This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-12T11:29:27+00:00 www.secnews.physaphae.fr RiskIQ - cyber risk firms (now microsoft) 2024-09-24T18:35:54+00:00 https://community.riskiq.com/article/0c22b270 www.secnews.physaphae.fr/article.php?IdArticle=8584133 False Malware,Threat,Mobile None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Ransomware is no longer just a threat; it\'s an entire industry. Cybercriminals are growing more sophisticated, and their tactics are evolving rapidly. This persistent danger is a major concern for business leaders. But there\'s good news: you don\'t have to be defenseless. What if you could gain a strategic edge? Join our exclusive webinar, "Unpacking the 2024 Ransomware Landscape: Insights and]]> 2024-09-24T17:30:00+00:00 https://thehackernews.com/2024/09/discover-latest-ransomware-tactics-and.html www.secnews.physaphae.fr/article.php?IdArticle=8583774 False Ransomware,Threat None 2.0000000000000000 Global Security Mag - Site de news francais Rapports spéciaux

---

Security debt in EMEA escalates amid rising cyber threat: Veracode report reveals urgent need for AI-powered remediation and application security posture management Two thirds of EMEA organisations grapple with security debt and nearly half have debt considered "critical" 80% of third-party code has critical security debt-significantly higher than the global average - Special Reports]]> 2024-09-24T16:57:19+00:00 https://www.globalsecuritymag.fr/security-debt-in-emea-escalates-amid-rising-cyber-threat-veracode-report.html www.secnews.physaphae.fr/article.php?IdArticle=8584016 False Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-24T16:49:49+00:00 https://community.riskiq.com/article/f51acbdb www.secnews.physaphae.fr/article.php?IdArticle=8584055 True Ransomware,Spam,Malware,Tool,Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Cybercriminals are increasingly prioritizing script-based phishing techniques over one based on traditional malicious documents]]> 2024-09-24T16:30:00+00:00 https://www.infosecurity-magazine.com/news/threat-actors-shift-javascript/ www.secnews.physaphae.fr/article.php?IdArticle=8584018 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) SaaS applications contain a wealth of sensitive data and are central to business operations. Despite this, far too many organizations rely on half measures and hope their SaaS stack will remain secure. Unfortunately, this approach is lacking and will leave security teams blind to threat prevention and detection, as well as open to regulatory violations, data leaks, and significant breaches. If]]> 2024-09-24T16:30:00+00:00 https://thehackernews.com/2024/09/the-sspm-justification-kit.html www.secnews.physaphae.fr/article.php?IdArticle=8583775 False Threat,Cloud None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-24T15:50:40+00:00 https://community.riskiq.com/article/2e4e14a8 www.secnews.physaphae.fr/article.php?IdArticle=8584008 False Ransomware,Malware,Tool,Threat None 2.0000000000000000 ProofPoint - Cyber Firms 2024-09-24T12:09:32+00:00 https://www.proofpoint.com/us/blog/threat-insight/security-brief-actor-uses-compromised-accounts-customized-social-engineering www.secnews.physaphae.fr/article.php?IdArticle=8583820 False Malware,Threat,Prediction None 2.0000000000000000 Global Security Mag - Site de news francais Investigations]]> 2024-09-24T12:08:22+00:00 https://www.globalsecuritymag.fr/n-able-cove-data-revele-une-augmentation-de-56-des-incidents-de-recuperation.html www.secnews.physaphae.fr/article.php?IdArticle=8583782 False Threat None 2.0000000000000000 GoogleSec - Firm Security Blog CVE-2023-4295, CVE-2023-21106, CVE-2021-0884, and more. Most exploitable GPU vulnerabilities are in the implementation of the GPU kernel mode modules. These modules are pieces of code that load/unload during runtime, extending functionality without the need to reboot the device. Proactive testing is good hygiene as it can lead to the detection and resolution of new vulnerabilities before they\'re exploited. It\'s also one of the most complex investigations to do as you don\'t necessarily know where the vulnerability will appear (that\'s the point!). By combining the expertise of Google\'s engineers with IP owners and OEMs, we can ensure the Android ecosystem retains a strong measure of integrity. Why investigate GPUs? When researching vulnerabilities, GPUs are a popular target due to: Functionality vs. Security Tradeoffs Nobody wants a slow, unresponsive device; any hits to GPU performance could result in a noticeably degraded user experience. As such, the GPU software stack in Android relies on an in-process HAL model where the API & user space drivers communicating with the GPU kernel mode module are running directly within the context of apps, thus avoiding IPC (interprocess communication). This opens the door for potentially untrusted code from a third party app being able to directly access the interface exposed by the GPU kernel module. If there are any vulnerabilities in the module, the third party app has an avenue to exploit them. As a result, a potentially untrusted code running in the context of the third party application is able to directly access the interface exposed by the GPU kernel module and exploit potential vulnerabilities in the kernel module. Variety & Memory Safety Additionally, the implementation of GPU subsystems (and kernel modules specifically) from major OEMs are increasingly complex. Kernel modules for most GPUs are typically written in memory unsafe languages such as C, which are susceptible to memory corruption vulnerabilities like buffer overflow. Can someone do something about this? Great news, we already have! Who\'s we? The Android Red Team and Arm! We\'ve worked together to run an engagement on the Mali GPU (more on that below), but first, a brief introduction: Android Red Team The Android Red Team performs time-bound security assessment engagements on all aspects of the Android open source cod]]> 2024-09-24T12:00:16+00:00 http://security.googleblog.com/2024/09/google-arm-raising-bar-on-gpu-security.html www.secnews.physaphae.fr/article.php?IdArticle=8587336 False Vulnerability,Threat,Mobile,Cloud None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Cybersecurity leaders should prioritize response and recovery over prevention to effectively navigate the ever-evolving threat landscape, according to Gartner analysts]]> 2024-09-24T11:30:00+00:00 https://www.infosecurity-magazine.com/news/zero-failure-tolerance/ www.secnews.physaphae.fr/article.php?IdArticle=8583776 False Threat None 1.00000000000000000000 Schneier on Security - Chercheur Cryptologue Américain

---

Israel’s brazen attacks on Hezbollah last week, in which hundreds of pagers and two-way radios exploded and killed at least 37 people, graphically illustrated a threat that cybersecurity experts have been warning about for years: Our international supply chains for computerized equipment leave us vulnerable. And we have no good means to defend ourselves. Though the deadly operations were stunning, none of the elements used to carry them out were particularly new. The tactics employed by Israel, which has neither confirmed nor denied any role, to hijack an international supply chain and embed plastic explosives in Hezbollah devices have been used for years. What’s new is that Israel put them together in such a devastating and extravagantly public fashion, bringing into stark relief what the future of great power competition will look like—in peacetime, wartime and the ever expanding ...]]> 2024-09-24T11:05:34+00:00 https://www.schneier.com/blog/archives/2024/09/israels-pager-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=8583734 False Vulnerability,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch The latest version of the evolving threat is a multi-stage attack demonstrating a move away from ransomware to purely espionage activities, typically targeting Ukraine and its supporters.]]> 2024-09-24T09:15:59+00:00 https://www.darkreading.com/threat-intelligence/romcom-malware-resurfaces-snipbot-variant www.secnews.physaphae.fr/article.php?IdArticle=8583773 False Ransomware,Malware,Threat None 2.0000000000000000 SecurityWeek - Security News Deloitte dit qu'aucune donnée sensible exposée après qu'un pirate notoire a divulgué ce qu'il prétendait être des communications internes.

---

>Deloitte says no sensitive data exposed after a notorious hacker leaked what he claimed to be internal communications.  ]]> 2024-09-24T08:51:08+00:00 https://www.securityweek.com/deloitte-says-no-threat-to-sensitive-data-after-hacker-claims-server-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8583649 False Threat Deloitte 2.0000000000000000 ProofPoint - Cyber Firms 2024-09-24T08:14:13+00:00 https://www.proofpoint.com/us/blog/information-protection/riding-genai-wave-safely-containing-insider-threats www.secnews.physaphae.fr/article.php?IdArticle=8583819 False Tool,Vulnerability,Threat,Prediction,Cloud,Technical ChatGPT 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-23T21:58:26+00:00 https://community.riskiq.com/article/e4645053 www.secnews.physaphae.fr/article.php?IdArticle=8583339 False Ransomware,Malware,Tool,Threat,Mobile,Cloud None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Targeted Geolocations - Russia - Brazil - Vietnam ## Snapshot Secure List by Kapersky released a report which reveals that the Necro Trojan has resurfaced, impacting both official and modified versions of popular apps like Spotify and Minecraft. ## Description This malware, known for its multi-stage architecture, uses advanced techniques su]]> 2024-09-23T21:11:53+00:00 https://community.riskiq.com/article/00186f0c www.secnews.physaphae.fr/article.php?IdArticle=8583302 False Malware,Threat,Mobile None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-23T20:11:29+00:00 https://community.riskiq.com/article/bc485b8b www.secnews.physaphae.fr/article.php?IdArticle=8583261 False Tool,Threat,Cloud None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-23T19:55:33+00:00 https://community.riskiq.com/article/5fd0ceda www.secnews.physaphae.fr/article.php?IdArticle=8583262 False Ransomware,Malware,Tool,Threat,Technical None 2.0000000000000000 Dark Reading - Informationweek Branch The $2.65B buy validates the growing importance of threat intelligence to enterprise security strategies.]]> 2024-09-23T19:52:37+00:00 https://www.darkreading.com/threat-intelligence/mastercard-bet-recorded-future-win-cti www.secnews.physaphae.fr/article.php?IdArticle=8583250 False Threat None 2.0000000000000000 Recorded Future - FLux Recorded Future The move is aimed at reducing the threat of adversaries breaking into connected cars and collecting sensitive data - including personal information and details about U.S. critical infrastructure - as well as controlling vehicles as they travel on American roads, according to a White House announcement.]]> 2024-09-23T17:00:31+00:00 https://therecord.media/biden-admin-proposes-rule-banning-russia-china-connected-cars-and-parts www.secnews.physaphae.fr/article.php?IdArticle=8583099 False Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-23T16:05:03+00:00 https://community.riskiq.com/article/2cc779bd www.secnews.physaphae.fr/article.php?IdArticle=8583096 False Ransomware,Malware,Tool,Vulnerability,Threat,Mobile,Industrial,Prediction,Cloud,Conference APT 10 2.0000000000000000 Global Security Mag - Site de news francais Revues de produits

---

Rapid7 Adds Extended Ecosystem Support of Third-Party Detections to Managed Detection and Response New Managed Threat Complete capabilities give Rapid7\'s Managed Detection and Response customers better command of their attack surface - Product Reviews]]> 2024-09-23T14:49:54+00:00 https://www.globalsecuritymag.fr/rapid7-inc-announced-the-addition-of-third-party-detections-for-defense-in.html www.secnews.physaphae.fr/article.php?IdArticle=8583015 False Threat None 2.0000000000000000 Mandiant - Blog Sécu de Mandiant Strategic Overview of IT Workers Since 2022, Mandiant has tracked and reported on IT workers operating on behalf of the Democratic People\'s Republic of North Korea (DPRK). These workers pose as non-North Korean nationals to gain employment with organizations across a wide range of industries in order to generate revenue for the North Korean regime, particularly to evade sanctions and fund its weapons of mass destruction (WMD) and ballistic missile programs. A U.S. government advisory in 2022 noted that these workers have also leveraged privileged access obtained through their employment in order to enable malicious cyber intrusions, an observation corroborated by Mandiant and other organizations. IT workers employ various methods for evading detection. We have observed the operators leverage front companies to disguise their true identities; additionally, U.S. government indictments show that non-North Korean individuals, known as “facilitators,” play a crucial role in enabling these IT workers in their efforts to seek and maintain employment. These individuals provide essential services that include, but are not limited to, laundering money and/or cryptocurrency, receiving and hosting company laptops at their residences, using stolen identities for employment verification, and accessing international financial systems.  This report aims to increase awareness of the DPRK\'s efforts to obtain employment as IT workers and shed light on their operational tactics for obtaining employment and maintaining access to corporate systems. Understanding these methods can help organizations better detect these sorts of suspicious behaviors earlier in the hiring process. In this blog post we\'ve included a sampling of the types of behaviors identified during our incident response engagements, and s]]> 2024-09-23T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/mitigating-dprk-it-worker-threat/ www.secnews.physaphae.fr/article.php?IdArticle=8582972 False Tool,Threat,Cloud,Technical None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors with ties to North Korea have been observed using poisoned Python packages as a way to deliver a new malware called PondRAT as part of an ongoing campaign. PondRAT, according to new findings from Palo Alto Networks Unit 42, is assessed to be a lighter version of POOLRAT (aka SIMPLESEA), a known macOS backdoor that has been previously attributed to the Lazarus Group and deployed in]]> 2024-09-23T12:09:00+00:00 https://thehackernews.com/2024/09/new-pondrat-malware-hidden-in-python.html www.secnews.physaphae.fr/article.php?IdArticle=8582747 False Malware,Threat APT 38 2.0000000000000000 Global Security Mag - Site de news francais Rapports spéciaux / / affiche

---

IT Professionals Brace for 2025 Threats as U.S. Businesses Face Growing AI-Enhanced Cyberattacks GetApp\'s 6th Annual Data Security Report reveals AI-enhanced cyberattacks as the top concern, with ransomware and phishing still posing significant, costly threats. U.S. businesses are preparing for the new normal of AI-enhanced cyberattacks, which are now ranked as the top threat by IT professionals for the year ahead. - Special Reports / affiche]]> 2024-09-23T12:05:47+00:00 https://www.globalsecuritymag.fr/it-professionals-brace-for-2025-threats-as-u-s-businesses-face-growing-ai.html www.secnews.physaphae.fr/article.php?IdArticle=8582937 False Ransomware,Threat None 2.0000000000000000 Checkpoint Research - Fabricant Materiel Securite Pour les dernières découvertes en cyber recherche pour la semaine du 23 septembre, veuillez télécharger notre bulletin de renseignement sur les menaces.Les meilleures attaques et violations du gang de ransomware de Medusa ont revendiqué la responsabilité d'une attaque contre le district scolaire public de Providence (PPSD) à Rhode Island.Le district scolaire est toujours aux prises avec des pannes Internet en cours depuis le 11 septembre [& # 8230;]

---

>For the latest discoveries in cyber research for the week of 23rd September, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Medusa ransomware gang has claimed responsibility for an attack on the Providence Public School District (PPSD) in Rhode Island. The school district is still grappling with ongoing internet outages since September 11, […] ]]> 2024-09-23T12:01:57+00:00 https://research.checkpoint.com/2024/23rd-september-threat-intelligence-report/ www.secnews.physaphae.fr/article.php?IdArticle=8582896 False Ransomware,Threat None 2.0000000000000000 Global Security Mag - Site de news francais Commentaires / / affiche

---

Redwood City, Kalifornien, USA – 16. September 2024 – Für Cyberkriminelle ist das Gesundheitssystem durch seine sensiblen Patientendaten eine Goldgrube. Daten von Check Point Research (CPR), der Threat Intelligence-Abteilung von Check Point® Software Technologies Ltd. (NASDAQ: CHKP), einem führenden Anbieter einer KI-gestützten, cloudbasierten Plattform für Cybersicherheit zeigen, dass 2024 im Durchschnitt wöchentlich 2.018 Cyberangriffe auf Gesundheitsorganisationen weltweit verübt wurden. Das ist eine Steigerung von 32 Prozent im Vergleich zum Vorjahr. APAC, Lateinamerika und Europa verzeichneten starke Anstiege, wobei Europa mit 56 Prozent den höchsten Anstieg aufwies. - Kommentare / affiche]]> 2024-09-23T11:31:41+00:00 https://www.globalsecuritymag.fr/goldgrube-gesundheitssystem-die-unerschopfliche-geldquelle-der-hacker.html www.secnews.physaphae.fr/article.php?IdArticle=8582893 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A suspected advanced persistent threat (APT) originating from China targeted a government organization in Taiwan, and possibly other countries in the Asia-Pacific (APAC) region, by exploiting a recently patched critical security flaw impacting OSGeo GeoServer GeoTools. The intrusion activity, which was detected by Trend Micro in July 2024, has been attributed to a threat actor dubbed Earth Baxia]]> 2024-09-23T10:19:00+00:00 https://thehackernews.com/2024/09/chinese-hackers-exploit-geoserver-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=8582674 False Malware,Threat,Prediction None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC potential to solve problems that traditional computers cannot handle, it also poses a significant threat to modern cybersecurity practices. Currently, most data encryption systems rely on algorithms that are effective against classical computers. However, quantum computers can break through these encryption methods with relative ease, leading to a new and unprecedented era of vulnerability. This makes quantum computing a double-edged sword—unlocking new possibilities while simultaneously disrupting the security foundations of the digital economy. Many companies that store and transmit sensitive information, such as financial data, health records, or intellectual property, are particularly at risk. Even though quantum computers are not widely accessible yet, the data encrypted today could be harvested and decrypted in the future using quantum technology. This is why businesses must act now to prepare for the quantum future, ensuring they are not caught off guard when this technology becomes mainstream. Being proactive will safeguard data and strengthen cybersecurity systems against emerging threats. Understanding Quantum Risks  The advent of quantum computing introduces a series of unprecedented risks to the current landscape of cybersecurity. While traditional cryptographic algorithms such as RSA and elliptic curve cryptography (ECC) have long been trusted to protect sensitive data, they are now under threat from quantum computers\' immense processing power. Quantum computing can break the mathematical problems that these encryption methods rely on, making them obsolete. ]]> 2024-09-23T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/quantum-computing-and-cybersecurity-preparing-for-a-new-age-of-threats www.secnews.physaphae.fr/article.php?IdArticle=8582817 False Vulnerability,Threat,Medical None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial The U.S. Department of Justice (DoJ) announced a court-authorized operation disrupting a global botnet employed by state-sponsored hackers... ]]> 2024-09-23T09:25:25+00:00 https://industrialcyber.co/threat-landscape/doj-disrupts-chinese-state-sponsored-botnet-targeting-global-networks-posing-threat-to-national-security/ www.secnews.physaphae.fr/article.php?IdArticle=8582820 False Threat None 3.0000000000000000 Global Security Mag - Site de news francais Revues de produits

---

Integrity360 puts remediation on the front line with launch of comprehensive CTEM as a Service with XM Cyber New service addresses the resource gap that can result from CTEM - Product Reviews]]> 2024-09-23T09:24:54+00:00 https://www.globalsecuritymag.fr/integrity360-announced-the-launch-of-its-new-continuous-threat-exposure.html www.secnews.physaphae.fr/article.php?IdArticle=8582823 False Threat None 2.0000000000000000 Dark Reading - Informationweek Branch The APT group uses spear-phishing and a vulnerability in a geospatial data-sharing server to compromise organizations in Taiwan, Japan, the Philippines, and South Korea.]]> 2024-09-23T01:00:00+00:00 https://www.darkreading.com/cyberattacks-data-breaches/china-earth-baxia-spies-geoserver-apac-orgs www.secnews.physaphae.fr/article.php?IdArticle=8582513 False Vulnerability,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-20T20:53:14+00:00 https://community.riskiq.com/article/9c8e0b72 www.secnews.physaphae.fr/article.php?IdArticle=8580819 True Ransomware,Spam,Malware,Tool,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-20T20:47:04+00:00 https://community.riskiq.com/article/93374d49 www.secnews.physaphae.fr/article.php?IdArticle=8580820 False Ransomware,Malware,Tool,Vulnerability,Threat,Prediction,Cloud None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-20T20:21:34+00:00 https://community.riskiq.com/article/fd913854 www.secnews.physaphae.fr/article.php?IdArticle=8583097 False Ransomware,Spam,Malware,Tool,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-20T19:42:19+00:00 https://community.riskiq.com/article/6dec4139 www.secnews.physaphae.fr/article.php?IdArticle=8580783 True Ransomware,Spam,Malware,Tool,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-20T19:10:59+00:00 https://community.riskiq.com/article/e7a82171 www.secnews.physaphae.fr/article.php?IdArticle=8580746 False Malware,Tool,Vulnerability,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch A North Korean advanced persistent threat (APT) actor (aka Gleaming Pisces) tried to sneak simple backdoors into public software packages.]]> 2024-09-20T18:57:27+00:00 https://www.darkreading.com/threat-intelligence/citrine-sleet-poisons-pypi-packages-mac-linux-malware www.secnews.physaphae.fr/article.php?IdArticle=8580748 False Malware,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-20T17:30:25+00:00 https://community.riskiq.com/article/9118dcb6 www.secnews.physaphae.fr/article.php?IdArticle=8580701 False Spam,Malware,Tool,Vulnerability,Threat,Industrial None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-20T17:15:19+00:00 https://community.riskiq.com/article/30229cf7 www.secnews.physaphae.fr/article.php?IdArticle=8580702 False Tool,Threat,Prediction,Technical None 4.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-20T16:51:05+00:00 https://community.riskiq.com/article/3cb5d189 www.secnews.physaphae.fr/article.php?IdArticle=8580658 True Ransomware,Spam,Malware,Tool,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-20T15:50:36+00:00 https://community.riskiq.com/article/906408c8 www.secnews.physaphae.fr/article.php?IdArticle=8580619 False Malware,Tool,Threat APT 38 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An Iranian advanced persistent threat (APT) threat actor likely affiliated with the Ministry of Intelligence and Security (MOIS) is now acting as an initial access facilitator that provides remote access to target networks. Google-owned Mandiant is tracking the activity cluster under the moniker UNC1860, which it said shares similarities with intrusion sets tracked by Microsoft, Cisco Talos, and]]> 2024-09-20T15:41:00+00:00 https://thehackernews.com/2024/09/iranian-apt-unc1860-linked-to-mois.html www.secnews.physaphae.fr/article.php?IdArticle=8580356 False Threat None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial The European Union Agency for Cybersecurity (ENISA) disclosed that seven prime cybersecurity threats were identified in 2024, with... ]]> 2024-09-20T14:44:53+00:00 https://industrialcyber.co/reports/enisa-threat-landscape-2024-identifies-availability-ransomware-data-attacks-as-key-cybersecurity-threats/ www.secnews.physaphae.fr/article.php?IdArticle=8580534 False Ransomware,Threat None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Cybersecurity company Forescout Technologies has announced Forescout for OT Security, its new SaaS OT (operational technology) security solution... ]]> 2024-09-20T14:42:14+00:00 https://industrialcyber.co/technology-solutions/forescout-ot-security-saas-offers-asset-intelligence-risk-management-threat-detection-for-hybrid-environments/ www.secnews.physaphae.fr/article.php?IdArticle=8580535 False Threat,Industrial,Cloud None 2.0000000000000000 Global Security Mag - Site de news francais Magic Quadrant]]> 2024-09-20T13:20:21+00:00 https://www.globalsecuritymag.fr/check-point-software-technologies-ltd-a-ete-nommee-entreprise-leader-dans-le.html www.secnews.physaphae.fr/article.php?IdArticle=8580520 False Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-20T13:20:01+00:00 https://community.riskiq.com/article/8f34c36c www.secnews.physaphae.fr/article.php?IdArticle=8580523 False Malware,Tool,Threat,Industrial,Commercial APT 10 2.0000000000000000 Bleeping Computer - Magazine Américain Dell has confirmed to BleepingComputer that they are investigating recent claims that it suffered a data breach after a threat actor leaked the data for over 10,000 employees. [...]]]> 2024-09-20T12:30:47+00:00 https://www.bleepingcomputer.com/news/security/dell-investigates-data-breach-claims-after-hacker-leaks-employee-info/ www.secnews.physaphae.fr/article.php?IdArticle=8580620 False Data Breach,Threat None 2.0000000000000000 ANSSI - Flux Étatique Francais smustakim ven 20/09/2024 - 09:21 Le 19 septembre 2024, l'ENISA a organisé la nouvelle édition de la Conférence annuelle Threathunt 2030 au Centre culturel Stavros Niarchos d'Athènes. L'occasion pour l'ANSSI et l'ensemble des partenaires de l'agence européenne de débattre sur les cybermenaces émergentes. Créée en 2004, l'European Union Agency for Cybersecurity (ENISA) joue un rôle stratégique dans la politique de l'Union européenne en matière de cybersécurité. Son cadre de coopération transversale vise à améliorer la fiabilité des produits, des services, et des infrastructures numériques au sein de l'Union européenne, notamment par la mise en place de schémas de certification et l'accompagnement de cadres règlementaires. Depuis deux décennies, cette institution s'affiche comme une conseillère de choix auprès des institutions, des agences et des entités européennes dans leurs projets cyber et participe au renforcement de leur résilience et des échanges entre elles. La Conférence Threathunt 2030 a été ponctuée d'une série de tables rondes interactives portant sur l'identification et l'anticipation des menaces émergentes auxquelles l'Union européenne pourrait faire face d'ici 2030. Les nombreux dialogues ont apporté une meilleure compréhension des méthodes et des moyens d'identifier ces menaces, mais aussi de les prévenir et d'y répondre, par le biais, entre autres, de la cryptographie post-quantique (PQC), de l'IA, et du développement de la coopération entre les partenaires. Invité par M. Juhan Lepassaar, directeur exécutif de l'ENISA, Vincent Strubel, directeur général de l'ANSSI a répondu présent et a participé à la table-ronde de clôture avec son homologue allemande Claudia Plattner et Juhan Lepassaar lui-même, afin d'aborder la manière dont l'Europe se prépare aux nouveaux défis cyber. Il a pris la parole avec l'ambition de partager sa vision, d'affirmer son soutien à la mise en œuvre]]> 2024-09-20T09:21:07+00:00 https://cyber.gouv.fr/actualites/participation-de-lanssi-la-conference-threathunt-2030-organisee-par-lenisa www.secnews.physaphae.fr/article.php?IdArticle=8598349 False Threat None 3.0000000000000000 Dark Reading - Informationweek Branch How the Kimsuky nation-state group and other threat actors are exploiting poor email security - and what organizations can do to defend themselves.]]> 2024-09-20T01:00:00+00:00 https://www.darkreading.com/threat-intelligence/north-korean-apt-bypasses-dmarc-email-cyber-espionage-attacks www.secnews.physaphae.fr/article.php?IdArticle=8579992 False Threat APT 43 4.0000000000000000 Contagio - Site d infos ransomware  2024-09-19 Mandiant: UNC1860 and the Temple of Oats: Iran\'s Hidden Hand in Middle Eastern NetworksUNC1860 is an Iranian state-sponsored threat actor, likely affiliated with the Ministry of Intelligence and Security (MOIS), known for its persistent and stealthy operations. It employs a variety of specialized tools, passive backdoors, and custom utilities to target high-priority networks, such as government and telecommunications entities in the Middle East.Passive Implants: UNC1860 relies on custom-made passive backdoors like TOFULOAD and WINTAPIX, which leverage undocumented Input/Output Control (IOCTL) commands for communication, bypassing standard detection mechanisms used by EDR systems. These implants operate without initiating outbound traffic, making them difficult to detect through traditional network monitoring tools.Windows Kernel Driver: UNC1860 repurposed a legitimate Iranian antivirus kernel mode driver, Sheed AV, for stealthy persistence. This driver is used in TEMPLEDROP, a passive backdoor that protects its own files and other malware it deploys, preventing modification and enhancing its evasion capabilities.Obfuscation and Encryption: The group implements custom XOR encryption and Base64 encoding/decoding libraries to avoid detection. For example, XORO, a rolling encryption module (MD5: 57cd8e220465aa8030755d4009d0117c), is used in several utilities such as TANKSHELL and TEMPLEPLAY. These encryption methods, although simple, are tailored to evade standard detection signatures.TEMPLEPLAY and VIROGREEN Controllers: These GUI-operated malware controllers allow UNC1860 or third-party actors to manage compromised systems easily. They provide features such as:Command execution via the Command Prompt Tab.File transfer through Upload and Download Tabs.Using infected systems as middleboxes through the Http Proxy Tab, facilitating RDP connections even in restricted environments.Web Shells and Droppers: Web shells like STAYSHANTE and SASHEYAWAY are frequently deployed after initial access is achieved. These shells enable further persistence by deploying full passive backdoors, such as TEMPLEDOOR and FACEFACE, which can execute commands, transfer files, and interact with system services.Multi-stage Implants: UNC1860 maintains a suite of "main-stage" implants with advanced capabilities, reserved for high-value targets. These implants, such as TOFULOAD and TEMPLEDROP, demonstrate the group\'s deep understanding of Windows kernel components and its ability to bypass security measures like kernel protections.Reverse Engineering and Evasion: UNC1860 exhibits strong reverse engineering skills, especially evident in their repurposing of legitimate software like Windows file system filter drivers. This allows the group to manipulate system components for stealthy operations, using advanced evasion techniques like terminating Windows Event Log service threads and restarting them as needed.]]> 2024-09-19T23:33:51+00:00 https://contagiodump.blogspot.com/2024/09/2024-09-19-unc1860-iran-apt-temple-of.html www.secnews.physaphae.fr/article.php?IdArticle=8580101 False Malware,Tool,Threat,Cloud None 2.0000000000000000 Dark Reading - Informationweek Branch Mastercard\'s $2.65 billion deal to acquire the threat intelligence provider will boost the credit card company\'s AI-based cybersecurity protection capabilities.]]> 2024-09-19T22:39:10+00:00 https://www.darkreading.com/threat-intelligence/mastercard-boosts-ai-security-recorded-future www.secnews.physaphae.fr/article.php?IdArticle=8580395 False Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-19T21:39:29+00:00 https://community.riskiq.com/article/e882507d www.secnews.physaphae.fr/article.php?IdArticle=8579917 False Malware,Tool,Threat,Cloud APT 34 3.0000000000000000 Contagio - Site d infos ransomware Trend Micro - Infection Chain2024-09-08 TrendMicro Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC Earth Baxia, a threat actor suspected to originate from China, has been targeting government organizations in Taiwan and other Asia-Pacific (APAC) countries, using spear-phishing emails and exploiting a vulnerability in GeoServer (CVE-2024-36401), a remote code execution (RCE) exploit. This exploit allowed the attackers to download or copy malicious components, which were then used to deploy customized Cobalt Strike payloads. Their modified Cobalt Strike version included altered signatures for evasion, and they introduced a new backdoor named EAGLEDOOR, which supports multiple communication protocols for payload delivery and information gathering.The infection chain typically began with spear-phishing emails that delivered malicious attachments or links. These emails often contained decoy documents to lure victims. One of the key methods used by Earth Baxia is the GrimResource technique, which involves downloading files from public cloud services such as AWS and Aliyun. The payloads were injected into legitimate processes using AppDomainManager injection to avoid detection.Earth Baxia\'s campaigns primarily targeted government agencies, telecommunication businesses, and the energy sector in countries such as Taiwan, South Korea, the Philippines, and Vietnam. Analysis of Cobalt Strike watermarks and server locations suggests a strong connection to China. During the attack, the group employed sophisticated malware-loading techniques, including DLL side-loading and process injection.Key malware involved in these campaigns included Cobalt Strike and EAGLEDOOR. The latter used Telegram for command-and-control (C&C) communications and supported various protocols like DNS, HTTP, and TCP for data exfiltration. Earth Baxia utilized public cloud services to host malicious files, making it harder to track their activities. They also used tools like curl for exfiltrating data from victim systems.Download]]> 2024-09-19T21:23:56+00:00 https://contagiodump.blogspot.com/2024/09/2024-09-18-earth-baxia-apt-ripcoy.html www.secnews.physaphae.fr/article.php?IdArticle=8580031 False Malware,Tool,Vulnerability,Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors have been observed targeting the construction sector by infiltrating the FOUNDATION Accounting Software, according to new findings from Huntress. "Attackers have been observed brute-forcing the software at scale, and gaining access simply by using the product\'s default credentials," the cybersecurity company said. Targets of the emerging threat include plumbing, HVAC (heating,]]> 2024-09-19T21:11:00+00:00 https://thehackernews.com/2024/09/hackers-exploit-default-credentials-in.html www.secnews.physaphae.fr/article.php?IdArticle=8579701 False Threat None 2.0000000000000000 TechRepublic - Security News US Read more about a China-linked threat actor that has compromised more than 260 000 devices worldwide to facilitate DDoS and other targeted attacks.]]> 2024-09-19T20:57:11+00:00 https://www.techrepublic.com/article/china-ddos-attack-fbi-confirms/ www.secnews.physaphae.fr/article.php?IdArticle=8579878 False Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-19T20:13:20+00:00 https://community.riskiq.com/article/25a3d547 www.secnews.physaphae.fr/article.php?IdArticle=8579832 False Ransomware,Spam,Malware,Tool,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch The first patch lets threat actors with low-level credentials still exploit the vulnerability, while the second fully resolves the flaw.]]> 2024-09-19T19:57:21+00:00 https://www.darkreading.com/application-security/poc-exploit-for-rce-flaw-but-patches-from-veeam www.secnews.physaphae.fr/article.php?IdArticle=8579794 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A previously undocumented malware called SambaSpy is exclusively targeting users in Italy via a phishing campaign orchestrated by a suspected Brazilian Portuguese-speaking threat actor. "Threat actors usually try to cast a wide net to maximize their profits, but these attackers are focused on just one country," Kaspersky said in a new analysis. "It\'s likely that the attackers are testing the]]> 2024-09-19T19:40:00+00:00 https://thehackernews.com/2024/09/new-brazilian-linked-sambaspy-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8579651 False Malware,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-19T19:39:05+00:00 https://community.riskiq.com/article/51658f70 www.secnews.physaphae.fr/article.php?IdArticle=8579833 False Malware,Tool,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The cryptojacking operation known as TeamTNT has likely resurfaced as part of a new campaign targeting Virtual Private Server (VPS) infrastructures based on the CentOS operating system. "The initial access was accomplished via a Secure Shell (SSH) brute force attack on the victim\'s assets, during which the threat actor uploaded a malicious script," Group-IB researchers Vito Alfano and Nam Le]]> 2024-09-19T18:57:00+00:00 https://thehackernews.com/2024/09/new-teamtnt-cryptojacking-campaign.html www.secnews.physaphae.fr/article.php?IdArticle=8579652 False Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-19T16:50:26+00:00 https://community.riskiq.com/article/a59d561c www.secnews.physaphae.fr/article.php?IdArticle=8579743 False Malware,Tool,Vulnerability,Threat,Industrial,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft has revealed that a financially motivated threat actor has been observed using a ransomware strain called INC for the first time to target the healthcare sector in the U.S. The tech giant\'s threat intelligence team is tracking the activity under the name Vanilla Tempest (formerly DEV-0832). "Vanilla Tempest receives hand-offs from GootLoader infections by the threat actor Storm-0494,]]> 2024-09-19T15:42:00+00:00 https://thehackernews.com/2024/09/microsoft-warns-of-new-inc-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=8579547 False Ransomware,Threat,Medical None 2.0000000000000000 IT Security Guru - Blog Sécurité Thoughtworks, a global technology consultancy, has formed a strategic partnership with Advanced Cyber Defence Systems (ACDS) to enhance its cybersecurity product offerings. Thoughtworks has been engaged to assess and advise on how to best advance the digital capabilities of ACDS’ product offerings, particularly in the Continuous Threat & Exposure Management (CTEM) and Attack Surface Management […] ]]> 2024-09-19T14:55:40+00:00 https://www.itsecurityguru.org/2024/09/19/thoughtworks-and-acds-partner-to-advance-cybersecurity-solutions/?utm_source=rss&utm_medium=rss&utm_campaign=thoughtworks-and-acds-partner-to-advance-cybersecurity-solutions www.secnews.physaphae.fr/article.php?IdArticle=8579650 False Threat None 3.0000000000000000 Mandiant - Blog Sécu de Mandiant Executive Summary UNC1860 is a persistent and opportunistic Iranian state-sponsored threat actor that is likely affiliated with Iran\'s Ministry of Intelligence and Security (MOIS). A key feature of UNC1860 is its collection of specialized tooling and passive backdoors that Mandiant believes supports several objectives, including its role as a probable initial access provider and its ability to gain persistent access to high-priority networks, such as those in the government and telecommunications space throughout the Middle East. UNC1860\'s tradecraft and targeting parallels with Shrouded Snooper, Scarred Manticore, and Storm-0861, Iran-based threat actors publicly reported to have targeted the telecommunications and government sectors in the Middle East. These groups have also reportedly provided initial access for destructive and disruptive operations that targeted Israel in late October 2023 with BABYWIPER and Albania in 2022 using ROADSWEEP. Mandiant cannot independently corroborate that UNC1860 was involved in providing initial access for these operations. However, we identified specialized UNC1860 tooling including GUI-operated malware controllers, which are likely designed to facilitate hand-off operations, further supporting the initial access role played by UNC1860. UNC1860 additionally maintains an arsenal of utilities and collection of “main-stage” passive backdoors designed to gain strong footholds into victim networks and establish persistent, long-term access. Among these main-stage backdoors includes a Windows kernel mode driver repurposed from a legitimate Iranian anti-virus software filter driver, reflecting the group\'s reverse engineering capabilities of Windows kernel components and detection evasion capabilities. These capabilities demonstrate that UNC1860 is a formidable threat actor that likely supports various objectives ranging from espionage to network attack operations. As tensions continue to ebb and flow in the Middle East, we belie]]> 2024-09-19T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/unc1860-iran-middle-eastern-networks/ www.secnews.physaphae.fr/article.php?IdArticle=8579617 False Malware,Tool,Vulnerability,Threat,Cloud,Technical APT 34 3.0000000000000000 Dark Reading - Informationweek Branch By enhancing threat detection, enabling real-time risk assessment, and providing predictive insights, AI is empowering organizations to build more robust defenses against cyber threats.]]> 2024-09-19T14:00:00+00:00 https://www.darkreading.com/cyber-riskai-driven-approach-risk-scoring-systems-cybersecurity www.secnews.physaphae.fr/article.php?IdArticle=8579623 False Threat None 2.0000000000000000 Dark Reading - Informationweek Branch By enhancing threat detection, enabling real-time risk assessment, and providing predictive insights, AI is empowering organizations to build more robust defenses against cyber threats.]]> 2024-09-19T14:00:00+00:00 https://www.darkreading.com/cyber-risk/ai-driven-approach-risk-scoring-systems-cybersecurity www.secnews.physaphae.fr/article.php?IdArticle=8579653 False Threat None 3.0000000000000000 RedCanary - Red Canary We\'re revisiting our annual Threat Detection Report with a midyear update highlighting trends from detections in the first half of 2024.]]> 2024-09-19T13:49:03+00:00 https://redcanary.com/blog/threat-detection/midyear-2024/ www.secnews.physaphae.fr/article.php?IdArticle=8579616 False Threat None 3.0000000000000000 HackRead - Chercher Cyber The U.S. Treasury sanctions the Intellexa Consortium and key figures for distributing Predator spyware, a serious national security…]]> 2024-09-19T13:14:21+00:00 https://hackread.com/us-sanctions-intellexa-spyware-national-security/ www.secnews.physaphae.fr/article.php?IdArticle=8579591 False Threat None 3.0000000000000000 Dark Reading - Informationweek Branch The Coalition for Secure AI (CoSAI) expanded its roster of members with the addition of threat intelligence management, collaboration and response orchestration vendor Cyware this week.]]> 2024-09-19T11:22:38+00:00 https://www.darkreading.com/threat-intelligence/coalition-for-secure-ai-safe-ethical-ai-development www.secnews.physaphae.fr/article.php?IdArticle=8579571 False Threat None 2.0000000000000000 Dark Reading - Informationweek Branch What happened to KnowBe4 also has happened to many other organizations, and is still a risk for companies of all sizes due to a sophisticated network of government-sponsored fake employees.]]> 2024-09-19T08:42:48+00:00 https://www.darkreading.com/vulnerabilities-threats/security-hire-north-korean-hacker-not-isolated-incident www.secnews.physaphae.fr/article.php?IdArticle=8579595 False Threat None 4.0000000000000000 Sekoia - Cyber Firms This blogpost examines the use of WebDAV technology in hosting malicious files related to the Emmenhtal loader, then analyses the various final payloads delivered through this infrastructure, and concludes by exploring the possibility that the infrastructure is being offered as-a-service to multiple threatacteurs. la Publication Suivante Webdav-as-a-Service: Découvrir l'infrastructure derrière la distribution du chargeur Emmenhtal est un article de blog Sekoia.io .

---

>This blogpost examines the use of WebDAV technology in hosting malicious files related to the Emmenhtal loader, then analyses the various final payloads delivered through this infrastructure, and concludes by exploring the possibility that the infrastructure is being offered as-a-service to multiple threat actors. La publication suivante WebDAV-as-a-Service: Uncovering the infrastructure behind Emmenhtal loader distribution est un article de Sekoia.io Blog.]]> 2024-09-19T07:41:03+00:00 https://blog.sekoia.io/webdav-as-a-service-uncovering-the-infrastructure-behind-emmenhtal-loader-distribution/ www.secnews.physaphae.fr/article.php?IdArticle=8579481 False Threat None 2.0000000000000000 Bleeping Computer - Magazine Américain A clever threat campaign is abusing GitHub repositories to distribute malware targeting users who frequent an open source project repository or are subscribed to email notifications from it. A malicious GitHub user opens a new "issue" on an open source repository falsely claiming that the project contains a "security vulnerability." [...]]]> 2024-09-19T07:07:38+00:00 https://www.bleepingcomputer.com/news/security/clever-github-scanner-campaign-abusing-repos-to-push-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8579545 False Malware,Vulnerability,Threat None 3.0000000000000000 TrendLabs Security - Editeur Antivirus We observed Earth Baxia carrying out targeted attacks against APAC countries that involved advanced techniques like spear-phishing and customized malware, with data suggesting that the group operates from China.]]> 2024-09-19T00:00:00+00:00 https://www.trendmicro.com/en_us/research/24/i/earth-baxia-spear-phishing-and-geoserver-exploit.html www.secnews.physaphae.fr/article.php?IdArticle=8579467 False Malware,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot Researchers at Zimperium have uncovered new details linking the Gigabud malware campaign to Golddigger and Spynote malware campaigns, revealing a coordinated effort impacting consumer-focused banking app users. Notably, the campaign\'s use of Spynote also make it a threat to corporations as attackers could potentially exfiltrate data from enterprise applications used by a victim\'s employer. ## Description Gigabud, a banking Trojan, and Spynote, an Android RAT, are both distributed via phishing sites impersonating trusted brands. Spynote allows attackers to take full control of infected devices, steal sensitive information, and monitor user activities, while Gigabud targets banking credentials to facilitate fraudulent transactions.  The campaign, which uses deceptive tactics such as fake Google Play Store websites, has broadened its scope to target over 50 financial apps, including 40 banks and cryptocurrency platforms. Notably, Virbox, a malware packer, is used to shield the malicious payloads from detection. According to Zimperium, the global scale of this operation reflects the sophistication of the threat actor. ## Recommendations - Only install applications from trusted sources and official stores. ]]> 2024-09-18T21:39:33+00:00 https://community.riskiq.com/article/0eb6df67 www.secnews.physaphae.fr/article.php?IdArticle=8579378 False Malware,Threat,Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have uncovered a never-before-seen botnet comprising an army of small office/home office (SOHO) and IoT devices that are likely operated by a Chinese nation-state threat actor called Flax Typhoon (aka Ethereal Panda or RedJuliett). The sophisticated botnet, dubbed Raptor Train by Lumen\'s Black Lotus Labs, is believed to have been operational since at least May 2020,]]> 2024-09-18T21:30:00+00:00 https://thehackernews.com/2024/09/new-raptor-train-iot-botnet-compromises.html www.secnews.physaphae.fr/article.php?IdArticle=8579234 False Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-18T20:52:52+00:00 https://community.riskiq.com/article/abd92865 www.secnews.physaphae.fr/article.php?IdArticle=8579370 False Ransomware,Malware,Threat,Cloud,Technical None 3.0000000000000000 Dark Reading - Informationweek Branch By accessing the MSSQL, threat actors gain admin-level access to the application, allowing them to automate their attacks.]]> 2024-09-18T20:51:52+00:00 https://www.darkreading.com/application-security/contractor-software-targeted-mssql-loophole www.secnews.physaphae.fr/article.php?IdArticle=8579359 False Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-18T19:10:32+00:00 https://community.riskiq.com/article/63e754dc www.secnews.physaphae.fr/article.php?IdArticle=8579323 False Malware,Tool,Vulnerability,Threat,Legislation None 2.0000000000000000 The Last Watchdog - Blog Sécurité de Byron V Acohido Austin, TX, 18 septembre 2024, CyberNewswire & # 8212; spycloud , leader de l'analyse cybercriminale, a annoncé aujourd'hui New Cybersecurity Research Soulignant la menace croissante et alarmante des infostellers &# 8211;Un type de logiciels malveillants conçu pour exfiltrer les données d'identité numérique, les informations d'identification de connexion, & # 8230; (plus…) Le message Alerte de nouvelles: l'étude Spycloud révèle que les logiciels malveillants \\ 'infoster \' peuvent être un précurseur d'une attaque de ransomware est apparu pour la première fois sur The Last Watchdog.

---

>Austin, TX, Sept. 18, 2024, CyberNewsWire — SpyCloud, the leader in Cybercrime Analytics, today announced new cybersecurity research highlighting the growing and alarming threat of infostealers – a type of malware designed to exfiltrate digital identity data, login credentials, … (more…) The post News alert: SpyCloud study reveals \'infostealer\' malware can be a precursor to a ransomware attack first appeared on The Last Watchdog.]]> 2024-09-18T17:58:28+00:00 https://www.lastwatchdog.com/news-alert-spycloud-study-reveals-infostealer-malware-can-be-a-precursor-to-a-ransomware-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8579265 False Ransomware,Malware,Threat,Studies None 3.0000000000000000 Vuln GCP - FLux Vuln GoogleCloudPlatform vmsa-2024-0019 qui ont un impact sur les composants vCenter déployés dans les environnements clients. Impact de service client Google a déjà désactivé tout exploit potentiel de cette vulnérabilité.Par exemple, Google a bloqué les ports à travers lesquels cette vulnérabilité pourrait être exploitée. En outre, Google garantit que tous les déploiements futurs de vCenter ne sont pas exposés à cette vulnérabilité. Que devraitJe fais? Aucune autre action n'est requise pour le moment. critique CVE-2024-38812 CVE-2024-38813

---

Published: 2024-09-18 Description Severity Notes VMware disclosed multiple vulnerabilities in VMSA-2024-0019 that impact vCenter components deployed in customer environments. Customer Care impact Google has already disabled any potential exploit of this vulnerability. For example, Google has blocked the ports through which this vulnerability could be exploited. In addition, Google ensures all future deployments of vCenter are not exposed to this vulnerability. What should I do? No further action is required at this time. Critical CVE-2024-38812 CVE-2024-38813 ]]> 2024-09-18T17:54:05+00:00 https://cloud.google.com/support/bulletins/index#gcp-2024-051 www.secnews.physaphae.fr/article.php?IdArticle=8579336 False Vulnerability,Threat None None CrowdStrike - CTI Society Today\'s threat landscape is defined by adversaries\' increasing speed and quickly evolving tactics. Now more than ever, it is imperative organizations unify and accelerate their security operations to detect, identify and respond to threats at the rapid pace of the adversary. This isn\'t always straightforward. Security teams are often burdened by complex technology deployments, siloed […]]]> 2024-09-18T15:48:20+00:00 https://www.crowdstrike.com/blog/driving-cybersecurity-forward-new-innovations-fal-con-2024/ www.secnews.physaphae.fr/article.php?IdArticle=8580524 False Threat,Cloud None 2.0000000000000000 CrowdStrike - CTI Society In the critical and constantly evolving identity security space, organizations are focused on three essential needs: Understanding identity posture: Visualizing and prioritizing risks associated with endpoints, applications and data as part of establishing baselines for user behavior. Proactive threat prevention: Mitigating known risks and remediating anomalies by blocking unacceptable activities and distinguishing between anomalous and […]]]> 2024-09-18T15:19:53+00:00 https://www.crowdstrike.com/blog/crowdstrike-unveils-falcon-identity-protection-innovations-fal-con-2024/ www.secnews.physaphae.fr/article.php?IdArticle=8580527 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A North Korea-linked cyber-espionage group has been observed leveraging job-themed phishing lures to target prospective victims in energy and aerospace verticals and infect them with a previously undocumented backdoor dubbed MISTPEN. The activity cluster is being tracked by Google-owned Mandiant under the moniker UNC2970, which it said overlaps with a threat group known as TEMP.Hermit, which is]]> 2024-09-18T15:02:00+00:00 https://thehackernews.com/2024/09/north-korean-hackers-target-energy-and.html www.secnews.physaphae.fr/article.php?IdArticle=8579019 False Malware,Threat APT 37 2.0000000000000000 Global Security Mag - Site de news francais rapports spéciaux

---

Chrome extension hides malware to steal crypto: new operation uncovered. The Cybernews research team discovered a threat actor defrauding hundreds of people per month through... - Special Reports]]> 2024-09-18T13:34:13+00:00 https://www.globalsecuritymag.fr/chrome-extension-hides-malware-to-steal-crypto-new-operation-uncovered.html www.secnews.physaphae.fr/article.php?IdArticle=8579137 False Malware,Threat None 2.0000000000000000 Checkpoint - Fabricant Materiel Securite La sécurisation du réseau d'entreprise moderne est plus complexe que jamais.Les données de l'entreprise migrent vers le cloud, les applications Software As A Service (SaaS) sont la norme et la main-d'œuvre fonctionne de plus en plus à distance.La sécurisation de ces environnements dynamiques nécessite une nouvelle approche qui va au-delà des méthodes conventionnelles et confronte la réalité de ce nouveau périmètre d'entreprise.Entrez Secure Access Service Edge (SASE).L'évolution des modèles traditionnels de sécurité traditionnels de la sécurité du réseau s'est concentré sur la sécurisation des bureaux et les ressources locales.Cependant, avec le passage vers des applications à distance et basées sur le cloud, ces modèles nécessitent une augmentation.Sase propose une solution en se concentrant sur la sécurisation de l'individu [& # 8230;]

---

>Securing the modern enterprise network is more complex than ever. Company data is migrating to the cloud, Software as a Service (SaaS) applications are the norm, and the workforce is increasingly working remotely. Securing these dynamic environments requires a new approach-one that goes beyond conventional methods and confronts the reality of this new corporate perimeter. Enter Secure Access Service Edge (SASE). The Evolution of Network Security Traditional network security models focused on securing offices and on-premises resources. However, with the shift towards remote work and cloud-based applications, these models require augmentation. SASE offers a solution by focusing on securing individual […] ]]> 2024-09-18T13:00:21+00:00 https://blog.checkpoint.com/harmony-sase/check-point-sase-triple-threat-protection-for-the-new-perimeter/ www.secnews.physaphae.fr/article.php?IdArticle=8579084 False Threat,Cloud None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC niveau de détection et de réponse des menaces gérées de niveauBlue pour le gouvernement (MTDR pour Gov) renforce les capacités de cybersécurité du gouvernement et des entités commerciales avec une 24 ansSurveillance et gestion par des analystes de sécurité assaisonnés et basés aux États-Unis utilisant notre plateforme Fedramp modérée. & NBSP; Cybersécurité améliorée pour les données critiques et NBSP; Avec des opérations fonctionnant 24/7/365, nos experts sont toujours allumés, assurant une détection et une correction rapide de tous les types d'infrastructures.Le service soutient les équipes de sécurité avec une chasse à la menace proactive, une intelligence complète des menaces, une surveillance continue de la sécurité, une analyse des causes profondes et une réponse rapide et collaborative.Nous comprenons les défis qui accompagnent les implémentations complexes de cybersécurité.Notre modèle de prestation de services à haute touche fournit aux clients des équipes dédiées pour aider à déployer et à configurer la technologie de pointe et les intégrations pendant l'intégration et la croissance. & Nbsp; & nbsp; Excellence technique et intégrations transparentes et nbsp; Le service fonctionne sur la plate-forme de niveauBlue, simplifiant les opérations de sécurité et centralisant la visibilité en offrant aux analystes une vue unique à partir de laquelle surveiller et gérer des environnements complexes.Il aide les organisations à mieux protéger les données sensibles contre les attaques sophistiquées en intégrant les informations sur les menaces organisées contre les laboratoires de niveauBlue et l'Open Keners Exchange (OTX).Ce service étend le périmètre de sécurité et s'intègre de manière transparente aux agents de protection des points de terminaison, aux pare-feu, aux scanners de vulnérabilité et aux systèmes d'identité, aux réponses automatisées pour neutraliser rapidement les menaces. & Nbsp; & nbsp; Rencontrez des normes de conformité et de sécurité strictes & nbsp; Avec ce service, toutes les données sont stockées dans AWS GovCloud (US), offrant aux clients un environnement isolé qui non seulement répond aux exigences de conformité, mais peut également évoluer avec les besoins commerciaux en évolution.La plate-forme de niveauBlue est Fedramp modérée-autorisée et répond à 325 contrôles de cybersécurité nécessaires pour protéger les données gouvernementales.Il utilise la norme de sécurité informatique du gouvernement FIPS 140-2, qui est utilisée pour valider les modules cryptographiques. & Nbsp; La plate-forme adhère également à plusieurs cadres standard de l'industrie, notamment PCI, ISO, HIPAA et SOC, et nos détections s'alignent sur le cadre de mitre Att & CK.Nous fournissons également aux organisations les outils de déclaration dont ils ont besoin pour rester en conformité grâce à une bibliothèque complète de modèles prédéfinis, notamment CMMC, HitRust, PCI DSS, HIPAA, NIST CSF, ISO, GDPR, Essential Eight, ADHICS, ainsi que la capacité decréer des rapports personnalisés. & nbsp; & nbsp; & nbsp; un leader dans l'innovation de la cybersécurité & nbsp; LevelBlue continue de fixer la norme d'excellence et d'innovation en cybersécurité.Notre & nbsp; & nbsp;Les services de détection et de réponse gérés sont adaptés pour r]]> 2024-09-18T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/introducing-levelblues-24-7-managed-threat-detection-and-response-service-for-government www.secnews.physaphae.fr/article.php?IdArticle=8578987 False Tool,Vulnerability,Threat,Commercial None 2.0000000000000000 InformationSecurityBuzzNews - Site de News Securite Cyware joins CoSAI to help drive the development of secure and ethical AI technologies, addressing the urgent need for AI safety amid today\'s rapidly evolving cyber threats. Cyware, a provider of threat intelligence management, security collaboration, and orchestrated response, has joined the Coalition for Secure AI (CoSAI). By joining CoSAI, Cyware says it reinforces its [...]]]> 2024-09-18T07:55:35+00:00 https://informationsecuritybuzz.com/cyware-joins-coalition-for-secure-ai-2/ www.secnews.physaphae.fr/article.php?IdArticle=8578926 False Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-17T23:20:10+00:00 https://community.riskiq.com/article/be74d7d7 www.secnews.physaphae.fr/article.php?IdArticle=8578750 True Ransomware,Spam,Malware,Tool,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-17T21:52:18+00:00 https://community.riskiq.com/article/0b9a0c3c www.secnews.physaphae.fr/article.php?IdArticle=8578701 False Tool,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-17T19:12:07+00:00 https://community.riskiq.com/article/cd1365e6 www.secnews.physaphae.fr/article.php?IdArticle=8578607 False Malware,Tool,Threat None 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Microsoft a déclaré qu'il avait fallu un certain temps aux organisations affiliées au Kremlin pour se concentrer sur le billet présidentiel démocrate révisé.

---

>Microsoft said it took some time for Kremlin-affiliated organizations to turn their focus to the revised Democratic presidential ticket. ]]> 2024-09-17T19:00:00+00:00 https://cyberscoop.com/russian-threat-groups-shift-attention-to-harris-walz-campaign-researchers-find/ www.secnews.physaphae.fr/article.php?IdArticle=8578580 False Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-17T18:54:36+00:00 https://community.riskiq.com/article/71969847 www.secnews.physaphae.fr/article.php?IdArticle=8578608 False Ransomware,Spam,Malware,Tool,Threat None 3.0000000000000000 Bleeping Computer - Magazine Américain Temu denies it was hacked or suffered a data breach after a threat actor claimed to be selling a stolen database containing 87 million records of customer information. [...]]]> 2024-09-17T16:58:00+00:00 https://www.bleepingcomputer.com/news/security/temu-denies-breach-after-hacker-claims-theft-of-87-million-data-records/ www.secnews.physaphae.fr/article.php?IdArticle=8578643 False Data Breach,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-17T15:31:56+00:00 https://community.riskiq.com/article/e895b684 www.secnews.physaphae.fr/article.php?IdArticle=8578511 False Malware,Tool,Threat,Industrial,Conference None 3.0000000000000000 InformationSecurityBuzzNews - Site de News Securite In 2024, Unit 42 researchers observed a sharp increase in large-scale phishing campaigns using a novel technique involving the HTTP response header. Between May and July, they detected approximately 2,000 malicious URLs daily, which directed web browsers to refresh or reload pages automatically-without user interaction. Unit 42 is a threat intelligence, incident response, and cyber [...]]]> 2024-09-17T14:12:52+00:00 https://informationsecuritybuzz.com/phishing-new-header-refresh-technique/ www.secnews.physaphae.fr/article.php?IdArticle=8578404 False Threat None 2.0000000000000000 Mandiant - Blog Sécu de Mandiant Introduction In June 2024, Mandiant Managed Defense identified a cyber espionage group suspected to have a North Korea nexus, tracked by Mandiant under UNC2970. Later that month, Mandiant discovered additional phishing lures masquerading as an energy company and as an entity in the aerospace industry to target victims in these verticals. UNC2970 targets victims under the guise of job openings, masquerading as a recruiter for prominent companies. Mandiant has observed UNC2970 copy and tailor job descriptions to fit their respective targets. UNC2970 engaged with the victim over email and WhatsApp and ultimately shared a malicious archive that is purported to contain the job description in PDF file format. The PDF file has been encrypted and can only be opened with the included trojanized version of SumatraPDF to ultimately deliver MISTPEN backdoor via BURNBOOK launcher.  Mandiant observed UNC2970 modify the open source code of an older SumatraPDF version as part of this campaign. This is not a compromise of SumatraPDF, nor is there any inherent vulnerability in SumatraPDF. Upon discovery, Mandiant alerted SumatraPDF of this campaign for general awareness. Overview UNC2970 relies on legitimate job description content to target victims employed in U.S. critical infrastructure verticals. The job description is delivered to the victim in a password-protected ZIP archive containing an encrypted PDF file and a modified version of an open-source PDF viewer application.   Mandiant noted slight modifications between the delivered job descriptions and their originals, including the required qualifications, experience and skills, likely to better align with the victim\'s profile. Moreover, the chosen job descriptions target senior-/manager-level employees. This suggests the threat actor aims to gain access to sensitive and confidential information that is typically restricted to higher-level employees. To illustrate this, Mandiant analyzed the differences between the original job description and UNC2970\'s job description included in the ZIP archive. Figure 1: Page 1 of PDF lure For example, under the "Required Education, Experience, & Skills" section, the original post mentions "United Sta]]> 2024-09-17T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/unc2970-backdoor-trojanized-pdf-reader/ www.secnews.physaphae.fr/article.php?IdArticle=8578400 False Malware,Vulnerability,Threat,Cloud None 2.0000000000000000 Team Cymru - Equipe de Threat Intelligence 49% of organizations have experienced a major security breach in the past 12 months, according to our “ Voice of a Threat Hunter 2024 ”...]]> 2024-09-17T13:31:08+00:00 https://www.team-cymru.com/post/talent-and-technology-bridging-the-gap-in-modern-threat-hunting-programs www.secnews.physaphae.fr/article.php?IdArticle=8578512 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cryptocurrency exchange Binance is warning of an "ongoing" global threat that\'s targeting cryptocurrency users with clipper malware with the goal of facilitating financial fraud. Clipper malware, also called ClipBankers, is a type of malware that Microsoft calls cryware, which comes with capabilities to monitor a victim\'s clipboard activity and steal sensitive data a user copies, including]]> 2024-09-17T12:48:00+00:00 https://thehackernews.com/2024/09/binance-warns-of-rising-clipper-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8578206 False Malware,Threat None 3.0000000000000000