This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-12T11:37:55+00:00 www.secnews.physaphae.fr UnderNews - Site de news "pirate" francais Les vulnérabilités en matière de sécurité passent souvent inaperçues au sein des entreprises, en raison des lacunes dans les évaluations de sécurité traditionnelles. Ces lacunes peuvent résulter de systèmes non pris en compte lors des analyses ou de l’utilisation de techniques ou de technologies d’analyse inappropriées pour des systèmes spécifiques. Tribune par Ajay Thadhaney, Sales […] The post Pourquoi l'audit permanent des risques est essentielle dans le paysage actuel des menaces Cyber first appeared on UnderNews.]]> 2024-09-17T11:45:26+00:00 https://www.undernews.fr/reseau-securite/pourquoi-laudit-permanent-des-risques-est-essentielle-dans-le-paysage-actuel-des-menaces-cyber.html www.secnews.physaphae.fr/article.php?IdArticle=8578338 False Threat None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial Les microréseaux sont devenus une solution pivot pour améliorer la résilience énergétique, la durabilité et l'indépendance.Ces réseaux électriques à petite échelle ...

---

>Microgrids have emerged as a pivotal solution for enhancing energy resilience, sustainability, and independence. These small-scale power grids... ]]> 2024-09-17T11:26:21+00:00 https://industrialcyber.co/expert/the-threat-surface-of-a-microgrid/ www.secnews.physaphae.fr/article.php?IdArticle=8578337 False Threat None 2.0000000000000000 Zimperium - cyber risk firms for mobile Zimperium a atteint le statut de sécurité du gouvernement australien de protégé après avoir réussi une évaluation effectuée par le programme d'évaluateurs enregistrés sur la sécurité de l'information (IRAP) pour sa solution de défense des menaces mobiles (MTD), hébergée par le souverain.

---

>Zimperium has achieved the Australian Government security status of  PROTECTED after successfully completing an assessment performed by the Information Security Registered Assessors Program (IRAP) for its sovereign-hosted Mobile Threat Defense (MTD) solution. ]]> 2024-09-17T11:00:00+00:00 https://www.zimperium.com/blog/zimperium-mobile-threat-defense-mtd-achieves-irap-protected-status/ www.secnews.physaphae.fr/article.php?IdArticle=8578304 False Threat,Mobile None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC can take years to rectify. Security Week highlights the vulnerabilities affecting Nice Linear, a widely used proprietary system in the world of smart homes. Over 2,500 individual vulnerabilities flagged in 2019 alone.  What this showed is that, in an age of vigilance concerning digitally stored data and privacy concerns, the interface between physical and digital security can be neglected. It is crucial for access control system managers to identify this and take a proactive approach to security assurance. Starting at the most basic level - physical devices - provides a smart route forward. Quality physical credentials At the external interface of any access control system is the physical credential which allows the user to access the system. This seems simple in operation, but the struggle to maintain good quality physical access systems is one that continues to dominate security professional time. Take, for instance, skimming, which is a very obvious and day-to-day instance of physical devices being misused to access digital systems. According to the FBI, the scale of the skimming challenge is huge, with over $1 billion lost every year. Consider the basics of the physical access of a system: a device, such as a wearable or RFID card. Banks update the quality of their cards regularly, and access control managers should consider this too. Deploying the right base product to devices and cards, and investing in the right product with effective security features from the outset, ensures that devices cannot be cloned and that there is absolute assurance in the access tool. Moving into data Access devices increasingly use a range of second-layer authentication methods to bring in extra layers of security assurance. These are effective, but security professionals from across the discipline know that more systems means more opportunities for exploits. A recent Hacker News article laid bare this risk; one security provider focusing on biometrics was exposed to 24 different vulnerabilities, which analysts described as “alarmingly diverse”. Moving into complex datasets, such as those holding biometrics, requires a greater level of assurance again to ensure that control systems are effective. According to Hacker News, the key is in siloing data. Each new security system should not be merely embedded in the old, but provided with its own network segment and its own set of credentials. Rather than the likes of biometrics being used to simply access systems, as RFID or numerical PINs do, it should be an additional system, isolated, communicating with the other layers of security. Tackling the AI challenge]]> 2024-09-17T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/physical-security-in-the-age-of-digital-access-control-system-vulnerabilities www.secnews.physaphae.fr/article.php?IdArticle=8578273 False Tool,Vulnerability,Threat None 2.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET ESET researchers discuss how they uncovered a zero-day Telegram for Android exploit that allowed attackers to send malicious files posing as videos]]> 2024-09-17T09:00:00+00:00 https://www.welivesecurity.com/en/podcasts/eset-research-podcast-evilvideo/ www.secnews.physaphae.fr/article.php?IdArticle=8579293 False Vulnerability,Threat,Mobile None 2.0000000000000000 ProofPoint - Cyber Firms 2024-09-17T06:00:13+00:00 https://www.proofpoint.com/us/blog/information-protection/first-90-days-hidden-risk-for-insider-threats www.secnews.physaphae.fr/article.php?IdArticle=8578407 False Threat,Technical None 2.0000000000000000 Dark Reading - Informationweek Branch Attackers have been using the Windows MSHTML Platform spoofing vulnerability in conjunction with another zero-day flaw.]]> 2024-09-16T22:05:38+00:00 https://www.darkreading.com/application-security/void-banshee-exploits-second-microsoft-zero-day www.secnews.physaphae.fr/article.php?IdArticle=8577979 False Vulnerability,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch Three days after Ivanti published an advisory about the high-severity vulnerability CVE-2024-8190, threat actors began to abuse the flaw.]]> 2024-09-16T21:04:22+00:00 https://www.darkreading.com/threat-intelligence/ivanti-cloud-bug-exploit-alarms-raised www.secnews.physaphae.fr/article.php?IdArticle=8577950 False Vulnerability,Threat,Cloud None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-16T21:00:54+00:00 https://community.riskiq.com/article/0d8ef9ca www.secnews.physaphae.fr/article.php?IdArticle=8577977 False Ransomware,Malware,Threat,Cloud None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Targeted Geolocations - Ukraine - Moldova ## Snapshot The United States has imposed sanctions on three entities and two individuals connected to Russia\'s destabilizing cyber operations and covert influence activities, including the state-funded media outlet RT (formerly Russia Today). RT, along with its leadership, has coordinated with Russian intelligence services to manipulate foreign elections, conduct intelligence operations, and support Russia\'s military efforts in Ukraine through covert channels. ## Description The U.S. government is sanctioning Russian entities and individuals involved in covert cyber operations and influence activities. RT, initially known as a media outlet, has evolved into an organization with cyber capabilities and ties to Russian intelligence. This includes engaging in covert operations aimed at influencing elections in various countries, including Moldova, where RT person]]> 2024-09-16T19:04:39+00:00 https://community.riskiq.com/article/1e95ecf1 www.secnews.physaphae.fr/article.php?IdArticle=8577919 False Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot The TAG Bulletin for Q3 2024 outlines the efforts of Google\'s Threat Analysis Group in combating coordinated influence operations. The Bulletin details the termination of thousands of YouTube channels and other domains linked to various countries. ## Description Google\'s TAG reported on coordinated influence operation campaigns that Google detected and terminated on its platforms in Q3 2024. these campaigns primarily involved influence operations linked to China and Russia, but also campaigns linked to Ecuador, and Azerbaijan. Some of these]]> 2024-09-16T18:11:51+00:00 https://community.riskiq.com/article/407246fb www.secnews.physaphae.fr/article.php?IdArticle=8577889 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers are continuing to warn about North Korean threat actors\' attempts to target prospective victims on LinkedIn to deliver malware called RustDoor. The latest advisory comes from Jamf Threat Labs, which said it spotted an attack attempt in which a user was contacted on the professional social network by claiming to be a recruiter for a legitimate decentralized]]> 2024-09-16T17:30:00+00:00 https://thehackernews.com/2024/09/north-korean-hackers-target.html www.secnews.physaphae.fr/article.php?IdArticle=8577751 False Malware,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-16T17:06:53+00:00 https://community.riskiq.com/article/5c17f620 www.secnews.physaphae.fr/article.php?IdArticle=8577859 False Malware,Tool,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-16T16:04:59+00:00 https://community.riskiq.com/article/2a1274ec www.secnews.physaphae.fr/article.php?IdArticle=8577829 False Ransomware,Malware,Tool,Threat,Cloud None 2.0000000000000000 Bleeping Computer - Magazine Américain ​CISA has ordered U.S. federal agencies to secure their systems against a recently patched Windows MSHTML spoofing zero-day bug exploited by the Void Banshee APT hacking group. [...]]]> 2024-09-16T15:53:34+00:00 https://www.bleepingcomputer.com/news/security/cisa-warns-of-windows-flaw-used-in-infostealer-malware-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8577921 False Malware,Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Apple has filed a motion to "voluntarily" dismiss its lawsuit against commercial spyware vendor NSO Group, citing a shifting risk landscape that could lead to exposure of critical "threat intelligence" information. The development was first reported by The Washington Post on Friday. The iPhone maker said its efforts, coupled with those of others in the industry and national governments to tackle]]> 2024-09-16T12:42:00+00:00 https://thehackernews.com/2024/09/apple-drops-spyware-case-against-nso.html www.secnews.physaphae.fr/article.php?IdArticle=8577575 False Threat,Mobile,Commercial None 2.0000000000000000 Kovrr - cyber risk management platform 2024-09-16T12:18:12+00:00 https://www.kovrr.com/reports/cyber-risk-and-financial-resilience-in-the-sp-500 www.secnews.physaphae.fr/article.php?IdArticle=8577707 False Threat,Studies,Legislation None 2.0000000000000000 Checkpoint Research - Fabricant Materiel Securite Pour les dernières découvertes en cyberLes meilleures attaques et violations Le port de Seattle a confirmé que le groupe Ransomware Rhysida était responsable d'une cyberattaque en août 2024, ce qui a affecté ses systèmes critiques, notamment l'aéroport international de Seattle-Tacoma.L'attaque de ransomware a provoqué [& # 8230;]

---

>For the latest discoveries in cyber research for the week of 16th September, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The Port of Seattle has confirmed that the Rhysida ransomware group was responsible for a cyberattack in August 2024, which affected its critical systems, including Seattle-Tacoma International Airport. The ransomware attack caused […] ]]> 2024-09-16T11:56:02+00:00 https://research.checkpoint.com/2024/16th-september-threat-intelligence-report/ www.secnews.physaphae.fr/article.php?IdArticle=8577677 False Ransomware,Threat None 2.0000000000000000 ProofPoint - Cyber Firms 2024-09-16T11:42:16+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/preventing-vendor-compromise-attacks www.secnews.physaphae.fr/article.php?IdArticle=8577708 False Malware,Tool,Threat,Cloud None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-16T11:20:34+00:00 https://community.riskiq.com/article/f4ae836f www.secnews.physaphae.fr/article.php?IdArticle=8577706 False Ransomware,Malware,Tool,Vulnerability,Threat,Patching,Prediction,Cloud APT 34 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC average K-12 district uses more than 2,500 EdTech tools, giving attackers many potential ways to access this data. While not every educational technology is inherently vulnerable, the industry’s shift to digital solutions highlights its swelling attack surface. A single school might use multiple online learning tools, and an e-learning platform may host data from hundreds of schools. This puts a lot of sensitive information at risk. Securing these platforms isn’t always as straightforward as it may seem. Schools spend less than 8% of their IT budgets on security, with one in five spending under 1%. Those budgetary constraints make it challenging to implement the kinds of protections needed in many cases. It’s also worth considering that online learning’s primary users are students. As such, they lack the knowledge or experience to follow best practices. They also require seamless access, which may be at odds with stronger protections. Steps for Better Online Learning Security These obstacles make cybersecurity in online learning critical and challenging. School systems and their security partners can navigate this unique risk landscape through these five best practices. 1. Be Selective About Third Parties E-learning cybersecurity begins with choosing appropriate tools. The EdTech market is vast and constantly expanding, but not every solution offers the security schools need. Considering the sensitive nature of education data, they must be more selective about the third parties they do business with. Education IT decision-makers must verify online platforms’ security before partnering with them. That includes reviewing their breach history and only working with third parties that meet recognized industry standards for cybersecurity. It’s also important to ask online platforms about their supply chain security measures, as 75% of third-party breaches come through partners. 2. Implement Stricter Access Controls Online learning platforms must be similarly careful about insider threats. These risks are common in education, as student bodies shift frequently. New users must gain access and old ones lose it each year, making it easy to leave too many accounts with access to sensitive systems. Tighter access controls are necessary to address these risks. Requiring multifactor authentication (MFA) is a good first step but is insufficient by itself. IT administrators must also implement the principle of least privilege so even authorized users can’t access or affect all data. E-learning platforms]]> 2024-09-16T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/tackling-the-unique-cybersecurity-challenges-of-online-learning-platforms www.secnews.physaphae.fr/article.php?IdArticle=8577801 False Ransomware,Tool,Vulnerability,Threat,Technical None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have warned of ongoing phishing campaigns that abuse refresh entries in HTTP headers to deliver spoofed email login pages that are designed to harvest users\' credentials. "Unlike other phishing webpage distribution behavior through HTML content, these attacks use the response header sent by a server, which occurs before the processing of the HTML content," Palo Alto]]> 2024-09-16T09:53:00+00:00 https://thehackernews.com/2024/09/cybercriminals-exploit-http-headers-for.html www.secnews.physaphae.fr/article.php?IdArticle=8577493 False Threat None 3.0000000000000000 InformationSecurityBuzzNews - Site de News Securite Cleafy\'s Threat Intelligence team has uncovered a new variant of the TrickMo Android banking Trojan. Initially classified as an unknown malware sample, deeper analysis revealed it as a TrickMo variant with some new anti-analysis features, making detection more difficult and posing a significant threat to mobile banking users. TrickMo\'s Evolution TrickMo, first identified by CERT-Bund [...]]]> 2024-09-16T05:21:15+00:00 https://informationsecuritybuzz.com/dis-new-variant-trickmo-banking-trojan/ www.secnews.physaphae.fr/article.php?IdArticle=8577519 False Malware,Threat,Mobile None 2.0000000000000000 The State of Security - Magazine Américain Security Operations Teams (SOCs) today are under attack by the very mechanisms meant to help them. A recent industry study revealed a few startling facts: SOCs spend a third of their workday hunting down false positives. Even then, SOCs only get to half of the alerts they need to every day. Out of all the teams currently using automation, only half apply it to threat hunting and incident enrichment. And unsurprisingly, the vast majority (80%) say that manual processes are slowing them down. These stats lay out both the problem with and solution to alert fatigue today: too many alerts, too many...]]> 2024-09-16T02:58:43+00:00 https://www.tripwire.com/state-of-security/mitigating-alert-fatigue-secops-teams www.secnews.physaphae.fr/article.php?IdArticle=8577569 False Threat,Studies None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-13T21:12:29+00:00 https://community.riskiq.com/article/abe409c5 www.secnews.physaphae.fr/article.php?IdArticle=8576176 False Data Breach,Malware,Hack,Tool,Vulnerability,Threat None 2.0000000000000000 CybeReason - Vendor blog This Threat Analysis Report will delve into a newly discovered nation-state level threat Campaign tracked by Cybereason as Cuckoo Spear. It will outline how the associated Threat Actor persists stealthily on their victims\' network for years, highlighting strategies used across Cuckoo Spear and how defenders can detect and prevent these attacks. ]]> 2024-09-13T20:25:22+00:00 https://www.cybereason.com/blog/cuckoo-spear-analyzing-noopdoor www.secnews.physaphae.fr/article.php?IdArticle=8576221 False Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-13T17:56:20+00:00 https://community.riskiq.com/article/07f23184 www.secnews.physaphae.fr/article.php?IdArticle=8576089 False Ransomware,Tool,Vulnerability,Threat None 2.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET ESET research also finds that CosmicBeetle attempts to exploit the notoriety of the LockBit ransomware gang to advance its own ends]]> 2024-09-13T10:21:33+00:00 https://www.welivesecurity.com/en/videos/cosmicbeetle-joins-ranks-ransomhub-affiliates-week-security-tony-anscombe/ www.secnews.physaphae.fr/article.php?IdArticle=8576365 False Ransomware,Threat None 2.0000000000000000 InformationSecurityBuzzNews - Site de News Securite Cybersecurity firm Fortinet has confirmed that user data was stolen from its Microsoft SharePoint server and posted on a hacking forum earlier today, according to a report by BleepingComputer. The threat actor, known as “Fortibitch,” shared credentials to what is claimed to be an S3 bucket (an online file storage system), with a total of [...]]]> 2024-09-13T04:50:00+00:00 https://informationsecuritybuzz.com/fortinet-confirms-data-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8575707 False Data Breach,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Bank customers in the Central Asia region have been targeted by a new strain of Android malware codenamed Ajina.Banker since at least November 2024 with the goal of harvesting financial information and intercepting two-factor authentication (2FA) messages. Singapore-headquartered Group-IB, which discovered the threat in May 2024, said the malware is propagated via a network of Telegram channels]]> 2024-09-12T21:42:00+00:00 https://thehackernews.com/2024/09/new-android-malware-ajinabanker-steals.html www.secnews.physaphae.fr/article.php?IdArticle=8575389 False Malware,Threat,Mobile None 3.0000000000000000 Contagio - Site d infos ransomware 2024-09-12 Ahnlab: SuperShell malware targeting Linux SSH serversSuperShell is a sophisticated backdoor malware targeting Linux SSH servers, written in the Go language, which allows cross-platform functionality on Linux, Windows, and Android. Created by a Chinese-speaking developer, it operates as a reverse shell, enabling attackers to execute commands remotely on the compromised systems. The attack begins with brute force and dictionary attacks against SSH servers, using weak credentials like "root/password" and "root/123456qwerty." Once access is gained, attackers execute a series of commands to download and install SuperShell, leveraging tools like wget, curl, tftp, and FTP, with download sources often hosted on compromised servers.SuperShell\'s obfuscation adds complexity, but it can still be identified through specific internal strings and its runtime behavior. The malware\'s installation process is versatile, targeting directories like /tmp, /var/run, /mnt, and /root, with commands often including clean-up actions to remove traces post-installation (rm -r *). Typically, the payload involves downloading a script or binary, which is then executed with elevated permissions using chmod +x followed by execution (./ssh1). This pattern is consistently observed across multiple commands, highlighting the malware\'s redundancy and persistence in ensuring successful deployment.Additionally, the attackers often deploy XMRig, a Monero cryptocurrency miner, alongside SuperShell, hinting at a dual-purpose attack: maintaining persistent control over the system while generating illicit cryptocurrency.  2023-03-13 Ahnlab: ShellBot Malware Being Distributed to Linux SSH ServersOn March 13, 2023, ASEC reported that ShellBot, a Perl-based DDoS bot, is actively targeting Linux SSH servers. The malware exploits weak SSH credentials through brute-force attacks, gaining access to deploy its payload. Once installed, ShellBot connects to a Command and Control (C&C) server via the IRC protocol, enabling attackers to issue commands, steal data, and launch DDoS attacks.Initial Access: Attackers scan for servers with open SSH ports (port 22) and use brute-force tools to guess weak or default credentials.Installation: After gaining access, ShellBot is deployed, often achieving persistence by modifying startup scripts or cron jobs.IRC Protocol: ShellBot uses the IRC protocol for C&C communication, allowing it to receive commands like executing remote tasks or launching DDoS attacks without needing a custom C&C infrastructure.Customization: ShellBot is highly customizable, with variants like "LiGhT\'s Modded perlbot v2" offering different capabilities and attack methods tailored by vari]]> 2024-09-12T21:22:50+00:00 https://contagiodump.blogspot.com/2024/09/2024-09-12-supershell-2023-03-13.html www.secnews.physaphae.fr/article.php?IdArticle=8575637 False Malware,Tool,Threat,Mobile None 2.0000000000000000 Contagio - Site d infos ransomware ]]> 2024-09-12T20:34:07+00:00 https://contagiodump.blogspot.com/2024/09/2024-09-19-x-worm-phishing-samples.html www.secnews.physaphae.fr/article.php?IdArticle=8575601 False Ransomware,Malware,Tool,Threat None 1.00000000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-12T20:24:56+00:00 https://community.riskiq.com/article/650541a8 www.secnews.physaphae.fr/article.php?IdArticle=8575527 True Ransomware,Malware,Tool,Vulnerability,Threat,Patching None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-12T20:24:34+00:00 https://community.riskiq.com/article/d056e554 www.secnews.physaphae.fr/article.php?IdArticle=8575528 False Ransomware,Spam,Malware,Tool,Threat None 2.0000000000000000 The Register - Site journalistique Anglais The startup is already the go-to intel shop for 45 govs and half the Fortune 100 Mastercard has added another security asset to its growing portfolio, laying down $2.65 billion for threat intelligence giant Recorded Future.…]]> 2024-09-12T19:00:14+00:00 https://go.theregister.com/feed/www.theregister.com/2024/09/12/mastercard_recorded_future/ www.secnews.physaphae.fr/article.php?IdArticle=8575447 False Threat None 2.0000000000000000 Bleeping Computer - Magazine Américain Threat actors have infected over 1.3 million TV streaming boxes running Android with a new Vo1d backdoor malware, allowing the attackers to take full control of the devices. [...]]]> 2024-09-12T17:10:33+00:00 https://www.bleepingcomputer.com/news/security/new-vo1d-malware-infects-13-million-android-streaming-boxes/ www.secnews.physaphae.fr/article.php?IdArticle=8575636 False Malware,Threat,Mobile None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cato CTRL (Cyber Threats Research Lab) has released its Q2 2024 Cato CTRL SASE Threat Report. The report highlights critical findings based on the analysis of a staggering 1.38 trillion network flows from more than 2,500 of Cato\'s global customers, between April and June 2024. Key Insights from the Q2 2024 Cato CTRL SASE Threat Report The report is packed with unique insights that are based on]]> 2024-09-12T16:21:00+00:00 https://thehackernews.com/2024/09/top-3-threat-report-insights-for-q2-2024.html www.secnews.physaphae.fr/article.php?IdArticle=8575175 False Threat,Studies None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Iraqi government networks have emerged as the target of an "elaborate" cyber attack campaign orchestrated by an Iran state-sponsored threat actor called OilRig. The attacks singled out Iraqi organizations such as the Prime Minister\'s Office and the Ministry of Foreign Affairs, cybersecurity company Check Point said in a new analysis. OilRig, also called APT34, Crambus, Cobalt Gypsy, GreenBug,]]> 2024-09-12T16:19:00+00:00 https://thehackernews.com/2024/09/iranian-cyber-group-oilrig-targets.html www.secnews.physaphae.fr/article.php?IdArticle=8575176 False Malware,Threat APT 34 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-12T16:16:51+00:00 https://community.riskiq.com/article/b89cbab7 www.secnews.physaphae.fr/article.php?IdArticle=8575415 False Tool,Vulnerability,Threat,Prediction None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-12T15:19:31+00:00 https://community.riskiq.com/article/53e48a60 www.secnews.physaphae.fr/article.php?IdArticle=8575387 False Malware,Tool,Vulnerability,Threat None 3.0000000000000000 Contagio - Site d infos ransomware 2023-11-23 Palo Alto Unit42: Hacking Employers and Seeking Employment: Two Job-Related This is a 2023 article by Unit42 covering two cyber campaigns, "Contagious Interview" (CL-STA-0240) and "Wagemole" (CL-STA-0241), linked to the Lazarus group (North Korea). There is a more recent campaign VMCONNECT described by Reversing Labs here 2024-09-10 Fake recruiter coding tests target devs with malicious Python packages but I don\'t have samples for that one. These campaigns target job-seeking activities to deploy malware and conduct espionage. Contagious Interview (CL-STA-0240):The campaign targets software developers by posing as employers and convincing them to download malicious NPM packages during fake job interviews. The malware, BeaverTail and InvisibleFerret, is cross-platform, running on Windows, Linux, and macOS.BeaverTail: A JavaScript-based malware that steals cryptocurrency wallet information and loads the second-stage payload, InvisibleFerret.InvisibleFerret: A Python-based backdoor with capabilities including fingerprinting, remote control, keylogging, and browser credential theft. It communicates with a C2 server using JSON-formatted messages and supports commands for data exfiltration and additional malware deployment.The threat actors use GitHub to host malicious NPM packages, creating accounts with minimal activity to avoid detection.Wagemole (CL-STA-0241):Wagemole involves North Korean actors using fake identities to apply for remote IT jobs, likely to funnel wages to North Korea\'s weapons programs and potentially conduct espionage.Exposed Infrastructure: Researchers found resumes, interview scripts, and other fraudulent materials on GitHub. These documents impersonate IT professionals and aim to gain unauthorized employment at US companies.Download]]> 2024-09-12T14:11:31+00:00 https://contagiodump.blogspot.com/2024/09/2023-11-23-beavertail-and.html www.secnews.physaphae.fr/article.php?IdArticle=8575417 False Malware,Threat APT 38 2.0000000000000000 Bleeping Computer - Magazine Américain Cybersecurity giant Fortinet has confirmed it suffered a data breach after a threat actor claimed to steal 440GB of files from the company\'s Microsoft Sharepoint server. [...]]]> 2024-09-12T14:01:59+00:00 https://www.bleepingcomputer.com/news/security/fortinet-confirms-data-breach-after-hacker-claims-to-steal-440gb-of-files/ www.secnews.physaphae.fr/article.php?IdArticle=8575419 False Data Breach,Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Mastercard aims to strengthen its cybersecurity capabilities by acquiring Recorded Future, a leading provider of threat intelligence]]> 2024-09-12T14:00:00+00:00 https://www.infosecurity-magazine.com/news/mastercard-acquires-recorded-future/ www.secnews.physaphae.fr/article.php?IdArticle=8575286 False Threat None 2.0000000000000000 Dark Reading - Informationweek Branch Understanding a threat is just as important as the steps taken toward prevention.]]> 2024-09-12T14:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/rising-tide-of-software-supply-chain-attacks www.secnews.physaphae.fr/article.php?IdArticle=8575283 False Threat None 2.0000000000000000 Mandiant - Blog Sécu de Mandiant À l'ère de l'adoption multi-cloud, où les organisations exploitent diverses plates-formes cloud pour optimiser leurs opérations, une nouvelle vague de défis de sécurité a émergé.L'expansion des surfaces d'attaque au-delà des environnements traditionnels sur site, associés à des structures d'autorisation complexes et à la prévalence des comptes trop permissifs, a créé un terrain fertile pour des cyberattaques sophistiquées. Notre livre blanc, ]]> 2024-09-12T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/protecting-multi-cloud-resources-modern-cyberattacks/ www.secnews.physaphae.fr/article.php?IdArticle=8575276 False Vulnerability,Threat,Cloud,Conference None 2.0000000000000000 Checkpoint - Fabricant Materiel Securite 2024-09-12T13:00:15+00:00 https://blog.checkpoint.com/security/check-points-quantum-leap-integrating-nist-pqc-standards/ www.secnews.physaphae.fr/article.php?IdArticle=8575355 False Threat None 2.0000000000000000 Zimperium - cyber risk firms for mobile Cet article se concentrera sur la chronologie du phishing.En analysant les URL de phishing 88014 collectées à partir de sources publiques et de données Zimperium, nous montrerons à quel point les menaces de phishing sont dynamiques et rapides.

---

>This article will focus on the Phishing Chronology. Analyzing 88014 phishing URLs collected from public sources and Zimperium data, we will show how dynamic and fast evolving are the phishing threats.  ]]> 2024-09-12T11:00:00+00:00 https://www.zimperium.com/blog/a-network-of-harm-gigabud-threat-and-its-associates/ www.secnews.physaphae.fr/article.php?IdArticle=8575287 False Threat None 2.0000000000000000 The State of Security - Magazine Américain Developers of plugins and themes for WordPress.org have been told they are required to enable two-factor authentication (2FA) from October 1st. The move is intended to enhance security, helping prevent hackers from gaining access to accounts through which malicious code could be injected into code used by millions of websites running the self-hosted version of WordPress. The threat posed by supply-chain attacks against third-party WordPress.org plugins and themes is considerable, as an estimated 40% of the world\'s websites are using the open-source edition of the WordPress platform as their...]]> 2024-09-12T10:23:59+00:00 https://www.tripwire.com/state-of-security/wordpress-plugin-and-theme-developers-told-they-must-use-2fa www.secnews.physaphae.fr/article.php?IdArticle=8575354 False Threat None 2.0000000000000000 ProofPoint - Cyber Firms 2024-09-12T06:00:33+00:00 https://www.proofpoint.com/us/blog/information-protection/steps-building-insider-risk-program www.secnews.physaphae.fr/article.php?IdArticle=8575237 False Threat,Cloud None 2.0000000000000000 The Last Watchdog - Blog Sécurité de Byron V Acohido Torrance, Californie, 11 septembre 2024, CyberNewswire & # 8212; IP criminel , un leader distingué dans le moteur de recherche de l'intelligence cyber-menace (CTI) développé par l'IA Spera, a annoncé qu'elle avait réussi à intégrer son risque lié à l'adresse IP IPDonnées de détection avec iPlocation.io, l'une de & # 8230; (plus…) Le message ALERTE NOUVELLES: Criminal IP s'associe à iPlocation.io pour livrer une nouvelle technologie pour atténuer l'évasion de l'adresse IP est apparu pour la première fois sur le dernier chien de garde .

---

>Torrance, Calif., Sept. 11, 2024, CyberNewsWire — Criminal IP, a distinguished leader in Cyber Threat Intelligence (CTI) search engine developed by AI SPERA, announced that it has successfully integrated its IP address-related risk detection data with IPLocation.io, one of … (more…) The post News alert: Criminal IP partners with IPLocation.io to deliver new tech to mitigate IP address evasion first appeared on The Last Watchdog.]]> 2024-09-12T05:06:02+00:00 https://www.lastwatchdog.com/criminal-ip-teams-up-with-iplocation-io-to-deliver-unmatched-ip-solutions-to-global-audiences/ www.secnews.physaphae.fr/article.php?IdArticle=8575012 False Threat None 2.0000000000000000 InformationSecurityBuzzNews - Site de News Securite A new cyber threat dubbed “DragonRank”  is actively targeting countries across Asia and Europe. Discovered by Cisco Talos, the sophisticated campaign leverages malicious tools like PlugX and BadIIS to exploit web application services and manipulate SEO  rankings. DragonRank primarily focuses on compromising Windows Internet Information Services (IIS) servers, with confirmed attacks in countries including Thailand, [...]]]> 2024-09-12T04:48:11+00:00 https://informationsecuritybuzz.com/dragonrank-seo-manipulator-asia-europe/ www.secnews.physaphae.fr/article.php?IdArticle=8575013 False Tool,Threat None 2.0000000000000000 Global Security Mag - Site de news francais Malwares]]> 2024-09-12T00:00:00+00:00 https://www.globalsecuritymag.fr/classement-top-malware-aout-2024-ransomhub-domine-tandis-que-le-ransomware-meow.html www.secnews.physaphae.fr/article.php?IdArticle=8574733 False Ransomware,Malware,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-11T23:46:33+00:00 https://community.riskiq.com/article/6289e51f www.secnews.physaphae.fr/article.php?IdArticle=8574915 False Malware,Tool,Threat APT 34 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-11T22:42:48+00:00 https://community.riskiq.com/article/1f424190 www.secnews.physaphae.fr/article.php?IdArticle=8574891 False Ransomware,Malware,Tool,Vulnerability,Threat,Technical None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-11T21:48:57+00:00 https://community.riskiq.com/article/11be64ff www.secnews.physaphae.fr/article.php?IdArticle=8574862 False Malware,Tool,Vulnerability,Threat None 3.0000000000000000 UnderNews - Site de news "pirate" francais Le dernier Threat Index de Check Point confirme la suprématie de RansomHub et l'ascension fulgurante du ransomware Meow qui adopte des tactiques inédites et provoque des dégâts importants. En France, Qbot réapparaît au top 3. Tribune – Check Point® Software Technologies Ltd., l’un des principaux fournisseurs de plateformes de cybersécurité alimentées par l’IA et fournies dans […] The post Classement Top Malware – août 2024 : RansomHub domine tandis que le ransomware Meow gagne rapidement du terrain first appeared on UnderNews.]]> 2024-09-11T20:43:27+00:00 https://www.undernews.fr/malwares-virus-antivirus/classement-top-malware-aout-2024-ransomhub-domine-tandis-que-le-ransomware-meow-gagne-rapidement-du-terrain.html www.secnews.physaphae.fr/article.php?IdArticle=8574812 False Ransomware,Malware,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-11T20:20:08+00:00 https://community.riskiq.com/article/3de6b9a1 www.secnews.physaphae.fr/article.php?IdArticle=8574837 False Ransomware,Malware,Tool,Vulnerability,Threat,Patching,Medical None 2.0000000000000000 Checkpoint Research - Fabricant Materiel Securite Les principaux résultats de vérification des points de contrôle (RCR) ont surveillé de près une campagne ciblant le gouvernement irakien au cours des derniers mois.Cette campagne dispose d'un ensemble d'outils et d'une infrastructure personnalisés pour des cibles spécifiques et utilise une combinaison de techniques généralement associées aux acteurs iraniens de la menace opérant dans la région.Le ensemble d'outils utilisé dans cette campagne ciblée [& # 8230;]

---

>Key Findings Check Point Research (CPR) has been closely monitoring a campaign targeting the Iraqi government over the past few months. This campaign features a custom toolset and infrastructure for specific targets and uses a combination of techniques commonly associated with Iranian threat actors operating in the region. The toolset used in this targeted campaign […] ]]> 2024-09-11T20:06:07+00:00 https://research.checkpoint.com/2024/iranian-malware-attacks-iraqi-government/ www.secnews.physaphae.fr/article.php?IdArticle=8574787 False Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot The Quad7 botnet has evolved its operation by targeting several brands of SOHO devices with new custom malware for Zyxel VPN appliances, Ruckus wireless routers, and Axentra media servers. ## Description Sekoia researchers have compiled a new report warning about the evolution of Quad7, which includes setting up new staging servers, launching new botnet clusters, employing new backdoors and reverse shells, ]]> 2024-09-11T19:46:20+00:00 https://community.riskiq.com/article/9295f6ce www.secnews.physaphae.fr/article.php?IdArticle=8574810 False Spam,Malware,Tool,Threat None 2.0000000000000000 HackRead - Chercher Cyber DragonRank, a Chinese-speaking hacking group, has compromised 30+ Windows servers globally. They exploit IIS vulnerabilities to manipulate SEO…]]> 2024-09-11T18:38:02+00:00 https://hackread.com/chinese-dragonrank-hackers-windows-servers-seo-fraud/ www.secnews.physaphae.fr/article.php?IdArticle=8574758 False Vulnerability,Threat None 3.0000000000000000 Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique L'un des avantages de l'exploitation d'un service cloud pour héberger l'infrastructure d'attaque est que les acteurs de la menace peuvent utiliser un compte compromis légitime ou en créer un nouveau spécifiquement à leurs fins malveillantes. & # 160;Selon des chercheurs de Microsoft, ce modus operandi a été utilisé par APT33 (également connu sous le nom de «pêche de sable»), un [& # 8230;]

---

>One of the advantages of exploiting a cloud service to host the attack infrastructure, is that the threat actors can use either a legitimate compromised account or create a new one specifically for their malicious purposes.  According to researchers at Microsoft, this modus operandi has been used by APT33 (also known as “Peach Sandstorm”), a […] ]]> 2024-09-11T15:44:56+00:00 https://www.netskope.com/blog/cloud-threats-memo-iranian-threat-actors-continue-to-exploit-azure www.secnews.physaphae.fr/article.php?IdArticle=8574673 False Threat,Cloud APT33,APT 33 3.0000000000000000 McAfee Labs - Editeur Logiciel En cybersécurité, les menaces évoluent constamment et de nouvelles façons d'exploiter les utilisateurs sans méfiance sont trouvés.L'une des dernières menaces ...

---

> In cybersecurity, threats constantly evolve, and new ways to exploit unsuspecting users are being found. One of the latest menaces... ]]> 2024-09-11T15:43:04+00:00 https://www.mcafee.com/blogs/other-blogs/mcafee-labs/cracked-software-or-cyber-trap-the-rising-danger-of-asyncrat-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8574940 False Malware,Threat None 2.0000000000000000 CrowdStrike - CTI Society This blog is part of a five-part series previewing Fal.Con 2024 content. Read previews for cloud, AI and next-gen SIEM. In today\'s threat landscape, identity is a primary adversary target and plays a central role in most breaches. The CrowdStrike 2024 Threat Hunting Report states 5 of the top 10 MITRE tactics observed in the […]]]> 2024-09-11T15:30:26+00:00 https://www.crowdstrike.com/blog/elevating-identity-security-fal-con-2024/ www.secnews.physaphae.fr/article.php?IdArticle=8580531 False Threat,Cloud None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine As the US presidential election draws near, polling company Gallup acts to block XSS vulnerability]]> 2024-09-11T15:30:00+00:00 https://www.infosecurity-magazine.com/news/gallup-security-threat/ www.secnews.physaphae.fr/article.php?IdArticle=8574676 False Vulnerability,Threat None 3.0000000000000000 UnderNews - Site de news "pirate" francais Faire le point chaque année sur sa stratégie de cybersécurité est désormais un impératif stratégique pour l'ensemble des organisations. En effet, pour se protéger de menaces toujours plus complexes, les entreprises de toutes tailles se doivent de mettre en œuvre des dispositifs efficaces qui leur permettront de limiter leur exposition aux cyber risques. Dans ce […] The post To do list de rentrée d'un RSSI : Quelques mesures pour faire évoluer sa stratégie de cyber défense first appeared on UnderNews.]]> 2024-09-11T10:28:07+00:00 https://www.undernews.fr/reseau-securite/to-do-list-de-rentree-dun-rssi-quelques-mesures-pour-faire-evoluer-sa-strategie-de-cyber-defense.html www.secnews.physaphae.fr/article.php?IdArticle=8574517 False Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine September\'s Patch Tuesday fix-list features scores of CVEs including four zero-day vulnerabilities]]> 2024-09-11T08:30:00+00:00 https://www.infosecurity-magazine.com/news/microsoft-fixes-four-actively/ www.secnews.physaphae.fr/article.php?IdArticle=8574465 False Vulnerability,Threat None 3.0000000000000000 The State of Security - Magazine Américain The upcoming election has brought up conversations about the security of our voting infrastructure. While recent developments have somewhat shifted attention toward more visceral threats such as "death threats against county clerks, polling-place violence, and AI-fueled disinformation," the protection of voting machine security is still a pressing concern. Securing electronic voting infrastructure only becomes more important with time, as outdated hardware and software provide vulnerabilities for bad actors to exploit. The recently introduced Strengthening Election Cybersecurity to Uphold...]]> 2024-09-11T07:17:46+00:00 https://www.tripwire.com/state-of-security/senate-bill-could-improve-voting-machine-security www.secnews.physaphae.fr/article.php?IdArticle=8574575 False Vulnerability,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-10T22:50:30+00:00 https://community.riskiq.com/article/2c37909b www.secnews.physaphae.fr/article.php?IdArticle=8574220 False Ransomware,Malware,Tool,Threat,Cloud None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-10T21:48:38+00:00 https://community.riskiq.com/article/9ad31638 www.secnews.physaphae.fr/article.php?IdArticle=8574193 False Malware,Tool,Threat,Prediction None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor known as CosmicBeetle has debuted a new custom ransomware strain called ScRansom in attacks targeting small- and medium-sized businesses (SMBs) in Europe, Asia, Africa, and South America, while also likely working as an affiliate for RansomHub. "CosmicBeetle replaced its previously deployed ransomware, Scarab, with ScRansom, which is continually improved," ESET researcher Jakub]]> 2024-09-10T21:18:00+00:00 https://thehackernews.com/2024/09/cosmicbeetle-deploys-custom-scransom.html www.secnews.physaphae.fr/article.php?IdArticle=8574026 False Ransomware,Threat None 2.0000000000000000 Contagio - Site d infos ransomware  2024-09-10 Sakai @sakaijjang 김수키(Kimsuky) 에서 만든 악성코드-Terms and conditions(이용 약관).msc(2024.9.6)   - Kimsuky (North Korea) - Terms and Conditions.mscby https://x.com/sakaijjang?lang=en Article translation in English More about Kimsuky: 2020-10-27 CISA North Korean Advanced Persistent Threat Focus The malware is delivered as a file named "Terms and conditions.msc," containing embedded PowerShell commands.The PowerShell script is executed in a hidden window (-WindowStyle Hidden), preventing user awareness.The script uses Invoke-Expression (iex) to execute code and Invoke-WebRequest (iwr) to download a malicious script from hxxps://0x0(.)st/Xyl7(.)txt.The downloaded data, encoded in hexadecimal, is decoded into a byte array.The decoded data is initially saved as an MP3 file (e.g., vBqz.mp3) in the system\'s public documents folder.The MP3 file is then renamed to an executable file (e.g., vBqz.exe), disguising the payload as a media file.The executable is run using conhost.exe in the background with the -NoNewWindow option, ensuring it remains hidden.File Camouflage: The use of the MP3 extension initially disguises the executable file.Stealthy Execution: Utilizing system utilities like conhost.exe and executing commands in hidden windows help evade user detection and security software.Command-and-Control (C2) Infrastructure: The malware\'s reliance on a public site for payload distribution suggests a flexible and easily reconfigurable C2 mechanism.Hexadecimal Encoding: The use of encoded data indicates potential obfuscation techniques; decoding this data can reveal more about the malware.Potential Variants: Different versions of this malware may exist, with variations in the payload or C2 URLs. Monitoring and updating detection rules, such as YARA, would be beneficial.Download]]> 2024-09-10T21:00:11+00:00 https://contagiodump.blogspot.com/2024/09/2024-09-10-kimsuky-north-korean-apt.html www.secnews.physaphae.fr/article.php?IdArticle=8574252 False Malware,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-10T20:19:35+00:00 https://community.riskiq.com/article/316c42ab www.secnews.physaphae.fr/article.php?IdArticle=8574165 False Malware,Tool,Threat,Studies None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A trio of threat activity clusters linked to China has been observed compromising more government organizations in Southeast Asia as part of a renewed state-sponsored operation codenamed Crimson Palace, indicating an expansion in the scope of the espionage effort. Cybersecurity firm Sophos, which has been monitoring the cyber offensive, said it comprises three intrusion sets tracked as Cluster]]> 2024-09-10T17:13:00+00:00 https://thehackernews.com/2024/09/experts-identify-3-chinese-linked.html www.secnews.physaphae.fr/article.php?IdArticle=8573887 False Threat None 2.0000000000000000 The State of Security - Magazine Américain Today\'s VERT Alert addresses Microsoft\'s September 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1123 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2024-38217 Windows uses the Mark of the Web (MoTW) to identify files downloaded from the Internet. This is done by setting the NTFS Zone.Identifier alternate Data Stream (ADS). This mark is used to notify users via SmartScreen that they are about to run a potentially dangerous file. This publicly disclosed vulnerability allows malicious files to bypass SmartScreen...]]> 2024-09-10T16:10:54+00:00 https://www.tripwire.com/state-of-security/vert-threat-alert-september-2024-patch-tuesday-analysis www.secnews.physaphae.fr/article.php?IdArticle=8574136 False Vulnerability,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-10T15:39:55+00:00 https://community.riskiq.com/article/a193a825 www.secnews.physaphae.fr/article.php?IdArticle=8574025 False Malware,Tool,Threat,Prediction None 3.0000000000000000 Team Cymru - Equipe de Threat Intelligence 49% have experienced a major security breach in the past 12 months, according to respondents to our new “ Voice of a Threat Hunter 2024 ”...]]> 2024-09-10T15:37:03+00:00 https://www.team-cymru.com/post/how-effective-threat-hunting-programs-are-shaping-cybersecurity www.secnews.physaphae.fr/article.php?IdArticle=8574055 False Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine TIDRONE group targets military, drone and satellite industries in Taiwan]]> 2024-09-10T15:30:00+00:00 https://www.infosecurity-magazine.com/news/china-target-taiwan-military/ www.secnews.physaphae.fr/article.php?IdArticle=8573998 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor tracked as Mustang Panda has refined its malware arsenal to include new tools in order to facilitate data exfiltration and the deployment of next-stage payloads, according to new findings from Trend Micro. The cybersecurity firm, which is monitoring the activity cluster under the name Earth Preta, said it observed "the propagation of PUBLOAD via a variant of the worm HIUPAN."]]> 2024-09-10T15:27:00+00:00 https://thehackernews.com/2024/09/mustang-panda-deploys-advanced-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8573784 False Malware,Tool,Threat,Prediction None 2.0000000000000000 Global Security Mag - Site de news francais rapports spéciaux

---

Attacks Against Manufacturing Industry Increase 105% in First Half of 2024, New Research Finds Ontinue\'s 1H 2024 Threat Intelligence Report Highlights Surge in State-Sponsored Chinese Cyber Operations and Growing Vulnerabilities Due to Delayed Patch Adoption - Special Reports]]> 2024-09-10T14:37:19+00:00 https://www.globalsecuritymag.fr/attacks-against-manufacturing-industry-increase-105-in-first-half-of-2024-new.html www.secnews.physaphae.fr/article.php?IdArticle=8573965 False Vulnerability,Threat None 3.0000000000000000 Mandiant - Blog Sécu de Mandiant Like many countries across the globe, Mexico faces a cyber threat landscape made up of a complex interplay of global and local threats, with threat actors carrying out attempted intrusions into critical sectors of Mexican society. Mexico also faces threats posed by the worldwide increase in multifaceted extortion, as ransomware and data theft continue to rise. Threat actors with an array of motivations continue to seek opportunities to exploit the digital infrastructure that Mexicans rely on across all aspects of society. This joint blog brings together our collective understanding of the cyber threat landscape impacting Mexico, combining insights from Google\'s Threat Analysis Group (TAG) and Mandiant\'s frontline intelligence. By sharing our global perspective, especially during today\'s Google for Mexico event, we hope to enable greater resiliency in mitigating these threats. Cyber Espionage Operations Targeting Mexico As the 12th largest economy in the world, Mexico draws attention from cyber espionage actors from multiple nations, with targeting patterns mirroring broader priorities and focus areas that we see elsewhere. Since 2020, cyber espionage groups from more than 10 countries have targeted users in Mexico; however, more than 77% of government-backed phishing activity is concentrated among groups from the People\'s Republic of China (PRC), North Korea, and Russia. Figure 1: Government-backed phishing activity targeting Mexico, January 2020 – August 2024 The examples here highlight recent and historical examples where cyber espionage actors have targeted users and organizations in Mexico. It should be noted that these campaigns describe targeting and do not indicate successful compromise or exploitation. PRC Cyber Espionage Activity Targeting Mexico Since 2020, we have observed activity from seven cyber espionage groups with links to the PRC targeting users in Mexico, accounting for a third of government-backed phishing activity in the country. This volume of PRC cyber espionage is similar to activity in other regions where Chinese government investment has been focused, such as countries within China\'s Belt and Road Initiative. In addition to activity targeting Gmail users, PRC-backed groups have targeted Mexican government agencies, higher ]]> 2024-09-10T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/cyber-threats-targeting-mexico/ www.secnews.physaphae.fr/article.php?IdArticle=8574054 False Ransomware,Malware,Tool,Vulnerability,Threat,Mobile,Cloud,Commercial APT 28 2.0000000000000000 Checkpoint - Fabricant Materiel Securite Le dernier indice de menace du point de vérifier \\ révèle que la dominance continue et la montée en puissance et les ransomwares meo-817;L'indice de menace mondial de Check Point \\ pour août 2024 a révélé que le ransomware reste une force dominante, RansomHub soutenant sa position en tant que groupe de ransomware supérieur.Cette opération de ransomware en tant que service (RAAS) s'est rapidement élargie depuis son changement de marque de Knight Ransomware, vidant plus de 210 victimes dans le monde.Pendant ce temps, les ransomwares de miow ont émergé, passant du cryptage à la vente de données volées sur les marchés de fuite.Le mois dernier, RansomHub a solidifié sa position de menace de ransomware supérieure, comme détaillé dans un avis conjoint du FBI, de la CISA, de la MS-ISAC et du HHS.[& # 8230;]

---

>Check Point\'s latest threat index reveals RansomHub’s continued dominance and Meow ransomware’s rise with novel tactics and significant impact. Check Point\'s Global Threat Index for August 2024 revealed ransomware remains a dominant force, with RansomHub sustaining its position as the top ransomware group. This Ransomware-as-a-Service (RaaS) operation has rapidly expanded since its rebranding from Knight ransomware, breaching over 210 victims worldwide. Meanwhile, Meow ransomware has emerged, shifting from encryption to selling stolen data on leak marketplaces. Last month, RansomHub solidified its position as the top ransomware threat, as detailed in a joint advisory from the FBI, CISA, MS-ISAC, and HHS. […] ]]> 2024-09-10T13:00:42+00:00 https://blog.checkpoint.com/research/august-2024s-most-wanted-malware-ransomhub-reigns-supreme-while-meow-ransomware-surges/ www.secnews.physaphae.fr/article.php?IdArticle=8573883 False Ransomware,Malware,Threat None 3.0000000000000000 Global Security Mag - Site de news francais revues de produits

---

Unveiling NodeZero Tripwires: Horizon3.ai Enhances Penetration Testing with Integrated Threat Detection NodeZero Tripwires: Vulnerabilities are identified during a simulated attack, and digital tripwires are strategically placed at these points to trigger alerts during a real attack. A unique early warning system for company networks based on the results of penetration tests Dennis Weyel: “Our innovative concept is leading the way into a new era in cybersecurity” - Product Reviews]]> 2024-09-10T11:58:14+00:00 https://www.globalsecuritymag.fr/horizon3-ai-enhances-penetration-testing-with-integrated-threat-detection.html www.secnews.physaphae.fr/article.php?IdArticle=8573849 False Vulnerability,Threat None 3.0000000000000000 ANSSI - Flux Étatique Francais anssiadm mar 10/09/2024 - 11:57 L\'Agence nationale de la sécurité des systèmes d\'information (ANSSI) a été cheffe de file du volet cybersécurité dans la préparation et la conduite des Jeux Olympiques et Paralympiques (JOP) de Paris 2024. Le dispositif mis en place par l\'ANSSI, en étroite collaboration avec les différentes structures impliquées dans l\'organisation des Jeux – dont en particulier la Délégation interministérielle aux Jeux Olympiques et Paralympiques (DIJOP), le ministère de l\'Intérieur et des Outre-Mer (MIOM) et le Comité d\'Organisation des Jeux Olympiques et Paralympiques (Paris 2024) – s\'articulait autour de cinq axes principaux : parfaire la connaissance des menaces cyber pesant sur les Jeux ; sécuriser les systèmes d\'information critiques ; protéger les données sensibles ; sensibiliser l\'écosystème des Jeux ; se préparer à intervenir en cas d\'attaque cyber affectant les Jeux.   1. Des actions préventives de sensibilisation et de sécurisation Avec le soutien de la Coordination nationale pour la sécurité des Jeux (CNSJ) du ministère de l\'Intérieur et des Outre-mer et de Paris 2024, l\'ANSSI a identifié un écosystème JOP de près de 500 entités, réparties en 3 catégories selon leur criticité, afin de déployer une stratégie de sécurisation préventive en amont de l\'événement comprenant notamment : un volet diagnostic consistant, au travers d\'une centaine d\'audits de cybersécurité, à identifier les vulnérabilités présentes sur les systèmes d\'information (SI) et à élaborer des plans de sécurisation ; un volet sécurisation, comprenant des accompagnements techniques pour la plupart des entités auditées ; un volet contrôle dans le cadre duquel plusieurs dizaines d\'entités, dont des sites de compétition, ont fait l\'objet d\'audits de contrôle visant à s\'assurer de la bonne mise en place des mesures de sécurité ; un volet détection, par le déploiement, au bénéfice de qu]]> 2024-09-10T11:57:09+00:00 https://cyber.gouv.fr/actualites/bilan-cyber-des-jeux-olympiques-et-paralympiques-de-paris-2024 www.secnews.physaphae.fr/article.php?IdArticle=8598350 False Tool,Threat None 3.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain Utilisation Un chrome zéro-dayexploiter pour voler la crypto-monnaie.

---

According to Microsoft researchers, North Korean hackers have been using a Chrome zero-day exploit to steal cryptocurrency.]]> 2024-09-10T11:04:29+00:00 https://www.schneier.com/blog/archives/2024/09/new-chrome-zero-day.html www.secnews.physaphae.fr/article.php?IdArticle=8573813 False Vulnerability,Threat None 2.0000000000000000 ProofPoint - Cyber Firms 2024-09-10T10:40:42+00:00 https://www.proofpoint.com/us/blog/security-awareness-training/beyond-security-awareness-sustained-behavior-change www.secnews.physaphae.fr/article.php?IdArticle=8573960 False Tool,Threat,Conference None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial Le Centre national de contre-espionnage et de sécurité des États-Unis (NCSC), le National Insider Threat Task Force (NITTF), The Office of ...

---

>The U.S. National Counterintelligence and Security Center (NCSC), the National Insider Threat Task Force (NITTF), the Office of... ]]> 2024-09-10T10:22:38+00:00 https://industrialcyber.co/threat-landscape/ncsc-and-partners-mark-national-insider-threat-awareness-month-2024-focus-on-education/ www.secnews.physaphae.fr/article.php?IdArticle=8573816 False Threat None 2.0000000000000000 Dark Reading - Informationweek Branch A PRC threat cluster known as "Crimson Palace" is demonstrating the benefits of having specialized units carry out distinct stages of a wider attack chain.]]> 2024-09-10T10:00:00+00:00 https://www.darkreading.com/threat-intelligence/chinese-tag-team-apts-keep-stealing-asian-govt-secrets www.secnews.physaphae.fr/article.php?IdArticle=8573777 False Threat None 2.0000000000000000 ProofPoint - Cyber Firms 2024-09-10T09:46:13+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/introducing-proofpoint-nexus-human-centric-security www.secnews.physaphae.fr/article.php?IdArticle=8573956 False Ransomware,Malware,Tool,Vulnerability,Threat,Cloud None 2.0000000000000000 ProofPoint - Cyber Firms 2024-09-10T08:09:31+00:00 https://www.proofpoint.com/us/blog/corporate-news/protect-2024-proofpoint-sets-new-standard-human-centric-security www.secnews.physaphae.fr/article.php?IdArticle=8573958 False Tool,Vulnerability,Threat,Mobile,Cloud,Conference None 3.0000000000000000 Global Security Mag - Site de news francais Malwares]]> 2024-09-10T07:57:11+00:00 https://www.globalsecuritymag.fr/ransomhub-decryptage-du-ransomware-le-plus-dangereux-de-2024-par-synetis.html www.secnews.physaphae.fr/article.php?IdArticle=8573715 False Ransomware,Threat None 3.0000000000000000 ProofPoint - Cyber Firms 2024-09-10T07:46:32+00:00 https://www.proofpoint.com/us/blog/identity-threat-defense/cyberark-proofpoint-collaboration-secure-identities-web-browsing www.secnews.physaphae.fr/article.php?IdArticle=8573959 False Data Breach,Malware,Vulnerability,Threat,Legislation,Cloud,Technical None 2.0000000000000000 ProofPoint - Cyber Firms 2024-09-10T07:30:48+00:00 https://www.proofpoint.com/us/blog/information-protection/accelerate-dlp-maturity-nist-inspired-framework www.secnews.physaphae.fr/article.php?IdArticle=8573957 False Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-10T01:04:02+00:00 https://community.riskiq.com/article/8903169f www.secnews.physaphae.fr/article.php?IdArticle=8573564 False Spam,Malware,Tool,Threat,Legislation None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-10T00:52:06+00:00 https://community.riskiq.com/article/6d135763 www.secnews.physaphae.fr/article.php?IdArticle=8573565 False Malware,Tool,Vulnerability,Threat,Medical,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A novel side-channel attack has been found to leverage radio signals emanated by a device\'s random access memory (RAM) as a data exfiltration mechanism, posing a threat to air-gapped networks. The technique has been codenamed RAMBO by Dr. Mordechai Guri, the head of the Offensive Cyber Research Lab in the Department of Software and Information Systems Engineering at the Ben Gurion University of]]> 2024-09-09T22:49:00+00:00 https://thehackernews.com/2024/09/new-rambo-attack-uses-ram-radio-signals.html www.secnews.physaphae.fr/article.php?IdArticle=8573391 False Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-09T21:18:25+00:00 https://community.riskiq.com/article/14a1a551 www.secnews.physaphae.fr/article.php?IdArticle=8573482 False Malware,Tool,Threat,Industrial,Prediction None 2.0000000000000000 Dark Reading - Informationweek Branch CISA has added CE-2024-40766 to its known exploited vulnerabilities catalog.]]> 2024-09-09T20:39:23+00:00 https://www.darkreading.com/ics-ot-security/akira-ransomware-actors-exploit-sonicwall-bug-for-rce www.secnews.physaphae.fr/article.php?IdArticle=8573439 False Ransomware,Vulnerability,Threat None 2.0000000000000000 Zimperium - cyber risk firms for mobile Défense zéro-jour de Zimperium \\ contre une campagne de logiciels malveillants Android sophistiquée impliquant Spyagent, une souche spyware conçue pour voler des informations d'identification de crypto-monnaie.

---

>Zimperium\'s Zero-Day defense against a sophisticated Android malware campaign involving SpyAgent, a spyware strain designed to steal cryptocurrency credentials. ]]> 2024-09-09T20:27:01+00:00 https://www.zimperium.com/blog/unmasking-spyagent-zimperiums-zero-day-defense-against-cryptocurrency-theft/ www.secnews.physaphae.fr/article.php?IdArticle=8573437 False Malware,Vulnerability,Threat,Mobile None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The proliferation of cybersecurity tools has created an illusion of security. Organizations often believe that by deploying a firewall, antivirus software, intrusion detection systems, identity threat detection and response, and other tools, they are adequately protected. However, this approach not only fails to address the fundamental issue of the attack surface but also introduces dangerous]]> 2024-09-09T18:04:00+00:00 https://thehackernews.com/2024/09/one-more-tool-will-do-it-reflecting-on.html www.secnews.physaphae.fr/article.php?IdArticle=8573265 False Tool,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Colombian insurance sector is the target of a threat actor tracked as Blind Eagle with the end goal of delivering a customized version of a known commodity remote access trojan (RAT) known as Quasar RAT since June 2024. "Attacks have originated with phishing emails impersonating the Colombian tax authority," Zscaler ThreatLabz researcher Gaetano Pellegrino said in a new analysis published]]> 2024-09-09T17:54:00+00:00 https://thehackernews.com/2024/09/blind-eagle-targets-colombian-insurance.html www.secnews.physaphae.fr/article.php?IdArticle=8573266 False Threat APT-C-36 2.0000000000000000