This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-02T07:35:38+00:00 www.secnews.physaphae.fr The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new elaborate attack campaign has been observed employing PowerShell and VBScript malware to infect Windows systems and harvest sensitive information. Cybersecurity company Securonix, which dubbed the campaign DEEP#GOSU, said it\'s likely associated with the North Korean state-sponsored group tracked as Kimsuky. "The malware payloads used in the DEEP#GOSU represent a]]> 2024-03-18T23:26:00+00:00 https://thehackernews.com/2024/03/new-deepgosu-malware-campaign-targets.html www.secnews.physaphae.fr/article.php?IdArticle=8466221 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Fortra has released details of a now-patched critical security flaw impacting its FileCatalyst file transfer solution that could allow unauthenticated attackers to gain remote code execution on susceptible servers. Tracked as CVE-2024-25153, the shortcoming carries a CVSS score of 9.8 out of a maximum of 10. "A directory traversal within the \'ftpservlet\' of the FileCatalyst Workflow]]> 2024-03-18T18:28:00+00:00 https://thehackernews.com/2024/03/fortra-patches-critical-rce.html www.secnews.physaphae.fr/article.php?IdArticle=8466065 False Tool,Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered a new malware campaign that leverages bogus Google Sites pages and HTML smuggling to distribute a commercial malware called AZORult in order to facilitate information theft. "It uses an unorthodox HTML smuggling technique where the malicious payload is embedded in a separate JSON file hosted on an external website," Netskope Threat Labs]]> 2024-03-18T18:05:00+00:00 https://thehackernews.com/2024/03/hackers-using-sneaky-html-smuggling-to.html www.secnews.physaphae.fr/article.php?IdArticle=8466033 False Malware,Threat,Commercial None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2024-03-18T15:16:00+00:00 https://thehackernews.com/2024/03/wordpress-admins-urged-to-remove.html www.secnews.physaphae.fr/article.php?IdArticle=8465941 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Russia-linked threat actor known as APT28 has been linked to multiple ongoing phishing campaigns that employ lure documents imitating government and non-governmental organizations (NGOs) in Europe, the South Caucasus, Central Asia, and North and South America. "The uncovered lures include a mixture of internal and publicly available documents, as well as possible actor-generated]]> 2024-03-18T11:29:00+00:00 https://thehackernews.com/2024/03/apt28-hacker-group-targeting-europe.html www.secnews.physaphae.fr/article.php?IdArticle=8465853 False Threat APT 28 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have found a number of GitHub repositories offering cracked software that are used to deliver an information stealer called RisePro. The campaign, codenamed gitgub, includes 17 repositories associated with 11 different accounts, according to G DATA. The repositories in question have since been taken down by the Microsoft-owned subsidiary. "The repositories look]]> 2024-03-16T18:01:00+00:00 https://thehackernews.com/2024/03/hackers-using-cracked-software-on.html www.secnews.physaphae.fr/article.php?IdArticle=8464901 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A group of researchers has discovered a new data leakage attack impacting modern CPU architectures supporting speculative execution. Dubbed GhostRace (CVE-2024-2193), it is a variation of the transient execution CPU vulnerability known as Spectre v1 (CVE-2017-5753). The approach combines speculative execution and race conditions. "All the common synchronization primitives implemented]]> 2024-03-15T23:16:00+00:00 https://thehackernews.com/2024/03/ghostrace-new-data-leak-vulnerability.html www.secnews.physaphae.fr/article.php?IdArticle=8464467 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have found that third-party plugins available for OpenAI ChatGPT could act as a new attack surface for threat actors looking to gain unauthorized access to sensitive data. According to new research published by Salt Labs, security flaws found directly in ChatGPT and within the ecosystem could allow attackers to install malicious plugins without users\' consent]]> 2024-03-15T17:04:00+00:00 https://thehackernews.com/2024/03/third-party-chatgpt-plugins-could-lead.html www.secnews.physaphae.fr/article.php?IdArticle=8464322 False Threat ChatGPT 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google on Thursday announced an enhanced version of Safe Browsing to provide real-time, privacy-preserving URL protection and safeguard users from visiting potentially malicious sites. “The Standard protection mode for Chrome on desktop and iOS will check sites against Google\'s server-side list of known bad sites in real-time,” Google\'s Jonathan Li and Jasika Bawa said. “If we]]> 2024-03-15T13:20:00+00:00 https://thehackernews.com/2024/03/google-introduces-enhanced-real-time.html www.secnews.physaphae.fr/article.php?IdArticle=8464251 False None None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Chinese users looking for legitimate software such as Notepad++ and VNote on search engines like Baidu are being targeted with malicious ads and bogus links to distribute trojanized versions of the software and ultimately deploy Geacon, a Golang-based implementation of Cobalt Strike. “The malicious site found in the notepad++ search is distributed through an advertisement block,” Kaspersky]]> 2024-03-15T11:48:00+00:00 https://thehackernews.com/2024/03/malicious-ads-targeting-chinese-users.html www.secnews.physaphae.fr/article.php?IdArticle=8464205 False None None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A 34-year-old Russian-Canadian national has been sentenced to nearly four years in jail in Canada for his participation in the LockBit global ransomware operation. Mikhail Vasiliev, an Ontario resident, was originally arrested in November 2022 and charged by the U.S. Department of Justice (DoJ) with "conspiring with others to intentionally damage protected computers and to transmit]]> 2024-03-14T19:17:00+00:00 https://thehackernews.com/2024/03/lockbit-ransomware-hacker-ordered-to.html www.secnews.physaphae.fr/article.php?IdArticle=8463834 False Ransomware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Details have been made public about a now-patched high-severity flaw in Kubernetes that could allow a malicious attacker to achieve remote code execution with elevated privileges under specific circumstances. “The vulnerability allows remote code execution with SYSTEM privileges on all Windows endpoints within a Kubernetes cluster,” Akamai security researcher Tomer Peled said. “To exploit]]> 2024-03-14T17:29:00+00:00 https://thehackernews.com/2024/03/researchers-detail-kubernetes.html www.secnews.physaphae.fr/article.php?IdArticle=8463772 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Being a CISO is a balancing act: ensuring organizations are secure without compromising users\' productivity. This requires taking multiple elements into consideration, like cost, complexity, performance and user experience. CISOs around the globe use Cato SSE 360, as part of the Cato SASE Cloud platform to balance these factors without compromise. This article details how CISOs are]]> 2024-03-14T15:54:00+00:00 https://thehackernews.com/2024/03/3-things-cisos-achieve-with-cato.html www.secnews.physaphae.fr/article.php?IdArticle=8463709 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Russian-speaking cybercrime group called RedCurl is leveraging a legitimate Microsoft Windows component called the Program Compatibility Assistant (PCA) to execute malicious commands. “The Program Compatibility Assistant Service (pcalua.exe) is a Windows service designed to identify and address compatibility issues with older programs,” Trend Micro said in an analysis]]> 2024-03-14T15:53:00+00:00 https://thehackernews.com/2024/03/redcurl-cybercrime-group-abuses-windows.html www.secnews.physaphae.fr/article.php?IdArticle=8463710 False Tool,Prediction None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor known as Blind Eagle has been observed using a loader malware called Ande Loader to deliver remote access trojans (RATs) like Remcos RAT and NjRAT. The attacks, which take the form of phishing emails, targeted Spanish-speaking users in the manufacturing industry based in North America, eSentire said. Blind Eagle (aka APT-C-36) is a financially motivated threat actor&]]> 2024-03-14T12:47:00+00:00 https://thehackernews.com/2024/03/ande-loader-malware-targets.html www.secnews.physaphae.fr/article.php?IdArticle=8463656 False Malware,Threat APT-C-36 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A DarkGate malware campaign observed in mid-January 2024 leveraged a recently patched security flaw in Microsoft Windows as a zero-day using bogus software installers. “During this campaign, users were lured using PDFs that contained Google DoubleClick Digital Marketing (DDM) open redirects that led unsuspecting victims to compromised sites hosting the Microsoft Windows SmartScreen bypass]]> 2024-03-14T10:27:00+00:00 https://thehackernews.com/2024/03/darkgate-malware-exploits-recently.html www.secnews.physaphae.fr/article.php?IdArticle=8463587 False Malware,Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Fortinet has warned of a critical security flaw impacting its FortiClientEMS software that could allow attackers to achieve code execution on affected systems. "An improper neutralization of special elements used in an SQL Command (\'SQL Injection\') vulnerability [CWE-89] in FortiClientEMS may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted]]> 2024-03-14T09:51:00+00:00 https://thehackernews.com/2024/03/fortinet-warns-of-severe-sqli.html www.secnews.physaphae.fr/article.php?IdArticle=8463588 True Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) One of the most common misconceptions in file upload cybersecurity is that certain tools are “enough” on their own-this is simply not the case. In our latest whitepaper OPSWAT CEO and Founder, Benny Czarny, takes a comprehensive look at what it takes to prevent malware threats in today\'s ever-evolving file upload security landscape, and a big part of that is understanding where the]]> 2024-03-13T21:09:00+00:00 https://thehackernews.com/2024/03/demystifying-common-cybersecurity-myth.html www.secnews.physaphae.fr/article.php?IdArticle=8463289 False Malware,Tool None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind the PixPirate Android banking trojan are leveraging a new trick to evade detection on compromised devices and harvest sensitive information from users in Brazil. The approach allows it to hide the malicious app\'s icon from the home screen of the victim\'s device, IBM said in a technical report published today. “Thanks to this new technique, during PixPirate reconnaissance]]> 2024-03-13T19:25:00+00:00 https://thehackernews.com/2024/03/pixpirate-android-banking-trojan-using.html www.secnews.physaphae.fr/article.php?IdArticle=8463199 False Threat,Mobile,Technical None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Identities are the latest sweet spot for cybercriminals, now heavily targeting SaaS applications that are especially vulnerable in this attack vector. The use of SaaS applications involves a wide range of identities, including human and non-human, such as service accounts, API keys, and OAuth authorizations. Consequently, any identity in a SaaS app can create an opening for cybercriminals to]]> 2024-03-13T16:03:00+00:00 https://thehackernews.com/2024/03/join-our-webinar-on-protecting-human.html www.secnews.physaphae.fr/article.php?IdArticle=8463115 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google\'s Gemini large language model (LLM) is susceptible to security threats that could cause it to divulge system prompts, generate harmful content, and carry out indirect injection attacks. The findings come from HiddenLayer, which said the issues impact consumers using Gemini Advanced with Google Workspace as well as companies using the LLM API. The first vulnerability involves]]> 2024-03-13T15:44:00+00:00 https://thehackernews.com/2024/03/researchers-highlight-googles-gemini-ai.html www.secnews.physaphae.fr/article.php?IdArticle=8463116 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new phishing campaign has been observed delivering remote access trojans (RAT) such as VCURMS and STRRAT by means of a malicious Java-based downloader. “The attackers stored malware on public services like Amazon Web Services (AWS) and GitHub, employing a commercial protector to avoid detection of the malware,” Fortinet FortiGuard Labs researcher Yurren Wan said. An unusual aspect of the]]> 2024-03-13T15:13:00+00:00 https://thehackernews.com/2024/03/alert-cybercriminals-deploying-vcurms.html www.secnews.physaphae.fr/article.php?IdArticle=8463117 False Malware,Commercial None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft on Tuesday released its monthly security update, addressing 61 different security flaws spanning its software, including two critical issues impacting Windows Hyper-V that could lead to denial-of-service (DoS) and remote code execution. Of the 61 vulnerabilities, two are rated Critical, 58 are rated Important, and one is rated Low in severity. None of the flaws are listed as]]> 2024-03-13T11:08:00+00:00 https://thehackernews.com/2024/03/microsofts-march-updates-fix-61.html www.secnews.physaphae.fr/article.php?IdArticle=8462999 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat hunters have discovered a set of seven packages on the Python Package Index (PyPI) repository that are designed to steal BIP39 mnemonic phrases used for recovering private keys of a cryptocurrency wallet. The software supply chain attack campaign has been codenamed BIPClip by ReversingLabs. The packages were collectively downloaded 7,451 times prior to them being removed from]]> 2024-03-12T17:43:00+00:00 https://thehackernews.com/2024/03/watch-out-these-pypi-python-packages.html www.secnews.physaphae.fr/article.php?IdArticle=8462621 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In a world of ever-expanding jargon, adding another FLA (Four-Letter Acronym) to your glossary might seem like the last thing you\'d want to do. But if you are looking for ways to continuously reduce risk across your environment while making significant and consistent improvements to security posture, in our opinion, you probably want to consider establishing a Continuous Threat Exposure]]> 2024-03-12T16:37:00+00:00 https://thehackernews.com/2024/03/ctem-101-go-beyond-vulnerability.html www.secnews.physaphae.fr/article.php?IdArticle=8462597 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new malware campaign is leveraging a high-severity security flaw in the Popup Builder plugin for WordPress to inject malicious JavaScript code. According to Sucuri, the campaign has infected more than 3,900 sites over the past three weeks. "These attacks are orchestrated from domains less than a month old, with registrations dating back to February 12th, 2024," security researcher]]> 2024-03-12T14:45:00+00:00 https://thehackernews.com/2024/03/malware-campaign-exploits-popup-builder.html www.secnews.physaphae.fr/article.php?IdArticle=8462546 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Russia has detained a South Korean national for the first time on cyber espionage charges and transferred from Vladivostok to Moscow for further investigation. The development was first reported by Russian news agency TASS. “During the investigation of an espionage case, a South Korean citizen Baek Won-soon was identified and detained in Vladivostok, and put into custody under a court]]> 2024-03-12T12:02:00+00:00 https://thehackernews.com/2024/03/south-korean-citizen-detained-in-russia.html www.secnews.physaphae.fr/article.php?IdArticle=8462509 False None None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) As cyber threats loom around every corner and privileged accounts become prime targets, the significance of implementing a robust Privileged Access Management (PAM) solution can\'t be overstated. With organizations increasingly migrating to cloud environments, the PAM Solution Market is experiencing a transformative shift toward cloud-based offerings. One Identity PAM Essentials stands]]> 2024-03-11T20:17:00+00:00 https://thehackernews.com/2024/03/embracing-cloud-revolutionizing.html www.secnews.physaphae.fr/article.php?IdArticle=8462169 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Users in Brazil are the target of a new banking trojan known as CHAVECLOAK that\'s propagated via phishing emails bearing PDF attachments. "This intricate attack involves the PDF downloading a ZIP file and subsequently utilizing DLL side-loading techniques to execute the final malware," Fortinet FortiGuard Labs researcher Cara Lin said. The attack chain involves the use of]]> 2024-03-11T20:17:00+00:00 https://thehackernews.com/2024/03/new-banking-trojan-chavecloak-targets.html www.secnews.physaphae.fr/article.php?IdArticle=8462170 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) As the shift of IT infrastructure to cloud-based solutions celebrates its 10-year anniversary, it becomes clear that traditional on-premises approaches to data security are becoming obsolete. Rather than protecting the endpoint, DLP solutions need to refocus their efforts to where corporate data resides - in the browser. A new guide by LayerX titled "On-Prem is Dead. Have You Adjusted Your Web]]> 2024-03-11T17:03:00+00:00 https://thehackernews.com/2024/03/data-leakage-prevention-in-age-of-cloud.html www.secnews.physaphae.fr/article.php?IdArticle=8462119 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind the BianLian ransomware have been observed exploiting security flaws in JetBrains TeamCity software to conduct their extortion-only attacks. According to a new report from GuidePoint Security, which responded to a recent intrusion, the incident "began with the exploitation of a TeamCity server which resulted in the deployment of a PowerShell implementation of]]> 2024-03-11T15:23:00+00:00 https://thehackernews.com/2024/03/bianlian-threat-actors-exploiting.html www.secnews.physaphae.fr/article.php?IdArticle=8462076 False Ransomware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Technical specifics and a proof-of-concept (PoC) exploit have been made available for a recently disclosed critical security flaw in Progress Software OpenEdge Authentication Gateway and AdminServer, which could be potentially exploited to bypass authentication protections. Tracked as CVE-2024-1403, the vulnerability has a maximum severity rating of 10.0 on the CVSS scoring system. It]]> 2024-03-11T11:58:00+00:00 https://thehackernews.com/2024/03/proof-of-concept-exploit-released-for.html www.secnews.physaphae.fr/article.php?IdArticle=8461989 False Vulnerability,Threat,Technical None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A financially motivated threat actor called Magnet Goblin is swiftly adopting one-day security vulnerabilities into its arsenal in order to opportunistically breach edge devices and public-facing services and deploy malware on compromised hosts. “Threat actor group Magnet Goblin\'s hallmark is its ability to swiftly leverage newly disclosed vulnerabilities, particularly targeting]]> 2024-03-11T11:29:00+00:00 https://thehackernews.com/2024/03/magnet-goblin-hacker-group-leveraging-1.html www.secnews.physaphae.fr/article.php?IdArticle=8461990 False Malware,Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft on Friday revealed that the Kremlin-backed threat actor known as Midnight Blizzard (aka APT29 or Cozy Bear) managed to gain access to some of its source code repositories and internal systems following a hack that came to light in January 2024. "In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our]]> 2024-03-09T09:31:00+00:00 https://thehackernews.com/2024/03/microsoft-confirms-russian-hackers.html www.secnews.physaphae.fr/article.php?IdArticle=8461117 False Hack,Threat APT 29 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Meta has offered details on how it intends to implement interoperability in WhatsApp and Messenger with third-party messaging services as the Digital Markets Act (DMA) went into effect in the European Union. “This allows users of third-party providers who choose to enable interoperability (interop) to send and receive messages with opted-in users of either Messenger or WhatsApp – both designated]]> 2024-03-08T18:44:00+00:00 https://thehackernews.com/2024/03/meta-details-whatsapp-and-messenger.html www.secnews.physaphae.fr/article.php?IdArticle=8460826 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In the realm of cybersecurity, the stakes are sky-high, and at its core lies secrets management - the foundational pillar upon which your security infrastructure rests. We\'re all familiar with the routine: safeguarding those API keys, connection strings, and certificates is non-negotiable. However, let\'s dispense with the pleasantries; this isn\'t a simple \'set it and forget it\' scenario. It\'s]]> 2024-03-08T15:19:00+00:00 https://thehackernews.com/2024/03/secrets-sensei-conquering-secrets.html www.secnews.physaphae.fr/article.php?IdArticle=8460756 False None None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cisco has released patches to address a high-severity security flaw impacting its Secure Client software that could be exploited by a threat actor to open a VPN session with that of a targeted user. The networking equipment company described the vulnerability, tracked as CVE-2024-20337 (CVSS score: 8.2), as allowing an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF]]> 2024-03-08T13:39:00+00:00 https://thehackernews.com/2024/03/cisco-issues-patch-for-high-severity.html www.secnews.physaphae.fr/article.php?IdArticle=8460718 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors have been observed leveraging the QEMU open-source hardware emulator as tunneling software during a cyber attack targeting an unnamed "large company" to connect to their infrastructure. While a number of legitimate tunneling tools like Chisel, FRP, ligolo, ngrok, and Plink have been used by adversaries to their advantage, the development marks the first QEMU that has been]]> 2024-03-08T13:18:00+00:00 https://thehackernews.com/2024/03/cybercriminals-utilize-qemu-emulator-as.html www.secnews.physaphae.fr/article.php?IdArticle=8460719 False Tool,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting JetBrains TeamCity On-Premises software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2024-27198 (CVSS score: 9.8), refers to an authentication bypass bug that allows for a complete]]> 2024-03-08T11:43:00+00:00 https://thehackernews.com/2024/03/cisa-warns-of-actively-exploited.html www.secnews.physaphae.fr/article.php?IdArticle=8460680 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are conducting brute-force attacks against WordPress sites by leveraging malicious JavaScript injections, new findings from Sucuri reveal. The attacks, which take the form of distributed brute-force attacks, “target WordPress websites from the browsers of completely innocent and unsuspecting site visitors,” security researcher Denis Sinegubko said. The activity is part of a&]]> 2024-03-07T19:15:00+00:00 https://thehackernews.com/2024/03/hacked-wordpress-sites-abusing-visitors.html www.secnews.physaphae.fr/article.php?IdArticle=8460354 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The China-linked threat actor known as Evasive Panda orchestrated both watering hole and supply chain attacks targeting Tibetan users at least since September 2023. The end of the attacks is to deliver malicious downloaders for Windows and macOS that deploy a known backdoor called MgBot and a previously undocumented Windows implant known as Nightdoor. The findings come from ESET, which]]> 2024-03-07T18:52:00+00:00 https://thehackernews.com/2024/03/chinese-state-hackers-target-tibetans.html www.secnews.physaphae.fr/article.php?IdArticle=8460355 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In today\'s rapidly evolving SaaS environment, the focus is on human users. This is one of the most compromised areas in SaaS security management and requires strict governance of user roles and permissions, monitoring of privileged users, their level of activity (dormant, active, hyperactive), their type (internal/ external), whether they are joiners, movers, or leavers, and more.  Not]]> 2024-03-07T16:41:00+00:00 https://thehackernews.com/2024/03/human-vs-non-human-identity-in-saas.html www.secnews.physaphae.fr/article.php?IdArticle=8460285 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Department of Justice (DoJ) announced the indictment of a 38-year-old Chinese national and a California resident of allegedly stealing proprietary information from Google while covertly working for two China-based tech companies. Linwei Ding (aka Leon Ding), a former Google engineer who was arrested on March 6, 2024, "transferred sensitive Google trade secrets and other confidential]]> 2024-03-07T15:49:00+00:00 https://thehackernews.com/2024/03/ex-google-engineer-arrested-for.html www.secnews.physaphae.fr/article.php?IdArticle=8460261 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Facebook messages are being used by threat actors to a Python-based information stealer dubbed Snake that\'s designed to capture credentials and other sensitive data. “The credentials harvested from unsuspecting users are transmitted to different platforms such as Discord, GitHub, and Telegram,” Cybereason researcher Kotaro Ogino said in a technical report. Details about the campaign&]]> 2024-03-07T13:09:00+00:00 https://thehackernews.com/2024/03/new-python-based-snake-info-stealer.html www.secnews.physaphae.fr/article.php?IdArticle=8460221 False Threat,Technical None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors have been leveraging fake websites advertising popular video conferencing software such as Google Meet, Skype, and Zoom to deliver a variety of malware targeting both Android and Windows users since December 2023. “The threat actor is distributing Remote Access Trojans (RATs) including SpyNote RAT for Android platforms, and NjRAT and DCRat for Windows]]> 2024-03-07T11:41:00+00:00 https://thehackernews.com/2024/03/watch-out-for-spoofed-zoom-skype-google.html www.secnews.physaphae.fr/article.php?IdArticle=8460180 False Malware,Threat,Mobile None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are targeting misconfigured and vulnerable servers running Apache Hadoop YARN, Docker, Atlassian Confluence, and Redis services as part of an emerging malware campaign designed to deliver a cryptocurrency miner and spawn a reverse shell for persistent remote access. “The attackers leverage these tools to issue exploit code, taking advantage of common misconfigurations and]]> 2024-03-06T22:28:00+00:00 https://thehackernews.com/2024/03/hackers-exploit-misconfigured-yarn.html www.secnews.physaphae.fr/article.php?IdArticle=8459936 False Malware,Tool,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind the BlackCat ransomware have shut down their darknet website and likely pulled an exit scam after uploading a bogus law enforcement seizure banner. "ALPHV/BlackCat did not get seized. They are exit scamming their affiliates," security researcher Fabian Wosar said. "It is blatantly obvious when you check the source code of the new takedown notice." "There]]> 2024-03-06T20:33:00+00:00 https://thehackernews.com/2024/03/exit-scam-blackcat-ransomware-group.html www.secnews.physaphae.fr/article.php?IdArticle=8459914 False Ransomware,Threat,Legislation None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An in-depth look into a proactive website security solution that continuously detects, prioritizes, and validates web threats, helping to mitigate security, privacy, and compliance risks.  [Reflectiz shields websites from client-side attacks, supply chain risks, data breaches, privacy violations, and compliance issues] You Can\'t Protect What You Can\'t See Today\'s websites are connected]]> 2024-03-06T17:00:00+00:00 https://thehackernews.com/2024/03/a-new-way-to-manage-your-web-exposure.html www.secnews.physaphae.fr/article.php?IdArticle=8459795 False None None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Every Google Workspace administrator knows how quickly Google Drive becomes a messy sprawl of loosely shared confidential information. This isn\'t anyone\'s fault; it\'s inevitable as your productivity suite is purposefully designed to enable real-time collaboration – both internally and externally.  For Security & Risk Management teams, the untenable risk of any Google Drive footprint]]> 2024-03-06T15:18:00+00:00 https://thehackernews.com/2024/03/how-to-find-and-fix-risky-sharing-in.html www.secnews.physaphae.fr/article.php?IdArticle=8459768 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Department of Treasury\'s Office of Foreign Assets Control (OFAC) sanctioned two individuals and five entities associated with the Intellexa Alliance for their role in “developing, operating, and distributing” commercial spyware designed to target government officials, journalists, and policy experts in the country. “The proliferation of commercial spyware poses distinct and growing]]> 2024-03-06T13:05:00+00:00 https://thehackernews.com/2024/03/us-cracks-down-on-predatory-spyware.html www.secnews.physaphae.fr/article.php?IdArticle=8459726 False Commercial None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) VMware has released patches to address four security flaws impacting ESXi, Workstation, and Fusion, including two critical flaws that could lead to code execution. Tracked as CVE-2024-22252 and CVE-2024-22253, the vulnerabilities have been described as use-after-free bugs in the XHCI USB controller. They carry a CVSS score of 9.3 for Workstation and Fusion, and 8.4 for ESXi systems. "A]]> 2024-03-06T12:50:00+00:00 https://thehackernews.com/2024/03/vmware-issues-security-patches-for-esxi.html www.secnews.physaphae.fr/article.php?IdArticle=8459727 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The cybercrime group called GhostSec has been linked to a Golang variant of a ransomware family called GhostLocker. “TheGhostSec and Stormous ransomware groups are jointly conducting double extortion ransomware attacks on various business verticals in multiple countries,” Cisco Talos researcher Chetan Raghuprasad said in a report shared with The Hacker News. “GhostLocker and]]> 2024-03-06T12:41:00+00:00 https://thehackernews.com/2024/03/alert-ghostsec-and-stormous-launch.html www.secnews.physaphae.fr/article.php?IdArticle=8459706 False Ransomware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A financial entity in Vietnam was the target of a previously undocumented threat actor called Lotus Bane that was first detected in March 2023. Singapore-headquartered Group-IB described the hacking outfit as an advanced persistent threat group that\'s believed to have been active since at least 2022. The exact specifics of the infection chain remain unknown as yet, but it involves the]]> 2024-03-06T12:31:00+00:00 https://thehackernews.com/2024/03/new-apt-group-lotus-bane-behind-recent.html www.secnews.physaphae.fr/article.php?IdArticle=8459707 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Apple has released security updates to address several security flaws, including two vulnerabilities that it said have been actively exploited in the wild. The shortcomings are listed below - CVE-2024-23225 - A memory corruption issue in Kernel that an attacker with arbitrary kernel read and write capability can exploit to bypass kernel memory protections CVE-2024-23296 - A memory]]> 2024-03-06T11:24:00+00:00 https://thehackernews.com/2024/03/urgent-apple-issues-critical-updates.html www.secnews.physaphae.fr/article.php?IdArticle=8459668 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) North Korean threat actors have exploited the recently disclosed security flaws in ConnectWise ScreenConnect to deploy a new malware called TODDLERSHARK. According to a report shared by Kroll with The Hacker News, TODDLERSHARK overlaps with known Kimsuky malware such as BabyShark and ReconShark. “The threat actor gained access to the victim workstation by exploiting the exposed setup wizard]]> 2024-03-05T21:48:00+00:00 https://thehackernews.com/2024/03/hackers-exploit-connectwise.html www.secnews.physaphae.fr/article.php?IdArticle=8459407 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Startups and scales-ups are often cloud-first organizations and rarely have sprawling legacy on-prem environments. Likewise, knowing the agility and flexibility that cloud environments provide, the mid-market is predominantly running in a hybrid state, partly in the cloud but with some on-prem assets. While there has been a bit of a backswing against the pricing and lock-in presented when using]]> 2024-03-05T16:25:00+00:00 https://thehackernews.com/2024/03/what-is-exposure-management-and-how.html www.secnews.physaphae.fr/article.php?IdArticle=8459271 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new DNS threat actor dubbed Savvy Seahorse is leveraging sophisticated techniques to entice targets into fake investment platforms and steal funds. “Savvy Seahorse is a DNS threat actor who convinces victims to create accounts on fake investment platforms, make deposits to a personal account, and then transfers those deposits to a bank in Russia,” Infoblox said in a report]]> 2024-03-05T16:23:00+00:00 https://thehackernews.com/2024/03/cybercriminals-using-novel-dns.html www.secnews.physaphae.fr/article.php?IdArticle=8459272 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) More than 225,000 logs containing compromised OpenAI ChatGPT credentials were made available for sale on underground markets between January and October 2023, new findings from Group-IB show. These credentials were found within information stealer logs associated with LummaC2, Raccoon, and RedLine stealer malware. “The number of infected devices decreased slightly in mid- and late]]> 2024-03-05T16:08:00+00:00 https://thehackernews.com/2024/03/over-225000-compromised-chatgpt.html www.secnews.physaphae.fr/article.php?IdArticle=8459273 False Malware ChatGPT 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor known as TA577 has been observed using ZIP archive attachments in phishing emails with an aim to steal NT LAN Manager (NTLM) hashes. The new attack chain “can be used for sensitive information gathering purposes and to enable follow-on activity,” enterprise security firm Proofpoint said in a Monday report. At least two campaigns taking advantage of this]]> 2024-03-05T15:55:00+00:00 https://thehackernews.com/2024/03/warning-thread-hijacking-attack-targets.html www.secnews.physaphae.fr/article.php?IdArticle=8459245 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new pair of security vulnerabilities have been disclosed in JetBrains TeamCity On-Premises software that could be exploited by a threat actor to take control of affected systems. The flaws, tracked as CVE-2024-27198 (CVSS score: 9.8) and CVE-2024-27199 (CVSS score: 7.3), have been addressed in version 2023.11.4. They impact all TeamCity On-Premises versions through 2023.11.3. “The]]> 2024-03-05T09:04:00+00:00 https://thehackernews.com/2024/03/critical-jetbrains-teamcity-on-premises.html www.secnews.physaphae.fr/article.php?IdArticle=8459112 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybercriminals are using a network of hired money mules in India using an Android-based application to orchestrate a massive money laundering scheme. The malicious application, called XHelper, is a "key tool for onboarding and managing these money mules," CloudSEK researchers Sparsh Kulshrestha, Abhishek Mathew, and Santripti Bhujel said in a report. Details about the scam ]]> 2024-03-04T19:20:00+00:00 https://thehackernews.com/2024/03/how-cybercriminals-are-exploiting.html www.secnews.physaphae.fr/article.php?IdArticle=8458868 False Tool None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A company\'s lifecycle stage, size, and state have a significant impact on its security needs, policies, and priorities. This is particularly true for modern mid-market companies that are either experiencing or have experienced rapid growth. As requirements and tasks continue to accumulate and malicious actors remain active around the clock, budgets are often stagnant at best. Yet, it is crucial]]> 2024-03-04T16:42:00+00:00 https://thehackernews.com/2024/03/from-500-to-5000-employees-securing-3rd.html www.secnews.physaphae.fr/article.php?IdArticle=8458807 False None None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) As many as 100 malicious artificial intelligence (AI)/machine learning (ML) models have been discovered in the Hugging Face platform. These include instances where loading a pickle file leads to code execution, software supply chain security firm JFrog said. "The model\'s payload grants the attacker a shell on the compromised machine, enabling them to gain full control over victims\']]> 2024-03-04T14:52:00+00:00 https://thehackernews.com/2024/03/over-100-malicious-aiml-models-found-on.html www.secnews.physaphae.fr/article.php?IdArticle=8458766 False None None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) U.S. cybersecurity and intelligence agencies have warned of Phobos ransomware attacks targeting government and critical infrastructure entities, outlining the various tactics and techniques the threat actors have adopted to deploy the file-encrypting malware. “Structured as a ransomware as a service (RaaS) model, Phobos ransomware actors have targeted entities including municipal and]]> 2024-03-04T10:54:00+00:00 https://thehackernews.com/2024/03/phobos-ransomware-aggressively.html www.secnews.physaphae.fr/article.php?IdArticle=8458699 False Ransomware,Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A U.S. judge has ordered NSO Group to hand over its source code for Pegasus and other products to Meta as part of the social media giant\'s ongoing litigation against the Israeli spyware vendor. The decision, which marks a major legal victory for Meta, which filed the lawsuit in October 2019 for using its infrastructure to distribute the spyware to approximately]]> 2024-03-02T11:53:00+00:00 https://thehackernews.com/2024/03/us-court-orders-nso-group-to-hand-over.html www.secnews.physaphae.fr/article.php?IdArticle=8457852 False Legislation None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Department of Justice (DoJ) on Friday unsealed an indictment against an Iranian national for his alleged involvement in a multi-year cyber-enabled campaign designed to compromise U.S. governmental and private entities. More than a dozen entities are said to have been targeted, including the U.S. Departments of the Treasury and State, defense contractors that support U.S. Department of]]> 2024-03-02T10:08:00+00:00 https://thehackernews.com/2024/03/us-charges-iranian-hacker-offers-10.html www.secnews.physaphae.fr/article.php?IdArticle=8457834 False Hack None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A novel phishing kit has been observed impersonating the login pages of well-known cryptocurrency services as part of an attack cluster designed to primarily target mobile devices. “This kit enables attackers to build carbon copies of single sign-on (SSO) pages, then use a combination of email, SMS, and voice phishing to trick the target into sharing usernames, passwords, password reset URLs,]]> 2024-03-01T19:02:00+00:00 https://thehackernews.com/2024/03/new-phishing-kit-leverages-sms-voice.html www.secnews.physaphae.fr/article.php?IdArticle=8457530 False Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) More than a decade ago, the concept of the \'blameless\' postmortem changed how tech companies recognize failures at scale. John Allspaw, who coined the term during his tenure at Etsy, argued postmortems were all about controlling our natural reaction to an incident, which is to point fingers: “One option is to assume the single cause is incompetence and scream at engineers to make them]]> 2024-03-01T16:38:00+00:00 https://thehackernews.com/2024/03/4-instructive-postmortems-on-data.html www.secnews.physaphae.fr/article.php?IdArticle=8457479 False None None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered a new Linux variant of a remote access trojan (RAT) called BIFROSE (aka Bifrost) that uses a deceptive domain mimicking VMware. "This latest version of Bifrost aims to bypass security measures and compromise targeted systems," Palo Alto Networks Unit 42 researchers Anmol Maurya and Siddharth Sharma said. BIFROSE is one of the long-standing]]> 2024-03-01T16:26:00+00:00 https://thehackernews.com/2024/03/new-bifrose-linux-malware-variant-using.html www.secnews.physaphae.fr/article.php?IdArticle=8457480 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Five Eyes (FVEY) intelligence alliance has issued a new cybersecurity advisory warning of cyber threat actors exploiting known security flaws in Ivanti Connect Secure and Ivanti Policy Secure gateways, noting that the Integrity Checker Tool (ICT) can be deceived to provide a false sense of security. "Ivanti ICT is not sufficient to detect compromise and that a cyber threat actor may be able]]> 2024-03-01T11:56:00+00:00 https://thehackernews.com/2024/03/five-eyes-agencies-warn-of-active.html www.secnews.physaphae.fr/article.php?IdArticle=8457395 False Tool,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) GitHub on Thursday announced that it\'s enabling secret scanning push protection by default for all pushes to public repositories. “This means that when a supported secret is detected in any push to a public repository, you will have the option to remove the secret from your commits or, if you deem the secret safe, bypass the block,” Eric Tooley and Courtney Claessens said. Push protection&]]> 2024-03-01T10:59:00+00:00 https://thehackernews.com/2024/03/github-rolls-out-default-secret.html www.secnews.physaphae.fr/article.php?IdArticle=8457353 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have disclosed a new attack technique called Silver SAML that can be successful even in cases where mitigations have been applied against Golden SAML attacks. Silver SAML “enables the exploitation of SAML to launch attacks from an identity provider like Entra ID against applications configured to use it for authentication, such as Salesforce,” Semperis]]> 2024-02-29T20:51:00+00:00 https://thehackernews.com/2024/02/new-silver-saml-attack-evades-golden.html www.secnews.physaphae.fr/article.php?IdArticle=8457062 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat hunters have discovered a new Linux malware called GTPDOOR that\'s designed to be deployed in telecom networks that are adjacent to GPRS roaming exchanges (GRX) The malware is novel in the fact that it leverages the GPRS Tunnelling Protocol (GTP) for command-and-control (C2) communications. GPRS roaming allows subscribers to access their GPRS services while they are]]> 2024-02-29T17:03:00+00:00 https://thehackernews.com/2024/02/gtpdoor-linux-malware-targets-telecoms.html www.secnews.physaphae.fr/article.php?IdArticle=8456928 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The notorious Lazarus Group actors exploited a recently patched privilege escalation flaw in the Windows Kernel as a zero-day to obtain kernel-level access and disable security software on compromised hosts. The vulnerability in question is CVE-2024-21338 (CVSS score: 7.8), which can permit an attacker to gain SYSTEM privileges. It was resolved by Microsoft earlier this month as part]]> 2024-02-29T16:49:00+00:00 https://thehackernews.com/2024/02/lazarus-hackers-exploited-windows.html www.secnews.physaphae.fr/article.php?IdArticle=8456930 False Vulnerability,Threat APT 38 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) As an IT leader, staying on top of the latest cybersecurity developments is essential to keeping your organization safe. But with threats coming from all around - and hackers dreaming up new exploits every day - how do you create proactive, agile cybersecurity strategies? And what cybersecurity approach gives you the most bang for your buck, mitigating your risks and maximizing the value of your]]> 2024-02-29T16:49:00+00:00 https://thehackernews.com/2024/02/why-risk-based-approach-to.html www.secnews.physaphae.fr/article.php?IdArticle=8456929 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A previously undocumented threat actor dubbed SPIKEDWINE has been observed targeting officials in European countries with Indian diplomatic missions using a new backdoor called WINELOADER. The adversary, according to a report from Zscaler ThreatLabz, used a PDF file in emails that purported to come from the Ambassador of India, inviting diplomatic staff to a wine-tasting]]> 2024-02-29T13:49:00+00:00 https://thehackernews.com/2024/02/new-backdoor-targeting-european.html www.secnews.physaphae.fr/article.php?IdArticle=8456853 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The notorious North Korean state-backed hacking group Lazarus uploaded four packages to the Python Package Index (PyPI) repository with the goal of infecting developer systems with malware. The packages, now taken down, are pycryptoenv, pycryptoconf, quasarlib, and swapmempool. They have been collectively downloaded 3,269 times, with pycryptoconf accounting for the most]]> 2024-02-29T13:47:00+00:00 https://thehackernews.com/2024/02/lazarus-exploits-typos-to-sneak-pypi.html www.secnews.physaphae.fr/article.php?IdArticle=8456854 False Malware APT 38 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) At least two different suspected China-linked cyber espionage clusters, tracked as UNC5325 and UNC3886, have been attributed to the exploitation of security flaws in Ivanti Connect Secure VPN appliances. UNC5325 abused CVE-2024-21893 to deliver a wide range of new malware called LITTLELAMB.WOOLTEA, PITSTOP, PITDOG, PITJET, and PITHOOK, as well as attempted to maintain]]> 2024-02-29T11:19:00+00:00 https://thehackernews.com/2024/02/chinese-hackers-exploiting-ivanti-vpn.html www.secnews.physaphae.fr/article.php?IdArticle=8456812 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) U.S. President Joe Biden has issued an Executive Order that prohibits the mass transfer of citizens\' personal data to countries of concern. The Executive Order also "provides safeguards around other activities that can give those countries access to Americans\' sensitive data," the White House said in a statement. This includes sensitive information such as genomic data, biometric data,]]> 2024-02-29T10:33:00+00:00 https://thehackernews.com/2024/02/president-biden-blocks-mass-transfer-of.html www.secnews.physaphae.fr/article.php?IdArticle=8456769 False Legislation None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An Iran-nexus threat actor known as UNC1549 has been attributed with medium confidence to a new set of attacks targeting aerospace, aviation, and defense industries in the Middle East, including Israel and the U.A.E. Other targets of the cyber espionage activity likely include Turkey, India, and Albania, Google-owned Mandiant said in a new analysis. UNC1549 is said to overlap with ]]> 2024-02-28T20:38:00+00:00 https://thehackernews.com/2024/02/iran-linked-unc1549-hackers-target.html www.secnews.physaphae.fr/article.php?IdArticle=8456494 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. government is warning about the resurgence of BlackCat (aka ALPHV) ransomware attacks targeting the healthcare sector as recently as this month. "Since mid-December 2023, of the nearly 70 leaked victims, the healthcare sector has been the most commonly victimized," the government said in an updated advisory. "This is likely in response to the ALPHV/BlackCat administrator\'s]]> 2024-02-28T18:36:00+00:00 https://thehackernews.com/2024/02/fbi-warns-us-healthcare-sector-of.html www.secnews.physaphae.fr/article.php?IdArticle=8456448 False Ransomware,Medical None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In today\'s digital era, data privacy isn\'t just a concern; it\'s a consumer demand. Businesses are grappling with the dual challenge of leveraging customer data for personalized experiences while navigating a maze of privacy regulations. The answer? A privacy-compliant Customer Data Platform (CDP). Join us for a transformative webinar where we unveil Twilio Segment\'s state-of-the-art CDP.]]> 2024-02-28T17:32:00+00:00 https://thehackernews.com/2024/02/building-your-privacy-compliant.html www.secnews.physaphae.fr/article.php?IdArticle=8456419 False None None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Traditional perimeter-based security has become costly and ineffective. As a result, communications security between people, systems, and networks is more important than blocking access with firewalls. On top of that, most cybersecurity risks are caused by just a few superusers – typically one out of 200 users. There\'s a company aiming to fix the gap between traditional PAM and IdM]]> 2024-02-28T16:07:00+00:00 https://thehackernews.com/2024/02/superusers-need-super-protection-how-to.html www.secnews.physaphae.fr/article.php?IdArticle=8456366 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Mexican users have been targeted with tax-themed phishing lures at least since November 2023 to distribute a previously undocumented Windows malware called TimbreStealer. Cisco Talos, which discovered the activity, described the authors as skilled and that the "threat actor has previously used similar tactics, techniques and procedures (TTPs) to distribute a banking trojan known]]> 2024-02-28T13:13:00+00:00 https://thehackernews.com/2024/02/timbrestealer-malware-spreading-via-tax.html www.secnews.physaphae.fr/article.php?IdArticle=8456319 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In a new joint advisory, cybersecurity and intelligence agencies from the U.S. and other countries are urging users of Ubiquiti EdgeRouter to take protective measures, weeks after a botnet comprising infected routers was felled by law enforcement as part of an operation codenamed Dying Ember. The botnet, named MooBot, is said to have been used by a Russia-linked threat actor known as]]> 2024-02-28T11:17:00+00:00 https://thehackernews.com/2024/02/cybersecurity-agencies-warn-ubiquiti.html www.secnews.physaphae.fr/article.php?IdArticle=8456273 False Threat APT 28 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A security vulnerability has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable unauthenticated users to escalate their privileges. Tracked as CVE-2023-40000, the vulnerability was addressed in October 2023 in version 5.7.0.1. "This plugin suffers from unauthenticated site-wide stored [cross-site scripting] vulnerability and could allow any unauthenticated user]]> 2024-02-27T20:13:00+00:00 https://thehackernews.com/2024/02/wordpress-litespeed-plugin.html www.secnews.physaphae.fr/article.php?IdArticle=8455914 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An "intricately designed" remote access trojan (RAT) called Xeno RAT has been made available on GitHub, making it available to other actors at no extra cost. Written in C# and compatible with Windows 10 and Windows 11 operating systems, the open-source RAT comes with a "comprehensive set of features for remote system management," according to its developer, who goes by the name moom825]]> 2024-02-27T18:26:00+00:00 https://thehackernews.com/2024/02/open-source-xeno-rat-trojan-emerges-as.html www.secnews.physaphae.fr/article.php?IdArticle=8455881 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Processing alerts quickly and efficiently is the cornerstone of a Security Operations Center (SOC) professional\'s role. Threat intelligence platforms can significantly enhance their ability to do so. Let\'s find out what these platforms are and how they can empower analysts. The Challenge: Alert Overload The modern SOC faces a relentless barrage of security alerts generated by SIEMs and EDRs.]]> 2024-02-27T16:18:00+00:00 https://thehackernews.com/2024/02/from-alert-to-action-how-to-speed-up.html www.secnews.physaphae.fr/article.php?IdArticle=8455833 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity and intelligence agencies from the Five Eyes nations have released a joint advisory detailing the evolving tactics of the Russian state-sponsored threat actor known as APT29. The hacking outfit, also known as BlueBravo, Cloaked Ursa, Cozy Bear, Midnight Blizzard (formerly Nobelium), and The Dukes, is assessed to be affiliated with the Foreign Intelligence Service (SVR) of the]]> 2024-02-27T16:04:00+00:00 https://thehackernews.com/2024/02/five-eyes-agencies-expose-apt29s.html www.secnews.physaphae.fr/article.php?IdArticle=8455808 False Threat,Cloud APT 29 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have found that it\'s possible to compromise the Hugging Face Safetensors conversion service to ultimately hijack the models submitted by users and result in supply chain attacks. "It\'s possible to send malicious pull requests with attacker-controlled data from the Hugging Face service to any repository on the platform, as well as hijack any models that are submitted]]> 2024-02-27T15:48:00+00:00 https://thehackernews.com/2024/02/new-hugging-face-vulnerability-exposes.html www.secnews.physaphae.fr/article.php?IdArticle=8455809 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A critical security flaw has been disclosed in a popular WordPress plugin called Ultimate Member that has more than 200,000 active installations. The vulnerability, tracked as CVE-2024-1071, carries a CVSS score of 9.8 out of a maximum of 10. Security researcher Christiaan Swiers has been credited with discovering and reporting the flaw. In an advisory published last week, WordPress]]> 2024-02-27T11:13:00+00:00 https://thehackernews.com/2024/02/wordpress-plugin-alert-critical-sqli.html www.secnews.physaphae.fr/article.php?IdArticle=8455718 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Ukrainian entities based in Finland have been targeted as part of a malicious campaign distributing a commercial remote access trojan known as Remcos RAT using a malware loader called IDAT Loader. The attack has been attributed to a threat actor tracked by the Computer Emergency Response Team of Ukraine (CERT-UA) under the moniker UAC-0184. "The attack, as part of the IDAT Loader, used]]> 2024-02-26T20:24:00+00:00 https://thehackernews.com/2024/02/new-idat-loader-attacks-using.html www.secnews.physaphae.fr/article.php?IdArticle=8455453 False Malware,Threat,Commercial None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) More than 8,000 subdomains belonging to legitimate brands and institutions have been hijacked as part of a sophisticated distribution architecture for spam proliferation and click monetization. Guardio Labs is tracking the coordinated malicious activity, which has been ongoing since at least September 2022, under the name SubdoMailing. The emails range from "counterfeit package delivery alerts]]> 2024-02-26T19:40:00+00:00 https://thehackernews.com/2024/02/8000-subdomains-of-trusted-brands.html www.secnews.physaphae.fr/article.php?IdArticle=8455427 False Spam None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A set of fake npm packages discovered on the Node.js repository has been found to share ties with North Korean state-sponsored actors, new findings from Phylum show. The packages are named execution-time-async, data-time-utils, login-time-utils, mongodb-connection-utils, and mongodb-execution-utils. One of the packages in question, execution-time-async, masquerades as its legitimate]]> 2024-02-26T17:57:00+00:00 https://thehackernews.com/2024/02/north-korean-hackers-targeting.html www.secnews.physaphae.fr/article.php?IdArticle=8455379 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Last year, the Open Worldwide Application Security Project (OWASP) published multiple versions of the "OWASP Top 10 For Large Language Models," reaching a 1.0 document in August and a 1.1 document in October. These documents not only demonstrate the rapidly evolving nature of Large Language Models, but the evolving ways in which they can be attacked and defended. We\'re going to talk in this]]> 2024-02-26T15:59:00+00:00 https://thehackernews.com/2024/02/three-tips-to-protect-your-secrets-from.html www.secnews.physaphae.fr/article.php?IdArticle=8455338 False None None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers are warning about a spike in email phishing campaigns that are weaponizing the Google Cloud Run service to deliver various banking trojans such as Astaroth (aka Guildma), Mekotio, and Ousaban (aka Javali) to targets across Latin America (LATAM) and Europe. "The infection chains associated with these malware families feature the use of malicious]]> 2024-02-26T15:21:00+00:00 https://thehackernews.com/2024/02/banking-trojans-target-latin-america.html www.secnews.physaphae.fr/article.php?IdArticle=8455339 False Malware,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind the LockBit ransomware operation have resurfaced on the dark web using new infrastructure, days after an international law enforcement exercise seized control of its servers. To that end, the notorious group has moved its data leak portal to a new .onion address on the TOR network, listing 12 new victims as of writing. The administrator behind LockBit, in a&]]> 2024-02-26T10:27:00+00:00 https://thehackernews.com/2024/02/lockbit-ransomware-group-resurfaces.html www.secnews.physaphae.fr/article.php?IdArticle=8455224 False Ransomware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) LockBitSupp, the individual(s) behind the persona representing the LockBit ransomware service on cybercrime forums such as Exploit and XSS, "has engaged with law enforcement," authorities said. The development comes following the takedown of the prolific ransomware-as-a-service (RaaS) operation as part of a coordinated international operation codenamed Cronos. Over 14,000 rogue]]> 2024-02-25T14:23:00+00:00 https://thehackernews.com/2024/02/authorities-claim-lockbit-admin.html www.secnews.physaphae.fr/article.php?IdArticle=8454915 False Ransomware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft has expanded free logging capabilities to all U.S. federal agencies using Microsoft Purview Audit irrespective of the license tier, more than six months after a China-linked cyber espionage campaign targeting two dozen organizations came to light. "Microsoft will automatically enable the logs in customer accounts and increase the default log retention period from 90 days to 180 days,"]]> 2024-02-24T17:19:00+00:00 https://thehackernews.com/2024/02/microsoft-expands-free-logging.html www.secnews.physaphae.fr/article.php?IdArticle=8454550 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A dormant package available on the Python Package Index (PyPI) repository was updated nearly after two years to propagate an information stealer malware called Nova Sentinel. The package, named django-log-tracker, was first published to PyPI in April 2022, according to software supply chain security firm Phylum, which detected an anomalous update to the library on February 21,]]> 2024-02-23T22:38:00+00:00 https://thehackernews.com/2024/02/dormant-pypi-package-compromised-to.html www.secnews.physaphae.fr/article.php?IdArticle=8454213 False Malware None 2.0000000000000000