This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-06-16T13:45:42+00:00 www.secnews.physaphae.fr ProofPoint - Cyber Firms 2023-11-28T23:05:04+00:00 https://www.proofpoint.com/us/blog/ciso-perspectives/proofpoints-2024-predictions-brace-impact www.secnews.physaphae.fr/article.php?IdArticle=8417740 False Ransomware,Malware,Tool,Vulnerability,Threat,Mobile,Prediction,Prediction ChatGPT,ChatGPT 3.0000000000000000 Dark Reading - Informationweek Branch Dropping the ball on chemical security has precipitated "a national security gap too great to ignore," CISA warns.]]> 2023-11-28T22:00:00+00:00 https://www.darkreading.com/cyber-risk/cisa-to-congress-us-under-threat-of-chemical-attacks www.secnews.physaphae.fr/article.php?IdArticle=8417647 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have detailed a "severe design flaw" in Google Workspace\'s domain-wide delegation (DWD) feature that could be exploited by threat actors to facilitate privilege escalation and obtain unauthorized access to Workspace APIs without super admin privileges. "Such exploitation could result in theft of emails from Gmail, data exfiltration from Google Drive, or other]]> 2023-11-28T18:04:00+00:00 https://thehackernews.com/2023/11/design-flaw-in-google-workspace-could.html www.secnews.physaphae.fr/article.php?IdArticle=8417499 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Identity and Access Management (IAM) systems are a staple to ensure only authorized individuals or entities have access to specific resources in order to protect sensitive information and secure business assets. But did you know that today over 80% of attacks now involve identity, compromised credentials or bypassing the authentication mechanism? Recent breaches at MGM and Caesars have]]> 2023-11-28T15:54:00+00:00 https://thehackernews.com/2023/11/stop-identity-attacks-discover-key-to.html www.secnews.physaphae.fr/article.php?IdArticle=8417464 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered a case of "forced authentication" that could be exploited to leak a Windows user\'s NT LAN Manager (NTLM) tokens by tricking a victim into opening a specially crafted Microsoft Access file. The attack takes advantage of a legitimate feature in the database management system solution that allows users to link to external data sources, such as a remote SQL]]> 2023-11-28T15:53:00+00:00 https://thehackernews.com/2023/11/hackers-can-exploit-forced.html www.secnews.physaphae.fr/article.php?IdArticle=8417465 False Threat None 3.0000000000000000 CybeReason - Vendor blog ]]> 2023-11-28T15:41:00+00:00 https://www.cybereason.com/blog/threat-alert-djvu-variant-delivered-by-loader-masquerading-as-freeware www.secnews.physaphae.fr/article.php?IdArticle=8417601 False Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine AI-powered tools are among the top fraud techniques used by threat actors in 2023, according to Sumsub\'s third annual Identity Fraud Report]]> 2023-11-28T15:15:00+00:00 https://www.infosecurity-magazine.com/news/deepfake-identity-fraud-surges/ www.secnews.physaphae.fr/article.php?IdArticle=8417545 False Tool,Threat None 2.0000000000000000 HackRead - Chercher Cyber Par owais sultan Un défaut de conception sévère dans la fonction de délégation à l'échelle du domaine de Google dans l'espace de Google découvert par les experts de la chasse aux menaces de Hunters \\ 'Team Axon, & # 8230; Ceci est un article de HackRead.com Lire le post original: La conception de faille dans la délégation à l'échelle du domaine pourrait laisser Google Workspace vulnérable à la prise de contrôle, explique les chasseurs de la société de cybersécurité

---

>By Owais Sultan A severe design flaw in Google Workspace’s domain-wide delegation feature discovered by threat hunting experts from Hunters\' Team Axon,… This is a post from HackRead.com Read the original post: Design Flaw in Domain-Wide Delegation Could Leave Google Workspace Vulnerable for Takeover, Says Cybersecurity Company Hunters]]> 2023-11-28T15:08:14+00:00 https://www.hackread.com/design-flaw-domain-delegation-google-vulnerability-cybersecurity/ www.secnews.physaphae.fr/article.php?IdArticle=8417533 False Vulnerability,Threat None 2.0000000000000000 SentinelOne (Research) - Cyber Firms Explore how revisiting past cyber incidents can empower defenders and help to anticipate future threats more effectively.]]> 2023-11-28T14:28:21+00:00 https://www.sentinelone.com/labs/decoding-the-past-securing-the-future-enhancing-cyber-defense-with-historical-threat-intelligence/ www.secnews.physaphae.fr/article.php?IdArticle=8417529 False Threat None 3.0000000000000000 Amensty International - International Orgs Avec les partenaires de la société civile The Share Foundation, Access Now et The Citizen Lab, Amnesty International peut révéler que des logiciels espions sophistiqués sont utilisés pour cibler la société civile dans un autre pays européen & # 160; & # 8211;Serbie.Le mois dernier, Apple a partagé un nouveau cycle de notifications de menace à l'échelle mondiale, en informé les utilisateurs d'Iphones qui ont peut-être été ciblé par [& # 8230;]

---

>Together with civil society partners the SHARE Foundation, Access Now, and the Citizen Lab, Amnesty International can reveal that sophisticated spyware is being used to target civil society in yet another European country  – Serbia. Last month, Apple shared a new round of threat notifications globally, notifying iPhones users who may have been targeted by […] ]]> 2023-11-28T12:00:00+00:00 https://securitylab.amnesty.org/latest/2023/11/serbia-civil-society-threatened-by-spyware/ www.secnews.physaphae.fr/article.php?IdArticle=8417483 False Threat None 4.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine An analysis of dark web forums revealed many threat actors are skeptical about using tools like ChatGPT to launch attacks]]> 2023-11-28T11:40:00+00:00 https://www.infosecurity-magazine.com/news/cyber-criminals-hesitant/ www.secnews.physaphae.fr/article.php?IdArticle=8417485 False Tool,Threat ChatGPT,ChatGPT 2.0000000000000000 Zimperium - cyber risk firms for mobile Recherche d'Aazim Bill Se Yaswant et Vishnu Pratapagiri En juillet 2023, il a été découvert qu'une campagne mobile Android, qui était composée de chevaux de Troie bancaires, visait les grandes banques iraniennes.L'équipe de recherche de Zimperium \\ a récemment constaté que la campagne reste non seulement active mais a également étendu ses capacités.Ces échantillons nouvellement trouvés sont complètement [& # 8230;]

---

>Research by Aazim Bill SE Yaswant and Vishnu Pratapagiri In July 2023, it was discovered that  an Android mobile campaign, which consisted of banking trojans, was targeting major Iranian banks. Zimperium\'s research team recently found that the campaign not only remains active but also extended its capabilities. These newly found samples are completely […] ]]> 2023-11-28T11:00:00+00:00 https://www.zimperium.com/blog/unveiling-the-persisting-threat-iranian-mobile-banking-malware-campaign-extends-its-reach/ www.secnews.physaphae.fr/article.php?IdArticle=8418409 False Malware,Threat,Mobile None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korean threat actors behind macOS malware strains such as RustBucket and KANDYKORN have been observed "mixing and matching" different elements of the two disparate attack chains, leveraging RustBucket droppers to deliver KANDYKORN. The findings come from cybersecurity firm SentinelOne, which also tied a third macOS-specific malware called ObjCShellz to the RustBucket campaign.]]> 2023-11-28T10:24:00+00:00 https://thehackernews.com/2023/11/n-korean-hackers-mixing-and-matching.html www.secnews.physaphae.fr/article.php?IdArticle=8417390 False Malware,Threat None 2.0000000000000000 Global Security Mag - Site de news francais revues de produits

---

CPX launches groundbreaking AI-powered cyber threat detection service Unlike conventional Security Information and Event Management (SIEM) systems, the new service focuses on behavior over time, ensuring more accurate threat detection. - Product Reviews]]> 2023-11-28T10:23:48+00:00 https://www.globalsecuritymag.fr/CPX-launches-groundbreaking-AI-powered-cyber-threat-detection-service.html www.secnews.physaphae.fr/article.php?IdArticle=8417467 False Threat None 2.0000000000000000 Kovrr - cyber risk management platform 2023-11-28T00:00:00+00:00 https://www.kovrr.com/reports/investigating-the-risk-of-compromised-credentials-and-internet-exposed-assets www.secnews.physaphae.fr/article.php?IdArticle=8417472 False Ransomware,Threat,Studies,Prediction,Cloud APT 17,APT 39,APT 39 3.0000000000000000 Dark Reading - Informationweek Branch As cyber threats evolve in 2024, organizations must prepare for deepfakes, extortion, cloud targeting, supply chain compromises, and zero day exploits. Robust security capabilities, employee training, and incident response plans are key.]]> 2023-11-27T23:16:00+00:00 https://www.darkreading.com/cyber-risk/cyber-threats-to-watch-out-for-in-2024 www.secnews.physaphae.fr/article.php?IdArticle=8418317 False Threat,Prediction,Cloud None 3.0000000000000000 Dark Reading - Informationweek Branch As cyber threats evolve in 2024, organizations must prepare for deepfakes, extortion, cloud targeting, supply chain compromises, and zero day exploits. Robust security capabilities, employee training, and incident response plans are key.]]> 2023-11-27T23:16:00+00:00 https://www.darkreading.com/edge/cyber-threats-to-watch-out-for-in-2024 www.secnews.physaphae.fr/article.php?IdArticle=8417351 False Threat,Cloud None 2.0000000000000000 HackRead - Chercher Cyber Par waqas La violation de données a été annoncée par Intelbroker, un acteur de menace, principalement connu pour les violations de données contre les sociétés de livraison et de logistique. Ceci est un article de HackRead.com Lire le post original: General Electric sondes violation de sécurité alors que les pirates vendent un accès lié à la DARPA

---

>By Waqas The data breach was announced by IntelBroker, a threat actor mostly known for data breaches against delivery and logistics companies. This is a post from HackRead.com Read the original post: General Electric Probes Security Breach as Hackers Sell DARPA-Related Access]]> 2023-11-27T19:04:27+00:00 https://www.hackread.com/general-electric-security-breach-hackers-darpa-data/ www.secnews.physaphae.fr/article.php?IdArticle=8417291 False Data Breach,Threat None 2.0000000000000000 McAfee Labs - Editeur Logiciel Les variantes de logiciels malveillants de NetSupport ont été une menace persistante, démontrant l'adaptabilité et les techniques d'infection en évolution.Dans cette analyse technique, nous plongeons ...

---

> NetSupport malware variants have been a persistent threat, demonstrating adaptability and evolving infection techniques. In this technical analysis, we delve... ]]> 2023-11-27T16:31:36+00:00 https://www.mcafee.com/blogs/other-blogs/mcafee-labs/beneath-the-surface-how-hackers-turn-netsupport-against-users/ www.secnews.physaphae.fr/article.php?IdArticle=8417289 False Malware,Threat,Technical None 1.00000000000000000000 InfoSecurity Mag - InfoSecurity Magazine CPR said the malware now uses OneDrive instead of Google Drive for storing dynamic C2 server URLs]]> 2023-11-27T16:30:00+00:00 https://www.infosecurity-magazine.com/news/sysjoker-malware-rust-variant/ www.secnews.physaphae.fr/article.php?IdArticle=8417260 False Malware,Threat None 2.0000000000000000 Veracode - Application Security Research, News, and Education Blog Lurking in the open source software (OSS) that pervades applications around the world are open source security risks technology leaders must be aware of. Software is one of technology\'s most vulnerable subsets with over 70% of applications containing security flaws. Here are the open source security risks IT leaders must be aware of to protect technology and help it scale safely.  Why Address Open Source Software Security Risks  On December 9, 2021, a Tweet exposed a vulnerability in the widely-used OSS library Log4j. It didn\'t take long before attackers around the world were working to exploit the Log4j vulnerability. This incident was a wake-up call to how the security of a library can quickly change and proactive measures must be in place to protect from this danger.   Log4j is just one example of how vulnerabilities in open source pose significant risks that can impact operations, data security, and overall IT health. Strategic technology choices can make a big impact on how much…]]> 2023-11-27T16:01:16+00:00 https://www.veracode.com/blog/intro-appsec/top-5-open-source-security-risks-it-leaders-must-know www.secnews.physaphae.fr/article.php?IdArticle=8417632 False Vulnerability,Threat None 2.0000000000000000 ProofPoint - Cyber Firms 2023-11-27T09:26:51+00:00 https://www.proofpoint.com/us/blog/security-awareness-training/cybersecurity-topics-to-include-in-your-program www.secnews.physaphae.fr/article.php?IdArticle=8417272 False Ransomware,Malware,Tool,Vulnerability,Threat,Mobile,Cloud Uber,Uber 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC 2023-11-24T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/why-you-need-a-secure-web-gateway www.secnews.physaphae.fr/article.php?IdArticle=8417469 False Malware,Threat,Cloud None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Description CISA, FBI, MS-ISAC, and Australian Signals Directorate\'s Australian Cyber Security Centre (ASD\'s ACSC) are releasing this CSA to disseminate IOCs, TTPs, and detection methods associated with LockBit 3.0 ransomware exploiting CVE-2023-4966, labeled Citrix Bleed, affecting Citrix NetScaler web application delivery control (ADC) and NetScaler Gateway appliances. This CSA provides TTPs and IOCs obtained from FBI, ACSC, and voluntarily shared by Boeing. Boeing observed LockBit 3.0 affiliates exploiting CVE-2023-4966, to obtain initial access to Boeing Distribution Inc., its parts and distribution business that maintains a separate environment. Other trusted third parties have observed similar activity impacting their organization. Historically, LockBit 3.0 affiliates have conducted attacks against organizations of varying sizes across multiple critical infrastructure sectors, including education, energy, financial services, food and agriculture, government and emergency services, healthcare, manufacturing, and transportation. Observed TTPs for LockBit ransomware attacks can vary significantly in observed TTPs. Citrix Bleed, known to be leveraged by LockBit 3.0 affiliates, allows threat actors to bypass password requirements and multifactor authentication (MFA), leading to successful session hijacking of legitimate user sessions on Citrix NetScaler web application delivery control (ADC) and Gateway appliances. Through the takeover of legitimate user sessions, malicious actors acquire elevated permissions to harvest credentials, move laterally, and access data and resources. #### Reference URL(s) 1. https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-325a 2. https://www.cisa.gov/news-events/analysis-reports/ar23-325a #### Publication Date November 21, 2023 #### Auth]]> 2023-11-22T18:21:09+00:00 https://community.riskiq.com/article/aea072c0 www.secnews.physaphae.fr/article.php?IdArticle=8416061 False Ransomware,Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) North Korean threat actors have been linked to two campaigns in which they masquerade as both job recruiters and seekers to distribute malware and obtain unauthorized employment with organizations based in the U.S. and other parts of the world. The activity clusters have been codenamed Contagious Interview and Wagemole, respectively, by Palo Alto Networks Unit 42. While the first set of attacks]]> 2023-11-22T17:44:00+00:00 https://thehackernews.com/2023/11/north-korean-hackers-pose-as-job.html www.secnews.physaphae.fr/article.php?IdArticle=8415895 False Malware,Threat None 3.0000000000000000 TechRepublic - Security News US Phishing, infostealer malware, ransomware, supply chain attacks, data breaches and crypto-related attacks are among the top evolving threats in the financial sector, says Sekoia.]]> 2023-11-22T16:41:22+00:00 https://www.techrepublic.com/article/sekoia-financial-sector-evolutions-threats/ www.secnews.physaphae.fr/article.php?IdArticle=8415992 False Ransomware,Malware,Threat,Studies None 3.0000000000000000 Global Security Mag - Site de news francais opinion

---

In the dynamic realm of cybersecurity, Alex Beavan, Convera\'s Head of Ethics and Anti-Corruption and former British Intelligence officer, shares his anticipations for the upcoming year. Offering a comprehensive outlook on the evolving threat landscape, Beavan delves into the rising menace of AI-enhanced Business Email Compromise attacks orchestrated by organized crime groups. Additionally, he sheds light on the imperative cultural shifts required to combat fraud in B2B payments. - Opinion]]> 2023-11-22T13:58:46+00:00 https://www.globalsecuritymag.fr/2024-predictions-from-Convera.html www.secnews.physaphae.fr/article.php?IdArticle=8415917 False Threat,Prediction None 3.0000000000000000 Detection Engineering - Blog Sécu No bro I promise it\'ll be the last one we\'ll ever need I promise bro]]> 2023-11-22T13:01:41+00:00 https://www.detectionengineering.net/p/det-eng-weekly-48-mr-altman-can-you www.secnews.physaphae.fr/article.php?IdArticle=8415889 False Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Multiple threat actor groups including Lockbit affiliates are found to be exploiting a vulnerability in Citrix NetScaler gateway appliances, government agencies have warned]]> 2023-11-22T11:45:00+00:00 https://www.infosecurity-magazine.com/news/lockbit-affiliates-exploit-citrix/ www.secnews.physaphae.fr/article.php?IdArticle=8415869 False Vulnerability,Threat None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC ripe opportunity to scam.  According to the New Jersey Cybersecurity & Communications Integration Cell, recent reports had indicated. “spoofed emails were sent appearing to originate from legitimate organizations and contained [Thanksgiving-themed subject lines]’” noting how criminals and bad actors exploit the spirit of the season. Furthermore, they highlight that ”an Emotet banking trojan campaign was [also] observed using Thanksgiving lures.” Criminals know that with increased online transactions comes increased vulnerability, so they capitalize on the holiday spirit, designing scams that blend seamlessly with genuine promotional content, making it harder for individuals to distinguish between what\'s authentic and what\'s not. The risks of phishing One of the primary ways cybercriminals target individuals and businesses is through phishing attacks. Around Thanksgiving time, these types of scams might manifest as emails purporting to offer massive discounts, invitations to exclusive Thanksgiving events, or even charitable appeals meant to tug at the heartstrings to draw you in.  However, phishing isn’t restricted to just email—with their vast user bases, social media platforms are also prime targets for scams of all kinds.  Cybercriminals often create fake profiles or pages promoting too-good-to-be-true Thanksgiving deals, leading unsuspecting and unknowing victims to phishing websites or even tricking them into sharing personal information that can be further exploited. The hidden benefits of cybersecurity When businesses transform their robust cybersecurity processes into content, it becomes a powerful tool for brand awareness and elevation. Sharing with your audience the measures you\'ve implemented reassures them of the sanctity of their data. It\'s not just about telling them they\'re safe; it\'s about showing them. For potential customers, especially in niche markets, tangible information is a beacon of trust. So when they can actively see and better understand ]]> 2023-11-22T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/thanksgiving-cyber-feast-safeguarding-against-seasonal-scams www.secnews.physaphae.fr/article.php?IdArticle=8415844 False Malware,Tool,Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Multiple threat actors, including LockBit ransomware affiliates, are actively exploiting a recently disclosed critical security flaw in Citrix NetScaler application delivery control (ADC) and Gateway appliances to obtain initial access to target environments. The joint advisory comes from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI),]]> 2023-11-22T10:19:00+00:00 https://thehackernews.com/2023/11/lockbit-ransomware-exploiting-critical.html www.secnews.physaphae.fr/article.php?IdArticle=8415738 False Ransomware,Vulnerability,Threat None 2.0000000000000000 Sekoia - Cyber Firms Ce rapport vise à représenter les tendances récentes des cybermenaces qui ont un impact sur le secteur financier dans le monde.Il se concentre sur les principales tactiques, techniques et procédures utilisées par les ensembles d'intrusion lucratifs et parrainés par l'État en fournissant une analyse des évolutions observées dans les campagnes contre les organisations financières.Les cyber-menaces représentent un risque systémique pour le système financier, principalement en raison de [& # 8230;] la publication Suivante démasquer les dernières tendances du financierCyber Threat Landscape est un article de blog Sekoia.io .

---

>This report aims at depicting recent trends in cyber threats impacting the financial sector worldwide. It focuses on principal tactics, techniques and procedures used by lucrative and state-sponsored intrusion sets by providing an analysis of evolutions observed in campaigns against financial organisations. Cyber threats represent a systemic risk to the financial system, primarily due to […] La publication suivante Unmasking the latest trends of the Financial Cyber Threat Landscape est un article de Sekoia.io Blog.]]> 2023-11-22T08:00:00+00:00 https://blog.sekoia.io/unmasking-the-latest-trends-of-the-financial-cyber-threat-landscape/ www.secnews.physaphae.fr/article.php?IdArticle=8415785 False Threat None 3.0000000000000000 SecureMac - Security focused on MAC également connu sous le nom de heur: backdoor.osx.nukesped.gen Type: Menace hybride Plateforme: Mac OS 9 Dernière mise à jour: 22/11/23 15:17 PM Niveau de menace: High Description ObjcShellz est une menace hybride qui a la capacité d'ouvrir des coquilles distantes (connexions) aux cibles compromises et d'opérer en arrière-plan sans que le propriétaire le sache. Objcshellz Direction des menaces MacScan peut détecter et supprimer la menace hybride ObjcShellz de votre système, ainsi que de protéger d'autres menaces de sécurité et de confidentialité.Un essai de 30 jours est disponible pour scanner votre système pour cette menace. télécharger macscan

---

>also known as HEUR:Backdoor.OSX.Nukesped.gen Type: Hybrid Threat Platform: Mac OS 9 Last updated: 11/22/23 3:17 pm Threat Level: High Description ObjCShellz is a hybrid threat that has the capability to open remote shells (connections) to compromised targets and operate in the background without the owner knowing. ObjCShellz Threat Removal MacScan can detect and remove ObjCShellz Hybrid Threat from your system, as well as provide protection against other security and privacy threats. A 30-day trial is available to scan your system for this threat. Download MacScan ]]> 2023-11-22T07:26:27+00:00 https://www.securemac.com/definitions/ObjCShellz www.secnews.physaphae.fr/article.php?IdArticle=8415963 False Threat None 3.0000000000000000 The State of Security - Magazine Américain Overview of UK Finance\'s Report The latest report from UK Finance paints a mixed picture of financial fraud in the United Kingdom, with losses exceeding £500 million in the first half of the year. However, amidst these concerning figures, there is a glimmer of hope as cyber fraud rates have shown a slight 2% decrease from the previous year. This report offers a comprehensive view of the financial fraud landscape, emphasizing the need for continued vigilance and innovative solutions to counter this evolving threat and its impact beyond financial losses. Efforts to Combat Fraud In response to...]]> 2023-11-22T03:03:58+00:00 https://www.tripwire.com/state-of-security/uk-finance-reports-slight-decrease-fintech-cyberattacks www.secnews.physaphae.fr/article.php?IdArticle=8415798 False Threat None 2.0000000000000000 Dark Reading - Informationweek Branch Threat actors were actively exploiting CVE-2023-36025 in Windows SmartScreen as a zero-day vulnerability before Microsoft patched it in November.]]> 2023-11-21T21:29:00+00:00 https://www.darkreading.com/vulnerabilities-threats/exploit-for-critical-windows-defender-bypass-goes-public www.secnews.physaphae.fr/article.php?IdArticle=8417434 False Vulnerability,Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch Threat actors were actively exploiting CVE-2023-36025 in Windows SmartScreen as a zero-day vulnerability before Microsoft patched it in November.]]> 2023-11-21T21:29:00+00:00 https://www.darkreading.com/vulnerabilities-threats/exploit-critical-windows-defender-bypass-public www.secnews.physaphae.fr/article.php?IdArticle=8415587 False Vulnerability,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Description A new variant of Agent Tesla has been discovered that uses the ZPAQ archive and .wav file extension to infect systems and steal information from approximately 40 web browsers and various email clients. ZPAQ is a file compression format that offers a better compression ratio and journaling function compared to widely used formats like ZIP and RAR. However, ZPAQ has limited software support, making it difficult to work with, especially for users without technical expertise. The .NET executable file is bloated with zero bytes, which allows threat actors to bypass traditional security measures and increase the effectiveness of their attack. The usage of the ZPAQ compression format raises more questions than answers. The assumptions here are that either threat actors target a specific group of people who have technical knowledge or use less widely known archive tools, or they are testing other techniques to spread malware faster and bypass security software. The malware uses Telegram as a C&C due to its widespread legal usage and the fact that its traffic is often allowed through firewalls, making it a useful medium for covert communication. Like any other stealer, Agent Tesla can harm not only private individuals but also organizations. It has gained popularity among cybercriminals for many reasons including ease of use, versatility, and affordability on the Dark Web. #### Reference URL(s) 1. https://www.gdatasoftware.com/blog/2023/11/37822-agent-tesla-zpaq #### Publication Date November 20, 2023 #### Author(s) Anna Lvova ]]> 2023-11-21T21:19:53+00:00 https://community.riskiq.com/article/818d5f5c www.secnews.physaphae.fr/article.php?IdArticle=8415603 False Malware,Tool,Threat,Technical None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The ransomware strain known as Play is now being offered to other threat actors "as a service," new evidence unearthed by Adlumin has revealed. "The unusual lack of even small variations between attacks suggests that they are being carried out by affiliates who have purchased the ransomware-as-a-service (RaaS) and are following step-by-step instructions from playbooks delivered with it," the]]> 2023-11-21T19:26:00+00:00 https://thehackernews.com/2023/11/play-ransomware-goes-commercial-now.html www.secnews.physaphae.fr/article.php?IdArticle=8415387 False Ransomware,Threat,Commercial None 3.0000000000000000 HackRead - Chercher Cyber Par waqas La vulnérabilité est surnommée Randstorm, impactant les portefeuilles générés par le navigateur créés entre 2011 et 2015. Ceci est un article de HackRead.com Lire le post original: Des portefeuilles obsolètes menaçant des milliards d'actifs cryptographiques

---

>By Waqas The vulnerability is dubbed Randstorm, impacting browser-generated wallets created between 2011 and 2015. This is a post from HackRead.com Read the original post: Outdated Wallets Threatening Billions in Crypto Assets]]> 2023-11-21T18:51:36+00:00 https://www.hackread.com/outdated-wallets-threat-billions-crypto-assets/ www.secnews.physaphae.fr/article.php?IdArticle=8415518 False Vulnerability,Threat None 4.0000000000000000 Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique Afin de continuation de nos séries en cours collectant des prédictions de nos nombreux experts de la matière ici à NetSkope, nous nous sommes dirigés vers le long du couloir (métaphorique) des laboratoires de menace.Nous voulions en extraire des menaces et des prédictions liées à la cyberattaque, sur la base de ce qu'ils commencent à voir évoluer dans le paysage.Nous avons une grande sélection, couvrant [& # 8230;]

---

>As a continuation of our ongoing series collecting predictions from our many subject-matter experts here at Netskope, we headed down the (metaphorical) corridor to the Threat Labs. We wanted to extract from them some threats and cyberattack-related predictions, based on what they are starting to see evolving in the landscape. We’ve got a great selection, covering […] ]]> 2023-11-21T18:07:30+00:00 https://www.netskope.com/blog/five-threats-predictions-to-note-for-2024 www.secnews.physaphae.fr/article.php?IdArticle=8415517 False Threat,Prediction None 3.0000000000000000 Dark Reading - Informationweek Branch Active exploit of the critical RCE flaw targets Linux systems to achieve full system compromise.]]> 2023-11-21T16:30:00+00:00 https://www.darkreading.com/cyberattacks-data-breaches/kinsing-cyberattackers-target-apache-activemq-flaw-to-mine-crypto www.secnews.physaphae.fr/article.php?IdArticle=8417436 False Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Fortinet researchers have detected a malicious Word document displaying Russian text]]> 2023-11-21T16:30:00+00:00 https://www.infosecurity-magazine.com/news/konni-deploys-advanced-rat-with/ www.secnews.physaphae.fr/article.php?IdArticle=8415475 False Threat None 3.0000000000000000 Dark Reading - Informationweek Branch Active exploit of the critical RCE flaw targets Linux systems to achieve full system compromise.]]> 2023-11-21T16:30:00+00:00 https://www.darkreading.com/attacks-breaches/kinsing-cyberattackers-target-apache-activemq-flaw-to-mine-crypto www.secnews.physaphae.fr/article.php?IdArticle=8415472 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Phishing attacks are steadily becoming more sophisticated, with cybercriminals investing in new ways of deceiving victims into revealing sensitive information or installing malicious software. One of the latest trends in phishing is the use of QR codes, CAPTCHAs, and steganography. See how they are carried out and learn to detect them. Quishing Quishing, a phishing technique resulting from the]]> 2023-11-21T16:10:00+00:00 https://thehackernews.com/2023/11/how-multi-stage-phishing-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=8415336 False Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Threat actors have shifted to other malware loaders following QakBot FBI takedown]]> 2023-11-21T15:30:00+00:00 https://www.infosecurity-magazine.com/news/darkgate-pikabot-surge-qakbot/ www.secnews.physaphae.fr/article.php?IdArticle=8415443 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Kinsing threat actors are actively exploiting a critical security flaw in vulnerable Apache ActiveMQ servers to infect Linux systems with cryptocurrency miners and rootkits. "Once Kinsing infects a system, it deploys a cryptocurrency mining script that exploits the host\'s resources to mine cryptocurrencies like Bitcoin, resulting in significant damage to the infrastructure and a negative]]> 2023-11-21T15:30:00+00:00 https://thehackernews.com/2023/11/kinsing-hackers-exploit-apache-activemq.html www.secnews.physaphae.fr/article.php?IdArticle=8415313 False Vulnerability,Threat None 3.0000000000000000 Checkpoint Research - Fabricant Materiel Securite Par Oded Vanunu, Dikla Barda, Roman Zaikin met en évidence & # 160; Contexte dans le domaine dynamique de la crypto-monnaie, les événements récents ont mis en évidence la menace omniprésente des manœuvres déceptives des tirages de tapis qui laissent les investisseurs les mains vides.Notre système de blockchain Intel de menace, développé par Check Point, a récemment sonné l'alarme sur un programme sophistiqué qui a réussi à piloter près d'un million de dollars.Soit & # 8217; s [& # 8230;]

---

>By Oded Vanunu, Dikla Barda, Roman Zaikin Highlights  Background In the dynamic realm of cryptocurrency, recent events have highlighted the ever-present threat of Rug Pulls-deceptive maneuvers that leave investors empty-handed. Our Threat Intel Blockchain system, developed by Check Point, recently sounded the alarm on a sophisticated scheme that managed to pilfer nearly $1 million. Let’s […] ]]> 2023-11-21T15:00:00+00:00 https://research.checkpoint.com/2023/check-point-research-unraveling-the-rug-pull-a-million-dollar-scam-with-a-fake-token-factory/ www.secnews.physaphae.fr/article.php?IdArticle=8415445 False Threat None 3.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain annoncé A zéro-day contre le serveur de messagerie de collaboration Zimbra qui a été utilisé contregouvernements du monde entier. La balise a observé quatre groupes différents exploitant le même bogue pour voler les données de messagerie, les informations d'identification des utilisateurs et les jetons d'authentification.La majeure partie de cette activité s'est produite après que le correctif initial est devenu public sur Github.Pour assurer la protection contre ces types d'exploits, Tag exhorte les utilisateurs et les organisations à garder les logiciels entièrement à jour et à appliquer des mises à jour de sécurité dès qu'elles deviennent disponibles. La vulnérabilité a été découverte en juin.Il a été corrigé ...

---

Google’s Threat Analysis Group announced a zero-day against the Zimbra Collaboration email server that has been used against governments around the world. TAG has observed four different groups exploiting the same bug to steal email data, user credentials, and authentication tokens. Most of this activity occurred after the initial fix became public on Github. To ensure protection against these types of exploits, TAG urges users and organizations to keep software fully up-to-date and apply security updates as soon as they become available. The vulnerability was discovered in June. It has been patched...]]> 2023-11-21T12:05:07+00:00 https://www.schneier.com/blog/archives/2023/11/email-security-flaw-found-in-the-wild.html www.secnews.physaphae.fr/article.php?IdArticle=8415339 False Vulnerability,Threat None 2.0000000000000000 Kaspersky - Kaspersky Research blog Kaspersky assesses last year\'s predictions for the financial threat landscape, and tries to anticipate crimeware trends for the coming year 2024.]]> 2023-11-21T10:00:39+00:00 https://securelist.com/kaspersky-security-bulletin-crimeware-financial-threats-2024/111093/ www.secnews.physaphae.fr/article.php?IdArticle=8415292 False Threat None 2.0000000000000000 Global Security Mag - Site de news francais Investigations]]> 2023-11-21T08:45:11+00:00 https://www.globalsecuritymag.fr/Des-collectivites-conscientes-des-risques.html www.secnews.physaphae.fr/article.php?IdArticle=8415266 False Threat None 2.0000000000000000 ProofPoint - Cyber Firms 2023-11-21T08:35:02+00:00 https://www.proofpoint.com/us/blog/information-protection/preventing-mfa-fatigue-attacks www.secnews.physaphae.fr/article.php?IdArticle=8415409 False Ransomware,Data Breach,Malware,Tool,Threat,Technical Uber 3.0000000000000000 The State of Security - Magazine Américain Amid growing concerns about the integrity of upcoming European elections in 2024, the 11th edition of the Threat Landscape report by the European Union Agency for Cybersecurity (ENISA) , released on October 19, 2023, reveals alarming findings about the rising threats posed by AI-enabled information manipulation. Key Insights The ENISA Threat Landscape report for 2023 paints a concerning picture of the cybersecurity landscape as Europe prepares for crucial elections in 2024. Over the reporting period, from July 2022 to June 2023, ENISA recorded a substantial 2,580 incidents, with an additional...]]> 2023-11-21T02:49:05+00:00 https://www.tripwire.com/state-of-security/ai-enabled-information-manipulation-poses-threat-eu-elections-enisa-report www.secnews.physaphae.fr/article.php?IdArticle=8415277 False Threat None 4.0000000000000000 The State of Security - Magazine Américain Server Message Block (SMB) protocol is a communication protocol that allows users to communicate with remote servers and computers, which they can open, share, edit files, and even share and utilize resources. With the expansion of telecommunications, this protocol has been a prime target for threat actors to gain unauthorized access to sensitive data and devices. In 2017, we introduced 5 general ways to protect your network from SMB risks. In this article, we examine some specific attacks, and revisit the practices that will protect your environment from this attack vector. Notable SMB...]]> 2023-11-21T02:48:58+00:00 https://www.tripwire.com/state-of-security/smb-protocol-explained-understanding-its-security-risks-and-best-practices www.secnews.physaphae.fr/article.php?IdArticle=8415278 False Threat None 3.0000000000000000 Dark Reading - Informationweek Branch Threat actors were actively exploiting CVE-2023-36025 before Microsoft patched it in November.]]> 2023-11-21T00:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/proof-of-concept-exploit-publicly-available-for-critical-windows-smartscreen-flaw www.secnews.physaphae.fr/article.php?IdArticle=8416075 False Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Description CERT-UA has identified a widespread phishing campaign impersonating the Security Service of Ukraine. Emails contain a RAR file, leading to an executable file ("SBU Requirement 543 dated 11/13/2023.pdf.exe") that installs the Remcos RAT on the computer. The RAT\'s configuration file includes 8 IP addresses of control servers in Malaysia, registered by the Russian company REG.RU on 11.11.2023. CERT-UA is actively countering the threat, tracked under ID UAC-0050. #### Reference URL(s) 1. https://cert.gov.ua/article/6276351 #### Publication Date November 20, 2023 #### Author(s) CERT-UA ]]> 2023-11-20T21:02:30+00:00 https://community.riskiq.com/article/c14b7bfe www.secnews.physaphae.fr/article.php?IdArticle=8415068 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are targeting the education, government and business services sectors with a remote access trojan called NetSupport RAT. "The delivery mechanisms for the NetSupport RAT encompass fraudulent updates, drive-by downloads, utilization of malware loaders (such as GHOSTPULSE), and various forms of phishing campaigns," VMware Carbon Black researchers said in a report shared with The]]> 2023-11-20T20:49:00+00:00 https://thehackernews.com/2023/11/netsupport-rat-infections-on-rise.html www.secnews.physaphae.fr/article.php?IdArticle=8414924 False Malware,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch The Known Exploited Vulnerabilities (KEV) catalog is a high-quality source of information on software flaws being exploited in the wild, but updates are often delayed, so companies need other sources of threat intelligence.]]> 2023-11-20T19:16:03+00:00 https://www.darkreading.com/edge/exploited-vulnerabilities-take-months-to-make-kev-list www.secnews.physaphae.fr/article.php?IdArticle=8415098 False Vulnerability,Threat None 3.0000000000000000 CrowdStrike - CTI Society Adversaries are becoming more sophisticated and faster with their attacks. According to the CrowdStrike 2023 Threat Hunting Report, the average eCrime breakout time is just 79 minutes. This is partly due to adversaries taking advantage of tools that leverage automation like password-cracking tools, exploit kits for web browser vulnerabilities, and marketplaces that sell stolen data. […]]]> 2023-11-20T18:38:02+00:00 https://www.crowdstrike.com/blog/accelerate-response-with-falcon-fusion/ www.secnews.physaphae.fr/article.php?IdArticle=8417520 False Tool,Vulnerability,Threat None 2.0000000000000000 CybeReason - Vendor blog ]]> 2023-11-20T18:11:31+00:00 https://www.cybereason.com/blog/threat-alert-inc-ransomware www.secnews.physaphae.fr/article.php?IdArticle=8415051 False Ransomware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Today\'s security leaders must manage a constantly evolving attack surface and a dynamic threat environment due to interconnected devices, cloud services, IoT technologies, and hybrid work environments. Adversaries are constantly introducing new attack techniques, and not all companies have internal Red Teams or unlimited security resources to stay on top of the latest threats. On top of that,]]> 2023-11-20T16:32:00+00:00 https://thehackernews.com/2023/11/why-defenders-should-embrace-hacker.html www.secnews.physaphae.fr/article.php?IdArticle=8414825 False Threat,Cloud None 3.0000000000000000 Checkpoint Research - Fabricant Materiel Securite Pour les dernières découvertes en cyberLes principales attaques et violation du groupe de renseignement militaire affilié à la Russie Sandworm seraient responsables d'une attaque contre 22 sociétés d'infrastructures critiques au Danemark.Les attaques, les plus graves de l'histoire danoise, ont compromis les systèmes de contrôle industriel et les entreprises forcées [& # 8230;]

---

>For the latest discoveries in cyber research for the week of 20th November, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES Russia-affiliated military intelligence group SandWorm is reportedly responsible for an attack against 22 critical infrastructure companies in Denmark. The attacks, most severe in Danish history, have compromised industrial control systems and forced companies […] ]]> 2023-11-20T15:16:08+00:00 https://research.checkpoint.com/2023/20th-november-threat-intelligence-report/ www.secnews.physaphae.fr/article.php?IdArticle=8414920 False Threat,Industrial None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Bitcoin wallets created between 2011 and 2015 are susceptible to a new kind of exploit called Randstorm that makes it possible to recover passwords and gain unauthorized access to a multitude of wallets spanning several blockchain platforms. "Randstorm() is a term we coined to describe a collection of bugs, design decisions, and API changes that, when brought in contact with each other, combine]]> 2023-11-20T14:46:00+00:00 https://thehackernews.com/2023/11/randstorm-exploit-bitcoin-wallets.html www.secnews.physaphae.fr/article.php?IdArticle=8414777 False Threat None 2.0000000000000000 IT Security Guru - Blog Sécurité Lummac2 Stealer \'s New anti-anti- Technique SandBox?La trigonométrie est apparue pour la première fois sur gourou de la sécurité informatique .

---

New research by Outpost24 has revealed that malware developers are using sandbox evasion techniques to avoid exposing malicious behaviour inside a sandbox where malware is analysed by security researches. Outpost24\'s threat intelligence team, KrakenLabs, discovered that malware developers are using trigonometry to detect human behaviour based on cursor positions to avoid automated security analysis. The Malware-as-a-Service (MaaS) […] The post LummaC2 Stealer\'s New Anti-Sandbox Technique? Trigonometry first appeared on IT Security Guru. ]]> 2023-11-20T14:41:21+00:00 https://www.itsecurityguru.org/2023/11/20/lummac2-stealers-new-anti-sandbox-technique-trigonometry/?utm_source=rss&utm_medium=rss&utm_campaign=lummac2-stealers-new-anti-sandbox-technique-trigonometry www.secnews.physaphae.fr/article.php?IdArticle=8414896 False Malware,Threat None 2.0000000000000000 Global Security Mag - Site de news francais Points de Vue]]> 2023-11-20T14:16:55+00:00 https://www.globalsecuritymag.fr/BeyondTrust-presente-ses-previsions-en-matiere-de-cybersecurite-pour-2024-et-au.html www.secnews.physaphae.fr/article.php?IdArticle=8414895 False Threat,Studies,Prediction None 3.0000000000000000 HackRead - Chercher Cyber Par deeba ahmed La tablette budgétaire, annoncée pour les enfants sur Amazon, est très populaire parmi les enfants. Ceci est un article de HackRead.com Lire le post original: Tablette de dragon populaire pour les enfants infectés par des logiciels malveillants corejava

---

>By Deeba Ahmed The budget tablet, advertised for kids on Amazon, is highly popular among children. This is a post from HackRead.com Read the original post: Popular Dragon Touch Tablet for Kids Infected with Corejava Malware]]> 2023-11-20T13:35:27+00:00 https://www.hackread.com/dragon-touch-tablets-kids-corejava-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8414865 False Malware,Threat None 3.0000000000000000 Checkpoint - Fabricant Materiel Securite Au cours de ma carrière de 2 décennies en cybersécurité, j'ai observé de première main que si la technologie joue un rôle important protégeant les organisations, l'élément humain est tout aussi crucial.On dit souvent que les protocoles de sécurité les plus sophistiqués peuvent être compromis par un seul clic par rapport à un employé non informé ou imprudent.Dans cet article, je vise à faire la lumière sur le facteur humain souvent négligé & # 8216;et fournir des recommandations pour aider les entreprises à renforcer ce maillon le plus faible de la chaîne de cybersécurité.Le paysage des menaces actuel Le paysage mondial de la cybersécurité est complexe et en constante évolution, avec de nouvelles vulnérabilités et menaces surfaçant presque quotidiennement.Nous venons un long [& # 8230;]

---

>In my 2 decade career in cybersecurity, I have observed firsthand that while technology plays a significant role protecting organizations, the human element is equally crucial. It is often said that the most sophisticated security protocols can be undermined by a single click from an uninformed or careless employee. In this article, I aim to shed light on the often-overlooked ‘human factor’ and provide recommendations to help businesses bolster this weakest link in the cybersecurity chain. The current threat landscape The global cybersecurity landscape is complex and ever-changing, with new vulnerabilities and threats surfacing almost daily. We’ve come a long […] ]]> 2023-11-20T13:00:29+00:00 https://blog.checkpoint.com/security/the-human-factor-of-cyber-security/ www.secnews.physaphae.fr/article.php?IdArticle=8414844 False Vulnerability,Threat None 3.0000000000000000 IT Security Guru - Blog Sécurité Comprendre le gouvernement britannique \\Le nouveau régime de cybersécurité, Govassure est apparu pour la première fois sur gourou de la sécurité informatique .

---

With the ever-growing threat of cyberattacks on the UK government and Critical National Infrastructure cyber safety matters more than ever. With the rising tide of ever-resent threat in mind, GovAssure was launched by the UK government in April 2023. It’s a cyber security programme that aims to ensure government IT systems are fully protected from […] The post Understanding the UK government\'s new cybersecurity regime, GovAssure first appeared on IT Security Guru. ]]> 2023-11-20T11:18:29+00:00 https://www.itsecurityguru.org/2023/11/20/understanding-the-uk-governments-new-cybersecurity-regime-govassure/?utm_source=rss&utm_medium=rss&utm_campaign=understanding-the-uk-governments-new-cybersecurity-regime-govassure www.secnews.physaphae.fr/article.php?IdArticle=8414821 False Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Threat group may be looking for intel on Azerbaijan]]> 2023-11-20T10:00:00+00:00 https://www.infosecurity-magazine.com/news/russias-apt29-embassies-ngrok/ www.secnews.physaphae.fr/article.php?IdArticle=8414772 False Threat APT 29,APT 29 3.0000000000000000 Sekoia - Cyber Firms Introduction & # 38;Objectifs Darkgate est vendu comme malware en tant que service (MAAS) sur divers forums de cybercriminalité par Rastafareye Persona, au cours des derniers mois, il a été utilisé par plusieurs acteurs de menace tels que TA577 et Ducktail.Darkgate est un chargeur avec des capacités de rat développées à Delphi avec des modules développés en C ++, qui ont gagné en notoriété dans la seconde moitié [& # 8230;] la Publication Suivante internes de darkgate est un article de Blog Sekoia.io .

---

>Introduction & Objectives DarkGate is sold as Malware-as-a-Service (MaaS) on various cybercrime forums by RastaFarEye persona, in the past months it has been used by multiple threat actors such as TA577 and Ducktail. DarkGate is a loader with RAT capabilities developed in Delphi with modules developed in C++, which gained notoriety in the second half […] La publication suivante DarkGate Internals est un article de Sekoia.io Blog.]]> 2023-11-20T09:20:41+00:00 https://blog.sekoia.io/darkgate-internals/ www.secnews.physaphae.fr/article.php?IdArticle=8414784 False Threat None 3.0000000000000000 AhnLab - Korean Security Firm Ahnlab Security Emergency Response Center (ASEC) surveillait les attaques contre les serveurs Web vulnérables qui ont des vulnérabilités non corrigées ouêtre mal géré.Étant donné que les serveurs Web sont exposés à l'extérieur dans le but de fournir des services Web à tous les utilisateurs disponibles, ceux-ci deviennent des objectifs d'attaque majeurs pour les acteurs de la menace.Les principaux exemples de services Web qui prennent en charge les environnements Windows incluent les services d'information Internet (IIS), Apache, Apache Tomcat et Nginx.Bien que le service Web Apache soit généralement utilisé dans les environnements Linux, il y en a ...

---

AhnLab Security Emergency response Center (ASEC) is monitoring attacks against vulnerable web servers that have unpatched vulnerabilities or are being poorly managed. Because web servers are externally exposed for the purpose of providing web services to all available users, these become major attack targets for threat actors. Major examples of web services that support Windows environments include Internet Information Services (IIS), Apache, Apache Tomcat, and Nginx. While the Apache web service is usually used in Linux environments, there are some... ]]> 2023-11-20T08:47:33+00:00 https://asec.ahnlab.com/en/59110/ www.secnews.physaphae.fr/article.php?IdArticle=8414751 False Vulnerability,Threat,Technical None 3.0000000000000000 Dark Reading - Informationweek Branch Combining a malware sandbox with threat intelligence feeds improves security detection, analysis, and response capabilities.]]> 2023-11-20T08:00:00+00:00 https://www.darkreading.com/threat-intelligence/leveraging-sandbox-and-threat-intelligence-feeds-to-combat-cyber-threats www.secnews.physaphae.fr/article.php?IdArticle=8414726 False Malware,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch Does your security operation center\'s performance meet the 5/5/5 benchmark for cloud threat detection and incident response?]]> 2023-11-20T08:00:00+00:00 https://www.darkreading.com/cloud/5-5-5-benchmark-cloud-detection-and-response www.secnews.physaphae.fr/article.php?IdArticle=8414727 False Threat,Cloud,Technical None 4.0000000000000000 AhnLab - Korean Security Firm Récemment, AhnLab Security Response Center (ASEC) a identifié un fichier LNK malveillant distribué à financier etPersonnel de Blockchain Corporation par e-mail et autres façons.Le fichier LNK malveillant est distribué via URL et AHNLAB Smart Defence (ASD) a confirmé les URL suivantes.Le fichier téléchargé est un fichier compressé nommé & # 8220; Blockchain Corporate Solution Handbook Production.zip & # 8221;.L'acteur de menace a alternativement téléchargé un fichier malveillant et un fichier légitime sur les URL, provoquant une confusion dans l'analyse.Quand le malveillant ...

---

Recently, AhnLab Security Emergency response Center (ASEC) has identified a malicious LNK file being distributed to financial and blockchain corporation personnel through email and other ways. The malicious LNK file is distributed via URLs and AhnLab Smart Defense (ASD) has confirmed the following URLs. The file being downloaded is a compressed file named “Blockchain Corporate Solution Handbook Production.zip”. The threat actor alternately uploaded a malicious file and a legitimate file at the URLs, causing confusion in analysis. When the malicious... ]]> 2023-11-20T07:55:44+00:00 https://asec.ahnlab.com/en/59057/ www.secnews.physaphae.fr/article.php?IdArticle=8414728 False Threat,Technical None 2.0000000000000000 Incogni - Blog Sécu de la société incogni, spécialisé en protection de la vie privé 2023-11-20T00:00:50+00:00 https://blog.incogni.com/imposter-calls-research/ www.secnews.physaphae.fr/article.php?IdArticle=8415226 False Threat None 2.0000000000000000 Microsoft - Microsoft Security Response Center This year marks the tenth anniversary of the Microsoft Bug Bounty Program, an essential part of our proactive strategy to protect customers from security threats. Since its inception in 2013, Microsoft has awarded more than $60 million to thousands of security researchers from 70 countries. These individuals have discovered and reported vulnerabilities under Coordinated Vulnerability Disclosure, aiding Microsoft in navigating the continuously evolving security threat landscape and emerging technologies.]]> 2023-11-20T00:00:00+00:00 https://msrc.microsoft.com/blog/2023/11/celebrating-ten-years-of-the-microsoft-bug-bounty-program-and-more-than-60m-awarded/ www.secnews.physaphae.fr/article.php?IdArticle=8414986 False Vulnerability,Threat None 3.0000000000000000 HackRead - Chercher Cyber Par deeba ahmed Les escrocs profitent d'une crise humanitaire?Eh bien, qui a vu ça venir ... Ceci est un article de HackRead.com Lire le post original: Les escrocs des crypto exploitent la crise de Gaza, trompant les utilisateurs dans l'escroquerie de don

---

>By Deeba Ahmed Scammers taking advantage of a humanitarian crisis? Well, who saw that coming... This is a post from HackRead.com Read the original post: Crypto Scammers Exploit Gaza Crisis, Deceiving Users in Donation Scam]]> 2023-11-19T23:08:38+00:00 https://www.hackread.com/crypto-scammers-gaza-crisis-donation-scams/ www.secnews.physaphae.fr/article.php?IdArticle=8414551 False Threat None 2.0000000000000000 CyberWarzone - Cyber News [Plus ...]

---

Understanding the Role of Mcrypt in PHP Development In the realm of PHP development, the mcrypt extension once stood as a crucial tool for data [more...]]]> 2023-11-19T20:36:10+00:00 https://cyberwarzone.com/what-is-the-mcrypt-extension-in-php-and-why-was-it-deprecated/ www.secnews.physaphae.fr/article.php?IdArticle=8414511 False Tool,Threat None 3.0000000000000000 Bleeping Computer - Magazine Américain After Sandworm and APT28 (known as Fancy Bear), another state-sponsored Russian hacker group, APT29, is leveraging the CVE-2023-38831 vulnerability in WinRAR for cyberattacks. [...]]]> 2023-11-19T11:14:25+00:00 https://www.bleepingcomputer.com/news/security/russian-hackers-use-ngrok-feature-and-winrar-exploit-to-attack-embassies/ www.secnews.physaphae.fr/article.php?IdArticle=8414888 False Vulnerability,Threat APT 29,APT 28 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind the 8Base ransomware are leveraging a variant of the Phobos ransomware to conduct their financially motivated attacks. The findings come from Cisco Talos, which has recorded an increase in activity carried out by cybercriminals. “Most of the group\'s Phobos variants are distributed by SmokeLoader, a backdoor trojan," security researcher Guilherme Venere said in an]]> 2023-11-18T16:57:00+00:00 https://thehackernews.com/2023/11/8base-group-deploying-new-phobos.html www.secnews.physaphae.fr/article.php?IdArticle=8413874 False Ransomware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are leveraging manipulated search results and bogus Google ads that trick users who are looking to download legitimate software such as WinSCP into installing malware instead. Cybersecurity company Securonix is tracking the ongoing activity under the name SEO#LURKER. “The malicious advertisement directs the user to a compromised WordPress website gameeweb[.]com, which redirects the]]> 2023-11-17T19:01:00+00:00 https://thehackernews.com/2023/11/beware-malicious-google-ads-trick.html www.secnews.physaphae.fr/article.php?IdArticle=8413407 False Malware,Threat None 2.0000000000000000 Bleeping Computer - Magazine Américain Ransomware gangs target exposed Citrix Netscaler devices using a publicly available exploit to breach large organizations, steal data, and encrypt files. [...]]]> 2023-11-17T18:26:29+00:00 https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-17th-2023-citrix-in-the-crosshairs/ www.secnews.physaphae.fr/article.php?IdArticle=8413639 False Ransomware,Threat None 3.0000000000000000 Fortinet - Fabricant Materiel Securite Understand how OT risk management and OT threat detection are key components to implement in your cyber defense.]]> 2023-11-17T16:00:00+00:00 https://www.fortinet.com/blog/industry-trends/ot-risk-management-threat-detection-and-malware-prevention www.secnews.physaphae.fr/article.php?IdArticle=8413473 False Malware,Threat,Industrial None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An unknown threat actor has been observed publishing typosquat packages to the Python Package Index (PyPI) repository for nearly six months with an aim to deliver malware capable of gaining persistence, stealing sensitive data, and accessing cryptocurrency wallets for financial gain. The 27 packages, which masqueraded as popular legitimate Python libraries, attracted thousands of downloads,]]> 2023-11-17T15:26:00+00:00 https://thehackernews.com/2023/11/27-malicious-pypi-packages-with.html www.secnews.physaphae.fr/article.php?IdArticle=8413334 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) U.S. cybersecurity and intelligence agencies have released a joint advisory about a cybercriminal group known as Scattered Spider that\'s known to employ sophisticated phishing tactics to infiltrate targets. "Scattered Spider threat actors typically engage in data theft for extortion using multiple social engineering techniques and have recently leveraged BlackCat/ALPHV ransomware alongside their]]> 2023-11-17T13:02:00+00:00 https://thehackernews.com/2023/11/us-cybersecurity-agencies-warn-of.html www.secnews.physaphae.fr/article.php?IdArticle=8413267 False Ransomware,Threat None 2.0000000000000000 ProofPoint - Cyber Firms 2023-11-17T12:01:12+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/demystifying-ai-and-ml-six-critical-questions-ask-your-cybersecurity www.secnews.physaphae.fr/article.php?IdArticle=8413357 False Malware,Tool,Vulnerability,Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Check Point Research say these latest luxury brand scams are a wake-up call for shoppers to stay vigilant online]]> 2023-11-17T11:00:00+00:00 https://www.infosecurity-magazine.com/news/cammers-exploit-luxury-brands-to/ www.secnews.physaphae.fr/article.php?IdArticle=8413335 False Threat None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Smartproxy are better if security and privacy are your goals. Keep reading to discover how free proxies work and the dangers they pose. What is a proxy? A proxy is an intermediary server that accepts and forwards all your requests to the web server. This means that instead of connecting directly to the internet, you first connect to the proxy server. You might be wondering why using an intermediary server like a proxy is effective. Usually, it’s better to cut out the middleman, right? In this case, by connecting to the proxy first, your personal information, such as your IP and other associated data, is replaced by a new IP. This completely hides your information from the websites you visit. By changing your IP address through a proxy, websites or apps cannot track you, and your data is more secure. However, that’s not all a proxy does. What can you use a proxy for? By now, we know that proxies are great tools when it comes to online security and privacy. By hiding your real IP, the websites that you visit won’t be able to collect the data associated with your IP. This usually includes your name, location, ISP, devices, operating system, and more. Residential proxies, in particular, are great for anonymity because they use the IPs from real devices. As such, they don’t look like proxies and are much less likely to be detected as such. However, proxies can be used for many other ways aside from security and privacy. Another use is managing multiple social media accounts. Social media platforms are quick to issue IP bans if they find the same IP address creating multiple accounts. Account limits are usually only a handful per IP address, and the moment you create too many, you might receive an IP ban. This is frustrating if you’re a digital marketer who creates and manages accounts for clients. However, by using a proxy, you can change the IP that creates the accounts and avoid IP bans. Another use of proxies is related to automation. This can affect a wide range of automated tools, from sneaker bots to data scrapers and even social media automation. Many websites and social media platforms block automation tools as part of their anti-bot protection. However, by linking residential proxies to these tools, you can make them appear like natural users and bypass these limitations. However, to be successful, you’ll need to use residential proxies with a real IP. Finally, proxies can also help improve your connection speed and stabilize it. This is because you’re routing all your traffic through larger servers instead of your own device. These servers are much more capa]]> 2023-11-17T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/free-proxies-and-the-hidden-dangers www.secnews.physaphae.fr/article.php?IdArticle=8413331 False Malware,Tool,Vulnerability,Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Security advisory details TTPs of prolific threat actors]]> 2023-11-17T10:30:00+00:00 https://www.infosecurity-magazine.com/news/fbi-notorious-scattered-spider/ www.secnews.physaphae.fr/article.php?IdArticle=8413336 False Threat None 3.0000000000000000 Soc Radar - Blog spécialisé SOC Alors que la transformation numérique remodèle le secteur de l'éducation, la sécurité de l'éducation dans les écoles de la maternelle à la 12e année est devenue ...

---

>As digital transformation reshapes the education sector, education security in K-12 schools has emerged as... ]]> 2023-11-17T08:00:00+00:00 https://socradar.io/education-security-a-critical-analysis-of-the-k-12-threat-landscape/ www.secnews.physaphae.fr/article.php?IdArticle=8413266 False Threat None 3.0000000000000000 Dark Reading - Informationweek Branch There\'s no time to waste: For organizations on the fence about patching the critical bug in ActiveMQ, the new proof-of-concept exploit should push them towards action.]]> 2023-11-16T22:45:00+00:00 https://www.darkreading.com/application-security/dangerous-apache-activemq-exploit-edr-bypass www.secnews.physaphae.fr/article.php?IdArticle=8413104 False Threat,Patching None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A zero-day flaw in the Zimbra Collaboration email software was exploited by four different groups in real-world attacks to pilfer email data, user credentials, and authentication tokens. "Most of this activity occurred after the initial fix became public on GitHub," Google Threat Analysis Group (TAG) said in a report shared with The Hacker News. The flaw, tracked as CVE-2023-37580 (CVSS score:]]> 2023-11-16T21:39:00+00:00 https://thehackernews.com/2023/11/zero-day-flaw-in-zimbra-email-software.html www.secnews.physaphae.fr/article.php?IdArticle=8412958 False Threat None 2.0000000000000000 Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique Netskope Threat Labs publie un article de blog de résumé mensuel des principales menaces que nous suivons sur la plate-forme Netskope.Le but de cet article est de fournir des renseignements stratégiques et exploitables sur les menaces actives contre les utilisateurs d'entreprise du monde entier.Résumé Après quatre mois, les fichiers PE (EXE / DLL) ont récupéré la première place comme le format de fichier le plus populaire [& # 8230;]

---

>Netskope Threat Labs publishes a monthly summary blog post of the top threats we are tracking on the Netskope platform. The purpose of this post is to provide strategic, actionable intelligence on active threats against enterprise users worldwide. Summary After four months, PE files (EXE/DLL) reclaimed the top spot as the most popular file format […] ]]> 2023-11-16T20:18:20+00:00 https://www.netskope.com/blog/netskope-threat-labs-stats-for-october-2023 www.secnews.physaphae.fr/article.php?IdArticle=8413058 False Threat,Studies None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Description Google\'s Threat Analysis Group (TAG) has discovered an in-the-wild 0-day exploit targeting Zimbra Collaboration, used to steal email data from international government organizations tracked as CVE-2023-37580. TAG first discovered the 0-day, a reflected cross-site scripting (XSS) vulnerability, in June when it was actively exploited in targeted attacks against Zimbra\'s email server. Zimbra pushed a hotfix to their public Github on July 5, 2023 and published an initial advisory with remediation guidance on July 13, 2023. TAG observed three threat groups exploiting the vulnerability prior to the release of the official patch, including groups that may have learned about the bug after the fix was initially made public on Github. TAG discovered a fourth campaign using the XSS vulnerability after the official patch was released. Three of these campaigns began after the hotfix was initially made public highlighting the importance of organizations applying fixes as quickly as possible. #### Reference URL(s) 1. https://blog.google/threat-analysis-group/zimbra-0-day-used-to-steal-email-data-from-government-organizations/ #### Publication Date November 16, 2023 #### Author(s) Clement Lecigne Maddie Stone ]]> 2023-11-16T20:07:41+00:00 https://community.riskiq.com/article/4e32e6ef www.secnews.physaphae.fr/article.php?IdArticle=8413075 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A hacking group that leveraged a recently disclosed security flaw in the WinRAR software as a zero-day has now been categorized as an entirely new advanced persistent threat (APT). Cybersecurity company NSFOCUS has described DarkCasino as an "economically motivated" actor that first came to light in 2021. "DarkCasino is an APT threat actor with strong technical and learning ability, who is good]]> 2023-11-16T19:21:00+00:00 https://thehackernews.com/2023/11/experts-uncover-darkcasino-new-emerging.html www.secnews.physaphae.fr/article.php?IdArticle=8412886 False Threat,Technical None 2.0000000000000000 Global Security Mag - Site de news francais revues de produits

---

Sysdig Extends the Power of Detection and Response to Include Windows Server and Malware Threat Detection Expanding its CDR capabilities within the company\'s cloud native application protection platform - Product Reviews]]> 2023-11-16T18:21:38+00:00 https://www.globalsecuritymag.fr/Sysdig-announces-malware-threat-detection-and-Windows-server-detection.html www.secnews.physaphae.fr/article.php?IdArticle=8413017 False Malware,Threat,Cloud None 2.0000000000000000 Mandiant - Blog Sécu de Mandiant menace d'initié: les dangers à l'intérieur menace d'initié: Études d'impact L'identification des menaces d'initié devient de plus en plus importante.Les initiés malveillants transportent souvent

---

The insider threat is a multifaceted challenge that represents a significant cybersecurity risk to organizations today. Some are malicious insiders such as employees looking to steal data or sabotage the organization. Some are unintentional insiders such as employees who make careless mistakes or fall victim to phishing attacks. If you need a refresher on what insider threats are or their impact, please refer to our previous blog posts:Insider Threat: The Dangers WithinInsider Threat: Impact StudiesIdentifying insider threats is becoming increasingly important. Malicious insiders often carry]]> 2023-11-16T18:00:00+00:00 https://www.mandiant.com/resources/blog/insider-threat-hunting-detecting www.secnews.physaphae.fr/article.php?IdArticle=8413227 False Threat None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind the Rhysida ransomware engage in opportunistic attacks targeting organizations spanning various industry sectors. The advisory comes courtesy of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC). "Observed as a ransomware-as-a-service (RaaS)]]> 2023-11-16T17:33:00+00:00 https://thehackernews.com/2023/11/cisa-and-fbi-issue-warning-about.html www.secnews.physaphae.fr/article.php?IdArticle=8412860 False Ransomware,Threat None 2.0000000000000000 Recorded Future - FLux Recorded Future Les pirates ont exploité une vulnérabilité dans le produit de courrier électronique de Zimbra \\ pour attaquer les agences gouvernementales en Grèce, en Tunisie, en Moldavie, au Vietnam et au Pakistan, ont découvert les chercheurs de Google.Le groupe d'analyse des menaces de Google (TAG) a découvert le bogue, classé comme CVE-2023-37580, en juin.À partir de ce mois-ci, quatre groupes différents ont exploité le zéro jour pour cibler la collaboration Zimbra, un serveur de messagerie de nombreuses organisations

---

Hackers exploited a vulnerability in Zimbra\'s email product to attack government agencies in Greece, Tunisia, Moldova, Vietnam and Pakistan, Google researchers have discovered. Google\'s Threat Analysis Group (TAG) first discovered the bug, classified as CVE-2023-37580, in June. Beginning that month, four different groups exploited the zero-day to target Zimbra Collaboration, an email server many organizations]]> 2023-11-16T17:00:00+00:00 https://therecord.media/hackers-target-govts-with-zimbra-zero www.secnews.physaphae.fr/article.php?IdArticle=8412962 False Vulnerability,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch Cybersecurity investment involves more than just buying security technologies - organizations are also looking at threat intelligence, risk assessment, cyber-insurance, and third-party risk management.]]> 2023-11-16T17:00:00+00:00 https://www.darkreading.com/tech-trends/cybersecurity-investment-more-than-technology www.secnews.physaphae.fr/article.php?IdArticle=8413289 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A set of novel attack methods has been demonstrated against Google Workspace and the Google Cloud Platform that could be potentially leveraged by threat actors to conduct ransomware, data exfiltration, and password recovery attacks. "Starting from a single compromised machine, threat actors could progress in several ways: they could move to other cloned machines with GCPW installed, gain access]]> 2023-11-16T16:48:00+00:00 https://thehackernews.com/2023/11/hackers-could-exploit-google-workspace.html www.secnews.physaphae.fr/article.php?IdArticle=8412835 False Ransomware,Threat,Cloud None 3.0000000000000000