This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-06-16T04:03:01+00:00 www.secnews.physaphae.fr The Register - Site journalistique Anglais 2023-03-09T18:27:06+00:00 https://go.theregister.com/feed/www.theregister.com/2023/03/09/emotet_returns_after_break/ www.secnews.physaphae.fr/article.php?IdArticle=8317014 False Malware None 2.0000000000000000 Bleeping Computer - Magazine Américain 2023-03-09T18:24:20+00:00 https://www.bleepingcomputer.com/news/security/police-seize-netwire-rat-malware-infrastructure-arrest-admin/ www.secnews.physaphae.fr/article.php?IdArticle=8317077 False Malware None 3.0000000000000000 SecurityWeek - Security News Malware deployed by Chinese hackers on a SonicWall SMA appliance includes credential theft, shell access, and persistence functionality. ]]> 2023-03-09T17:59:30+00:00 https://www.securityweek.com/custom-chinese-malware-found-on-sonicwall-appliance/ www.secnews.physaphae.fr/article.php?IdArticle=8317025 False Malware None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine 2023-03-09T17:30:00+00:00 https://www.infosecurity-magazine.com/news/remcos-returns-wanted-malware-list/ www.secnews.physaphae.fr/article.php?IdArticle=8317002 False Malware None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine 2023-03-09T17:00:00+00:00 https://www.infosecurity-magazine.com/news/8220-gang-oracle-weblogic-server/ www.secnews.physaphae.fr/article.php?IdArticle=8316977 False Malware None 2.0000000000000000 Global Security Mag - Site de news francais Malware Update]]> 2023-03-09T16:23:20+00:00 https://www.globalsecuritymag.fr/Black-Lotus-Labs-uncovers-another-new-malware-that-targets-compromised-routers.html www.secnews.physaphae.fr/article.php?IdArticle=8316981 False Malware None 2.0000000000000000 Bleeping Computer - Magazine Américain 2023-03-09T12:40:37+00:00 https://www.bleepingcomputer.com/news/security/sonicwall-devices-infected-by-malware-that-survives-firmware-upgrades/ www.secnews.physaphae.fr/article.php?IdArticle=8316989 False Malware None 2.0000000000000000 Checkpoint - Fabricant Materiel Securite Researchers report that Remcos Trojan was used by threat actors to target Ukrainian government entities through phishing attacks as part of wider cyberespionage operations. Meanwhile, Formbook and Emotet returned to the top three most prevalent malware families, and Education/Research remained the most targeted industry Our latest Global Threat Index for February 2023 saw Remcos Trojan… ]]> 2023-03-09T11:00:28+00:00 https://blog.checkpoint.com/2023/03/09/february-2023s-most-wanted-malware-remcos-trojan-linked-to-cyberespionage-operations-against-ukrainian-government/ www.secnews.physaphae.fr/article.php?IdArticle=8316899 False Malware,Threat None 3.0000000000000000 InformationSecurityBuzzNews - Site de News Securite 2023-03-09T10:35:58+00:00 https://informationsecuritybuzz.com/theres-a-rat-in-mi-note-what-am-i-gonna-do/ www.secnews.physaphae.fr/article.php?IdArticle=8316902 False Data Breach,Malware None 3.0000000000000000 The Register - Site journalistique Anglais 2023-03-09T02:26:12+00:00 https://go.theregister.com/feed/www.theregister.com/2023/03/09/suspected_chinese_cyberspies_target_uppatched/ www.secnews.physaphae.fr/article.php?IdArticle=8316836 False Malware None 3.0000000000000000 AhnLab - Korean Security Firm The ASEC (AhnLab Security Emergency response Center) has recently discovered the installation of the PlugX malware through the Chinese remote control programs Sunlogin and Awesun’s remote code execution vulnerability. Sunlogin’s remote code execution vulnerability (CNVD-2022-10270 / CNVD-2022-03672) is still being used for attacks even now ever since its exploit code was disclosed. The team previously made a post about how Sliver C2, XMRig CoinMiner, and Gh0st RAT were being distributed through the Sunlogin RCE vulnerability. Additionally, since Gh0st RAT was... ]]> 2023-03-09T00:00:00+00:00 https://asec.ahnlab.com/en/49097/ www.secnews.physaphae.fr/article.php?IdArticle=8316817 False Malware,Vulnerability None 3.0000000000000000 AhnLab - Korean Security Firm The ASEC (AhnLab Security Emergency response Center) analysis team has discovered that the CHM malware, which is assumed to have been created by the RedEyes threat group (also known as APT37, ScarCruft), is being distributed to Korean users. The team has confirmed that the command used in the “2.3. Persistence” stage of the RedEyes group’s M2RAT malware attack, which was reported back in February, has the same format as the command used in this attack. This information, as well as... ]]> 2023-03-08T23:30:00+00:00 https://asec.ahnlab.com/en/49089/ www.secnews.physaphae.fr/article.php?IdArticle=8316818 False Malware,Threat,Cloud APT 37 2.0000000000000000 Dark Reading - Informationweek Branch 2023-03-08T20:14:00+00:00 https://www.darkreading.com/application-security/40-global-ics-systems-attacked-malware-2022 www.secnews.physaphae.fr/article.php?IdArticle=8316767 False Malware None 2.0000000000000000 Dark Reading - Informationweek Branch 2023-03-08T16:50:40+00:00 https://www.darkreading.com/endpoint/ai-blackmamba-keylogging-edr-security www.secnews.physaphae.fr/article.php?IdArticle=8316734 False Malware ChatGPT,ChatGPT 2.0000000000000000 SecurityWeek - Security News 2023-03-08T13:47:29+00:00 https://www.securityweek.com/sys01-stealer-malware-targeting-government-employees/ www.secnews.physaphae.fr/article.php?IdArticle=8316697 False Malware None 2.0000000000000000 Mandiant - Blog Sécu de Mandiant Mandiant, working in partnership with SonicWall Product Security and Incident Response Team (PSIRT), has identified a suspected Chinese campaign that involves maintaining long term persistence by running malware on an unpatched SonicWall Secure Mobile Access (SMA) appliance. The malware has functionality to steal user credentials, provide shell access, and persist through firmware upgrades. Mandiant currently tracks this actor as UNC4540. Malware Analysis of a compromised device revealed a collection of files that give the attacker a highly privileged and available access to the]]> 2023-03-08T13:00:00+00:00 https://www.mandiant.com/resources/blog/suspected-chinese-persist-sonicwall www.secnews.physaphae.fr/article.php?IdArticle=8377380 False Malware None 3.0000000000000000 GoogleSec - Firm Security Blog Google Safe Browsing as well as antivirus software both block file-based UwS more effectively now, which was originally the goal of the Chrome Cleanup Tool. Where file-based UwS migrated over to extensions, our substantial investments in the Chrome Web Store review process have helped catch malicious extensions that violate the Chrome Web Store's policies. Finally, we've observed changing trends in the malware space with techniques such as Cookie Theft on the rise – as such, we've doubled down on defenses against such malware via a variety of improvements including hardened authentication workflows and advanced heuristics for blocking phishing and social engineering emails, malware landing pages, and downloads. What to expect Starting in Chrome 111, users will no longer be able to request a Chrome Cleanup Tool scan through Safety Check or leverage the "Reset settings and cleanup" option offered in chrome://settings on Windows. Chrome will also remove the component that periodically scans Windows machines and prompts users for cleanup should it find anything suspicious. Even without the Chrome Cleanup Tool, users are automatically protected by Safe Browsing in Chrome. Users also have the option to turn on Enhanced protection by navigating to chrome://settings/security – this mode substantially increases protection from dangerous websites and downloads by sharing real-time data with Safe Browsing. While we'll miss the Chrome Cleanup Tool, we wanted to take this opportunity to acknowledge its role in combating UwS for the past 8 years. We'll continue to monitor user feedback and trends in the malware ecosystem, and when adversaries adapt their techniques again – which they will – we'll be at the ready. As always, please feel free to send us feedback or find us on Twitter @googlechrome. ]]> 2023-03-08T11:59:13+00:00 http://security.googleblog.com/2023/03/thank-you-and-goodbye-to-chrome-cleanup.html www.secnews.physaphae.fr/article.php?IdArticle=8316727 False Malware,Tool None 3.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain discovered malware that “can hijack a computer's boot process even when Secure Boot and other advanced protections are enabled and running on fully updated versions of Windows.” Dubbed BlackLotus, the malware is what’s known as a UEFI bootkit. These sophisticated pieces of malware target the UEFI—short for Unified Extensible Firmware Interface—the low-level and complex chain of firmware responsible for booting up virtually every modern computer. As the mechanism that bridges a PC's device firmware with its operating system, the UEFI is an OS in its own right. It’s located in an ...]]> 2023-03-08T11:11:14+00:00 https://www.schneier.com/blog/archives/2023/03/blacklotus-malware-hijacks-windows-secure-boot-process.html www.secnews.physaphae.fr/article.php?IdArticle=8316650 False Malware None 2.0000000000000000 Global Security Mag - Site de news francais Special Reports]]> 2023-03-08T10:49:55+00:00 https://www.globalsecuritymag.fr/Global-Consumer-Survey-Reveals-British-Consumers-Have-High-Expectations-of.html www.secnews.physaphae.fr/article.php?IdArticle=8316634 False Malware None 2.0000000000000000 Fortinet - Fabricant Materiel Securite 2023-03-08T07:41:00+00:00 https://www.fortinet.com/blog/threat-research/old-cyber-gang-uses-new-crypter-scrubcrypt www.secnews.physaphae.fr/article.php?IdArticle=8316735 False Malware None 2.0000000000000000 AhnLab - Korean Security Firm The ASEC (AhnLab Security response Center) uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from February 27th, 2023 (Monday) to March 5th, 2023 (Sunday). For the main category, backdoor ranked top with 51.4%, followed by Infostealer with 31.2%, downloader with 16.5%, and ransomware with 0.9%. Top 1 – RedLine RedLine ranked first place with 41.0%. The malware steals various information such as web browsers, FTP clients, cryptocurrency... ]]> 2023-03-08T02:35:18+00:00 https://asec.ahnlab.com/en/49018/ www.secnews.physaphae.fr/article.php?IdArticle=8316602 False Ransomware,Malware None 2.0000000000000000 The Register - Site journalistique Anglais 2023-03-08T00:01:13+00:00 https://go.theregister.com/feed/www.theregister.com/2023/03/08/draytek_router_malware_hiatus/ www.secnews.physaphae.fr/article.php?IdArticle=8316462 False Malware None 2.0000000000000000 Dark Reading - Informationweek Branch 2023-03-07T20:40:24+00:00 https://www.darkreading.com/threat-intelligence/hiatusrat-campaign-draytek-gear-cyber-espionage-proxy-control www.secnews.physaphae.fr/article.php?IdArticle=8316432 False Malware None 2.0000000000000000 Bleeping Computer - Magazine Américain 2023-03-07T17:49:02+00:00 https://www.bleepingcomputer.com/news/security/new-malware-variant-has-radio-silence-mode-to-evade-detection/ www.secnews.physaphae.fr/article.php?IdArticle=8316530 False Malware None 2.0000000000000000 TechRepublic - Security News US CrowdStrike's new threat report sees a big increase in data theft activity, as attackers move away from ransomware and other malware attacks, as defense gets better, and the value of data increases. ]]> 2023-03-07T16:51:12+00:00 https://www.techrepublic.com/article/crowdstrike-attackers-cloud-exploits-data-theft/ www.secnews.physaphae.fr/article.php?IdArticle=8316355 False Ransomware,Malware,Threat,Cloud None 2.0000000000000000 Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence MQsTTang: Mustang Panda’s Latest Backdoor Treads New Ground with Qt and MQTT (published: March 2, 2023) In early 2023, China-sponsored group Mustang Panda began experimenting with a new custom backdoor dubbed MQsTTang. The backdoor received its name based on the attribution and the unique use of the MQTT command and control (C2) communication protocol that is typically used for communication between IoT devices and controllers. To establish this protocol, MQsTTang uses the open source QMQTT library based on the Qt framework. MQsTTang is delivered through spearphishing malicious link pointing at a RAR archive with a single malicious executable. MQsTTang was delivered to targets in Australia, Bulgaria, Taiwan, and likely some other countries in Asia and Europe. Analyst Comment: Mustang Panda is likely exploring this communication protocol in an attempt to hide its C2 traffic. Defense-in-depth approach should be used to stop sophisticated threats that evolve and utilize various techniques of defense evasion. Sensitive government sector workers should be educated on spearphishing threats and be wary of executable files delivered in archives. MITRE ATT&CK: [MITRE ATT&CK] T1583.003 - Acquire Infrastructure: Virtual Private Server | [MITRE ATT&CK] T1583.004 - Acquire Infrastructure: Server | [MITRE ATT&CK] T1587.001 - Develop Capabilities: Malware | [MITRE ATT&CK] T1588.002 - Obtain Capabilities: Tool | [MITRE ATT&CK] T1608.001 - Stage Capabilities: Upload Malware | [MITRE ATT&CK] T1608.002 - Stage Capabilities: Upload Tool | [MITRE ATT&CK] T1566.002 - Phishing: Spearphishing Link | [MITRE ATT&CK] T1106: Native API | [MITRE ATT&CK] T1204.002 - User Execution: Malicious File | [MITRE ATT&CK] T1547.001 - Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder | [MITRE ATT&CK] T1036.004 - Masquerading: Masquerade Task Or Service | [MITRE ATT&CK] T1036.005 - Masquerading: Match Legitimate Name Or Location | [MITRE ATT&CK] T1480 - Execution Guardrails | [MITRE ATT&CK] T1622 - Debugger Evasion | ]]> 2023-03-07T16:30:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-mustang-panda-adopted-mqtt-protocol-redis-miner-optimization-risks-data-corruption-blacklotus-bootkit-reintroduces-vulnerable-uefi-binaries www.secnews.physaphae.fr/article.php?IdArticle=8316353 False Ransomware,Malware,Tool,Vulnerability,Threat,Medical None 1.00000000000000000000 Bleeping Computer - Magazine Américain 2023-03-07T16:10:15+00:00 https://www.bleepingcomputer.com/news/security/emotet-malware-attacks-return-after-three-month-break/ www.secnews.physaphae.fr/article.php?IdArticle=8316440 False Malware None 2.0000000000000000 Volexity - Cyber Firms Dans le paysage de cybersécurité en constante évolution, les acteurs de la menace sont obligés d'évoluer et de modifier continuellement les tactiques, les techniques et les procédures (TTP) qu'ils utilisent pour lancer et maintenir les attaques avec succès.Ils modifient continuellement leurs logiciels malveillants et leurs méthodes d'exécution de commande pour échapper à la détection.Les attaquants dans ces cas tentent d'obtenir une longueur d'avance sur le logiciel de sécurité au niveau le plus élémentaire.Cependant, certaines techniques adoptent une approche différente, en visant plus dans la pile et en prenant directement des logiciels de sécurité.Les méthodes les plus effrontées consistent à tirer parti de divers outils qui terminent directement ou d'arrêt du logiciel de sécurité.En cas de succès, cette méthode est efficace pour donner un règne sans attaquant sur un système.Cependant, il est au coût potentiel d'alerter les utilisateurs ou les administrateurs que le logiciel a cessé de signaler de manière inattendue ou a été éteint.Qu'en est-il d'une technique qui vole un peu plus sous le radar?En novembre 2022, Trend Micro a publié un [& # 8230;]

---

>In the ever-changing cybersecurity landscape, threat actors are forced to evolve and continually modify the tactics, techniques, and procedures (TTPs) they employ to launch and sustain attacks successfully. They are continually modifying their malware and command-execution methods to evade detection. The attackers in these cases are attempting to get a step ahead of security software at the most basic level. However, some techniques take a different approach, aiming further up the stack and directly taking on security software. The most brazen methods involve leveraging various tools that directly terminate or shutdown security software. If successful, this method is effective at giving an attacker free reign on a system. However, it comes at the potential cost of alerting users or administrators that the software unexpectedly stopped reporting or was shut off. What about a technique that potentially flies a bit more under the radar? In November 2022, Trend Micro published a […] ]]> 2023-03-07T16:01:57+00:00 https://www.volexity.com/blog/2023/03/07/using-memory-analysis-to-detect-edr-nullifying-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8388309 False Malware,Tool,Threat,Prediction None 3.0000000000000000 Global Security Mag - Site de news francais Malware Update]]> 2023-03-07T13:26:02+00:00 https://www.globalsecuritymag.fr/Chinese-Espionage-Campaign-Expands-to-Target-Vietnam-Thailand-and-Indonesia.html www.secnews.physaphae.fr/article.php?IdArticle=8316306 False Malware None 2.0000000000000000 Checkpoint - Fabricant Materiel Securite Highlights: CPR continues tracking Sharp Panda, a long-running Chinese cyber-espionage operation, targeting Southeast Asian government entities In late 2022, a campaign with an initial infection vector similar to previous Sharp Panda operations targeted a high-profile government entity in the Asian region. CPR zoomes in on the malware used in this campaign, dubbed “the Soul modular… ]]> 2023-03-07T10:58:36+00:00 https://blog.checkpoint.com/2023/03/07/sharp-panda-check-point-research-puts-a-spotlight-on-chinese-origined-espionage-attacks-against-southeast-asian-government-entities/ www.secnews.physaphae.fr/article.php?IdArticle=8316245 False Malware None 3.0000000000000000 Ars Technica - Risk Assessment Security Hacktivism 2023-03-07T01:09:11+00:00 https://arstechnica.com/?p=1922180 www.secnews.physaphae.fr/article.php?IdArticle=8316155 False Malware,Threat None 3.0000000000000000 Cyber Skills - Podcast Cyber In March, Cyber Skills was pleased to host an exciting workshop at Bath Spa University, Dubai, focused on the cyber range and the importance of cyber security skills. Dr. Thomas Newe and Dr. Kashif Naseer Qureshi, both of University of Limerick, provided a fascinating discussion about how to make sure you are one step ahead of potential attackers in this constantly evolving world of cyber threat and malware. The two-hour workshop supported participants to learn about the concept of the cyber range through hands-on exercises that built upon real-world tools, attacks, and scenarios. Key topics included the analysis of potential malware, service identification, and protocol analysis.  The workshop was attended by both students and faculty, who showed great engagement with the topic. A recent blog post from the Bath Spa University Creative Computing Department captured the positive reaction to the workshop, with author Iftikhar A Khan saying, The online workshop on the Cyber Range was a great success and achieved its objective of creating awareness about cyber protection. The speakers were able to share their knowledge and experiences, and the attendees were able to learn practical solutions for protecting against cyber-attacks. While providing an in-depth discussion of the cyber range, Drs. Newe and Qureshi also gave the workshop participants a first-hand look at these concepts and technologies through a simulated environment. Via a series of interactive activities, attendees were able to gain a deeper insight into how cyber range concepts and systems can be an invaluable asset when testing and improving a cyber security system. Well-designed, interactive workshops such as this are an invaluable tool in the ongoing fight against cyber-attacks. ]]> 2023-03-07T00:00:00+00:00 https://www.cyberskills.ie/explore/news/an-exciting-cyber-range-workshop-at-bath-spa-university-dubai.html www.secnews.physaphae.fr/article.php?IdArticle=8517405 False Malware,Tool,Threat None 2.0000000000000000 AhnLab - Korean Security Firm Since two years ago (March 2021), the Lazarus group’s malware strains have been found in various Korean companies related to national defense, satellites, software, media press, etc. As such, ASEC (AhnLab Security Emergency Response Center) has been pursuing and analyzing the Lazarus threat group’s activities and related malware.  The affected company in this case had been infiltrated by the Lazarus group in May 2022 and was re-infiltrated recently through the same software’s 0-Day vulnerability. During the infiltration in May 2022,... ]]> 2023-03-06T23:30:00+00:00 https://asec.ahnlab.com/en/48810/ www.secnews.physaphae.fr/article.php?IdArticle=8316149 False Malware,Vulnerability,Threat,Medical APT 38 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2023-03-06T19:48:00+00:00 https://thehackernews.com/2023/03/new-hiatusrat-malware-targets-business.html www.secnews.physaphae.fr/article.php?IdArticle=8316001 False Malware None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine 2023-03-06T17:30:00+00:00 https://www.infosecurity-magazine.com/news/half-industrial-sector-computers/ www.secnews.physaphae.fr/article.php?IdArticle=8316036 False Malware,Industrial None 2.0000000000000000 TroyHunt - Blog Security 2023-03-06T16:58:35+00:00 https://arstechnica.com/?p=1921876 www.secnews.physaphae.fr/article.php?IdArticle=8316034 False Malware None 2.0000000000000000 Bleeping Computer - Magazine Américain 2023-03-06T16:34:14+00:00 https://www.bleepingcomputer.com/news/security/old-windows-mock-folders-uac-bypass-used-to-drop-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8316092 False Malware None 2.0000000000000000 SecurityWeek - Security News 2023-03-06T14:36:51+00:00 https://www.securityweek.com/new-atm-malware-fixs-emerges/ www.secnews.physaphae.fr/article.php?IdArticle=8315999 False Malware None 3.0000000000000000 Recorded Future - FLux Recorded Future The ALPHV ransomware group, also known as BlackCat, is attempting to extort a healthcare network in Pennsylvania by publishing photographs of breast cancer patients. These clinical images, used by Lehigh Valley Health Network as part of radiotherapy to tackle malignant cells, were described as “nude photos” on the criminals' site. Lehigh Valley Health Network disclosed on February 20 that it had been attacked by the BlackCat gang, which it described as linked to Russia, and stated that it would not pay a ransom. “Based on our initial analysis, the attack was on the network supporting one physician practice located in Lackawanna County. We take this very seriously and protecting the data security and privacy of our patients, physicians and staff is critical,” said the network's president and chief executive, Brian Nester. Nester added that the incident involved “a computer system used for clinically appropriate patient images for radiation oncology treatment and other sensitive information.” At the time of the original statement, Nester said Lehigh Valley Health Network's services - including a cancer institute and a children's hospital - were not affected. However the network's website is currently inaccessible. The Record was unable to contact the network for further comment following its listing on the ALPHV [.onion](https://en.wikipedia.org/wiki/Tor_(network)) website. Onlookers have been revolted by the attempt to leverage the sensitivities around cancer treatment and intimate images to extort the organization. Max Smeets, an academic at ETH Zurich - a public research university - and the director of the European Cyber Conflict Research Initiative, [wrote](https://twitter.com/Maxwsmeets/status/1632654116320075776): “This makes me so angry. I hope these barbarians will be held accountable for their heinous actions.” "A new low. This is sickening," [wrote](https://twitter.com/rj_chap/status/1632465294580133888) malware analyst Ryan Chapman, while Nicholas Carroll, a cybersecurity professional, [said](https://twitter.com/sloppy_bear/status/1632468646873165824) the gang was “trying to set new standards in despicable.” ALPHV itself celebrated the attack and the attention it brought. “Our blog is followed by a lot of world media, the case will be widely publicized and will cause significant damage to your business. Your time is running out. We are ready to unleash our full power on you!” Numerous healthcare organizations have been attacked by ransomware gangs in recent months. The criminal industry persists because of victims who pay, sometimes because their businesses face an existential threat, and sometimes to avoid the negative publicity. Medibank, one of Australia's largest health insurance providers, stated last November that it would not be making a [ransom payment](https://therecord.media/medibank-says-it-will-not-pay-ransom-in-hack-that-impacted-9-7-million-customers/) after hackers gained access to the data of 9.7 million current and former customers, including 1.8 million international customers living abroad. The information included sensitive healthcare claims data for around 480,000 individuals, including information about drug addiction treatments and abortions. Outrage at the attack prompted the government to [consider banning](https://therecord.media/australia-to-consider-banning-ransomware-payments/) ransomware payments in a bid to undermine the industry. Back in January, the hospital technology giant [NextGen Healthcare](https://therecord.media/electronic-health-record-giant-nextgen-dealing-with-cyberattack/) said it was responding to a cyberattack after ALPHV added the company to its list of victims. ]]> 2023-03-06T14:01:00+00:00 https://therecord.media/ransomware-lehigh-valley-alphv-black-cat www.secnews.physaphae.fr/article.php?IdArticle=8316109 False Ransomware,Malware None 3.0000000000000000 Bleeping Computer - Magazine Américain 2023-03-06T13:18:07+00:00 https://www.bleepingcomputer.com/news/security/sandbox-blockchain-game-breached-to-send-emails-linking-to-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8316049 False Malware None 2.0000000000000000 Bleeping Computer - Magazine Américain 2023-03-06T10:03:24+00:00 https://www.bleepingcomputer.com/news/security/new-malware-infects-business-routers-for-data-theft-surveillance/ www.secnews.physaphae.fr/article.php?IdArticle=8316093 False Malware None 1.00000000000000000000 The State of Security - Magazine Américain 2023-03-06T03:23:45+00:00 https://www.tripwire.com/state-of-security/what-malware-service-maas www.secnews.physaphae.fr/article.php?IdArticle=8315911 False Malware,Threat None 3.0000000000000000 Bleeping Computer - Magazine Américain 2023-03-05T15:23:51+00:00 https://www.bleepingcomputer.com/news/security/how-to-prevent-microsoft-onenote-files-from-infecting-windows-with-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8315798 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2023-03-04T16:48:00+00:00 https://thehackernews.com/2023/03/new-fixs-atm-malware-targeting-mexican.html www.secnews.physaphae.fr/article.php?IdArticle=8315565 False Malware None 3.0000000000000000 The Register - Site journalistique Anglais 2023-03-03T18:30:40+00:00 https://go.theregister.com/feed/www.theregister.com/2023/03/03/pypi_malicious_package/ www.secnews.physaphae.fr/article.php?IdArticle=8315370 False Malware,Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine 2023-03-03T13:45:00+00:00 https://www.infosecurity-magazine.com/news/cisa-warns-royal-ransomware/ www.secnews.physaphae.fr/article.php?IdArticle=8315288 False Ransomware,Malware None 3.0000000000000000 Bleeping Computer - Magazine Américain 2023-03-02T18:20:53+00:00 https://www.bleepingcomputer.com/news/security/blacklotus-bootkit-bypasses-uefi-secure-boot-on-patched-windows-11/ www.secnews.physaphae.fr/article.php?IdArticle=8315141 False Malware None 3.0000000000000000 Silicon - Site de News Francais 2023-03-02T17:14:06+00:00 https://www.silicon.fr/blacklotus-malware-secure-boot-ko-459569.html www.secnews.physaphae.fr/article.php?IdArticle=8315043 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2023-03-02T16:51:00+00:00 https://thehackernews.com/2023/03/experts-identify-fully-featured-info.html www.secnews.physaphae.fr/article.php?IdArticle=8314978 False Malware,Threat,Guideline None 2.0000000000000000 Marco Ramilli - Blog 2023-03-02T14:55:30+00:00 https://marcoramilli.com/2023/03/02/malware-families-cheatsheet/ www.secnews.physaphae.fr/article.php?IdArticle=8315012 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2023-03-02T13:33:00+00:00 https://thehackernews.com/2023/03/sysupdate-malware-strikes-again-with.html www.secnews.physaphae.fr/article.php?IdArticle=8314922 False Malware,Threat,Prediction APT 27 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC cybercriminals. To keep yourself safe, it is important to know what to look out for. You should watch for the commonly attempted ways that remote real estate buyers might be targeted and understand what you should do in the event of a breach. 2. Data breaches Buying real estate remotely involves a number of different tools, like online payment gateways and other web services. All of these tools can be vulnerable to data breaches, which means that hackers could gain access to your personal information stored on their servers. To protect yourself, research a service’s security standards before providing any sensitive information or look for an alternative if the security measures are inadequate. Always make sure you are observing best practices during and after an online purchase, which include doing things like updating your passwords as appropriate and monitoring your credit cards for any suspicious activity. By following these tips, you can help ensure that your online real estate transaction is secure. 3.  Phishing scams These are attempts to obtain your personal information by pretending to be a legitimate source and they are on the rise. Be sure to only provide your information on secure websites and look for signs of legitimacy, such as “https” in the web address or a padlock icon in the URL bar. Phishing scams that target real estate buyers might include emails, text messages, and voicemails asking you to provide your credit card details or other personal information to make a purchase. Make sure to always look for signs of legitimacy before providing any sensitive information. They might also include bogus emails from lawyers or other professionals with malicious links or attachments. Be sure to only open emails from verified sources and never click on suspicious links. 4. Malware threats Malicious software can be used to steal your personal information, such as banking credentials and passwords, or to install ransomware that locks you out from accessing your own files. To protect yourself from malware, make sure to install]]> 2023-03-02T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/8-common-cybersecurity-issues-when-purchasing-real-estate-online-and-how-to-handle-them www.secnews.physaphae.fr/article.php?IdArticle=8314947 False Ransomware,Malware,Hack None 2.0000000000000000 Global Security Mag - Site de news francais Sonderberichte ]]> 2023-03-02T10:03:36+00:00 https://www.globalsecuritymag.fr/SonicWall-Cyber-Threat-Report-2023-untersucht-die-neuen-Cyberfronten-und-das.html www.secnews.physaphae.fr/article.php?IdArticle=8314936 False Ransomware,Malware,Threat None 1.00000000000000000000 Global Security Mag - Site de news francais Special Reports]]> 2023-03-02T10:00:29+00:00 https://www.globalsecuritymag.fr/2023-SonicWall-Cyber-Threat-Report-Casts-New-Light-on-Shifting-Front-Lines.html www.secnews.physaphae.fr/article.php?IdArticle=8314937 False Ransomware,Malware,Threat None 2.0000000000000000 AhnLab - Korean Security Firm The ASEC (AhnLab Security response Center) uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from February 20th, 2023 (Monday) to February 26th, 2023 (Sunday). For the main category, backdoor ranked top with 51.0%, followed by downloader with 24.7%, Infostealer with 22.7%, ransomware with 1.4%, and CoinMiner with 0.2%. Top 1 – RedLine RedLine ranked first place with 46.9%. The malware steals various information such as web browsers,... ]]> 2023-03-01T23:39:11+00:00 https://asec.ahnlab.com/en/48640/ www.secnews.physaphae.fr/article.php?IdArticle=8314821 True Ransomware,Malware None 2.0000000000000000 The Register - Site journalistique Anglais 2023-03-01T21:30:06+00:00 https://go.theregister.com/feed/www.theregister.com/2023/03/01/blacklotus_malware_eset/ www.secnews.physaphae.fr/article.php?IdArticle=8314773 False Malware None 2.0000000000000000 Dark Reading - Informationweek Branch 2023-03-01T19:34:00+00:00 https://www.darkreading.com/threat-intelligence/linux-support-expands-cyber-spy-groups-arsenal www.secnews.physaphae.fr/article.php?IdArticle=8314726 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2023-03-01T19:32:00+00:00 https://thehackernews.com/2023/03/cybercriminals-targeting-law-firms-with.html www.secnews.physaphae.fr/article.php?IdArticle=8314626 False Malware,Threat None 2.0000000000000000 InformationSecurityBuzzNews - Site de News Securite 2023-03-01T18:45:28+00:00 https://informationsecuritybuzz.com/cybercriminals-target-law-firms-gootloader-fakeupdates/ www.secnews.physaphae.fr/article.php?IdArticle=8314709 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2023-03-01T17:02:00+00:00 https://thehackernews.com/2023/03/blacklotus-becomes-first-uefi-bootkit.html www.secnews.physaphae.fr/article.php?IdArticle=8314596 False Malware,Threat None 4.0000000000000000 Bleeping Computer - Magazine Américain 2023-03-01T13:44:37+00:00 https://www.bleepingcomputer.com/news/security/iron-tiger-hackers-create-linux-version-of-their-custom-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8314708 False Malware APT 27 3.0000000000000000 SecurityWeek - Security News In January and February 2023, six law firms were targeted with the GootLoader and SocGholish malware in two separate campaigns. ]]> 2023-03-01T13:31:27+00:00 https://www.securityweek.com/several-law-firms-targeted-in-malware-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8314627 False Malware None 2.0000000000000000 GoogleSec - Firm Security Blog Chrome Browser Cloud Management is a single destination for applying Chrome Browser policies and security controls across Windows, Mac, Linux, iOS and Android. You also get deep visibility into your browser fleet including which browsers are out of date, which extensions your users are using and bringing insight to potential security blindspots in your enterprise. Managing Chrome from the cloud allows Google Workspace admins to enforce enterprise protections and policies to the whole browser on fully managed devices, which no longer requires a user to sign into Chrome to have policies enforced. You can also enforce policies that apply when your managed users sign in to Chrome browser on any Windows, Mac, or Linux computer (via Chrome Browser user-level management) --not just on corporate managed devices. This enables you to keep your corporate data and users safe, whether they are accessing work resources from fully managed, personal, or unmanaged devices used by your vendors. Getting started is easy. If your organization hasn't already, check out this guide for steps on how to enroll your devices. 2. Enforce built-in protections against Phishing, Ransomware & Malware Chrome uses Google's Safe Browsing technology to help protect billions of devices every day by showing warnings to users when they attempt to navigate to dangerous sites or download dangerous files. Safe Browsing is enabled by default for all users when they download Chrome. As an administrator, you can prevent your users from disabling Safe Browsing by enforcing the SafeBrowsingProtectionLevel policy. Over the past few years, we've seen threats on the web becoming increasingly sophisticated. Turning on Enhanced Safe Browsing will substantially increase protection ]]> 2023-03-01T11:59:44+00:00 http://security.googleblog.com/2023/03/8-ways-to-secure-chrome-browser-for.html www.secnews.physaphae.fr/article.php?IdArticle=8314677 False Ransomware,Malware,Tool,Threat,Guideline,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2023-03-01T11:41:00+00:00 https://thehackernews.com/2023/03/parallax-rat-targeting-cryptocurrency.html www.secnews.physaphae.fr/article.php?IdArticle=8314480 False Malware None 2.0000000000000000 Fortinet - Fabricant Materiel Securite 2023-03-01T10:30:00+00:00 https://www.fortinet.com/blog/threat-research/just-because-its-old-doesnt-mean-you-throw-it-away-including-malware www.secnews.physaphae.fr/article.php?IdArticle=8314762 False Malware None 3.0000000000000000 Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique Netskope has just published the Monthly Threat Report for February, with this month's report focused on what is going on in  Europe. I don't intend to summarise the report in this blog, instead I want to zoom in and  study a continuing trend that was highlighted in there; one that is unfortunately heading in the […] ]]> 2023-03-01T07:00:00+00:00 https://www.netskope.com/blog/why-organisations-must-get-to-grips-with-cloud-delivered-malware www.secnews.physaphae.fr/article.php?IdArticle=8314469 False Malware,Threat,Prediction,Cloud None 3.0000000000000000 Recorded Future - FLux Recorded Future Cybersecurity firm Bitdefender released a universal decryptor for the MortalKombat ransomware – a strain first observed by threat researchers in January 2023. The malware has been used on dozens of victims across the U.S., United Kingdom, Turkey and the Philippines, according to a recent report from Cisco.  Bogdan Botezatu, director of threat research and reporting […]]> 2023-03-01T00:34:26+00:00 https://therecord.media/victims-of-mortalkombat-ransomware-can-now-decrypt-their-locked-files-for-free/ www.secnews.physaphae.fr/article.php?IdArticle=8314427 False Ransomware,Malware,Threat None 2.0000000000000000 TrendMicro - Security Firm Blog 2023-03-01T00:00:00+00:00 https://www.trendmicro.com/en_us/research/23/c/iron-tiger-sysupdate-adds-linux-targeting.html www.secnews.physaphae.fr/article.php?IdArticle=8314489 False Malware,Threat APT 27 1.00000000000000000000 RedCanary - Red Canary 2023-02-28T20:12:31+00:00 https://redcanary.com/blog/tax-season-phishing/ www.secnews.physaphae.fr/article.php?IdArticle=8314296 False Malware None 2.0000000000000000 Dark Reading - Informationweek Branch 2023-02-28T18:55:00+00:00 https://www.darkreading.com/threat-intelligence/wannacry-hero-malware-creator-named-cybrary-fellow www.secnews.physaphae.fr/article.php?IdArticle=8314283 False Malware Wannacry,Wannacry 3.0000000000000000 Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence WinorDLL64: A Backdoor From The Vast Lazarus Arsenal? (published: February 23, 2023) When the Wslink downloader (WinorLoaderDLL64.dll) was first discovered in 2021, it had no known payload and no known attribution. Now ESET researchers have discovered a Wslink payload dubbed WinorDLL64. This backdoor uses some of Wslink functions and the Wslink-established TCP connection encrypted with 256-bit AES-CBC cipher. WinorDLL64 has some code similarities with the GhostSecret malware used by North Korea-sponsored Lazarus Group. Analyst Comment: Wslink and WinorDLL64 use a well-developed cryptographic protocol to protect the exchanged data. Innovating advanced persistent groups like Lazarus often come out with new versions of their custom malware. It makes it important for network defenders to leverage the knowledge of a wider security community by adding relevant premium feeds and leveraging the controls automation via Anomali Platform integrations. MITRE ATT&CK: [MITRE ATT&CK] T1587.001 - Develop Capabilities: Malware | [MITRE ATT&CK] T1059.001: PowerShell | [MITRE ATT&CK] T1106: Native API | [MITRE ATT&CK] T1134.002 - Access Token Manipulation: Create Process With Token | [MITRE ATT&CK] T1070.004 - Indicator Removal on Host: File Deletion | [MITRE ATT&CK] T1087.001 - Account Discovery: Local Account | [MITRE ATT&CK] T1087.002 - Account Discovery: Domain Account | [MITRE ATT&CK] T1083 - File And Directory Discovery | [MITRE ATT&CK] T1135 - Network Share Discovery | [MITRE ATT&CK] T1057 - Process Discovery | [MITRE ATT&CK] T1012: Query Registry | [MITRE ATT&CK] Picus: The System Information Discovery Technique Explained - MITRE ATT&CK T1082 | [MITRE ATT&CK] T1614 - System Location Discovery | [MITRE ATT&CK] T1614.001 - System Location Discovery: System Language Discovery | [MITRE ATT&CK] T1016 - System Network Configuration Discovery | [MITRE ATT&CK] T1049 - System Network Connections Discovery |]]> 2023-02-28T16:15:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-newly-discovered-winordll64-backdoor-has-code-similarities-with-lazarus-ghostsecret-atharvan-backdoor-can-be-restricted-to-communicate-on-certain-days www.secnews.physaphae.fr/article.php?IdArticle=8314193 False Ransomware,Malware,Tool,Threat,Medical,Medical,Cloud APT 38 1.00000000000000000000 knowbe4 - cybersecurity services CyberheistNews Vol 13 #09  |   February 28th, 2023 [Eye Opener] Should You Click on Unsubscribe? By Roger A. Grimes. Some common questions we get are "Should I click on an unwanted email's 'Unsubscribe' link? Will that lead to more or less unwanted email?" The short answer is that, in general, it is OK to click on a legitimate vendor's unsubscribe link. But if you think the email is sketchy or coming from a source you would not want to validate your email address as valid and active, or are unsure, do not take the chance, skip the unsubscribe action. In many countries, legitimate vendors are bound by law to offer (free) unsubscribe functionality and abide by a user's preferences. For example, in the U.S., the 2003 CAN-SPAM Act states that businesses must offer clear instructions on how the recipient can remove themselves from the involved mailing list and that request must be honored within 10 days. Note: Many countries have laws similar to the CAN-SPAM Act, although with privacy protection ranging the privacy spectrum from very little to a lot more protection. The unsubscribe feature does not have to be a URL link, but it does have to be an "internet-based way." The most popular alternative method besides a URL link is an email address to use. In some cases, there are specific instructions you have to follow, such as put "Unsubscribe" in the subject of the email. Other times you are expected to craft your own message. Luckily, most of the time simply sending any email to the listed unsubscribe email address is enough to remove your email address from the mailing list. [CONTINUED] at the KnowBe4 blog:https://blog.knowbe4.com/should-you-click-on-unsubscribe [Live Demo] Ridiculously Easy Security Awareness Training and Phishing Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense. Join us TOMORROW, Wednesday, March 1, @ 2:00 PM (ET), for a live demo of how KnowBe4 introduces a new-school approac]]> 2023-02-28T14:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-09-eye-opener-should-you-click-on-unsubscribe www.secnews.physaphae.fr/article.php?IdArticle=8314155 False Malware,Hack,Tool,Vulnerability,Threat,Guideline,Prediction APT 38,ChatGPT 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine 2023-02-28T10:00:00+00:00 https://www.infosecurity-magazine.com/news/experts-spot-half-million-novel/ www.secnews.physaphae.fr/article.php?IdArticle=8314112 False Malware None 2.0000000000000000 SecurityWeek - Security News LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud storage resources. ]]> 2023-02-27T20:40:16+00:00 https://www.securityweek.com/lastpass-says-devops-engineer-home-computer-hacked/ www.secnews.physaphae.fr/article.php?IdArticle=8313961 False Malware,Cloud LastPass 1.00000000000000000000 Dark Reading - Informationweek Branch 2023-02-27T18:30:46+00:00 https://www.darkreading.com/endpoint/mobile-banking-trojans-surge-doubling-volume www.secnews.physaphae.fr/article.php?IdArticle=8313805 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2023-02-27T16:23:00+00:00 https://thehackernews.com/2023/02/chromeloader-malware-targeting-gamers.html www.secnews.physaphae.fr/article.php?IdArticle=8313649 False Malware None 4.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine 2023-02-27T16:00:00+00:00 https://www.infosecurity-magazine.com/news/chromeloader-malware-steam/ www.secnews.physaphae.fr/article.php?IdArticle=8313707 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2023-02-27T15:52:00+00:00 https://thehackernews.com/2023/02/purecrypter-malware-targets-government.html www.secnews.physaphae.fr/article.php?IdArticle=8313642 True Malware,Threat None 2.0000000000000000 Global Security Mag - Site de news francais Malwares]]> 2023-02-27T14:56:57+00:00 https://www.globalsecuritymag.fr/Etude-Threat-Labs-Netskope-les-entreprises-europeennes-ciblees-par-des-chevaux.html www.secnews.physaphae.fr/article.php?IdArticle=8313695 False Malware,Threat,Cloud None 3.0000000000000000 SecurityWeek - Security News 2023-02-27T14:13:43+00:00 https://www.securityweek.com/purecrypter-downloader-used-to-deliver-malware-to-governments/ www.secnews.physaphae.fr/article.php?IdArticle=8313693 False Malware None 2.0000000000000000 Kaspersky - Kaspersky Research blog 2023-02-27T10:05:35+00:00 https://securelist.com/mobile-threat-report-2022/108844/ www.secnews.physaphae.fr/article.php?IdArticle=8313626 False Malware,Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine 2023-02-27T10:00:00+00:00 https://www.infosecurity-magazine.com/news/governments-targeted-by-discord/ www.secnews.physaphae.fr/article.php?IdArticle=8313627 False Malware,Threat None 2.0000000000000000 Krebs on Security - Chercheur Américain 2023-02-27T04:15:15+00:00 https://krebsonsecurity.com/2023/02/when-low-tech-hacks-cause-high-impact-breaches/ www.secnews.physaphae.fr/article.php?IdArticle=8313592 False Malware None 2.0000000000000000 Network World - Magazine Info resilience and defiance has been inspiring, but telecommunications and internet connectivity has grown much more difficult.Initially the country's internet network mostly withstood with some outages and slowdowns, but that has changed over time as the aggressors devote more effort in destroying physical locations and deploying malware and other cybersecurity weapons.For example, researchers at Top10VPN recently reported some distressing analysis including:To read this article in full, please click here]]> 2023-02-27T02:30:00+00:00 https://www.networkworld.com/article/3689174/war-tests-ukrainian-telecom-internet-resilience.html#tk.rss_security www.secnews.physaphae.fr/article.php?IdArticle=8313636 False Malware None 2.0000000000000000 Bleeping Computer - Magazine Américain 2023-02-25T10:16:22+00:00 https://www.bleepingcomputer.com/news/security/purecrypter-malware-hits-govt-orgs-with-ransomware-info-stealers/ www.secnews.physaphae.fr/article.php?IdArticle=8313381 False Ransomware,Malware,Threat None 2.0000000000000000 Team Cymru - Equipe de Threat Intelligence 2023-02-24T20:24:50+00:00 https://www.team-cymru.com/post/from-chile-with-malware www.secnews.physaphae.fr/article.php?IdArticle=8313241 False Malware None 4.0000000000000000 InformationSecurityBuzzNews - Site de News Securite 2023-02-24T16:07:11+00:00 https://informationsecuritybuzz.com/s1deload-malware-hijacking-youtube-facebook/ www.secnews.physaphae.fr/article.php?IdArticle=8313187 False Malware,Threat None 3.0000000000000000 01net. Actualites - Securite - Magazine Francais Un malware conçu pour miner des cryptomonnaies vise actuellement les Macs, et spécialement les ordinateurs avec une puce M conçue par Apple. Pour se protéger du virus, les experts recommandent d'installer la mise à jour Ventura sans tarder.]]> 2023-02-24T12:35:31+00:00 https://www.01net.com/actualites/macos-malware-mine-cryptos-detriment-perfromances.html www.secnews.physaphae.fr/article.php?IdArticle=8313141 False Malware None 1.00000000000000000000 We Live Security - Editeur Logiciel Antivirus ESET ESET Research has compiled a timeline of cyberattacks that used wiper malware and have occurred since Russia's invasion of Ukraine in 2022 ]]> 2023-02-24T10:30:09+00:00 https://www.welivesecurity.com/2023/02/24/year-wiper-attacks-ukraine/ www.secnews.physaphae.fr/article.php?IdArticle=8313224 False Malware None 2.0000000000000000 The Register - Site journalistique Anglais 2023-02-23T23:30:05+00:00 https://go.theregister.com/feed/www.theregister.com/2023/02/23/russian_nlbrute_hacking_malware/ www.secnews.physaphae.fr/article.php?IdArticle=8313012 False Malware,Tool None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2023-02-23T22:19:00+00:00 https://thehackernews.com/2023/02/hackers-using-trojanized-macos-apps-to.html www.secnews.physaphae.fr/article.php?IdArticle=8312921 False Malware,Threat None 1.00000000000000000000 Recorded Future - FLux Recorded Future A 28-year-old Russian malware developer was extradited to the U.S. where he could face up to 47 years in federal prison for allegedly creating and selling a malicious password-cracking tool. Dariy Pankov, also known as “dpxaker,” developed what the Department of Justice called “powerful” password-cracking program that he marketed and sold to other cybercriminals for a […]]> 2023-02-23T21:57:12+00:00 https://therecord.media/russian-accused-of-developing-password-cracking-tool-extradited-to-us/ www.secnews.physaphae.fr/article.php?IdArticle=8312993 False Malware,Tool None 2.0000000000000000 Dark Reading - Informationweek Branch 2023-02-23T21:54:44+00:00 https://www.darkreading.com/analytics/pirated-final-cut-pro-macos-stealth-malware-delivery www.secnews.physaphae.fr/article.php?IdArticle=8313005 False Malware None 2.0000000000000000 Dark Reading - Informationweek Branch 2023-02-23T19:54:00+00:00 https://www.darkreading.com/analytics/hydrochasma-bombards-targets-slew-commodity-malware-tools www.secnews.physaphae.fr/article.php?IdArticle=8312951 False Malware,Threat,Medical None 3.0000000000000000 Recorded Future - FLux Recorded Future Cyble says cybercriminals are setting up phishing websites that mimic the branding of ChatGPT, an AI tool that has exploded in popularity]]> 2023-02-23T19:02:13+00:00 https://therecord.media/chatgpt-phishing-fake-websites-hackers-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8312936 False Malware,Tool ChatGPT 3.0000000000000000 Dark Reading - Informationweek Branch 2023-02-23T18:50:35+00:00 https://www.darkreading.com/attacks-breaches/wiper-malware-surges-ahead-spiking-53-in-3-months www.secnews.physaphae.fr/article.php?IdArticle=8312953 False Malware None 2.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Dariy Pankov faces up to 47 years in prison on charges linked to credential sales and offering access to the NLBrute malware. ]]> 2023-02-23T18:20:55+00:00 https://cyberscoop.com/russian-dariy-pankov-nlbrute-malware-cybercrime/ www.secnews.physaphae.fr/article.php?IdArticle=8312934 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2023-02-23T17:17:00+00:00 https://thehackernews.com/2023/02/lazarus-group-using-new-winordll64.html www.secnews.physaphae.fr/article.php?IdArticle=8312842 False Malware,Tool,Medical APT 38 1.00000000000000000000 knowbe4 - cybersecurity services ]]> 2023-02-23T16:28:45+00:00 https://blog.knowbe4.com/malware-report-the-number-of-unique-phishing-emails-in-q4-rose-by-36 www.secnews.physaphae.fr/article.php?IdArticle=8312891 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2023-02-23T16:15:00+00:00 https://thehackernews.com/2023/02/new-s1deload-malware-hijacking-users.html www.secnews.physaphae.fr/article.php?IdArticle=8312815 False Malware None 1.00000000000000000000