www.secnews.physaphae.fr

www.secnews.physaphae.fr This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-12T11:36:52+00:00 www.secnews.physaphae.fr We Live Security - Editeur Logiciel Antivirus ESET Séparer l'abeille du panda: Ceranakeeper faisant une conduite pour la Thaïlande Separating the bee from the panda: CeranaKeeper making a beeline for Thailand ESET Research details the tools and activities of a new China-aligned threat actor, CeranaKeeper, focusing on massive data exfiltration in Southeast Asia]]> 2024-10-02T13:00:00+00:00 https://www.welivesecurity.com/en/eset-research/separating-bee-panda-ceranakeeper-making-beeline-thailand/ www.secnews.physaphae.fr/article.php?IdArticle=8591094 False Tool,Threat None 3.0000000000000000 Global Security Mag - Site de news francais Netskope Threat Labs : GitHub en tête de la liste des applications cloud utilisées pour diffuser des malwares dans le secteur des assurances Investigations]]> 2024-10-02T12:07:53+00:00 https://www.globalsecuritymag.fr/netskope-threat-labs-github-en-tete-de-la-liste-des-applications-cloud.html www.secnews.physaphae.fr/article.php?IdArticle=8590432 False Threat,Cloud None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Les chercheurs sont une alarme solide sur les attaques actives exploitant la faille critique de Zimbra Postjournal Researchers Sound Alarm on Active Attacks Exploiting Critical Zimbra Postjournal Flaw Cybersecurity researchers are warning about active exploitation attempts targeting a newly disclosed security flaw in Synacor\'s Zimbra Collaboration. Enterprise security firm Proofpoint said it began observing the activity starting September 28, 2024. The attacks seek to exploit CVE-2024-45519, a severe security flaw in its postjournal service that could enable unauthenticated attackers to]]> 2024-10-02T11:26:00+00:00 https://thehackernews.com/2024/10/researchers-sound-alarm-on-active.html www.secnews.physaphae.fr/article.php?IdArticle=8590232 False Threat None 2.0000000000000000 Kaspersky - Kaspersky Research blog Trouver une aiguille dans une botte de foin: l'apprentissage automatique à l'avant-garde de la recherche de chasse aux menaces Finding a needle in a haystack: Machine learning at the forefront of threat hunting research How Kaspersky implemented machine learning for threat hunting in Kaspersky Security Network (KSN) global threat data.]]> 2024-10-02T10:00:37+00:00 https://securelist.com/machine-learning-in-threat-hunting/114016/ www.secnews.physaphae.fr/article.php?IdArticle=8590341 False Threat None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Demandez de grandes compétences de dépannage de la cybersécurité!Revenir aux bases. Demand Great Cybersecurity Troubleshooting Skills! Going Back to the Basics. 2024-10-02T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/demand-great-cybersecurity-troubleshooting-skills-going-back-to-the-basics www.secnews.physaphae.fr/article.php?IdArticle=8590371 False Tool,Vulnerability,Threat,Cloud,Technical None 2.0000000000000000 Global Security Mag - Site de news francais Le rapport Nokia Threat Intelligence Rapport trouve que les attaques cybercriminales contre les infrastructures de télécommunications accélèrent, motivées par l'IA générative et l'automatisation Nokia Threat Intelligence Report finds cybercriminal attacks on telco infrastructure are accelerating, driven by Generative AI and automation Rapports spéciaux

Nokia Threat Intelligence Report finds cybercriminal attacks on telco infrastructure are accelerating, driven by Generative AI and automation • The number and frequency of DDoS attacks have grown from one or two a day to well over 100 per day in many networks, based on traffic monitored by Nokia from June 2023 to June 2024. • North America has seen the highest number of cyberattacks due to the concentration and scale of telecom infrastructure and large enterprises in the United States. - Special Reports]]> 2024-10-02T09:15:18+00:00 https://www.globalsecuritymag.fr/nokia-threat-intelligence-report-finds-cybercriminal-attacks-on-telco.html www.secnews.physaphae.fr/article.php?IdArticle=8590366 False Threat None 3.0000000000000000 ProofPoint - Cyber Firms Mémoire de sécurité: Royal Mail Lures livrer le prince open source Ransomware Security Brief: Royal Mail Lures Deliver Open Source Prince Ransomware 2024-10-02T07:46:25+00:00 https://www.proofpoint.com/us/blog/threat-insight/security-brief-royal-mail-lures-deliver-open-source-prince-ransomware www.secnews.physaphae.fr/article.php?IdArticle=8590307 False Ransomware,Malware,Tool,Threat None 2.0000000000000000 Sekoia - Cyber Firms Bulbature, sous les vagues de gobrat Bulbature, beneath the waves of GobRAT Depuis le milieu de 2023, la détection des menaces de Sekoia & # 38;L'équipe de recherche (TDR) a étudié une infrastructure qui contrôle les appareils de bord compromis transformés en boîtes de relais opérationnelles utilisées pour lancer une cyberattaque offensive. la publication Suivante bulbature, sous les vagues de gobrat est un article de l'ONU de blog Sekoia.io .

>Since mid 2023, Sekoia Threat Detection & Research team (TDR) investigated an infrastructure which controls compromised edge devices transformed into Operational Relay Boxes used to launch offensive cyber attack. La publication suivante Bulbature, beneath the waves of GobRAT est un article de Sekoia.io Blog.]]> 2024-10-02T07:07:42+00:00 https://blog.sekoia.io/bulbature-beneath-the-waves-of-gobrat/ www.secnews.physaphae.fr/article.php?IdArticle=8590236 False Threat None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial Mitre libère un modèle de menace EMB3D amélioré avec de nouvelles atténuations, l'alignement ISA / IEC 62443-4-2 MITRE releases enhanced EMB3D Threat Model with new mitigations, ISA/IEC 62443-4-2 alignment MITRE, a not-for-profit organization, has announced the full release of the EMB3D Threat Model, which includes new mitigations.... ]]> 2024-10-02T05:21:28+00:00 https://industrialcyber.co/control-device-security/mitre-releases-enhanced-emb3d-threat-model-with-new-mitigations-isa-iec-62443-4-2-alignment/ www.secnews.physaphae.fr/article.php?IdArticle=8590199 False Threat None 2.0000000000000000 The State of Security - Magazine Américain Les principales menaces de sécurité de la base de données et comment les empêcher Major Database Security Threats and How to Prevent Them Human nature tells us that we\'ll go for the low-hanging fruit before climbing a tree. Since threat actors are (after all) human, the same applies to them. Since databases are particularly vulnerable to many lower-level attacks, they are constantly at high risk. From misconfiguration to credential theft, these repositories of sensitive information can be preyed upon by even the most nascent cybercriminals. However, this Achilles\' heel also makes them easy to protect – once you know what threatens them. This article will focus on a handful of major database security threats and what you need to...]]> 2024-10-02T03:33:09+00:00 https://www.tripwire.com/state-of-security/major-database-security-threats-prevent www.secnews.physaphae.fr/article.php?IdArticle=8590303 False Threat None 2.0000000000000000 Intigrity - Blog Justifier les budgets de la cybersécurité: le pouvoir de l'analyse cyber-menace Justifying cybersecurity budgets: The power of cyber threat analysis Cybersecurity is not just an IT concern, but a business imperative. Cyber threats pose significant financial, reputational, and legal risks. From data breaches that lay bare sensitive information to ransomware attacks that paralyze operations, the costs of insufficient cybersecurity can be catastrophic. Yet, many security teams struggle to justify the budget needed to bolster …]]> 2024-10-02T00:00:00+00:00 https://blog.intigriti.com/business-insights/justifying-cybersecurity-budgets-cyber-threat-analysis www.secnews.physaphae.fr/article.php?IdArticle=8592228 False Ransomware,Threat None 2.0000000000000000 Zimperium - cyber risk firms for mobile Couverture Zimperium sur Coldriver Phishing Campaign Zimperium Coverage on COLDRIVER Phishing Campaign La campagne "River of Phish" récemment découverte, attribuée à l'acteur de menace russe Coldriver, cible la société civile occidentale et russe à travers des attaques sophistiquées de phission de lance.

>The recently uncovered "River of Phish" campaign, attributed to the Russian threat actor COLDRIVER, targets Western and Russian civil society through sophisticated spear-phishing attacks. ]]> 2024-10-01T22:55:59+00:00 https://www.zimperium.com/blog/zimperium-coverage-on-coldriver-phishing-campaign/ www.secnews.physaphae.fr/article.php?IdArticle=8589979 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Le voleur Rhadamanthys propulsé par AI cible les portefeuilles crypto avec reconnaissance d'image AI-Powered Rhadamanthys Stealer Targets Crypto Wallets with Image Recognition The threat actors behind the Rhadamanthys information stealer have added new advanced features to the malware, including using artificial intelligence (AI) for optical character recognition (OCR) as part of what\'s called "Seed Phrase Image Recognition." "This allows Rhadamanthys to extract cryptocurrency wallet seed phrases from images, making it a highly potent threat for anyone dealing in]]> 2024-10-01T22:04:00+00:00 https://thehackernews.com/2024/10/ai-powered-rhadamanthys-stealer-targets.html www.secnews.physaphae.fr/article.php?IdArticle=8589787 False Malware,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) Key Group: another ransomware group using leaked builders 2024-10-01T20:22:38+00:00 https://community.riskiq.com/article/e0ace9f8 www.secnews.physaphae.fr/article.php?IdArticle=8589941 False Ransomware,Spam,Malware,Tool,Threat,Prediction None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) Intrusion silencieuse: démêler l'attaque sophistiquée tirant parti du code pour un accès non autorisé Silent Intrusion: Unraveling the Sophisticated Attack Leveraging VS Code for Unauthorized Access 2024-10-01T18:52:16+00:00 https://community.riskiq.com/article/5296fcfd www.secnews.physaphae.fr/article.php?IdArticle=8589879 False Malware,Tool,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) Cyber-acteurs iraniens ciblant les comptes personnels pour soutenir les opérations Iranian Cyber Actors Targeting Personal Accounts to Support Operations 2024-10-01T18:19:51+00:00 https://community.riskiq.com/article/42850d7b www.secnews.physaphae.fr/article.php?IdArticle=8589880 False Malware,Tool,Threat,Industrial None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) Plus de 300 000!Gorillabot: Le nouveau roi des DDOS attaque Over 300,000! GorillaBot: The New King of DDoS Attacks 2024-10-01T17:37:43+00:00 https://community.riskiq.com/article/0bcef023 www.secnews.physaphae.fr/article.php?IdArticle=8589848 False Malware,Threat,Cloud None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial La gamme Cloud a été choisie par la Garde nationale du Nebraska pour offrir une TEP pour l'événement de formation Cyber Tatanka Cloud Range was chosen by Nebraska National Guard to offer VTE for Cyber Tatanka training event Cloud Range announced that it was chosen by the Nebraska National Guard to provide a Virtual Threat Environment... ]]> 2024-10-01T17:22:37+00:00 https://industrialcyber.co/news/cloud-range-was-chosen-by-nebraska-national-guard-to-offer-vte-for-cyber-tatanka-training-event/ www.secnews.physaphae.fr/article.php?IdArticle=8589819 False Threat,Cloud None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) La campagne d'azote laisse tomber le ruban et se termine par le ransomware de Blackcat Nitrogen Campaign Drops Sliver and Ends With BlackCat Ransomware 2024-10-01T16:19:24+00:00 https://community.riskiq.com/article/d0473059 www.secnews.physaphae.fr/article.php?IdArticle=8589815 False Ransomware,Spam,Malware,Tool,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) Hadooken and K4Spreader: The 8220 Gang\'s Latest Arsenal 2024-10-01T16:15:17+00:00 https://community.riskiq.com/article/416b07c0 www.secnews.physaphae.fr/article.php?IdArticle=8589816 False Malware,Vulnerability,Threat,Cloud None 2.0000000000000000 Korben - Bloger francais Doom sur GPU - Plus besoin de processeur pour faire tourner le FPS culte 2024-10-01T15:37:10+00:00 https://korben.info/doom-gpu-fps-culte-emancipe-processeur.html www.secnews.physaphae.fr/article.php?IdArticle=8589724 False Threat None 2.0000000000000000 Bleeping Computer - Magazine Américain Données de surveillance du rackspace volées dans une attaque de Sciencelogic Zero-Day Rackspace monitoring data stolen in ScienceLogic zero-day attack Cloud hosting provider Rackspace suffered a data breach exposing "limited" customer monitoring data after threat actors exploited a zero-day vulnerability in a third-party tool used by the ScienceLogic SL1 platform. [...]]]> 2024-10-01T15:30:04+00:00 https://www.bleepingcomputer.com/news/security/rackspace-monitoring-data-stolen-in-sciencelogic-zero-day-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8589882 False Data Breach,Tool,Vulnerability,Threat,Cloud None 2.0000000000000000 AhnLab - Korean Security Firm Informations sur la règle de détection hebdomadaire (Yara et Snort) & # 8211;Semaine 1, octobre 2024 Weekly Detection Rule (YARA and Snort) Information – Week 1, October 2024 Ce qui suit est les informations sur les règles de Yara et Snort (semaine 1, octobre 2024) collectées et partagées par le service AhnLab Tip.6 Yara Rules Nom de la détection Description Source Susp_EXPL_LNX_CUPS_CVE_2024_47177_SEP24 Détecte la commande foomatipcommandline suspecte dans la configuration d'imprimante, qui pourrait être utilisée pour exploiter les tasses CVE-2024-47177 https://github.com/neo23x0/Pk_aruba_ar06 kit de phishing imitant Aruba S.P.A. https://github.com/t4d/phishingkit-yara-rules pk_dhl_x911_2 phishing [& # 8230;] 게시물 hebdomadaireInformations sur la règle de détection (YARA et SNORT) & # 8211;Semaine 1, octobre 2024 이 It.

>The following is the information on Yara and Snort rules (week 1, October 2024) collected and shared by the AhnLab TIP service. 6 YARA Rules Detection name Description Source SUSP_EXPL_LNX_CUPS_CVE_2024_47177_Sep24 Detects suspicious FoomaticRIPCommandLine command in printer config, which could be used to exploit CUPS CVE-2024-47177 https://github.com/Neo23x0/signature-base PK_Aruba_ar06 Phishing Kit impersonating Aruba S.p.A. https://github.com/t4d/PhishingKit-Yara-Rules PK_DHL_x911_2 Phishing […] 게시물 Weekly Detection Rule (YARA and Snort) Information – Week 1, October 2024이 ASEC에 처음 등장했습니다.]]> 2024-10-01T15:00:00+00:00 https://asec.ahnlab.com/en/83485/ www.secnews.physaphae.fr/article.php?IdArticle=8590129 False Threat None 2.0000000000000000 Mandiant - Blog Sécu de Mandiant Capa Explorer Web: un outil Web pour l'analyse des capacités du programme capa Explorer Web: A Web-Based Tool for Program Capability Analysis capa, developed by Mandiant\'s FLARE team, is a reverse engineering tool that automates the identification of program capabilities. In this blog post we introduce capa Explorer Web, a browser-based tool to display the capabilities found by capa. The capa Explorer Web UI provides an intuitive and interactive way to visualize the capa analysis results. This feature was implemented by Soufiane Fariss (@s-ff) as part of the Google Summer of Code (GSoC) project that the Mandiant FLARE team mentored in 2024.

Figure 1: Using capa Explorer Web to visualize the results of a dropper Background capa analyzes programs using various backends, such as IDA Pro, Ghidra, and CAPE, to extract features. Then it identifies capabilities by matching these features against rules written by experts. A program matches a capability rule when its extracted features match the set of conditions declared in the rule. Before the release of capa Explorer Web, the capa Explorer IDA plugin was the only]]> 2024-10-01T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/capa-explorer-web-program-capability-analysis/ www.secnews.physaphae.fr/article.php?IdArticle=8589678 False Tool,Threat,Studies,Cloud,Technical None 2.0000000000000000 Global Security Mag - Site de news francais ThreatQuotient™ lance e la version 6 de la plateforme ThreatQ Produits]]> 2024-10-01T13:13:46+00:00 https://www.globalsecuritymag.fr/threatquotient-tm-lance-e-la-version-6-de-la-plateforme-threatq.html www.secnews.physaphae.fr/article.php?IdArticle=8589671 False Threat None 2.0000000000000000 Global Security Mag - Site de news francais Veeam lance Veeam Recon Scanner Produits]]> 2024-10-01T13:11:48+00:00 https://www.globalsecuritymag.fr/veeam-lance-veeam-recon-scanner.html www.secnews.physaphae.fr/article.php?IdArticle=8589672 False Tool,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Nouvelle attaque de cryptojacking cible l'API Docker pour créer un botnet Swarm malveillant New Cryptojacking Attack Targets Docker API to Create Malicious Swarm Botnet Cybersecurity researchers have uncovered a new cryptojacking campaign targeting the Docker Engine API with the goal of co-opting the instances to join a malicious Docker Swarm controlled by the threat actor. This enabled the attackers to "use Docker Swarm\'s orchestration features for command-and-control (C2) purposes," Datadog researchers Matt Muir and Andy Giron said in an analysis. The attacks]]> 2024-10-01T10:42:00+00:00 https://thehackernews.com/2024/10/new-cryptojacking-attack-targets-docker.html www.secnews.physaphae.fr/article.php?IdArticle=8589420 False Threat None 2.0000000000000000 ProofPoint - Cyber Firms Navigation du programme pilote de cybersécurité électronique pour obtenir un financement, partie 1: guidage de soumission Navigating the E-Rate Cybersecurity Pilot Program to Secure Funding, Part 1: Submission Guidance A new federal program provides funding for ]]> 2024-10-01T09:36:04+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/schools-libraries-200m-cybersecurity-pilot-program www.secnews.physaphae.fr/article.php?IdArticle=8589786 False Ransomware,Malware,Tool,Vulnerability,Threat,Cloud None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial Le DOJ Audit trouve que la CISA fait face à des défis dans le partage d'informations sur la cyber-menace, car la participation touche à basse DoJ audit finds CISA faces challenges in cyber threat information sharing, as participation hits record low The Office of Inspector General (OIG) within the U.S. Department of Homeland Security (DHS) detailed that the Cybersecurity... ]]> 2024-10-01T08:42:52+00:00 https://industrialcyber.co/reports/doj-audit-finds-cisa-faces-challenges-in-cyber-threat-information-sharing-as-participation-hits-record-low/ www.secnews.physaphae.fr/article.php?IdArticle=8589514 False Threat None 2.0000000000000000 Global Security Mag - Site de news francais 63% des organisations considèrent que l'IA est un avantage plus important que la menace pour la sécurité 63% of organisations consider AI to be a greater benefit than threat to security Rapports spéciaux

63% of organisations consider AI to be a greater benefit than threat to security Databarracks\' research shows that artificial intelligence is reshaping cyber security - Special Reports]]> 2024-10-01T06:57:11+00:00 https://www.globalsecuritymag.fr/63-of-organisations-consider-ai-to-be-a-greater-benefit-than-threat-to-security.html www.secnews.physaphae.fr/article.php?IdArticle=8589475 False Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) Flaw critique dans Nvidia Container Toolkit permet une prise de contrôle complète de l'hôte Critical flaw in NVIDIA Container Toolkit allows full host takeover 2024-10-01T01:32:34+00:00 https://community.riskiq.com/article/a35e980e www.secnews.physaphae.fr/article.php?IdArticle=8589333 False Tool,Vulnerability,Threat,Cloud,Technical None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) Rhadamanthys Stealer ajoute une fonctionnalité d'IA innovante dans la version 0.7.0 Rhadamanthys Stealer Adds Innovative AI Feature in Version 0.7.0 2024-09-30T22:38:35+00:00 https://community.riskiq.com/article/c9ea8588 www.secnews.physaphae.fr/article.php?IdArticle=8589253 False Ransomware,Spam,Malware,Tool,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) Paris sur les robots: enquêter sur les logiciels malveillants Linux, l'exploitation de la cryptographie et les abus d'API de jeu Betting on Bots: Investigating Linux malware, crypto mining, and gambling API abuse ## Snapshot Researchers from Elastic Security Labs uncovered a sophisticated Linux malware campaign that began in March 2024, targeting vulnerable servers through an exploited Apache2 web server. ## Description After gaining access, the attackers deployed a mix of malware, includ]]> 2024-09-30T22:23:50+00:00 https://community.riskiq.com/article/68e49ad7 www.secnews.physaphae.fr/article.php?IdArticle=8589254 False Malware,Tool,Threat None 2.0000000000000000 Contagio - Site d infos ransomware 2024-09-24 Mineurs de crypto-monnaie de malware Linux, chargeur de beignets, Rudevil Rat, Kaiji- Stagiaire et DDOS BOTNET 2024-09-24 Linux Malware Cryptocurrency Miners, DONUT LOADER, RUDEVIL RAT, KAIJI- Stager and DDoS botnet samples 2024-09-30T20:58:59+00:00 https://contagiodump.blogspot.com/2024/09/2024-09-24-linux-malware-cryptocurrency.html www.secnews.physaphae.fr/article.php?IdArticle=8589281 False Malware,Tool,Threat None 2.0000000000000000 Recorded Future - FLux Recorded Future CISA s'engage à résoudre les problèmes avec le système de partage des menaces après rapport CISA pledges to resolve issues with threat sharing system after watchdog report The nation\'s top cyber agency said it has plans to revitalize a system used to share cybersecurity threat information after a government watchdog raised concerns about the program\'s recent shortcomings.]]> 2024-09-30T20:18:37+00:00 https://therecord.media/cisa-pledges-to-resolve-threat-sharing-program-issues-oig-report www.secnews.physaphae.fr/article.php?IdArticle=8589157 False Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) MDR in Action: Preventing The More_eggs Backdoor From Hatching 2024-09-30T18:45:01+00:00 https://community.riskiq.com/article/4cb94d70 www.secnews.physaphae.fr/article.php?IdArticle=8589111 False Ransomware,Malware,Tool,Threat,Prediction None 2.0000000000000000 Checkpoint - Fabricant Materiel Securite Comment protéger vos systèmes à partir des vulnérabilités des tasses Linux How to Safeguard Your Systems from Linux CUPS Vulnerabilities Le 23 septembre, un chercheur en sécurité nommé Simone Margaritelli (mauxocket sur X) a révélé 4 vulnérabilités dans le système d'impression UNIX commun à empreinte ouverte (CUPS), un système d'impression modulaire pour les systèmes d'exploitation de type UNIX qui permettent aux utilisateurs de gérer des imprimeurs et des imprimésemplois.En raison d'une réponse inadéquate des développeurs suivant le processus de divulgation responsable, Margaritelli a décidé de publier publiquement les vulnérabilités.De façon inquiétante, les vulnérabilités nouvellement découvertes peuvent être exploitées pour former une chaîne d'exploitation, permettant à un attaquant d'établir un dispositif d'impression malveillant et contrefait sur un système Linux exposé à réseau, ce qui déclencherait l'exécution du code à distance lors de la soumission d'un [& # exposé à un réseau [& #8230;]

>On September 23rd, a security researcher named Simone Margaritelli (evilSocket on X) disclosed 4 vulnerabilities in OpenPrinting Common Unix Printing System (CUPS), a modular printing system for Unix-like operating systems that enables users to manage printers and print jobs. Due to an inadequate response from the developers following the responsible disclosure process, Margaritelli decided to publish the vulnerabilities publicly. Worryingly, the newly uncovered vulnerabilities can be leveraged to form an exploit chain, allowing an attacker to establish a malicious, counterfeit printing device on a network-exposed Linux system running CUPS, which would trigger remote code execution upon the submission of a […] ]]> 2024-09-30T17:12:01+00:00 https://blog.checkpoint.com/securing-the-cloud/linux-cups-vulnerabilities/ www.secnews.physaphae.fr/article.php?IdArticle=8589417 False Vulnerability,Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Vulnérabilités de RCE critiques trouvées dans le système d'impression UNIX commun Critical RCE Vulnerabilities Found in Common Unix Printing System The newly identified vulnerabilities exploit improper input validation when managing printer requests over the network]]> 2024-09-30T15:30:00+00:00 https://www.infosecurity-magazine.com/news/rce-vulnerabilities-cups/ www.secnews.physaphae.fr/article.php?IdArticle=8588970 False Vulnerability,Threat None 3.0000000000000000 Checkpoint Research - Fabricant Materiel Securite 30 septembre & # 8211;Rapport de renseignement sur les menaces 30th September – Threat Intelligence Report Pour les dernières découvertes en cyber recherche pour la semaine du 30 septembre, veuillez télécharger notre bulletin de renseignement sur les menaces.Les meilleures attaques et violation du service de transfert d'argent américain Moneygram ont connu une cyberattaque qui a conduit à des pannes de réseau importantes qui ont perturbé ses services à l'échelle mondiale.L'attaque a affecté les transactions en argent, en particulier dans les Caraïbes, la Jamaïque et [& # 8230;]

>For the latest discoveries in cyber research for the week of 30th September, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES American money transfer service MoneyGram has experienced a cyber-attack which led to significant network outages that disrupted its services globally. The attack has affected money transactions, particularly in the Caribbean, Jamaica and […] ]]> 2024-09-30T14:28:47+00:00 https://research.checkpoint.com/2024/30th-september-threat-intelligence-report/ www.secnews.physaphae.fr/article.php?IdArticle=8588931 False Threat None 2.0000000000000000 Dark Reading - Informationweek Branch L'opération élaborée Deepfake prend une réunion avec le sénateur américain Elaborate Deepfake Operation Takes a Meeting With US Senator The threat actors managed to gain access to Sen. Ben Cardin (D-Md.) by posing as a Ukrainian official, before quickly being outed.]]> 2024-09-30T14:00:42+00:00 https://www.darkreading.com/cyberattacks-data-breaches/elaborate-deepfake-operation-meeting-us-senator www.secnews.physaphae.fr/article.php?IdArticle=8589005 False Threat None 3.0000000000000000 Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique Les laboratoires de menace de Netskope découvrent les nouvelles techniques furtives de Xworm \\ Netskope Threat Labs Uncovers New XWorm\\'s Stealthy Techniques Résumé XWORM est un outil polyvalent relativement nouveau découvert en 2022. Il permet aux attaquants de remplir une variété de fonctions, qui comprennent l'accès à des informations sensibles, l'obtention d'un accès à distance et le déploiement de logiciels malveillants supplémentaires.La nature multiforme de Xworm fait appel aux acteurs de menace, comme en témoignent son utilisation présumée plus tôt cette année par [& # 8230;]

>Summary XWorm is a relatively new versatile tool that was discovered in 2022. It enables attackers to carry out a variety of functions, which include accessing sensitive information, gaining remote access, and deploying additional malware. The multifaceted nature of XWorm is appealing to threat actors, as evidenced by its alleged use earlier this year by […] ]]> 2024-09-30T14:00:00+00:00 https://www.netskope.com/blog/netskope-threat-labs-uncovers-new-xworms-stealthy-techniques www.secnews.physaphae.fr/article.php?IdArticle=8588890 False Malware,Tool,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) Faits saillants hebdomadaires OSINT, 30 septembre 2024 Weekly OSINT Highlights, 30 September 2024 2024-09-30T13:21:55+00:00 https://community.riskiq.com/article/70e8b264 www.secnews.physaphae.fr/article.php?IdArticle=8588927 False Ransomware,Malware,Tool,Vulnerability,Threat,Patching,Mobile ChatGPT,APT 36 2.0000000000000000 Global Security Mag - Site de news francais Le rapport 2024 Threat Hunter Perspective d\'OpenText Cybersecurity montre les dégâts croissants causés par la collaboration entre les États-nations et les réseaux de cybercriminalité Investigations]]> 2024-09-30T09:43:47+00:00 https://www.globalsecuritymag.fr/le-rapport-2024-threat-hunter-perspective-d-opentext-cybersecurity-montre-les.html www.secnews.physaphae.fr/article.php?IdArticle=8588761 False Threat None 4.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Le Royaume-Uni et les États-Unis mettent en garde contre la croissance de la menace de phishing de la lance iranienne UK and US Warn of Growing Iranian Spear Phishing Threat Security agencies from the UK and US are urging individuals with Middle East links to beware of Iranian spear phishing attacks]]> 2024-09-30T08:30:00+00:00 https://www.infosecurity-magazine.com/news/uk-us-warn-iranian-spearphishing/ www.secnews.physaphae.fr/article.php?IdArticle=8588701 False Threat None 2.0000000000000000 Sekoia - Cyber Firms Hadooken et K4Spreader: le dernier arsenal du 8220 Gang \\ Hadooken and K4Spreader: The 8220 Gang\\'s Latest Arsenal hadooken et k4spreader: le gang 8220 & # 8217;Dernier arsenal est un article de sekoia.io blog .

On 17 September 2024, Sekoia\'s Threat Detection & Research (TDR) team identified a notable infection chain targeting both Windows and Linux systems through our Oracle WebLogic honeypot. The attacker exploited CVE-2017-10271 and CVE-2020-14883 Weblogic vulnerabilities to deploy Python and Bash scripts, executing the K4Spreader malware, which then delivered the Tsunami backdoor and a cryptominer. For Windows systems, the attacker attempted to execute a PowerShell script designed to install a cryptominer via a .NET-based loader. La publication suivante Hadooken and K4Spreader: The 8220 Gang’s Latest Arsenal est un article de Sekoia.io Blog.]]> 2024-09-30T07:15:00+00:00 https://blog.sekoia.io/hadooken-and-k4spreader-the-8220-gangs-latest-arsenal/ www.secnews.physaphae.fr/article.php?IdArticle=8588663 False Malware,Vulnerability,Threat None 3.0000000000000000 The State of Security - Magazine Américain La menace croissante des faux candidats The Growing Threat Of Fake Job Applicants It cannot be denied that the rise of remote work has opened up many opportunities for both employers and job seekers. Despite this, however, it has also presented a plethora of challenges when it comes to recruiting in the cybersecurity and tech spaces, one of the most notable of which is the proliferation of candidates who either don\'t exist entirely or who aren\'t who they claim to be. Companies have embraced digital channels and processes to streamline recruitment and onboarding, saving time, money, resources, and extending opportunities to workers who are not bound by geographical red tape...]]> 2024-09-30T02:45:40+00:00 https://www.tripwire.com/state-of-security/growing-threat-fake-job-applicants www.secnews.physaphae.fr/article.php?IdArticle=8588665 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Crypto Scam App Déguisée en WalletConnect vole 70 000 $ en campagne cinq mois Crypto Scam App Disguised as WalletConnect Steals $70K in Five-Month Campaign Cybersecurity researchers have discovered a malicious Android app on the Google Play Store that enabled the threat actors behind it to steal approximately $70,000 in cryptocurrency from victims over a period of nearly five months. The dodgy app, identified by Check Point, masqueraded as the legitimate WalletConnect open-source protocol to trick unsuspecting users into downloading it. "Fake]]> 2024-09-28T15:24:00+00:00 https://thehackernews.com/2024/09/crypto-scam-app-disguised-as.html www.secnews.physaphae.fr/article.php?IdArticle=8587241 False Threat,Mobile None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) Définir les outils de Pisses étincelants: Klogexe et FPSPY Unraveling Sparkling Pisces\\'s Tool Set: KLogEXE and FPSpy 2024-09-27T21:35:40+00:00 https://community.riskiq.com/article/47182999 www.secnews.physaphae.fr/article.php?IdArticle=8586858 False Ransomware,Malware,Tool,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) MALWORED SLY Trouvé dans les faux installateurs de Google Chrome et MS Teams Sly Malware Found in Fake Google Chrome and MS Teams Installers 2024-09-27T20:41:06+00:00 https://community.riskiq.com/article/a01c8267 www.secnews.physaphae.fr/article.php?IdArticle=8586823 False Ransomware,Malware,Tool,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) BBTOK ciblant le Brésil: déobfuscation du chargeur .NET avec DNLIB et PowerShell BBTok Targeting Brazil: Deobfuscating the .NET Loader with dnlib and PowerShell 2024-09-27T20:23:31+00:00 https://community.riskiq.com/article/bd8f61d5 www.secnews.physaphae.fr/article.php?IdArticle=8586824 False Malware,Tool,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) OSINT ENQUÊTE: Chasse des infrastructures malveillantes liées à la tribu transparente OSINT Investigation: Hunting Malicious Infrastructure Linked to Transparent Tribe 2024-09-27T19:44:31+00:00 https://community.riskiq.com/article/f74aeee5 www.secnews.physaphae.fr/article.php?IdArticle=8586788 True Ransomware,Malware,Tool,Threat,Mobile APT 36 3.0000000000000000 Dark Reading - Informationweek Branch La nouvelle chaîne d'exploitation permet de contourner les Windows UAC Novel Exploit Chain Enables Windows UAC Bypass Adversaries can exploit CVE-2024-6769 to jump from regular to admin access without triggering UAC, but Microsoft says it\'s not really a vulnerability.]]> 2024-09-27T19:16:44+00:00 https://www.darkreading.com/vulnerabilities-threats/exploit-chain-windows-uac-bypass www.secnews.physaphae.fr/article.php?IdArticle=8586756 False Vulnerability,Threat None 3.0000000000000000 Vuln GCP - FLux Vuln GoogleCloudPlatform GCP-2024-056 Bulletin de sécurité GKE logiciel GDC pour VMware Security Bulletin gke sur le bulletin de sécurité AWS gke sur le bulletin de sécurité azur GDC Software for Bare Metal Security Bulletin Aucun cve-2024-47076 CVE-2024-47175 cve-2024-47176 cve-2024-47177

Published: 2024-09-27Description Description Severity Notes A vulnerability chain (CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, CVE-2024-47177) that could result in remote code execution was discovered in the CUPS printing system used by some Linux distributions. An attacker can exploit this vulnerability if the CUPS services are listening on UDP port 631 and they can connect to it. For instructions and more details, see the following bulletins: GKE security bulletin GDC software for VMware security bulletin GKE on AWS security bulletin GKE on Azure security bulletin GDC software for bare metal security bulletin None CVE-2024-47076 CVE-2024-47175 CVE-2024-47176 CVE-2024-47177 ]]> 2024-09-27T18:41:20+00:00 https://cloud.google.com/support/bulletins/index#gcp-2024-056 www.secnews.physaphae.fr/article.php?IdArticle=8586725 False Vulnerability,Threat,Cloud None None RiskIQ - cyber risk firms (now microsoft) Backdoor Unleashed: Patchwork Apt Group \\'s Sophistiqué d'évasion des défenses Nexe Backdoor Unleashed: Patchwork APT Group\\'s Sophisticated Evasion of Defenses 2024-09-27T18:16:10+00:00 https://community.riskiq.com/article/9c6186d5 www.secnews.physaphae.fr/article.php?IdArticle=8586752 False Ransomware,Malware,Tool,Threat,Patching None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Comment planifier et se préparer aux tests de pénétration How to Plan and Prepare for Penetration Testing As security technology and threat awareness among organizations improves so do the adversaries who are adopting and relying on new techniques to maximize speed and impact while evading detection. Ransomware and malware continue to be the method of choice by big game hunting (BGH) cyber criminals, and the increased use of hands-on or “interactive intrusion” techniques is especially alarming.]]> 2024-09-27T16:56:00+00:00 https://thehackernews.com/2024/09/how-to-plan-and-prepare-for-penetration.html www.secnews.physaphae.fr/article.php?IdArticle=8586456 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft identifie Storm-0501 comme une menace majeure dans les attaques de ransomware de cloud hybride Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks The threat actor known as Storm-0501 has targeted government, manufacturing, transportation, and law enforcement sectors in the U.S. to stage ransomware attacks. The multi-stage attack campaign is designed to compromise hybrid cloud environments and perform lateral movement from on-premises to cloud environment, ultimately resulting in data exfiltration, credential theft, tampering, persistent]]> 2024-09-27T16:41:00+00:00 https://thehackernews.com/2024/09/microsoft-identifies-storm-0501-as.html www.secnews.physaphae.fr/article.php?IdArticle=8586457 False Ransomware,Threat,Legislation,Cloud None 3.0000000000000000 Security Intelligence - Site de news Américain Le contrôle d'accès devient mobile - est-ce la voie à suivre? Access control is going mobile - Is this the way forward? L'année dernière, le plus haut volume de cyberattaques (30%) a commencé de la même manière: un cyber-criminel utilisant des informations d'identification valides pour accéder.Encore plus préoccupant, l'indice de renseignement sur les menaces X-Force 2024 a révélé que cette méthode d'attaque a augmenté de 71% par rapport à 2022. Les chercheurs ont également découvert une augmentation de 266% des infostateurs pour obtenir des informations d'identification à utiliser [& # 8230;]

>Last year, the highest volume of cyberattacks (30%) started in the same way: a cyber criminal using valid credentials to gain access. Even more concerning, the X-Force Threat Intelligence Index 2024 found that this method of attack increased by 71% from 2022. Researchers also discovered a 266% increase in infostealers to obtain credentials to use […] ]]> 2024-09-27T13:00:00+00:00 https://securityintelligence.com/articles/access-control-mobile-the-way-forward/ www.secnews.physaphae.fr/article.php?IdArticle=8586525 False Threat,Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Vulnérabilité de la boîte à outils Critical Nvidia Container pourrait accorder un accès complet aux attaquants Critical NVIDIA Container Toolkit Vulnerability Could Grant Full Host Access to Attackers A critical security flaw has been disclosed in the NVIDIA Container Toolkit that, if successfully exploited, could allow threat actors to break out of the confines of a container and gain full access to the underlying host. The vulnerability, tracked as CVE-2024-0132, carries a CVSS score of 9.0 out of a maximum of 10.0. It has been addressed in NVIDIA Container Toolkit version v1.16.2 and]]> 2024-09-27T11:24:00+00:00 https://thehackernews.com/2024/09/critical-nvidia-container-toolkit.html www.secnews.physaphae.fr/article.php?IdArticle=8586271 False Vulnerability,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) Méfiez-vous de Fake Vérifiez que vous êtes une demande humaine qui offre des logiciels malveillants Beware Of Fake Verify You Are Human Request That Delivers Malware 2024-09-26T21:55:00+00:00 https://community.riskiq.com/article/e0fff69a www.secnews.physaphae.fr/article.php?IdArticle=8586020 True Ransomware,Spam,Malware,Tool,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) Inside Snipbot: la dernière variante de logiciels malveillants ROMCOM Inside SnipBot: The Latest RomCom Malware Variant 2024-09-26T21:43:27+00:00 https://community.riskiq.com/article/159819ae www.secnews.physaphae.fr/article.php?IdArticle=8586021 False Ransomware,Malware,Tool,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) À l'intérieur du Dragon: DragonForce Ransomware Group Inside the Dragon: DragonForce Ransomware Group 2024-09-26T21:16:05+00:00 https://community.riskiq.com/article/61fcf62d www.secnews.physaphae.fr/article.php?IdArticle=8586022 False Ransomware,Malware,Tool,Threat None 2.0000000000000000 Palo Alto Network - Site Constructeur Unit 42 Incident Response Retainers Enhance Organizational Resilience Examiner deux cas de réponse aux incidents de l'unité 42 qui fournissent des informations précieuses sur la façon dont le paysage des menaces d'aujourd'hui évolue et les stratégies nécessaires.

>Examine two Unit 42 incident response cases that provide valuable insights into how today\'s threat landscape evolves and the strategies needed against it. ]]> 2024-09-26T21:11:46+00:00 https://www.paloaltonetworks.com/blog/2024/09/unit-42-incident-response-retainers-enhance-organizational-resilience/ www.secnews.physaphae.fr/article.php?IdArticle=8585942 False Threat None 2.0000000000000000 Team Cymru - Equipe de Threat Intelligence Annonce de l'intégration de l'équipe Cymru Scout avec Palo Alto Cortex XSOAR Announcing the Team Cymru Scout Integration With Palo Alto Cortex XSOAR Enhance threat investigations by combining the world\'s largest threat intelligence data lake with powerful automation and workflow...]]> 2024-09-26T20:49:15+00:00 https://www.team-cymru.com/post/announcing-the-team-cymru-scout-integration-with-palo-alto-cortex-xsoar www.secnews.physaphae.fr/article.php?IdArticle=8585941 False Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) LummaC2: Obfuscation Through Indirect Control Flow 2024-09-26T20:44:19+00:00 https://community.riskiq.com/article/2fffd877 www.secnews.physaphae.fr/article.php?IdArticle=8585985 False Ransomware,Spam,Malware,Tool,Threat,Cloud None 2.0000000000000000 Dark Reading - Informationweek Branch Mises à niveau de sécurité disponibles pour 3 bogues de réseautage HPE ARUBA Security Upgrades Available for 3 HPE Aruba Networking Bugs The vendor says there are no reports of the flaws being exploited in the wild nor any public exploit codes currently available.]]> 2024-09-26T20:15:58+00:00 https://www.darkreading.com/vulnerabilities-threats/security-upgrades-available-hpe-aruba-networking-bugs www.secnews.physaphae.fr/article.php?IdArticle=8585955 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Les pirates coréens de N. déploient de nouveaux logiciels malveillants Klogexe et FPSPy dans des attaques ciblées N. Korean Hackers Deploy New KLogEXE and FPSpy Malware in Targeted Attacks Threat actors with ties to North Korea have been observed leveraging two new malware strains dubbed KLogEXE and FPSpy. The activity has been attributed to an adversary tracked as Kimsuky, which is also known as APT43, ARCHIPELAGO, Black Banshee, Emerald Sleet (formerly Thallium), Sparkling Pisces, Springtail, and Velvet Chollima. "These samples enhance Sparkling Pisces\' already extensive arsenal]]> 2024-09-26T17:58:00+00:00 https://thehackernews.com/2024/09/n-korean-hackers-deploy-new-klogexe-and.html www.secnews.physaphae.fr/article.php?IdArticle=8585629 False Malware,Threat APT 43 2.0000000000000000 Zimperium - cyber risk firms for mobile Zimperium détecte de nouveaux logiciels espions Android ciblant la Corée du Sud Zimperium Detects New Android Spyware Targeting South Korea Les chercheurs en sécurité de CYBLE ont découvert une nouvelle campagne de logiciels spyware Android ciblant principalement les individus en Corée du Sud.Ce malware sophistiqué, déguisé en applications légitimes, constitue une menace significative pour la confidentialité des utilisateurs et la sécurité des données.

>Security researchers at Cyble have uncovered a new Android spyware campaign primarily targeting individuals in South Korea. This sophisticated malware, masquerading as legitimate applications, poses a significant threat to user privacy and data security. ]]> 2024-09-26T17:54:24+00:00 https://www.zimperium.com/blog/zimperium-detects-new-android-spyware-targeting-south-korea/ www.secnews.physaphae.fr/article.php?IdArticle=8585859 False Malware,Threat,Mobile None 2.0000000000000000 CrowdStrike - CTI Society Comment CrowdStrike chasse, identifie et bat des menaces axées sur le nuage How CrowdStrike Hunts, Identifies and Defeats Cloud-Focused Threats Adversaries\' persistent efforts to evade advancements in threat awareness and defense have shaped a cyber threat landscape dominated by their stealthy, fast-moving tactics. As they expand into the cloud environments where most organizations now operate, the need to hunt and remediate threats has become crucial. The CrowdStrike 2024 Threat Hunting Report examines how adversaries are […]]]> 2024-09-26T17:20:34+00:00 https://www.crowdstrike.com/blog/how-crowdstrike-hunts-identifies-and-defeats-cloud-threats/ www.secnews.physaphae.fr/article.php?IdArticle=8586712 False Threat,Cloud None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) Les acteurs de la menace exploitent Docker Swarm et Kubernetes pour exploiter la crypto-monnaie à grande échelle Threat Actors leverage Docker Swarm and Kubernetes to mine cryptocurrency at scale 2024-09-26T16:55:32+00:00 https://community.riskiq.com/article/a7e421ed www.secnews.physaphae.fr/article.php?IdArticle=8585822 False Malware,Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) EPSS vs CVSS: Quelle est la meilleure approche de la priorisation de la vulnérabilité? EPSS vs. CVSS: What\\'s the Best Approach to Vulnerability Prioritization? Many businesses rely on the Common Vulnerability Scoring System (CVSS) to assess the severity of vulnerabilities for prioritization. While these scores provide some insight into the potential impact of a vulnerability, they don\'t factor in real-world threat data, such as the likelihood of exploitation. With new vulnerabilities discovered daily, teams don\'t have the time - or the budget - to]]> 2024-09-26T16:30:00+00:00 https://thehackernews.com/2024/09/epss-vs-cvss-whats-best-approach-to.html www.secnews.physaphae.fr/article.php?IdArticle=8585579 False Vulnerability,Threat None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial Levelblue Research trouve la cybersécurité négligée dans les secteurs de la fabrication et des transports LevelBlue research finds cybersecurity neglected in manufacturing and transportation sectors LevelBlue, fournisseur de services de sécurité de réseau gérés, de détection et de réponse gérés, de conseil stratégique et de renseignement sur les menaces, publié sur ...

>LevelBlue, provider of managed network security services, managed detection and response, strategic consulting, and threat intelligence, released on... ]]> 2024-09-26T12:06:10+00:00 https://industrialcyber.co/news/levelblue-research-finds-cybersecurity-neglected-in-manufacturing-and-transportation-sectors/ www.secnews.physaphae.fr/article.php?IdArticle=8585573 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) CloudFlare met en garde contre les pirates liés à l'Inde ciblant les entités sud et asiatiques Cloudflare Warns of India-Linked Hackers Targeting South and East Asian Entities An advanced threat actor with an India nexus has been observed using multiple cloud service providers to facilitate credential harvesting, malware delivery, and command-and-control (C2). Web infrastructure and security company Cloudflare is tracking the activity under the name SloppyLemming, which is also called Outrider Tiger and Fishing Elephant. "Between late 2022 to present, SloppyLemming]]> 2024-09-26T11:48:00+00:00 https://thehackernews.com/2024/09/cloudflare-warns-of-india-linked.html www.secnews.physaphae.fr/article.php?IdArticle=8585401 False Malware,Threat,Cloud None 3.0000000000000000 Dark Reading - Informationweek Branch Genai écrit du code malveillant pour répandre l'asyncrat GenAI Writes Malicious Code to Spread AsyncRAT Researchers have uncovered one of the first examples of threat actors using artificial intelligence chatbots for malware creation, in a phishing attack spreading the open source remote access Trojan.]]> 2024-09-26T10:30:28+00:00 https://www.darkreading.com/cyber-risk/genai-writes-malicious-code-spread-asyncrat www.secnews.physaphae.fr/article.php?IdArticle=8585619 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Les pirates chinois infiltrent les fournisseurs Internet américains dans la campagne de cyber-espionnage Chinese Hackers Infiltrate U.S. Internet Providers in Cyber Espionage Campaign Nation-state threat actors backed by Beijing broke into a "handful" of U.S. internet service providers (ISPs) as part of a cyber espionage campaign orchestrated to glean sensitive information, The Wall Street Journal reported Wednesday. The activity has been attributed to a threat actor that Microsoft tracks as Salt Typhoon, which is also known as FamousSparrow and GhostEmperor. "Investigators]]> 2024-09-26T10:19:00+00:00 https://thehackernews.com/2024/09/chinese-hackers-infiltrate-us-internet.html www.secnews.physaphae.fr/article.php?IdArticle=8585335 False Threat None 2.0000000000000000 Kaspersky - Kaspersky Research blog Paysage des menaces pour les systèmes d'automatisation industrielle, T2 2024 Threat landscape for industrial automation systems, Q2 2024 In this report, we share statistics on threats to industrial control systems in Q2 2024, including statistics by region, industry, malware and other threat types.]]> 2024-09-26T08:00:48+00:00 https://securelist.com/industrial-threat-landscape-q2-2024/113981/ www.secnews.physaphae.fr/article.php?IdArticle=8585469 False Malware,Threat,Industrial None 2.0000000000000000 InformationSecurityBuzzNews - Site de News Securite CISA publie un guide pour autonomiser les acheteurs de logiciels dans la création d'un écosystème technologique sécurisé CISA Releases Guide to Empower Software Buyers in Creating a Secure Tech Ecosystem Recognizing that cyber criminals increasingly exploit software vulnerabilities, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has taken the lead with a new resource for software customers-the “Secure by Demand Guide.” The Guide is part of CISA’s ongoing effort to strengthen the cybersecurity resilience of businesses, organizations, and government agencies nationwide. The guide aims to [...]]]> 2024-09-26T03:39:55+00:00 https://informationsecuritybuzz.com/cisa-releases-guide-to-software-buyers/ www.secnews.physaphae.fr/article.php?IdArticle=8585302 False Vulnerability,Threat None 2.0000000000000000 CompromisingPositions - Podcast Cyber Épisode 47: piratage de notre capacité à penser: la philosophie de la confiance, de la cybersécurité et de l'IA EPISODE 47: Hacking Our Capacity To Think: The Philosophy Of Trust, Cybersecurity And AI https://www.lse.ac.uk/study-at-lse/en ligne-learning / Courses / Ethics-of-ai Une liste des livres de Dr Reinhard \\ via Amazon Bluedot Cours d'alignement de sécurité AI Ai fait semblant de ramasser une balle Chatgpt est Bullshit Documentaire DeepFake, un autre corps à propos du Dr Rebekka Reinhard Dr.Rebekka Reinhard est le fondateur et rédacteur en chef de «Human». t he Magazine, à la fois dans les formats imprimés et numériques (éditions allemandes et anglaises // trimestriel), c'est le ]]> 2024-09-25T23:00:00+00:00 https://www.compromisingpositions.co.uk/podcast/episode-47-hacking-thinking www.secnews.physaphae.fr/article.php?IdArticle=8585137 False Tool,Threat,Technical None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) Injection de logiciels espions dans la mémoire à long terme de votre chatppt (Spaiware) Spyware Injection Into Your ChatGPT\\'s Long-Term Memory (SpAIware) ## Snapshot An attack chain for the ChatGPT macOS application was discovered, where attackers could use prompt injection from untrusted data to insert persistent spyware into ChatGPT\'s memory. This vulnerability allowed for co]]> 2024-09-25T22:02:45+00:00 https://community.riskiq.com/article/693f83ba www.secnews.physaphae.fr/article.php?IdArticle=8585136 False Malware,Vulnerability,Threat ChatGPT 2.0000000000000000 Dark Reading - Informationweek Branch Chine \\ 'S \\' Salt Typhoon \\ 'prépare des cyberattaques sur les FAIS américains China\\'s \\'Salt Typhoon\\' Cooks Up Cyberattacks on US ISPs The state-sponsored advanced persistent threat (APT) is going after high-value communications service provider networks in the US, potentially with a dual set of goals.]]> 2024-09-25T20:41:24+00:00 https://www.darkreading.com/cyberattacks-data-breaches/chinas-salt-typhoon-cyberattacks-us-isps www.secnews.physaphae.fr/article.php?IdArticle=8585062 False Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) From 12 to 21: how we discovered connections between the Twelve and BlackJack groups 2024-09-25T20:17:02+00:00 https://community.riskiq.com/article/5143b172 www.secnews.physaphae.fr/article.php?IdArticle=8585100 False Ransomware,Malware,Tool,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) SilentSelfie: Uncovering a major watering hole campaign against Kurdish websites 2024-09-25T19:49:34+00:00 https://community.riskiq.com/article/7a357ffb www.secnews.physaphae.fr/article.php?IdArticle=8585058 True Ransomware,Tool,Threat,Mobile None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) Déstaurer les opérations de Salsemming \\ à travers l'Asie du Sud Unraveling SloppyLemming\\'s Operations Across South Asia 2024-09-25T18:33:07+00:00 https://community.riskiq.com/article/04edf537 www.secnews.physaphae.fr/article.php?IdArticle=8585015 False Ransomware,Malware,Tool,Vulnerability,Threat,Legislation,Cloud None 3.0000000000000000 Dark Reading - Informationweek Branch Le troisième bug d'Ivanti est sous l'exploit actif, prévient CISA Third Ivanti Bug Comes Under Active Exploit, CISA Warns Though the critical vulnerability was patched in August, Ivanti is reminding customers to update as soon as possible as attacks from unauthenticated threat actors start circulating.]]> 2024-09-25T18:03:57+00:00 https://www.darkreading.com/vulnerabilities-threats/cisa-adds-patched-ivanti-bug-kev-catalog www.secnews.physaphae.fr/article.php?IdArticle=8584937 False Vulnerability,Threat None 1.00000000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Maison Intel républicains demandent le FBI, SEC Briefing sur Temu House Intel Republicans request FBI, SEC briefing on Temu Les républicains du Congrès sur la Chambre Permanent Select Committee on Intelligence Demandent un briefing à la Commission du FBI et de la Securities Exchange Commission on E-Commerce App Temu et à sa société mère, Pinduoduo, affirmant que les deux constituent une menace potentielle pour la sécurité nationale et les données personnelles des Américains.Dans une lettre envoyée mardi au directeur du FBI Christopher Wray [& # 8230;]

>Congressional Republicans on the House Permanent Select Committee on Intelligence are requesting a briefing from the FBI and Securities Exchange Commission on e-commerce app Temu and its parent company, Pinduoduo, saying both pose a potential threat to national security and the personal data of Americans. In a letter sent Tuesday to FBI Director Christopher Wray […] ]]> 2024-09-25T17:22:56+00:00 https://cyberscoop.com/house-intelligence-republicans-temu-pinduoduo-zero-day/ www.secnews.physaphae.fr/article.php?IdArticle=8584933 False Threat None 2.0000000000000000 ZD Net - Magazine Info Le meilleur logiciel antivirus de 2024 The best antivirus software of 2024 If you\'re looking to protect yourself from the constant threat of surveillance and malware, we found the best antivirus that will help keep you and your information safe and secure.]]> 2024-09-25T16:15:00+00:00 https://www.zdnet.com/article/best-antivirus/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=8584873 False Malware,Threat None 1.00000000000000000000 Global Security Mag - Site de news francais Attaques de phishing mobile ciblant les entreprises surge Mobile Phishing Attacks Targeting Enterprises Surge, Zimperium Researchers Find Mise à jour malware

Mobile Phishing Attacks Targeting Enterprises Surge, Zimperium Researchers Find The 2024 zLabs Global Mobile Threat Report found 82% of phishing sites now targeting enterprise mobile devices Key Findings: ● 82% of phishing sites specifically targeted mobile devices ● Unique malware samples increased by 13% YoY ● 76% of phishing sites use HTTPS, giving victims a false sense of security ● Riskware and trojans represent 80% of observed malware threats - Malware Update]]> 2024-09-25T15:24:05+00:00 https://www.globalsecuritymag.fr/mobile-phishing-attacks-targeting-enterprises-surge-zimperium-researchers-find.html www.secnews.physaphae.fr/article.php?IdArticle=8584848 False Malware,Threat,Mobile None 1.00000000000000000000 HackRead - Chercher Cyber DragonForce Ransomware étend Raas, cible les entreprises du monde entier DragonForce Ransomware Expands RaaS, Targets Firms Worldwide DragonForce ransomware is expanding its RaaS operation and becoming a global cybersecurity threat against businesses worldwide. Companies must…]]> 2024-09-25T14:53:59+00:00 https://hackread.com/dragonforce-ransomware-expands-raas-targets-firms/ www.secnews.physaphae.fr/article.php?IdArticle=8584806 False Ransomware,Threat None 2.0000000000000000 Mandiant - Blog Sécu de Mandiant LUMMAC2: Obfuscation par flux de contrôle indirect LummaC2: Obfuscation Through Indirect Control Flow Overview This blog post delves into the analysis of a control flow obfuscation technique employed by recent LummaC2 (LUMMAC.V2) stealer samples. In addition to the traditional control flow flattening technique used in older versions, the malware now leverages customized control flow indirection to manipulate the execution of the malware. This technique thwarts all binary analysis tools including IDA Pro and Ghidra, significantly hindering not only the reverse engineering process, but also automation tooling designed to capture execution artifacts and generate detections. To provide insights to Google and Mandiant security teams, we developed an automated method for removing this protection layer through symbolic backward slicing. By leveraging the recovered control flow, we are able to rebuild and deobfuscate the samples into a format readily consumable for any static binary analysis platform. Protection Components Overview An obfuscating compiler, which we will also informally refer to as an "obfuscator," is a transformation tool designed to enhance the security of software binaries by making them more resilient to binary analysis. It operates by transforming a given binary into a protected representation, thereby increasing the difficulty for the code to be analyzed or tampered with. These transformations are typically applied at a per-function basis where the user selects the specific functions to apply these transformations to. Obfuscating compilers are distinct from packers, although they may incorporate packing techniques as part of their functionality. They fall under the broader classification of software protections, such as OLLVM, VMProtect, and Code Virtualizer, which provide comprehensive code transformation and protection mechanisms beyond simple packing. Notably, for all protected components, the original code will never be exposed in its original, unprotected form at any point during the runtime of a protected binary. It is also common for obfuscating compilers to mix the original compiler-generated code with obfuscator-introduced code. This generally tends to necessitate a comprehensive deobfuscator from an analyst in order to analyze the binary. The obfuscator employed by LummaC2 applies a multitude of transformations consistent with standard obfuscating compiler technology. Our concern only focuses on the newly introduced control flow protection scheme that we uncovered. Our analysis strongly suggests that the authors of the obfuscator have intimate knowledge of the LummaC2 stealer. Certain parts of the protection, as described in the upcoming sections, are specialized to handle specific components of the LummaC2 stealer. Dispatcher Blocks The obfuscator transforms the control flow of a protected function into one guided by "dispatcher blocks," ea]]> 2024-09-25T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/lummac2-obfuscation-through-indirect-control-flow/ www.secnews.physaphae.fr/article.php?IdArticle=8584760 False Malware,Tool,Threat,Studies None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine US House Bill aborde la menace croissante des cyber-acteurs chinois US House Bill Addresses Growing Threat of Chinese Cyber Actors House GOP unveiled a bill to combat Chinese cyber threats to US infrastructure, led by CISA and FBI]]> 2024-09-25T13:30:00+00:00 https://www.infosecurity-magazine.com/news/us-house-bill-chinese-cyber/ www.secnews.physaphae.fr/article.php?IdArticle=8584762 False Threat None 2.0000000000000000 GoogleSec - Firm Security Blog Éliminer les vulnérabilités de sécurité mémoire à la source Eliminating Memory Safety Vulnerabilities at the Source Safe Coding, a secure-by-design approach that prioritizes transitioning to memory-safe languages. This post demonstrates why focusing on Safe Coding for new code quickly and counterintuitively reduces the overall security risk of a codebase, finally breaking through the stubbornly high plateau of memory safety vulnerabilities and starting an exponential decline, all while being scalable and cost-effective. We\'ll also share updated data on how the percentage of memory safety vulnerabilities in Android dropped from 76% to 24% over 6 years as development shifted to memory safe languages. Counterintuitive results Consider a growing codebase primarily written in memory-unsafe languages, experiencing a constant influx of memory safety vulnerabilities. What happens if we gradually transition to memory-safe languages for new features, while leaving existing code mostly untouched except for bug fixes? We can simulate the results. After some years, the code base has the following makeup1 as new memory unsafe development slows down, and new memory safe development starts to take over:

In the final year of our simulation, despite the growth in memory-unsafe code, the number of memory safety vulnerabilities drops significantly, a seemingly counterintuitive result not seen with other strategies:

This reduction might seem paradoxical: how is this possible when the quantity of new memory unsafe code actually grew? The math The answer lies in an important observation: vulnerabilities decay exponentially. They have a half-life. The distribution of vulnerability lifetime follows an exponential distribution given an average vulnerability lifetime λ: ]]> 2024-09-25T12:59:41+00:00 http://security.googleblog.com/2024/09/eliminating-memory-safety-vulnerabilities-Android.html www.secnews.physaphae.fr/article.php?IdArticle=8587335 False Tool,Vulnerability,Threat,Studies,Patching,Mobile,Prediction,Cloud,Conference None 3.0000000000000000 Bleeping Computer - Magazine Américain CISA: Les pirates ciblent les systèmes industriels en utilisant des «méthodes non sophistiquées» CISA: Hackers target industrial systems using “unsophisticated methods” CISA warned today of threat actors trying to breach critical infrastructure networks by targeting Internet-exposed industrial devices using "unsophisticated" methods like brute force attacks and default credentials. [...]]]> 2024-09-25T12:18:21+00:00 https://www.bleepingcomputer.com/news/security/cisa-hackers-target-industrial-systems-using-unsophisticated-methods/ www.secnews.physaphae.fr/article.php?IdArticle=8584889 False Threat,Industrial None 1.00000000000000000000 Global Security Mag - Site de news francais TEHTRIS dévoile la version 13 de sa TEHTRIS XDR AI PLATFORM Produits]]> 2024-09-25T12:17:23+00:00 https://www.globalsecuritymag.fr/tehtris-devoile-la-version-13-de-sa-tehtris-xdr-ai-platform.html www.secnews.physaphae.fr/article.php?IdArticle=8584725 False Threat None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial Bitsight révèle les vulnérabilités zéro-jour dans les systèmes ATG, constituant une menace majeure pour les infrastructures critiques BitSight discloses zero-day vulnerabilities in ATG systems, posing major threat to critical infrastructure Une enquête de Bitsight Technologies \\ 'Trace Researchers a découvert de multiples vulnérabilités critiques à jour zéro sur six jauges de réservoir automatique ...

>An investigation by BitSight Technologies\' TRACE researchers has discovered multiple critical zero-day vulnerabilities across six Automatic Tank Gauge... ]]> 2024-09-25T07:16:23+00:00 https://industrialcyber.co/control-device-security/bitsight-discloses-zero-day-vulnerabilities-in-atg-systems-posing-major-threat-to-critical-infrastructure/ www.secnews.physaphae.fr/article.php?IdArticle=8584501 False Vulnerability,Threat None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial Google Détails UNC1860 Group de cyber-espionnage parrainé par l'État iranien ciblant les réseaux du Moyen-Orient Google details UNC1860 Iranian state-sponsored cyber espionage group targeting Middle Eastern networks Google researchers have revealed that an Iranian state-sponsored threat actor, identified as UNC1860 and likely linked to Iran\'s... ]]> 2024-09-25T07:05:20+00:00 https://industrialcyber.co/ransomware/google-details-unc1860-iranian-state-sponsored-cyber-espionage-group-targeting-middle-eastern-networks/ www.secnews.physaphae.fr/article.php?IdArticle=8584502 False Threat None 3.0000000000000000 InformationSecurityBuzzNews - Site de News Securite L'IA générative alimente la nouvelle vague de cyberattaques, HP avertit Generative AI Fuels New Wave of Cyberattacks, HP Warns Attackers are employing AI-generated scripts, leveraging malvertising to distribute rogue PDF tools, and embedding malware in image files. These developments mark a significant shift in the threat landscape, accelerating the frequency and complexity of cyberattacks. This was revealed by HP’s latest Threat Insights Report, based on data from April to June 2024, which offers valuable [...]]]> 2024-09-25T04:30:11+00:00 https://informationsecuritybuzz.com/generative-ai-fuels-new-cyberattacks/ www.secnews.physaphae.fr/article.php?IdArticle=8584437 False Malware,Tool,Threat None 3.0000000000000000 The State of Security - Magazine Américain Comprendre les attaques de réseau: types, tendances et stratégies d'atténuation Understanding Network Attacks: Types, Trends, and Mitigation Strategies At a time when digital connectivity is the lifeblood of all business operations, the specter of network attacks is greater than ever. As entities depend on complex network infrastructures, malefactors exploit vulnerabilities with growing sophistication and frequency. Understanding the diverse nature of these threats-from DoS and DDoS attacks to reconnaissance exploits-is crucial for devising effective defense strategies. This article delves into the primary types of network attacks, offering insights into their mechanisms and practical approaches to protecting today\'s networks against these...]]> 2024-09-25T03:39:12+00:00 https://www.tripwire.com/state-of-security/3-types-of-network-attacks www.secnews.physaphae.fr/article.php?IdArticle=8584578 False Vulnerability,Threat None 3.0000000000000000 IT Security Guru - Blog Sécurité L'adoption de l'IA devrait démêler des années de cyber-résilience AI Adoption Set to Unravel Years of Cyber Resilience A recent study conducted by e2e-assure, a provider of Threat Detection & Response services, has highlighted a significant discrepancy between the perceived effectiveness of AI policies and their actual implementation within UK organisations. Despite the majority of cyber risk owners expressing confidence in their AI policies, only a small proportion of employees are aware of […] ]]> 2024-09-24T20:31:13+00:00 https://www.itsecurityguru.org/2024/09/24/ai-adoption-set-to-unravel-years-of-cyber-resilience/?utm_source=rss&utm_medium=rss&utm_campaign=ai-adoption-set-to-unravel-years-of-cyber-resilience www.secnews.physaphae.fr/article.php?IdArticle=8584176 False Threat,Studies None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) HTML Tasseling: comment les URL blob sont abusées pour fournir du contenu de phishing HTML Smuggling: How Blob URLs are Abused to Deliver Phishing Content 2024-09-24T19:54:21+00:00 https://community.riskiq.com/article/4f3d919f www.secnews.physaphae.fr/article.php?IdArticle=8584173 False Ransomware,Malware,Tool,Threat,Cloud None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) Kryptina Raas: De la rejet insensable aux ransomwares d'entreprise Kryptina RaaS: From Unsellable Cast-Off to Enterprise Ransomware 2024-09-24T19:36:58+00:00 https://community.riskiq.com/article/2a16b748 www.secnews.physaphae.fr/article.php?IdArticle=8584174 False Ransomware,Malware,Tool,Vulnerability,Threat None 3.0000000000000000