This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-12T11:25:16+00:00 www.secnews.physaphae.fr InfoSecurity Mag - InfoSecurity Magazine Barracuda researchers have identified a new wave of QR code phishing attacks that evade traditional security measures and pose a significant threat to email security]]> 2024-10-09T15:00:00+00:00 https://www.infosecurity-magazine.com/news/new-gen-malicious-qr-codes/ www.secnews.physaphae.fr/article.php?IdArticle=8594872 False Threat None 2.0000000000000000 Checkpoint - Fabricant Materiel Securite 2024-10-09T13:00:06+00:00 https://blog.checkpoint.com/research/operation-middlefloor-unmasking-the-disinformation-campaign-targeting-moldovas-national-elections/ www.secnews.physaphae.fr/article.php?IdArticle=8594813 False Malware,Threat None 2.0000000000000000 Security Intelligence - Site de news Américain En ce qui concerne la cybersécurité, la question est de savoir quand, pas si, une organisation subira un cyber-incident.Même les outils de sécurité les plus sophistiqués ne peuvent pas résister à la plus grande menace: le comportement humain.Octobre est le mois de sensibilisation à la cybersécurité, la période de l'année où nous célébrons tout ce qui est effrayant.Il semblait donc approprié de demander aux professionnels de la cybersécurité [& # 8230;]

---

>When it comes to cybersecurity, the question is when, not if, an organization will suffer a cyber incident. Even the most sophisticated security tools can’t withstand the biggest threat: human behavior. October is Cybersecurity Awareness Month, the time of year when we celebrate all things scary. So it seemed appropriate to ask cybersecurity professionals to […] ]]> 2024-10-09T13:00:00+00:00 https://securityintelligence.com/articles/cybersecurity-awareness-month-horror-stories/ www.secnews.physaphae.fr/article.php?IdArticle=8594868 False Tool,Threat None 2.0000000000000000 Global Security Mag - Site de news francais Revues de produits

---

Netwrix Threat Manager Now Empowers Customers to Detect and Respond to Cyber Threats both On Premises and in the Cloud with a Single Solution Netwrix Threat Manager 3.0 extended its capabilities to Microsoft Entra ID in addition to Active Directory. - Product Reviews]]> 2024-10-09T12:43:55+00:00 https://www.globalsecuritymag.fr/netwrix-released-a-new-version-of-netwrix-threat-manager.html www.secnews.physaphae.fr/article.php?IdArticle=8594816 False Threat,Cloud None 1.00000000000000000000 Global Security Mag - Site de news francais Produits]]> 2024-10-09T12:32:23+00:00 https://www.globalsecuritymag.fr/netwrix-annonce-la-version-3-0-de-netwrix-threat-manager.html www.secnews.physaphae.fr/article.php?IdArticle=8594819 False Threat,Cloud None 1.00000000000000000000 IndustrialCyber - cyber risk firms for industrial Le centre de coordination de la cybersécurité du secteur de la santé (HC3) au sein du département américain de la santé & # 38;Les services humains (HHS) ont averti ...

---

>The Health Sector Cybersecurity Coordination Center (HC3) within the U.S. Department of Health & Human Services (HHS) warned... ]]> 2024-10-09T11:02:40+00:00 https://industrialcyber.co/medical/trinity-ransomware-emerging-threat-to-us-healthcare-uses-sophisticated-double-extortion-tactics/ www.secnews.physaphae.fr/article.php?IdArticle=8594768 False Ransomware,Threat,Medical None 3.0000000000000000 HackRead - Chercher Cyber Cybercriminals exploit disaster relief efforts to target vulnerable individuals and organizations in Florida, compromising the integrity of relief…]]> 2024-10-09T10:18:42+00:00 https://hackread.com/scammers-florida-hurricane-victim-fake-fema-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8594769 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft is warning of cyber attack campaigns that abuse legitimate file hosting services such as SharePoint, OneDrive, and Dropbox that are widely used in enterprise environments as a defense evasion tactic. The end goal of the campaigns are broad and varied, allowing threat actors to compromise identities and devices and conduct business email compromise (BEC) attacks, which ultimately result]]> 2024-10-09T09:52:00+00:00 https://thehackernews.com/2024/10/microsoft-detects-growing-use-of-file.html www.secnews.physaphae.fr/article.php?IdArticle=8594634 False Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Ivanti\'s Cloud Services Appliance is being targeted by threat actors exploiting three zero-day bugs]]> 2024-10-09T09:15:00+00:00 https://www.infosecurity-magazine.com/news/ivanti-three-csa-zerodays/ www.secnews.physaphae.fr/article.php?IdArticle=8594717 False Vulnerability,Threat,Cloud None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine October\'s Patch Tuesday saw Microsoft patch over 100 CVEs including five zero-day vulnerabilities]]> 2024-10-09T08:30:00+00:00 https://www.infosecurity-magazine.com/news/microsoft-five-zerodays-patch/ www.secnews.physaphae.fr/article.php?IdArticle=8594718 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Ivanti has warned that three new security vulnerabilities impacting its Cloud Service Appliance (CSA) have come under active exploitation in the wild. The zero-day flaws are being weaponized in conjunction with another flaw in CSA that the company patched last month, the Utah-based software services provider said. Successful exploitation of these vulnerabilities could allow an authenticated]]> 2024-10-08T22:08:00+00:00 https://thehackernews.com/2024/10/zero-day-alert-three-critical-ivanti.html www.secnews.physaphae.fr/article.php?IdArticle=8594380 False Vulnerability,Threat,Cloud None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-08T21:50:21+00:00 https://community.riskiq.com/article/0d95c329 www.secnews.physaphae.fr/article.php?IdArticle=8594521 True Ransomware,Malware,Tool,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch Threat actors are actively exploiting two of the vulnerabilities, while three others are publicly known and ripe for attack.]]> 2024-10-08T21:48:57+00:00 https://www.darkreading.com/vulnerabilities-threats/5-cves-microsofts-october-2024-update-patch-now www.secnews.physaphae.fr/article.php?IdArticle=8594502 False Vulnerability,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-08T21:00:37+00:00 https://community.riskiq.com/article/2a80bffc www.secnews.physaphae.fr/article.php?IdArticle=8594498 False Ransomware,Malware,Tool,Threat,Prediction,Cloud None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-08T20:56:20+00:00 https://community.riskiq.com/article/fbb26e9f www.secnews.physaphae.fr/article.php?IdArticle=8594499 False Data Breach,Tool,Vulnerability,Threat,Cloud None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-08T18:38:34+00:00 https://community.riskiq.com/article/29587102 www.secnews.physaphae.fr/article.php?IdArticle=8594452 False Ransomware,Vulnerability,Threat,Industrial Guam 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Is your store at risk? Discover how an innovative web security solution saved one global online retailer and its unsuspecting customers from an “evil twin” disaster. Read the full real-life case study here. The Invisible Threat in Online Shopping When is a checkout page, not a checkout page? When it\'s an “evil twin”! Malicious redirects can send unsuspecting shoppers to these perfect-looking]]> 2024-10-08T16:28:00+00:00 https://thehackernews.com/2024/10/new-case-study-evil-twin-checkout-page.html www.secnews.physaphae.fr/article.php?IdArticle=8594215 False Threat,Studies None 3.0000000000000000 The State of Security - Magazine Américain Today\'s VERT Alert addresses Microsoft\'s October 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1127 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2024-43573 A vulnerability in the Windows MSHTML Platform has seen active exploitation attacks against a spoofing vulnerability. Based on the CWE that Microsoft selected for this vulnerability, the risk comes from a Cross-Site Scripting (XSS) attack. Microsoft has reported this vulnerability as Exploitation Detected. CVE-2024-43572 A vulnerability in the Microsoft...]]> 2024-10-08T16:14:30+00:00 https://www.tripwire.com/state-of-security/vert-threat-alert-october-2024-patch-tuesday-analysis www.secnews.physaphae.fr/article.php?IdArticle=8594478 False Vulnerability,Threat None 3.0000000000000000 HackRead - Chercher Cyber Morphisec Threat Labs uncovers sophisticated Lua malware targeting student gamers and educational institutions. Learn how these attacks work…]]> 2024-10-08T15:38:16+00:00 https://hackread.com/lua-malware-hit-student-gamers-fake-game-cheats/ www.secnews.physaphae.fr/article.php?IdArticle=8594349 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A little-known threat actor tracked as GoldenJackal has been linked to a series of cyber attacks targeting embassies and governmental organizations with an aim to infiltrate air-gapped systems using two disparate bespoke toolsets. Victims included a South Asian embassy in Belarus and a European Union government (E.U.) organization, Slovak cybersecurity company ESET said. "The ultimate goal of]]> 2024-10-08T14:51:00+00:00 https://thehackernews.com/2024/10/goldenjackal-target-embassies-and-air.html www.secnews.physaphae.fr/article.php?IdArticle=8594153 False Malware,Threat GoldenJackal 3.0000000000000000 Checkpoint - Fabricant Materiel Securite à mesure que les maisons deviennent plus connectées, le rôle des passerelles à domicile & # 8211;Les appareils qui connectent les réseaux domestiques à Internet & # 8211;est devenu plus critique que jamais.Ces routeurs, autrefois considérés comme de simples conduits pour l'accès à Internet, sont désormais les gardiens des écosystèmes intelligents entiers, contrôlant tout, des caméras de sécurité aux appareils connectés.Cependant, cette commodité a un coût: les routeurs sont de plus en plus ciblés par les cybercriminels, ce qui rend la sécurité solide essentielle.En réponse à la menace croissante, Heights Telecom s'est associé à Check Point Software Technologies pour lancer les hauteurs Cyber ​​Dome, une solution de sécurité de nouvelle génération qui intègre le point de contrôle quantum [& # 8230;]

---

>As homes become more connected, the role of home gateways – the devices that connect home networks to the internet – has become more critical than ever. These routers, once considered simple conduits for internet access, are now the gatekeepers of entire smart ecosystems, controlling everything from security cameras to connected appliances. However, this convenience comes at a cost: routers are increasingly targeted by cyber criminals, making robust security essential. In response to the growing threat, Heights Telecom has partnered with Check Point Software Technologies to launch the Heights Cyber Dome, a next-generation security solution that integrates Check Point Quantum […] ]]> 2024-10-08T13:00:19+00:00 https://blog.checkpoint.com/securing-the-network/securing-the-future-of-home-networks-heights-telecom-and-check-points-revolutionary-partnership/ www.secnews.physaphae.fr/article.php?IdArticle=8594244 False Threat None 3.0000000000000000 HackRead - Chercher Cyber The Storm-1575 group is known for frequently rebranding its phishing infrastructure. Recently, ANY.RUN analysts identified the deployment of…]]> 2024-10-08T11:24:51+00:00 https://hackread.com/storm-1575-threat-actor-new-login-panels-phishing-infrastructure/ www.secnews.physaphae.fr/article.php?IdArticle=8594217 False Threat None 3.0000000000000000 Global Security Mag - Site de news francais Product Reviews]]> 2024-10-08T10:30:34+00:00 https://www.globalsecuritymag.fr/triplecomm-adds-darkscope-s-cyber-threat-intelligence-to-its-solutions-roster.html www.secnews.physaphae.fr/article.php?IdArticle=8594204 False Threat None 2.0000000000000000 Global Security Mag - Site de news francais Produits]]> 2024-10-08T10:21:52+00:00 https://www.globalsecuritymag.fr/extrahop-r-automatise-les-flux-de-detection-et-de-reponse-avec-crowdstrike.html www.secnews.physaphae.fr/article.php?IdArticle=8594206 False Threat None 2.0000000000000000 Global Security Mag - Site de news francais Mise à jour malware

---

Active Ransomware Threat Groups Up 30% in 2024 Secureworks annual State of The Threat Report outlines cybercriminals response as law enforcement operations successfully cause widespread disruption to ransomware operations - Malware Update]]> 2024-10-08T10:05:16+00:00 https://www.globalsecuritymag.fr/active-ransomware-threat-groups-up-30-in-2024.html www.secnews.physaphae.fr/article.php?IdArticle=8594176 False Ransomware,Threat,Legislation None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-08T05:14:51+00:00 https://community.riskiq.com/article/6bedb4b5 www.secnews.physaphae.fr/article.php?IdArticle=8594036 False Malware,Tool,Threat,Industrial APT 45 3.0000000000000000 InformationSecurityBuzzNews - Site de News Securite A newly active botnet, dubbed “Gorilla Botnet,” has unleashed a gargantuan wave of cyberattacks this past September, according to the NSFOCUS Global Threat Hunting System. During a surge in activity from September 4 to September 27, Gorilla Botnet issued more than 300,000 distributed denial-of-service (DDoS) attack commands-an unprecedented level of attack density. The botnet\'s targets [...]]]> 2024-10-08T04:14:20+00:00 https://informationsecuritybuzz.com/gorilla-botnet-launches-ddos-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8593991 False Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Targeted Geolocations - Western Europe - Eastern Europe - Northern Europe - Southern Europe - Middle East - South Asia #### Targeted Industries - Government Agencies & Services ## Snapshot ESET researchers have uncovered a series of cyberattacks by the advanced persistent threat (APT) group Golden Jackal, against a European government organization using tools capable of targeting air-gapped systems. ## Description Active since at least 2019, GoldenJackal has been observed by [Kapersky](https://securelist.com/goldenjackal-apt-group/109677/) targeting government and diplomatic entities in the Middle East and South Asia with custom tools, including a collection of .NET malware (JackalControl, JackalWorm, JackalSteal, JackalPerInfo, and JackalScreenWatcher) designed to spread across systems using removable drives and exfiltration information. The group was attributed to a 2019 attack on a South Asian embassy in Belarus which leveraged a USB-based delivery method to extract files from the victim network.  ESET researchers have identified additional malware, part of a highly modular toolset, used by GoldenJackal to target a European governmental organization. Among these tools are GoldenDealer, which del]]> 2024-10-08T00:28:51+00:00 https://community.riskiq.com/article/f0234a25 www.secnews.physaphae.fr/article.php?IdArticle=8593948 False Malware,Tool,Threat GoldenJackal 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-07T22:30:06+00:00 https://community.riskiq.com/article/bfcb80ed www.secnews.physaphae.fr/article.php?IdArticle=8593905 False Spam,Malware,Tool,Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch The Chinese state-sponsored cyberattack threat managed to infiltrate the "lawful intercept" network connections that police use in criminal investigations.]]> 2024-10-07T19:59:01+00:00 https://www.darkreading.com/cyber-risk/salt-typhoon-apt-subverts-law-enforcement-wiretapping www.secnews.physaphae.fr/article.php?IdArticle=8593813 False Threat,Legislation None 2.0000000000000000 Recorded Future - FLux Recorded Future Trinity ransomware, which bears similarities to previously spotted strains known as 2023Lock and Venus, appears to be an immediate threat to healthcare entities, according to the Department of Health and Human Services\' cyber coordination office.]]> 2024-10-07T19:44:07+00:00 https://therecord.media/trinity-ransomware-alert-healthcare-industry-hhs-cyber-center www.secnews.physaphae.fr/article.php?IdArticle=8593812 False Ransomware,Threat,Medical None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-07T19:22:45+00:00 https://community.riskiq.com/article/d47fc595 www.secnews.physaphae.fr/article.php?IdArticle=8593838 False Malware,Tool,Threat,Industrial,Cloud APT 10 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-07T18:55:28+00:00 https://community.riskiq.com/article/b3aa72ef www.secnews.physaphae.fr/article.php?IdArticle=8593809 False Ransomware,Malware,Tool,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-07T18:19:57+00:00 https://community.riskiq.com/article/74f06d55 www.secnews.physaphae.fr/article.php?IdArticle=8593810 False Vulnerability,Threat None 3.0000000000000000 Bleeping Computer - Magazine Américain Home and small business security company ADT disclosed it suffered a breach after threat actors gained access to its systems using stolen credentials and exfiltrated employee account data. [...]]]> 2024-10-07T18:12:37+00:00 https://www.bleepingcomputer.com/news/security/adt-discloses-second-breach-in-2-months-hacked-via-stolen-credentials/ www.secnews.physaphae.fr/article.php?IdArticle=8593862 False Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-07T16:54:11+00:00 https://community.riskiq.com/article/33015049 www.secnews.physaphae.fr/article.php?IdArticle=8593765 False Ransomware,Malware,Tool,Vulnerability,Threat,Mobile,Prediction,Cloud APT 37,APT 45 2.0000000000000000 The Last Watchdog - Blog Sécurité de Byron V Acohido Torrance, Californie, 7 octobre 2024, CyberNewswire & # 8212; IP criminel , un moteur de recherche de renom Cyber ​​Threat Intelligence (CTI) développé par ai spera , s'est associé à analyse hybride , une plate-forme qui fournit une analyse de logiciels malveillante avancée et une intelligence de menace, à& # 8230; (Plus…) Le message ALERTE NOUVELLES: L'analyse hybride ajoute les analyses de domaine en temps réel de l'IP criminel, stimule la détection des logiciels malveillants Apparu d'abord sur le dernier chien de garde .

---

>Torrance, Calif., Oct. 7, 2024, CyberNewswire — Criminal IP, a renowned Cyber Threat Intelligence (CTI) search engine developed by AI SPERA, has partnered with Hybrid Analysis, a platform that provides advanced malware analysis and threat intelligence, to … (more…) The post News alert: Hybrid Analysis adds Criminal IP\'s real-time domain scans, boosts malware detection first appeared on The Last Watchdog.]]> 2024-10-07T16:25:23+00:00 https://www.lastwatchdog.com/new-alert-hybrid-analysis-adds-criminal-ip-real-time-domain-scans-boosts-malware-detection/ www.secnews.physaphae.fr/article.php?IdArticle=8593741 False Malware,Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine GoldenJackal targeted air-gapped government systems from May 2022 to March 2024, ESET found]]> 2024-10-07T15:30:00+00:00 https://www.infosecurity-magazine.com/news/goldenjackal-exploits-air-gapped/ www.secnews.physaphae.fr/article.php?IdArticle=8593717 False Threat GoldenJackal 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Ever heard of a "pig butchering" scam? Or a DDoS attack so big it could melt your brain? This week\'s cybersecurity recap has it all – government showdowns, sneaky malware, and even a dash of app store shenanigans. Get the scoop before it\'s too late! ⚡ Threat of the Week Double Trouble: Evil Corp & LockBit Fall: A consortium of international law enforcement agencies took steps to arrest four]]> 2024-10-07T14:46:00+00:00 https://thehackernews.com/2024/10/thn-cybersecurity-recap-top-threats-and.html www.secnews.physaphae.fr/article.php?IdArticle=8593567 False Malware,Threat,Legislation None 2.0000000000000000 Checkpoint Research - Fabricant Materiel Securite Pour les dernières découvertes en cyber recherche pour la semaine du 7 octobre, veuillez télécharger notre bulletin de renseignement sur les menaces.Les principales attaques et violations des pirates chinoises parrainés par l'État, surnommé & # 8220; Salt Typhoon & # 8221;, des sociétés de télécommunications américaines infiltrées telles que Verizon, AT & # 38; T et Lumen Technologies.Les attaquants ont eu accès aux systèmes utilisés pour les écoutes téléphoniques par cour, potentiellement non détectées pendant des mois [& # 8230;]

---

>For the latest discoveries in cyber research for the week of 7th October, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Chinese state-sponsored hackers, dubbed “Salt Typhoon”, infiltrated US telecom companies such as Verizon, AT&T, and Lumen Technologies. The attackers gained access to systems used for court-authorized wiretaps, potentially remaining undetected for months […] ]]> 2024-10-07T14:25:00+00:00 https://research.checkpoint.com/2024/7th-october-threat-intelligence-report/ www.secnews.physaphae.fr/article.php?IdArticle=8593695 False Threat None 2.0000000000000000 TechRepublic - Security News US Infoblox\'s Universal DDI solution could help stop cyber threat actors earlier.]]> 2024-10-07T13:54:48+00:00 https://www.techrepublic.com/article/infoblox-multi-cloud-strategies/ www.secnews.physaphae.fr/article.php?IdArticle=8593668 False Threat None 2.0000000000000000 Zimperium - cyber risk firms for mobile La défense des menaces mobiles de Zimperium \\ (MTD) et sa solution de suite de protection des applications mobiles (MAPS) offrent une protection robuste contre OCTO2, détectant tous les échantillons connus de manière zéro-jour.

---

>Zimperium\'s Mobile Threat Defense (MTD) and its Mobile App Protection Suite (MAPS) solution provide robust protection against Octo2, detecting all known samples in a zero-day fashion. ]]> 2024-10-07T13:20:51+00:00 https://www.zimperium.com/blog/zimperiums-zero-day-defense-against-octo2-malware-targeting-european-banks/ www.secnews.physaphae.fr/article.php?IdArticle=8593662 False Malware,Vulnerability,Threat,Mobile None 2.0000000000000000 The Register - Site journalistique Anglais Also, rooting for Russian cybercriminals, a new DDoS record, sneaky Linux server malware and more Infosec In Brief  The critical vulnerability in the Common Unix Printing System (CUPS) reported last week might have required some very particular circumstances to exploit, but Akamai researchers are warning the same vulnerabilities can easily be exploited for mass DDoS attacks. …]]> 2024-10-07T11:49:22+00:00 https://go.theregister.com/feed/www.theregister.com/2024/10/07/critical_cups_vulnerability_chain_easy/ www.secnews.physaphae.fr/article.php?IdArticle=8593613 False Malware,Vulnerability,Threat None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC SOCs today are drowning as they try to keep up with the new workload brough on by AI-induced threats, SaaS-based risks, proliferating forms of ransomware, the underground criminal as-a-Service economy, and complex networks (private cloud, public cloud, hybrid cloud, multi-cloud, on-premises, and more). Oh, and more AI-induced threats. However, SOCs have one tool with which they can fight back. By weilding automation to their advantage, modern SOCs can cut a lot of the needless notifications before they end up as unfinished to-dos on their plate. And that will lead to more positive outcomes all around. The Plague of Alert Fatigue One unsurprising headline reads, “Alert fatigue pushes security analysts to the limit.” And that isn’t even the most exciting news of the day. As noted by Grant Oviatt, Head of Security Operations at Prophet Security, “Despite automation advancements, investigating alerts is still mostly a manual job, and the number of alerts has only gone up over the past five years. Some automated tools meant to lighten the load for analysts can actually add to it by generating even more alerts that need human attention.” Today, alert fatigue comes from a number of places: Too many alerts | Thanks to all those tools; firewalls, EDR, IPS, IDS, and more. Too many false positives | This leads to wasted time investigating flops. Not enough context | A lack of enriching information makes you blind to which alerts might actually be viable. Not enough personnel | Even throwing more people at the problem won’t help if you don’t have enough people. Given the amount of threats and alerts today, however, it’s likely you’d need to increase your SOC by a factor of 100. As noted in Helpnet Security, “Today’s security tools generate an incredible volume of event data. This makes it difficult for security practitioners to distinguish between background noise and serious threats…[M]any systems are prone to false positives, which are triggered either by harmless activity or by overly sensitive anomaly thresholds. This can desensitize defenders who may end up missing important attack signals.” To increase the signal-to-noise ratio and winnow down this deluge of data, SOC automation processes are needed to streamline security operations. And those automated processes are only made more effective by adding the enhancing capabilities of artificial intelligence (AI) (including machine learning (ML) and Large L]]> 2024-10-07T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/reducing-alert-fatigue-by-streamlining-soc-processes www.secnews.physaphae.fr/article.php?IdArticle=8593563 False Ransomware,Spam,Tool,Threat,Studies,Cloud None 2.0000000000000000 Dark Reading - Informationweek Branch The popular LiteSpeed Cache plug-in is vulnerable to unauthenticated privilege escalation via a dangerous XSS flaw.]]> 2024-10-07T09:45:55+00:00 https://www.darkreading.com/endpoint-security/single-http-request-exploit-6m-wordpress www.secnews.physaphae.fr/article.php?IdArticle=8593815 False Threat None 3.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET ESET Research analyzed two separate toolsets for breaching air-gapped systems, used by a cyberespionage threat actor known as GoldenJackal]]> 2024-10-07T09:00:00+00:00 https://www.welivesecurity.com/en/eset-research/mind-air-gap-goldenjackal-gooses-government-guardrails/ www.secnews.physaphae.fr/article.php?IdArticle=8594037 False Threat GoldenJackal 2.0000000000000000 InformationSecurityBuzzNews - Site de News Securite Akamai researchers have identified a critical vulnerability in the Common Unix Printing System (CUPS) that could allow malicious actors to initiate powerful distributed denial-of-service (DDoS) attacks with minimal resources. Approximately 58,000 exposed devices are potentially at risk, posing a serious threat to internet stability. This discovery adds to the growing list of vulnerabilities in outdated [...]]]> 2024-10-07T06:53:25+00:00 https://informationsecuritybuzz.com/new-ddos-attack-vector-discovered-cups/ www.secnews.physaphae.fr/article.php?IdArticle=8593492 False Vulnerability,Threat None 2.0000000000000000 Global Security Mag - Site de news francais Revues de produits

---

As a global cybersecurity company, SecurityHQ relies on intelligence from multiple sources to provide unparalleled service and protection. In a recent press release, it was announced that Group-IB, a leading creator of cybersecurity technologies, signed a global partnership agreement with SecurityHQ. SecurityHQ & Group-IB - Product Reviews]]> 2024-10-05T20:56:03+00:00 https://www.globalsecuritymag.fr/securityhq-s-enhanced-threat-risk-intelligence-with-group-ib.html www.secnews.physaphae.fr/article.php?IdArticle=8592770 False Threat None 2.0000000000000000 Global Security Mag - Site de news francais Magic Quadrant

---

Sophos is a Recognized a Leader in European Managed Detection and Response Services by IDC MarketScape Recognition Comes as Sophos Invests in Building Teams of Highly Experienced Security Analysts to Deliver Human-Led Threat Hunting Services - MAGIC QUADRANT ]]> 2024-10-05T20:45:58+00:00 https://www.globalsecuritymag.fr/sophos-is-a-recognized-a-leader-in-european-managed-detection-and-response.html www.secnews.physaphae.fr/article.php?IdArticle=8592771 False Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-04T21:11:23+00:00 https://community.riskiq.com/article/70eabb8c www.secnews.physaphae.fr/article.php?IdArticle=8592227 False Ransomware,Malware,Tool,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch A growing number of organizations are taking longer to get back on their feet after an attack, and they\'re paying high price tags to do so - up to $2M or more.]]> 2024-10-04T19:44:54+00:00 https://www.darkreading.com/threat-intelligence/insider-threat-damage-balloons-amid-evolving-cyber-environments www.secnews.physaphae.fr/article.php?IdArticle=8592178 False Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-04T18:49:08+00:00 https://community.riskiq.com/article/a850b55a www.secnews.physaphae.fr/article.php?IdArticle=8592176 False Malware,Tool,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft and the U.S. Department of Justice (DoJ) on Thursday announced the seizure of 107 internet domains used by state-sponsored threat actors with ties to Russia to facilitate computer fraud and abuse in the country. "The Russian government ran this scheme to steal Americans\' sensitive information, using seemingly legitimate email accounts to trick victims into revealing account credentials]]> 2024-10-04T18:36:00+00:00 https://thehackernews.com/2024/10/us-and-microsoft-seize-107-russian.html www.secnews.physaphae.fr/article.php?IdArticle=8592022 False Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Targeted Geolocations - Poland ## Snapshot Researchers at CERT Polska have identified a sophisticated Android malware campaign involving a malicious application that subscribes users to premium services without their consent. ## Description The malware, part of the Joker campaign, uses a command and control server to orchestrate its operations. It employs various classes such as PostFormTask, BaseTask, and ParamsBuilder to construct and execute network requests, and processes server responses using a Toast message to display encrypted data. This data is suspected to be decrypted by a native method in the BeautySoft class and executed as a DEX file dynamically, although the necessary native library (libphotoset.so) is not included in the APK from the]]> 2024-10-04T17:37:43+00:00 https://community.riskiq.com/article/de6c5c9b www.secnews.physaphae.fr/article.php?IdArticle=8592153 False Malware,Threat,Mobile None 3.0000000000000000 CybeReason - Vendor blog ]]> 2024-10-04T16:09:32+00:00 https://www.cybereason.com/blog/cuckoo-spear-pt2-threat-actor-arsenal www.secnews.physaphae.fr/article.php?IdArticle=8592106 False Tool,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Continuous Threat Exposure Management (CTEM) is a strategic framework that helps organizations continuously assess and manage cyber risk. It breaks down the complex task of managing security threats into five distinct stages: Scoping, Discovery, Prioritization, Validation, and Mobilization. Each of these stages plays a crucial role in identifying, addressing, and mitigating vulnerabilities -]]> 2024-10-04T15:23:00+00:00 https://thehackernews.com/2024/10/how-to-get-going-with-ctem-when-you.html www.secnews.physaphae.fr/article.php?IdArticle=8591909 False Vulnerability,Threat None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial The U.S. Department of Homeland Security (DHS) highlighted in its 2025 Homeland Threat Assessment (HTA) that domestic and... ]]> 2024-10-04T15:21:34+00:00 https://industrialcyber.co/threat-landscape/dhs-warns-of-escalating-threats-to-us-critical-infrastructure-in-2025-homeland-threat-assessment/ www.secnews.physaphae.fr/article.php?IdArticle=8592079 False Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Cisco Talos has observed the financially motivated threat actor targeting organizations globally with a MedusaLocker ransomware variant called “BabyLockerKZ”]]> 2024-10-04T13:00:00+00:00 https://www.infosecurity-magazine.com/news/medusalocker-ransomware-deployed/ www.secnews.physaphae.fr/article.php?IdArticle=8591993 False Ransomware,Threat None 3.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET As highlighted by new ESET research this week, attributing a cyberattack to a specific threat actor is a complex affair]]> 2024-10-04T11:55:10+00:00 https://www.welivesecurity.com/en/videos/complexities-attack-attribution-week-security-tony-anscombe/ www.secnews.physaphae.fr/article.php?IdArticle=8592497 False Threat None 1.00000000000000000000 InformationSecurityBuzzNews - Site de News Securite As attackers continue to find new ways to profit from vulnerabilities, organizations of all sizes face an ever-present threat. With attacks becoming more frequent and businesses growing increasingly desensitized to these risks, the importance of having a comprehensive, proactive response plan has never been more urgent. Verizon Business\' 2024 Data Breach Investigation Report revealed that [...]]]> 2024-10-04T05:28:27+00:00 https://informationsecuritybuzz.com/strengthening-security-posture-people/ www.secnews.physaphae.fr/article.php?IdArticle=8591797 False Data Breach,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google has revealed the various security guardrails that have been incorporated into its latest Pixel devices to counter the rising threat posed by baseband security attacks. The cellular baseband (i.e., modem) refers to a processor on the device that\'s responsible for handling all connectivity, such as LTE, 4G, and 5G, with a mobile phone cell tower or base station over a radio interface. "This]]> 2024-10-03T22:30:00+00:00 https://thehackernews.com/2024/10/android-14-adds-new-security-features.html www.secnews.physaphae.fr/article.php?IdArticle=8591425 False Threat,Mobile None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-03T21:17:48+00:00 https://community.riskiq.com/article/637f1296 www.secnews.physaphae.fr/article.php?IdArticle=8591592 False Ransomware,Malware,Tool,Vulnerability,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-03T20:13:46+00:00 https://community.riskiq.com/article/2e62a43c www.secnews.physaphae.fr/article.php?IdArticle=8591525 False Malware,Tool,Vulnerability,Threat,Cloud APT 37 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot In recent months, attacks on Generative Artificial Intelligence (genAI)  infrastructure, particularly services like AWS Bedrock, have significantly increased. These attacks primarily target exposed access keys, which attackers use to hijack infrastructure for their own Large Language Model (LLM) applications. A recent campaign captured by Permiso revealed that attackers were using hijacked infrastructure to host a sexual roleplay]]> 2024-10-03T19:14:47+00:00 https://community.riskiq.com/article/17fb4d2d www.secnews.physaphae.fr/article.php?IdArticle=8591492 False Tool,Threat,Prediction None 2.0000000000000000 HackRead - Chercher Cyber Dubai Silicon Oasis, United Arab Emirates, 3rd October 2024, CyberNewsWire]]> 2024-10-03T18:45:04+00:00 https://hackread.com/any-run-upgrades-threat-intelligence-to-identify-emerging-threats/ www.secnews.physaphae.fr/article.php?IdArticle=8591459 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors with ties to North Korea have been observed delivering a previously undocumented backdoor and remote access trojan (RAT) called VeilShell as part of a campaign targeting Cambodia and likely other Southeast Asian countries. The activity, dubbed SHROUDED#SLEEP by Securonix, is believed to be the handiwork of APT37, which is also known as InkySquid, Reaper, RedEyes, Ricochet Chollima,]]> 2024-10-03T18:30:00+00:00 https://thehackernews.com/2024/10/north-korean-hackers-using-new.html www.secnews.physaphae.fr/article.php?IdArticle=8591272 False Threat APT 37 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-03T18:06:19+00:00 https://community.riskiq.com/article/bcffa357 www.secnews.physaphae.fr/article.php?IdArticle=8591454 True Ransomware,Malware,Tool,Threat None 2.0000000000000000 The Last Watchdog - Blog Sécurité de Byron V Acohido Torrance, Californie, 3 octobre 2024, CyberNewswire & # 8212; Un webinaire en direct exclusif aura lieu le 4 octobre à l'heure de l'Est (ET), démontrant comment Criminal IP \\ 's ' s \ 's ' s \ 's ' s \ 's ' s \ 's ' s \ 'La gestion de la surface d'attaque (ASM) peut aider les organisations à détecter et à atténuer les cyber-menaces de manière proactive. & # 8230; (plus…) The Post Alerte de nouvelles: à venirLe webinaire met en évidence l'atténuation des menaces, Fortification \\ 'asm \' avec IP criminel Apparu d'abord sur le dernier chien de garde .

---

>Torrance, Calif., Oct. 3, 2024, CyberNewswire — An exclusive live webinar will take place on October 4th at noon Eastern Time (ET), demonstrating how Criminal IP\'s Attack Surface Management (ASM) can help organizations proactively detect and mitigate cyber threats. The … (more…) The post News alert: Upcoming webinar highlights threat mitigation, fortifying \'ASM\' with Criminal IP first appeared on The Last Watchdog.]]> 2024-10-03T16:42:19+00:00 https://www.lastwatchdog.com/news-alert-upcoming-webinar-highlights-threat-mitigation-fortifying-asm-with-criminal-ip/ www.secnews.physaphae.fr/article.php?IdArticle=8591385 False Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine China-aligned CeranaKeeper discovered targeting Thai govt institutions using cloud services for data exfiltration]]> 2024-10-03T15:30:00+00:00 https://www.infosecurity-magazine.com/news/ceranakeeper-new-threat-thai/ www.secnews.physaphae.fr/article.php?IdArticle=8591351 False Threat,Cloud None 2.0000000000000000 ProofPoint - Cyber Firms 2024-10-03T15:14:06+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/socgholish-malware-healthcare-sector www.secnews.physaphae.fr/article.php?IdArticle=8591227 False Ransomware,Malware,Tool,Vulnerability,Threat,Medical,Cloud,Conference None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) INTERPOL has announced the arrest of eight individuals in Côte d\'Ivoire and Nigeria as part of a crackdown on phishing scams and romance cyber fraud. Dubbed Operation Contender 2.0, the initiative is designed to tackle cyber-enabled crimes in West Africa, the agency said. One such threat involved a large-scale phishing scam targeting Swiss citizens that resulted in financial losses to the tune]]> 2024-10-03T14:40:00+00:00 https://thehackernews.com/2024/10/interpol-arrests-8-in-major-phishing.html www.secnews.physaphae.fr/article.php?IdArticle=8591161 False Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-03T13:39:50+00:00 https://community.riskiq.com/article/cb001933 www.secnews.physaphae.fr/article.php?IdArticle=8591305 False Malware,Tool,Threat None 3.0000000000000000 CybeReason - Vendor blog À l'ère numérique d'aujourd'hui, les cyberattaques sont devenues une menace commune et constante pour les individus et les organisations.Des escroqueries à phishing aux attaques de logiciels malveillants, les cybercriminels trouvent constamment de nouvelles façons d'exploiter les vulnérabilités et de voler des informations sensibles.Les ransomwares sont de plus en plus répandus, avec des attaques de haut niveau ciblant les grandes organisations, les agences gouvernementales et les systèmes de santé.Les conséquences d'une attaque de ransomware peuvent être dévastatrices, entraînant une perte financière, des dommages de réputation et même le compromis de données sensibles.

---

In today\'s digital age, cyberattacks have become a common and constant threat to individuals and organizations alike. From phishing scams to malware attacks, cybercriminals are constantly finding new ways to exploit vulnerabilities and steal sensitive information. Ransomware is increasingly prevalent, with high-profile attacks targeting large organizations, government agencies, and healthcare systems. The consequences of a ransomware attack can be devastating, resulting in financial loss, reputational damage, and even the compromise of sensitive data.]]> 2024-10-03T13:00:00+00:00 https://www.cybereason.com/blog/the-silent-epidemic-uncovering-the-dangers-of-alert-fatigue-and-how-to-overcome-it www.secnews.physaphae.fr/article.php?IdArticle=8591265 False Ransomware,Malware,Vulnerability,Threat,Medical None 2.0000000000000000 GoogleSec - Firm Security Blog employ false base stations to inject fabricated or manipulated network packets. In certain protocols like IMS (IP Multimedia Subsystem), this can be executed remotely from any global location using an IMS client. The firmware within the cellular baseband, similar to any software, is susceptible to bugs and errors. In the context of the baseband, these software vulnerabilities pose a significant concern due to the heightened exposure of this component within the device\'s attack surface. There is ample evidence demonstrating the exploitation of software bugs in modem basebands to achieve remote code execution, highlighting the critical risk associated with such vulnerabilities. The State of Baseband Security Baseband security has emerged as a prominent area of research, with demonstrations of software bug exploitation featuring in numerous security conferences. Many of these conferences now also incorporate training sessions dedicated to baseband firmware emulation, analysis, and exploitation techniques. Recent reports by security researchers have noted that most basebands lack exploit mitigations commonly deployed elsewhere and considered best practices in software development. Mature software hardening techniques that are commonplace in the Android operating system, for example, are often absent from cellular firmwares of many popular smartphones. There are clear indications that exploit vendors and cyber-espionage firms abuse these vulnerabilities to breach the privacy of individuals without their consent. For example, 0-day exploits in the cellular baseband are being used to deploy the Predator malware in smartphones. Additionally, exploit marketplaces explicitly list ba]]> 2024-10-03T12:59:54+00:00 http://security.googleblog.com/2024/10/pixel-proactive-security-cellular-modems.html www.secnews.physaphae.fr/article.php?IdArticle=8591387 False Malware,Tool,Vulnerability,Threat,Mobile None 3.0000000000000000 GoogleSec - Firm Security Blog sandboxing, site isolation and the migration to an encrypted web. Today we\'re investing in Rust for memory safety, hardening our existing C++ code-base, and improving detection with GWP-asan and lightweight use-after-free (UAF) detection. Considerations of user-harm and attack utility shape our vulnerability severity guidelines and payouts for bugs reported through our Vulnerability Rewards Program. In the longer-term the Chrome Security Team advocates for operating system improvements like less-capable lightweight processes, less-privileged GPU and NPU containers, improved application isolation, and support for hardware-based isolation, memory safety and flow control enforcement. When contemplating a particular security change it is easy to fall into a trap of security nihilism. It is tempting to reject changes that do not make exploitation impossible but only make it more difficult. However, the scale we are operating at can still make incremental improvements worthwhile. Over time, and over the population that uses Chrome and browsers based on Chromium, these improvements add up and impose real costs on attackers. Threat Model for Code Execution Our primary security goal is to make it safe to click on links, so people can feel confident browsing to pages they haven\'t visited before. This document focuses on vulnerabilities and exploits that can lead to code execution, but the approach can be applied when mitigating other risks. Attackers usually have some ultimate goal that can be achieved by executing their code outside of Chrome\'s sandboxed or restricted processes. Attackers seek information or capabilities that we do not intend to be available to websites or extensions in the sandboxed renderer process. This might include executing code as the user or with system privileges, reading the memory of other processes, accessing credentials or opening local files. In this post we focus on attackers that start with JavaScript or the ability to send packets to Chrome and end up with something useful. We restrict discussion to memory-safety issues as they are a focus of current hardening efforts. User Harm ⇔ Attacker Utility Chrome Security can scalably reduce risks to users by reducing attackers\' freedom of movement. Anything that makes some class of attackers\' ultimate goals more difficult, or (better) impossible, has value. People using Chrome have multiple, diverse adversaries. We should avoid thinking only ab]]> 2024-10-03T12:03:16+00:00 http://security.googleblog.com/2024/10/evaluating-mitigations-vulnerabilities.html www.secnews.physaphae.fr/article.php?IdArticle=8591388 False Tool,Vulnerability,Threat,Legislation None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine A new report by Red Canary has found that while cybersecurity budgets have risen, many security leaders still feel overwhelmed by the growing threat landscape]]> 2024-10-03T12:00:00+00:00 https://www.infosecurity-magazine.com/news/cybersecurity-security-leaders/ www.secnews.physaphae.fr/article.php?IdArticle=8591195 False Threat None 2.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain Email mal formé à un serveur de courrier Zimbra.Il est critique, mais difficile à exploiter. Dans un e-mail envoyé mercredi après-midi, le chercheur de preuves Greg Lesnewich a semblé en grande partie d'accord que les attaques ne sont pas susceptibles de conduire à des infections de masse qui pourraient installer des ransomwares ou des logiciels malveillants d'espionnage.Le chercheur a fourni les détails suivants: Alors que les tentatives d'exploitation que nous avons observées étaient aveugles dans le ciblage, nous n'avons pas vu un grand volume de tentatives d'exploitation Sur la base de ce que nous avons recherché et observé, l'exploitation de cette vulnérabilité est très facile, mais nous n'avons aucune information sur la fiabilité de l'exploitation ...

---

Hackers can execute commands on a remote computer by sending malformed emails to a Zimbra mail server. It’s critical, but difficult to exploit. In an email sent Wednesday afternoon, Proofpoint researcher Greg Lesnewich seemed to largely concur that the attacks weren’t likely to lead to mass infections that could install ransomware or espionage malware. The researcher provided the following details: While the exploitation attempts we have observed were indiscriminate in targeting, we haven’t seen a large volume of exploitation attempts Based on what we have researched and observed, exploitation of this vulnerability is very easy, but we do not have any information about how reliable the exploitation is ...]]> 2024-10-03T11:04:20+00:00 https://www.schneier.com/blog/archives/2024/10/weird-zimbra-vulnerability.html www.secnews.physaphae.fr/article.php?IdArticle=8591160 False Ransomware,Malware,Vulnerability,Threat None 2.0000000000000000 ProjectZero - Blog de recherche Google dav1d AV1 video decoder. That integer overflow leads to an out-of-bounds write to memory. Dav1d 1.4.0 patched this, and it was assigned CVE-2024-1580. After the disclosure, I received some questions about how this issue was discovered, since dav1d is already being fuzzed by at least oss-fuzz. This blog post explains what happened. It’s a useful case study in how to construct fuzzers to exercise as much code as possible. But first, some background...BackgroundDav1d Dav1d is a highly-optimized AV1 decoder. AV1 is a royalty-free video coding format developed by the Alliance for Open Media, and achieves improved data compression compared to older formats. AV1 is widely supported by web browsers, and a significant parsing vulnerability in AV1 decoders could be used as part of an attack to gain remote code execution. In the right context, where AV1 is parsed in a received message, this could allow a 0-click exploit. Testing some popular messaging clients by sending AV1 videos and AVIF images (which uses the AV1 codec) yielded the following results:AVIF images are displayed in iMessageAVIF images are NOT displayed in Android Messages when sent as an MMSAVIF images are displayed in Google ChatAV1 videos are not immediately displaye]]> 2024-10-03T10:01:18+00:00 https://googleprojectzero.blogspot.com/2024/10/effective-fuzzing-dav1d-case-study.html www.secnews.physaphae.fr/article.php?IdArticle=8591384 False Vulnerability,Threat,Studies,Mobile None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC “Secure Our World.” As a Cybersecurity Awareness Month Champion, LevelBlue continues to show its dedication to this mission, while promoting the importance of cyber resilience among growing opportunities for innovation that might also increase cyber risk. This means simplifying security, aiming to provide always-on services that make governance, planning, resource allocation, and innovation easier than ever without sacrificing cyber protection. Aligning on Cyber Resilience Goals Among the C-suite As cybersecurity threats evolve, one of the biggest challenges facing organizations is the misalignment among C-suite leaders - which weakens overall cyber resilience. The 2024 LevelBlue Executive Accelerator analyzes the dynamics among C-suite executives to better understand issues that prevent risk reduction, stall or complicate compliance, and create barriers to cyber resilience. According to its findings, 73% of CISOs expressed concern over cybersecurity becoming unwieldy, requiring risk-laden tradeoffs, compared to only 58% of both CIOs and CTOs. This indicates a heightened concern among CISOs about balancing immediate security measures with the practicalities of implementing new technologies and managing resources. That need for tradeoffs suggests that CISOs are struggling to maintain a balance between advancing technological capabilities and ensuring robust cybersecurity measures, potentially leaving organizations exposed to increased risk. This Cybersecurity Awareness Month, organizations must focus on improved alignment within the C-suite to provide clearer guidance on cybersecurity priorities by fostering a unified approach to risk management and operational resilience. When CIOs, CTOs, and CISOs collaborate closely, they can prioritize investments in cybersecurity technologies that mitigate risks effectively while supporting business objectives. This alignment reduces ambiguity and ensures that resources are allocated strategically, alleviating some of the pressure on CISOs to make unilateral decisions. Achieving Cyber Resilience with Five Specific Steps To effectively achieve cyber resilience, LevelBlue promotes five crucial steps that the C-suite and organizations as a whole should take - not only during Cybersecurity Awareness Month, but beyond: Identify the barriers - This allows organizations to understand unique vulnerabilities and weaknesses in their current systems. Adopt a "secure by design" approach - Organizations must ensure that security measures are integrated into every phase of product and system development, rather than being an afterthought. Align cyber investments with business objectives - Resources must be allocated in ways that bolster overall organizational goals while enhancing security posture. Build a support ecosystem that fosters collaboration and knowledge sharing among stakeholders - This creates a more robust defense against cyber threats. Transform cybersecurity strategies to be agile and adaptive - This enables organizations to respond to evolving threats effectively, no matter how advanced an attack may become. D]]> 2024-10-03T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/levelblue-driving-cyber-resilience-in-october-and-beyond www.secnews.physaphae.fr/article.php?IdArticle=8591298 False Vulnerability,Threat None 2.0000000000000000 Sekoia - Cyber Firms Comprendre les cyber-menaces et le CIO (indicateurs du compromis) est crucial pour protéger votre organisation contre les activités cybercriminales.Chez Sekoia, nous avons adopté cela en développant une solution complète qui combine l'intelligence cyber-menace (le produit de l'intelligence Sekoia) avec notre plate-forme de détection, Sekoia Defend, en une seule plate-forme SaaS. la Publication Suivante Hunting for iocs: Des recherches en simple à un processus automatisé et reproductible est un article de sekoia.io blog .

---

>Understanding cyber threats and IoC (Indicators of Compromise) is crucial for protecting your organisation from cybercriminal activities. At Sekoia, we\'ve embraced this by developing a comprehensive solution that combines Cyber Threat Intelligence (The Sekoia Intelligence product) with our detection platform, Sekoia Defend, into a single SaaS platform. La publication suivante Hunting for IoCs: from singles searches to an automated and repeatable process est un article de Sekoia.io Blog.]]> 2024-10-03T09:50:30+00:00 https://blog.sekoia.io/hunting-for-iocs-from-singles-searches-to-an-automated-and-repeatable-process/ www.secnews.physaphae.fr/article.php?IdArticle=8591159 False Threat,Cloud None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Threat group FIN7 is hiding infostealer malware on sites promising AI deepnude downloads]]> 2024-10-03T08:30:00+00:00 https://www.infosecurity-magazine.com/news/fin7-hides-malware-ai-deepnude/ www.secnews.physaphae.fr/article.php?IdArticle=8591097 False Malware,Threat None 2.0000000000000000 InformationSecurityBuzzNews - Site de News Securite Cybersecurity firm ESET has identified a new China-aligned threat actor, dubbed “CeranaKeeper,” operating across Southeast Asia, with a primary focus on Thailand. CeranaKeeper has been carrying out widespread data exfiltration campaigns since early 2022, primarily targeting governmental institutions. The findings mark a significant development in the region’s ongoing cyber threat landscape, particularly given the group’s [...]]]> 2024-10-03T08:12:41+00:00 https://informationsecuritybuzz.com/china-aligned-ceranakeeper-thailand/ www.secnews.physaphae.fr/article.php?IdArticle=8591057 False Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-03T00:16:40+00:00 https://community.riskiq.com/article/837183c0 www.secnews.physaphae.fr/article.php?IdArticle=8590871 False Spam,Malware,Tool,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-02T23:11:05+00:00 https://community.riskiq.com/article/24d3e55f www.secnews.physaphae.fr/article.php?IdArticle=8590809 False Ransomware,Malware,Tool,Vulnerability,Threat,Prediction,Medical,Cloud None 2.0000000000000000 CompromisingPositions - Podcast Cyber L'apiculteur film LinkedIn Page pour avi klein L'artiste utilise des caméras CCTV pour les selfies à leur page Instagram - Vice Page LinkedIn pour Mish aal Numéro Montre: Inside Crypto \'s Wild Rise and Staging Fall par Zeke Faux Personne \\ 's idiot: pourquoi nous sommes pris et ce que nous pouvons faireÀ ce sujet par Daniel Simons and Christopher Chabris à propos de Kelly Paxton Kelly Paxton est un examinateur de fraude certifié, un enquêteur privé et un conférencier professionnel.Elle est également la fondatrice du podcast Fraudish (anciennement Great Women in Fraud).Elle a publié un détournement de fonds: comment]]> 2024-10-02T23:00:00+00:00 https://www.compromisingpositions.co.uk/podcast/episode-48-pink-collar-crime www.secnews.physaphae.fr/article.php?IdArticle=8590774 False Vulnerability,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch All an attacker needs to exploit flaws in the Common Unix Printing System is a few seconds and less than 1 cent in computing costs.]]> 2024-10-02T21:12:05+00:00 https://www.darkreading.com/vulnerabilities-threats/unix-printing-vulnerabilities-easy-ddos-attacks www.secnews.physaphae.fr/article.php?IdArticle=8590708 False Vulnerability,Threat None 2.0000000000000000 Recorded Future - FLux Recorded Future A set of bugs that has caused alarm among cybersecurity experts may enable threat actors to launch powerful attacks designed to knock systems offline.]]> 2024-10-02T21:07:50+00:00 https://therecord.media/ddos-attacks-cups-linux-print-vulnerability www.secnews.physaphae.fr/article.php?IdArticle=8590709 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A previously undocumented threat actor called CeranaKeeper has been linked to a string of data exfiltration attacks targeting Southeast Asia. Slovak cybersecurity firm ESET, which observed campaigns targeting governmental institutions in Thailand starting in 2023, attributed the activity cluster as aligned to China, leveraging tools previously identified as used by the Mustang Panda actor. "The]]> 2024-10-02T20:51:00+00:00 https://thehackernews.com/2024/10/china-linked-ceranakeeper-targeting.html www.secnews.physaphae.fr/article.php?IdArticle=8590559 False Tool,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-02T20:37:11+00:00 https://community.riskiq.com/article/522d2266 www.secnews.physaphae.fr/article.php?IdArticle=8590740 False Ransomware,Malware,Tool,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) Preferences > Control Panel Settings > Folder Options. - Create parameters for .jse and .js file extensions, associating them with notepad.exe or another text editor. - Check your perimeter firewall and proxy to restrict servers from making arbitrary connections to the internet to browse or download files. Such restrictions help inhibit malware downloads and command-and-control (C2) activity, including mobile devices. - Encourage users to use Microsoft Edge and other web browsers that support SmartScreen, which identifies and blocks malicious websites, including phishing sites, scam sites, and sites that contain exploits and host malware. Turn on network protection to block connections to malicious domains and IP addresses. - Only install apps from trusted sources, such as the software platform\'s official app store. Third-party sources might have lax standards for hosted applications, making it easier for malicious actors to upload and distribute malware. - Turn on [cloud-delivered protection](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/enabl]]> 2024-10-02T20:08:02+00:00 https://community.riskiq.com/article/5c7111cf www.secnews.physaphae.fr/article.php?IdArticle=8590706 False Spam,Malware,Tool,Vulnerability,Threat,Mobile None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-02T20:01:11+00:00 https://community.riskiq.com/article/a558d6ba www.secnews.physaphae.fr/article.php?IdArticle=8590707 False Tool,Vulnerability,Threat,Patching APT 38 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have disclosed that 5% of all Adobe Commerce and Magento stores have been hacked by malicious actors by exploiting a security vulnerability dubbed CosmicSting. Tracked as CVE-2024-34102 (CVSS score: 9.8), the critical flaw relates to an improper restriction of XML external entity reference (XXE) vulnerability that could result in remote code execution. The shortcoming,]]> 2024-10-02T17:43:00+00:00 https://thehackernews.com/2024/10/alert-adobe-commerce-and-magento-stores.html www.secnews.physaphae.fr/article.php?IdArticle=8590451 False Vulnerability,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-02T17:36:44+00:00 https://community.riskiq.com/article/33986739 www.secnews.physaphae.fr/article.php?IdArticle=8590671 True Ransomware,Spam,Malware,Tool,Threat None 2.0000000000000000 SecurityWeek - Security News Une brèche à Rackspace expose la fragilité de la chaîne d'approvisionnement du logiciel, déclenchant un jeu de blâme parmi les fournisseurs sur un jour zéro exploité.

---

>A breach at Rackspace exposes the fragility of the software supply chain, triggering a blame game among vendors over an exploited zero-day. ]]> 2024-10-02T17:29:25+00:00 https://www.securityweek.com/zero-day-breach-at-rackspace-sparks-vendor-blame-game/ www.secnews.physaphae.fr/article.php?IdArticle=8590636 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Dynamic malware analysis is a key part of any threat investigation. It involves executing a sample of a malicious program in the isolated environment of a malware sandbox to monitor its behavior and gather actionable indicators. Effective analysis must be fast, in-depth, and precise. These five tools will help you achieve it with ease. 1. Interactivity Having the ability to interact with the]]> 2024-10-02T16:30:00+00:00 https://thehackernews.com/2024/10/5-must-have-tools-for-effective-dynamic.html www.secnews.physaphae.fr/article.php?IdArticle=8590411 False Malware,Tool,Threat None 2.0000000000000000 ProofPoint - Firm Security 2024-10-02T15:41:01+00:00 https://www.proofpoint.com/us/newsroom/news/attackers-exploit-critical-zimbra-vulnerability-using-ccd-email-addresses www.secnews.physaphae.fr/article.php?IdArticle=8598045 False Vulnerability,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-02T15:38:15+00:00 https://community.riskiq.com/article/980e77f8 www.secnews.physaphae.fr/article.php?IdArticle=8590593 False Threat,Industrial None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-02T15:36:58+00:00 https://community.riskiq.com/article/d491ff08 www.secnews.physaphae.fr/article.php?IdArticle=8590594 False Ransomware,Malware,Tool,Vulnerability,Threat,Industrial None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Three different organizations in the U.S. were targeted in August 2024 by a North Korean state-sponsored threat actor called Andariel as part of a likely financially motivated attack. "While the attackers didn\'t succeed in deploying ransomware on the networks of any of the organizations affected, it is likely that the attacks were financially motivated," Symantec, part of Broadcom, said in a]]> 2024-10-02T15:30:00+00:00 https://thehackernews.com/2024/10/andariel-hacker-group-shifts-focus-to.html www.secnews.physaphae.fr/article.php?IdArticle=8590379 False Ransomware,Threat None 2.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET ESET Research details the tools and activities of a new China-aligned threat actor, CeranaKeeper, focusing on massive data exfiltration in Southeast Asia]]> 2024-10-02T13:00:00+00:00 https://www.welivesecurity.com/en/eset-research/separating-bee-panda-ceranakeeper-making-beeline-thailand/ www.secnews.physaphae.fr/article.php?IdArticle=8591094 False Tool,Threat None 3.0000000000000000