This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-23T20:04:21+00:00 www.secnews.physaphae.fr WatchGuard - Fabricant Matériel et Logiciels 2024-05-08T00:00:00+00:00 https://www.watchguard.com/fr/wgrd-news/press-releases/les-produits-de-cybersecurite-watchguard-obtiennent-9-top-rated-awards www.secnews.physaphae.fr/article.php?IdArticle=8499593 False Threat,Tool None 3.0000000000000000 ZD Net - Magazine Info VPNs are no longer safe if these security researchers are right.]]> 2024-05-07T18:26:23+00:00 https://www.zdnet.com/article/security-researchers-say-this-scary-exploit-could-render-all-vpns-useless/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=8503443 False Threat None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The MITRE Corporation has offered more details into the recently disclosed cyber attack, stating that the first evidence of the intrusion now dates back to December 31, 2023. The attack, which came to light last month, singled out MITRE\'s Networked Experimentation, Research, and Virtualization Environment (NERVE) through the exploitation of two Ivanti Connect Secure zero-day]]> 2024-05-07T18:25:00+00:00 https://thehackernews.com/2024/05/china-linked-hackers-used-rootrot.html www.secnews.physaphae.fr/article.php?IdArticle=8495242 False Threat,Vulnerability None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial Dragos Inc. a annoncé un partenariat élargi avec CrowdStrike pour intégrer OT Threat Intelligence de la plate-forme Dragos dans ...

---

>Dragos Inc. announced an expanded partnership with CrowdStrike to integrate OT threat intelligence from the Dragos Platform into... ]]> 2024-05-07T16:42:00+00:00 https://industrialcyber.co/news/dragos-integrates-with-crowdstrike-falcon-next-gen-siem-for-threat-detection-in-ot-networks/ www.secnews.physaphae.fr/article.php?IdArticle=8495706 False Threat,Industrial None 3.0000000000000000 Checkpoint - Fabricant Materiel Securite Alors que les cybermenaces se développent rapidement, les entreprises peuvent faire confiance à un point de contrôle pour fournir des solutions accélérées de réseau et de cloud, en collaboration avec NVIDIA.En combinant l'expérience de Check Point \\ dans la prévention avancée des menaces avec les plates-formes informatiques accélérées de pointe de Nvidia \\, les entreprises peuvent obtenir la meilleure sécurité sur les réseaux les plus rapides.Vérifier la collaboration pluriannuelle de Point \\ avec NVIDIA s'étend sur trois domaines clés: Premièrement, la sécurisation de l'infrastructure de cloud AI propulsée par les unités de traitement des données Bluefield NVIDIA (DPU) pour aider les entreprises à développer et à déployer des applications généatives d'IA génératives.Deuxièmement, accélérer la sécurité du réseau en tirant parti de la plate-forme de réseautage NVIDIA ConnectX à haute vitesse pour l'inspection du pare-feu.Troisièmement, en utilisant des commutateurs intelligents [& # 8230;]

---

>As cyber threats expand rapidly, enterprises can trust Check Point to deliver accelerated network and cloud security solutions, in collaboration with NVIDIA. By combining Check Point\'s experience in advanced threat prevention with NVIDIA\'s cutting-edge accelerated computing platforms, enterprises can get the best security on the fastest networks. Check Point\'s multi-year collaboration with NVIDIA spans three key areas: First, securing the AI Cloud infrastructure powered by NVIDIA BlueField data processing units (DPUs) to help enterprises safely develop and deploy generative AI applications. Second, accelerating network security by leveraging the high-speed NVIDIA ConnectX networking platform for firewall inspection. Third, using intelligent switches […] ]]> 2024-05-07T16:32:56+00:00 https://blog.checkpoint.com/security/check-point-protects-enterprises-by-accelerating-security-for-networks-and-ai-cloud-infrastructure-in-collaboration-with-nvidia/ www.secnews.physaphae.fr/article.php?IdArticle=8495347 False Threat,Cloud None 3.0000000000000000 Global Security Mag - Site de news francais Produits]]> 2024-05-07T16:30:00+00:00 https://www.globalsecuritymag.fr/cloudflare-inc-annonce-cloudflare-for-unified-risk-posture.html www.secnews.physaphae.fr/article.php?IdArticle=8495262 False Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine A new report by Cato Networks found that exploiting old vulnerabilities in unpatched systems is one of threat actors\' favorite initial access vectors]]> 2024-05-07T16:22:00+00:00 https://www.infosecurity-magazine.com/news/log4j-top-exploited-vulnerabilities/ www.secnews.physaphae.fr/article.php?IdArticle=8495353 False Threat,Vulnerability None 3.0000000000000000 Global Security Mag - Site de news francais revues de produits

---

DoControl Unveils New Product Innovations: Identity Threat Detection and Response (ITDR) and SaaS Misconfigurations Management With these two groundbreaking capabilities, DoControl delivers a holistic SaaS Security Posture Management solution, safeguarding SaaS data, identities, connected apps, and configurations to mitigate sensitive data exposure and combat insider threats - Product Reviews]]> 2024-05-07T16:10:43+00:00 https://www.globalsecuritymag.fr/docontrol-introduces-identity-threat-detection-and-response.html www.secnews.physaphae.fr/article.php?IdArticle=8495368 False Threat,Cloud None 2.0000000000000000 Bleeping Computer - Magazine Américain The UK Government confirmed today that a threat actor recently breached the country\'s Ministry of Defence and gained access to part of the Armed Forces payment network. [...]]]> 2024-05-07T15:41:53+00:00 https://www.bleepingcomputer.com/news/security/uk-confirms-ministry-of-defence-payroll-data-exposed-in-data-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8495434 False Threat,Data Breach None 2.0000000000000000 IT Security Guru - Blog Sécurité Cyberison annonce la disponibilité de la défense de la menace mobile cyberéaison en réponse à l'augmentation des attaques sophistiquées d'appareils mobiles est apparu pour la première fois sur gourou de la sécurité informatique .

---

Cybereason has announced the availability of Cybereason Mobile Threat Defence, Powered by Zimperium. With the explosive growth in mobile devices and apps comes an ever-evolving attack surface. Research shows that 60% of endpoints accessing enterprise assets are through mobile devices, so threats to the attack surface aren’t slowing down. As we see continued growth toward […] The post Cybereason Announces the Availability of Cybereason Mobile Threat Defence in Response to Increases in Sophisticated Mobile Device Attacks first appeared on IT Security Guru. ]]> 2024-05-07T15:27:13+00:00 https://www.itsecurityguru.org/2024/05/07/cybereason-announces-the-availability-of-cybereason-mobile-threat-defence-in-response-to-increases-in-sophisticated-mobile-device-attacks/?utm_source=rss&utm_medium=rss&utm_campaign=cybereason-announces-the-availability-of-cybereason-mobile-threat-defence-in-response-to-increases-in-sophisticated-mobile-device-attacks www.secnews.physaphae.fr/article.php?IdArticle=8495311 False Threat,Mobile None 4.0000000000000000 Team Cymru - Equipe de Threat Intelligence User-friendly threat intelligence tool for IP and domain analysis If you are a SOC Analyst or Team Manager and are used to alert fatigue...]]> 2024-05-07T14:51:31+00:00 https://www.team-cymru.com/post/enhancing-soc-security-introducing-pure-signal-scout-insight www.secnews.physaphae.fr/article.php?IdArticle=8495275 False Threat,Tool None 3.0000000000000000 ProofPoint - Cyber Firms 2024-05-07T13:42:04+00:00 https://www.proofpoint.com/us/blog/security-awareness-training/qr-code-phishing-simulation www.secnews.physaphae.fr/article.php?IdArticle=8495238 False Threat,Tool,Vulnerability None 2.0000000000000000 IT Security Guru - Blog Sécurité Cyber Threat Research: les mauvaises pratiques de correction et les protocoles non cryptés continuent de hanter les entreprises Apparu pour la première fois sur gourou de la sécurité informatique .

---

Cato Networks, the SASE leader, today unveiled the findings of its inaugural Cato CTRL SASE Threat Report for Q1 2024. The report shows all organizations surveyed continue to run insecure protocols across their wide access networks (WAN), making it easier for cybercriminals to move across networks. Developed by Cato CTRL, the SASE leader\'s cyber threat intelligence […] The post Cyber Threat Research: Poor Patching Practices and Unencrypted Protocols Continue to Haunt Enterprises first appeared on IT Security Guru. ]]> 2024-05-07T13:34:29+00:00 https://www.itsecurityguru.org/2024/05/07/cyber-threat-research-poor-patching-practices-and-unencrypted-protocols-continue-to-haunt-enterprises/?utm_source=rss&utm_medium=rss&utm_campaign=cyber-threat-research-poor-patching-practices-and-unencrypted-protocols-continue-to-haunt-enterprises www.secnews.physaphae.fr/article.php?IdArticle=8495237 False Threat,Patching None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial La Fédération mondiale de la résilience (GRF) a annoncé lundi un nouveau partenariat avec HackNotice, un fournisseur de renseignements sur les menaces en temps réel ...

---

>Global Resilience Federation (GRF) announced on Monday a new partnership with HackNotice, a provider of real-time threat intelligence... ]]> 2024-05-07T13:15:10+00:00 https://industrialcyber.co/news/global-resilience-federation-hacknotice-partner-to-boost-cyber-intelligence-across-sectors/ www.secnews.physaphae.fr/article.php?IdArticle=8495247 False Threat None 2.0000000000000000 Kaspersky - Kaspersky Research blog The report provides vulnerability and exploit statistics, key trends, and analysis of interesting vulnerabilities discovered in Q1 2024.]]> 2024-05-07T10:00:39+00:00 https://securelist.com/vulnerability-report-q1-2024/112554/ www.secnews.physaphae.fr/article.php?IdArticle=8495122 False Threat,Vulnerability None 3.0000000000000000 Global Security Mag - Site de news francais revues de produits

---

Cequence Takes the Lead in Using Machine Learning to Tackle AI-Backed Attacks Enhancements to company\'s flagship Unified API Protection platform save 90% of security analysts\' time, enabling simultaneous threat hunting across multiple APIs - Product Reviews]]> 2024-05-07T07:30:27+00:00 https://www.globalsecuritymag.fr/cequence-announced-multiple-machine-learning-powered-advancements-to-its.html www.secnews.physaphae.fr/article.php?IdArticle=8495069 False Threat None 2.0000000000000000 Global Security Mag - Site de news francais Produits]]> 2024-05-07T07:20:11+00:00 https://www.globalsecuritymag.fr/f5-devoile-de-nouvelles-solutions-de-securite.html www.secnews.physaphae.fr/article.php?IdArticle=8495070 False Threat,Cloud None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Recorded Future\'s Alexander Leslie highlights the increasingly blurred lines between hacktivism, financial cybercrime and nation-state activities during the RSA Conference 2024]]> 2024-05-06T22:55:00+00:00 https://www.infosecurity-magazine.com/news/hacktivism-financial-gain-threat/ www.secnews.physaphae.fr/article.php?IdArticle=8494850 False Threat,Conference None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-05-06T19:54:46+00:00 https://community.riskiq.com/article/7c5aa156 www.secnews.physaphae.fr/article.php?IdArticle=8494794 False Threat,Malware,Cloud,Patching,Vulnerability APT 42 3.0000000000000000 ProofPoint - Cyber Firms 2024-05-06T17:05:52+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/malicious-links-stop-url-based-attacks-before-they-start www.secnews.physaphae.fr/article.php?IdArticle=8494490 False Threat,Ransomware None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-05-06T16:26:54+00:00 https://community.riskiq.com/article/157eab98 www.secnews.physaphae.fr/article.php?IdArticle=8494726 False Threat,Ransomware,Malware,Tool,Vulnerability None 2.0000000000000000 CybeReason - Vendor blog ]]> 2024-05-06T16:15:31+00:00 https://www.cybereason.com/blog/behind-closed-doors-the-rise-of-hidden-malicious-remote-access www.secnews.physaphae.fr/article.php?IdArticle=8494707 False Threat None 3.0000000000000000 MitnickSecurity - Former Hacker Services La récolte des diplômes, autrement connue sous le nom de compromis ou de vol d'identification des informations, peut être une cyber-menace très dévastatrice.Il se trouve également très réussi, comme sur 79% Les comptes d'entreprise ont été compromis par les acteurs de la menace utilisant des tactiques de récolte d'identification, telles que le phishing des informations d'identification.

---

Credential harvesting, otherwise known as credential compromising or credential theft, can be a highly devastating cyber threat. It also happens to be very successful, as over 79% of business accounts were compromised by threat actors using credential harvesting tactics, such as credential phishing.]]> 2024-05-06T14:31:18+00:00 https://www.mitnicksecurity.com/blog/credential-harvesting www.secnews.physaphae.fr/article.php?IdArticle=8494654 False Threat None 2.0000000000000000 Korben - Bloger francais 2024-05-06T14:14:36+00:00 https://korben.info/record-overclocking-9-ghz-raptor-lake-secrets-devoiles.html www.secnews.physaphae.fr/article.php?IdArticle=8494658 False Threat None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC ici . En 2022, j'ai fondé ma société de capital-investissement, Willjam Ventures, et depuis lors, nous avons tenu une expérience exceptionnelle à investir et à opérer les entreprises de cybersécurité de classe mondiale.Ce dernier investissement dans LevelBlue ne fait pas exception, ce qui témoigne de cet engagement.Nous sommes enthousiasmés par l'opportunité à venir pour LevelBlue.Ici & rsquo; s pourquoi: & # 9679; sa mission & ndash;pour simplifier la sécurité et faire de la cyber-résilience un résultat réalisable & ndash;est essentiel au succès des entreprises. Alors que les organisations continuent d'innover, des technologies telles que l'intelligence artificielle (IA) et le cloud computing créent un paysage de menace plus dynamique et élargi.Avec LevelBlue, les organisations n'ont plus besoin de sacrifier l'innovation avec la sécurité et le ndash;Ils réalisent les deux, avec confiance.Avec plus de 1 300 employés axés sur cette mission, LevelBlue propose des services de sécurité stratégiques, notamment des services de sécurité gérés primés, des conseils stratégiques expérimentés, des renseignements sur les menaces et des recherches révolutionnaires & ndash;Servir de conseiller de confiance pour les entreprises du monde entier. & # 9679; LevelBlue rassemble certains des esprits les plus talentueux et les plus brillants de la cybersécurité. Tout comme tout voyage, les organisations ne devraient pas se lancer dans leur voyage de cybersécurité seul.C'est là que LevelBlue entre en jeu. Chaque membre de notre équipe de conseil a en moyenne 15 ans d'expérience en cybersécurité, détenant les dernières certifications et connaissances en travaillant avec des organisations de différents types et tailles.Je suis également ravi d'être rejoint par Sundhar Annamalai, le président de LevelBlue, qui a plus de 20 ans d'expérience dans les services technologiques et l'exécution stratégique pour aider notre entreprise à de nouveaux sommets. & # 9679; La société a une histoire de longue date de la recherche de recherches à l'avenir et neutres. Les conseillers de confiance tiennent leurs clients informés sur les dernières tendances avant qu'elles ne se produisent, et c'est à cela que LevelBlue est le meilleur.Avec la plate-forme de renseignement sur les menaces de niveau Blue, ainsi que les rapports de recherche de l'industrie de l'entreprise (plus à venir sur ce blog), les clients peuvent rester en une étape avant les dernières cyber-menaces, tout en acquittent des informations précieuses sur la façon d'allouer correctement allouéRessources de cybersécurité. La cyber-résilience n'est pas facilement définie, et elle n'est pas facilement réalisable sans le soutien nécessaire.Les services de cybersécurité stratégiques de niveauBlue aideront à résoudre ce défi à une époque où il a le plus besoin.Nous avons la bonne équipe, la bonne technologie et au bon moment dans le temps & ndash;Je suis ravi pour le voyage à venir. Pour ceux de la conférence RSA, nous vous invitons à venir en savoir plus sur LevelBlue en visitant le stand # 6155 à Moscone North Expo.Nous sommes impatients de nous présenter à vous.

---

Today is a monumental day for the cybersecurity industry. Live from RSA Conference 2024, I’m excited to introduce LevelBlue – a joint venture with AT&T and WillJam Ventures, to form a new, standalone managed security services busines]]> 2024-05-06T14:05:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/introducing-levelblue-elevating-business-confidence-by-simplifying-security www.secnews.physaphae.fr/article.php?IdArticle=8496673 False Threat,Cloud,Conference None 3.0000000000000000 Global Security Mag - Site de news francais Produits]]> 2024-05-06T13:19:30+00:00 https://www.globalsecuritymag.fr/opentext-tm-annonce-de-nouvelles-solutions.html www.secnews.physaphae.fr/article.php?IdArticle=8494632 False Threat None 2.0000000000000000 Fortinet - Fabricant Materiel Securite In this report, we examine the cyberthreat landscape in 2H 2023 to identify trends and offer insights on what security professionals should know.]]> 2024-05-06T13:00:00+00:00 https://www.fortinet.com/blog/threat-research/key-findings-2h-2023-fortiguard-labs-threat-report www.secnews.physaphae.fr/article.php?IdArticle=8494624 False Threat None 3.0000000000000000 Checkpoint Research - Fabricant Materiel Securite Pour les dernières découvertes en cyberLes meilleures attaques et violations dans une déclaration conjointe avec l'Allemagne et l'OTAN, la République tchèque a découvert une campagne de cyber-espionnage par l'acteur affilié à l'État russe APT28.Ces cyberattaques ont ciblé les institutions tchèques utilisant une nouvelle vulnérabilité dans Microsoft [& # 8230;]

---

>For the latest discoveries in cyber research for the week of 29th April, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES In a joint statement with Germany and NATO, the Czech Republic uncovered a cyber espionage campaign by Russian state affiliated actor APT28. These cyber-attacks targeted Czech institutions using a new vulnerability in Microsoft […] ]]> 2024-05-06T11:21:36+00:00 https://research.checkpoint.com/2024/6th-may-threat-intelligence-report/ www.secnews.physaphae.fr/article.php?IdArticle=8494575 False Threat,Vulnerability APT 28 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial La Tchéche conjointement avec l'Allemagne, la Lituanie, la Pologne, la Slovaquie, la Suède, l'Union européenne, l'OTAN et les partenaires internationaux condamnent le ...

---

>The Czechia jointly with Germany, Lithuania, Poland, Slovakia, Sweden, the European Union, NATO, and international partners condemns the... ]]> 2024-05-06T11:07:37+00:00 https://industrialcyber.co/critical-infrastructure/russian-apt28-hackers-exploit-outlook-flaw-to-target-czech-german-polish-organizations/ www.secnews.physaphae.fr/article.php?IdArticle=8494573 False Threat APT 28 4.0000000000000000 Global Security Mag - Site de news francais Produits]]> 2024-05-06T09:20:57+00:00 https://www.globalsecuritymag.fr/eset-etend-sa-gamme-de-services-manages-mdr-aux-pme-et-aux-grandes-entreprises.html www.secnews.physaphae.fr/article.php?IdArticle=8494523 False Threat,Mobile None 2.0000000000000000 ProofPoint - Firm Security 2024-05-06T09:04:02+00:00 https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-sets-new-industry-standard-with-adaptive-threat-protection-capabilities www.secnews.physaphae.fr/article.php?IdArticle=8495517 False Threat None 2.0000000000000000 Global Security Mag - Site de news francais Produits]]> 2024-05-06T08:49:27+00:00 https://www.globalsecuritymag.fr/cybereason-annonce-la-disponibilite-de-cybereason-mobile-threat-defense.html www.secnews.physaphae.fr/article.php?IdArticle=8494497 False Threat,Mobile None 2.0000000000000000 ProofPoint - Cyber Firms 2024-05-06T07:54:03+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/genai-powering-latest-surge-modern-email-threats www.secnews.physaphae.fr/article.php?IdArticle=8494488 False Threat,Ransomware,Data Breach,Tool,Vulnerability ChatGPT 3.0000000000000000 ProofPoint - Cyber Firms 2024-05-06T05:52:32+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/email-security-now-redefined-adaptive-threat-protection-capabilities www.secnews.physaphae.fr/article.php?IdArticle=8494489 False Threat,Ransomware,Malware,Conference None 3.0000000000000000 SkullSecurity - Blog Sécu turing-complete, turing-incomplete, and turing-incomplete64 from the BSides San Francisco 2024 CTF! turing-complete is a 101-level reversing challenge, and turing-incomplete is a much more difficult exploitation challenge with a very similar structure. turing-incomplete64 is a 64-bit version of turing-incomplete, which isn\'t necessarily harder, but is different. Let\'s look at the levels! turing-complete My ideas doc said “Turing Machine?” from a long time ago. I don\'t really remember what I was thinking, but what I decided was to make a simple reversing challenge with a finite tape and 4 operations - go left, go right, read, and write. All commands and responses are binary (1s and 0s), which is hinted at by the instructions being a series of binary bits. The actual main loop, in C, is quite simple: uint8_t tape[128]; // ...write the flag to the tape... for(;;) { uint8_t a = r(); if(a == 2) break; uint8_t b = r(); if(b == 2) break; if(a == 0 && b == 0) { ptr++; } else if(a == 0 && b == 1) { ptr--; } else if(a == 1 && b == 0) { printf("%08b", ]]> 2024-05-05T19:59:58+00:00 https://www.skullsecurity.org/2024/bsidessf-2024-writeups-turing-complete-reversing-exploitation- www.secnews.physaphae.fr/article.php?IdArticle=8504961 False Threat,Technical None 3.0000000000000000 SkullSecurity - Blog Sécu Safer Streets. I apparently wrote this in more “note to self” style, not blog style, so enjoy! First, browse the application. You should be able to create an error: $ curl \'http://localhost:8080/display?name=test\' Error in script /app/server.rb: No such file or directory @ rb_sysopen - /app/data/test Note that has a image/jpeg content-type, so it might confuse the browser. That issue grants access to two primitives: a) Read any file via path traversal b) The full path to the server For example: $ curl -s \'http://localhost:8080/display?name=../server.rb\' | head -n20 require \'json\' require \'sinatra\' require \'pp\' require \'singlogger\' require \'open3\' ::SingLogger.set_level_from_string(level: ENV[\'log_level\'] || \'debug\') LOGGER = ::SingLogger.instance() # Ideally, we set all these in the Dockerfile set :bind, ENV[\'HOST\'] || \'0.0.0.0\' set :port, ENV[\'PORT\'] || \'8080\' SAFER_STREETS_PATH = ENV[\'SAFER_STREETS\'] || \'/app/safer-streets\' SCRIPT = File.expand_path(__FILE__) LOGGER.info("Checking for required binaries...") if File.exist?(SAFER_STREETS_PATH) LOGGER.info("* Found `safer-streets` binary: #{ SAFER_STREETS_PATH }") [...] You can grab the safer-streets binary as well: $ curl -s \'http://localhost:8080/display?name=../../../app/safer-streets\' | file - /dev/stdin: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=fa512a55e0fbc8c4ad80483379826183f29ce161, for GNU/Linux 3.2.0, with debug_info, not stripped Inspecting the Ruby code shows an shell-injection issue if you control the output of safer-streets: system("/usr/bin/report-infraction --node=\'#{result[\'node\']}\' --img=\'#{photo}\'") You can reverse or mess with the binary to dis]]> 2024-05-05T19:59:54+00:00 https://www.skullsecurity.org/2024/bsidessf-2024-writeups-safer-streets-web-reversing- www.secnews.physaphae.fr/article.php?IdArticle=8504963 False Threat,Technical None 4.0000000000000000 SkullSecurity - Blog Sécu cant-give-in, cant-give-in-secure, and cant-give-in-securer are to learn how to exploit and debug compiled code that\'s loaded as a CGI module. You might think that\'s unlikely, but a surprising number of enterprise applications (usually hardware stuff - firewalls, network “security” appliances, stuff like that) is powered by CGI scripts. You never know! This challenge was inspired by one of my co-workers at GreyNoise asking how to debug a CGI script. I thought it\'d be cool to make a multi-challenge series in case others didn\'t know! This write-up is intended to be fairly detailed, to help new players understand their first stack overflow! Part 1: cant-give-in The vulnerability First, let\'s look at the vuln! All three challenges have pretty similar vulnerabilities, but here\'s what the first looks like: char *strlength = getenv("CONTENT_LENGTH"); if(!strlength) { printf("ERROR: Please send data!"); exit(0); } int length = atoi(strlength); read(fileno(stdin), data, length); if(!strcmp(data, "password=MyCoolPassword")) { printf("SUCCESS: authenticated successfully!"); } else { printf("ERROR: Login failed!"); } The way CGI works - a fact that I\'d forgotten since learning Perl like 20 years ago - is that the headers are processed by Apache and sent to the script as environmental variables, and the body (ie, POST data) is sent on stdin. In that script, we read the Content-Length from a variable, then read that many bytes of the POST body into a static buffer. That\'s a fairly standard buffer overflow, with the twist that it\'s in a CGI application! We can demonstrate the issue pretty easily by running the CGI directly (I\'m using dd to produce 200 characters without cluttering up the screen): ]]> 2024-05-05T19:59:43+00:00 https://www.skullsecurity.org/2024/bsidessf-2024-writeups-can-t-give-in-cgi-exploitation- www.secnews.physaphae.fr/article.php?IdArticle=8504965 False Threat,Tool,Technical,Vulnerability None 4.0000000000000000 IndustrialCyber - cyber risk firms for industrial Les environnements industriels sont confrontés à une menace croissante des logiciels malveillants et des attaques de ransomwares, posant des risques importants à l'infrastructure critique, à la fabrication ...

---

>Industrial environments face a growing threat from malware and ransomware attacks, posing significant risks to critical infrastructure, manufacturing... ]]> 2024-05-05T06:13:39+00:00 https://industrialcyber.co/features/growing-threat-of-malware-and-ransomware-attacks-continues-to-put-industrial-environments-at-risk/ www.secnews.physaphae.fr/article.php?IdArticle=8493927 False Threat,Ransomware,Malware,Industrial None 3.0000000000000000 SkullSecurity - Blog Sécu Safer Streets. I apparently wrote this in more “note to self” style, not blog style, so enjoy! First, browse the application. You should be able to create an error: $ curl \'http://localhost:8080/display?name=test\' Error in script /app/server.rb: No such file or directory @ rb_sysopen - /app/data/test Note that has a image/jpeg content-type, so it might confuse the browser. That issue grants access to two primitives: a) Read any file via path traversal b) The full path to the server For example: $ curl -s \'http://localhost:8080/display?name=../server.rb\' | head -n20 require \'json\' require \'sinatra\' require \'pp\' require \'singlogger\' require \'open3\' ::SingLogger.set_level_from_string(level: ENV[\'log_level\'] || \'debug\') LOGGER = ::SingLogger.instance() # Ideally, we set all these in the Dockerfile set :bind, ENV[\'HOST\'] || \'0.0.0.0\' set :port, ENV[\'PORT\'] || \'8080\' SAFER_STREETS_PATH = ENV[\'SAFER_STREETS\'] || \'/app/safer-streets\' SCRIPT = File.expand_path(__FILE__) LOGGER.info("Checking for required binaries...") if File.exist?(SAFER_STREETS_PATH) LOGGER.info("* Found `safer-streets` binary: #{ SAFER_STREETS_PATH }") [...] You can grab the safer-streets binary as well: $ curl -s \'http://localhost:8080/display?name=../../../app/safer-streets\' | file - /dev/stdin: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=fa512a55e0fbc8c4ad80483379826183f29ce161, for GNU/Linux 3.2.0, with debug_info, not stripped Inspecting the Ruby code shows an shell-injection issue if you control the output of safer-streets: system("/usr/bin/report-infraction --node=\'#{result[\'node\']}\' --img=\'#{photo}\'") You can reverse or mess with the binary to dis]]> 2024-05-05T00:00:00+00:00 https://www.skullsecurity.org/bsidessf-2024/ctfs/2024/05/05/safer-streets.html www.secnews.physaphae.fr/article.php?IdArticle=8494289 False Threat None 3.0000000000000000 SkullSecurity - Blog Sécu cant-give-in, cant-give-in-secure, and cant-give-in-securer are to learn how to exploit and debug compiled code that\'s loaded as a CGI module. You might think that\'s unlikely, but a surprising number of enterprise applications (usually hardware stuff - firewalls, network “security” appliances, stuff like that) is powered by CGI scripts. You never know! This challenge was inspired by one of my co-workers at GreyNoise asking how to debug a CGI script. I thought it\'d be cool to make a multi-challenge series in case others didn\'t know! This write-up is intended to be fairly detailed, to help new players understand their first stack overflow! Part 1: cant-give-in The vulnerability First, let\'s look at the vuln! All three challenges have pretty similar vulnerabilities, but here\'s what the first looks like: char *strlength = getenv("CONTENT_LENGTH"); if(!strlength) { printf("ERROR: Please send data!"); exit(0); } int length = atoi(strlength); read(fileno(stdin), data, length); if(!strcmp(data, "password=MyCoolPassword")) { printf("SUCCESS: authenticated successfully!"); } else { printf("ERROR: Login failed!"); } The way CGI works - a fact that I\'d forgotten since learning Perl like 20 years ago - is that the headers are processed by Apache and sent to the script as environmental variables, and the body (ie, POST data) is sent on stdin. In that script, we read the Content-Length from a variable, then read that many bytes of the POST body into a static buffer. That\'s a fairly standard buffer overflow, with the twist that it\'s in a CGI application! We can demonstrate the issue pretty easily by running the CGI directly (I\'m using dd to produce 200 characters without cluttering up the screen): ]]> 2024-05-05T00:00:00+00:00 https://www.skullsecurity.org/bsidessf-2024/ctfs/2024/05/05/cant-give-in.html www.secnews.physaphae.fr/article.php?IdArticle=8494287 False Threat,Tool,Vulnerability None 3.0000000000000000 SkullSecurity - Blog Sécu turing-complete, turing-incomplete, and turing-incomplete64 from the BSides San Francisco 2024 CTF! turing-complete is a 101-level reversing challenge, and turing-incomplete is a much more difficult exploitation challenge with a very similar structure. turing-incomplete64 is a 64-bit version of turing-incomplete, which isn\'t necessarily harder, but is different. Let\'s look at the levels! turing-complete My ideas doc said “Turing Machine?” from a long time ago. I don\'t really remember what I was thinking, but what I decided was to make a simple reversing challenge with a finite tape and 4 operations - go left, go right, read, and write. All commands and responses are binary (1s and 0s), which is hinted at by the instructions being a series of binary bits. The actual main loop, in C, is quite simple: uint8_t tape[128]; // ...write the flag to the tape... for(;;) { uint8_t a = r(); if(a == 2) break; uint8_t b = r(); if(b == 2) break; if(a == 0 && b == 0) { ptr++; } else if(a == 0 && b == 1) { ptr--; } else if(a == 1 && b == 0) { printf("%08b", ]]> 2024-05-05T00:00:00+00:00 https://www.skullsecurity.org/bsidessf-2024/ctfs/2024/05/05/turing-complete.html www.secnews.physaphae.fr/article.php?IdArticle=8494291 False Threat None 3.0000000000000000 Techworm - News hackers russes ne ralentissent pas dans les cyberattaques. L'attaque présumée s'est produite contre le Parti social-démocrate (SPD).Leurs comptes de messagerie ont été compromis dans l'attaque. Cette saga de piratage a commencé il y a plus de deux ans pendant la guerre russe-Ukraine et elle a progressivement augmenté au cours du temps. comment il a commencé Un groupe appelé APT28, également connu sous le nom de Fancy Bear, qui aurait des liens avec le gouvernement russe, a été accusé d'avoir fait de nombreuses cyberattaques partout dans le monde, y compris en Allemagne et quelques entités tchèques. Ils ont trouvé un Vulnérabilité Dans Microsoft Outlook et l'utiliser pour entrer dans les e-mails SPD. La vulnérabilité, un CVE-2023-23397 zéro-jour, est un bogue d'escalade de privilège essentiel dans Outlook qui pourrait permettre aux attaquants d'accéder aux hachages net-ntlmv2, puis de les utiliser pour s'authentifier à l'aide d'une attaque de relais. Le gouvernement allemand dit que non seulement le SPD mais aussi les entreprises allemandes en défense et en aérospatiale. Il comprenait également des objectifs de technologie de l'information, ainsi que des choses liées à la guerre en Ukraine. Ces cyberattaques ont commencé vers mars 2022, après que la Russie ait envahi l'Ukraine. Le gouvernement allemand a allégué que le service de renseignement militaire de la Russie, Gru, était derrière ces attaques. Ils ont même convoqué un diplomate russe en réponse à ces accusations. La Russie a nié les allégations La Russie a nié les allégations et appelé les accusations comme & # 8220; non fondée et sans fondement & # 8221;. Le gouvernement dirigé par Poutine a nié des cyber-incidences similaires aux actes parrainés par l'État dans le passé. L'Occident a été rigide dans son récit de l'implication de la Russie dans les cyberattaques depuis des décennies maintenant. pas le premier rodéo Récemment, le ministre australien des Affaires étrangères a rejoint d'autres pays en disant que l'APT28, qui serait lié à la Russie, était derrière certaines cyberattaques. Ce n'est pas la première fois que les pirates russes sont accusés d'espionnage de l'Allemagne. En 2020, Angela Merkel, qui était la chancelière de l'Allemagne à l'époque, a accusé la Russie de l'espionner. Un incident majeur imputé aux pirates russes a été en 2015 lorsqu'ils ont attaqué le Parlement de l'Allemagne, ce qui l'a fait fermer pendant des jours. ]]> 2024-05-04T21:52:07+00:00 https://www.techworm.net/2024/05/russian-cyberattack-germany-czechoslovakia.html www.secnews.physaphae.fr/article.php?IdArticle=8493664 False Threat,Hack,Vulnerability APT 28 3.0000000000000000 Bleeping Computer - Magazine Américain The Iranian state-backed threat actor tracked as APT42 is employing social engineering attacks, including posing as journalists, to breach corporate networks and cloud environments of Western and Middle Eastern targets. [...]]]> 2024-05-04T10:17:34+00:00 https://www.bleepingcomputer.com/news/security/iranian-hackers-pose-as-journalists-to-push-backdoor-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8493646 False Threat,Malware,Cloud APT 42 3.0000000000000000 Techworm - News a dit , & # 8220; Les implications de ce modèle de vulnérabilité incluent l'exécution de code arbitraire et le vol de jeton, selon une implémentation d'application. & # 8221; Il a ajouté: «L'exécution de code arbitraire peut fournir à un acteur de menace un contrôle total sur le comportement d'une application.Pendant ce temps, le vol de jeton peut fournir à un acteur de menace un accès aux comptes et aux données sensibles de l'utilisateur. » La découverte a affecté plusieurs applications vulnérables dans le Google Play Store, représentant plus de quatre milliards d'installations. Deux des applications trouvées vulnérables au problème comprenaient le gestionnaire de fichiers Xiaomi Inc. (com.mi. Android.globalFileExplorer), qui compte plus de 1 milliard d'installations, et WPS Office (CN.WPS.MOFFICE_ENG), qui a plus que500 millions de téléchargements. Le système d'exploitation Android applique l'isolement en attribuant à chaque application ses propres données et espace mémoire dédiées, en particulier le composant du fournisseur de contenu et sa classe \\ 'fileprovider \', qui facilite les données sécurisées et le partage de fichiers avec d'autres applications installées. Lorsqu'il est implémenté de manière incorrecte, il pourrait introduire des vulnérabilités qui pourraient permettre de contourner les restrictions de lecture / écriture dans le répertoire personnel d'une application. & # 8220; Ce modèle basé sur les fournisseurs de contenu fournit un mécanisme de partage de fichiers bien défini, permettant à une application de service de partager ses fichiers avec d'autres applications de manière sécurisée avec un contrôle à grain fin, & # 8221;Valsamaras noté. & # 8220; Cependant, nous avons fréquemment rencontré des cas où l'application consommatrice ne valide pas le contenu du fichier qu'il reçoit et, le plus préoccupant, il utilise le nom de fichier fourni par la demande de service pour mettre en cache le reçueFichier dans le répertoire de données interne de l'application consommatrice. & # 8221; L'exécution du code malveillant peut être obtenue en permettant à un acteur de menace d'avoir le contrôle total sur le comportement d'une application et de la faire communiquer avec un serveur sous leur contrôle pour accéder aux données sensibles. Dans le cadre de la politique de divulgation responsable de Microsoft \\, la société a partagé ses conclusions avec les développeurs d'applications Android qui ont été affectées par Dirty Stream.Par exemple, les équipes de sécurité de Xiaomi, Inc. et WPS ont déjà enquêté et résolu le problème. Cependant, la société estime que davantage de demandes pourraient être affectées et probablement compromises en raison de la même faiblesse de sécurité.Par conséquent, il recommande que tous les développeurs analysent ses recherches et s'assurent que leurs produits ne sont pas affectés. & # 8220; Nous prévoyons que le modèle de vulnérabilité pourrait être trouvé dans d'autres applications.Nous partageons cette recherche afin que les développeurs et les éditeurs puissent vérifier leurs applications pour des problèmes similaires, réparer ]]> 2024-05-03T22:08:47+00:00 https://www.techworm.net/2024/05/billion-android-vulnerable-apps-installed.html www.secnews.physaphae.fr/article.php?IdArticle=8493097 False Threat,Mobile,Vulnerability None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot Researchers at Zscaler have published a report about the evolution of ZLoader, a modular banking trojan, and its new evasion tactics. Check out Microsoft\'s write-up on ZLoader [here](https://sip.security.microsoft.com/intel-profiles/cbcac2a1de4e52fa5fc4263829d11ba6f2851d6822569a3d3ba9669e72aff789). ## Description ZLoader, also known as Terdot, DELoader, or Silent Night, is a modular Trojan derived from leaked ZeuS source code. After nearly two years of absence, ZLoader resurfaced in September 2023 with a new version incorporating changes to its obfuscation methods, domain generation algorithm (DGA), and network communication. Recently, it has reintroduced an anti-analysis mechanism reminiscent of the original ZeuS 2.x code. This feature limits ZLoader\'s binary execution to the infected system, a trait that had been abandoned by many malware strains derived from the leaked source code until this recent development. ## Detections Microsoft Defender Antivirus detects threat components as the following malware: - Trojan:Win64/ZLoader - Trojan:Win32/ZLoader ## References [ZLoader Learns Old Tricks](https://www.zscaler.com/blogs/security-research/zloader-learns-old-tricks#indicators-of-compromise--iocs-). Zscaler (accessed (2024-05-03) [ZLoader](https://sip.security.microsoft.com/intel-profiles/cbcac2a1de4e52fa5fc4263829d11ba6f2851d6822569a3d3ba9669e72aff789). Microsoft (accessed 2024-05-03) # ZLZLoaderoader]]> 2024-05-03T21:17:42+00:00 https://community.riskiq.com/article/0d7c21ec www.secnews.physaphae.fr/article.php?IdArticle=8493230 False Threat,Malware None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot FortiGuard Labs has identified the emergence of the "Goldoon" botnet, which targets D-Link devices by exploiting the CVE-2015-2051 vulnerability. This allows attackers to gain complete control of vulnerable systems and launch further attacks, including distributed denial-of-service (DDoS). ## Description The botnet\'s initial infiltration involves the exploitation of CVE-2015-2051 to download a file "dropper" from a specific URL, which then downloads the botnet file using an XOR key to decrypt specific strings. The "dropper" script is programmed to automatically download, execute, and clean up potentially malicious files across various Linux system architectures. After execution, the script removes the executed file and then deletes itself to erase any trace of its activity. Once executed, Goldoon establishes a persistent connection with its Command and Control (C2) server and waits for commands to launch related behaviors, including various denial-of-service attacks. The malware contains 27 different methods related to various attacks, posing a significant threat to affected organizations. These methods include ICMP Flooding, TCP Flooding, UDP Flooding, DNS Flooding, HTTP Bypass, HTTP Flooding, and Minecraft DDoS Attack. ## References "[New Goldoon Botnet Targeting D-Link Devices](https://www.fortinet.com/blog/threat-research/new-goldoon-botnet-targeting-d-link-devices)" FortiGuard Labs. (Accessed 2024-05-03)]]> 2024-05-03T20:21:03+00:00 https://community.riskiq.com/article/de08653e www.secnews.physaphae.fr/article.php?IdArticle=8493201 False Threat,Malware,Vulnerability None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot Cybersecurity professionals at GBHackers have discovered a series of cyberattacks targeting poorly managed Microsoft SQL (MS-SQL) servers to install Mallox Ransomware on systems. **Read more about Microsoft\'s coverage for [Mallox Ransomware here.](https://sip.security.microsoft.com/intel-profiles/7fbe39c998c8a495a1652ac6f8bd34852c00f97dc61278cafc56dca1d443131e)** ## Description The threat actor group\'s modus operandi involves exploiting vulnerabilities in improperly managed MS-SQL servers. By employing brute force and dictionary attacks, the attackers gain unauthorized access, primarily targeting the SA (System Administrator) account.  Once inside, they deploy the Remcos Remote Access Tool (RAT) to take control of the infected system. Remcos RAT, initially used for system breach and control, has been repurposed by attackers for malicious activities, featuring capabilities such as keylogging, screenshot capture, and control over webcams and microphones.  Additionally, a custom-made remote screen control malware is deployed, allowing attackers to gain access to the infected system using the AnyDesk ID obtained from the command and control server. Mallox ransomware, known for targeting MS-SQL servers, was then installed to encrypt the system.  Mallox ransomware, utilizes AES-256 and SHA-256 encryption algorithms, appending a ".rmallox" extension to encrypted files. The attack patterns observed in this campaign bear a striking resemblance to ]]> 2024-05-03T20:14:15+00:00 https://community.riskiq.com/article/f5f3ecc6 www.secnews.physaphae.fr/article.php?IdArticle=8493202 False Threat,Ransomware,Malware,Tool,Technical,Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In today\'s rapidly evolving digital landscape, the threat of Distributed Denial of Service (DDoS) attacks looms more significant than ever. As these cyber threats grow in sophistication, understanding and countering them becomes crucial for any business seeking to protect its online presence. To address this urgent need, we are thrilled to announce our upcoming webinar, "Uncovering Contemporary]]> 2024-05-03T18:23:00+00:00 https://thehackernews.com/2024/05/expert-led-webinar-learn-latest-ddos.html www.secnews.physaphae.fr/article.php?IdArticle=8492990 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors have been increasingly weaponizing Microsoft Graph API for malicious purposes with the aim of evading detection. This is done to "facilitate communications with command-and-control (C&C) infrastructure hosted on Microsoft cloud services," the Symantec Threat Hunter Team, part of Broadcom, said in a report shared with The Hacker News.]]> 2024-05-03T18:05:00+00:00 https://thehackernews.com/2024/05/hackers-increasingly-abusing-microsoft.html www.secnews.physaphae.fr/article.php?IdArticle=8492991 False Threat,Malware,Cloud None 3.0000000000000000 Dark Reading - Informationweek Branch Patch now: Cyberattackers are exploiting CVE-2023-7028 (CVSS 10) to take over and lock users out of GitLab accounts, steal source code, and more.]]> 2024-05-03T16:19:34+00:00 https://www.darkreading.com/application-security/critical-gitlab-bug-exploit-account-takeover-cisa www.secnews.physaphae.fr/article.php?IdArticle=8493077 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. government on Thursday published a new cybersecurity advisory warning of North Korean threat actors\' attempts to send emails in a manner that makes them appear like they are from legitimate and trusted parties. The joint bulletin was published by the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Department of State. "The]]> 2024-05-03T15:07:00+00:00 https://thehackernews.com/2024/05/nsa-fbi-alert-on-n-korean-hackers.html www.secnews.physaphae.fr/article.php?IdArticle=8492888 False Threat None 2.0000000000000000 Bleeping Computer - Magazine Américain ​NATO and the European Union, with international partners, formally condemned a long-term cyber espionage campaign against European countries conducted by the Russian threat group APT28. [...]]]> 2024-05-03T11:47:35+00:00 https://www.bleepingcomputer.com/news/security/nato-and-eu-condemn-russias-cyberattacks-against-germany-czechia/ www.secnews.physaphae.fr/article.php?IdArticle=8493049 False Threat APT 28 3.0000000000000000 Techworm - News KB503441 (sur Windows 10) et kb5034440 (sur Windows 11) Dans l'environnement de récupération de Windows (winre). Cependant, l'installation de la mise à jour KB5034441 a commencé à afficher le message d'erreur & # 8220; 0x80070643 & # 8211;Error_install_failure & # 8221;, qui indiquait une taille de partition Winre insuffisante. Les appareils & # 8220; tentant d'installer la mise à jour de l'environnement de récupération de Windows de janvier 2024 (KB5034441) peuvent afficher une erreur liée à la taille de la partition de l'environnement de récupération.Nous travaillons sur une résolution et fournirons une mise à jour dans une version à venir, & # 8221;Microsoft a déclaré dans une mise à jour du tableau de bord Health Windows en janvier 2024. La société a même confirmé que les appareils Windows sans environnement de récupération configurés n'ont pas besoin d'installer la mise à jour KB5034441 et peuvent ignorer l'erreur. Cependant, Microsoft a maintenant reconnu que, au moins sur Windows 10, une résolution automatique pour ce problème n'a pas été disponible dans une future mise à jour Windows, et la seule façon de résoudre ce problème est de terminer l'installation manuellement. Dans une mise à jour du tableau de bord Health Windows, Microsoft.-2024-windows-re-update-might-fail-to-install "data-wpel-link =" external "rel =" nofollow nopenner noreferrer "> dit : Résolution : La résolution automatique de ce numéro sera disponible dans une future mise à jour Windows.Des étapes manuelles sont nécessaires pour terminer l'installation de cette mise à jour sur les appareils qui connaissent cette erreur. La partition Winre nécessite 250 mégaoctets d'espace libre.Les appareils qui n'ont pas d'espace libre suffisant devront augmenter la taille de la partition via une action manuelle.Pour obtenir des conseils sur la réalisation de ce changement, passez en revue les ressources suivantes: Un script de code peut être utilisé pour étendre la taille de partition.Un exemple de script a été fourni dans la documentation pour ajouter un package de mise à jour à Winre.Voir étendez la partition de Windows re . Les conseils pour modifier manuellement la taille de la partition Winre peuvent en outre être trouvés dans KB5028997: Instructions pour redimensionner manuellement votre partition pour installer la mise à jour Winre. L'achèvement de ces étapes manuelles permettra à l'installation de cette mise à jour de réussir.

---

On January]]> 2024-05-02T21:51:39+00:00 https://www.techworm.net/2024/05/microsoft-fix-windows-10-kb5034441-0x80070643-error.html www.secnews.physaphae.fr/article.php?IdArticle=8492515 False Threat,Vulnerability TYPEFRAME 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot Infoblox published an analysis of a threat actor group dubbed Muddling Meerkat, suspected to be a nation-state actor affiliated with China, conducting sophisticated and long-running operations through the Domain Name System (DNS). ## Description Muddling Meerkat\'s approach centers around hijacking internet traffic through sophisticated DNS manipulation techniques, primarily by generating an extensive volume of DNS queries distributed widely via open DNS resolvers. This tactic allows them to exert control over internet traffic, directing it according to their objectives. Unlike conventional denial-of-service attacks aimed at causing service disruptions, Muddling Meerkat\'s primary goal appears to be the manipulation and redirection of internet traffic, highlighting a strategic rather than disruptive motive. Their activities, which began at least as early as October 2019, demonstrate a sustained and methodical approach by the group. The level of expertise displayed in DNS manipulation indicates a profound understanding of network infrastructure and DNS protocols, reflecting a sophisticated and well-re]]> 2024-05-02T19:30:20+00:00 https://community.riskiq.com/article/b6049233 www.secnews.physaphae.fr/article.php?IdArticle=8492593 False Threat None 3.0000000000000000 Techworm - News cve-2023-7028 (Score CVSS: 10) permet à un acteur de menace de déclencher des e-mails de réinitialisation du mot de passe à envoyer des adresses e-mail arbitraires et non vérifiées, en fin de compte de reprise du compte sans interaction utilisateur. De plus, l'exploitation réussie de la vulnérabilité pourrait également conduire à des attaques de chaîne d'approvisionnement en insérant du code malveillant dans des environnements CI / CD (intégration continue / déploiement continu). Bien que ceux qui ont l'authentification à deux facteurs (2FA) activé sont vulnérables à la réinitialisation du mot de passe, ils ne sont cependant pas vulnérables à la prise de contrôle des comptes, car leur deuxième facteur d'authentification est requis pour se connecter. Par conséquent, il est essentiel de patcher les systèmes où les comptes ne sont pas protégés par cette mesure de sécurité supplémentaire. Le bogue CVE-2023-7028 découvert dans Gitlab Community Edition (CE) et Enterprise Edition (EE) affectent toutes les versions de 16.1 avant 16.1.6, 16.2 avant 16.2.9, 16.3 avant 16.3.7, 16.4Avant 16.4.5, 16.5 avant 16.5.6, 16.6 avant 16.6.4 et 16.7 avant 16.7.2. La faille a été traitée dans les versions Gitlab 16.7.2, 16.6.4 et 16.5.6, et les correctifs ont été recouverts aux versions 16.1.6, 16.2.9 et 16.3.7. gitLab a a dit Il n'a détecté aucun abus de vulnérabilité CVE-2023-7028 sur les plateformes gérées parGitLab, y compris Gitlab.com et GitLab Dédié des instances. Cependant, le service de surveillance des menaces, la ShadowServer Foundation, a trouvé plus de 5 300 cas de serveurs Gitlab exposés à des attaques de rachat de compte zéro clique en janvier (les correctifs de sécurité de la semaine ont été publiés), un nombre qui n'a diminué que de 55 seulement 55% à partir de mardi. La CISA a confirmé que la vulnérabilité CVE-2023-7028 était activement exploitée dans les attaques et a demandé aux agences fédérales américaines de sécuriser leurs systèmes jusqu'au 22 mai 2024, ou de supprimer l'utilisation du produit si les atténuations ne sont pas disponibles. ]]> 2024-05-02T19:13:15+00:00 https://www.techworm.net/2024/05/hackers-reset-gitlab-password-email.html www.secnews.physaphae.fr/article.php?IdArticle=8492431 False Threat,Ransomware,Vulnerability None 3.0000000000000000 Global Security Mag - Site de news francais nouvelles commerciales

---

Guardz Partners with SuperOps to Offer MSPs Optimized Cybersecurity for their SMB Clients SuperOps and Guardz are safeguarding MSPs and fortifying businesses amidst the alarming cybersecurity threat surge - Business News]]> 2024-05-02T18:28:56+00:00 https://www.globalsecuritymag.fr/guardz-partners-with-superops.html www.secnews.physaphae.fr/article.php?IdArticle=8492564 False Threat None 1.00000000000000000000 Dark Reading - Informationweek Branch Threat actor dropped in to Dropbox Sign production environment and accessed emails, passwords, and other PII, along with APIs, OAuth, and MFA info.]]> 2024-05-02T18:05:03+00:00 https://www.darkreading.com/application-security/dropbox-breach-exposes-customer-credentials-authentication-data www.secnews.physaphae.fr/article.php?IdArticle=8492545 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cloud storage services provider Dropbox on Wednesday disclosed that Dropbox Sign (formerly HelloSign) was breached by unidentified threat actors, who accessed emails, usernames, and general account settings associated with all users of the digital signature product. The company, in a filing with the U.S. Securities and Exchange Commission (SEC), said it became aware of the "]]> 2024-05-02T15:49:00+00:00 https://thehackernews.com/2024/05/dropbox-discloses-breach-of-digital.html www.secnews.physaphae.fr/article.php?IdArticle=8492326 False Threat,Cloud None 3.0000000000000000 Wired Threat Level - Security News Outabox, an Australian firm that scanned faces for bars and clubs, suffered a breach that shows the problems with giving companies your biometric data.]]> 2024-05-02T15:24:21+00:00 https://www.wired.com/story/outabox-facial-recognition-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8492464 False Threat None 4.0000000000000000 IndustrialCyber - cyber risk firms for industrial Les agences mondiales de cybersécurité émettent une alerte critique concernant la menace immédiate pour les systèmes de technologie opérationnelle (OT) posés par ...

---

>Global cybersecurity agencies issue a critical alert regarding the immediate threat to operational technology (OT) systems posed by... ]]> 2024-05-02T12:18:16+00:00 https://industrialcyber.co/cisa/global-cybersecurity-agencies-issue-alert-on-threat-to-ot-systems-from-pro-russia-hacktivist-activity/ www.secnews.physaphae.fr/article.php?IdArticle=8492381 False Threat,Industrial None 4.0000000000000000 The Security Ledger - Blog Sécurité

---

Host Paul Roberts speaks with Jim Broome, the CTO and President of DirectDefense about the evolution of cybersecurity threats and how technologies like AI are reshaping the cybersecurity landscape and the work of defenders and Managed Security Service Providers (MSSPs). The post Spotlight Podcast: How AI Is Reshaping The Cyber Threat Landscape...Read the whole entry... »Click the icon below to listen. ]]> 2024-05-02T11:03:00+00:00 https://feeds.feedblitz.com/~/891365939/0/thesecurityledger~Spotlight-Podcast-How-AI-Is-Reshaping-The-Cyber-Threat-Landscape/ www.secnews.physaphae.fr/article.php?IdArticle=8492352 False Threat None 2.0000000000000000 The State of Security - Magazine Américain With cybersecurity, the digital battlegrounds stretch across the vast expanse of the internet. On the one side, we have increasingly sophisticated and cunning adversaries. On the other, skilled cybersecurity practitioners who are desperate to protect their companies\' assets at all costs. One fundamental truth rings clear: it\'s an ongoing and relentless battle of wits. Much like modern-day mercenaries, bad actors are armed with an arsenal of sophisticated tools and threats , continually looking for any chinks in the security armor to exploit. Their objectives range from financial gain and fraud...]]> 2024-05-02T03:20:36+00:00 https://www.tripwire.com/state-of-security/cybersecurity-battle-wits www.secnews.physaphae.fr/article.php?IdArticle=8492267 False Threat,Tool None 2.0000000000000000 Techworm - News avertir dans un article de blog . «La seiche est en attente, reniflant passivement les paquets, n'agissant que lorsqu'il est déclenché par un ensemble de règles prédéfini.Le renifleur de paquets utilisé par la seiche a été conçu pour acquérir du matériel d'authentification, en mettant l'accent sur les services publics basés sur le cloud. » ]]> 2024-05-01T23:25:26+00:00 https://www.techworm.net/2024/05/malware-target-router-steal-password.html www.secnews.physaphae.fr/article.php?IdArticle=8491968 False Threat,Malware,Cloud,Technical APT 32 4.0000000000000000 Palo Alto Network - Site Constructeur Michael Sikorski, who leads Threat Intelligence and Engineering, shares predictions on AI\'s near and long-term implications for cyberattacks and defense. ]]> 2024-05-01T21:59:02+00:00 https://www.paloaltonetworks.com/blog/2024/05/ais-offensive-defensive-impacts/ www.secnews.physaphae.fr/article.php?IdArticle=8492047 False Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-05-01T20:56:45+00:00 https://community.riskiq.com/article/e27d7355 www.secnews.physaphae.fr/article.php?IdArticle=8492041 False Threat,Ransomware,Malware,Tool None 2.0000000000000000 Techworm - News 2024-05-01T20:17:03+00:00 https://www.techworm.net/2024/05/google-bounty-rce-bugs-android-apps.html www.secnews.physaphae.fr/article.php?IdArticle=8491889 False Threat,Malware,Cloud,Mobile,Vulnerability None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-05-01T19:46:49+00:00 https://community.riskiq.com/article/ddb0878a www.secnews.physaphae.fr/article.php?IdArticle=8492016 False Threat,Studies,Tool,Technical,Mobile,Vulnerability None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-05-01T19:01:06+00:00 https://community.riskiq.com/article/9a596ba8 www.secnews.physaphae.fr/article.php?IdArticle=8492017 False Threat,Malware,Tool,Commercial,Medical None 3.0000000000000000 knowbe4 - cybersecurity services ]]> 2024-05-01T17:57:24+00:00 https://blog.knowbe4.com/north-korean-threat-actors-target-software-developers www.secnews.physaphae.fr/article.php?IdArticle=8491940 False Threat None 2.0000000000000000 HackRead - Chercher Cyber Par deeba ahmed découvre le "Mouddling Meerkat", un acteur de menace lié à la Chine manipulant le DNS.InfoBlox Research révèle un groupe sophistiqué avec une expertise DNS profonde et des liens potentiels avec le grand pare-feu.Apprenez leurs tactiques et comment rester protégés. Ceci est un article de HackRead.com Lire le post original: Groupe de meerkat embrouillé soupçonné d'espionnage via un grand pare-feu de Chine

---

>By Deeba Ahmed Uncover the "Muddling Meerkat," a China-linked threat actor manipulating the DNS. Infoblox research reveals a sophisticated group with deep DNS expertise and potential ties to the Great Firewall. Learn their tactics and how to stay protected. This is a post from HackRead.com Read the original post: Muddling Meerkat Group Suspected of Espionage via Great Firewall of China]]> 2024-05-01T17:16:01+00:00 https://www.hackread.com/muddling-meerkat-espionage-great-firewall-china/ www.secnews.physaphae.fr/article.php?IdArticle=8491967 False Threat None 3.0000000000000000 Global Security Mag - Site de news francais revues de produits

---

The creators of NordVPN launches NordStellar, a new threat exposure management platform for businesses ● NordStellar allows companies to cut down on data leak detection times and minimize risk to an organization ● For several years, the platform was used and tested as an internal tool, now made available to the public ● It\'s the third B2B solution by Nord Security, including a password manager for businesses - NordPass, and a network access security solution - NordLayer ● This year, the company also launched Saily - an eSIM service - Product Reviews]]> 2024-05-01T17:11:23+00:00 https://www.globalsecuritymag.fr/nord-security-introduces-nordstellar.html www.secnews.physaphae.fr/article.php?IdArticle=8491964 False Threat,Tool None 2.0000000000000000 Mandiant - Blog Sécu de Mandiant   APT42, an Iranian state-sponsored cyber espionage actor, is using enhanced social engineering schemes to gain access to victim networks, including cloud environments. The actor is targeting Western and Middle Eastern NGOs, media organizations, academia, legal services and activists. Mandiant assesses APT42 operates on behalf of the Islamic Revolutionary Guard Corps Intelligence Organization (IRGC-IO). APT42 was observed posing as journalists and event organizers to build trust with their victims through ongoing correspondence, and to deliver invitations to conferences or legitimate documents. These social engineering schemes enabled APT42 to harvest credentials and use them to gain initial access to cloud environments. Subsequently, the threat actor covertly exfiltrated data of strategic interest to Iran, while relying on built-in features and open-source tools to avoid detection. In addition to cloud operations, we also outline recent malware-based APT42 operations using two custom backdoors: NICECURL and TAMECAT. These backdoors are delivered via spear phishing, providing the attackers with initial access that might be used as a command execution interface or as a jumping point to deploy additional malware. APT42 targeting and missions are consistent with its assessed affiliation with the IRGC-IO, which is a part of the Iranian intelligence apparatus that is responsible for monitoring and preventing foreign threats to the Islamic Republic and domestic unrest. APT42 activities overlap with the publicly reported actors CALANQUE (Google Threat Analysis Group), Charming Kitten (ClearSky and CERTFA), Mint Sandstorm/Phosphorus (Microsoft), TA453 (Proofpoint), Yellow Garuda (PwC), and ITG18 (]]> 2024-05-01T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/untangling-iran-apt42-operations/ www.secnews.physaphae.fr/article.php?IdArticle=8500390 False Threat,Malware,Cloud,Tool APT 35,APT 42,Yahoo 2.0000000000000000 Checkpoint - Fabricant Materiel Securite Si vous souhaitez protéger vos travailleurs distants, l'un des meilleurs endroits pour démarrer est le navigateur Web.C'est le portail principal vers notre journée de travail pour accéder à tout, des fichiers aux applications SaaS ou simplement à parcourir le Web.C'est pourquoi nous avons récemment ajouté une protection significative de navigateur à l'accès à l'harmonie sur Internet.Que vous cherchiez à empêcher les attaques de phishing, la réutilisation des mots de passe d'entreprise ou des fuites numériques, nous vous sommes couverts.Soutenu par ThreatCloud AI, la technologie de prévention des menaces de Check Point \\, la sécurité du navigateur d'accès Internet, la sécurité des navigateurs améliore la sécurité de votre main-d'œuvre à distance et à bureau.Fonctionnalités principales de sécurité du navigateur Prise en charge de la sécurité du navigateur [& # 8230;]

---

>If you want to protect your remote workers one of the best places to start is the web browser. It\'s the primary portal to our workday for accessing everything from files to SaaS applications or just browsing the web. That\'s why we recently added significant browser protection to Harmony SASE Internet Access. Whether you\'re looking to prevent phishing attacks, reuse of corporate passwords, or digital leaks, we\'ve got you covered. Backed by ThreatCloud AI, Check Point\'s industry-leading threat prevention technology, Internet Access Browser Security improves the security of your remote and in-office workforce. Browser Security Main Features Browser Security supports […] ]]> 2024-05-01T13:00:45+00:00 https://blog.checkpoint.com/security/extending-sase-protection-into-the-browser/ www.secnews.physaphae.fr/article.php?IdArticle=8491809 False Threat,Cloud None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC phishing/scams is by end-user education and communication with the IT department. In a recent incident, a fake “Microsoft Security Alert” domain targeted one of our Managed Endpoint Security with SentinelOne customers, causing alarm for the end users and IT staff, but fortunately, the end user did not fall into the trap of calling the fraudulent number. The customer immediately contacted their assigned Threat Hunter for support and guidance, and the Threat Hunter was able to quickly utilize the security measures in place, locate multiple domains, and report them to the Alien Labs threat intelligence team. AT&T Cybersecurity was one of the first cybersecurity companies to alert on the domains and share the information via the Open Threat Exchange (OTX) threat intelligence sharing community, helping other organizations protect against it. Investigation Initial Alarm Review Indicators of Compromise (IOCs) The initial security layers failed to raise alarms for several reasons. First, the firewalls did not block the domain because it was newly registered and therefore not yet on any known block lists. Second, the platform did not create any alarms because the domain’s SSL certificates were properly configured. Finally, the EDR tool did not alert because no downloads were initiated from the website. The first indication of an issue came from an end user who feared a hack and reported it to the internal IT team. Utilizing the information provided by the end user, the Threat Hunter was able to locate the user\'s asset. Sniffing the URL data revealed a deceptive “Microsoft Security Alert” domain and a counterfeit McAfee website. These were detected largely because of improvements recommended during the customer\'s monthly meetings with the Threat Hunter, including a recommendation to activate the SentinelOne Deep Visibility browser extension, which is the tool that was instrumental in capturing URL information with greater accuracy after all the redirects. Figure I – Fake Microsoft Support page Figure 2 – Fake McAfee page Artifact (Indicator of Compromise) IOC Fake McAfee Page bavareafastrak[.]org Website Hosting Scam Pages Galaxytracke[.]com Zip file hash Tizer.zip - 43fb8fb69d5cbb8d8651af075059a8d96735a0d5 Figure 3 – Indicators of compromise Expanded Investigation Events Search With the understanding that the e]]> 2024-05-01T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/stories-from-the-soc-combating-security-alert-scams www.secnews.physaphae.fr/article.php?IdArticle=8491736 False Threat,Hack,Tool None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Targeted Industries - Information Technology ## Snapshot The Securonix Threat Research Team has been monitoring a new ongoing social engineeri]]> 2024-05-01T01:13:37+00:00 https://community.riskiq.com/article/7ef7309c www.secnews.physaphae.fr/article.php?IdArticle=8491579 False Threat None 2.0000000000000000 The Last Watchdog - Blog Sécurité de Byron V Acohido Cybersixgill, Le fournisseur de données mondiales de cyber-menace, casséNouveau terrain aujourd'hui en introduisant son module d'intelligence tiers. LeUn nouveau module fournit une cybersécurité et des menaces spécifiques aux fournisseurs pour les organisations \\ 'Teams de sécurité, permettant & # 8230;(Plus…)

---

Tel Aviv, Israel – April 30, 2024 – Cybersixgill, the global cyber threat intelligence data provider, broke new ground today by introducing its Third-Party Intelligence module. The new module delivers vendor-specific cybersecurity and threat intelligence to organizations\' security teams, enabling … (more…) ]]> 2024-04-30T19:22:43+00:00 https://www.lastwatchdog.com/news-alert-cybersixgill-unveils-third-party-intelligence-to-deliver-vendor-specific-threat-intel/ www.secnews.physaphae.fr/article.php?IdArticle=8491442 False Threat None 2.0000000000000000 CrowdStrike - CTI Society As adversaries become faster and stealthier, they relentlessly search for vulnerable assets to exploit. Meanwhile, your digital footprint is expanding, making it increasingly challenging to keep track of all of your assets. It\'s no wonder 76% of breaches in 2023 were due to unknown and unmanaged internet-facing assets. Against this backdrop, it’s more critical than […]]]> 2024-04-30T16:17:33+00:00 https://www.crowdstrike.com/blog/crowdstrike-named-only-customers-choice-for-easm-2024/ www.secnews.physaphae.fr/article.php?IdArticle=8493045 False Threat None 2.0000000000000000 Mandiant - Blog Sécu de Mandiant Multi-faceted extortion via ransomware and/or data theft is a popular end goal for attackers, representing a global threat targeting organizations in all industries. The impact of a successful ransomware event can be material to an organization, including the loss of access to data, systems, and prolonged operational outages. The potential downtime, coupled with unforeseen expenses for restoration, recovery, and implementation of new security processes and controls can be overwhelming.Since the initial launch of our report in 2019, data theft and ransomware deployment tactics have continued to evolve and escalate. This evolution marks a shift from manual or script-based ransomware deployment to sophisticated, large-scale operations, including: Weaponizing Trusted Service Infrastructure (TSI): Adversaries are increasingly abusing legitimate infrastructure and security tools (TSI) to rapidly propagate malware or ransomware across entire networks. Targeting Virtualization Platforms: Attackers are actively focusing on the virtualization layer, aiming to mass-encrypt virtual machines (VMs) and other critical systems at scale. Targeting Backup Data / Platforms: Threat actors are exploiting misconfigurations or security gaps in backup systems to either erase or corrupt data backups, severely hindering recovery efforts. Based upon these newer techniques, it is critical that organizations identify the span of the attack surface, and align proper security controls and visibility that includes coverage for protecting: Identities Endpoints Network Architectures Remote Access Platforms Trusted Service Infrastructure (TSI) Cascading weaknesses across these layers create opportunities for attackers to breach an organization\'s perimeter, gain initial access, and maintain a persistent foothold within the compromised network. In our updated report, ]]> 2024-04-30T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/ransomware-protection-and-containment-strategies/ www.secnews.physaphae.fr/article.php?IdArticle=8500391 False Threat,Ransomware,Malware,Tool None 3.0000000000000000 Global Security Mag - Site de news francais Produits]]> 2024-04-30T13:23:45+00:00 https://www.globalsecuritymag.fr/blackberry-presente-cylance-assistant-le-niveau-superieur-de-cybersecurite-avec.html www.secnews.physaphae.fr/article.php?IdArticle=8491299 False Threat None 3.0000000000000000 GoogleSec - Firm Security Blog dbsc Cela aidera à perturber l'industrie du vol de cookies car l'exfiltration de ces cookies n'aura plus de valeur. Lorsqu'il n'est pas possible d'éviter le vol d'identification et de cookies par malware, la prochaine meilleure chose est de rendre l'attaque plus observable par antivirus, d'agents de détection de terminaux ou d'administrateurs d'entreprise avec des outils d'analyse de journaux de base. Ce blog décrit un ensemble de signaux à utiliser par les administrateurs système ou les agents de détection de point de terminaison qui devraient signaler de manière fiable tout accès aux données protégées du navigateur d'une autre application sur le système.En augmentant la probabilité d'une attaque détectée, cela modifie le calcul pour les attaquants qui pourraient avoir un fort désir de rester furtif et pourraient les amener à repenser ces types d'attaques contre nos utilisateurs. arrière-plan Les navigateurs basés sur le chrome sur Windows utilisent le DPAPI (API de protection des données) pour sécuriser les secrets locaux tels que les cookies, le mot de passe, etc.La protection DPAPI est basée sur une clé dérivée des informations d'identification de connexion de l'utilisateur et est conçue pour se protéger contre l'accès non autorisé aux secrets des autres utilisateurs du système ou lorsque le système est éteint.Étant donné que le secret DPAPI est lié à l'utilisateur connecté, il ne peut pas protéger contre les attaques de logiciels malveillants locaux - l'exécution de logiciels malveillants en tant qu'utilisateur ou à un niveau de privilège plus élevé peut simplement appeler les mêmes API que le navigateur pour obtenir le secret DPAPI. Depuis 2013, Chromium applique l'indicateur CryptProtect_Audit aux appels DPAPI pour demander qu'un journal d'audit soit généré lorsque le décryptage se produit, ainsi que le marquage des données en tant que détenue par le navigateur.Parce que tout le stockage de données crypté de Chromium \\ est soutenu par une clé sécurisée DPAPI, toute application qui souhaite décrypter ces données, y compris les logiciels malveillants, devrait toujours générer de manière fiable un journal d'événements clairement observable, qui peut être utilisé pour détecter ces typesd'attaques. Il y a trois étapes principales impliquées dans le profit de ce journal: Activer la connexion sur l'ordinateur exécutant Google Chrome, ou tout autre navigateur basé sur le chrome. Exporter les journaux des événements vers votre système backend. Créer une logique de détection pour détecter le vol. Ce blog montrera également comment la journalisation fonctionne dans la pratique en la testant contre un voleur de mot de passe Python. Étape 1: Activer la connexion sur le système Les événements DPAPI sont connectés à deux endroits du système.Premièrement, il y a le 4693 Événement qui peut être connecté au journal de sécurité.Cet événement peut être activé en activant "Audit l'activité DPAPI" et les étapes pour ce faire sont d]]> 2024-04-30T12:14:48+00:00 http://security.googleblog.com/2024/04/detecting-browser-data-theft-using.html www.secnews.physaphae.fr/article.php?IdArticle=8493535 False Threat,Malware,Tool None 2.0000000000000000 Global Security Mag - Site de news francais revues de produits

---

Identity Runtime Protection (IRP), the first offering in the Semperis Lightning™ platform, merges deep machine learning with unmatched identity security expertise to detect and stop the most successful attack techniques Semperis announce the release of Lightning Identity Runtime Protection (IRP), a new identity threat detection and response (ITDR) offering that uses machine learning models developed by identity security experts to detect widespread and successful attack patterns such as (...) - Product Reviews]]> 2024-04-30T12:05:17+00:00 https://www.globalsecuritymag.fr/semperis-extends-ml-based-attack-detection-with-specialised-identity-risk-focus.html www.secnews.physaphae.fr/article.php?IdArticle=8491265 False Threat None 3.0000000000000000 Korben - Bloger francais 2024-04-30T10:03:21+00:00 https://korben.info/wikipedia-ru-clonee-et-censuree-par-la-russie-original-bannie.html www.secnews.physaphae.fr/article.php?IdArticle=8491219 False Threat None 4.0000000000000000 CrowdStrike - CTI Society The industry\'s first identity detection and response (ITDR) analyst report names CrowdStrike an Overall Leader and a “cyber industry force.” In KuppingerCole Leadership Compass, Identity Threat Detection and Response (ITDR) 2024: IAM Meets the SOC, CrowdStrike was named a Leader in every category - Product, Innovation, Market and Overall Ranking - and positioned the highest […]]]> 2024-04-30T09:10:30+00:00 https://www.crowdstrike.com/blog/overall-leader-itdr-comparative-report/ www.secnews.physaphae.fr/article.php?IdArticle=8493046 False Threat,Commercial None 3.0000000000000000 Kaspersky - Kaspersky Research blog The report covers the tactics, techniques and tools most commonly deployed by threat actors, the nature of incidents detected and their distribution among MDR customers.]]> 2024-04-30T09:00:40+00:00 https://securelist.com/kaspersky-mdr-report-2023/112411/ www.secnews.physaphae.fr/article.php?IdArticle=8491133 False Threat,Tool None 2.0000000000000000 Global Security Mag - Site de news francais revues de produits

---

AI security analyst radically transforms threat investigations and response with simple, one-click hunting, suggested queries, and auto-generated reports, empowering security teams to deliver new levels of defense, savings, and efficiencies A year ago, SentinelOne introduced the first generative AI-powered platform for cybersecurity. Now the company is again breaking new ground with the general availability of Purple AI, a transformative AI security analyst designed to unlock the full (...) - Product Reviews]]> 2024-04-30T08:46:45+00:00 https://www.globalsecuritymag.fr/sentinelone-revolutionizes-cybersecurity-with-purple-ai.html www.secnews.physaphae.fr/article.php?IdArticle=8491154 False Threat None 2.0000000000000000 Global Security Mag - Site de news francais Points de Vue]]> 2024-04-30T08:36:49+00:00 https://www.globalsecuritymag.fr/petites-entreprises-grands-risques-la-protection-des-mots-de-passe-doit-etre.html www.secnews.physaphae.fr/article.php?IdArticle=8491156 False Threat None 2.0000000000000000 LogPoint - Blog Secu En bref :Le chargement latéral de DLL (Dynamic Link Library) est une technique permettant d'exécuter des charges virales malveillantes dans une DLL masquée en exploitant le processus d'exécution d'une application légitime.Des groupes de malware, tels que les groupes APT chinois et les malwares Darkgate, exploitent sur le terrain une vulnérabilité de chargement latéral de DLL Zero-Day [...] ]]> 2024-04-30T08:33:11+00:00 https://www.logpoint.com/fr/blog/decouvrez-le-cote-obscur-des-dll-dynamic-link-library/ www.secnews.physaphae.fr/article.php?IdArticle=8492987 False Threat,Malware,Vulnerability None 3.0000000000000000 Global Security Mag - Site de news francais revues de produits

---

Newly added data source and expanded intelligence empowers users with timely insight into key cybersecurity incident filings. Security and threat intelligence technology company, Silobreaker today announced the addition of automatic collection, AI-enhanced analysis, and alerting on 8-K cybersecurity incident filings made to the US Securities and Exchange Commission (SEC). This enhancement to the Silobreaker platform empowers organisations to stay informed about critical cybersecurity (...) - Product Reviews]]> 2024-04-30T07:28:52+00:00 https://www.globalsecuritymag.fr/silobreaker-enhances-offerings-with-ai-enhanced-collection-and-alerting-for-sec.html www.secnews.physaphae.fr/article.php?IdArticle=8491121 False Threat None 2.0000000000000000 The State of Security - Magazine Américain Supply chain attacks are a serious and growing threat to businesses across all industries. However, these attacks pose an even greater risk for manufacturers in critical infrastructure sectors. One pernicious form of supply chain attack is spoofing, where attackers impersonate legitimate suppliers to sneak malicious code or components into products. Research shows that 2023 had the highest number (2769 in the US alone) of entities affected by supply chain spoofing. This figure is nearly twice as high as the number recorded in 2017. Organizations in different industries must urgently implement...]]> 2024-04-30T03:02:43+00:00 https://www.tripwire.com/state-of-security/defending-against-supply-chain-spoofing-critical-manufacturing www.secnews.physaphae.fr/article.php?IdArticle=8491101 False Threat None 2.0000000000000000 Techworm - News Rapport Partagé avec les nouvelles du pirate . De plus, la vulnérabilité peut être exploitée par le chargement des fichiers RDS (R Data Serialization) ou des packages R, qui sont souvent partagés entre les développeurs et les scientifiques des données. Selon les chercheurs, un attaquant peut créer des fichiers RDS malveillants ou des packages R contenant du code R arbitraire intégré qui s'exécute sur le dispositif cible de la victime sur l'interaction.En d'autres termes, la vulnérabilité permet à un attaquant d'élaborer un fichier RDS (R Data Serialization) malveillant qui effectue du code arbitraire lorsqu'il est chargé et référencé. Plusieurs fonctions au sein de R peuvent être utilisées pour sérialiser et désérialiser les données, qui diffèrent les unes des autres dans une certaine mesure mais tirent finalement le même code interne. par exemple, le processus de sérialisation & # 8211;serialize () ou saverds () & # 8211;et désérialisation & # 8211;Unserialize () et readrds () & # 8211;est également exploité lors de l'enregistrement et du chargement des packages R, laissant ainsi les utilisateurs exposés aux attaques de la chaîne d'approvisionnement. & nbsp; Les packages & # 8220; R sont vulnérables à cet exploit et peuvent donc être utilisés dans le cadre d'une attaque de chaîne d'approvisionnement via des référentiels de package.Pour qu'un attaquant reprenne un package R, il ne suffit pas de remplacer le fichier rdx La société a déclaré. Compte tenu de l'utilisation généralisée de R, HiddenLayer a révélé la vulnérabilité de sécurité à l'équipe de R, après quoi le problème a été résolu dans version 4.4.0 publié le 24 avril 2024. & # 8220; Un attaquant peut exploiter ce [défaut] en fabriquant un fichier au format RDS qui contient une instruction de promesse définissant la valeur sur unbound_value et l'expression de contenir du code arbitraire.En raison de l'évaluation paresseuse, l'expression ne sera évaluée et exécutée que lorsque le symbole associé au fichier RDS sera accessible, & # 8221;HiddenLayer ajouté. & # 8220; Par co]]> 2024-04-29T22:16:27+00:00 https://www.techworm.net/2024/04/vulnerability-r-programming-supply-chain-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=8490776 False Threat,Vulnerability,Medical None 2.0000000000000000 Techworm - News said in an analysis published on Thursday. According to ThreatFabric, Brokewell poses a significant threat to the banking industry, providing attackers with remote access to all assets available through mobile banking. The malware was discovered by the researchers while investigating a fake Google Chrome web browser “update” page, commonly used by cybercriminals to lure victims into downloading and installing malware. Looking at prior campaigns, the researchers found that Brokewell was used to target a popular “buy now, pay later” financial service and an Austrian digital authentication application. The malware is said to be in active development, with new commands added almost daily to capture every event on the device, from keystrokes and information displayed on screen to text entries and apps launched by the victim. Once downloaded, Brokewell creates an overlay screen on a targeted application to capture user credentials. It can also steal browser cookies by launching its own WebView, overriding the onPageFinished method, and dumping the session cookies after the user completes the login process. “Brokewell is equipped with “accessibility logging,” capturing every event happening on the device: touches, swipes, information displayed, text input, and applications opened. All actions are logged and sent to the command-and-control server, effectively stealing any confidential data displayed or entered on the compromised device,” the ThreatFabric researchers point out. “It\'s important to highlight that, in this case, any application is at risk of data compromise: Brokewell logs every event, posing a threat to all applications installed on the device. This piece of malware also supports a variety of “spyware” functionalities: it can collect information about the device, call history, geolocation, and record audio.” After stealing the credentials, the attackers can initiate a Device Takeover attack using remote control capabilities to perform screen streaming. It also provides the threat actor with a range of various commands that can be executed on the controlled device, such as touches, swipes, and clicks on specified elements. ThreatFabric discovered that one of the servers used as a command and control (C2) point for Brokewell was also used to host a repository called “Brokewell Cyber Labs,” created by a threat actor called “Baron Samedit.” This repository comprised the source code for the “Brokewell Android Loader,” another tool from the same developer designed to bypass restrictions Google introduced in Android 13 and later to prevent exploitation of Accessibility Service for side-loaded apps (APKs). According to ThreatFabric, Baron Samedit has been active for at least two years, providing tools to other cybercriminals to check stolen accounts from multiple services, which could still be improved to support a malware-as-a-service operation. “We anticipate further evolution of this malware family, as we’ve already observed almost daily updates to the malware. Brokewell will likely be promoted on underground channels as a rental service, attracting the interest of other cybercriminals and sparking new campaigns targeting different regions,” the researchers conclude. Hence, the only way to effectively identify and prevent potential fraud from malware families like the newly discovered Brokewell is to use a comprehensive]]> 2024-04-29T22:01:20+00:00 https://www.techworm.net/2024/04/android-malware-hack-bank-account-chrome-update.html www.secnews.physaphae.fr/article.php?IdArticle=8490777 False Threat,Malware,Tool,Mobile None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot The DFIR report provides a detailed account of a sophisticated intrusion that began with a phishing campaign using PrometheusTDS to distribute IcedID malware in August 2023. ## Description The IcedID malware established persistence, communicated with C2 servers, and dropped a Cobalt Strike beacon, which was used for lateral movement, data exfiltration, and ransomware deployment. The threat actor also utilized a suite of tools such as Rclone, Netscan, Nbtscan, AnyDesk, Seatbelt, Sharefinder, and AdFind. The intrusion culminated in the deployment of Dagon Locker ransomware after 29 days. The threat actors employed various techniques to obfuscate the JavaScript file and the Cobalt Strike shellcode, evade detection, maintain persistence, and perform network enumeration activities. The threat actor\'s activities included the abuse of lateral movement functionalities such as PsExec and Remote Desktop Protocol (RDP), exfiltration of files, dumping and exfiltration of Windows Security event logs, and the use of PowerShell commands executed from the Cobalt Strike beacon. Additionally, the threat actor employed multiple exfiltration techniques, including the use of Rclone and AWS CLI to exfiltrate data from the compromised infrastructure. The deployment of the Dagon Locker ransomware was facilitated through the use of a custom PowerShell script, AWScollector, and a locker module, with a specific PowerShell command run from a domain controller to deploy the ransomware to different systems. The impact of this incident resulted in all systems being affected by the Dagon Locker ransomware. ## References [https://thedfirreport.com/2024/04/29/from-icedid-to-dagon-locker-ransomware-in-29-days/](https://thedfirreport.com/2024/04/29/from-icedid-to-dagon-locker-ransomware-in-29-days/)]]> 2024-04-29T20:07:15+00:00 https://community.riskiq.com/article/55e96eb8 www.secnews.physaphae.fr/article.php?IdArticle=8490876 False Threat,Ransomware,Malware,Tool,Technical None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A previously undocumented cyber threat dubbed Muddling Meerkat has been observed undertaking sophisticated domain name system (DNS) activities in a likely effort to evade security measures and conduct reconnaissance of networks across the world since October 2019. Cloud security firm Infoblox described the threat actor as likely affiliated with the]]> 2024-04-29T19:16:00+00:00 https://thehackernews.com/2024/04/china-linked-muddling-meerkat-hijacks.html www.secnews.physaphae.fr/article.php?IdArticle=8490672 False Threat None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) It comes as no surprise that today\'s cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many]]> 2024-04-29T16:24:00+00:00 https://thehackernews.com/2024/04/navigating-threat-landscape.html www.secnews.physaphae.fr/article.php?IdArticle=8490619 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A security vulnerability has been discovered in the R programming language that could be exploited by a threat actor to create a malicious RDS (R Data Serialization) file such that it results in code execution when loaded and referenced. The flaw, assigned the CVE identifier CVE-2024-27322, "involves the use of promise objects and lazy evaluation in R," AI application security]]> 2024-04-29T16:20:00+00:00 https://thehackernews.com/2024/04/new-r-programming-vulnerability-exposes.html www.secnews.physaphae.fr/article.php?IdArticle=8490673 False Threat,Vulnerability None 2.0000000000000000 Global Security Mag - Site de news francais produits

---

Powerful, New Extension Curates and Enhances Cybersixgill\'s Comprehensive Threat Intelligence with Vendor-Specific Security Posture Data, Enabling Security Operations to Preempt Threats Originating from Third-Party Suppliers Cybersixgill, the global cyber threat intelligence data provider, broke new ground today by introducing its Third-Party Intelligence module. The new module delivers vendor-specific cybersecurity and threat intelligence to organizations\' security teams, enabling them to (...) - Produits]]> 2024-04-29T16:14:30+00:00 https://www.globalsecuritymag.fr/cybersixgill-unveils-third-party-intelligence-exposing-threats-to-organizations.html www.secnews.physaphae.fr/article.php?IdArticle=8490773 False Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-04-29T16:05:58+00:00 https://community.riskiq.com/article/aa388c3b www.secnews.physaphae.fr/article.php?IdArticle=8490778 False Threat,Ransomware,Malware,Tool,Mobile,Industrial,Vulnerability None 3.0000000000000000 Fortinet - Fabricant Materiel Securite We\'re pleased to announce several enhancements to FortiXDR, including support for iOS and Android mobile devices and threat hunting for containers. Read more.]]> 2024-04-29T15:00:00+00:00 https://www.fortinet.com/blog/business-and-technology/fortixdr-capabilities-offer-expanded-coverage-from-pocket-to-cloud www.secnews.physaphae.fr/article.php?IdArticle=8490725 False Threat,Mobile None 2.0000000000000000 Mandiant - Blog Sécu de Mandiant Gemini 1.5 Pro to the test to see how it performed at analyzing malware. By providing code and using a simple prompt, we asked Gemini 1.5 Pro to determine if the file was malicious, and also to provide a list of activities and indicators of compromise. We did this for multiple malware files, testing with both decompiled and disassembled code, and Gemini 1.5 Pro was notably accurate each time, generating summary reports in human-readable language. Gemini 1.5 Pro was even able to make an accurate determination of code that - at the time - was receiving zero detections on VirusTotal.  In our testing with other similar gen AI tools, we were required to divide the code into chunks, which led to vague and non-specific outcomes, and affected the overall analysis. Gemini 1.5 Pro, however, processed the entire code in a single pass, and often in about 30 to 40 seconds. Introduction The explosive growth of malware continues to challenge traditional, manual analysis methods, underscoring the urgent need for improved automation and innovative approaches. Generative AI models have become invaluable in some aspects of malware analysis, yet their effectiveness in handling large and complex malware samples has been limited. The introduction of Gemini 1.5 Pro, capable of processing up to 1 million tokens, marks a significant breakthrough. This advancement not only empowers AI to function as a powerful assistant in automating the malware analysis workflow but also significantly scales up the automation of code analysis. By substantially increasing the processing capacity, Gemini 1.5 Pro paves the way for a more adaptive and robust approach to cybersecurity, helping analysts manage the asymmetric volume of threats more effectively and efficiently. Traditional Techniques for Automated Malware Analysis The foundation of automated malware analysis is built on a combination of static and dynamic analysis techniques, both of which play crucial roles in dissecting and understanding malware behavior. Static analysis involves examining the malware without executing it, providing insights into its code structure and unobfuscated logic. Dynamic analysis, on the other hand, involves observing the execution of the malware in a controlled environment to monitor its behavior, regardless of obfuscation. Together, these techniques are leveraged to gain a comprehensive understanding of malware. Parallel to these techniques, AI and machine learning (ML) have increasingly been employed to classify and cluster malware based on behavioral patterns, signatures, and anomalies. These methodologies have ranged from supervised learning, where models are trained on labeled datasets, to unsupervised learning for clustering, which identifies patterns without predefined labels to group similar malware.]]> 2024-04-29T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/gemini-for-malware-analysis/ www.secnews.physaphae.fr/article.php?IdArticle=8500392 False Threat,Malware,Hack,Cloud,Studies,Tool,Conference,Prediction,Vulnerability Wannacry 3.0000000000000000 GoogleSec - Firm Security Blog 1 in part thanks to our investment in new and improved security features, policy updates, and advanced machine learning and app review processes. We have also strengthened our developer onboarding and review processes, requiring more identity information when developers first establish their Play accounts. Together with investments in our review tooling and processes, we identified bad actors and fraud rings more effectively and banned 333K bad accounts from Play for violations like confirmed malware and repeated severe policy violations. Additionally, almost 200K app submissions were rejected or remediated to ensure proper use of sensitive permissions such as background location or SMS access. To help safeguard user privacy at scale, we partnered with SDK providers to limit sensitive data access and sharing, enhancing the privacy posture for over 31 SDKs impacting 790K+ apps. We also significantly expanded the Google Play SDK Index, which now covers the SDKs used in almost 6 million apps across the Android ecosystem. This valuable resource helps developers make better SDK choices, boosts app quality and minimizes integration risks. Protecting the Android Ecosystem Building on our success with the App Defense Alliance (ADA), we partnered with Microsoft and Meta as steering committee members in the newly restructured ADA under the Joint Development Foundation, part of the Linux Foundation family. The Alliance will support industry-wide adoption of app security best practices and guidelines, as well as countermeasures against emerging security risks. Additionally, we announced new Play Store transparency labeling to highlight VPN apps that have completed an independent security review through App Defense Alliance\'s Mobile App Security Assessment (MASA). When a user searches for VPN apps, they will now see a banner at the top of Google Play that educates them about the “Independent security review” badge in the Data safety section. This helps users see at-a-glance that a developer has prioritized security and privacy best practices and is committed to user safety. ]]> 2024-04-29T11:59:47+00:00 http://security.googleblog.com/2024/04/how-we-fought-bad-apps-and-bad-actors-in-2023.html www.secnews.physaphae.fr/article.php?IdArticle=8493536 False Threat,Malware,Tool,Mobile None 3.0000000000000000