This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-12T11:37:59+00:00 www.secnews.physaphae.fr ProofPoint - Cyber Firms 2024-08-30T12:42:42+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/proofpoint-security-exceeds-abnormal-customer-story www.secnews.physaphae.fr/article.php?IdArticle=8566849 False Ransomware,Spam,Malware,Tool,Threat Heritage 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors with ties to North Korea have been observed publishing a set of malicious packages to the npm registry, indicating "coordinated and relentless" efforts to target developers with malware and steal cryptocurrency assets. The latest wave, which was observed between August 12 and 27, 2024, involved packages named temp-etherscan-api, ethersscan-api, telegram-con, helmet-validate, and]]> 2024-08-30T11:55:00+00:00 https://thehackernews.com/2024/08/north-korean-hackers-target-developers.html www.secnews.physaphae.fr/article.php?IdArticle=8566681 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are actively exploiting a now-patched, critical security flaw impacting the Atlassian Confluence Data Center and Confluence Server to conduct illicit cryptocurrency mining on susceptible instances. "The attacks involve threat actors that employ methods such as the deployment of shell scripts and XMRig miners, targeting of SSH endpoints, killing competing crypto mining processes,]]> 2024-08-30T11:42:00+00:00 https://thehackernews.com/2024/08/atlassian-confluence-vulnerability.html www.secnews.physaphae.fr/article.php?IdArticle=8566684 False Vulnerability,Threat None 3.0000000000000000 InformationSecurityBuzzNews - Site de News Securite Users in the Middle East are being targeted by sophisticated threat actors deploying malware disguised as the Palo Alto GlobalProtect tool, Trend Micro has revealed. The malware employs a two-stage infection process, leveraging advanced command-and-control (C&C) infrastructure to evade detection and maintain persistent access to compromised systems. The infection begins with a malicious setup.exe file, [...]]]> 2024-08-30T10:52:49+00:00 https://informationsecuritybuzz.com/malware-palo-alto-globalprotect/ www.secnews.physaphae.fr/article.php?IdArticle=8566789 False Malware,Tool,Threat,Prediction None 3.0000000000000000 Global Security Mag - Site de news francais Malwares]]> 2024-08-30T08:28:14+00:00 https://www.globalsecuritymag.fr/recherche-proofpoint-le-malware-voldemort-se-fait-passer-pour-les-finances.html www.secnews.physaphae.fr/article.php?IdArticle=8566757 False Malware,Threat None 4.0000000000000000 ProofPoint - Cyber Firms 2024-08-30T07:00:00+00:00 https://www.proofpoint.com/us/blog/corporate-news/proofpoint-named-sc-awards-2024-finalist www.secnews.physaphae.fr/article.php?IdArticle=8566942 False Ransomware,Tool,Vulnerability,Threat,Cloud,Conference ChatGPT 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-08-30T00:42:39+00:00 https://community.riskiq.com/article/1cf21102 www.secnews.physaphae.fr/article.php?IdArticle=8566560 True Ransomware,Malware,Tool,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A non-profit supporting Vietnamese human rights has been the target of a multi-year campaign designed to deliver a variety of malware on compromised hosts. Cybersecurity company Huntress attributed the activity to a threat cluster known as APT32, a Vietnamese-aligned hacking crew that\'s also known as APT-C-00, Canvas Cyclone (formerly Bismuth), Cobalt Kitty, and OceanLotus. The intrusion is]]> 2024-08-29T21:45:00+00:00 https://thehackernews.com/2024/08/vietnamese-human-rights-group-targeted.html www.secnews.physaphae.fr/article.php?IdArticle=8566270 False Malware,Threat APT 32 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have flagged multiple in-the-wild exploit campaigns that leveraged now-patched flaws in Apple Safari and Google Chrome browsers to infect mobile users with information-stealing malware. "These campaigns delivered n-day exploits for which patches were available, but would still be effective against unpatched devices," Google Threat Analysis Group (TAG) researcher Clement]]> 2024-08-29T21:29:00+00:00 https://thehackernews.com/2024/08/russian-hackers-exploit-safari-and.html www.secnews.physaphae.fr/article.php?IdArticle=8566271 False Malware,Threat,Mobile None 3.0000000000000000 The Register - Site journalistique Anglais Google researchers note the similarities, can\'t find a link Google\'s Threat Analysis Group (TAG) has spotted a disturbing similarity in attack tactics used by commercial spyware vendors and Russia-linked attack gangs.…]]> 2024-08-29T20:03:11+00:00 https://go.theregister.com/feed/www.theregister.com/2024/08/29/commercial_spyware_russia_mongolia/ www.secnews.physaphae.fr/article.php?IdArticle=8566391 False Threat,Commercial APT 29 4.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-08-29T19:44:20+00:00 https://community.riskiq.com/article/0ce29639 www.secnews.physaphae.fr/article.php?IdArticle=8567037 False Malware,Tool,Vulnerability,Threat APT 38 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-08-29T18:15:40+00:00 https://community.riskiq.com/article/de978ca1 www.secnews.physaphae.fr/article.php?IdArticle=8566388 False Ransomware,Malware,Tool,Vulnerability,Threat APT 32 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) U.S. cybersecurity and intelligence agencies have called out an Iranian hacking group for breaching multiple organizations across the country and coordinating with affiliates to deliver ransomware. The activity has been linked to a threat actor dubbed Pioneer Kitten, which is also known as Fox Kitten, Lemon Sandstorm (formerly Rubidium), Parisite, and UNC757, which it described as connected to]]> 2024-08-29T17:12:00+00:00 https://thehackernews.com/2024/08/us-agencies-warn-of-iranian-hacking.html www.secnews.physaphae.fr/article.php?IdArticle=8566125 False Ransomware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A years-old high-severity flaw impacting AVTECH IP cameras has been weaponized by malicious actors as a zero-day to rope them into a botnet. CVE-2024-7029 (CVSS score: 8.7), the vulnerability in question, is a "command injection vulnerability found in the brightness function of AVTECH closed-circuit television (CCTV) cameras that allows for remote code execution (RCE)," Akamai researchers Kyle]]> 2024-08-29T16:35:00+00:00 https://thehackernews.com/2024/08/unpatched-avtech-ip-camera-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=8566127 False Vulnerability,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-08-29T16:27:02+00:00 https://community.riskiq.com/article/66639fbd www.secnews.physaphae.fr/article.php?IdArticle=8566331 False Ransomware,Malware,Tool,Threat None 3.0000000000000000 TechRepublic - Security News US There are approximately 163 devices worldwide that are still exposed to attack via the CVE-2024-39717 vulnerability.]]> 2024-08-29T15:17:42+00:00 https://www.techrepublic.com/article/volt-typhoon-exploits-versa-director/ www.secnews.physaphae.fr/article.php?IdArticle=8566269 False Vulnerability,Threat Guam 3.0000000000000000 Bleeping Computer - Magazine Américain Threat actors target Middle Eastern organizations with malware disguised as the legitimate Palo Alto GlobalProtect Tool that can steal data and execute remote PowerShell commands to infiltrate internal networks further. [...]]]> 2024-08-29T14:29:43+00:00 https://www.bleepingcomputer.com/news/security/fake-palo-alto-globalprotect-used-as-lure-to-backdoor-enterprises/ www.secnews.physaphae.fr/article.php?IdArticle=8566361 False Malware,Tool,Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Threat actors are exploiting a vulnerability found in CCTV cameras used in critical infrastructure to spread a Mirai malware variant]]> 2024-08-29T14:00:00+00:00 https://www.infosecurity-magazine.com/news/unpatched-cctv-cameras-exploited/ www.secnews.physaphae.fr/article.php?IdArticle=8566201 False Malware,Vulnerability,Threat None 3.0000000000000000 Mandiant - Blog Sécu de Mandiant Introduction Digital analytics tools are vital components of the vast domain that is modern cyberspace. From system administrators managing traffic load balancers to marketers and advertisers working to deliver relevant content to their brand\'s biggest fan base, tools like link shorteners, location trackers, CAPTCHAs, and digital advertising platforms each play their part in making information universally accessible and useful to all. However, just as these tools can be used for good, they can also be used for malicious purposes. Mandiant and Google Cloud researchers have witnessed threat actors cleverly repurposing digital analytics and advertising tools to evade detection and amplify the effectiveness of their malicious campaigns. This blog post dives deep into the threat actor playbook, revealing how these tools can be weaponized by attackers to add malicious data analytics (“malnalytics”) capabilities to their threat campaigns. We\'ll expose the surprising effectiveness of these tactics and arm defenders with detection and mitigation strategies for their own environments. Get Shor.ty First entering the scene around the year 2000 and steadily gaining in popularity ever since, link shorteners have become a fairly ubiquitous utility for life on the Internet. In addition to the popular link shortening services like bit.ly and rb.gy, large technology companies like Amazon (a.co) and Google (goo.gl) also have (or had, in Google\'s case) their own link shortening structures and schemas. In the legitimate advertising and marketing sense, link shorteners are typically used as a mechanism to track things like click-through rates on advertisements, or to reduce the likelihood that a complicated URL with parameterized arguments will get mangled when being shared. However, link shorteners and link shortening services have also been used by threat actors (MITRE ATT&CK Technique T1608.005) to obscure the URLs of malicious landing pages, and Mandiant has observed threat actors using link shorteners to redirect victims during the initial access phase of an attack chain. Some recent examples include:  A link shortener service used by UNC1189 (also known as “MuddyWater”) in spring of 2022 to funnel users to a phishing lure document hosted on a cloud storage provider. A set of SMS phishing campaigns orchestrated by a financially motivated threat actor between spring of 2021 and late 2022, which leveraged link shorteners to funnel users through a nested web of device, location, and browser checks to a set of forms that ultimately attempt to steal credit card information. A malvertising campaign in spring of 2023 that leveraged a link shortener to track click-through data for Dropbox URLs hosting malware payloads.  ]]> 2024-08-29T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/how-attackers-weaponize-digital-analytics-tools/ www.secnews.physaphae.fr/article.php?IdArticle=8566199 False Malware,Tool,Vulnerability,Threat,Cloud None 3.0000000000000000 Dark Reading - Informationweek Branch Telecom-based attacks such as SMS toll fraud and 2FA hijacking have evolved into a mainstream concern for CISOs.]]> 2024-08-29T14:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/how-telecom-vulnerabilities-can-be-a-threat-to-cybersecurity-posture www.secnews.physaphae.fr/article.php?IdArticle=8566204 False Vulnerability,Threat None 2.0000000000000000 Global Security Mag - Site de news francais nouvelles commerciales

---

Check Point Software to Acquire Cyberint to Transform Security Operations and Expand Managed Threat Intelligence Solutions  Cyberint\'s AI-driven External Risk Management Solution Will Enhance the Check Point Infinity Platform, Delivering Collaborative, Actionable Intelligence Against Advanced Threats - Business News]]> 2024-08-29T13:27:08+00:00 https://www.globalsecuritymag.fr/check-point-software-to-acquire-cyberint.html www.secnews.physaphae.fr/article.php?IdArticle=8566225 False Threat None 1.00000000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Les campagnes d'attaque montrent comment les entreprises technologiques des logiciels espions sont de plus en plus apparentées aux acteurs des menaces de l'État-nation.

---

>The attack campaigns show how spyware tech companies have become more akin to nation-state threat actors. ]]> 2024-08-29T13:00:00+00:00 https://cyberscoop.com/apt29-spyware-google-threat-analysis-group/ www.secnews.physaphae.fr/article.php?IdArticle=8566163 False Threat,Commercial None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial La société de cybersécurité industrielle Dragos a annoncé la dernière version de la plate-forme Dragos, une visibilité du réseau OT (technologie opérationnelle) ...

---

>Industrial cybersecurity firm Dragos announced the latest release of the Dragos Platform, an OT (operational technology) network visibility... ]]> 2024-08-29T12:58:27+00:00 https://industrialcyber.co/threats-attacks/dragos-enhances-ot-cybersecurity-platform-with-advanced-threat-detection-management-capabilities/ www.secnews.physaphae.fr/article.php?IdArticle=8566160 False Threat,Industrial None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial Nozomi Networks, provider of OT (operational technology) and IoT security, announced on Wednesday the general availability of the... ]]> 2024-08-29T12:53:23+00:00 https://industrialcyber.co/news/nozomi-networks-mandiant-collaborate-to-offer-comprehensive-solution-for-ot-it-iot-threat-detection-and-response/ www.secnews.physaphae.fr/article.php?IdArticle=8566161 False Threat,Industrial None 3.0000000000000000 Bleeping Computer - Magazine Américain The Corona Mirai-based malware botnet is spreading through a 5-year-old remote code execution (RCE) zero-day in AVTECH IP cameras, which have been discontinued for years and will not receive a patch. [...]]]> 2024-08-29T11:46:45+00:00 https://www.bleepingcomputer.com/news/security/malware-exploits-5-year-old-zero-day-to-infect-end-of-life-ip-cameras/ www.secnews.physaphae.fr/article.php?IdArticle=8566272 False Malware,Vulnerability,Threat None 4.0000000000000000 SecureMac - Security focused on MAC également connu sous le nom de heur: trojan-psw.osx.beavertail.a Type: Menace hybride Plateforme: Mac OS 9 Dernière mise à jour: 07/31/24 15:52 PM Niveau de menace: High Description Nukesped est une menace hybride qui est attribuée au groupe nord-coréen Lazare, est un outil de cyber-espionnage avancé conçu pour voler des données sensibles et perturber les opérations. . Retrait des menaces nuclées MacScan peut détecter et éliminer la menace hybride nucléaire de votre système, ainsi que de protéger d'autres menaces de sécurité et de confidentialité.Un essai de 30 jours est disponible pour scanner votre système pour cette menace. télécharger macscan

---

>also known as HEUR:Trojan-PSW.OSX.BeaverTail.a Type: Hybrid Threat Platform: Mac OS 9 Last updated: 07/31/24 3:52 pm Threat Level: High Description Nukesped is a hybrid threat that is attributed to the North Korean Lazarus Group, is an advanced cyber espionage tool designed to steal sensitive data and disrupt operations. Nukesped Threat Removal MacScan can detect and remove Nukesped Hybrid Threat from your system, as well as provide protection against other security and privacy threats. A 30-day trial is available to scan your system for this threat. Download MacScan ]]> 2024-08-29T10:04:45+00:00 https://www.securemac.com/definitions/Nukesped www.secnews.physaphae.fr/article.php?IdArticle=8566302 False Tool,Threat APT 38 3.0000000000000000 SentinelOne (Research) - Cyber Firms We teamed up with VirusTotal to take a deep dive into the platform\'s extensive query capabilities through both the web and API interfaces.]]> 2024-08-29T09:57:15+00:00 https://www.sentinelone.com/labs/exploring-the-virustotal-dataset-an-analysts-guide-to-effective-threat-research/ www.secnews.physaphae.fr/article.php?IdArticle=8566057 False Threat None 2.0000000000000000 The State of Security - Magazine Américain Who doesn\'t fancy earning US $2.5 million? That\'s the reward that\'s on offer from the US Department and State and Secret Service for information leading to the arrest and/or conviction of a Belarusian man who allegedly was a key figure behind the development and distribution of the notorious Angler Exploit Kit. 38-year-old Vladimir Kadariya is charged with a range of cybercrime offences which saw millions of internet users defrauded through malvertising and other means since at least October 2013. The malvertising campaigns were designed to appear legitimate but often redirected victim...]]> 2024-08-29T09:49:26+00:00 https://www.tripwire.com/state-of-security/25-million-reward-offered-cyber-criminal-linked-notorious-angler-exploit-kit www.secnews.physaphae.fr/article.php?IdArticle=8566235 False Threat None 3.0000000000000000 BlackBerry - Fabricant Matériel et Logiciels In our new white paper, "Deepfakes Unmasked: The Technology and Techniques Behind This Growing Threat," we explore the intricate world of deepfakes-synthetic digital media generated by advanced AI technologies-and the multifaceted challenges they present to society.]]> 2024-08-29T08:01:00+00:00 https://blogs.blackberry.com/en/2024/08/deepfakes-and-digital-deception www.secnews.physaphae.fr/article.php?IdArticle=8566090 False Threat None 3.0000000000000000 ProofPoint - Cyber Firms 2024-08-29T05:00:36+00:00 https://www.proofpoint.com/us/blog/threat-insight/malware-must-not-be-named-suspected-espionage-campaign-delivers-voldemort www.secnews.physaphae.fr/article.php?IdArticle=8566420 False Malware,Tool,Threat,Technical None 2.0000000000000000 TrendMicro - Security Firm Blog Threat actors are targeting users in the Middle East by distributing sophisticated malware disguised as the Palo Alto GlobalProtect tool.]]> 2024-08-29T00:00:00+00:00 https://www.trendmicro.com/en_us/research/24/h/threat-actors-target-middle-east-using-fake-tool.html www.secnews.physaphae.fr/article.php?IdArticle=8566025 False Malware,Tool,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-08-28T21:59:39+00:00 https://community.riskiq.com/article/bf7946e8 www.secnews.physaphae.fr/article.php?IdArticle=8565718 True Ransomware,Malware,Tool,Threat,Medical None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-08-28T21:35:25+00:00 https://community.riskiq.com/article/8e6e70e2 www.secnews.physaphae.fr/article.php?IdArticle=8565719 True Ransomware,Malware,Tool,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch CISA warned about the RCE zero-day vulnerability in AVTECH IP cameras in early August, and now vulnerable systems are being used to spread malware.]]> 2024-08-28T21:00:08+00:00 https://www.darkreading.com/ics-ot-security/cctv-zero-day-targeted-by-mirai-botnet-campaign www.secnews.physaphae.fr/article.php?IdArticle=8565658 False Malware,Vulnerability,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-08-28T20:46:51+00:00 https://community.riskiq.com/article/e3cd79c3 www.secnews.physaphae.fr/article.php?IdArticle=8565688 False Ransomware,Malware,Tool,Vulnerability,Threat,Technical APT 41 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A South Korea-aligned cyber espionage has been linked to the zero-day exploitation of a now-patched critical remote code execution flaw in Kingsoft WPS Office to deploy a bespoke backdoor dubbed SpyGlace. The activity has been attributed to a threat actor dubbed APT-C-60, according to cybersecurity firms ESET and DBAPPSecurity. The attacks have been found to infect Chinese and East Asian users]]> 2024-08-28T19:18:00+00:00 https://thehackernews.com/2024/08/apt-c-60-group-exploit-wps-office-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=8565465 False Vulnerability,Threat None 3.0000000000000000 Bleeping Computer - Magazine Américain The South Korea-aligned cyberespionage group APT-C-60 has been leveraging a zero-day code execution vulnerability in the Windows version of WPS Office to install the SpyGlace backdoor on East Asian targets. [...]]]> 2024-08-28T18:50:15+00:00 https://www.bleepingcomputer.com/news/security/apt-c-60-hackers-exploited-wps-office-zero-day-to-deploy-spyglace-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8565722 False Malware,Vulnerability,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-08-28T18:20:57+00:00 https://community.riskiq.com/article/feb7656e www.secnews.physaphae.fr/article.php?IdArticle=8565624 False Malware,Tool,Threat,Mobile None 3.0000000000000000 Dark Reading - Informationweek Branch Novel attack vectors leverage the CVE-2023-22527 RCE flaw discovered in January, which is still under active attack, to turn targeted cloud environments into cryptomining networks.]]> 2024-08-28T18:03:59+00:00 https://www.darkreading.com/threat-intelligence/attackers-exploit-critical-atlassian-confluence-flaw-for-cryptojacking www.secnews.physaphae.fr/article.php?IdArticle=8565592 False Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind the BlackByte ransomware group have been observed likely exploiting a recently patched security flaw impacting VMware ESXi hypervisors, while also leveraging various vulnerable drivers to disarm security protections. "The BlackByte ransomware group continues to leverage tactics, techniques, and procedures (TTPs) that have formed the foundation of its tradecraft since its]]> 2024-08-28T15:51:00+00:00 https://thehackernews.com/2024/08/blackbyte-ransomware-exploits-vmware.html www.secnews.physaphae.fr/article.php?IdArticle=8565373 False Ransomware,Threat None 3.0000000000000000 Global Security Mag - Site de news francais revues de produits

---

Gigamon Announces Power of 3 Hybrid Cloud Security Offering with ExtraHop® and WWT, Elevates Cybersecurity Defenses for Joint Customers New offering maximizes threat detection, unlocking speed, precision, and efficiency in NDR - Product Reviews]]> 2024-08-28T15:24:32+00:00 https://www.globalsecuritymag.fr/gigamon-announces-power-of-3-hybrid-cloud-security.html www.secnews.physaphae.fr/article.php?IdArticle=8565506 False Threat,Cloud None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-08-28T15:13:46+00:00 https://community.riskiq.com/article/4b09e0a2 www.secnews.physaphae.fr/article.php?IdArticle=8565496 False Ransomware,Malware,Tool,Vulnerability,Threat None 3.0000000000000000 SecurityWeek - Security News Au milieu de l'exploitation de Typhoon Zero-Day, Censys trouve des centaines de serveurs exposés présentant une surface d'attaque mûre pour les attaquants.

---

>Amidst Volt Typhoon zero-day exploitation, Censys finds hundreds of exposed servers presenting ripe attack surface for attackers. ]]> 2024-08-28T15:08:42+00:00 https://www.securityweek.com/censys-finds-hundreds-of-exposed-servers-as-volt-typhoon-apt-targets-isps-msps/ www.secnews.physaphae.fr/article.php?IdArticle=8565501 False Vulnerability,Threat Guam 3.0000000000000000 Mandiant - Blog Sécu de Mandiant Today Mandiant is releasing details of a suspected Iran-nexus counterintelligence operation aimed at collecting data on Iranians and domestic threats who may be collaborating with intelligence and security agencies abroad, particularly in Israel.  The data collected by this campaign may support the Iranian intelligence apparatus in pinpointing individuals who are interested in collaborating with Iran\'s perceived adversarial countries. The collected data may be leveraged to uncover human intelligence (HUMINT) operations conducted against Iran and to persecute any Iranians suspected to be involved in these operations. These may include Iranian dissidents, activists, human rights advocates, and Farsi speakers living in and outside Iran. Mandiant assesses with high confidence this campaign was operated on behalf of Iran\'s regime, based on its tactics, techniques, and procedures (TTPs), themes, and targeting. In addition, we observed a weak overlap between this campaign and APT42, an Iran-nexus threat actor suspected to operate on behalf of Iran\'s IRGC Intelligence Organization (IRGC-IO). This campaign\'s activities are in line with Iran\'s IRGC and APT42\'s history of conducting surveillance operations against domestic threats and individuals of interest to the Iranian government. Despite the possible APT42 connection, Mandiant observed no relations between this activity and any U.S. elections-related targeting as previously reported by Google\'s Threat Analysis Group. The activity used multiple social media accounts to disseminate a network of over 35 fake recruiting websites containing extensive Farsi decoy content, including job offers and Israel-related lures, such as images of Israeli national symbols, hi-tech offices, and major city landmarks. Upon entry, the targeted users are required to enter their personal details as well as their professional and academic experience, which are subsequently sent to the attackers.  The suspected counterintelligence operations started as early as 2017 and lasted at least until March 2024. In the past, similar campaigns were deployed in Arabic, targeting individuals affiliated with Syria and Hezbollah intelligence and security agencies. This may indicate Iran\'s counterintelligence activities extend beyond its own security and intelligence apparatus, possibly in support of its allies in Syria and Lebanon.  Mandiant worked to help ensure this activity was blocked and disrupted, the threat actor\'s accounts were terminated, and Google Chrome users and the users of other browsers were protected.]]> 2024-08-28T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/uncovering-iranian-counterintelligence-operation/ www.secnews.physaphae.fr/article.php?IdArticle=8565655 False Threat,Mobile,Cloud APT 42 4.0000000000000000 SecurityWeek - Security News Check Point indique que l'acquisition améliorera ses propres capacités de SOC et élargira ses offres de renseignement sur les menaces gérées.

---

>Check Point says the acquisition will enhance its own SOC capabilities and expand its managed threat intelligence offerings. ]]> 2024-08-28T12:39:55+00:00 https://www.securityweek.com/check-point-to-acquire-external-cyber-risk-management-firm-cyberint/ www.secnews.physaphae.fr/article.php?IdArticle=8565403 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers are calling attention to a new QR code phishing (aka quishing) campaign that leverages Microsoft Sway infrastructure to host fake pages, once again highlighting the abuse of legitimate cloud offerings for malicious purposes. "By using legitimate cloud applications, attackers provide credibility to victims, helping them to trust the content it serves," Netskope Threat]]> 2024-08-28T12:19:00+00:00 https://thehackernews.com/2024/08/new-qr-code-phishing-campaign-exploits.html www.secnews.physaphae.fr/article.php?IdArticle=8565206 False Threat,Cloud None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine ESET uncovers a South Korean cyber-espionage campaign featuring a zero-day exploit for WPS Office]]> 2024-08-28T08:50:00+00:00 https://www.infosecurity-magazine.com/news/south-korean-spies-exploit-wps/ www.secnews.physaphae.fr/article.php?IdArticle=8565267 False Vulnerability,Threat None 2.0000000000000000 InformationSecurityBuzzNews - Site de News Securite The number of successful cyber attacks on UK law firms has soared by 77% over the past year, rising from 538 incidents to 954, according to a recent study. The increase is attributed to the lucrative nature of law firms as targets for cybercriminals, particularly for ransomware attacks and blackmail attempts. Malefactors will often demand [...]]]> 2024-08-28T05:18:48+00:00 https://informationsecuritybuzz.com/cyberattacks-uk-law-firms-ransomware/ www.secnews.physaphae.fr/article.php?IdArticle=8565177 False Ransomware,Threat,Studies None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-08-27T23:00:11+00:00 https://community.riskiq.com/article/d9af6464 www.secnews.physaphae.fr/article.php?IdArticle=8565014 False Ransomware,Malware,Tool,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch The exploit can be accessed on GitHub and makes it easier for the flaw to be exploited by threat actors.]]> 2024-08-27T20:56:41+00:00 https://www.darkreading.com/vulnerabilities-threats/poc-exploit-for-zero-click-vulnerability-made-available-to-the-masses www.secnews.physaphae.fr/article.php?IdArticle=8564934 False Vulnerability,Threat None 3.0000000000000000 Team Cymru - Equipe de Threat Intelligence According to "Voice of a Threat Hunter 2024" Security teams need to keep evolving their strategies to protect their organizations against...]]> 2024-08-27T20:48:32+00:00 https://www.team-cymru.com/post/how-security-teams-are-strengthening-their-threat-hunting-according-to-voice-of-a-threat-hunter-202 www.secnews.physaphae.fr/article.php?IdArticle=8566483 False Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-08-27T19:48:07+00:00 https://community.riskiq.com/article/501936b2 www.secnews.physaphae.fr/article.php?IdArticle=8565625 False Malware,Tool,Threat,Legislation,Cloud,Commercial None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The China-nexus cyber espionage group tracked as Volt Typhoon has been attributed with moderate confidence to the zero-day exploitation of a recently disclosed high-severity security flaw impacting Versa Director. The attacks targeted four U.S. victims and one non-U.S. victim in the Internet service provider (ISP), managed service provider (MSP) and information technology (IT) sectors as early]]> 2024-08-27T19:30:00+00:00 https://thehackernews.com/2024/08/chinese-volt-typhoon-exploits-versa.html www.secnews.physaphae.fr/article.php?IdArticle=8564754 False Vulnerability,Threat Guam 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Want to know what\'s the latest and greatest in SecOps for 2024? Gartner\'s recently released Hype Cycle for Security Operations report takes important steps to organize and mature the domain of Continuous Threat Exposure Management, aka CTEM. Three categories within this domain are included in this year\'s report: Threat Exposure Management, Exposure Assessment Platforms (EAP), and Adversarial]]> 2024-08-27T18:51:00+00:00 https://thehackernews.com/2024/08/ctem-in-spotlight-how-gartners-new.html www.secnews.physaphae.fr/article.php?IdArticle=8564717 False Threat None 2.0000000000000000 Recorded Future - FLux Recorded Future 2024-08-27T17:32:01+00:00 https://therecord.media/versa-zero-day-volt-typhoon-china www.secnews.physaphae.fr/article.php?IdArticle=8564847 False Vulnerability,Threat Guam 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber L'accord est la troisième acquisition que la société israélienne de cybersécurité a faite au cours de la dernière année.

---

>The deal is the third acquisition the Israeli cybersecurity firm has made in the past year. ]]> 2024-08-27T15:06:48+00:00 https://cyberscoop.com/check-point-cyberint-acquisition/ www.secnews.physaphae.fr/article.php?IdArticle=8564752 False Threat None 2.0000000000000000 Bleeping Computer - Magazine Américain Microsoft has released the optional KB5041587 preview cumulative update for Windows 11 23H2 and 22H2, which adds sharing to Android devices and fixes multiple File Explorer issues. [...]]]> 2024-08-27T15:03:17+00:00 https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5041587-update-adds-sharing-to-android-devices/ www.secnews.physaphae.fr/article.php?IdArticle=8564877 False Threat,Mobile None 4.0000000000000000 Krebs on Security - Chercheur Américain Malicious hackers are exploiting a zero-day vulnerability in Versa Director, a software product used by many Internet and IT service providers. Researchers believe the activity is linked to Volt Typhoon, a Chinese cyber espionage group focused on infiltrating critical U.S. networks and laying the groundwork for the ability to disrupt communications between the United States and Asia during any future armed conflict with China.]]> 2024-08-27T14:26:41+00:00 https://krebsonsecurity.com/2024/08/new-0-day-attacks-linked-to-chinas-volt-typhoon/ www.secnews.physaphae.fr/article.php?IdArticle=8564750 False Vulnerability,Threat Guam 3.0000000000000000 TroyHunt - Blog Security Zero-day that was exploited since June to infect ISPs finally gets fixed.]]> 2024-08-27T14:00:58+00:00 https://arstechnica.com/?p=2045401 www.secnews.physaphae.fr/article.php?IdArticle=8564748 False Malware,Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch So far, the threat actor has compromised at least five organizations using CVE-2024-39717; CISA has added bug to its Known Exploited Vulnerability database.]]> 2024-08-27T14:00:00+00:00 https://www.darkreading.com/cyberattacks-data-breaches/china-s-volt-typhoon-actively-exploiting-now-patched-0-day-in-versa-director-servers www.secnews.physaphae.fr/article.php?IdArticle=8564781 False Vulnerability,Threat Guam 3.0000000000000000 Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique Résumé En juillet 2024, Netskope Threat Labs a suivi une augmentation de 2 000 fois le trafic vers les pages de phishing livrées via Microsoft Sway.La majorité des pages de saisie des informations d'identification étudiées ont utilisé la «quais», une forme de phishing qui utilise le code QR pour inciter les utilisateurs à accéder à un site Web malveillant.Les campagnes de phishing ont ciblé les informations d'identification MS Office, en utilisant des documents [& # 8230;]

---

>Summary In July 2024, Netskope Threat Labs tracked a 2,000-fold increase in traffic to phishing pages delivered through Microsoft Sway. The majority of the credential grabbing pages investigated used “Quishing,” a form of phishing that uses QR code to trick users into accessing a malicious website. The phishing campaigns targeted MS Office credentials, using documents […] ]]> 2024-08-27T14:00:00+00:00 https://www.netskope.com/blog/phishing-in-style-microsoft-sway-abused-to-deliver-quishing-attacks www.secnews.physaphae.fr/article.php?IdArticle=8564713 False Threat None 3.0000000000000000 Bleeping Computer - Magazine Américain The Pidgin messaging app removed the ScreenShareOTR plugin from its official third-party plugin list after it was discovered that it was used to install keyloggers, information stealers, and malware commonly used to gain initial access to corporate networks. [...]]]> 2024-08-27T13:25:55+00:00 https://www.bleepingcomputer.com/news/security/malware-infiltrates-pidgin-messengers-official-plugin-repository/ www.secnews.physaphae.fr/article.php?IdArticle=8564850 False Malware,Threat None 4.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Dans un monde où les réseaux d'infrastructures critiques sont de plus en plus numérisés et interconnectés, la cyber-risque augmente comme une menace importante pour la sécurité, la sécurité de notre nation.

---

>In a world where critical infrastructure networks are increasingly digitalized and interconnected, cyber risk is growing as a significant threat to our nation\'s security, safety. ]]> 2024-08-27T12:00:00+00:00 https://cyberscoop.com/cyber-insurance-critical-infrastructure-engineering-standards-congress/ www.secnews.physaphae.fr/article.php?IdArticle=8564655 False Threat None 2.0000000000000000 Dark Reading - Informationweek Branch The ShinyHunters attackers are skipping selling stolen data on hacker forums in favor of using deadline-driven ransom notes for financial gain.]]> 2024-08-27T11:39:29+00:00 https://www.darkreading.com/threat-intelligence/threat-group-bling-libra-extortion-cloud-attacks www.secnews.physaphae.fr/article.php?IdArticle=8564813 False Threat,Cloud None 3.0000000000000000 HackRead - Chercher Cyber TDECU reports a data breach affecting over 500,000 members due to a MOVEit vulnerability. Compromised data includes Social…]]> 2024-08-27T11:37:11+00:00 https://hackread.com/tdecu-data-breach-by-moveit-exploit/ www.secnews.physaphae.fr/article.php?IdArticle=8564656 False Data Breach,Vulnerability,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-08-27T10:47:04+00:00 https://community.riskiq.com/article/1af984be www.secnews.physaphae.fr/article.php?IdArticle=8564652 False Vulnerability,Threat Guam 3.0000000000000000 Bleeping Computer - Magazine Américain The Chinese state-backed hacking group Volt Typhoon is behind attacks that exploited a zero-day flaw in Versa Director to upload a custom webshell to steal credentials and breach corporate networks. [...]]]> 2024-08-27T10:00:00+00:00 https://www.bleepingcomputer.com/news/security/chinese-volt-typhoon-hackers-exploited-versa-zero-day-to-breach-isps-msps/ www.secnews.physaphae.fr/article.php?IdArticle=8564715 False Vulnerability,Threat Guam 3.0000000000000000 DarkTrace - DarkTrace: AI bases detection Explore Darktrace\'s 2024 Half-Year Threat Report for insights on the latest cyber threats and trends observed in the first half of the year.]]> 2024-08-27T09:24:00+00:00 https://darktrace.com/blog/darktrace-releases-2024-half-year-threat-insights-2 www.secnews.physaphae.fr/article.php?IdArticle=8565301 False Threat,Studies None 3.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET In the digital graveyard, a new threat stirs: Out-of-support devices becoming thralls of malicious actors]]> 2024-08-27T09:00:00+00:00 https://www.welivesecurity.com/en/internet-of-things/old-devices-new-dangers-the-risks-of-unsupported-iot-tech/ www.secnews.physaphae.fr/article.php?IdArticle=8565094 False Threat None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial 1898 & Co. has launched its Advanced Threat Protection Center (ATPC) in Houston, Texas which is a next-level... ]]> 2024-08-27T06:08:58+00:00 https://industrialcyber.co/risk-management/1898-co-unveils-advanced-threat-protection-center-in-houston-to-bolster-critical-infrastructure-security/ www.secnews.physaphae.fr/article.php?IdArticle=8564498 False Threat None 3.0000000000000000 TrendLabs Security - Editeur Antivirus The quicker a cyberattack is identified, the less it costs. Jon Clay, VP of Threat Intelligence, reviews seven key initial attack vectors and provides proactive security tips to help you reduce cyber risk across the attack surface.]]> 2024-08-27T00:00:00+00:00 https://www.trendmicro.com/en_us/research/22/k/cyber-attack-vectors-how-to-protect-them.html www.secnews.physaphae.fr/article.php?IdArticle=8564749 False Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-08-26T21:55:36+00:00 https://community.riskiq.com/article/69d7b49e www.secnews.physaphae.fr/article.php?IdArticle=8564339 False Ransomware,Malware,Tool,Vulnerability,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch A threat actor resembling APT41 performed "AppDomainManager Injection," which is like DLL sideloading, but arguably easier and stealthier.]]> 2024-08-26T21:33:17+00:00 https://www.darkreading.com/application-security/hackers-use-rare-stealth-techniques-to-down-asian-military-govt-orgs www.secnews.physaphae.fr/article.php?IdArticle=8564337 False Threat APT 41 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-08-26T21:17:57+00:00 https://community.riskiq.com/article/9431aa5a www.secnews.physaphae.fr/article.php?IdArticle=8564340 True Ransomware,Tool,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-08-26T16:51:55+00:00 https://community.riskiq.com/article/b920e285 www.secnews.physaphae.fr/article.php?IdArticle=8564220 False Ransomware,Malware,Tool,Vulnerability,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch Employees and management must fully support change detection and file integrity monitoring, allowing a proactive approach with definitive security controls to be implemented against threat actors.]]> 2024-08-26T14:00:00+00:00 https://www.darkreading.com/cyber-risk/aggressively-monitoring-for-changes-is-key-aspect-of-cybersecurity www.secnews.physaphae.fr/article.php?IdArticle=8564123 False Threat None 3.0000000000000000 Checkpoint Research - Fabricant Materiel Securite Pour les dernières découvertes en cyberLes meilleures attaques et violations Halliburton, une principale société de services pétroliers américains, ont été frappées par une cyberattaque qui a forcé l'entreprise à retirer certains systèmes hors ligne pour contenir la violation.Les pirates ont eu accès à certains des [& # 8230;]

---

>For the latest discoveries in cyber research for the week of 26th August, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Halliburton, a leading U.S. oilfield services firm, was hit by a cyberattack that forced the company to take certain systems offline to contain the breach. Hackers gained access to some of the […] ]]> 2024-08-26T12:59:48+00:00 https://research.checkpoint.com/2024/26th-august-threat-intelligence-report/ www.secnews.physaphae.fr/article.php?IdArticle=8564097 False Threat None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial Port officials reported on Saturday that the Port of Seattle, which encompasses Seattle-Tacoma International Airport, is facing outages... ]]> 2024-08-26T11:43:00+00:00 https://industrialcyber.co/threat-landscape/critical-infrastructure-continues-under-threat-as-hackers-strike-at-port-of-seattle-and-halliburton-oilfield/ www.secnews.physaphae.fr/article.php?IdArticle=8564364 False Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-08-26T10:44:38+00:00 https://community.riskiq.com/article/9e3295c1 www.secnews.physaphae.fr/article.php?IdArticle=8564053 False Ransomware,Malware,Tool,Vulnerability,Threat,Mobile,Prediction,Cloud None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC allow heart attack patients to share their health data continuously, leading to better monitoring and higher completion rates of rehabilitation programs​​. IoB devices also increase efficiency and accuracy in medical interventions. An example of this are digital pills equipped with sensors that provide precise medication management by transmitting data about ingestion to healthcare providers. These devices help reduce medication errors and improve adherence to prescribed treatment plans​​. The enhanced data collection and analysis that comes as a result of IoB devices contribute to better health outcomes. The vast amounts of data generated help better understand health patterns and predict potential issues. As an example, smart thermometers used in Shanghai\'s Public Health Clinical Center during the COVID-19 pandemic allowed for ]]> 2024-08-26T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/the-hidden-risks-of-internet-of-bodies-iob-cybersecurity-in-healthcare-devices www.secnews.physaphae.fr/article.php?IdArticle=8563999 False Vulnerability,Threat,Prediction,Medical None 3.0000000000000000 DarkTrace - DarkTrace: AI bases detection Safelink Smuggling is not necessarily a new phenomenon, but Darktrace analysts have seen a notable increase recently. Read this blog to learn how threat actors are deploying this technique in email attacks, how vendors can mitigate Safelink Smuggling attempts, and why defense-in-depth is the solution.]]> 2024-08-26T09:24:00+00:00 https://darktrace.com/blog/the-rise-in-safelink-smuggling-how-to-enhance-your-resilience-against-malicious-links www.secnews.physaphae.fr/article.php?IdArticle=8565302 False Threat None 4.0000000000000000 InformationSecurityBuzzNews - Site de News Securite Stroz Friedberg, a risk management firm under Aon, has identified a sophisticated malware strain targeting Linux systems. Dubbed “sedexp,” the malware exploits udev rules to maintain persistence and evade detection. According to researchers Zachary Reichert, Daniel Stein, and Joshua Pivirotto, “This advanced threat, active since 2022, hides in plain sight while providing attackers with reverse [...]]]> 2024-08-26T09:22:16+00:00 https://informationsecuritybuzz.com/linux-malware-sedexp-exploits-udev/ www.secnews.physaphae.fr/article.php?IdArticle=8564003 False Malware,Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The Chinese cyber espionage group was observed jailbreaking a Cisco switch appliance using a zero-day exploit]]> 2024-08-26T08:00:00+00:00 https://www.infosecurity-magazine.com/news/chinese-velvet-ant-cisco-0day/ www.secnews.physaphae.fr/article.php?IdArticle=8563952 False Malware,Vulnerability,Threat None 3.0000000000000000 The State of Security - Magazine Américain Cybercrime is a major concern for individuals, businesses, and governments alike. As technology advances, so do the tactics and sophistication of those who seek to exploit it for nefarious purposes. Data shows that, on average, a cyber attack occurs every 39 seconds, affecting one in three Americans annually. Recognizing the human element behind these cyber threats is crucial in combating them effectively; this article aims to analyze the psychological complexities driving cybercriminal activities and pave the way for more effective countermeasures. What Does the Modern Cybercriminal Look Like...]]> 2024-08-26T03:31:15+00:00 https://www.tripwire.com/state-of-security/forensic-cyberpsychology-profiling-next-generation-cybercriminal www.secnews.physaphae.fr/article.php?IdArticle=8563974 False Threat None 3.0000000000000000 InformationSecurityBuzzNews - Site de News Securite In Q2 2024,  new ransomware groups, including PLAY, Medusa, RansomHub, INC Ransom, BlackSuit and some additional lesser-known factions, led a series of attacks that eclipsed the first quarter of this year by 16% and the second quarter of 2023 by 8%. These new threat actors emerged following the takedown of LockBit and BlackCat by international [...]]]> 2024-08-26T03:16:07+00:00 https://informationsecuritybuzz.com/ransomware-attacks-demands-payments/ www.secnews.physaphae.fr/article.php?IdArticle=8563845 False Ransomware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have uncovered a new stealthy piece of Linux malware that leverages an unconventional technique to achieve persistence on infected systems and hide credit card skimmer code. The malware, attributed to a financially motivated threat actor, has been codenamed sedexp by Aon\'s Stroz Friedberg incident response services team. "This advanced threat, active since 2022, hides]]> 2024-08-25T11:07:00+00:00 https://thehackernews.com/2024/08/new-linux-malware-sedexp-hides-credit.html www.secnews.physaphae.fr/article.php?IdArticle=8563433 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has placed a security flaw impacting Versa Director to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation. The medium-severity vulnerability, tracked as CVE-2024-39717 (CVSS score: 6.6), is case of file upload bug impacting the "Change Favicon" feature that could allow a threat actor to]]> 2024-08-24T12:33:00+00:00 https://thehackernews.com/2024/08/cisa-urges-federal-agencies-to-patch.html www.secnews.physaphae.fr/article.php?IdArticle=8562959 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Meta Platforms on Friday became the latest company after Microsoft, Google, and OpenAI to expose the activities of an Iranian state-sponsored threat actor, who it said used a set of WhatsApp accounts that attempted to target individuals in Israel, Palestine, Iran, the U.K., and the U.S. The activity cluster, which originated from Iran, "appeared to have focused on political and diplomatic]]> 2024-08-24T12:25:00+00:00 https://thehackernews.com/2024/08/meta-exposes-iranian-hacker-group.html www.secnews.physaphae.fr/article.php?IdArticle=8562960 False Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot Researchers at CISA have identified a critical vulnerability in [Jenkins](https://www.jenkins.io/security/advisory/2024-01-24/), a popular open-source automation server, which allows unauthenticated attackers to gain remote code execution. ## Description Tracked as [CVE-2024-23897](https://nvd.nist.gov/vuln/detail/CVE-2024-23897), the vulnerability stems from a weakness in the args4j command parser, enabling attackers to read arbitrary files on the Jenkins controller file system through th]]> 2024-08-23T20:36:37+00:00 https://community.riskiq.com/article/e7eefe6c www.secnews.physaphae.fr/article.php?IdArticle=8562753 False Ransomware,Vulnerability,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-08-23T20:33:16+00:00 https://community.riskiq.com/article/93a581d3 www.secnews.physaphae.fr/article.php?IdArticle=8562754 False Ransomware,Spam,Malware,Tool,Threat,Prediction None 3.0000000000000000 IT Security Guru - Blog Sécurité The U.S. is facing a critical shortage of cybersecurity professionals, a challenge that is not only growing but also poses a significant threat to national security. CyberSeek, a joint initiative of NIST\'s NICE program, CompTIA, and Lightcast, reports in its dashboard over 469,930 job openings in cybersecurity. (CyberSeek, 2024) Despite the escalating cyber threats, the […] ]]> 2024-08-23T15:58:58+00:00 https://www.itsecurityguru.org/2024/08/23/how-immigration-can-solve-americas-cybersecurity-shortage/?utm_source=rss&utm_medium=rss&utm_campaign=how-immigration-can-solve-americas-cybersecurity-shortage www.secnews.physaphae.fr/article.php?IdArticle=8562592 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind a recently observed Qilin ransomware attack have stolen credentials stored in Google Chrome browsers on a small set of compromised endpoints. The use of credential harvesting in connection with a ransomware infection marks an unusual twist, and one that could have cascading consequences, cybersecurity firm Sophos said in a Thursday report. The attack, detected in July]]> 2024-08-23T15:54:00+00:00 https://thehackernews.com/2024/08/new-qilin-ransomware-attack-uses-vpn.html www.secnews.physaphae.fr/article.php?IdArticle=8562474 False Ransomware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have uncovered a new information stealer that\'s designed to target Apple macOS hosts and harvest a wide range of information, underscoring how threat actors are increasingly setting their sights on the operating system. Dubbed Cthulhu Stealer, the malware has been available under a malware-as-a-service (MaaS) model for $500 a month from late 2023. It\'s capable of]]> 2024-08-23T10:31:00+00:00 https://thehackernews.com/2024/08/new-macos-malware-cthulhu-stealer.html www.secnews.physaphae.fr/article.php?IdArticle=8562357 False Malware,Threat None 2.0000000000000000 ProofPoint - Cyber Firms 2024-08-23T07:07:37+00:00 https://www.proofpoint.com/us/blog/insider-threat-management//insider-threat-visibility-reduce-risk-gain-efficiency www.secnews.physaphae.fr/article.php?IdArticle=8562639 False Data Breach,Tool,Threat,Cloud None 3.0000000000000000 ProofPoint - Cyber Firms 2024-08-23T07:07:37+00:00 https://www.proofpoint.com/us/blog/insider-threat-management/insider-threat-visibility-reduce-risk-gain-efficiency www.secnews.physaphae.fr/article.php?IdArticle=8562684 False Data Breach,Tool,Threat,Cloud None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-08-22T23:37:56+00:00 https://community.riskiq.com/article/c6573902 www.secnews.physaphae.fr/article.php?IdArticle=8562249 True Ransomware,Malware,Tool,Threat,Prediction None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Details have emerged about a China-nexus threat group\'s exploitation of a recently disclosed, now-patched security flaw in Cisco switches as a zero-day to seize control of the appliance and evade detection. The activity, attributed to Velvet Ant, was observed early this year and involved the weaponization of CVE-2024-20399 (CVSS score: 6.0) to deliver bespoke malware and gain extensive control]]> 2024-08-22T21:43:00+00:00 https://thehackernews.com/2024/08/chinese-hackers-exploit-zero-day-cisco.html www.secnews.physaphae.fr/article.php?IdArticle=8562040 False Malware,Vulnerability,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-08-22T21:27:52+00:00 https://community.riskiq.com/article/9b0074af www.secnews.physaphae.fr/article.php?IdArticle=8562206 False Ransomware,Malware,Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch The guidance is part of a coordinated, global effort to eradicate living-off-the-land techniques used against critical infrastructure.]]> 2024-08-22T20:19:11+00:00 https://www.darkreading.com/cybersecurity-operations/nsa-issues-tips-for-better-logging-threat-detection-in-lotl-incidents www.secnews.physaphae.fr/article.php?IdArticle=8562714 False Threat,Technical None 4.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot Analysts at Mandiant uncovered a new memory-only dropper which delivers a PowerShell-based downloader they dubbed PEAKLIGHT. ## Description Threat actors are leveraging ZIP files masquerading as pirated movies to trick victims into download]]> 2024-08-22T19:57:36+00:00 https://community.riskiq.com/article/a1d5fe95 www.secnews.physaphae.fr/article.php?IdArticle=8562162 False Malware,Tool,Threat,Cloud None 2.0000000000000000