This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-10T23:25:30+00:00 www.secnews.physaphae.fr Malwarebytes Labs - MalwarebytesLabs Transport and logistics are vital infrastructure, because we need them to deliver our daily necessities, but who is responsible for protecting them? Categories: Business Cybercrime Tags: cyberattackshackinginfrastructurelogisticsNotPetyaphishingprevent ransomware attacksprotectionransomwaretransportWannaCry (Read more...) ]]> 2018-11-06T18:05:01+00:00 https://blog.malwarebytes.com/101/business/2018/11/compromising-vital-infrastructure-transport-logistics/ www.secnews.physaphae.fr/article.php?IdArticle=883293 False Ransomware NotPetya,Wannacry None Global Security Mag - Site de news francais Malwares ]]> 2018-10-16T14:08:05+00:00 http://www.globalsecuritymag.fr/Les-chercheurs-d-ESET-etablissent,20181016,81580.html www.secnews.physaphae.fr/article.php?IdArticle=850157 False Malware NotPetya None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2018-10-15T15:38:02+00:00 https://threatpost.com/notpetya-linked-to-industroyer-attack-on-ukraine-energy-grid/138287/ www.secnews.physaphae.fr/article.php?IdArticle=848376 False None NotPetya None Bleeping Computer - Magazine Américain 2018-10-12T18:24:00+00:00 https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-12th-2018-notpetya-gandcrab-and-more/ www.secnews.physaphae.fr/article.php?IdArticle=844827 False Ransomware NotPetya None Security Affairs - Blog Secu 2018-10-11T21:53:00+00:00 https://securityaffairs.co/wordpress/77051/malware/exaramel-malware.html www.secnews.physaphae.fr/article.php?IdArticle=842987 False Malware NotPetya None SecurityWeek - Security News 2018-10-11T12:01:05+00:00 https://www.securityweek.com/exaramel-malware-reinforces-link-between-industroyer-and-notpetya www.secnews.physaphae.fr/article.php?IdArticle=843059 False Malware NotPetya 3.0000000000000000 ZD Net - Magazine Info 2018-10-11T12:00:00+00:00 https://www.zdnet.com/article/security-researchers-find-solid-evidence-linking-industroyer-to-notpetya/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=842017 False None NotPetya None We Live Security - Editeur Logiciel Antivirus ESET ESET's analysis of a recent backdoor used by TeleBots – the group behind the massive NotPetya ransomware outbreak – uncovers strong code similarities to the Industroyer main backdoor, revealing a rumored connection that was not previously proven ]]> 2018-10-11T11:57:01+00:00 https://www.welivesecurity.com/2018/10/11/new-telebots-backdoor-linking-industroyer-notpetya/ www.secnews.physaphae.fr/article.php?IdArticle=842055 False Ransomware NotPetya None Bleeping Computer - Magazine Américain 2018-10-11T08:23:04+00:00 https://www.bleepingcomputer.com/news/security/new-backdoor-ties-notpetya-and-industroyer-to-telebots-group/ www.secnews.physaphae.fr/article.php?IdArticle=842078 False Malware NotPetya None CSO - CSO Daily Dashboard NotPetya, ransomware-malicious programs that encrypt your files and demand a ransom payment in bitcoin to restore them-became one of the most talked about forms of malware of 2017. Yet at the same time, the actual rates of malware infection began to plummet around the middle of the year, until by December 2017 it represented only about 10 percent of infections.   ]]> 2018-10-10T09:52:00+00:00 https://www.csoonline.com/article/3153707/security/top-cybersecurity-facts-figures-and-statistics.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=840823 False Malware,Studies NotPetya None The Security Ledger - Blog Sécurité Read the whole entry...  _!fbztxtlnk!_ https://feeds.feedblitz.com/~/572593864/0/thesecurityledger -->»]]> 2018-10-03T11:30:03+00:00 https://feeds.feedblitz.com/~/572593864/0/thesecurityledger~NotPetya-Horror-Story-Highlights-Need-for-Holistic-Security/ www.secnews.physaphae.fr/article.php?IdArticle=829796 False None NotPetya None Data Security Breach - Site de news Francais Xbash, le futur Petya ? est apparu en premier sur Data Security Breach. ]]> 2018-09-21T16:06:03+00:00 https://www.datasecuritybreach.fr/xbash-le-futur-petya/ www.secnews.physaphae.fr/article.php?IdArticle=819278 False Malware NotPetya 2.0000000000000000 AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC ransomware was the summer anthem of 2017. At the time, it seemed impossible that the onslaught of global ransomware attacks like WannaCry and NotPetya would ever wane. But, I should have known better. Every summertime anthem eventually gets overplayed. This year, cryptojacking took over the airwaves, fueled by volatile global cryptocurrency markets. In the first half of 2018, detected cryptojacking attacks increased 141%, outpacing ransomware attacks. In this blog post, I’ll address cryptojacking: what it is, how it works, how to detect it, and why you should be tuning into this type of threat. What is Cryptojacking? Crytojacking definition: Cryptojacking is the act of using another’s computational resources without their knowledge or permission for cryptomining activities. By cryptojacking mobile devices, laptops, and servers, attackers effectively steal the CPU of your device to mine for cryptocurrencies like Bitcoin and Monero. Whereas traditional malware attacks target sensitive data that can be exploited for financial gain, like social security numbers and credit card information, cybercriminals that launch cryptojacking campaigns are more interested in your device’s computing power than your own personal data. To understand why, it’s helpful to consider the economics of cryptocurrency mining. Mining for cryptocurrencies like Bitcoin and Monero takes some serious computing resources to solve the complex algorithms used to discover new coins. These resources are not cheap, as anyone who pays their organization’s AWS bill or data center utility bill can attest to. So, in order for cryptocurrency mining to be profitable and worthwhile, the market value of the cryptocurrency must be higher than the cost of mining it – that is, unless you can eliminate the resource costs altogether by stealing others’ resources to do the mining for you. That’s exactly what cryptojacking attacks aim to do, to silently turn millions of devices into cryptomining bots, enabling cybercriminals to turn a profit without all the effort and uncertainty of collecting a ransom. Often, cryptojacking attacks are designed to evade detection by traditional antivirus tools so that they can quietly run in the background of the machine. Does this mean that all cryptomining activity is malicious? Well, it depends on who you ask. Cryptomining vs. Cryptojacking As the cryptocurrency markets have gained value and become more mainstream in recent years, we’ve seen a digital gold rush to cryptomine for new Bitcoin, and more recently, Monero. What began with early adopters and hobbyists building home rigs to mine for new coins has now given way to an entire economy of mining as a service, cryptoming server farms, and even cryptomining cafes. In this sense, cryptomining is, more or less, considered a legal and legitimate activity, one that could be further legitimized by a rumored $12 Billion Bitman IPO. Yet, the lines between cryptomining and cryptojacking are blurry. For example, the cryptomining “startup” Coinhive has positioned its technology as an alternative way to monetize a website, instead of by serving ads or charging a subscription. According to the website, the folks behind Coinhive, “dream about it as an alternative to micropayments, artificial wait time in online games, intrusive ads and dubious marketing tactics.” Yet at the same time, Coinhive has been one of the most common culprits found]]> 2018-09-11T13:00:00+00:00 http://feeds.feedblitz.com/~/569069766/0/alienvault-blogs~Explain-Cryptojacking-to-Me www.secnews.physaphae.fr/article.php?IdArticle=803093 False Malware,Threat NotPetya,Wannacry,Tesla None Errata Security - Errata Security an IoT security bill, awaiting the government's signature/veto. It's a typically bad bill based on a superficial understanding of cybersecurity/hacking that will do little improve security, while doing a lot to impose costs and harm innovation.It's based on the misconception of adding security features. It's like dieting, where people insist you should eat more kale, which does little to address the problem you are pigging out on potato chips. The key to dieting is not eating more but eating less. The same is true of cybersecurity, where the point is not to add “security features” but to remove “insecure features”. For IoT devices, that means removing listening ports and cross-site/injection issues in web management. Adding features is typical “magic pill” or “silver bullet” thinking that we spend much of our time in infosec fighting against.We don't want arbitrary features like firewall and anti-virus added to these products. It'll just increase the attack surface making things worse. The one possible exception to this is “patchability”: some IoT devices can't be patched, and that is a problem. But even here, it's complicated. Even if IoT devices are patchable in theory there is no guarantee vendors will supply such patches, or worse, that users will apply them. Users overwhelmingly forget about devices once they are installed. These devices aren't like phones/laptops which notify users about patching.You might think a good solution to this is automated patching, but only if you ignore history. Many rate “NotPetya” as the worst, most costly, cyberattack ever. That was launched by subverting an automated patch. Most IoT devices exist behind firewalls, and are thus very difficult to hack. Automated patching gets beyond firewalls; it makes it much more likely mass infections will result from hackers targeting the vendor. The Mirai worm infected fewer than 200,000 devices. A hack of a tiny IoT vendor can gain control of more devices than that in one fell swoop.The bill does target one insecure feature that should be removed: hardcoded passwords. But they get the language wrong. A device doesn't have a single password, but many things that may or may not be called passwords. A typical IoT device has one system for creating accounts on the web management interface, a wholly separate authentication system for services like Telnet (based on /etc/passwd), and yet a wholly separate system for things like debugging interfaces. Just because a device does the proscribed thing of using a unique or user generated password in the user interface doesn't mean it doesn't also have a bug in Telnet.That was the problem with devices infected by Mirai. The description that these were hardcoded passwords is only a superficial understanding of the problem. The real problem was that there were different authentication systems in the web interface and in other services like Telnet. Most of the devices vulnerable to Mirai did the right thing on the web interfaces (meeting the language of this law) requiring the user to create new passwords before operating. They just did the wrong thing elsewhere.People aren't really paying attention to what happened with Mirai. They look at the 20 billion new IoT devices that are going to be connected to the Internet by 2020 and believe Mirai is just the tip of the iceberg. But it isn't. The IPv4 Internet has only 4 billion addresses, which are pretty much already used up. This means those 20 billion won't be exposed to the public Internet like Mirai devices, but hidden behind firewalls that translate addresses. Thus, rather than Mirai presaging the future, it represents the last gasp of the past that is unlikely to come again.This law is backwards looking rather than forward looking. Forward looking, by far the most important t]]> 2018-09-10T17:33:17+00:00 https://blog.erratasec.com/2018/09/californias-bad-iot-law.html www.secnews.physaphae.fr/article.php?IdArticle=802142 False Hack,Threat,Patching,Guideline NotPetya,Tesla None SecurityWeek - Security News 2018-08-27T17:07:03+00:00 https://www.securityweek.com/cyber-risk-business-risk-time-business-aligned-ciso www.secnews.physaphae.fr/article.php?IdArticle=783304 False Ransomware NotPetya,Equifax,Yahoo None Checkpoint - Fabricant Materiel Securite 2018-08-16T09:45:01+00:00 http://blog.checkpoint.com/2018/08/16/security-fifth-generation-quiz/ www.secnews.physaphae.fr/article.php?IdArticle=779573 False None NotPetya,Wannacry None InformationSecurityBuzzNews - Site de News Securite How Ransomware Is Still Hitting Businesses With Heavy Costs]]> 2018-07-25T12:36:05+00:00 https://www.informationsecuritybuzz.com/articles/how-ransomware-is-still-hitting-businesses-with-heavy-costs/ www.secnews.physaphae.fr/article.php?IdArticle=752948 False Ransomware NotPetya,Wannacry None IT Security Guru - Blog Sécurité 2018-07-25T11:15:01+00:00 http://www.itsecurityguru.org/2018/07/25/complacency-setting-comes-ransomware/ www.secnews.physaphae.fr/article.php?IdArticle=752839 False Ransomware NotPetya,Wannacry None Errata Security - Errata Security recent effort. They are usually wrong. It's a typical cybersecurity policy effort which knows the answer without paying attention to the question.Patching has little to do with IoT security. For one thing, consumers will not patch vulns, because unlike your phone/laptop computer which is all "in your face", IoT devices, once installed, are quickly forgotten. For another thing, the average lifespan of a device on your network is at least twice the duration of support from the vendor making patches available.Naive solutions to the manual patching problem, like forcing autoupdates from vendors, increase rather than decrease the danger. Manual patches that don't get applied cause a small, but manageable constant hacking problem. Automatic patching causes rarer, but more catastrophic events when hackers hack the vendor and push out a bad patch. People are afraid of Mirai, a comparatively minor event that led to a quick cleansing of vulnerable devices from the Internet. They should be more afraid of notPetya, the most catastrophic event yet on the Internet that was launched by subverting an automated patch of accounting software.Vulns aren't even the problem. Mirai didn't happen because of accidental bugs, but because of conscious design decisions. Security cameras have unique requirements of being exposed to the Internet and needing a remote factory reset, leading to the worm. While notPetya did exploit a Microsoft vuln, it's primary vector of spreading (after the subverted update) was via misconfigured Windows networking, not that vuln. In other words, while Mirai and notPetya are the most important events people cite supporting their vuln/patching policy, neither was really about vuln/patching.Such technical analysis of events like Mirai and notPetya are ignored. Policymakers are only cherrypicking the superficial conclusions supporting their goals. They assiduously ignore in-depth analysis of such things because it inevitably fails to support their positions, or directly contradicts them.IoT security is going to be solved regardless of what government does. All this policy talk is premised on things being static unless government takes action. This is wrong. Government is still waffling on its response to Mirai, but the market quickly adapted. Those off-brand, poorly engineered security cameras you buy for $19 from Amazon.com shipped directly from Shenzen now look very different, having less Internet exposure, than the ones used in Mirai. Major Internet sites like Twitter now use multiple DNS providers so that a DDoS attack on one won't take down their services.In addition, technology is fundamentally changing. Mirai attacked IPv4 addresses outside the firewall. The 100-billion IoT devices going on the network in the next decade will not work this way, cannot work this way, because there are only 4-billion IPv4 addresses. Instead, they'll be behind NATs or accessed via IPv6, both of which prevent Mirai-style worms from functioning. Your fridge and toaster won't connect via your home WiFi anyway, but via a 5G chip unrelated to your home.Lastly, focusing on the ven]]> 2018-07-12T19:54:20+00:00 https://blog.erratasec.com/2018/07/your-iot-security-concerns-are-stupid.html www.secnews.physaphae.fr/article.php?IdArticle=742946 False Hack,Patching,Guideline NotPetya None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC OWASP top 10 for .NET developers and thinking to myself that this guy really knows his stuff.   Which is why I was optimistic when Troy launched Have I been Pwned - but I don't think I foresaw how big the project would become and now it is being integrated into Firefox and 1Password. Not bad going for the blogger from down under.     We're Baking Have I Been Pwned into Firefox and 1Password| Troy Hunt Defining Hacker In 2018 If you do a Google Image Search against the word hacker, you’ll get images of scary-looking balaclava-clad cybercriminals hunched over a quintessentially green computer terminal. They’re up to no good… Stealing your data, crashing critical systems, or causing general Internet badness. In reality, the word “hacker” applies to a much broader group of people, one that extends well beyond cybersecurity. Merriam-Webster defines a “hacker” as “an expert at programming and solving problems with a computer”. Defining "Hacker" in 2018| BugCrowd Lessons From nPetya One Year Later This is the one year anniversary of NotPetya. It was probably the most expensive single hacker attack in history (so far), with FedEx estimating it cost them $300 million. Shipping giant Maersk and drug giant Merck suffered losses on a similar scale. Many are discussing lessons we should learn from this, but they are the wrong lessons. An example is this quote in a recent article: "One year on from NotPetya, it seems lessons still haven't been learned. A lack of regular patching of outdated systems because of the issues of downtime and disruption to organisations was the path through which both NotPetya and WannaCry spread, and this fundamental problem remains." This is an attractive claim. It describes the problem in terms of people being "weak" and that the solution is to be "strong". If only organizations where strong enough, willing to deal with downtime and disruption, then problems like this wouldn't happen. But this is wrong, at least in the case of NotPetya. Lessons from nPetya one year later| Errata Security   German Researcher Defeat Printers' Doc-Tracking Dots Beating the unique identifiers that printers can add to documents for security purposes is possible: you just need to add extra dots beyond those that security tools already add. The trick is knowing where to add them. Many printers can add extra dots to help identify which device printed a document, as it's handy to know that when they fall into the wrong hands. The ]]> 2018-06-29T13:00:00+00:00 http://feeds.feedblitz.com/~/557751898/0/alienvault-blogs~Things-I-Hearted-this-Week-%e2%80%93-th-June www.secnews.physaphae.fr/article.php?IdArticle=740329 False None FedEx,NotPetya,Wannacry None Errata Security - Errata Security An example is this quote in a recent article:"One year on from NotPetya, it seems lessons still haven't been learned. A lack of regular patching of outdated systems because of the issues of downtime and disruption to organisations was the path through which both NotPetya and WannaCry spread, and this fundamental problem remains." This is an attractive claim. It describes the problem in terms of people being "weak" and that the solution is to be "strong". If only organizations where strong enough, willing to deal with downtime and disruption, then problems like this wouldn't happen.But this is wrong, at least in the case of NotPetya.NotPetya's spread was initiated through the Ukraining company MeDoc, which provided tax accounting software. It had an auto-update process for keeping its software up-to-date. This was subverted in order to deliver the initial NotPetya infection. Patching had nothing to do with this. Other common security controls like firewalls were also bypassed.Auto-updates and cloud-management of software and IoT devices is becoming the norm. This creates a danger for such "supply chain" attacks, where the supplier of the product gets compromised, spreading an infection to all their customers. The lesson organizations need to learn about this is how such infections can be contained. One way is to firewall such products away from the core network. Another solution is port-isolation/microsegmentation, that limits the spread after an initial infection.Once NotPetya got into an organization, it spread laterally. The chief way it did this was through Mimikatz/PsExec, reusing Windows credentials. It stole whatever login information it could get from the infected machine and used it to try to log on to other Windows machines. If it got lucky getting domain administrator credentials, it then spread to the entire Windows domain. This was the primary method of spreading, not the unpatched ETERNALBLUE vulnerability. This is why it was so devastating to companies like Maersk: it wasn't a matter of a few unpatched systems getting infected, it was a matter of losing entire domains, including the backup systems.Such spreading through Windows credentials continues to plague organizations. A good example is the recent ransomware infection of the City of Atlanta that spread much the same way. The limits of the worm were the limits of domain trust relationships. For example, it didn't infect the city airport because that Windows domain is separate from the city's domains.This is the most pressing lesson organizations need to learn, the one they are ignoring. They need to do more to prevent desktops from infecting each other, such as through port-isolation/microsegmentation. They need to control the spread of administrative credentials within the organization. A lot of organizations put the same local admin account on every workstation which makes the spread of NotPetya style worms trivial. They need to reevaluate trust relationships between domains, so that the admin of one can't infect the others.These solutions are difficult, which is why news articles don't mention them. You don't have to know anything about security to proclaim "the problem is lack of patches". It's moral authority, chastising the weak, rather than a proscription of what to do. Solving supply chain hacks and Windows credential sharing, though, is hard. I don't know any universal solution to this -- I'd have to thoroughly analyze your network and business in order to ]]> 2018-06-27T15:49:15+00:00 https://blog.erratasec.com/2018/06/lessons-from-npetya-one-year-later.html www.secnews.physaphae.fr/article.php?IdArticle=725976 False Ransomware,Malware,Patching FedEx,NotPetya,Wannacry None Security Intelligence - Site de news Américain WannaCry drove a 415 percent increase in ransomware attacks and accounted for 90 percent of all detection reports in 2017. In addition to these eye-popping numbers, F-Secure’s “The Changing State of Ransomware” report also offered some positive ransomware news: The lack of big paydays for campaigns such as WannaCry and NotPetya are now causing a […] ]]> 2018-05-04T17:13:01+00:00 https://securityintelligence.com/wannacry-dominates-ransomware-news-in-2017-drives-415-percent-attack-boost/ www.secnews.physaphae.fr/article.php?IdArticle=627174 False None NotPetya,Wannacry None SecurityWeek - Security News 2018-05-03T16:36:04+00:00 https://www.securityweek.com/commodity-ransomware-declines-corporate-attacks-increase www.secnews.physaphae.fr/article.php?IdArticle=631812 False None NotPetya,Wannacry None SecurityWeek - Security News 2018-04-13T16:10:02+00:00 https://www.securityweek.com/illumio-qualys-partner-vulnerability-based-micro-segmentation www.secnews.physaphae.fr/article.php?IdArticle=583923 False None NotPetya,Wannacry,Equifax None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2018-04-06T04:41:01+00:00 https://thehackernews.com/2018/04/microsoft-office-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=570080 False None NotPetya,Wannacry None SecurityWeek - Security News not gone nearly far enough" in the cyber domain.  He also warned that the military still does not have clear authorities and rules of engagement for when and how it can conduct offensive cyber ops. "Cyberspace needs to be looked at as a warfighting domain, and if somebody threatens us in cyberspace, we need to have the authorities to respond," Hyten told lawmakers this week. Hyten's testimony comes after Admiral Michael Rogers, who heads both the NSA -- the leading US electronic eavesdropping agency -- and the new US Cyber Command, last month said President Donald Trump had no]]> 2018-03-26T14:12:04+00:00 http://feedproxy.google.com/~r/Securityweek/~3/x6GsIjhGTWw/pentagon-looks-counter-ever-stealthier-warfare www.secnews.physaphae.fr/article.php?IdArticle=542732 True Guideline NotPetya None SecurityWeek - Security News alert to Twitter. In a press conference held Thursday afternoon, mayor Keisha Bottoms announced that the breach had been ransomware. She gave no details of the ransomware demands, but noticeably declined to say whether the ransom would be payed or refused. Bottoms could not at this stage confirm whether personal details had also been stolen in the same breach, but suggested that customers and staff should monitor their credit accounts. Questions on the viability of data backups and the state of system patches were not clearly answered; but it was stressed that the city had adopted a 'cloud first' policy going forwards specifically to improve security and mitigate against future ransomware attacks. A city employee obtained and sent a screenshot of the ransom note to local radio station 11Alive. The screenshot shows a bitcoin demand for $6,800 per system, or $51,000 to unlock all systems. It is suggested that the ransom note is similar to ones used by the SamSam strain of ransomware. Steve Ragan subsequently tweeted, "1 local, 2 remote sources are telling me City of Atlanta was hit by SamSam. The wallet where the ransom is to be sent (if they pay) has collected $590,000 since Jan 27." SamSam ransomware infected two healthcare organizations earlier this year. SamSam is not normally introduced via a phishing attack, but rather following a pre-existing breach. This could explain the concern over data theft on top of the data encryption. It also raises the question over whether the initial breach was due to a security failure, an unpatched system, or via a third-party supplier. Ransomware is not a new threat, and there are mitigations -- but it continues to cause havoc. Official advice is, wherever at all possible, refuse to pay. The theory is if the attackers cease getting a return on their attacks, they will turn to something easier with a better ROI on their time. This approach simply isn't working. Sometimes payment can be avoided by recovering data from backups]]> 2018-03-23T19:45:03+00:00 http://feedproxy.google.com/~r/Securityweek/~3/IZwrWfXW7HU/ransomware-hits-city-atlanta www.secnews.physaphae.fr/article.php?IdArticle=537389 True None NotPetya,Wannacry None SecurityWeek - Security News sanctions against Russian spy agencies and more than a dozen individuals for trying to influence the 2016 presidential election and launching cyberattacks, including the NotPetya attack and campaigns targeting energy firms. Shortly after, US-CERT updated an alert from the DHS and FBI to officially accuse the Russian government of being responsible for critical infrastructure attacks launched by a threat actor tracked as Dragonfly, Crouching Yeti and Energetic Bear. A warning issued last year by the UK's National Cyber Security Centre (NCSC) revealed that hackers had targeted the country's energy sector, abusing the Server Message Block (SMB) protocol and attempting to harvest victims' passwords. An investigation conducted by Cylance showed that the attacks were likely carried out by the Dragonfly group. The security firm has observed a series of phishing attacks aimed at the energy sector in the UK using two documents claiming to be resumes belonging to one Jacob Morrison. When opened, the documents fetched a template file and attempted to automatically authenticate to a remote SMB server controlled by the attackers. This template injection technique was detailed last year by Cisco Talos following Dragonfly attacks on critical infrastructure organizations in the United States. When a malicious document is opened using Microsoft Word, it loads a template file from the attacker's SMB server. When the targeted device connects to the SMB server, it will attempt to authenticate using the current Windows user's domain credentials, basically handing them over to the attackers. In a separate analysis of such attacks, Cylance noted that while the credentials will in most cases be encrypted, even an unsophisticated attacker will be able to recover them in a few hours or days, depending on their resources. According to Cylance, Dragonfly used this technique to harvest credentials that were later likely used to hack the systems of energy sector organizations in the United Kingdom. One interesting aspect noticed by Cylance researchers is that the IP address of the SMB server used in the template injection attack was associated with a major state-owned energy congl]]> 2018-03-19T13:51:04+00:00 http://feedproxy.google.com/~r/Securityweek/~3/L7ZoccaUHp8/russian-cyberspies-hacked-routers-energy-sector-attacks www.secnews.physaphae.fr/article.php?IdArticle=528748 True None NotPetya None SecurityWeek - Security News sanctions against Russian spy agencies and more than a dozen individuals for trying to influence the 2016 presidential election and launching cyberattacks, including the destructive NotPetya campaign and operations targeting energy firms. The Department of Homeland Security and Federal Bureau of Investigation issued a joint technical alert via US-CERT last year to warn about attacks launched by a group known as Dragonfly, Crouching Yeti and Energetic Bear on critical infrastructure. Researchers previously linked Dragonfly to the Russian government and now the DHS has officially stated the same. US-CERT has updated its alert with some additional information. The new version of the alert replaces “APT actors” with “Russian government cyber actors.” The DHS said that based on its analysis of malware and indicators of compromise, Dragonfly attacks are ongoing, with threat actors “actively pursuing their ultimate objectives over a long-term campaign.” This is not the first time the U.S. has imposed sanctions on Russia over its attempt to influence elections. Russia has also been accused by Washington and others of launching the NotPetya attack last year. The Kremlin has always denied the accusations, but President Vladimir Putin did admit at one point that patriotic hackers could be behind the attacks. If Dragonfly and Sofacy (aka Fancy Bear, APT28, Sednit, Tsar Team and Pawn Storm) are truly operating out of Russia, they don't seem to be discouraged by sanctions and accusations. On March 12 and March 14, security firm Palo Alto Networks spotted attacks launched by Sofacy against an unnamed European government agency using an updated variant of a known tool. Sofacy has been using a Flash Player exploit platform dubbed DealersChoice since at least 2016 and it has continued improving it. The latest version has been delivered to a government organization in Europe using a spear phishing email referencing the “Underwat]]> 2018-03-16T14:40:02+00:00 http://feedproxy.google.com/~r/Securityweek/~3/H_qjWOR2vLM/sofacy-targets-european-govt-us-accuses-russia-hacking www.secnews.physaphae.fr/article.php?IdArticle=519656 False None NotPetya,APT 28 None ZD Net - Magazine Info 2018-03-15T15:32:02+00:00 http://www.zdnet.com/article/us-drops-sanctions-on-russia-over-notpetya-cyberattack-election-meddling/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=516560 False None NotPetya None Bleeping Computer - Magazine Américain 2018-03-15T13:37:02+00:00 https://www.bleepingcomputer.com/news/government/us-sanctions-russia-over-notpetya-outbreak-energy-grid-hacks-election-meddling/ www.secnews.physaphae.fr/article.php?IdArticle=516846 False None NotPetya None SecurityWeek - Security News 2018-03-15T13:03:01+00:00 http://feedproxy.google.com/~r/Securityweek/~3/8RsFfVHYkpw/microsoft-publishes-bi-annual-security-intelligence-report-sir www.secnews.physaphae.fr/article.php?IdArticle=516128 True None NotPetya,Wannacry None IT Security Guru - Blog Sécurité 2018-03-15T12:07:02+00:00 http://www.itsecurityguru.org/2018/03/15/countries-learning-russias-cyber-tactics/ www.secnews.physaphae.fr/article.php?IdArticle=516017 False None NotPetya None SecurityWeek - Security News fileless attacks, primarily via PowerShell, grew; and there was a surge in cryptocurrency hijacking malware. These were the primary threats outlined in the latest McAfee Lab's Threat Report (PDF) covering Q4 2017. The growth of cryptomining malware coincided with the surge in Bitcoin value, which peaked at just under $20,000 on Dec. 22. With the cost of dedicated mining hardware at upwards of $5,000 per machine, criminals chose to steal users' CPU time via malware. It demonstrates how criminals always follow the money, and choose the least expensive method of acquiring it with the greatest chance of avoiding detection. Since December, Bitcoin's value has fallen to $9,000 (at the time of publishing). Criminals' focus on Bitcoin is likewise being modified, with Ethereum and Monero becoming popular. Last week, Microsoft discovered a major campaign focused on stealing Electroneum. "We currently see discussions in underground forums that suggest moving from Bitcoin to Litecoin because the latter is a safer model with less chance of exposure," comments Raj Samani, chief scientist and McAfee fellow with the Advanced Threat Research Team. The speed with which criminals adapt to their latest market conditions is also seen in the way they maximize their asymmetric advantage. "Adversaries," writes Samani, "have the luxury of access to research done by the technical community, and can download and use opensource tools to support their campaigns, while the defenders' level of insight into cybercriminal activities is considerably more limited, and identifying evolving tactics often must take place after malicious campaigns have begun." Examples of attackers making use of legitimate research include Fancy Bear (APT28) leveraging a Microsoft Office Dynamic Data Exchange technique in November 2017 that had been made public just a few we]]> 2018-03-13T15:50:02+00:00 http://feedproxy.google.com/~r/Securityweek/~3/oZrY8mCN0zo/usual-threats-more-sophisticated-and-faster-report www.secnews.physaphae.fr/article.php?IdArticle=510719 True None NotPetya,Equifax,APT 28 None SecurityWeek - Security News 2018-03-02T15:45:05+00:00 http://feedproxy.google.com/~r/Securityweek/~3/iVq-Rj9xBzs/nuance-estimates-notpetya-impact-90-million www.secnews.physaphae.fr/article.php?IdArticle=494829 False None NotPetya None Security Affairs - Blog Secu 2018-02-18T14:29:02+00:00 http://securityaffairs.co/wordpress/69221/security/germanys-defense-minister.html www.secnews.physaphae.fr/article.php?IdArticle=482583 False None NotPetya,Wannacry None Bleeping Computer - Magazine Américain 2018-02-18T05:50:02+00:00 https://www.bleepingcomputer.com/news/security/all-five-eyes-countries-formally-accuse-russia-of-orchestrating-notpetya-attack/ www.secnews.physaphae.fr/article.php?IdArticle=482374 False None NotPetya None IT Security Guru - Blog Sécurité 2018-02-16T16:34:05+00:00 http://www.itsecurityguru.org/2018/02/16/russia-blamed-notpetya/ www.secnews.physaphae.fr/article.php?IdArticle=480981 False None NotPetya None Bleeping Computer - Magazine Américain 2018-02-16T16:01:05+00:00 https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-february-16th-2018-notpetya-and-saturn/ www.secnews.physaphae.fr/article.php?IdArticle=481228 False None NotPetya None IT Security Guru - Blog Sécurité 2018-02-16T15:14:03+00:00 http://www.itsecurityguru.org/2018/02/16/destructive-nature-north-korean-cyber-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=480985 False None NotPetya,Wannacry 2.0000000000000000 AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC We hear a lot about bug bounties and how some people are potentially making a lucrative living off it. HackerOne has paid out over $24m in bounties in the last five years. That’s some serious cash, considering how far that translates into local currencies. So, they asked some of their top hackers how they spent their money. How hackers spend their bounties | HackerOne SIM hijacking, the aftermath In last week’s roundup there was a story about SIM swapping and how T-mobile USA was sending texts to customers stating they may be victims of fraud. We often cover such stories, shake our heads and tut loudly before moving on. But Motherboard got in touch with nine victims of SIM hijacking and told their stories. It’s quite a wake-up call to the real-life impact scams and fraud can have on individuals. ‘I Lived a Nightmare:’ SIM Hijacking Victims Share Their Stories | Motherboard Cryptocurrencies Not entirely security related news, but hey if everyone is referring to it as ‘crypto’ I can include it here right? Joseph Steinberg considers what the future holds for Bitcoin, which sits at the head of the table of cryptocurrencies today, while other currencies are nipping at its heels. Will Bitcoin become the MySpace of Cryptocurrencies? | Joseph Steinberg Another cryptocurrency theft Italian Cryptocurrency Exchange BitGrail Lost $170 Million Worth of Nano to Hackers | InterestingEngineering Mining stuff There are lessons to be learned from government websites serving cryptocurrency miners | Virus Bulletin Could Bitcoin break the NHS? Latest crypto-jack attack ‘the first of many’, say experts | Express AI recognition Chinese police are wearing sunglasses that can recognize faces. No, that’s not a plot of a movie, but what’s actually happening. Railway police in Zhengzhou, a central Chinese city, are the first in the country to use facial-recognition eyewear to screen passengers during the Lunar New Year travel rush. The devices have allegedly already helped nab seven fugitives related to major criminal cases such as human trafficking and hit-and-runs, and 26 others who were traveling with fake identities. While that may be well and good, there are some issues with facial recognition. Joy Ruolamwini, a researcher at the M.I.T. media lab, has shown how real-life biases can creep into A.I. The result is that for a white man, facial]]> 2018-02-16T14:00:00+00:00 http://feeds.feedblitz.com/~/526798026/0/alienvault-blogs~Things-I-Hearted-this-Week-th-Feb www.secnews.physaphae.fr/article.php?IdArticle=481022 False None NotPetya,Wannacry None SecurityWeek - Security News 2018-02-16T06:00:03+00:00 http://feedproxy.google.com/~r/Securityweek/~3/lfYSJkC-i6A/us-canada-australia-attribute-notpetya-attack-russia www.secnews.physaphae.fr/article.php?IdArticle=480840 False None NotPetya None BBC - BBC News - Technology 2018-02-15T22:12:05+00:00 www.secnews.physaphae.fr/article.php?IdArticle=479652 False None NotPetya None The Security Ledger - Blog Sécurité Read the whole entry...  _!fbztxtlnk!_ https://feeds.feedblitz.com/~/526630924/0/thesecurityledger -->»]]> 2018-02-15T20:47:03+00:00 https://feeds.feedblitz.com/~/526630924/0/thesecurityledger~What-the-UK-Knows-Five-Things-That-Link-NotPetya-to-Russia/ www.secnews.physaphae.fr/article.php?IdArticle=480808 False None NotPetya None Security Affairs - Blog Secu 2018-02-15T19:13:00+00:00 http://securityaffairs.co/wordpress/69122/malware/uk-blames-russia-notpetya.html www.secnews.physaphae.fr/article.php?IdArticle=481322 False None NotPetya None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC $150,000 - but the total damage caused by WannaCry has been estimated in the billions of dollars. There is strong evidence linking WannaCry to a group of hackers known as ‘Lazarus’, reportedly operating out of the DPRK (North Korea). Whilst WannaCry is perhaps the most famous attack by Lazarus, it isn’t the only ‘collateral damage’ caused by the DPRK’s cyber actions. Below we disclose new details on three attacks that have spread out of control. Two likely originating from the DPRK - and one targeting the DPRK. The Voice of Korea and the Rivts Virus This section describes a piece of malware that may have been created within the DPRK as part of a test project - and accidentally leaked out onto the wider internet. A simple file-infector We triage many millions of malicious files automatically every day in an effort to ensure our customers are covered from new threats.  One malware family we regularly see, called Rivts by antivirus vendors, was originally created in 2009 but still continues to spread. Rivts is a file-infecting worm - it spreads across USB drives and hard drives attaching itself to files to spread further. The new files we see everyday are the result of new files being infected with the original worm from 2009 - not new developments by the attacker. Overall, it’s a fairly boring file infector (or “virus”). But there was one very strange thing that caught our eye. North Korean Software As part of its initial infection process, Rivts checks for the presence of system files normally found on Windows XP to infect first. But it seems to expect two pieces of uncommon software in the Windows System folder: Below are the details of these two files, nnr60.exe and hana80.exe: Whilst the DPRK is well known for developing its own Linux based operating system, and there is evidence of some DPRK hackers using ]]> 2018-02-15T14:00:00+00:00 http://feeds.feedblitz.com/~/526529066/0/alienvault-blogs~North-Korean-CyberAttacks-and-Collateral-Damage www.secnews.physaphae.fr/article.php?IdArticle=481023 False None NotPetya,Wannacry,Yahoo,APT 38 None The State of Security - Magazine Américain Read More ]]> 2018-02-15T12:04:05+00:00 https://www.tripwire.com/state-of-security/latest-security-news/uk-government-publicly-attributes-notpetya-outbreak-russia/ www.secnews.physaphae.fr/article.php?IdArticle=480949 False None NotPetya None The Security Ledger - Blog Sécurité Read the whole entry...  _!fbztxtlnk!_ https://feeds.feedblitz.com/~/526362354/0/thesecurityledger -->»]]> 2018-02-14T23:57:05+00:00 https://feeds.feedblitz.com/~/526362354/0/thesecurityledger~Sour-Patch-NotPetyas-Cleanup-Cost-to-Mondelez-Tops-million/ www.secnews.physaphae.fr/article.php?IdArticle=480809 False None NotPetya None The State of Security - Magazine Américain The WannaCry and NotPetya outbreaks were by far among the most significant digital attack campaigns that took place in 2017. Together, the crypto-ransomware and wiper malware affected hundreds of thousands of computers all over the world. They achieved this reach by abusing EternalBlue. Allegedly developed by the U.S. National Security Agency (NSA) and leaked online […]… Read More ]]> 2018-02-05T04:00:45+00:00 https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/three-leaked-nsa-exploits-rewritten-affect-windows-oses-since-windows-2000/ www.secnews.physaphae.fr/article.php?IdArticle=463945 False None NotPetya,Wannacry None SecurityWeek - Security News 2018-01-26T08:31:06+00:00 http://feedproxy.google.com/~r/Securityweek/~3/NmZ19bWqAHQ/maersk-reinstalled-50000-computers-after-notpetya-attack www.secnews.physaphae.fr/article.php?IdArticle=460411 False None NotPetya None Security Affairs - Blog Secu The shipping giant Maersk chair Jim Hagemann Snabe revealed its company reinstalled 45,000 PCs and 4,000 Servers after NotPetya the attack. The shipping giant Maersk was one of the companies that suffered the NotPetya massive attack, in August 2017 the company announced that it would incur hundreds of millions in U.S. dollar losses due to the ransomware massive […] ]]> 2018-01-25T21:58:15+00:00 http://securityaffairs.co/wordpress/68227/security/maersk-notpetya-attack.html www.secnews.physaphae.fr/article.php?IdArticle=460267 False None NotPetya None Bleeping Computer - Magazine Américain 2018-01-25T06:45:31+00:00 https://www.bleepingcomputer.com/news/security/maersk-reinstalled-45-000-pcs-and-4-000-servers-to-recover-from-notpetya-attack/ www.secnews.physaphae.fr/article.php?IdArticle=460171 False None NotPetya None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2018-01-23T05:37:52+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/xRe9RAtHU4M/cybersecurity-certification-courses.html www.secnews.physaphae.fr/article.php?IdArticle=459694 False None NotPetya,Wannacry,Equifax,Uber None Infosec Island - Security Magazine 2018-01-04T08:30:00+00:00 https://www.infosecisland.com/blogview/25021-The-5-Motives-of-Ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=455337 False None NotPetya,Wannacry None The Security Ledger - Blog Sécurité Read the whole entry...  _!fbztxtlnk!_ https://feeds.feedblitz.com/~/512318212/0/thesecurityledger -->»]]> 2017-12-22T15:22:32+00:00 https://feeds.feedblitz.com/~/512318212/0/thesecurityledger~NotPetyas-Cost-to-FedEx-Million-and-counting/ www.secnews.physaphae.fr/article.php?IdArticle=454702 False None FedEx,NotPetya None IT Security Guru - Blog Sécurité Given the severe devastation WannaCry and NotPetya caused to organisations around the world, you would have thought investment and interest into beefing up defences would have increased? Well not according to the latest research by AlienVault. Having surveyed 233 IT professionals globally about how their roles have changed following these high-profile attacks, just 16% of ... ]]> 2017-12-12T12:50:51+00:00 http://www.itsecurityguru.org/2017/12/12/security-professionals-say-nothing-changed-since-wannacry-notpetya/ www.secnews.physaphae.fr/article.php?IdArticle=448906 False None NotPetya,Wannacry None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC The flip side While budget may not be as free-flowing as one may assume, it doesn’t mean that companies have been completely negligent. 65% of respondents stated they are more up-to-date with patching than they were previously, and half say they are using threat intelligence more regularly to stay ahead of emerging threats. With a further 58% claiming to have carried out a review of their organizations cyber security posture following the attacks.   This is encouraging, as it means companies are not completely ignoring the challenges they face – and are leveraging existing investments to help get their companies in a better position. Although, as the attacks have shown, prevention alone isn’t enough and it would also be prudent for organizations to focus their efforts on threat detection and response. A makeover? For IT professionals, 22% said their family and friends are more interested in hearing about their work, and 27% believe most people in their organization listen to their IT advice more than they did before. Unfortunately, it hasn’t translated to great financial rewards with 10% have experienced an increase in job offers, or managed to negotiate a pay increase following the attacks. Incident Apathy? IT Security remains a challenging environment within which to work where resilience is the key to success. The sheer number of incidents that are reported on an almost daily basis may also be a contributing factor towards organizational apathy towards incidents. While attacks cannot be prevented, and IT Security may be a cost that organizations have to bear as a price of doing business in the digital age. It doesn’t necessarily mean that there are no options. Many security fundamentals can be implemented with little capital needed to source new products. Rather the]]> 2017-12-11T14:00:00+00:00 http://feeds.feedblitz.com/~/509270160/0/alienvault-blogs~The-Impact-of-NotPetya-and-WannaCry www.secnews.physaphae.fr/article.php?IdArticle=448378 False None NotPetya,Wannacry None ComputerWeekly - Computer Magazine 2017-10-31T08:00:15+00:00 http://www.computerweekly.com/news/450429175/NotPetya-tops-list-of-worst-ransomware-attacks www.secnews.physaphae.fr/article.php?IdArticle=426355 False None NotPetya,Wannacry None SecurityWeek - Security News 2017-10-30T08:33:54+00:00 http://feedproxy.google.com/~r/Securityweek/~3/DhRduPclqXw/notpetya-attack-had-significant-impact-merck-revenue www.secnews.physaphae.fr/article.php?IdArticle=425072 False None NotPetya None The Security Ledger - Blog Sécurité Read the whole entry...  _!fbztxtlnk!_ https://feeds.feedblitz.com/~/480193766/0/thesecurityledger -->»]]> 2017-10-27T21:28:25+00:00 https://feeds.feedblitz.com/~/480193766/0/thesecurityledger~NotPetya-Infection-Left-Merck-Short-of-Key-HPV-Vaccine/ www.secnews.physaphae.fr/article.php?IdArticle=425022 False None NotPetya None F-Secure - F-Secure ]]> 2017-10-26T14:43:41+00:00 https://labsblog.f-secure.com/2017/10/26/following-the-bad-rabbit/ www.secnews.physaphae.fr/article.php?IdArticle=424508 False None NotPetya,Wannacry None SecurityWeek - Security News Bad Rabbit ransomware was set up months ago and an increasing amount of evidence links the malware to the NotPetya attack launched in late June, which some experts believe was the work of a Russian threat actor. ]]> 2017-10-26T09:36:43+00:00 http://feedproxy.google.com/~r/Securityweek/~3/WE2QXCtgJkM/bad-rabbit-attack-infrastructure-set-months-ago www.secnews.physaphae.fr/article.php?IdArticle=424165 False None NotPetya None Security Affairs - Blog Secu We at the CSE Cybsec ZLab have conducted a preliminary analysis of the Bad Rabbit ransomware discovering an interesting aspect of the attack. This is just the beginning of a complete report that we will release in the net days, but we believe our findings can be useful for the security community. This malware remembers the notorious NotPetya […] ]]> 2017-10-25T20:44:32+00:00 http://securityaffairs.co/wordpress/64741/malware/preliminary-analysis-bad-rabbit.html www.secnews.physaphae.fr/article.php?IdArticle=423762 False None NotPetya None Symantec - Symantec 2017-10-25T14:48:39+00:00 https://www.symantec.com/connect/blogs/badrabbit-new-strain-ransomware-hits-russia-and-ukraine www.secnews.physaphae.fr/article.php?IdArticle=423863 False None NotPetya None SecurityWeek - Security News Bad Rabbit ransomware attack that hit Russia and Ukraine on Tuesday has been linked to the recent NotPetya outbreak, but the number of infections appears to be far smaller. ]]> 2017-10-25T09:03:01+00:00 http://feedproxy.google.com/~r/Securityweek/~3/_XRKgdT-ZgI/bad-rabbit-linked-notpetya-not-widespread www.secnews.physaphae.fr/article.php?IdArticle=423364 False None NotPetya None Korben - Bloger francais > Lire la suite Cet article merveilleux et sans aucun égal intitulé : Le malware Bad Rabbit débarque en Europe ; a été publié sur Korben, le seul site qui t'aime plus fort que tes parents. ]]> 2017-10-25T04:57:55+00:00 http://feedproxy.google.com/~r/KorbensBlog-UpgradeYourMind/~3/gP6s-WMmQYM/malware-bad-rabbit-debarque-europe.html www.secnews.physaphae.fr/article.php?IdArticle=423139 False None NotPetya None 01net. Actualites - Securite - Magazine Francais ]]> 2017-10-25T01:36:57+00:00 http://www.01net.com/actualites/le-ransomware-bad-rabbit-cree-le-desordre-en-russie-et-ukraine-1286138.html www.secnews.physaphae.fr/article.php?IdArticle=424090 False None NotPetya,Wannacry None Malwarebytes Labs - MalwarebytesLabs BadRabbit, a new version of NotPetya, also has an infector allowing for lateral movements. However, unlike NotPetya, it does not use EternalBlue and uses a website to drop its payload. We take a closer look at this new ransomware variant. Categories: Malware Threat analysis Tags: badrabbit ransomwareNotPetyaNotPetya ransomwareransomware (Read more...) ]]> 2017-10-24T23:08:18+00:00 https://blog.malwarebytes.com/threat-analysis/2017/10/badrabbit-closer-look-new-version-petyanotpetya/ www.secnews.physaphae.fr/article.php?IdArticle=423169 False None NotPetya None Malwarebytes Labs - MalwarebytesLabs A new strain of malware by the authors of NotPetya called the BadRabbit ransomware is spreading through Eastern Europe, offering a fake Flash update to drop the infection. Categories: Cybercrime Malware Tags: bad rabbitBadRabbitnot petyapetyaPetya ransomwareransomware (Read more...) ]]> 2017-10-24T21:53:05+00:00 https://blog.malwarebytes.com/cybercrime/2017/10/badrabbit-ransomware-strikes-eastern-europe/ www.secnews.physaphae.fr/article.php?IdArticle=423170 False None NotPetya None Checkpoint - Fabricant Materiel Securite On October 14th, the Ukrainian Security Service warned that a new large scale cyber-attack, similar to notPetya, might take place sometime between October 13 and 17. The attack arrived a few days later than expected; today (October 24th, 2017) the anticipated ransomware attack broke in Europe. Ukraine was the main target for this malware, with […] ]]> 2017-10-24T20:39:57+00:00 http://blog.checkpoint.com/2017/10/24/bad-rabbit-new-ransomware-outbreak-targeting-ukraine-russia/ www.secnews.physaphae.fr/article.php?IdArticle=423155 False None NotPetya None SecurityWeek - Security News costing companies millions of dollars. ]]> 2017-10-24T16:33:57+00:00 http://feedproxy.google.com/~r/Securityweek/~3/4YFRJnWJlCo/bad-rabbit-ransomware-attack-hits-russia-ukraine www.secnews.physaphae.fr/article.php?IdArticle=422963 False None NotPetya None Dark Reading - Informationweek Branch 2017-10-24T16:25:00+00:00 https://www.darkreading.com/attacks-breaches/bad-rabbit-ransomware-attacks-rock-russia-ukraine---and-beyond/d/d-id/1330208?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple www.secnews.physaphae.fr/article.php?IdArticle=423285 False None NotPetya None Security Affairs - Blog Secu The Security Service of Ukraine warning their citizens of a new “large-scale” cyber attack similar to NotPetya that could take place between Oct 13 and 17 In June the NotPetya ransomware compromised thousands of businesses and organizations worldwide, most of them in Ukraine. Now, the Ukrainian authorities warning their citizens of a new “large-scale” cyber attack similar to NotPetya. The Ukrainian Secret […] ]]> 2017-10-14T15:23:53+00:00 http://securityaffairs.co/wordpress/64295/malware/notpetya-like-attack-warning.html www.secnews.physaphae.fr/article.php?IdArticle=418514 False None NotPetya None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2017-10-14T00:24:19+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/xR88wkb2zs4/ukraine-notpetya-cyberattack.html www.secnews.physaphae.fr/article.php?IdArticle=418455 False None NotPetya None ComputerWeekly - Computer Magazine 2017-09-28T06:15:55+00:00 http://www.computerweekly.com/news/450427114/WannaCry-an-example-of-pseudo-ransomware-says-McAfee www.secnews.physaphae.fr/article.php?IdArticle=413323 False None NotPetya,Wannacry None Security Intelligence - Site de news Américain 2017-09-27T11:00:42+00:00 http://feedproxy.google.com/~r/SecurityIntelligence/~3/amuLzHjQaGI/ www.secnews.physaphae.fr/article.php?IdArticle=412769 False None NotPetya,Wannacry None Bleeping Computer - Magazine Américain 2017-09-27T10:35:33+00:00 https://www.bleepingcomputer.com/news/security/another-banking-trojan-adds-support-for-nsas-eternalblue-exploit/ www.secnews.physaphae.fr/article.php?IdArticle=412954 False None NotPetya,Wannacry None IT Security Guru - Blog Sécurité 2017-09-26T09:01:25+00:00 http://www.itsecurityguru.org/2017/09/26/mcafee-labs-report-sees-cyberattacks-target-healthcare-social-media-users/ www.secnews.physaphae.fr/article.php?IdArticle=412182 False None NotPetya,Wannacry 2.0000000000000000 The Security Ledger - Blog Sécurité Read the whole entry...  _!fbztxtlnk!_ https://feeds.feedblitz.com/~/461342024/0/thesecurityledger -->» Related StoriesIs CCleaner the Tip of an Iceberg of Supply Chain Hacks? And Alexa: did China hack us Last Night? - EnclosureReport: 1.9b Records Lost in First Half of 2017, topping 2016FedEx: NotPetya Cost $300m, Wrecked Q1 Earnings ]]> 2017-09-25T16:50:28+00:00 https://feeds.feedblitz.com/~/461342024/0/thesecurityledger~Is-CCleaner-the-Tip-of-an-Iceberg-of-Supply-Chain-Hacks-And-Alexa-did-China-hack-us-Last-Night/ www.secnews.physaphae.fr/article.php?IdArticle=412050 False None CCleaner,FedEx,NotPetya None ComputerWeekly - Computer Magazine 2017-09-25T05:04:35+00:00 http://www.computerweekly.com/news/450426854/NotPetya-attack-cost-up-to-15m-says-UK-ad-agency-WPP www.secnews.physaphae.fr/article.php?IdArticle=411806 False None NotPetya None Security Affairs - Blog Secu 2017-09-23T15:50:29+00:00 http://securityaffairs.co/wordpress/63332/malware/retefe-banking-trojan-eternalblue.html www.secnews.physaphae.fr/article.php?IdArticle=411402 False None NotPetya,Wannacry None IT Security Guru - Blog Sécurité 2017-09-21T09:46:32+00:00 http://www.itsecurityguru.org/2017/09/21/300-million-total-cost-tnt-notpetya/ www.secnews.physaphae.fr/article.php?IdArticle=410730 False None NotPetya 3.0000000000000000 Security Affairs - Blog Secu 2017-09-21T05:29:26+00:00 http://securityaffairs.co/wordpress/63241/malware/fedex-300-million-notpetya-attack.html www.secnews.physaphae.fr/article.php?IdArticle=410384 True None FedEx,NotPetya None The Security Ledger - Blog Sécurité Read the whole entry...  _!fbztxtlnk!_ https://feeds.feedblitz.com/~/460060256/0/thesecurityledger -->»Related StoriesEquifax Executives Depart Amid Growing BacklashBeset by Lawsuits, Scams, Investigations, Equifax names Source of BreachBluetooth Flaw affects Billions of Devices and has a Name: BlueBorne ]]> 2017-09-20T02:19:33+00:00 https://feeds.feedblitz.com/~/460060256/0/thesecurityledger~FedEx-NotPetya-Cost-m-Wrecked-Q-Earnings/ www.secnews.physaphae.fr/article.php?IdArticle=409965 False None FedEx,NotPetya,Equifax None Security Affairs - Blog Secu 2017-09-18T10:39:09+00:00 http://securityaffairs.co/wordpress/63081/malware/zlab-malware-analysis-report-notpetya.html www.secnews.physaphae.fr/article.php?IdArticle=409266 False None NotPetya None Security Intelligence - Site de news Américain 2017-09-07T13:00:31+00:00 http://feedproxy.google.com/~r/SecurityIntelligence/~3/b_eqk3fLZCU/ www.secnews.physaphae.fr/article.php?IdArticle=405247 False None NotPetya,Wannacry None The State of Security - Magazine Américain Read More ]]> 2017-08-30T03:00:17+00:00 https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/one-10-uk-companies-lack-incident-response-plan-reveals-survey/ www.secnews.physaphae.fr/article.php?IdArticle=401914 False None NotPetya,Wannacry None InformationSecurityBuzzNews - Site de News Securite Top Take Away From WannaCry And NotPetya Attacks – Don't Forget The Security Fundamentals]]> 2017-08-28T11:00:17+00:00 http://www.informationsecuritybuzz.com/articles/top-take-away-wannacry-notpetya-attacks-dont-forget-security-fundamentals/ www.secnews.physaphae.fr/article.php?IdArticle=401258 False None NotPetya,Wannacry None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2017-08-25T01:53:36+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/sDh9JazGtxM/create-android-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=400547 False None NotPetya,Wannacry None ComputerWeekly - Computer Magazine 2017-08-21T09:03:02+00:00 http://www.computerweekly.com/news/450424771/NotPetya-highlights-cyber-risk-in-shipping-industry www.secnews.physaphae.fr/article.php?IdArticle=398982 False None NotPetya None SecurityWeek - Security News 2017-08-17T14:50:12+00:00 http://feedproxy.google.com/~r/Securityweek/~3/NSug7xzPUVg/notpetya-attack-costs-big-companies-millions www.secnews.physaphae.fr/article.php?IdArticle=397826 False None NotPetya None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2017-08-16T17:33:36+00:00 https://threatpost.com/maersk-shipping-reports-300m-loss-stemming-from-notpetya-attack/127477/ www.secnews.physaphae.fr/article.php?IdArticle=397448 False None NotPetya None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Ah, the summer anthem. That quintessential song that defines summertime as much as hot nights, barbeques, and beach vacations. Whether it’s the Beach Boys’ “I Get Around” (1964), Springsteen’s “Dancing in the Dark” (1984), or Pearl Jam’s “Last Kiss” (1999), the summer anthem is transcendent, yet perfectly emblematic of its time. If InfoSec had a 2017 summer anthem, we might be hearing Taylor Swift or Drake singing about ransomware. Wouldn’t that be catchy? That’s because global ransomware campaigns like WannaCry and NotPetya have largely defined the summer season this year, and now, there’s a new ransomware remix topping the charts—GlobeImposter 2.0. Originally detected in March 2017, GlobeImposter 2.0 targets Windows systems and is being distributed through malicious email attachments (MalSpam). In recent weeks, we’ve seen a surge in activity in the Open Threat Exchange (OTX) around GlobeImposter and its many variants. Thus, it’s important to understand how the ransomware initiates, spreads, and evades detection. GlobeImposter Ransomware at a Glace Distribution Method: Malicious email attachment (MalSpam) Type: Trojan Target: Windows systems Variants: many (see below) How GlobeImposter Works The recent GlobeImposter attacks have largely been traced to MalSpam campaigns—emails carrying malicious attachments. In this case, the email messages appear to contain a .zip attachment of a payment receipt, which, in reality, contains a .vbs or .js malware downloader file. Sample email subject lines include: Receipt#83396 Receipt 21426 Payment-421 Payment Receipt 222 Payment Receipt#97481 Payment Receipt_8812 Receipt-351 Payment Receipt_03950 Once the attachment is downloaded and opened, the downloader gets and runs the GlobeImposter ransomware. You can get a list of known malicious domains from the GlobeImposter OTX pulse here. Note that some of the known malicious domains are legitimate websites that have been compromised. Like other pieces of ransomware, GlobeImposter works to evade detection while encrypting your files. After encryption is complete, an HTML ransom note is dropped on the desktop and in the encrypted folders for the victim to find, including instructions for purchasing a decryptor. There are no known free decryptor tools available at this time. You can read a detailed analysis of a sample of GlobeImposter at the Fortinet blog, here and at Malware Traffic Analysis, here. GlobeImposter Variants on the Rise What’s striking about the recent uptick in GlobeImposter ransomware activity is the near-daily release of new variants of the ransomware. Lawrence Abrams at BleepingComputer has a nice rundown of new GlobeImposter variants and file e]]> 2017-08-16T13:00:00+00:00 http://feeds.feedblitz.com/~/435614526/0/alienvault-blogs~GlobeImposter-Ransomware-on-the-Rise www.secnews.physaphae.fr/article.php?IdArticle=397413 False None NotPetya,Wannacry,APT 32 None ComputerWeekly - Computer Magazine 2017-08-16T11:30:51+00:00 http://www.computerweekly.com/news/450424559/NotPetya-attack-cost-up-to-300m-says-Maersk www.secnews.physaphae.fr/article.php?IdArticle=397433 False None NotPetya None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2017-08-11T14:10:58+00:00 https://threatpost.com/ukrainian-man-arrested-charged-in-notpetya-distribution/127391/ www.secnews.physaphae.fr/article.php?IdArticle=396019 False None NotPetya None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2017-08-11T09:21:18+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/v0HFT6t_wyU/hotel-wifi-hacking-tools.html www.secnews.physaphae.fr/article.php?IdArticle=395833 False None NotPetya,Wannacry None Bleeping Computer - Magazine Américain 2017-08-11T03:45:11+00:00 https://www.bleepingcomputer.com/news/security/ukraine-police-arrest-man-for-spreading-notpetya-ransomware-in-tax-evasion-scheme/ www.secnews.physaphae.fr/article.php?IdArticle=395615 False None NotPetya None ZD Net - Magazine Info 2017-08-10T15:50:00+00:00 http://www.zdnet.com/article/ukraine-police-arrest-suspect-behind-notpetya-ransomware-attack/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=396313 True None NotPetya None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2017-08-10T14:15:13+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/xaJWr3mHSoQ/ukraine-petya-ransomware-hacker.html www.secnews.physaphae.fr/article.php?IdArticle=395220 False None NotPetya None The State of Security - Magazine Américain Read More ]]> 2017-08-10T07:00:45+00:00 https://www.tripwire.com/state-of-security/featured/infosec-pros-security-lacking-after-wannacry-notpetya-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=394775 False None NotPetya,Wannacry None