This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-12T11:36:55+00:00 www.secnews.physaphae.fr Dark Reading - Informationweek Branch But the time when quantum computers pose a tangible threat to modern encryption is likely still several years away.]]> 2024-10-16T21:45:40+00:00 https://www.darkreading.com/application-security/chinese-researchers-unveil-quantum-technique-to-break-encryption www.secnews.physaphae.fr/article.php?IdArticle=8598929 False Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-16T20:34:29+00:00 https://community.riskiq.com/article/ac988484 www.secnews.physaphae.fr/article.php?IdArticle=8598927 True Ransomware,Spam,Malware,Tool,Threat,Technical None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-16T19:58:18+00:00 https://community.riskiq.com/article/f54777a4 www.secnews.physaphae.fr/article.php?IdArticle=8598901 False Ransomware,Malware,Tool,Threat,Cloud None 3.0000000000000000 Dark Reading - Informationweek Branch By using EDRSilencer, threat actors are able to prevent security alerts and reports getting generated.]]> 2024-10-16T19:48:23+00:00 https://www.darkreading.com/endpoint-security/bad-actors-manipulate-red-team-tools-evade-detection www.secnews.physaphae.fr/article.php?IdArticle=8598880 False Tool,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-16T19:15:03+00:00 https://community.riskiq.com/article/e46070dd www.secnews.physaphae.fr/article.php?IdArticle=8598902 False Malware,Tool,Vulnerability,Threat,Studies ChatGPT 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-16T19:14:31+00:00 https://community.riskiq.com/article/1f1ea18b www.secnews.physaphae.fr/article.php?IdArticle=8598903 False Ransomware,Malware,Tool,Threat,Mobile,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korean threat actor known as ScarCruft has been linked to the zero-day exploitation of a now-patched security flaw in Windows to infect devices with malware known as RokRAT. The vulnerability in question is CVE-2024-38178 (CVSS score: 7.5), a memory corruption bug in the Scripting Engine that could result in remote code execution when using the Edge browser in Internet Explorer Mode.]]> 2024-10-16T16:20:00+00:00 https://thehackernews.com/2024/10/north-korean-scarcruft-exploits-windows.html www.secnews.physaphae.fr/article.php?IdArticle=8598696 False Malware,Vulnerability,Threat APT 37 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) To defend your organization against cyber threats, you need a clear picture of the current threat landscape. This means constantly expanding your knowledge about new and ongoing threats. There are many techniques analysts can use to collect crucial cyber threat intelligence. Let\'s consider five that can greatly improve your threat investigations. Pivoting on С2 IP addresses to pinpoint malware]]> 2024-10-16T14:58:00+00:00 https://thehackernews.com/2024/10/5-techniques-for-collecting-cyber.html www.secnews.physaphae.fr/article.php?IdArticle=8598670 False Malware,Threat None 3.0000000000000000 Global Security Mag - Site de news francais Malwares]]> 2024-10-16T14:35:47+00:00 https://www.globalsecuritymag.fr/rapport-cybersecurite-watchguard-les-cybercriminels-tentent-de-transformer-les.html www.secnews.physaphae.fr/article.php?IdArticle=8598775 False Threat None 2.0000000000000000 Palo Alto Network - Site Constructeur La frontière de l'unité 42: Préparez-vous aux émergents des risques d'IA explique comment l'IA génératrice (Genai) remodèle le paysage de la cybersécurité.

---

>The Unit 42 Threat Frontier: Prepare for Emerging AI Risks report explains how generative AI (GenAI) is reshaping the cybersecurity landscape. ]]> 2024-10-16T14:00:59+00:00 https://www.paloaltonetworks.com/blog/2024/10/genai-in-cybersecurity-threats-and-defenses/ www.secnews.physaphae.fr/article.php?IdArticle=8600465 False Threat None 2.0000000000000000 Checkpoint - Fabricant Materiel Securite Risques de la chaîne d'approvisionnement SaaS: La plus grande menace pour vos données sur les attaques de la chaîne d'approvisionnement SaaS présente le plus grand risque pour vos données.Les attaquants exploitent les vulnérabilités dans les applications SaaS, qui servent de points d'entrée dans votre entreprise.Cela peut être quelque chose d'aussi basique que les jetons API périmés ou les comptes d'utilisateurs.Shadow C'est aussi une préoccupation majeure.Selon Check Point, en moyenne, les équipes informatiques ne sont conscientes que de 20% des applications SaaS utilisées au sein de leur organisation.Cette visibilité limitée peut conduire à l'exposition de données sensibles et dégénérer en une violation de SAAS complète.ZTAA ne suffit pas pour sécuriser [& # 8230;]

---

>SaaS Supply Chain Risks: Biggest Threat to Your Data SaaS supply chain attacks pose the greatest risk to your data. Attackers exploit vulnerabilities in SaaS applications, which serve as entry points into your enterprise. This might be something as basic as stale API tokens or user accounts. Shadow IT is also a major concern. According to Check Point, on average, IT teams are only aware of 20% of the SaaS applications being used within their organization. This limited visibility can lead to the exposure of sensitive data and escalate into a full SaaS breach. ZTAA is Not Enough to Secure […] ]]> 2024-10-16T13:00:17+00:00 https://blog.checkpoint.com/security/how-to-secure-your-saas-data/ www.secnews.physaphae.fr/article.php?IdArticle=8598726 False Vulnerability,Threat,Cloud None 2.0000000000000000 Bleeping Computer - Magazine Américain The North Korean hacking group ScarCruft launched a large-scale attack in May that leveraged an Internet Explorer zero-day flaw to infect targets with the RokRAT malware and exfiltrate data. [...]]]> 2024-10-16T09:59:12+00:00 https://www.bleepingcomputer.com/news/security/malicious-ads-exploited-internet-explorer-zero-day-to-drop-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8598745 False Malware,Vulnerability,Threat APT 37 2.0000000000000000 Global Security Mag - Site de news francais Revues de produits

---

Gandi launches its new DNS Security+ Pack Enhanced protection against threats that exploit DNS vulnerabilities for increased security. - Product Reviews]]> 2024-10-16T09:31:43+00:00 https://www.globalsecuritymag.fr/gandi-launches-its-new-dns-security-pack.html www.secnews.physaphae.fr/article.php?IdArticle=8598648 False Vulnerability,Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine DigiCert says imminent crypto threat from quantum computing has been over-hyped]]> 2024-10-16T09:15:00+00:00 https://www.infosecurity-magazine.com/news/experts-play-down-chinese-quantum/ www.secnews.physaphae.fr/article.php?IdArticle=8598645 False Threat None 3.0000000000000000 InformationSecurityBuzzNews - Site de News Securite The Trend Micro Threat Hunting Team has identified an alarming new trend in cyber attacks: malefactors are adopting EDRSilencer, a red team tool designed to interfere with endpoint detection and response (EDR) systems. Originally developed as a tool for security professionals, EDRSilencer has been repurposed by malicious actors to block EDR communications, helping them slip [...]]]> 2024-10-16T05:25:25+00:00 https://informationsecuritybuzz.com/threat-actor-tool-edrsilencer-repurpos/ www.secnews.physaphae.fr/article.php?IdArticle=8598559 False Tool,Threat,Prediction None 3.0000000000000000 InformationSecurityBuzzNews - Site de News Securite In a potentially concerning advancement for global cybersecurity, Chinese researchers have introduced a technique leveraging D-Wave\'s quantum annealing systems to breach traditional encryption, which may hasten the timeline for when quantum computers could pose a genuine threat to widely used cryptographic systems. Published under the title “Quantum Annealing Public Key Cryptographic Attack Algorithm Based on [...]]]> 2024-10-16T05:05:03+00:00 https://informationsecuritybuzz.com/chinese-use-quantum-hack-secure-encryp/ www.secnews.physaphae.fr/article.php?IdArticle=8598537 False Hack,Threat None 3.0000000000000000 The State of Security - Magazine Américain The threat of cyberattacks is at an all-time high. In fact, research shows that worldwide cybercrime costs are anticipated to reach $10.5 trillion annually by 2025. Cybercriminals threaten all, as 43% of cyberattacks target small enterprises. The rise of these threats underscores the importance of a robust cyber defense strategy, and one key way to do that is through layered cybersecurity solutions. A multi-layered strategy helps businesses better protect against, identify, and mitigate the growing number of attacks in today\'s digital world. This article will explain the principle of layered...]]> 2024-10-16T03:30:59+00:00 https://www.tripwire.com/state-of-security/importance-layered-cybersecurity-solutions www.secnews.physaphae.fr/article.php?IdArticle=8598622 False Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot CoreWarrior malware has been identified as a significant threat to Windows machines, spreading by creating numerous copies and connecting to a variety of IP addresses. It establishes backdoor connections and monitors user activity through Windows UI element hooks, which can lead to system compromise and data theft. ## Description The malware is a UPX-packed executable designed to thwart standard unpackers. Upon execution, it generates a temporary copy with a random name to send data to a remote server via HTTP POST, and after each successful transmission, the original copy is deleted, and a new one is created, with over a hundred copies observed to be created and deleted within ten minutes. The malware sets up listeners on specific ports and employs anti-analysis techniques, such as using rdtsc to detect debugging and exiting if the times exceed a threshold. It also uses randomized sleep timers to evade detection and can identify VM environments by searching for strings related to HyperV containers. CoreWarrior pote]]> 2024-10-15T22:05:43+00:00 https://community.riskiq.com/article/978737b1 www.secnews.physaphae.fr/article.php?IdArticle=8598444 False Malware,Tool,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) New variants of an Android banking trojan called TrickMo have been found to harbor previously undocumented features to steal a device\'s unlock pattern or PIN. "This new addition enables the threat actor to operate on the device even while it is locked," Zimperium security researcher Aazim Yaswant said in an analysis published last week. First spotted in the wild in 2019, TrickMo is so named for]]> 2024-10-15T21:17:00+00:00 https://thehackernews.com/2024/10/trickmo-banking-trojan-can-now-capture.html www.secnews.physaphae.fr/article.php?IdArticle=8598262 False Threat,Mobile None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-15T21:16:48+00:00 https://community.riskiq.com/article/9ce29d67 www.secnews.physaphae.fr/article.php?IdArticle=8598422 False Malware,Tool,Threat APT 38 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-15T20:34:16+00:00 https://community.riskiq.com/article/e37477e6 www.secnews.physaphae.fr/article.php?IdArticle=8598401 True Ransomware,Malware,Tool,Threat,Prediction None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-15T20:34:15+00:00 https://community.riskiq.com/article/1bdfb795 www.secnews.physaphae.fr/article.php?IdArticle=8598402 False Ransomware,Spam,Malware,Tool,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) North Korean threat actors have been observed using a Linux variant of a known malware family called FASTCash to steal funds as part of a financially-motivated campaign. The malware is "installed on payment switches within compromised networks that handle card transactions for the means of facilitating the unauthorized withdrawal of cash from ATMs," a security researcher who goes by HaxRob said.]]> 2024-10-15T20:13:00+00:00 https://thehackernews.com/2024/10/new-linux-variant-of-fastcash-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8598236 False Malware,Threat None 2.0000000000000000 Global Security Mag - Site de news francais Business News

---

Conversant Group Launches Securitas Summa, a Comprehensive Cyber Resilience Program With assured recoverability and real-time threat intelligence, Conversant sets a new standard for cyber resilience to meet the evolving demands of today\'s cyber landscape - Business News]]> 2024-10-15T20:12:42+00:00 https://www.globalsecuritymag.fr/conversant-group-launches-securitas-summa.html www.secnews.physaphae.fr/article.php?IdArticle=8598380 False Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-15T19:57:54+00:00 https://community.riskiq.com/article/2473c825 www.secnews.physaphae.fr/article.php?IdArticle=8598344 True Ransomware,Malware,Tool,Vulnerability,Threat APT-C-17 3.0000000000000000 SecurityWeek - Security News Le nouveau rapport de menace montre que le potentiel de perturbation du jour scolaire de novembre est grave et que la menace est réelle.

---

>New threat report shows that the potential for disruption to November\'s Election Day is severe, and the threat is real. ]]> 2024-10-15T19:01:40+00:00 https://www.securityweek.com/election-day-is-close-the-threat-of-cyber-disruption-is-real/ www.secnews.physaphae.fr/article.php?IdArticle=8598305 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In recent years, the number and sophistication of zero-day vulnerabilities have surged, posing a critical threat to organizations of all sizes. A zero-day vulnerability is a security flaw in software that is unknown to the vendor and remains unpatched at the time of discovery. Attackers exploit these flaws before any defensive measures can be implemented, making zero-days a potent weapon for]]> 2024-10-15T16:30:00+00:00 https://thehackernews.com/2024/10/rise-of-zero-day-vulnerabilities.html www.secnews.physaphae.fr/article.php?IdArticle=8598122 False Vulnerability,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot Cyble Research and Intelligence Labs (CRIL) has identified a new cyber campaign, “ErrorFather,” which utilizes a variant of the Cerberus Android Banking Trojan. ## Description Originally discovered in 2019, Cerberus is known for targeting financial and social media apps with keylogging, overlay attacks, and remote control features via VNC. The ErrorFather campaign incorporates multiple layers of infection, including session-based droppers and encrypted payloads, making detection and removal more difficult. The campaign, which saw increased activity in September and October 2024, deploys malware capable of stealing sensitive information like login credentials and payment details through sophisticated phishing techniques. A unique feature of ErrorFather is its use of a Domain Generation Algorithm (DGA), which enables dynamic updates to Command and Control (C&C) servers, keeping the malware functional even if primary servers are disabled. Despite bein]]> 2024-10-15T16:24:37+00:00 https://community.riskiq.com/article/d73f02ab www.secnews.physaphae.fr/article.php?IdArticle=8598281 False Malware,Threat,Mobile None 2.0000000000000000 Mandiant - Blog Sécu de Mandiant Mandiant analyzed 138 vulnerabilities that were disclosed in 2023 and that we tracked as exploited in the wild. Consistent with past analyses, the majority (97) of these vulnerabilities were exploited as zero-days (vulnerabilities exploited before patches are made available, excluding end-of-life technologies). Forty-one vulnerabilities were exploited as n-days (vulnerabilities first exploited after patches are available). While we have previously seen and continue to expect a growing use of zero-days over time, 2023 saw an even larger discrepancy grow between zero-day and n-day exploitation as zero-day exploitation outpaced n-day exploitation more heavily than we have previously observed. While our data is based on reliable observations, we note that the numbers are conservative estimates as we rely on the first reported exploitation of a vulnerability. Frequently, first exploitation dates are not publicly disclosed or are given vague timeframes (e.g., "mid-July" or "Q2 2023"), in which case we assume the latest plausible date. It is also likely that undiscovered exploitation has occurred. Therefore, actual times to exploit are almost certainly earlier than this data suggests. Exploitation Timelines Time-to-Exploit Time-to-exploit (TTE) is our metric for defining the average time taken to exploit a vulnerability before or after a patch is released. Historically, our analyses have seen reduced times-to-exploit year over year. Through 2018 to 2019, we observed an average TTE of 63 days. From 2020 to the start of 2021, that number decreased to 44 days. Then, across all of 2021 and 2022, the average observed TTE dropped further to 32 days, already half of our first tracked TTE starting in 2018. In 2023, we observed the largest drop in TTE thus far, with an average of just five days. This is less than a sixth of the previously observed TTE.  Our average TTE excludes 15 total data points, including two n-days and 13 zero-days, that we identified as outliers from a standard deviation-based statistical analysis. Without the removal of these outlier TTEs, the average grows from five to 47. Zero-Day vs. N-day Exploitation Prior to 2023, we had observed steady ratios of n-days to zero-days, being 38:62 across 2021–2022 and 39:61 across 2020 into part of 2021. However, in 2023, this ratio shifted to 30:70, a notable departure from what we had observed previously. Given that zero-day exploitation has risen steadily over the years, the shifting ratio appears to be influenced more from the recent increase in zero-day usage and detection rather than a drop in n-day usage. It is also possible that actors had a larger number of successful attempts to exploit zero-days in 2023. Future data and analyses will show whether this is the start of a ]]> 2024-10-15T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/time-to-exploit-trends-2023/ www.secnews.physaphae.fr/article.php?IdArticle=8598204 False Tool,Vulnerability,Threat,Patching,Cloud,Technical None 3.0000000000000000 GoogleSec - Firm Security Blog 1 are widely understood to create safety issues in software. It is estimated that about 70% of severe vulnerabilities2 in memory-unsafe codebases are due to memory safety bugs. Malicious actors exploit these vulnerabilities and continue to create real-world harm. In 2023, Google\'s threat intelligence teams conducted an industry-wide study and observed a close to all-time high number of vulnerabilities exploited in the wild. Our internal analysis estimates that 75% of CVEs used in zero-day exploits are memory safety vulnerabilities. At Google, we have been mindful of these issues for over two decades, and are on a journey to continue advancing the state of memory safety in the software we consume and produce. Our Secure by Design commitment emphasizes integrating security considerations, including robust memory safety practices, throughout the entire software development lifecycle. This proactive approach fosters a safer and more trustworthy digital environment for everyone. This post builds upon our previously reported Perspective on Memory Safety, and introduces our strategic approach to memory safety. Our journey so far Google\'s journey with memory safety is deeply intertwined with the evolution of the software industry itself. In our early days, we recognized the importance of balancing performance with safety. This led to the early adoption of memory-safe languages like Java and Python, and the creation of Go. Today these languages comprise a large portion of our code, providing memory safety among other benefits. Meanwhile, the rest of our code is predominantly written in C++, previously the optimal choice for high-performance demands. We recognized the inherent risks associated with memory-unsafe languages and developed tools like sanitizers, which detect memory safety bugs dynamically, and fuzzers like AFL and libfuzzer, which proactively test the robustness and security of a software application by repeatedly feeding unexpected inputs. By open-sourcing these tools, we\'ve empowered developers worldwide to reduce the likelihood of memory safety vulnerabilities in C and C++ codebases. Taking this commitment a step further, we provide continuous fuzzing to open-source projects through OSS-Fuzz, which helped get over 8800 vulnerabilities identified and subsequently fixed across 850 projects. Today, with the emergence of high-performance memory-safe languages like Rust, coupled with a deeper understanding of the limitations of purely detection-based approaches, we are focused primarily on preventing the introduction of security vulnerabilities at scale. Going forward: Google\'s two-pronged approach Google\'s long-term strategy for tackling memory safety challenges is multifaceted, recognizing the need to address both existing codebases and future development, while maintaining the pace of business.]]> 2024-10-15T13:44:17+00:00 http://security.googleblog.com/2024/10/safer-with-google-advancing-memory.html www.secnews.physaphae.fr/article.php?IdArticle=8598282 False Tool,Vulnerability,Threat,Studies,Mobile,Technical None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) China\'s National Computer Virus Emergency Response Center (CVERC) has doubled down on claims that the threat actor known as the Volt Typhoon is a fabrication of the U.S. and its allies. The agency, in collaboration with the National Engineering Laboratory for Computer Virus Prevention Technology, went on to accuse the U.S. federal government, intelligence agencies, and Five Eyes countries of]]> 2024-10-15T13:33:00+00:00 https://thehackernews.com/2024/10/china-accuses-us-of-fabricating-volt.html www.secnews.physaphae.fr/article.php?IdArticle=8598048 False Threat Guam 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Most organizations are not prepared for the post-quantum threat, despite the recent publication of NIST\'s first three finalized post-quantum encryption standards]]> 2024-10-15T13:30:00+00:00 https://www.infosecurity-magazine.com/news/orgs-unprepared-postquantum-threat/ www.secnews.physaphae.fr/article.php?IdArticle=8598184 False Threat None 2.0000000000000000 TechRepublic - Security News US SentinelOne\'s Alex Stamos sees a future where defenders have the advantage when it comes to generative AI. At least until it can write exploit code.]]> 2024-10-15T13:28:21+00:00 https://www.techrepublic.com/article/isc2-security-summit-cyber-interview/ www.secnews.physaphae.fr/article.php?IdArticle=8598179 False Threat None 2.0000000000000000 Palo Alto Network - Site Constructeur Automatiser les tâches, obtenir des conseils et améliorer la prise de décision pour une réponse à la menace plus rapide et une meilleure posture de sécurité avec les copilotes Palo Alto Networks.

---

>Automate tasks, get guidance and enhance decision-making for faster threat response and improved security posture with Palo Alto Networks copilots. ]]> 2024-10-15T13:00:29+00:00 https://www.paloaltonetworks.com/blog/2024/10/ai-copilot-simplified-security/ www.secnews.physaphae.fr/article.php?IdArticle=8598145 False Threat None 2.0000000000000000 Global Security Mag - Site de news francais Business News

---

Core4ce Acquires Azimuth Corporation to Strengthen Defense and Intelligence Community Operations Together, companies will offer enhanced national security solutions in ISR, AI/ML, threat protection, and warfighter support - Business News]]> 2024-10-15T12:36:33+00:00 https://www.globalsecuritymag.fr/core4ce-acquires-azimuth-corporation.html www.secnews.physaphae.fr/article.php?IdArticle=8598151 False Threat None 2.0000000000000000 ANSSI - Flux Étatique Francais anssiadm mar 15/10/2024 - 12:10 Dans le cadre de ses travaux, le groupe de travail " Gestion de Crise et Entraînement " publie des fiches scénarios d'exercices (rançongiciel, Supply Chain, DDoS, Défacement, Exfiltration, Systèmes industriels) et des fiches pratiques de doctrine. Depuis sa création en septembre 2022, le Groupe de Travail " Gestion de Crise et Entraînement " au Campus Cyber s'est donné pour mission de publier régulièrement des ressources destinées à renforcer la résilience des organisations face aux crises d'origine cyber. Ce groupe mené par l'ANSSI fédère des acteurs de premier plan, tels que le Campus Cyber, ainsi que des associations professionnelles telles que CESIN, Clusif, CDSE, CCA, AMRAE, en plus de diverses entreprises et administrations publiques. Ensemble, ces acteurs s'engagent à améliorer les pratiques et les dispositifs pour la gestion efficace des crises et le maintien de la continuité d'activité face aux cybermenaces. Le Groupe de Travail est structuré autour de trois axes principaux : doctrine, outillage et entraînement. Il œuvre à l'élaboration de documents et d'outils opérationnels destinés à faciliter l'implémentation de mesures adaptées aux enjeux de préparation aux crises cyber. Des livrables à disposition de chacun Des fiches scénarios d'exercices sont désormais accessibles à toutes les organisations. Elles proposent des scénarios complets d'exercice centrés sur différentes typologies d'attaque, avec des conseils sur leur mise en œuvre et les points critiques à évaluer pour les mener dans les meilleures conditions. Ces  fiches traitent des types d'attaques suivants : Rançongiciel Supply Chain DDoS Défacement Exfiltration Systèmes industriels – OT Le groupe de travail met également à disposition des fiches pratiques dédiées à la doctrine. Elles permettent aux organisations de s'appuyer sur des outils méthodologiques pour assurer leur résilience cyber. Fiche pratique – Rôles et fonctions en crise]]> 2024-10-15T12:10:04+00:00 https://cyber.gouv.fr/actualites/le-gt-gestion-de-crise-et-entrainement-met-disposition-de-nouvelles-ressources www.secnews.physaphae.fr/article.php?IdArticle=8598345 False Tool,Threat,Cloud None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC 2024-10-15T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/from-reactive-to-proactive-shifting-your-cybersecurity-strategy www.secnews.physaphae.fr/article.php?IdArticle=8598079 False Ransomware,Spam,Hack,Vulnerability,Threat ChatGPT 2.0000000000000000 Global Security Mag - Site de news francais Mise à jour malware

---

September 2024\'s Most Wanted Malware: Notable AI-Driven Techniques and Persistent RansomHub Threats Check Point\'s latest threat index emphasizes the shift towards AI-driven malware tactics in the current cyber landscape - Malware Update]]> 2024-10-15T09:09:59+00:00 https://www.globalsecuritymag.fr/september-2024-s-most-wanted-malware-notable-ai-driven-techniques-and.html www.secnews.physaphae.fr/article.php?IdArticle=8598050 False Malware,Threat None 2.0000000000000000 Global Security Mag - Site de news francais Malwares]]> 2024-10-15T08:39:41+00:00 https://www.globalsecuritymag.fr/rapport-hp-wolf-security-les-hackers-utilisent-l-ia-pour-creer-des-malwares.html www.secnews.physaphae.fr/article.php?IdArticle=8598054 False Malware,Tool,Threat None 3.0000000000000000 UnderNews - Site de news "pirate" francais Le dernier classement des menaces de Check Point fait apparaître un basculement vers des tactiques de malware assistées par l'IA. Tribune – Check Point® Software Technologies Ltd., l’un des principaux fournisseurs de plateformes de cybersécurité alimentées par l’IA et hébergées dans le cloud a publié son 'Global Threat Index', son classement mondial mensuel des menaces […] The post Classement Top Malware Check Point – Septembre 2024 : un basculement vers des tactiques de malware assistées par l'IA – En France, Formbook réapparaît au top 3 first appeared on UnderNews.]]> 2024-10-15T08:03:36+00:00 https://www.undernews.fr/malwares-virus-antivirus/classement-top-malware-check-point-septembre-2024-un-basculement-vers-des-tactiques-de-malware-assistees-par-lia-en-france-formbook-reapparait-au-top-3.html www.secnews.physaphae.fr/article.php?IdArticle=8598046 False Malware,Threat,Cloud None 3.0000000000000000 Global Security Mag - Site de news francais Malwares]]> 2024-10-15T07:34:35+00:00 https://www.globalsecuritymag.fr/classement-top-malware-check-point-septembre-2024-de-nouvelles-techniques.html www.secnews.physaphae.fr/article.php?IdArticle=8598019 False Malware,Threat None 3.0000000000000000 InformationSecurityBuzzNews - Site de News Securite As Cybersecurity Awareness Month unfolds with the continuing theme from 2023, “Secure Our World,” it’s a timely reminder of the importance of taking daily actions to safeguard your organization’s digital ecosystem. In an increasingly interconnected world, where devices, data, and security systems are constantly under threat, improving your organization\'s cyber resilience is no longer optional-it\'s [...]]]> 2024-10-15T05:06:05+00:00 https://informationsecuritybuzz.com/enhance-cyber-resilience-to-secure-org/ www.secnews.physaphae.fr/article.php?IdArticle=8597978 False Threat None 2.0000000000000000 The State of Security - Magazine Américain New legislation is on the horizon in Australia that is set to change the way businesses deal with ransomware attacks. This law, not unlike the Cyber Incident Reporting for Critical Infrastructure Act ( CIRCIA) in the US, aims to improve transparency when it comes to paying ransoms. There\'s no question that cybercrime is on the rise in the country. In its 2022/23 Annual Cyber Threat Report, the Australian Cyber Security Centre (ACSC) said it was notified of a cyber incident an average of a staggering once every six minutes. Ransomware, in particular, remains a significant threat to Australian...]]> 2024-10-15T03:03:19+00:00 https://www.tripwire.com/state-of-security/australia-considers-mandatory-reporting-ransom-payments www.secnews.physaphae.fr/article.php?IdArticle=8598021 False Ransomware,Threat,Legislation None 3.0000000000000000 The Register - Site journalistique Anglais 2024-10-15T01:15:08+00:00 https://go.theregister.com/feed/www.theregister.com/2024/10/15/china_volt_typhoon_false_flag/ www.secnews.physaphae.fr/article.php?IdArticle=8597883 False Hack,Threat Guam 3.0000000000000000 WatchGuard - Fabricant Matériel et Logiciels 2024-10-15T00:00:00+00:00 https://www.watchguard.com/fr/wgrd-news/press-releases/rapport-cybersecurite-watchguard-les-cybercriminels-tentent-de-transformer www.secnews.physaphae.fr/article.php?IdArticle=8599648 False Tool,Threat,Mobile None 4.0000000000000000 TrendLabs Security - Editeur Antivirus Trend Micro\'s Threat Hunting Team discovered EDRSilencer, a red team tool that threat actors are attempting to abuse for its ability to block EDR traffic and conceal malicious activity.]]> 2024-10-15T00:00:00+00:00 https://www.trendmicro.com/en_us/research/24/j/edrsilencer-disrupting-endpoint-security-solutions.html www.secnews.physaphae.fr/article.php?IdArticle=8598017 False Tool,Threat,Prediction None 2.0000000000000000 Bleeping Computer - Magazine Américain Cisco has confirmed to BleepingComputer that it is investigating recent claims that it suffered a breach after a threat actor began selling allegedly stolen data on a hacking forum. [...]]]> 2024-10-14T22:25:02+00:00 https://www.bleepingcomputer.com/news/security/cisco-investigates-breach-after-stolen-data-for-sale-on-hacking-forum/ www.secnews.physaphae.fr/article.php?IdArticle=8597922 False Threat None 2.0000000000000000 Dark Reading - Informationweek Branch Suspected nation-state actors are spotted stringing together three different zero-days in the Ivanti Cloud Services Application to gain persistent access to a targeted system.]]> 2024-10-14T22:16:17+00:00 https://www.darkreading.com/cyberattacks-data-breaches/serious-adversaries-circle-ivanti-csa-flaws www.secnews.physaphae.fr/article.php?IdArticle=8597822 False Vulnerability,Threat,Cloud None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-14T21:26:20+00:00 https://community.riskiq.com/article/cd213500 www.secnews.physaphae.fr/article.php?IdArticle=8597846 False Ransomware,Malware,Tool,Vulnerability,Threat,Patching,Industrial,Medical,Cloud APT 29,APT 10,GoldenJackal 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A suspected nation-state adversary has been observed weaponizing three security flaws in Ivanti Cloud Service Appliance (CSA) a zero-day to perform a series of malicious actions. That\'s according to findings from Fortinet FortiGuard Labs, which said the vulnerabilities were abused to gain unauthenticated access to the CSA, enumerate users configured in the appliance, and attempt to access the]]> 2024-10-14T17:05:00+00:00 https://thehackernews.com/2024/10/nation-state-attackers-exploiting.html www.secnews.physaphae.fr/article.php?IdArticle=8597590 False Vulnerability,Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have found that entry points could be abused across multiple programming ecosystems like PyPI, npm, Ruby Gems, NuGet, Dart Pub, and Rust Crates to stage software supply chain attacks. "Attackers can leverage these entry points to execute malicious code when specific commands are run, posing a widespread risk in the open-source landscape," Checkmarx researchers Yehuda]]> 2024-10-14T16:38:00+00:00 https://thehackernews.com/2024/10/supply-chain-attacks-exploit-entry.html www.secnews.physaphae.fr/article.php?IdArticle=8597592 False Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-14T15:50:22+00:00 https://community.riskiq.com/article/9054ee05 www.secnews.physaphae.fr/article.php?IdArticle=8597716 True Ransomware,Tool,Threat,Legislation None 3.0000000000000000 Korben - Bloger francais REMspace a réalisé un exploit qui pourrait inspirer les scénaristes d’Inception : 2 personnes ont réussi à communiquer entre elles dans leurs rêves. Cette expérience un peu zarbi, je l’avoue, repose donc sur une induction de rêves lucides, un état où le dormeur est conscient de rêver tout en restant immergé dans son rêve. Pour réussir cet exploit, la société a développé un appareil capable de détecter et d’interpréter les signaux cérébraux émis durant ces rêves lucides.]]> 2024-10-14T15:01:05+00:00 https://korben.info/remspace-communication-reves-lucides-neurotechnologie.html www.secnews.physaphae.fr/article.php?IdArticle=8597644 False Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-14T14:58:48+00:00 https://community.riskiq.com/article/f3797403 www.secnews.physaphae.fr/article.php?IdArticle=8597687 False Ransomware,Malware,Tool,Threat,Mobile None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-14T14:53:34+00:00 https://community.riskiq.com/article/bae7ad78 www.secnews.physaphae.fr/article.php?IdArticle=8597688 False Ransomware,Malware,Tool,Threat,Prediction None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are actively attempting to exploit a now-patched security flaw in Veeam Backup & Replication to deploy Akira and Fog ransomware. Cybersecurity vendor Sophos said it has been tracking a series of attacks in the past month leveraging compromised VPN credentials and CVE-2024-40711 to create a local account and deploy the ransomware. CVE-2024-40711, rated 9.8 out of 10.0 on the]]> 2024-10-14T14:25:00+00:00 https://thehackernews.com/2024/10/critical-veeam-vulnerability-exploited.html www.secnews.physaphae.fr/article.php?IdArticle=8597525 False Ransomware,Vulnerability,Threat None 2.0000000000000000 HackRead - Chercher Cyber NCC Group experts share details of how they exploited critical zero-day vulnerabilities in Phoenix Contact EV chargers (electric…]]> 2024-10-14T13:25:10+00:00 https://hackread.com/zero-day-flaws-ev-chargers-to-shutdowns-data-theft/ www.secnews.physaphae.fr/article.php?IdArticle=8597642 False Vulnerability,Threat None 2.0000000000000000 Checkpoint - Fabricant Materiel Securite Alors que nous entrons dans le mois de la conscience du cyber en octobre, les organisations doivent examiner de plus près comment les nouvelles technologies comme l'IoT, l'IA et les normes sans fil avancées transforment le paysage des menaces.De nombreuses solutions émergentes restent sous le radar.L'intégration de ces innovations dans les infrastructures de réseau (sur site et cloud) apporte à la fois des opportunités et des défis, en particulier en ce qui concerne la sécurité et la continuité des activités.La convergence de l'IA et de l'IoT (AIOT) & # 124;L'IA du paradoxe tranchant commence à fusionner avec les appareils IoT, créant ce qui est connu sous le nom d'AIOT.L'intégration de l'IA dans les actifs IoT leur permet de collecter, analyser [& # 8230;]

---

>As we step into Cyber Awareness Month this October, organizations must take a closer look at how new technologies like IoT, AI and advanced wireless standards are transforming the threat landscape. Many emerging solutions remain under the radar. The integration of these innovations into network (on-premises and cloud) infrastructures brings both opportunities and challenges, especially when it comes to security and business continuity. The convergence of AI and IoT (AIoT) | The sharp paradox AI is beginning to merge with IoT devices, creating what is known as AIoT. The integration of AI into IoT assets, enables them to collect, analyze […] ]]> 2024-10-14T13:00:03+00:00 https://blog.checkpoint.com/security/october-cyber-awareness-iot-security-beyond-connectivity-into-risk/ www.secnews.physaphae.fr/article.php?IdArticle=8597617 False Threat None 2.0000000000000000 Checkpoint Research - Fabricant Materiel Securite Pour les dernières découvertes en cyberLes principales attaques et violations de l'organisation de soins de santé à but non lucratif Axis Health System ont été frappées par une attaque de ransomware par le gang de Rhysida, conduisant au vol de données sensibles, notamment les dossiers de santé mentale et de toxicomanie.Rhysida [& # 8230;]

---

>For the latest discoveries in cyber research for the week of 14th October, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Nonprofit healthcare organization Axis Health System has been hit by a ransomware attack by the Rhysida gang, leading to the theft of sensitive data, including mental health and substance abuse records. Rhysida […] ]]> 2024-10-14T12:41:07+00:00 https://research.checkpoint.com/2024/14th-october-threat-intelligence-report/ www.secnews.physaphae.fr/article.php?IdArticle=8597616 False Ransomware,Threat,Medical None 2.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain pièce impressionnante de logiciels malveillants: Le malware circule depuis au moins 2021. Il est installé en exploitant plus de 20 000 erreurs de configurations courantes, une capacité qui pourrait faire des millions de machines connectées aux cibles potentielles sur Internet, ont déclaré des chercheurs d'Aqua Security.Il peut également exploiter CVE-2023-33246, une vulnérabilité avec une cote de gravité de 10 sur 10 qui a été corrigée l'année dernière dans Apache Rocketmq, une plate-forme de messagerie et de streaming que l'on trouve sur de nombreuses machines Linux. Les chercheurs appellent le malware perfctl, le nom d'un composant malveillant qui exploite subrepticement la crypto-monnaie.Les développeurs inconnus du malware ont donné au processus un nom qui combine l'outil de surveillance Perf Linux et CTL, une abréviation couramment utilisée avec des outils de ligne de commande.Une caractéristique de signature de perfctl est son utilisation de noms de processus et de fichiers identiques ou similaires à ceux que l'on trouve couramment dans les environnements Linux.La convention de dénomination est l'une des nombreuses façons dont le malware tente d'échapper à l'avis des utilisateurs infectés ...

---

Perfectl in an impressive piece of malware: The malware has been circulating since at least 2021. It gets installed by exploiting more than 20,000 common misconfigurations, a capability that may make millions of machines connected to the Internet potential targets, researchers from Aqua Security said. It can also exploit CVE-2023-33246, a vulnerability with a severity rating of 10 out of 10 that was patched last year in Apache RocketMQ, a messaging and streaming platform that’s found on many Linux machines. The researchers are calling the malware Perfctl, the name of a malicious component that surreptitiously mines cryptocurrency. The unknown developers of the malware gave the process a name that combines the perf Linux monitoring tool and ctl, an abbreviation commonly used with command line tools. A signature characteristic of Perfctl is its use of process and file names that are identical or similar to those commonly found in Linux environments. The naming convention is one of the many ways the malware attempts to escape notice of infected users...]]> 2024-10-14T11:06:27+00:00 https://www.schneier.com/blog/archives/2024/10/perfectl-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8597568 False Malware,Tool,Vulnerability,Threat None 3.0000000000000000 ZoneAlarm - Security Firm Blog Les escroqueries de phishing ont considérablement évolué au fil des ans, en utilisant des tactiques de plus en plus sophistiquées pour exploiter les individus et les entreprises.L'un des exemples les plus récents est l'arnaque de phishing FedEx, où les cybercriminels se font passer pour la société de messagerie mondiale pour tromper les utilisateurs dans des informations sensibles révélatrices.Cet article explore le fonctionnement de l'arnaque, ses implications et ses étapes cruciales pour & # 8230;

---

>Phishing scams have evolved dramatically over the years, using increasingly sophisticated tactics to exploit individuals and businesses. One of the more recent examples is the FedEx phishing scam, where cybercriminals impersonate the global courier company to deceive users into revealing sensitive information. This article explores how the scam operates, its implications, and crucial steps to … ]]> 2024-10-14T09:59:00+00:00 https://blog.zonealarm.com/2024/10/how-to-protect-yourself-from-fedex-phishing-scam/ www.secnews.physaphae.fr/article.php?IdArticle=8597546 False Threat FedEx 2.0000000000000000 BlackBerry - Fabricant Matériel et Logiciels During BlackBerry\'s routine monitoring of Lynx, one of the newer threat groups, we noted that its ransomware had strong correlations with the file-encryptor used by the INC Ransom gang. In this blog, we\'ll examine the relationship between the two threat groups.]]> 2024-10-14T08:01:00+00:00 https://blogs.blackberry.com/en/2024/10/lynx-ransomware www.secnews.physaphae.fr/article.php?IdArticle=8601328 False Ransomware,Threat None 3.0000000000000000 InformationSecurityBuzzNews - Site de News Securite Several interesting trends are emerging in the cybersecurity landscape, particularly the emergence of artificial intelligence (AI)-driven malware, as well as the ongoing dominance of ransomware threats. Threat actors have started using GenAI as part of their attack infrastructure, which illustrates the ongoing evolution of cyber-attack tactics.  AI-driven malware aside, ransomware continues to dominate, with RansomHub [...]]]> 2024-10-14T07:59:24+00:00 https://informationsecuritybuzz.com/check-points-threat-ai-driven-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8597503 False Ransomware,Malware,Threat None 3.0000000000000000 TrendMicro - Security Firm Blog Trend Micro researchers have uncovered a surge of malicious activities involving a threat actor group that we track as Water Makara. This group is targeting enterprises in Brazil, deploying banking malware using obfuscated JavaScript to slip past security defenses.]]> 2024-10-14T00:00:00+00:00 https://www.trendmicro.com/en_us/research/24/j/water-makara-uses-obfuscated-javascript-in-spear-phishing-campai.html www.secnews.physaphae.fr/article.php?IdArticle=8597522 False Malware,Threat,Prediction None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Iranian threat actor known as OilRig has been observed exploiting a now-patched privilege escalation flaw impacting the Windows Kernel as part of a cyber espionage campaign targeting the U.A.E. and the broader Gulf region. "The group utilizes sophisticated tactics that include deploying a backdoor that leverages Microsoft Exchange servers for credentials theft, and exploiting vulnerabilities]]> 2024-10-13T15:10:00+00:00 https://thehackernews.com/2024/10/oilrig-exploits-windows-kernel-flaw-in.html www.secnews.physaphae.fr/article.php?IdArticle=8597073 False Vulnerability,Threat APT 34 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial Comme les environnements OT (technologie opérationnelle) sont de plus en plus bombardés de cyber-menaces et d'attaques sophistiquées, elle émerge de manière critique ...

---

>As OT (operational technology) environments are increasingly bombarded with sophisticated cyber threats and attacks, it emerges critically promising... ]]> 2024-10-13T06:52:21+00:00 https://industrialcyber.co/ai/growing-need-to-balance-benefits-risks-of-integrating-ai-in-ot-cybersecurity-in-evolving-threat-landscape/ www.secnews.physaphae.fr/article.php?IdArticle=8596991 False Threat,Industrial None 2.0000000000000000 Bleeping Computer - Magazine Américain OpenAI has disrupted over 20 malicious cyber operations abusing its AI-powered chatbot, ChatGPT, for debugging and developing malware, spreading misinformation, evading detection, and conducting spear-phishing attacks. [...]]]> 2024-10-12T10:09:19+00:00 https://www.bleepingcomputer.com/news/security/openai-confirms-threat-actors-use-chatgpt-to-write-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8596702 False Malware,Threat ChatGPT 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot FortiGuard Labs researchers identified a sophisticated cyberattack impactring Ivanti Cloud Services Appliance (CSA) version 4.6 and prior, exploiting three vulnerabilities, including the zero-day [CVE-2024-8190](https://security.microsoft.com/intel-explorer/cves/CVE-2024-8190/). ## Description The attack began with the exploitation of CVE-2024-8190, a command injection vulnerability, alongside two additional vulnerabilities that were unknown to the public at the time of exploitation. These vulnerabilities enabled the attacker to gain unauthorized access to sensitive resources and exploit the system further. The attack was first detected when the victim\'s network started communicating with a malicious IP address. The attacker used a path traversal flaw, [CVE-2024-8963](https://security.microsoft.com/intel-explorer/cves/CVE-2024-8963/), to access unauthorized files, including a list of users on the system, which helped them escalate privileges. With this foothold, they exploited an additional vulnerability, gaining control over the system and executing malicious commands. The attacker also created rogue user accounts to maintain persistent access, executed a brute force attack on the internal network, and used the compromised CSA appliance as a proxy for further attacks. Notably, they even patched the exploited vulnerabilities themselves, preventing other attackers from using the same flaws. ## Recommendations Ivanti has released a [security patch](https://forums.ivanti.com/s/article/CSA-4-6-Patch-519) for Ivanti CSA 4.6 which addresses CVE-2024]]> 2024-10-11T23:13:08+00:00 https://community.riskiq.com/article/0c0e8013 www.secnews.physaphae.fr/article.php?IdArticle=8596296 False Vulnerability,Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new tax-themed malware campaign targeting insurance and finance sectors has been observed leveraging GitHub links in phishing email messages as a way to bypass security measures and deliver Remcos RAT, indicating that the method is gaining traction among threat actors. "In this campaign, legitimate repositories such as the open-source tax filing software, UsTaxes, HMRC, and InlandRevenue were]]> 2024-10-11T22:43:00+00:00 https://thehackernews.com/2024/10/github-telegram-bots-and-qr-codes.html www.secnews.physaphae.fr/article.php?IdArticle=8596140 False Malware,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Targeted Geolocations - United Arab Emirates ## Snapshot Researchers at Trend Micro have identif]]> 2024-10-11T21:41:42+00:00 https://community.riskiq.com/article/bc0f3dd1 www.secnews.physaphae.fr/article.php?IdArticle=8596273 False Malware,Tool,Vulnerability,Threat,Prediction APT 34 3.0000000000000000 Dark Reading - Informationweek Branch Threat detection tools yield too many false positives, security pros say, leading to burnout and resentment.]]> 2024-10-11T21:12:50+00:00 https://www.darkreading.com/vulnerabilities-threats/soc-teams-threat-detection-tools-stifling www.secnews.physaphae.fr/article.php?IdArticle=8596218 False Tool,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-11T20:19:12+00:00 https://community.riskiq.com/article/13657cb8 www.secnews.physaphae.fr/article.php?IdArticle=8596246 False Ransomware,Malware,Tool,Threat,Technical None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-11T18:08:04+00:00 https://community.riskiq.com/article/8e774461 www.secnews.physaphae.fr/article.php?IdArticle=8596167 False Malware,Vulnerability,Threat,Mobile,Cloud None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Targeted Geolocations - Moldova ## Snapshot Check Point Research released a report detailing Operation MiddleFloor, an influence operation (IO) orchestrated by a Russian-speaking group known as Lying Pigeon, targeting Moldova\'s government and education sectors. ## Description The campaign, which coincides with Moldova\'s presidential elections and EU membership referendum, employs spoofed email accounts to distribute misleading content, exploi]]> 2024-10-11T17:21:46+00:00 https://community.riskiq.com/article/05cff118 www.secnews.physaphae.fr/article.php?IdArticle=8596168 False Malware,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot ESET researcher Damien Schaeffer discovered a critical use-after-free vulnerability in Mozilla\'s Firefox browser, tracked as CVE-2024-9680, which is actively being exploited in the wild. ## Description [CVE-2024-9680](https://security.microsoft.com/intel-explorer/cves/CVE-2024-9680/) exists in the Animation timelines, which are part of Firefox\'s Web Animations API that controls and synchronizes animations on web pages. Attackers have been able to achieve code execution in the content process by exploiting this vulnerability in the latest Firefox standard release as well as the extended support releases (ESR). Mozilla has released emergency updates to address this vulnerability. The exact details of how the vulnerability is being exploited and who is being targeted have not been disclosed. Earlier in the year, Mozilla addressed other critical-severity issues, [CVE-2024-29943](https://security.microsoft.com/intel-explorer/cves/CVE-2024-29943/) and [CVE-2024-29944](https://security.microsoft.com/intel-explorer/cves/CVE-2024-29944/), which were discovered during the Pwn2Own Vancouver 2024 hacking competition. ## Recommendations Mozilla urges users to update their browsers immediately to the versions listed below to protect against the exploit. - Firefox 131.0.2 - Firefox ESR 115.16.1 - Firefox ESR 128.3.1 ## References [Mozilla fixes Firefox zero-day actively exploited in attacks](https://www.bleepingcomputer.com/news/security/mozilla-fixes-firefox-zero-day-actively-exploited-in-attacks/). Bleeping Computer (accessed 2024-10-11) [Security Vulnerability fixed in Firefox 131.0.2, Firefox ESR 128.3.1, Firefox ESR 115.16.1.](https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/) Mozilla (accessed 2024-10-11) ## Copyright **© Microsoft 2024**. All rights reserved. Reproduction or distribution of the content of this site, or any part thereo]]> 2024-10-11T16:49:43+00:00 https://community.riskiq.com/article/25258be4 www.secnews.physaphae.fr/article.php?IdArticle=8596139 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors constantly change tactics to bypass cybersecurity measures, developing innovative methods to steal user credentials. Hybrid password attacks merge multiple cracking techniques to amplify their effectiveness. These combined approaches exploit the strengths of various methods, accelerating the password-cracking process.  In this post, we\'ll explore hybrid attacks - what they are]]> 2024-10-11T16:30:00+00:00 https://thehackernews.com/2024/10/how-hybrid-password-attacks-work-and.html www.secnews.physaphae.fr/article.php?IdArticle=8595980 False Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-11T15:58:40+00:00 https://community.riskiq.com/article/3a434b70 www.secnews.physaphae.fr/article.php?IdArticle=8596112 True Ransomware,Malware,Tool,Threat None 2.0000000000000000 Fortinet - Fabricant Materiel Securite A case where an advanced adversary was observed exploiting three vulnerabilities affecting the Ivanti Cloud Services Appliance (CSA). This incident is a prime example of how threat actors chain zero-day vulnerabilities to gain initial access to a victim\'s network. Learn more.]]> 2024-10-11T15:00:00+00:00 https://www.fortinet.com/blog/threat-research/burning-zero-days-suspected-nation-state-adversary-targets-ivanti-csa www.secnews.physaphae.fr/article.php?IdArticle=8596141 False Vulnerability,Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that it has observed threat actors leveraging unencrypted persistent cookies managed by the F5 BIG-IP Local Traffic Manager (LTM) module to conduct reconnaissance of target networks. It said the module is being used to enumerate other non-internet-facing devices on the network. The agency, however, did not disclose who]]> 2024-10-11T14:04:00+00:00 https://thehackernews.com/2024/10/cisa-warns-of-threat-actors-exploiting.html www.secnews.physaphae.fr/article.php?IdArticle=8595928 False Threat None 2.0000000000000000 taosecurity - Blog Sécurité Chinois r / ubiquiti subdreddit.Ubiquiti fabrique un équipement réseau qui comprend une fonctionnalité "IDS / IPS".Je possède du matériel Ubiquiti plus ancien, donc je connais le produit. Lorsque vous activez cette fonctionnalité, vous obtenez des alertes comme celle-ci, publiées par un redditor: Réponse pour gérer ces alertes. & nbsp; == Ceci est un autre exemple de ce type d'alerte étant presque sans valeur pour la plupart des utilisateurs. La clé essaie de comprendre ce qui aurait pu provoquer le déclenchement de l'alerte.Les cves, peu importe, ne sont pas pertinents à ce stade. Voici une façon d'avoir une idée de ce qui se passe. aller à https://rules.emergingtheats.net/open/suricata-7.0.3/rules/ Téléchargez le fichier nommé comme la première partie de l'alerte.Ici, c'est l'exploit. https: // règles.EmergingThériques.net / Open / SURICATA-7.0.3 / Règles / Emerging-Exploit.rules Trouvez la règle tirée.Cela peut prendre un peu de fouille.Voici ce que j'ai fini par faire. grep -i possible émergent-exploit.rules |grep -i log4j |Grep -i Obfuscation |grep -i udp |grep -i sortbound voilà. alert udp $ home_net tout-> n'importe quel (msg: "ET exploiter possible Apache log4j rce tentative - 2021/12/12 Obfusccation observée M2 (UDP) (sortant) (CVE-2021-44228)"; Contenu: "| 24 7B |"; Contenu:"| 24 7b 3a 3a |";Dans: 100;fast_pattern;Référence: CVE, 2021-44228;CLASSTYPE: Tentative d'admin;Sid: 2034805;Rev: 3;Metadata: attaque_target Server, créé_at 2021_12_18, CVE CVE_2021_44228, périmètre de déploiement, déploiement interne, signature_seveRity Major, Tag Exploit, Updated_AT 2023_06_05, MIRE_TACTIC_ID TA0001, MIRE_TACTIC_NAME INITIAL_ACCESS, MITRE_TECHNIQUE_ID T1190, MIRE_TECHNIQUE_NAME EXPLOIT_PUBLICE_FACE_APLICATION;) ]]> 2024-10-11T13:38:12+00:00 https://taosecurity.blogspot.com/2024/10/what-are-normal-users-supposed-to-do.html www.secnews.physaphae.fr/article.php?IdArticle=8596163 False Threat None 2.0000000000000000 Checkpoint - Fabricant Materiel Securite Vérifier le dernier indice de menace de Point \\ souligne le passage aux tactiques de logiciels malveillants dirigés par l'IA dans l'indice actuel de vérification du cyber Landscape \\ pour septembre 2024 a révélé son indice de menace mondial pour septembre 2024. Le rapportmet en évidence une tendance intéressante dans le paysage de la cybersécurité, en particulier l'émergence des logiciels malveillants basés sur l'intelligence artificielle (IA), parallèlement à la domination continue des menaces de ransomware.Ce mois-ci, les chercheurs ont découvert que les acteurs de la menace ont probablement utilisé l'IA pour développer un script qui fournit des logiciels malveillants asyncrat, qui se classent désormais 10e sur la liste de logiciels malveillants la plus répandue.La méthode impliquait de la contrebande HTML, où un fichier zip protégé par mot de passe contenant un VBScript malveillant [& # 8230;]

---

>Check Point\'s latest threat index emphasizes the shift towards AI-driven malware tactics in the current cyber landscape Check Point\'s Global Threat Index for September 2024 revealed its Global Threat Index for September 2024. The report highlights an interesting trend in the cybersecurity landscape, particularly the emergence of artificial intelligence (AI)-driven malware, alongside the ongoing dominance of ransomware threats. This month, researchers discovered that threat actors likely used AI to develop a script that delivers AsyncRAT malware, which has now ranked 10th on the most prevalent malware list. The method involved HTML smuggling, where a password-protected ZIP file containing malicious VBScript […] ]]> 2024-10-11T13:00:52+00:00 https://blog.checkpoint.com/research/september-2024s-most-wanted-malware-notable-ai-driven-techniques-and-persistent-ransomhub-threats/ www.secnews.physaphae.fr/article.php?IdArticle=8596004 False Ransomware,Malware,Threat,Prediction None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-11T00:28:23+00:00 https://community.riskiq.com/article/2c8cb717 www.secnews.physaphae.fr/article.php?IdArticle=8595736 False Malware,Tool,Vulnerability,Threat,Cloud,Technical APT 29 3.0000000000000000 TrendLabs Security - Editeur Antivirus Trend Micro\'s investigation into the recent activity of Earth Simnavaz provides new insights into the APT group\'s evolving tactics and the immediate threat it poses to critical sectors in the UAE.]]> 2024-10-11T00:00:00+00:00 https://www.trendmicro.com/en_us/research/24/j/earth-simnavaz-cyberattacks-uae-gulf-regions.html www.secnews.physaphae.fr/article.php?IdArticle=8595877 False Threat,Prediction None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-10T21:39:16+00:00 https://community.riskiq.com/article/e05c3847 www.secnews.physaphae.fr/article.php?IdArticle=8595673 True Ransomware,Spam,Malware,Tool,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-10T21:13:00+00:00 https://community.riskiq.com/article/998e3172 www.secnews.physaphae.fr/article.php?IdArticle=8595647 False Ransomware,Malware,Tool,Threat,Technical APT 41 2.0000000000000000 Dark Reading - Informationweek Branch The bug is already being exploited in the wild, but Firefox has provided patches for those who may be vulnerable.]]> 2024-10-10T21:10:13+00:00 https://www.darkreading.com/cyberattacks-data-breaches/critical-mozilla-firefox-zero-day-code-execution www.secnews.physaphae.fr/article.php?IdArticle=8595626 False Vulnerability,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-10T19:46:52+00:00 https://community.riskiq.com/article/7f7cd483 www.secnews.physaphae.fr/article.php?IdArticle=8595623 True Ransomware,Malware,Tool,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-10T19:41:24+00:00 https://community.riskiq.com/article/75886ae6 www.secnews.physaphae.fr/article.php?IdArticle=8595624 False Malware,Tool,Vulnerability,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch In the latest Windows preview, Microsoft adds a feature - Administrator Protection - designed to prevent threat actors from easily escalating privileges and restrict lateral movement.]]> 2024-10-10T19:13:17+00:00 https://www.darkreading.com/endpoint-security/windows-preview-limit-administrator-privileges www.secnews.physaphae.fr/article.php?IdArticle=8595601 False Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-10T18:05:48+00:00 https://community.riskiq.com/article/d91af2de www.secnews.physaphae.fr/article.php?IdArticle=8595573 False Ransomware,Malware,Tool,Threat,Technical None 3.0000000000000000 UnderNews - Site de news "pirate" francais En réponse aux défis croissants et à l’escalade des menaces auxquelles sont confrontées les technologies opérationnelles (OT) et les systèmes de contrôle industriels (ICS), Kaspersky a enrichi sa solution Kaspersky Industrial CyberSecurity (KICS), d'une plateforme XDR native pour les industriels, et a simplifié son service Managed Detection and Response (MDR). Ces offres permettent aux organisations […] The post Kaspersky présente ses solutions avancées pour garantir la sécurité du système d'information des infrastructures industrielles first appeared on UnderNews.]]> 2024-10-10T12:58:47+00:00 https://www.undernews.fr/malwares-virus-antivirus/kaspersky-presente-ses-solutions-avancees-pour-garantir-la-securite-du-systeme-dinformation-des-infrastructures-industrielles.html www.secnews.physaphae.fr/article.php?IdArticle=8595413 False Threat,Industrial None 3.0000000000000000 GoogleSec - Firm Security Blog security severity guidelines say “yes, sometimes.” For example, an attacker could very likely convince a user to click an autofill prompt, but it will be much harder to convince the user to step through a whole flow of different dialogs. Even if these bugs aren\'t the most easily exploitable, it takes a great deal of time for our security shepherds to make these determinations. User interface bugs are often flakey (that is, not reliably reproducible). Also, even if these bugs aren\'t necessarily deemed to be exploitable, they may still be annoying crashes which bother the user. It would be great if we could find these bugs automatically. If only the whole tree of Chrome UI controls were exposed, somehow, such that we could enumerate and interact with each UI control automatically. Aha! Chrome exposes all the UI controls to assistive technology. Chrome goes to great lengths to ensure its entire UI is exposed to screen readers, braille devices and other such assistive tech. This tree of controls includes all the toolbars, menus, and the structure of the page itself. This structural definition of the browser user interface is already sometimes used in other contexts, for example by some password managers, demonstrating that investing in accessibility has benefits for all users. We\'re now taking that investment and leveraging it to find security bugs, too. Specifically, we\'re now “fuzzing” that accessibility tree - that is, interacting with the different UI controls semi-randomly to see if we can make things crash. This technique has a long pedigree. Screen reader technology is a bit different on each platform, but on Linux the tree can be explored using Accerciser. Screenshot of Accerciser showing the tree of UI controls in Chrome All we have to do is explore the same tree of controls with a fuzzer. How hard can it be? “We do this not because it is easy, but because we thought it would be easy” - Anon. Actually we never thought this would be easy, and a few different bits of tech have had to fall into place to make this possible. Specifically, There are lots of combinations of ways to interact with Chrome. Truly randomly clicking on UI controls probably won\'t find bugs - we would like to leverage coverage-guided fuzzing to help the fuzzer select combinations of controls that seem to reach into ]]> 2024-10-10T12:00:46+00:00 http://security.googleblog.com/2024/10/using-chromes-accessibility-apis-to.html www.secnews.physaphae.fr/article.php?IdArticle=8595497 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Mozilla has revealed that a critical security flaw impacting Firefox and Firefox Extended Support Release (ESR) has come under active exploitation in the wild. The vulnerability, tracked as CVE-2024-9680, has been described as a use-after-free bug in the Animation timeline component. "An attacker was able to achieve code execution in the content process by exploiting a use-after-free in]]> 2024-10-10T09:54:00+00:00 https://thehackernews.com/2024/10/mozilla-warns-of-active-exploitation-in.html www.secnews.physaphae.fr/article.php?IdArticle=8595215 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google on Wednesday announced a new partnership with the Global Anti-Scam Alliance (GASA) and DNS Research Federation (DNS RF) to combat online scams. The initiative, which has been codenamed the Global Signal Exchange (GSE), is designed to create real-time insights into scams, fraud, and other forms of cybercrime pooling together threat signals from different data sources in order to create]]> 2024-10-09T22:30:00+00:00 https://thehackernews.com/2024/10/google-joins-forces-with-gasa-and-dns.html www.secnews.physaphae.fr/article.php?IdArticle=8594959 False Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot Researchers at Palo Alto Networks have identified four previously unrepored DNS tunneling campaigns dubbed FinHealthXDS, RussianSite, 8NS, and NSfinder. ## Description The first campaign, FinHealthXDS, targets the finance and healthcare industries with 12 domains using a customized DNS beaconing format for Cobalt Strike C2 communications, indicated by a three-letter prefix. The second campaign, RussianSite, involves over 100 domains with a shared nameserver IP from Russia, impacting higher education, government, and health entities. The third campaign, 8NS, features six domains with eight NS records each. This campaign uses malware, including some from the Hiloti family, to leverage DNS queries for C2 communication. Finally, the NSfinder campaign consists of over 50 domains and lures victims to adult websites to steal credit card information. This campiagn is  linked to Trojans like IcedID and RedLine stealer and ha]]> 2024-10-09T22:06:48+00:00 https://community.riskiq.com/article/80e5ebbc www.secnews.physaphae.fr/article.php?IdArticle=8595080 False Malware,Threat,Medical,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors with ties to North Korea have been observed targeting job seekers in the tech industry to deliver updated versions of known malware families tracked as BeaverTail and InvisibleFerret. The activity cluster, tracked as CL-STA-0240, is part of a campaign dubbed Contagious Interview that Palo Alto Networks Unit 42 first disclosed in November 2023. "The threat actor behind CL-STA-0240]]> 2024-10-09T19:03:00+00:00 https://thehackernews.com/2024/10/n-korean-hackers-use-fake-interviews-to.html www.secnews.physaphae.fr/article.php?IdArticle=8594874 False Malware,Threat None 3.0000000000000000 Bleeping Computer - Magazine Américain Internet Archive\'s "The Wayback Machine" has suffered a data breach after a threat actor compromised the website and stole a user authentication database containing 31 million unique records. [...]]]> 2024-10-09T18:22:20+00:00 https://www.bleepingcomputer.com/news/security/internet-archive-hacked-data-breach-impacts-31-million-users/ www.secnews.physaphae.fr/article.php?IdArticle=8595083 False Data Breach,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-09T18:13:00+00:00 https://community.riskiq.com/article/cf0e0176 www.secnews.physaphae.fr/article.php?IdArticle=8594980 True Ransomware,Spam,Malware,Tool,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-09T17:00:18+00:00 https://community.riskiq.com/article/90d6648c www.secnews.physaphae.fr/article.php?IdArticle=8594953 False Ransomware,Spam,Malware,Tool,Threat None 3.0000000000000000 Fortinet - Fabricant Materiel Securite Threat actors are using AI to increase the volume and velocity of their attacks. Here\'s what organizations should do about it.]]> 2024-10-09T16:30:00+00:00 https://www.fortinet.com/blog/industry-trends/as-attackers-embrace-ai-organizations-should-do-these-things www.secnews.physaphae.fr/article.php?IdArticle=8594957 False Threat None 3.0000000000000000