's Nest, and Firefox Send. Categories: Security world Week in security Tags: Apex LegendsChinese DNAemotetfacebookFacebook outageFirefox SendGoogle NestGoogle PlayLazarus Groupnetflixpsd2Spotify (Read more...) ]]> 2019-03-18T14:57:01+00:00 https://blog.malwarebytes.com/security-world/2019/03/a-week-in-security-march-11-17/ www.secnews.physaphae.fr/article.php?IdArticle=1073431 False Medical APT 38 None Malwarebytes Labs - MalwarebytesLabs Lazarus Group, the threat actors likely behind the Sony breach and WannaCry outbreak, are in the news again. Here's what you need to know about this North Korean organization, and what you should do to protect against such nation-state attacks. Categories: Criminals Threat analysis Tags: APTLazarusNorth Korea (Read more...) ]]> 2019-03-12T16:27:00+00:00 https://blog.malwarebytes.com/threat-analysis/2019/03/the-advanced-persistent-threat-files-lazarus-group/ www.secnews.physaphae.fr/article.php?IdArticle=1066116 False Threat,Medical Wannacry,APT 38 None Dark Reading - Informationweek Branch 2019-03-05T14:15:00+00:00 https://www.darkreading.com/threat-intelligence/lazarus-research-highlights-threat-from-north-korea/d/d-id/1334063?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple www.secnews.physaphae.fr/article.php?IdArticle=1054783 False Threat,Medical APT 38 None ZD Net - Magazine Info 2019-03-04T11:43:02+00:00 https://www.zdnet.com/article/researchers-granted-command-server-by-officials-link-sharpshooter-campaign-to-north-korea/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1052594 False Medical APT 38 None IT Security Guru - Blog Sécurité 2019-01-31T10:29:01+00:00 https://www.itsecurityguru.org/2019/01/31/fbi-maps-and-further-disrupts-north-korean-jonap-botnet/ www.secnews.physaphae.fr/article.php?IdArticle=1016373 True Threat,Medical APT 38 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2019-01-31T00:03:04+00:00 https://thehackernews.com/2019/01/north-korea-hacker.html www.secnews.physaphae.fr/article.php?IdArticle=1016264 False Threat,Medical APT 38 None Bleeping Computer - Magazine Américain 2018-12-12T11:26:05+00:00 https://www.bleepingcomputer.com/news/security/op-sharpshooter-uses-lazarus-group-tactics-techniques-and-procedures/ www.secnews.physaphae.fr/article.php?IdArticle=943040 False Malware,Tool,Threat,Medical APT 38 None Security Affairs - Blog Secu 2018-11-24T10:23:02+00:00 https://securityaffairs.co/wordpress/78382/apt/lazarus-latin-american-banks.html www.secnews.physaphae.fr/article.php?IdArticle=915607 False Malware,Medical APT 38 None Security Affairs - Blog Secu 2018-11-10T14:47:00+00:00 https://securityaffairs.co/wordpress/77877/apt/lazarus-apt-fastcash-trojan.html www.secnews.physaphae.fr/article.php?IdArticle=890512 True Malware,Hack,Medical APT 38 None Dark Reading - Informationweek Branch 2018-11-08T17:45:00+00:00 https://www.darkreading.com/attacks-breaches/symantec-uncovers-north-korean-groups-atm-attack-malware-/d/d-id/1333233?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple www.secnews.physaphae.fr/article.php?IdArticle=887602 False Malware,Medical APT 38 None CSO - CSO Daily Dashboard worst botnets and banking trojans, according to Webroot, were Emotet, Trickbot, and Zeus Panda. Crysis/Dharma, GandCrab, and SamSam were the worst among ransomware. The top three in cryptomining/cryptojacking were GhostMiner, Wanna Mine, and Coinhive.And included in the list of top 10 threat actors so far this year, we find Lazarus Group, Sofacy and MuddyWater coming in the top three spots, according to AlienVault. Lazarus Group took the top spot from Sofacy this year. The reported locations for the top 10 threat actors are North Korea, with two groups; Russia, with three groups; Iran, with two groups; China, with two groups; and India, with one. Microsoft Office was the most exploited application, but Adobe Flash, WebLogic, Microsoft Windows, Drupal and GPON routers were also listed in the top 10.]]> 2018-11-06T08:56:00+00:00 https://www.csoonline.com/article/3319116/malware/worst-malware-and-threat-actors-of-2018-so-far.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=883049 False Malware,Threat,Medical APT 38 None Security Affairs - Blog Secu 2018-10-04T06:55:00+00:00 https://securityaffairs.co/wordpress/76807/apt/apt38-north-korea.html www.secnews.physaphae.fr/article.php?IdArticle=830646 False Threat,Medical APT 38 None Security Affairs - Blog Secu 2018-10-03T20:02:03+00:00 https://securityaffairs.co/wordpress/76798/hacking/fastcash-hidden-cobra-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=830473 False Medical APT 38 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2018-10-03T04:18:05+00:00 https://thehackernews.com/2018/10/bank-atm-hacking.html www.secnews.physaphae.fr/article.php?IdArticle=829741 False Medical APT 38 None SecurityWeek - Security News 2018-09-07T17:29:00+00:00 https://www.securityweek.com/industry-reactions-us-charging-north-korean-hacker-feedback-friday www.secnews.physaphae.fr/article.php?IdArticle=799818 True Medical APT 38 None SecurityWeek - Security News 2018-09-07T09:00:01+00:00 https://www.securityweek.com/opsec-mistakes-allowed-us-link-north-korean-man-hacks www.secnews.physaphae.fr/article.php?IdArticle=797410 False Threat,Medical APT 38 None ZD Net - Magazine Info 2018-09-06T21:43:04+00:00 https://www.zdnet.com/article/how-us-authorities-tracked-down-the-north-korean-hacker-behind-wannacry/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=796102 False Malware,Medical Wannacry,APT 38 None SecurityWeek - Security News 2018-09-06T18:04:01+00:00 https://www.securityweek.com/us-charges-north-korean-over-lazarus-group-hacks www.secnews.physaphae.fr/article.php?IdArticle=796406 False Medical APT 38 None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC major company announcements, we continue to evolve USM Anywhere and USM Central with new features and capabilities that help you to defend against the latest threats and to streamline your security operations. You can keep up with our regular product releases by reading the release notes in the AlienVault Product Forum. Here are a few of the highlights from our July and August 2018 releases: New EDR capabilities with the new AlienVault Agent On July 31, 2018, we publicly launched new endpoint detection and response (EDR) capabilities in USM Anywhere, extending the platform’s powerful threat detection and response capabilities to the endpoint. Read the blog post here. By deploying the AlienVault Agent - a lightweight and adaptable endpoint agent based on osquery -  you can expand your security visibility to detect modern threats and monitor critical files (FIM) on your Windows and Linux endpoints, whether in the cloud, in your data center, or remote. The new EDR capabilities were made available automatically and seamlessly to all USM Anywhere customers, without requiring any subscription upgrades, system updates, or the purchase of add-on products to access the capabilities. AlienApp for ConnectWise The AlienApp for ConnectWise is now included in the Standard and Premium editions of USM Anywhere. Service management teams that use ConnectWise Manage can leverage automated service ticket creation from USM Anywhere alarms and vulnerabilities as well as synchronization of asset information. Slaying Defects and Optimizing the UX In addition to these new capabilities and apps, in every update this summer, the team has rolled out enhancements to the user interface and / or has addressed multiple defects and inefficiencies. Make sure to read the product release notes for all the details. USM Central Roundup and Look Ahead Earlier this month, Skylar Talley, AlienVault Senior Product Manager for USM Central, wrote a blog post recapping the recent improvements to USM Central and outlining his vision for the product in the next few months. You can read the full post here. The highlights include: Two-way alarm status and label synchronization Orchestration rules management across USM Anywhere deployments USM Central API availability (You can find the API documentation here.) Threat Intelligence Highlights USM Anywhere receives continuously updated rules and (new!) endpoint queries to detect not only the latest signatures but also higher-level attack tools, tactics, and procedures – all curated for you by the machine and human intelligence of the AlienVault Labs Security Research Team. The AlienVault Labs Security Research team publishes a weekly threat intelligence newsletter, keeping you informed of the threats they are rese]]> 2018-08-28T13:00:00+00:00 http://feeds.feedblitz.com/~/566580736/0/alienvault-blogs~AlienVault-Product-Roundup-July-August www.secnews.physaphae.fr/article.php?IdArticle=782871 False Threat,Medical APT 38 None Malwarebytes Labs - MalwarebytesLabs A roundup of the security news from August 20 – 26, including a look at insider threats, several breaches, and what tech giants Google and Facebook are doing about their privacy issues. Categories: Security world Week in security Tags: a week in securitybadgelifecobalt dickenscybersecuritycybersecurity awarenessdigital entropy of deathelectionsfacebookGooglegreen card scamprivacyproject insecurityransomwarerecapryuksearch browser extensionssuperdrugthe lazarus grouptwitchvulnerabilitiesweekly blog roundup (Read more...) ]]> 2018-08-27T17:06:01+00:00 https://blog.malwarebytes.com/security-world/week-in-security/2018/08/a-week-in-security-august-20-august-26/ www.secnews.physaphae.fr/article.php?IdArticle=782851 False Medical APT 38 None Dark Reading - Informationweek Branch 2018-08-23T15:07:00+00:00 https://www.darkreading.com/vulnerabilities---threats/lazarus-group-builds-its-first-macos-malware/d/d-id/1332653?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple www.secnews.physaphae.fr/article.php?IdArticle=783029 False Malware,Medical APT 38 None Security Affairs - Blog Secu 2018-08-10T16:15:03+00:00 https://securityaffairs.co/wordpress/75227/malware/north-korea-malware-lazarus.html www.secnews.physaphae.fr/article.php?IdArticle=775338 False Malware,Medical,Cloud APT 38,APT 37 None McAfee Labs - Editeur Logiciel This research is a joint effort by Jay Rosenberg, senior security researcher at Intezer, and Christiaan Beek, lead scientist and senior principal engineer at McAfee. Intezer has also posted this story.  Attacks from the online groups Lazarus, Silent Chollima, Group 123, Hidden Cobra, DarkSeoul, Blockbuster, Operation Troy, and 10 Days of Rain are believed to … ]]> 2018-08-09T13:00:01+00:00 https://securingtomorrow.mcafee.com/mcafee-labs/examining-code-reuse-reveals-undiscovered-links-among-north-koreas-malware-families/ www.secnews.physaphae.fr/article.php?IdArticle=773111 False Malware,Guideline,Medical,Cloud APT 38,APT 37 None Dark Reading - Informationweek Branch 2018-06-25T18:30:00+00:00 https://www.darkreading.com/attacks-breaches/malware-in-south-korean-cyberattacks-linked-to-bithumb-heist/d/d-id/1332144?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple www.secnews.physaphae.fr/article.php?IdArticle=722895 False Malware,Medical Bithumb,Bithumb,APT 38 None SecurityWeek - Security News 2018-06-25T17:31:04+00:00 https://www.securityweek.com/north-korean-hackers-exploit-hwp-docs-recent-cyber-heists www.secnews.physaphae.fr/article.php?IdArticle=722900 False Medical APT 38 None Security Affairs - Blog Secu 2018-06-18T15:18:04+00:00 https://securityaffairs.co/wordpress/73646/apt/hidden-cobra-malware-2.html www.secnews.physaphae.fr/article.php?IdArticle=710568 False Medical TYPEFRAME,APT 38 None SecurityWeek - Security News 2018-06-12T11:14:05+00:00 https://www.securityweek.com/north-korean-hackers-abuse-activex-recent-attacks www.secnews.physaphae.fr/article.php?IdArticle=703789 False Medical APT 38 None InformationSecurityBuzzNews - Site de News Securite Analysis Of Banco De Chile + Continued Cyber Attacks On Banks]]> 2018-06-12T10:30:01+00:00 https://www.informationsecuritybuzz.com/expert-comments/analysis-of-banco/ www.secnews.physaphae.fr/article.php?IdArticle=704076 False Medical APT 38 None SecurityWeek - Security News 2018-05-31T10:11:03+00:00 https://www.securityweek.com/north-korea-linked-group-stops-targeting-us www.secnews.physaphae.fr/article.php?IdArticle=684485 False Medical APT 38 None Security Affairs - Blog Secu 2018-05-30T18:30:05+00:00 https://securityaffairs.co/wordpress/73062/apt/hidden-cobra-malware.html www.secnews.physaphae.fr/article.php?IdArticle=683145 False Medical APT 38 None SecurityWeek - Security News 2018-05-30T10:44:00+00:00 https://www.securityweek.com/us-attributes-two-more-malware-families-north-korea www.secnews.physaphae.fr/article.php?IdArticle=682227 False Medical APT 38 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2018-05-30T07:42:05+00:00 https://thehackernews.com/2018/05/north-korean-hacker-hidden-cobra.html www.secnews.physaphae.fr/article.php?IdArticle=682731 False Medical APT 38 None IT Security Guru - Blog Sécurité 2018-04-30T12:25:04+00:00 http://www.itsecurityguru.org/2018/04/30/thailand-seizes-server-linked-north-korean-attack-gang/ www.secnews.physaphae.fr/article.php?IdArticle=619390 False Medical APT 38 2.0000000000000000 Security Affairs - Blog Secu 2018-04-30T08:06:04+00:00 https://securityaffairs.co/wordpress/71937/apt/op-ghostsecret-thailand.html www.secnews.physaphae.fr/article.php?IdArticle=619478 False Medical APT 38 None McAfee Labs - Editeur Logiciel McAfee Advanced Threat Research analysts have uncovered a global data reconnaissance campaign assaulting a wide number of industries including critical infrastructure, entertainment, finance, health care, and telecommunications. This campaign, dubbed Operation GhostSecret, leverages multiple implants, tools, and malware variants associated with the state-sponsored cyber group Hidden Cobra. The infrastructure currently remains active. In this post, … ]]> 2018-04-25T04:01:02+00:00 https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/ www.secnews.physaphae.fr/article.php?IdArticle=705875 True Medical APT 38 None McAfee Labs - Editeur Logiciel McAfee Advanced Threat Research analysts have uncovered a global data reconnaissance campaign assaulting a wide number of industries including critical infrastructure, entertainment, finance, health care, and telecommunications. This campaign, dubbed Operation GhostSecret, leverages multiple implants, tools, and malware variants associated with the state-sponsored cyber group Hidden Cobra. The infrastructure currently remains active. (For an extensive … ]]> 2018-04-25T04:01:02+00:00 https://securingtomorrow.mcafee.com/mcafee-labs/global-malware-campaign-pilfers-data-from-critical-infrastructure-entertainment-finance-health-care-and-other-industries/ www.secnews.physaphae.fr/article.php?IdArticle=705874 True Medical APT 38 None Security Affairs - Blog Secu 2018-04-05T09:22:01+00:00 https://securityaffairs.co/wordpress/71074/apt/lazarus-online-casino.html www.secnews.physaphae.fr/article.php?IdArticle=567475 False Medical APT 38 None SecurityWeek - Security News The infamous North Korean hacking group known as Lazarus is responsible for attacking an online casino in Central America, along with various other targets, ESET says. The Lazarus Group has been active since at least 2009 and is said to be associated with a large number of major cyber-attacks, including the $81 million cyber heist from Bangladesh's account at the New York Federal Reserve Bank. Said to be the most serious threat against banks, the group has shown increased interest in ]]> 2018-04-04T17:40:00+00:00 https://www.securityweek.com/north-korean-hackers-behind-online-casino-attack-report www.secnews.physaphae.fr/article.php?IdArticle=566100 False Medical APT 38 None We Live Security - Editeur Logiciel Antivirus ESET The Lazarus Group gained notoriety especially after cyber-sabotage against Sony Pictures Entertainment in 2014. Fast forward to late 2017 and the group continues to deploy its malicious tools, including disk-wiping malware known as KillDisk, to attack a number of targets. ]]> 2018-04-03T13:00:03+00:00 https://www.welivesecurity.com/2018/04/03/lazarus-killdisk-central-american-casino/ www.secnews.physaphae.fr/article.php?IdArticle=563651 False Medical APT 38 None Errata Security - Errata Security Jake Williams claims he's seen three other manufacturing networks infected with WannaCry. Why does manufacturing seem more susceptible? The reason appears to be the "killswitch" that stops WannaCry from running elsewhere. The killswitch uses a DNS lookup, stopping itself if it can resolve a certain domain. Manufacturing networks are largely disconnected from the Internet enough that such DNS lookups don't work, so the domain can't be found, so the killswitch doesn't work. Thus, manufacturing systems are no more likely to get infected, but the lack of killswitch means the virus will conti]]> 2018-03-29T22:25:24+00:00 https://blog.erratasec.com/2018/03/wannacry-after-one-year.html www.secnews.physaphae.fr/article.php?IdArticle=551991 False Medical Wannacry,APT 38 None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Not sure if that means I’ve succeeded as a Dad or failed miserably. Hopefully she’ll come across one of these posts in the future and realise there was more to me than just memes. Operation Bayonet This article gives a fascinating insight into how law enforcement infiltrated and took down a drug market. As reports of these kinds of operations become available, Hollywood should really be looking to these for inspiration. Far better plots than most fiction! Operation Bayonet: Inside the sting that hijacked an entire dark web drug market | Wired How many devices are misconfigured… or not configured? I saw this blog that Anton Chuvakin posted over at Gartner stating that there’s a lot of security technology which is deployed yet misconfigured, not configured optimally, set to default, or deployed broken in other ways. Broadly speaking, I agree, in the race to get things done, assurance often takes a back seat. But there’s no obvious answer. Testing takes time and expertise. Unless it’s automated. But even then someone needs to look at the results and get things fixed. DevSecOps maybe? How Much of Your Security Gear Is Misconfigured or Not Configured? | Gartner Hacking encrypted phones Encrypted phone company Ciphr claims it was hacked by a rival company. A preview into how vicious digital rivals can get. And regardless of who is to blame, the fact remains that the real victims here are the users. Customer Data From Encrypted Phone Company Ciphr Has Been Dumped Online | Motherboard Hidden Cobra on Turkish Banks Bankshot implants are distributed from a domain with a name similar to that of the cryptocurrency-lending platform Falcon Coin, but the similarly named domain is not associated with the legitimate entity. The malicious domain falcancoin.io was created December 27, 2017, and was updated on February 19, only a few days before the implants began to appear. These implants are variations of earlier forms of Bankshot, a remote access tool that gives an attacker full capability on a victim’s system. This implant also contains functionality to wipe files and content from the targeted system to erase evidence or perform other destructive actions. Bankshot was first reported by the Department of Homeland Security on December 13, 2017, and has only recently resurfaced in newly compiled variants. The sample we analyzed is 99% similar to the documented Bankshot variants from 2017. ]]> 2018-03-16T13:00:00+00:00 http://feeds.feedblitz.com/~/532949046/0/alienvault-blogs~Things-I-hearted-this-week-th-March www.secnews.physaphae.fr/article.php?IdArticle=519344 False Medical Equifax,APT 38 None Security Affairs - Blog Secu 2018-03-10T06:53:00+00:00 http://securityaffairs.co/wordpress/70052/apt/hidden-cobra-targets-turkish.html www.secnews.physaphae.fr/article.php?IdArticle=504476 False Medical APT 38 None SecurityWeek - Security News 2018-03-09T17:22:01+00:00 http://feedproxy.google.com/~r/Securityweek/~3/zt1I4cfHxus/new-north-korea-linked-cyberattacks-target-financial-institutions www.secnews.physaphae.fr/article.php?IdArticle=503423 False Medical APT 38 None McAfee Labs - Editeur Logiciel This post was prepared with contributions from Asheer Malhotra, Charles Crawford, and Jessica Saavedra-Morales.  On February 28, the McAfee Advanced Threat Research team discovered that the cybercrime group Hidden Cobra continues to target cryptocurrency and financial organizations. In this analysis, we observed the return of Hidden Cobra's Bankshot malware implant surfacing in the Turkish financial … ]]> 2018-03-08T14:00:03+00:00 https://securingtomorrow.mcafee.com/mcafee-labs/hidden-cobra-targets-turkish-financial-sector-new-bankshot-implant/ www.secnews.physaphae.fr/article.php?IdArticle=705885 False Medical APT 38 3.0000000000000000 Zataz - Magazine Francais de secu Hidden Cobra, un malveillant made un Corée du Nord est apparu en premier sur ZATAZ. ]]> 2018-02-13T18:45:01+00:00 https://www.zataz.com/hidden-cobra-malveillant-made-coree-nord/ www.secnews.physaphae.fr/article.php?IdArticle=480942 False Medical APT 38 None Data Security Breach - Site de news Francais Opération de la Corée du nord baptisée HIDDEN COBRA est diffusé par Data Security Breach. ]]> 2018-02-13T18:27:03+00:00 https://www.datasecuritybreach.fr/hidden-cobra/ www.secnews.physaphae.fr/article.php?IdArticle=481178 False Medical APT 38 None Security Affairs - Blog Secu Security experts at Trend Micro have analyzed malware and a tool used by the Lazarus APT group in the recent attacks against financial institutions. Security experts at Trend Micro have analyzed the attacks conducted by the notorious Lazarus APT group against financial institutions. The activity of the Lazarus Group surged in 2014 and 2015, its […] ]]> 2018-01-25T19:26:13+00:00 http://securityaffairs.co/wordpress/68221/apt/lazarus-apt-arsenal.html www.secnews.physaphae.fr/article.php?IdArticle=460268 False Medical APT 38 None SecurityWeek - Security News 2018-01-25T15:01:52+00:00 http://feedproxy.google.com/~r/Securityweek/~3/IzHZleE1tkc/north-korea-linked-lazarus-hackers-update-arsenal-hacking-tools www.secnews.physaphae.fr/article.php?IdArticle=460242 False Medical APT 38 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2017-12-20T05:18:48+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/sSNJSmT1r_A/lazarus-hacking-bitcoin.html www.secnews.physaphae.fr/article.php?IdArticle=453023 False Medical APT 38 None Security Affairs - Blog Secu Security experts from Secureworks revealed the Lazarus APT group launched a spearphishing campaign against a London cryptocurrency company. The dreaded Lazarus APT group is back and launched a spearphishing campaign against a London cryptocurrency company to steal employee credentials. The activity of the Lazarus Group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks […] ]]> 2017-12-15T21:04:37+00:00 http://securityaffairs.co/wordpress/66780/apt/lazarus-apt-cryptocurrency.html www.secnews.physaphae.fr/article.php?IdArticle=451477 False Medical APT 38 None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC life of its own a few days ago. But I’m reminded of the ending monologue by Morgan Freeman in “The Shawshank Redemption”, in which he starts off by saying, “Get busy living or get busy dying.” So the thought of the week is, “Get busy securing, or get busy insecuring.” Hmm doesn’t quite have the same ring to it. Will have to think of a better word – but you catch my drift. Let’s jump into this week’s interesting security bits Mirai Mirai on the wall I picture Brian Krebs as being a Liam Neeson type – he sees that his website is under attack by a never-before seen DDoS attack. He mutters to himself, “I don’t know who you are, but I will hunt you, I will find you, and I will blog about it until you get arrested, prosecuted, and thrown in jail.” It so happens that this week the hackers behind the Mirai botnet and a series of DDoS attacks pled guilty. The Hackers Behind Some of the Biggest DDoS Attacks in History Plead Guilty | Motherboard Mirai IoT Botnet Co-Authors Plead Guilty | KrebsonSecurity Botnet Creators Who Took Down the Internet Plead Guilty | Gizmondo Bug Laundering Bounties Apparently, HBO negotiated with hackers. Paying them $250,000 under the guise of a bug bounty as opposed to a ransom. Maybe in time, it will be found that HBO acted above board, maybe it was a sting operation, maybe it was a misconstrued email. The worrying fact is that any payment exchange system can be used to launder money. However, bug bounty providers don’t (as far as I can tell) have financial services obligations. Does the bug bounty industry need more regulation (shudder)? Leaked email shows HBO negotiating with hackers | Calgary Herald Remember the 'Game of Thrones' leak? An Iranian hacker was charged with stealing HBO scripts to raise bitcoin | USA Today Uber used bug bounty program to launder blackmail payment to hacker | ars Technica Inside a low budget consumer hardware espionage implant I’m not much of a hardware expert – actually, I’m not much of a hardware novice either. But this writeup by Mich is awesome. I didn’t even know there were so many ways to sniff, intercept and basically mess around with stuff at such small scale. It’s extremely detailed and I’ve permanently bookmarked it for future reference. ]]> 2017-12-15T14:00:00+00:00 http://feeds.feedblitz.com/~/510731884/0/alienvault-blogs~Things-I-Hearted-This-Week-th-December www.secnews.physaphae.fr/article.php?IdArticle=451486 False Guideline,Medical,Cloud Uber,APT 38,APT 37 None Security Affairs - Blog Secu The North Korea linked group Lazarus APT has been using a new strain of Android malware to target smartphone users in South Korea. The hacking campaign was spotted by McAfee and Palo Alto Networks, both security firms attributed the attacks to the Hidden Cobra APT. The activity of the Lazarus APT Group surged in 2014 and 2015, its […] ]]> 2017-11-22T07:45:40+00:00 http://securityaffairs.co/wordpress/65854/apt/lazarus-apt-android.html www.secnews.physaphae.fr/article.php?IdArticle=437853 False Medical APT 38 None The Security Ledger - Blog Sécurité Read the whole entry...  _!fbztxtlnk!_ https://feeds.feedblitz.com/~/493009316/0/thesecurityledger -->»]]> 2017-11-15T17:21:07+00:00 https://feeds.feedblitz.com/~/493009316/0/thesecurityledger~US-Government-Warns-of-Hidden-Cobra-North-Korea-Cyber-Threat/ www.secnews.physaphae.fr/article.php?IdArticle=434031 False Medical APT 38 None Graham Cluley - Blog Security The FBI and US Department of Homeland Security have issued an alert that hackers have targeted the aerospace industry, financial services and critical infrastructure with a remote access trojan (RAT) to further exploit vulnerable networks. ]]> 2017-11-15T11:14:56+00:00 https://hotforsecurity.bitdefender.com/blog/us-government-issues-alert-about-north-korean-hidden-cobra-cyber-attacks-19215.html#new_tab www.secnews.physaphae.fr/article.php?IdArticle=433748 False Medical APT 38 None