This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-06-16T10:41:56+00:00 www.secnews.physaphae.fr AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC NotPetya malware was concealed in a software update for a widely-used tax program in Ukraine. Though primarily affecting IT networks, the malware caused shutdowns in industrial operations, illustrating how a corrupted element in the supply chain can have far-reaching effects on both IT and OT systems. These real-world incidents emphasize the multifaceted nature of cybersecurity risks within interconnected ICS/OT systems. They serve as a prelude to a deeper exploration of specific challenges and vulnerabilities, including: Malware attacks on ICS/OT: Specific targeting of components can disrupt operations and cause physical damage. Third-party vulnerabilities: Integration of third-party systems within the supply chain can create exploitable weak points. Data integrity issues: Unauthorized data manipulation within ICS/OT systems can lead to faulty decision-making. Access control challenges: Proper identity and access management within complex environments are crucial. Compliance with best practices: Adherence to guidelines such as NIST\'s best practices is essential for resilience. Rising threats in manufacturing: Unique challenges include intellectual property theft and process disruptions. Traditional defenses are proving inadequate, and a multifaceted strategy, including technologies like Content Disarm and Reconstruction (CDR), is required to safeguard these vital systems. Supply chain defense: The power of content disarm and reconstruction Content Disarm and Reconstruction (CDR) is a cutting-edge technology. It operates on a simple, yet powerful premise based on the Zero Trust principle: all files could be malicious. What does CDR do? In the complex cybersecurity landscape, CDR stands as a unique solution, transforming the way we approach file safety. Sanitizes and rebuilds files: By treating every file as potentially harmful, CDR ensures they are safe for use while mainta]]> 2023-08-29T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/battling-malware-in-the-industrial-supply-chain www.secnews.physaphae.fr/article.php?IdArticle=8376274 False Malware,Vulnerability,Threat,Industrial,Cloud NotPetya,Solardwinds,Wannacry 2.0000000000000000 Mandiant - Blog Sécu de Mandiant un article de blog détaillant un espionnage global de 8 mois Un4841 .Dans cet article de blog de suivi, nous détaillerons des tactiques, des techniques et des procédures supplémentaires (TTP) employés par UNC4841 qui ont depuis été découverts par le biais des engagements de réponse aux incidents de Mandiant, ainsi que par des efforts de collaboration avec les réseaux de Barracuda et notrePartenaires du gouvernement international. Au cours de cet article de blog, Mandiant détaillera comment UNC4841 a continué à montrer la sophistication et l'adaptabilité dans

---

On June 15, 2023, Mandiant released a blog post detailing an 8-month-long global espionage campaign conducted by a Chinese-nexus threat group tracked as UNC4841. In this follow-up blog post, we will detail additional tactics, techniques, and procedures (TTPs) employed by UNC4841 that have since been uncovered through Mandiant\'s incident response engagements, as well as through collaborative efforts with Barracuda Networks and our International Government partners.  Over the course of this blog post, Mandiant will detail how UNC4841 has continued to show sophistication and adaptability in]]> 2023-08-29T07:00:00+00:00 https://www.mandiant.com/resources/blog/unc4841-post-barracuda-zero-day-remediation www.secnews.physaphae.fr/article.php?IdArticle=8377325 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered a case of privilege escalation associated with a Microsoft Entra ID (formerly Azure Active Directory) application by taking advantage of an abandoned reply URL. "An attacker could leverage this abandoned URL to redirect authorization codes to themselves, exchanging the ill-gotten authorization codes for access tokens," Secureworks Counter Threat Unit (]]> 2023-08-28T21:35:00+00:00 https://thehackernews.com/2023/08/experts-uncover-how-cybercriminals.html www.secnews.physaphae.fr/article.php?IdArticle=8375782 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cyber attacks on e-commerce applications are a common trend in 2023 as e-commerce businesses become more omnichannel, they build and deploy increasingly more API interfaces, with threat actors constantly exploring more ways to exploit vulnerabilities. This is why regular testing and ongoing monitoring are necessary to fully protect web applications, identifying weaknesses so they can be]]> 2023-08-28T16:57:00+00:00 https://thehackernews.com/2023/08/cyberattacks-targeting-e-commerce.html www.secnews.physaphae.fr/article.php?IdArticle=8375669 False Threat,Prediction None 2.0000000000000000 Global Security Mag - Site de news francais Produits]]> 2023-08-28T14:37:48+00:00 https://www.globalsecuritymag.fr/Dynatrace-devoile-Security-Analytics.html www.secnews.physaphae.fr/article.php?IdArticle=8375743 False Threat None 3.0000000000000000 Checkpoint Research - Fabricant Materiel Securite Pour connaître les dernières découvertes en matière de cyber-recherche pour la semaine du 28 août, veuillez télécharger notre Bulletin Threat_Intelligence PRINCIPALES ATTAQUES ET VIOLATIONS Une campagne d'espionnage en cours ciblant des dizaines d'organisations à Taiwan a été découverte.Les chercheurs ont attribué cette activité à un groupe chinois APT surnommé Flax Typhoon, qui chevauche Ethereal Panda.La menace […]

---

>For the latest discoveries in cyber research for the week of 28th August, please download our Threat_Intelligence Bulletin TOP ATTACKS AND BREACHES An ongoing espionage campaign targeting dozens of organizations in Taiwan has been discovered. Researchers have attributed the activity to a Chinese APT group dubbed Flax Typhoon, which overlaps with Ethereal Panda. The threat […] ]]> 2023-08-28T12:12:18+00:00 https://research.checkpoint.com/2023/28th-august-threat-intelligence-report/ www.secnews.physaphae.fr/article.php?IdArticle=8375664 False Threat None 2.0000000000000000 Bleeping Computer - Magazine Américain Threat actors take advantage of common password mistakes to breach corporate networks. Learn more from Specops Software on the four most common mistakes and how to strengthen your Active Directory against these risks. [...]]]> 2023-08-28T10:02:01+00:00 https://www.bleepingcomputer.com/news/security/four-common-password-mistakes-hackers-love-to-exploit/ www.secnews.physaphae.fr/article.php?IdArticle=8375713 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The leak of the LockBit 3.0 ransomware builder last year has led to threat actors abusing the tool to spawn new variants. Russian cybersecurity company Kaspersky said it detected a ransomware intrusion that deployed a version of LockBit but with a markedly different ransom demand procedure. "The attacker behind this incident decided to use a different ransom note with a headline related to a]]> 2023-08-26T15:56:00+00:00 https://thehackernews.com/2023/08/lockbit-30-ransomware-builder-leak.html www.secnews.physaphae.fr/article.php?IdArticle=8374839 False Ransomware,Tool,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In today\'s digital landscape, your business data is more than just numbers-it\'s a powerhouse. Imagine leveraging this data not only for profit but also for enhanced AI and Machine Learning (ML) threat detection. For companies like Comcast, this isn\'t a dream. It\'s reality. Your business comprehends its risks, vulnerabilities, and the unique environment in which it operates. No generic,]]> 2023-08-25T17:19:00+00:00 https://thehackernews.com/2023/08/learn-how-your-business-data-can.html www.secnews.physaphae.fr/article.php?IdArticle=8374508 False Threat,General Information None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A nation-state activity group originating from China has been linked to cyber attacks on dozens of organizations in Taiwan as part of a suspected espionage campaign. The Microsoft Threat Intelligence team is tracking the activity under the name Flax Typhoon, which is also known as Ethereal Panda. "Flax Typhoon gains and maintains long-term access to Taiwanese organizations\' networks with minimal]]> 2023-08-25T16:11:00+00:00 https://thehackernews.com/2023/08/china-linked-flax-typhoon-cyber.html www.secnews.physaphae.fr/article.php?IdArticle=8374472 False Threat None 2.0000000000000000 Dark Reading - Informationweek Branch Using AI for threat detection and response is essential - but it can\'t replace human intelligence, expertise, and intuition.]]> 2023-08-25T14:00:00+00:00 https://www.darkreading.com/cloud/is-bias-in-ai-algorithms-a-threat-to-cloud-security www.secnews.physaphae.fr/article.php?IdArticle=8374522 False Threat,Cloud None 2.0000000000000000 Checkpoint - Fabricant Materiel Securite Selon cybersecurityventures.com, les postes vacants en matière de cybersécurité atteindront 3,5 millions en 2023, dont plus de 750 000 aux États-Unis. Le manque de talents dans ce domaine peut conduire à une détection inadéquate des menaces, à une sécurité et à une conformité plus faibles.problèmes.Pour combler cette lacune, les organisations cherchent à sous-traiter les opérations et la maintenance quotidiennes à des prestataires informatiques et de sécurité.Voici sept façons dont une solution SASE peut vous aider : Sécurité mise à jour en permanence Garder une longueur d'avance sur les cybermenaces nécessite des mécanismes de défense en temps réel.Une solution SASE fournit les dernières informations sur les menaces pour bloquer automatiquement les derniers sites de logiciels malveillants et de phishing.Cela minimise […]

---

>According to cybersecurityventures.com unfilled cyber security positions will hit 3.5 million in 2023, with more than 750,000 of those positions based in the U.S. The lack of talent in this area can lead to inadequate threat detection, weaker security, and compliance issues. To address this gap, organizations are looking to outsource day-to-day operations and maintenance to IT and security providers. Here are seven ways a SASE solution can help: Continuously Updated Security Staying ahead of cyber threats requires real-time defense mechanisms. A SASE solution provides the latest threat intelligence to automatically block the newest malware and phishing sites. This minimizes […] ]]> 2023-08-25T13:00:49+00:00 https://blog.checkpoint.com/security/how-to-close-the-it-talent-gap-with-a-sase-solution/ www.secnews.physaphae.fr/article.php?IdArticle=8374493 False Malware,Threat None 2.0000000000000000 Soc Radar - Blog spécialisé SOC In the world of cybersecurity, vulnerability intelligence is like a guiding light for experts dealing... ]]> 2023-08-25T12:30:00+00:00 https://socradar.io/navigating-the-cyber-threat-landscape-with-socradars-vulnerability-intelligence-and-cveradar/ www.secnews.physaphae.fr/article.php?IdArticle=8374494 False Vulnerability,Threat None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC 2023-08-25T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/the-sec-demands-more-transparency-about-cybersecurity-incidents-in-public-companies www.secnews.physaphae.fr/article.php?IdArticle=8374424 False Vulnerability,Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Threat actors use unique infection chains to deploy QakBot malware]]> 2023-08-25T06:30:00+00:00 https://www.infosecurity-magazine.com/news/creative-qakbot-attack-tactics/ www.secnews.physaphae.fr/article.php?IdArticle=8374380 False Malware,Threat None 3.0000000000000000 AhnLab - Korean Security Firm Le centre de réponse d'urgence de sécurité (ASEC) d'AhnLab a récemment découvert des cas de proxyjacking ciblant des serveurs MS-SQL mal gérés..Les serveurs MS-SQL accessibles au public avec des mots de passe simples sont l'un des principaux vecteurs d'attaque utilisés pour cibler les systèmes Windows.En règle générale, les acteurs malveillants ciblent les serveurs MS-SQL mal gérés et tentent d'y accéder par force brute ou par dictionnaire.En cas de succès, ils installent des logiciels malveillants sur le système infecté.Les acteurs malveillants installent LoveMiner sur des serveurs MS-SQL depuis un certain temps, et leur...

---

AhnLab Security Emergency response Center (ASEC) has recently discovered cases of proxyjacking targeting poorly managed MS-SQL servers. Publicly accessible MS-SQL servers with simple passwords are one of the main attack vectors used when targeting Windows systems. Typically, threat actors target poorly managed MS-SQL servers and attempt to gain access through brute force or dictionary attacks. If successful, they install malware on the infected system. The threat actors have been installing LoveMiner on MS-SQL servers for quite some time, and their... ]]> 2023-08-24T23:52:31+00:00 https://asec.ahnlab.com/en/56350/ www.secnews.physaphae.fr/article.php?IdArticle=8374274 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korea-linked threat actor known as Lazarus Group has been observed exploiting a now-patched critical security flaw impacting Zoho ManageEngine ServiceDesk Plus to distribute a remote access trojan called such as QuiteRAT. Targets include internet backbone infrastructure and healthcare entities in Europe and the U.S., cybersecurity company Cisco Talos said in a two-part analysis]]> 2023-08-24T20:46:00+00:00 https://thehackernews.com/2023/08/lazarus-group-exploits-critical-zoho.html www.secnews.physaphae.fr/article.php?IdArticle=8374129 False Malware,Threat APT 38,APT 38 2.0000000000000000 Cisco - Security Firm Blog Cisco has observed instances where threat actors appear to be targeting organizations that do not configure multi-factor authentication for their VPN users. This highlights the importance of enabling multi-factor authentication (MFA) in VPN implementations.]]> 2023-08-24T20:00:32+00:00 https://blogs.cisco.com/security/akira-ransomware-targeting-vpns-without-multi-factor-authentication www.secnews.physaphae.fr/article.php?IdArticle=8374483 False Ransomware,Threat None 2.0000000000000000 RedCanary - Red Canary We\'ve refreshed our popular Incident Response Guide to help your team address new obstacles in the ever-evolving cloud threat landscape.]]> 2023-08-24T18:56:27+00:00 https://redcanary.com/blog/incident-response-and-readiness-guide/ www.secnews.physaphae.fr/article.php?IdArticle=8374176 False Threat,Cloud None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new financially motivated operation is leveraging a malicious Telegram bot to help threat actors scam their victims. Dubbed Telekopye, a portmanteau of Telegram and kopye (meaning "spear" in Russian), the toolkit functions as an automated means to create a phishing web page from a premade template and send the URL to potential victims, codenamed Mammoths by the criminals. "This toolkit is]]> 2023-08-24T18:03:00+00:00 https://thehackernews.com/2023/08/new-telegram-bot-telekopye-powering.html www.secnews.physaphae.fr/article.php?IdArticle=8374067 False Threat None 3.0000000000000000 Dark Reading - Informationweek Branch Thanks to a simple Telegram bot that democratizes phishing, ordinary Russians can conduct full-fledged phishing attacks with zero technical knowhow.]]> 2023-08-24T17:46:00+00:00 https://www.darkreading.com/threat-intelligence/ebay-users-russian-telekopye-telegram-phishing-bot www.secnews.physaphae.fr/article.php?IdArticle=8374164 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The SmokeLoader malware is being used to deliver a new Wi-Fi scanning malware strain called Whiffy Recon on compromised Windows machines. "The new malware strain has only one operation. Every 60 seconds it triangulates the infected systems\' positions by scanning nearby Wi-Fi access points as a data point for Google\'s geolocation API," Secureworks Counter Threat Unit (CTU) said in a statement]]> 2023-08-24T16:54:00+00:00 https://thehackernews.com/2023/08/new-whiffy-recon-malware-triangulates.html www.secnews.physaphae.fr/article.php?IdArticle=8374039 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A recently patched security flaw in the popular WinRAR archiving software has been exploited as a zero-day since April 2023, new findings from Group-IB reveal. The vulnerability, cataloged as CVE-2023-38831, allows threat actors to spoof file extensions, thereby making it possible to launch malicious scripts contained within an archive that masquerades as seemingly innocuous image or text files.]]> 2023-08-24T16:42:00+00:00 https://thehackernews.com/2023/08/winrar-security-flaw-exploited-in-zero.html www.secnews.physaphae.fr/article.php?IdArticle=8374040 False Threat None 2.0000000000000000 Bleeping Computer - Magazine Américain Ransomware threat actors are spending less time on compromised networks before security solutions sound the alarm. In the first half of the year the hackers\' median dwell time dropped to five days from nine in 2022 [...]]]> 2023-08-24T14:18:04+00:00 https://www.bleepingcomputer.com/news/security/ransomware-hackers-dwell-time-drops-to-5-days-rdp-still-widely-used/ www.secnews.physaphae.fr/article.php?IdArticle=8374177 False Ransomware,Threat None 2.0000000000000000 Global Security Mag - Site de news francais opinion

---

The Biggest Threat to Consumer Electronics is Data Security, says Web3 and IT Expert Simon Bain - Opinion]]> 2023-08-24T13:24:12+00:00 https://www.globalsecuritymag.fr/Data-security-is-the-biggest-threat-to-consumer-electronics-according-to-Simon.html www.secnews.physaphae.fr/article.php?IdArticle=8374084 False Threat None 2.0000000000000000 Checkpoint - Fabricant Materiel Securite Le tunneling DNS est probablement considéré comme une relique des premiers jours d'Internet, à l'époque où les premiers pare-feu ont été déployés et que l'analyse des logiciels malveillants était un peu plus simple qu'aujourd'hui.Bien que les attaquants aient évolué, en utilisant la stéganographie et le chiffrement pour communiquer sur HTTP, le tunneling DNS n'est pas obsolète.En fait, les acteurs de logiciels malveillants modernes continuent de s'engager dans des tunnelings DNS, comme en témoignent les infections de Coinloader, rapportées pour la première fois par Avira.Même aujourd'hui, nous voyons de nouvelles utilisations du tunneling DNS par des pirates.En fait, notre analyse du tunneling DNS confirme que les acteurs de la menace utilisent toujours cette technique, y compris les acteurs et les cybercriminels parrainés par l'État.[& # 8230;]

---

>DNS Tunneling is probably considered a relic of the early Internet days, back when the first firewalls were deployed and malware analysis was a little bit simpler than it is today. Though attackers have evolved, using steganography and encryption to communicate over HTTP, DNS Tunneling is not obsolete. In fact, modern malware actors continue to engage in DNS Tunneling, as evidenced by the CoinLoader infections, first reported by Avira. Even today, we see new uses of DNS Tunneling by hackers. In fact, our analysis of DNS Tunneling confirms threat actors are still using this technique, including state-sponsored actors and cybercriminals. […] ]]> 2023-08-24T13:00:34+00:00 https://blog.checkpoint.com/security/preventing-dns-tunneling-with-artificial-intelligence/ www.secnews.physaphae.fr/article.php?IdArticle=8374055 False Malware,Threat None 2.0000000000000000 Security Intelligence - Site de news Américain Début juillet, la nouvelle a annoncé que les acteurs de la menace en Chine ont utilisé un défaut de sécurité Microsoft pour exécuter un espionnage hautement ciblé et sophistiqué contre des dizaines d'entités.Les victimes comprenaient le secrétaire au commerce américain, plusieurs responsables du Département d'État américain et d'autres organisations qui ne sont pas encore nommées publiquement.Les responsables et les chercheurs craignent que les produits Microsoft soient [& # 8230;]

---

>In early July, the news broke that threat actors in China used a Microsoft security flaw to execute highly targeted and sophisticated espionage against dozens of entities. Victims included the U.S. Commerce Secretary, several U.S. State Department officials and other organizations not yet publicly named. Officials and researchers alike are concerned that Microsoft products were […] ]]> 2023-08-24T13:00:00+00:00 https://securityintelligence.com/articles/lessons-learned-from-the-microsoft-cloud-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8374103 False Threat,Cloud None 3.0000000000000000 Dark Reading - Informationweek Branch The world\'s most notorious threat actor is using an unprecedented tactic for sneaking spyware into the IT networks of important companies.]]> 2023-08-24T12:05:00+00:00 https://www.darkreading.com/attacks-breaches/north-koreas-lazarus-group-used-gui-framework-to-build-stealthy-rat www.secnews.physaphae.fr/article.php?IdArticle=8374035 False Threat APT 38,APT 38 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC 2023-08-24T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/is-cybersecurity-as-a-service-csaas-the-answer-move-faster-do-more www.secnews.physaphae.fr/article.php?IdArticle=8373993 False Tool,Threat None 2.0000000000000000 IT Security Guru - Blog Sécurité At the IT Security Guru we\'re showcasing organisations that are passionate about making cybersecurity a healthier, more mindful industry. This week, Jack Chapman, VP of Threat Intelligence at Egress, spoke to the Gurus about the human side of phishing, leading by example, and eradicating blame culture. When it comes to mental health and wellbeing support, […] ]]> 2023-08-24T09:44:06+00:00 https://www.itsecurityguru.org/2023/08/24/cyber-mindfulness-corner-company-spotlight-egress/?utm_source=rss&utm_medium=rss&utm_campaign=cyber-mindfulness-corner-company-spotlight-egress www.secnews.physaphae.fr/article.php?IdArticle=8373991 False Threat None 2.0000000000000000 Mandiant - Blog Sécu de Mandiant

---

Artificial intelligence (AI) and large language models (LLMs) can help threat intelligence teams to detect and understand novel threats at scale, reduce burnout-inducing toil, and grow their existing talent by democratizing access to subject matter expertise. However, broad access to foundational Open Source Intelligence (OSINT) data and AI/ML technologies has quickly led to an overwhelming amount of noise for users to sift through. Mandiant, by contrast, takes a more nuanced approach to fuse industry-leading expertise, unique proprietary data sources, and cutting-edge ML to enable a holistic]]> 2023-08-24T09:00:00+00:00 https://www.mandiant.com/resources/blog/ai-five-phases-intelligence-lifecycle www.secnews.physaphae.fr/article.php?IdArticle=8377326 False Threat None 4.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine A Sophos report finds that attackers are adapting their approaches in the face of improved detection capabilities]]> 2023-08-24T08:00:00+00:00 https://www.infosecurity-magazine.com/news/attack-dwell-times-faster/ www.secnews.physaphae.fr/article.php?IdArticle=8373957 False Threat None 2.0000000000000000 Global Security Mag - Site de news francais Malwares]]> 2023-08-24T07:29:08+00:00 https://www.globalsecuritymag.fr/Les-risques-de-cyberattaques-n-ont-jamais-ete-aussi-eleves-ces-trois-dernieres.html www.secnews.physaphae.fr/article.php?IdArticle=8373959 False Threat None 2.0000000000000000 Techworm - News therecord qu'il a été gratté des informations de profil public, mais aucune violation ou piratage de données ne s'était produit. Ils ont ajouté qu'une enquête interne était en cours pour découvrir la nécessité de mesures de sécurité supplémentaires. Cependant, ils n'ont pas mentionné le fait que les adresses e-mail privées, qui ne sont pas publiques, faisaient également partie des données exposées. Récemment, l'ensemble de données d'utilisateur 2,6 millions de grattes avec toutes les informations a été publié sur une nouvelle version du forum de piratage violé pour 8 crédits de site, d'une valeur de 2,13 $, qui a été repéré pour la première fois par vx-underground . "Hello BreachForums Community, aujourd'hui, j'ai téléchargé le Scrape Duolingo pour que vous puissiez télécharger, merci d'avoir lu et apprécié!"lit un article sur le forum de piratage. Ces données ont été grattées en exploitant la vulnérabilité dans l'interface de programmation d'applications (API) de Duolingo, qui permet à quiconque de soumettre un nom d'utilisateur et de récupérer une sortie JSON comprenant des informations de profil public de l'utilisateur (nom, nom,e-mail, langues étudiées). L'API exposée est diffusée ouvertement et connue depuis au moins mars 2023. De plus, les chercheurs tweetent et documentant publiquement comment utiliser l'API. Selon VX-Underground, les pirates peuvent facilement exploiter ce défaut en soumettant une adresse e-mail dans l'API pour confirmer si elle est liée à un compte Duolingo valide.Ils avertissent que les données divulguées pourraient être utilisées pour le doxxing et peuvent également conduire à des attaques de phishing ciblées. BleepingComputer a confirmé que l'API est toujours accessible au public malgré le fait que Duolingo soit informé qu'il était ouvert en janvier 2023. Duolingo n'a pas encore répondu à la ]]> 2023-08-24T06:04:03+00:00 https://www.techworm.net/2023/08/hacker-dumps-data-million-duolingo-users.html www.secnews.physaphae.fr/article.php?IdArticle=8393059 False Data Breach,Hack,Vulnerability,Threat None 2.0000000000000000 CVE Liste - Common Vulnerability Exposure Craft is a CMS for creating custom digital experiences on the web and beyond. Bypassing the validatePath function can lead to potential remote code execution. This vulnerability can lead to malicious control of vulnerable systems and data exfiltrations. Although the vulnerability is exploitable only in the authenticated users, configuration with ALLOW_ADMIN_CHANGES=true, there is still a potential security threat (Remote Code Execution). This issue has been patched in version 4.4.15 and version 3.8.15.]]> 2023-08-23T21:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40035 www.secnews.physaphae.fr/article.php?IdArticle=8373843 False Vulnerability,Threat None None Dark Reading - Informationweek Branch Attacks targeting the now-patched bug have been going on since at least April 2023, security vendor says.]]> 2023-08-23T21:15:00+00:00 https://www.darkreading.com/attacks-breaches/threat-actor-exploits-zero-day-in-winrar-to-target-crypto-accounts www.secnews.physaphae.fr/article.php?IdArticle=8373824 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Federal Bureau of Investigation (FBI) on Tuesday warned that threat actors affiliated with North Korea may attempt to cash out stolen cryptocurrency worth more than $40 million. The law enforcement agency attributed the blockchain activity to an adversary the U.S. government tracks as TraderTraitor, which is also known by the name Jade Sleet. An investigation undertaken by the FBI found]]> 2023-08-23T18:13:00+00:00 https://thehackernews.com/2023/08/north-korean-affiliates-suspected-in.html www.secnews.physaphae.fr/article.php?IdArticle=8373643 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A Syrian threat actor named EVLF has been outed as the creator of malware families CypherRAT and CraxsRAT. "These RATs are designed to allow an attacker to remotely perform real-time actions and control the victim device\'s camera, location, and microphone," Cybersecurity firm Cyfirma said in a report published last week. CypherRAT and CraxsRAT are said to be offered to other cybercriminals as]]> 2023-08-23T17:14:00+00:00 https://thehackernews.com/2023/08/syrian-threat-actor-evlf-unmasked-as.html www.secnews.physaphae.fr/article.php?IdArticle=8373615 False Malware,Threat None 3.0000000000000000 Global Security Mag - Site de news francais opinion

---

World Internaut Day: Navigating the Digital Realm Safely Begins with Understanding the Threat Landscape • As Statista underscores, a substantial portion of the global population, over two-thirds to be precise, is deeply embedded in the digital ecosystem, spending an average of 6.4 hours online every day. • The past year witnessed an alarming 38% surge in cyberattacks, underscoring the absolute necessity for vigilant and proactive online security. - Opinion]]> 2023-08-23T15:42:28+00:00 https://www.globalsecuritymag.fr/World-Internaut-Day-Navigating-the-Digital-Realm-Safely-Begins-with.html www.secnews.physaphae.fr/article.php?IdArticle=8373721 False Threat None 2.0000000000000000 InformationSecurityBuzzNews - Site de News Securite St Helens Borough Council in Merseyside has fallen victim to a suspected ransomware attack, according to an official statement released on Monday, August 21. The local authority has described the incident as a “complex and evolving situation,” with cybersecurity experts currently investigating the breach. The ransomware attack, a type of cyber threat where criminals encrypt […]]]> 2023-08-23T12:59:35+00:00 https://informationsecuritybuzz.com/st-helens-council-targeted-in-suspected-ransomware-attack/?utm_source=rss&utm_medium=rss&utm_campaign=st-helens-council-targeted-in-suspected-ransomware-attack www.secnews.physaphae.fr/article.php?IdArticle=8374088 False Ransomware,Threat None 2.0000000000000000 InformationSecurityBuzzNews - Site de News Securite St Helens Borough Council in Merseyside has fallen victim to a suspected ransomware attack, according to an official statement released on Monday, August 21. The local authority has described the incident as a “complex and evolving situation,” with cybersecurity experts currently investigating the breach. The ransomware attack, a type of cyber threat where criminals encrypt […]]]> 2023-08-23T12:59:35+00:00 https://informationsecuritybuzz.com/st-helens-council-targeted-in-suspected-ransomware-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8373631 False Ransomware,Threat None 3.0000000000000000 Global Security Mag - Site de news francais Business]]> 2023-08-23T10:40:58+00:00 https://www.globalsecuritymag.fr/Tanium-rejoint-la-Joint-Cyber-Defense-Collaboration.html www.secnews.physaphae.fr/article.php?IdArticle=8373594 False Threat None 2.0000000000000000 Network World - Magazine Info Package Versa Sase qui inclut SD WAN, un pare-feu de nouvelle génération et d'application Web, la prévention des intrusions, le support zéro fiducie et la prévention de la perte de données. Pour lire cet article en entier, veuillez cliquer ici

---

Versa is bolstering the AI security management features of its integrated Secure Access Service Edge (SASE) package to include improved malware detection for Advanced Threat Protection, network microsegmention and generative AI protection to help customers better detect and quickly mitigate threats to their networked service and applications.The vendor supports AI in its integrated Versa SASE package that includes SD WAN, a next-generation and web application firewall, intrusion prevention, zero trust support and data loss prevention.To read this article in full, please click here]]> 2023-08-23T10:00:00+00:00 https://www.networkworld.com/article/3705056/versa-enhances-sase-package-with-ai-based-security-tools.html#tk.rss_security www.secnews.physaphae.fr/article.php?IdArticle=8373748 False Malware,Tool,Threat None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Unified endpoint management (UEM) has played a significant role over the years in enabling companies to improve the productivity and security of their corporate mobile devices and applications. In the early days of endpoint management there were separate workflows and products as it pertains to traditional endpoints, such as desktops and laptops, versus mobile devices. Over time, administrators grew frustrated with the number of tools they were required to learn and manage so developers moved toward an integrated solution where all endpoint devices, regardless of type, could be inventoried, managed, and have consistent policies applied through a single pane of glass. Today, UEMs allow IT administrators to be more productive by enabling them to set and enforce policies as to the type of data and applications an employee can access, providing the administrators with granular control and more effective security. These UEM platforms boast security features including the ability to identify jailbroken or rooted devices, enforcing passcodes, and enabling companies to wipe the data from mobile devices in the event they become lost or stolen. In general, UEMs have and continue to play an integral part in improving the management and productivity of business-critical mobile endpoints.  Possible avenues for attack However, in today’s environment, companies are experiencing a significant rise in the number of sophisticated and targeted malware attacks whose goal is to capture their proprietary data.  Only a few years ago, losing a mobile device meant forfeiture of content such as text messages, photographs, contacts, and calling information. Today’s smartphones have become increasingly sophisticated not only in their transactional capabilities but also represent a valuable target, storing a trove of sensitive corporate and personal data, and in many cases include financial information. If the phone stores usernames and passwords, it may allow a malicious actor to access and manipulate a user’s account via banking or e-commerce websites and apps.  To give you a sense of the magnitude of the mobile security issues: The number of mobile users in enterprise environments clicking on more than six malicious links annually has jumped from 1.6% in 2020 to 11.8% in 2022 In 2021, banking trojan attacks on Android devices have increased by 80% In 2022, 80% of phishing attacks targeted mobile devices or were designed to function on both mobile devices and desktops  In 2022, 43% of all compromised devices were fully exploited, not jailbroken or rooted-an increase of 187% YOY   Attack vectors come in various forms, with the most common categorized below: Device-based threats – These threats are designed to exploit outdated operating systems, risky device configurations and jailbroken/rooted devices. App threats – Malicious apps can install malware, spyware or rootkits, or share information with the developer or third parties unbeknownst to the user, including highly sensitive business and personal data. Web and content threats – Threats may be transmitted ]]> 2023-08-23T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/mobile-threat-defense-or-bust www.secnews.physaphae.fr/article.php?IdArticle=8373701 False Malware,Tool,Vulnerability,Threat None 3.0000000000000000 TrendLabs Security - Editeur Antivirus In this entry, we discuss how a threat actor abuses paid Facebook promotions featuring LLMs to spread malicious code, with the goal of installing a malicious browser add-on and stealing victims\' credentials.]]> 2023-08-23T00:00:00+00:00 https://www.trendmicro.com/en_us/research/23/h/profile-stealers-spread-via-llm-themed-facebook-ads.html www.secnews.physaphae.fr/article.php?IdArticle=8373475 False Threat None 3.0000000000000000 Resecurity - cyber risk firms 2023-08-23T00:00:00+00:00 https://www.resecurity.com/blog/article/cl0p-ups-the-ante-with-massive-moveit-transfer-supply-chain-exploit www.secnews.physaphae.fr/article.php?IdArticle=8416123 False Threat None 2.0000000000000000 TrendMicro - Security Firm Blog Global threat intelligence helps to disrupt thousands of African cyber crimes networks]]> 2023-08-23T00:00:00+00:00 https://www.trendmicro.com/en_us/research/23/h/african-cybercrime-networks.html www.secnews.physaphae.fr/article.php?IdArticle=8373764 False Threat,Prediction None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new State of SaaS Security Posture Management Report from SaaS cybersecurity provider AppOmni indicates that Cybersecurity, IT, and business leaders alike recognize SaaS cybersecurity as an increasingly important part of the cyber threat landscape. And at first glance, respondents appear generally optimistic about their SaaS cybersecurity. Over 600 IT, cybersecurity, and business leaders at]]> 2023-08-22T16:50:00+00:00 https://thehackernews.com/2023/08/cisos-tout-saas-cybersecurity.html www.secnews.physaphae.fr/article.php?IdArticle=8373073 False Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A previously undocumented threat cluster has been linked to a software supply chain attack targeting organizations primarily located in Hong Kong and other regions in Asia. The Symantec Threat Hunter Team, part of Broadcom, is tracking the activity under its insect-themed moniker Carderbee. The attacks, per the cybersecurity firm, leverage a trojanized version of a legitimate software called]]> 2023-08-22T15:42:00+00:00 https://thehackernews.com/2023/08/carderbee-attacks-hong-kong.html www.secnews.physaphae.fr/article.php?IdArticle=8373055 False Threat None 3.0000000000000000 Recorded Future - FLux Recorded Future Les pirates ont pu abuser des logiciels légitimes lors d'une attaque de chaîne d'approvisionnement présumée ciblant environ 100 ordinateurs utilisés par des organisations de Hong Kong et d'autres régions d'Asie.Les experts derrière la recherche - de l'équipe de chasseurs de menaces de Symantec - n'ont pas pu lier la campagne à un groupe de menace persistant avancé (APT) connu (APT)

---

Hackers were able to abuse legitimate software during a suspected supply chain attack targeting about 100 computers used by organizations in Hong Kong and other regions of Asia. The experts behind the research - from the Symantec Threat Hunter Team - were unable to tie the campaign to any known advanced persistent threat (APT) group]]> 2023-08-22T13:36:00+00:00 https://therecord.media/hong-kong-software-supply-chain-attack-carderbee-apt www.secnews.physaphae.fr/article.php?IdArticle=8373108 False Threat None 3.0000000000000000 Global Security Mag - Site de news francais vulnérabilité de sécurité

---

The Threat Lurking in Data Centers – Hack Power Management Systems, Take All the Power By Sam Quinn, Jesse Chick, and Philippe Laulheret – August 12, 2023 - Security Vulnerability]]> 2023-08-22T13:28:58+00:00 https://www.globalsecuritymag.fr/The-Threat-Lurking-in-Data-Centers-Hack-Power-Management-Systems-Take-All-the.html www.secnews.physaphae.fr/article.php?IdArticle=8373110 False Hack,Threat None 2.0000000000000000 SecurityWeek - Security News L'acteur de menace derrière Hiatusrat a été vu en reconnaissance de la reconnaissance contre un système d'approvisionnement militaire américain en juin 2023.

---

>The threat actor behind HiatusRAT was seen performing reconnaissance against a US military procurement system in June 2023. ]]> 2023-08-22T13:11:22+00:00 https://www.securityweek.com/us-military-targeted-in-recent-hiatusrat-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8373107 False Threat None 2.0000000000000000 Bleeping Computer - Magazine Américain In a new HiatusRAT malware campaign, threat actors have targeted a server belonging to the U.S. Department of Defense in what researchers described as a reconnaissance attack. [...]]]> 2023-08-22T12:47:21+00:00 https://www.bleepingcomputer.com/news/security/new-hiatusrat-malware-attacks-target-us-defense-department/ www.secnews.physaphae.fr/article.php?IdArticle=8373169 False Malware,Threat None 2.0000000000000000 AhnLab - Korean Security Firm Les serveurs Web sont vulnérables aux attaques car ils sont accessibles au public à un large éventail d'utilisateurs à des fins de finfournir des services Web.Cette accessibilité en fait une cible principale pour les acteurs de la menace.AHNLAB Security Emergency Response Center (ASEC) surveillait les attaques ciblant les serveurs Web vulnérables qui n'ont pas été corrigés ou mal gérés.Dans cet article, nous avons compilé les cas d'attaque APT où les serveurs Web des sociétés coréens ont été continuellement ciblés au fil des ans.Nous avons ...

---

Web servers are vulnerable to attacks because they are publicly accessible to a wide range of users for the purpose of delivering web services. This accessibility makes them a prime target for threat actors. AhnLab Security Emergency response Center (ASEC) is monitoring attacks targeting vulnerable web servers that have not been patched or are poorly managed. In this post, we have compiled APT attack cases where the web servers of Korean corporations were continuously targeted over the years. We have... ]]> 2023-08-22T02:13:28+00:00 https://asec.ahnlab.com/en/56236/ www.secnews.physaphae.fr/article.php?IdArticle=8372953 False Threat None 3.0000000000000000 CybeReason - Vendor blog ]]> 2023-08-21T20:45:00+00:00 https://www.cybereason.com/blog/threat-analysis-assemble-lockbit-3 www.secnews.physaphae.fr/article.php?IdArticle=8372917 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A high-severity security flaw has been disclosed in the WinRAR utility that could be potentially exploited by a threat actor to achieve remote code execution on Windows systems. Tracked as CVE-2023-40477 (CVSS score: 7.8), the vulnerability has been described as a case of improper validation while processing recovery volumes. "The issue results from the lack of proper validation of user-supplied]]> 2023-08-21T19:14:00+00:00 https://thehackernews.com/2023/08/new-winrar-vulnerability-could-allow.html www.secnews.physaphae.fr/article.php?IdArticle=8372770 False Vulnerability,Threat None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Aujourd'hui, SC Media a annoncé les gagnants de ses prix annuels de cybersécurité pour l'excellence et les réalisations. À AT & amp; T Cybersecurity Nous sommes ravis que AT & amp; t Les laboratoires extraterrestres Intelligence dans cette prestigieuse compétition.L'équipe Alien Labs travaille en étroite collaboration avec l'Open Keners Exchange (OTX), & NBSP; une plate-forme ouverte et gratuite qui permet aux professionnels de la sécurité partager, rechercher et valider les dernières menaces, tendances et techniques. Avec plus de 200 000 professionnels de la sécurité mondiale et des professionnels de l'informatique soumettant quotidiennement les données, OTX est devenu l'une des plus grandes communautés de renseignement de menace ouverte du monde.Il offre un contexte et des détails sur les menaces, y compris les acteurs de menaces, les organisations et les industries ciblés et les indicateurs de compromis connexes. La liste complète des gagnants est Ici .

---

Today, SC Media announced the winners of its annual cybersecurity awards for excellence and achievements. At AT&T Cybersecurity we are thrilled that AT&T Alien Labs was awarded Best Threat Intelligence in this prestigious competition. The Alien Labs team works closely with the Open Threat Exchange (OTX), an open and free platform that lets security professionals easily share, research, and validate the latest threats, trends and techniques. With more than 200,000 global security and IT professionals submitting data daily, OTX has become one of the world’s largest open threat intelligence communities. It offers context and details on threats, including threat actors, organizations and industries targeted, and related indicators of compromise. The full list of winners is here.]]> 2023-08-21T17:35:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/att-cybersecurity-wins-sc-media-award-for-best-threat-intelligence www.secnews.physaphae.fr/article.php?IdArticle=8372869 False Threat None 2.0000000000000000 Global Security Mag - Site de news francais rapports spéciaux

---

91% of Security and IT Professionals Agree Cybercriminals are Already Using AI in Email Attacks, per Report from SlashNext and Osterman Research New market research reveals email and multi-channel messaging security is a top concern for organizations, as AI plays a pivotal role in the threat landscape - Special Reports]]> 2023-08-21T17:12:58+00:00 https://www.globalsecuritymag.fr/91-of-Security-and-IT-Professionals-Agree-Cybercriminals-are-Already-Using-AI.html www.secnews.physaphae.fr/article.php?IdArticle=8372813 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are leveraging access to malware-infected Windows and macOS machines to deliver a proxy server application and use them as exit nodes to reroute proxy requests. According to AT&T Alien Labs, the unnamed company that offers the proxy service operates more than 400,000 proxy exit nodes, although it\'s not immediately clear how many of them were co-opted by malware installed on]]> 2023-08-21T15:39:00+00:00 https://thehackernews.com/2023/08/this-malware-turned-thousands-of-hacked.html www.secnews.physaphae.fr/article.php?IdArticle=8372694 False Malware,Threat None 3.0000000000000000 Soc Radar - Blog spécialisé SOC We have been monitoring Telegram for a long time as many of the threat actors... ]]> 2023-08-21T13:25:05+00:00 https://socradar.io/on-the-horizon-ransomed-vc-ransomware-group-spotted-in-the-wild/ www.secnews.physaphae.fr/article.php?IdArticle=8372755 False Ransomware,Threat None 3.0000000000000000 Checkpoint Research - Fabricant Materiel Securite Pour les dernières découvertes de la cyber-recherche pour la semaine du 21 août, veuillez télécharger notre Bulletin Mende_Intellince Bulletin et violer l'Association allemande du barreau fédéral (BRAK), qui supervise 28 barreaux régionaux dans toute l'Allemagne et représente environ 166 000 avocats d'un niveau national et internationalScale, étudie actuellement une attaque de ransomware sur ses Bruxelles [& # 8230;]

---

>For the latest discoveries in cyber research for the week of 21st August, please download our Threat_Intelligence Bulletin TOP ATTACKS AND BREACHES The German Federal Bar (BRAK) Association, which oversees 28 regional bars throughout Germany and represents approximately 166,000 lawyers on a national and international scale, is currently investigating a ransomware attack on its Brussels […] ]]> 2023-08-21T12:52:12+00:00 https://research.checkpoint.com/2023/21st-august-threat-intelligence-report/ www.secnews.physaphae.fr/article.php?IdArticle=8372731 False Ransomware,Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine An advisory by US intelligence provides guidance for space firms on how to identify an espionage campaign, report and mitigate it]]> 2023-08-21T12:30:00+00:00 https://www.infosecurity-magazine.com/news/us-space-industry-threat-foreign/ www.secnews.physaphae.fr/article.php?IdArticle=8372730 False Threat None 2.0000000000000000 Data Security Breach - Site de news Francais 2023-08-21T11:52:37+00:00 https://www.datasecuritybreach.fr/emotet-darkgate-lokibot/ www.secnews.physaphae.fr/article.php?IdArticle=8372712 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind the HiatusRAT malware have returned from their hiatus with a new wave of reconnaissance and targeting activity aimed at Taiwan-based organizations and a U.S. military procurement system. Besides recompiling malware samples for different architectures, the artifacts are said to have been hosted on new virtual private servers (VPSs), Lumen Black Lotus Labs said in a report]]> 2023-08-21T11:07:00+00:00 https://thehackernews.com/2023/08/hiatusrat-malware-resurfaces-taiwan.html www.secnews.physaphae.fr/article.php?IdArticle=8372598 False Malware,Threat None 2.0000000000000000 UnderNews - Site de news "pirate" francais Kaspersky a prêté main forte à INTERPOL en lui fournissant des données de renseignement sur les menaces dans le cadre de son opération Africa Cyber Surge II, qui a permis aux enquêteurs d’identifier des infrastructures compromises et d’appréhender des acteurs de la menace présumés dans tout le continent africain. L’opération a abouti à l’arrestation de […] The post Kaspersky assiste INTERPOL dans ses opérations de lutte contre la cybercriminalité en Afrique first appeared on UnderNews.]]> 2023-08-21T09:44:43+00:00 https://www.undernews.fr/hacking-hacktivisme/kaspersky-assiste-interpol-dans-ses-operations-de-lutte-contre-la-cybercriminalite-en-afrique.html www.secnews.physaphae.fr/article.php?IdArticle=8372671 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are using Android Package (APK) files with unknown or unsupported compression methods to elude malware analysis. That\'s according to findings from Zimperium, which found 3,300 artifacts leveraging such compression algorithms in the wild. 71 of the identified samples can be loaded on the operating system without any problems. There is no evidence that the apps were available on the]]> 2023-08-19T11:58:00+00:00 https://thehackernews.com/2023/08/thousands-of-android-malware-apps-using.html www.secnews.physaphae.fr/article.php?IdArticle=8372107 False Malware,Threat None 3.0000000000000000 TechRepublic - Security News US About 2,000 Citrix NetScalers were compromised in automated massive attack campaigns. Find out more about the threat actors and how to protect from them.]]> 2023-08-18T19:26:51+00:00 https://www.techrepublic.com/article/citrix-netscalers-compromised/ www.secnews.physaphae.fr/article.php?IdArticle=8371900 False Threat None 2.0000000000000000 Recorded Future - FLux Recorded Future Les pirates ciblent les serveurs de courriels de collaboration Zimbra dans une campagne de phishing en cours, ont découvert les chercheurs.Selon un Rapport De la société de logiciels slovaques ESET, leLes attaquants recueillent des informations d'identification des utilisateurs de compte Zimbra depuis au moins avril.Les chercheurs n'ont pas attribué les attaques à tous les acteurs de menace connus.Bien que cette campagne ne soit pas «techniquement

---

Hackers are targeting Zimbra Collaboration email servers in an ongoing phishing campaign, researchers have discovered. According to a report from Slovak software company ESET, the attackers have been gathering credentials of Zimbra account users since at least April. The researchers haven\'t attributed the attacks to any known threat actors. Although this campaign is not “technically]]> 2023-08-18T16:24:00+00:00 https://therecord.media/hackers-compromise-zimbra-accounts www.secnews.physaphae.fr/article.php?IdArticle=8371826 False Threat None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC 2023-08-18T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/securely-implementing-active-directory-on-windows-server-2019 www.secnews.physaphae.fr/article.php?IdArticle=8371681 False Tool,Threat None 2.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET DEF CON, the annual hacker convention in Las Vegas, was interrupted on Saturday evening when authorities evacuated the event\'s venue due to a bomb threat]]> 2023-08-18T09:54:37+00:00 https://www.welivesecurity.com/en/videos/evacuation-of-30-000-hackers-week-in-security-with-tony-anscombe/ www.secnews.physaphae.fr/article.php?IdArticle=8382228 False Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Threat actors use several evasion techniques to stay hidden]]> 2023-08-18T08:30:00+00:00 https://www.infosecurity-magazine.com/news/proxyjacking-cryptomining-campaign/ www.secnews.physaphae.fr/article.php?IdArticle=8371661 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An ongoing cyber attack campaign originating from China is targeting the Southeast Asian gambling sector to deploy Cobalt Strike beacons on compromised systems.  Cybersecurity firm SentinelOne said the tactics, techniques, and procedures point to the involvement of a threat actor tracked as Bronze Starlight (aka Emperor Dragonfly or Storm-0401), which has been linked to the use of short-lived]]> 2023-08-17T21:10:00+00:00 https://thehackernews.com/2023/08/china-linked-bronze-starlight-group.html www.secnews.physaphae.fr/article.php?IdArticle=8371316 False Threat None 2.0000000000000000 Dark Reading - Informationweek Branch In this Dark Reading News Desk segment, Cybersixgill\'s Michael-Angelo Zummo discusses how to empower security with AI.]]> 2023-08-17T20:50:00+00:00 https://www.darkreading.com/threat-intelligence/intelligent-vigilance-empowering-security-with-threat-intel-copilot-ai www.secnews.physaphae.fr/article.php?IdArticle=8371491 False Threat None 2.0000000000000000 Dark Reading - Informationweek Branch In this Dark Reading News Desk segment, Nick Biasini from Cisco Talos discusses the latest attacker tactics, techniques, and procedures (TTPs).]]> 2023-08-17T20:40:00+00:00 https://www.darkreading.com/threat-intelligence/cisco-bringing-more-intelligence-to-bear-on-the-threat-landscape www.secnews.physaphae.fr/article.php?IdArticle=8371450 False Threat None 2.0000000000000000 Dark Reading - Informationweek Branch In this Dark Reading News Desk segment, OPSWAT founder Benny Czarny outlines the threat landscape affecting critical infrastructure sectors.]]> 2023-08-17T20:20:00+00:00 https://www.darkreading.com/ics-ot/securing-critical-infrastructure-in-the-face-of-evolving-cyber-threats www.secnews.physaphae.fr/article.php?IdArticle=8371454 False Threat,Industrial None 3.0000000000000000 Dark Reading - Informationweek Branch In this Dark Reading News Desk segment, CrowdSec CEO/co-founder Philippe Humeau discusses how the concept of a network effect applies to threat management.]]> 2023-08-17T20:20:00+00:00 https://www.darkreading.com/threat-intelligence/crowdsec-what-network-effect-brings-to-cybersecurity-table www.secnews.physaphae.fr/article.php?IdArticle=8371453 False Threat None 2.0000000000000000 Dark Reading - Informationweek Branch In this Dark Reading News Desk segment, Cribl\'s Abby Strong and Exabeam\'s Chris Cesio discuss how their companies work together to detect and respond to threats.]]> 2023-08-17T20:10:00+00:00 https://www.darkreading.com/vulnerabilities-threats/cribl-exabeam-partner-on-threat-detection-investigation-and-response www.secnews.physaphae.fr/article.php?IdArticle=8371492 False Threat None 2.0000000000000000 Dark Reading - Informationweek Branch In this Dark Reading News Desk segment, Interpres Security\'s Nick Lantuh discusses how security practitioners can get the most out of various threat intelligence offerings.]]> 2023-08-17T20:05:00+00:00 https://www.darkreading.com/threat-intelligence/interpres-getting-the-most-out-of-threat-intelligence-resources www.secnews.physaphae.fr/article.php?IdArticle=8371495 False Threat None 2.0000000000000000 Dark Reading - Informationweek Branch In this Dark Reading News Desk segment, Qualys CEO and president Sumedh Thakar offers advice on reducing cloud risks.]]> 2023-08-17T20:05:00+00:00 https://www.darkreading.com/cloud/qualys-offers-threat-forecast-for-cloud-and-tips-for-reducing-cloud-risks www.secnews.physaphae.fr/article.php?IdArticle=8371494 False Threat,Cloud None 2.0000000000000000 CVE Liste - Common Vulnerability Exposure The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, Due to improper input validation, a path traversal vulnerability exists when the ThinManager software processes a certain function. If exploited, an unauthenticated remote threat actor can delete arbitrary files with system privileges. A malicious user could exploit this vulnerability by sending a specifically crafted synchronization protocol message resulting in a denial-of-service condition.]]> 2023-08-17T16:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2915 www.secnews.physaphae.fr/article.php?IdArticle=8371378 False Vulnerability,Threat None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An ongoing campaign targeting ministries of foreign affairs of NATO-aligned countries points to the involvement of Russian threat actors. The phishing attacks feature PDF documents with diplomatic lures, some of which are disguised as coming from Germany, to deliver a variant of a malware called Duke, which has been attributed to APT29 (aka BlueBravo, Cloaked Ursa, Cozy Bear, Iron Hemlock,]]> 2023-08-17T15:09:00+00:00 https://thehackernews.com/2023/08/russian-hackers-use-zulip-chat-app-for.html www.secnews.physaphae.fr/article.php?IdArticle=8371161 False Malware,Threat APT 29 2.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber L'utilisation de l'intelligence artificielle à des fins malignes est limitée mais en croissance et en mûrisse de manière clé, ont déclaré les chercheurs avec Mandiant de Google \\.

---

>The use of artificial intelligence for malign purposes is limited but growing and maturing in key ways, researchers with Google\'s Mandiant said Thursday. ]]> 2023-08-17T12:00:00+00:00 https://cyberscoop.com/online-influence-operators-continue-fine-tuning-use-of-ai-to-deceive-their-targets-researchers-say/ www.secnews.physaphae.fr/article.php?IdArticle=8371215 False Threat None 2.0000000000000000 Soc Radar - Blog spécialisé SOC Dans le paysage en constante évolution des cyber-menaces, la compréhension des profils des acteurs de menace individuelle est ...

---

>In the ever-evolving landscape of cyber threats, understanding the profiles of individual threat actors is... ]]> 2023-08-17T11:04:42+00:00 https://socradar.io/dark-web-profile-bjorka/ www.secnews.physaphae.fr/article.php?IdArticle=8371196 False Threat None 2.0000000000000000 Bleeping Computer - Magazine Américain Threat actors increasingly distribute malicious Android APKs (packaged app installers) that resist decompilation using unsupported, unknown, or heavily tweaked compression algorithms. [...]]]> 2023-08-17T10:51:12+00:00 https://www.bleepingcomputer.com/news/security/thousands-of-android-apks-use-compression-trick-to-thwart-analysis/ www.secnews.physaphae.fr/article.php?IdArticle=8371282 False Threat None 2.0000000000000000 SentinelOne (Adversary) - Cyber Firms Threat actors abuse Adobe Creative Cloud, Edge, and other executables vulnerable to DLL hijacking in campaign targeting the Southeast Asian gambling sector.]]> 2023-08-17T09:55:08+00:00 https://www.sentinelone.com/labs/chinese-entanglement-dll-hijacking-in-the-asian-gambling-sector/ www.secnews.physaphae.fr/article.php?IdArticle=8388317 False Threat None 3.0000000000000000 BlackBerry - Fabricant Matériel et Logiciels BlackBerry has discovered and documented new tools used by the Cuba ransomware threat group. The good news is that BlackBerry protects against Cuba ransomware.]]> 2023-08-17T08:01:00+00:00 https://blogs.blackberry.com/en/2023/08/cuba-ransomware-deploys-new-tools-targets-critical-infrastructure-sector-in-the-usa-and-it-integrator-in-latin-america www.secnews.physaphae.fr/article.php?IdArticle=8393076 False Ransomware,Tool,Threat None 2.0000000000000000 Mandiant - Blog Sécu de Mandiant Since at least 2019, Mandiant has tracked threat actor interest in, and use of, AI capabilities to facilitate a variety of malicious activity. Based on our own observations and open source accounts, adoption of AI in intrusion operations remains limited and primarily related to social engineering.  In contrast, information operations actors of diverse motivations and capabilities have increasingly leveraged AI-generated content, particularly imagery and video, in their campaigns, likely due at least in part to the readily apparent applications of such fabrications in disinformation]]> 2023-08-17T07:00:00+00:00 https://www.mandiant.com/resources/blog/threat-actors-generative-ai-limited www.secnews.physaphae.fr/article.php?IdArticle=8377329 False Threat None 3.0000000000000000 Recorded Future - FLux Recorded Future Des alarmes ont été soulevées sur plusieurs vulnérabilités affectant les produits de Citrix qui sont largement exploités par une variété d'acteurs de menace.Mercredi, l'Agence américaine de sécurité de la cybersécurité et de l'infrastructure a déclaré qu'une vulnérabilité affectant l'outil de collaboration de contenu Citrix avait été exploitée et a obligé aux agences civiles fédérales américaines [corriger le problème d'ici septembre

---

Alarms have been raised about several vulnerabilities affecting products from Citrix that are being exploited widely by a variety of threat actors. On Wednesday, the U.S. Cybersecurity and Infrastructure Security Agency said a vulnerability affecting the Citrix Content Collaboration tool had been exploited and mandated that U.S. federal civilian agencies [patch the issue by September]]> 2023-08-16T21:14:00+00:00 https://therecord.media/cisa-warns-of-citrix-vulnerabilities www.secnews.physaphae.fr/article.php?IdArticle=8370930 False Tool,Vulnerability,Threat None 2.0000000000000000 knowbe4 - cybersecurity services ]]> 2023-08-16T18:00:17+00:00 https://blog.knowbe4.com/ransomware-generative-ai-attacks-surge www.secnews.physaphae.fr/article.php?IdArticle=8370848 False Ransomware,Tool,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Active flaws in the PowerShell Gallery could be weaponized by threat actors to pull off supply chain attacks against the registry\'s users. "These flaws make typosquatting attacks inevitable in this registry, while also making it extremely difficult for users to identify the true owner of a package," Aqua security researchers Mor Weinberger, Yakir Kadkoda, and Ilay Goldman said in a report shared]]> 2023-08-16T17:26:00+00:00 https://thehackernews.com/2023/08/experts-uncover-weaknesses-in.html www.secnews.physaphae.fr/article.php?IdArticle=8370674 False Threat None 5.0000000000000000 Dark Reading - Informationweek Branch Iranian threat actors are combining offensive network ops with messaging and amplification to manipulate targets\' perceptions and behavior. Here are three examples.]]> 2023-08-16T13:00:00+00:00 https://www.darkreading.com/microsoft/iran-and-the-rise-of-cyber-enabled-influence-operations- www.secnews.physaphae.fr/article.php?IdArticle=8370694 False Threat None 2.0000000000000000 InformationSecurityBuzzNews - Site de News Securite Recent incidents highlight a pattern of data breaches in police departments. Two leading police forces in England, Norfolk and Suffolk, have publicly acknowledged mishandling sensitive data. This breach affected 1,230 individuals, including victims, witnesses, and suspects related to cases ranging from domestic abuse and sexual offences to assaults, thefts, and hate crimes. These revelations came […]]]> 2023-08-16T12:59:41+00:00 https://informationsecuritybuzz.com/english-police-forces-admit-to-data-handling-blunder-affecting-over-1000-people/ www.secnews.physaphae.fr/article.php?IdArticle=8370697 False Threat None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC blog on Mac systems turned into proxy exit nodes by AdLoad. In this research, Alien Labs identified a company that offers proxy services, wherein proxy requests are rerouted through compromised systems that have been transformed into residential exit nodes due to malware infiltration. Although the proxy website claims that its exit nodes come only from users who have been informed and agreed to the use of their device, Alien Labs has evidence that malware writers are installing the proxy silently in infected systems. In addition, as the proxy application is signed, it has no anti-virus detection, going under the radar of security companies. In this follow up article we explore the dramatic rise in Windows malware delivering the same payload to create a 400,000 proxy botnet. Key takeaways: In just one week AT&T Alien Labs researchers observed more than a thousand new malware samples in the wild delivering the proxy application. According to the proxy website, there are more than 400,000 proxy exit nodes, and it is not clear how many of them were installed by malware. The application is silently installed by malware on infected machines without user knowledge and interaction. The proxy application is signed and has zero anti-virus detection. The proxy is written in Go programming language and is spread by malware both on Windows and macOS. Analysis In the constantly evolving landscape of cyber threats, malicious actors continuously find new and ingenious ways to exploit technology for their own gain. Recently Alien Labs has observed an emerging trend where malware creators are utilizing proxy applications as their tool of choice. Different malware strains are delivering the proxy - relying on users looking for interesting things, like cracked software and games. The proxy is written in the Go programming language, giving it the flexibility to be compiled into binaries compatible with various operating systems, including macOS and Windows. Despite the fact that the binaries originated from the same source code, macOS samples are detected by numerous security checks while the Windows proxy application skirts around these measures unseen. This lack of detection is most likely due to the application being signed. (Figure 1)    Figure 1. As  on Virus Total: Proxy application – zero detections. After being executed on a compromised system, the malware proceeds to quietly download and install the proxy application. This covert process takes place without requiring any user interaction and often occurs alongside the installation of additional malware or adware elements. The proxy application and most of the malware delivering it are packed using Inno Setup, a free and popular Windows installer. Figure 2. As observed by Alien Labs: Malware embedded script to install the proxy silently. As shown in the figure 2 above, the malware uses specific Inno]]> 2023-08-16T11:00:00+00:00 https://cybersecurity.att.com/blogs/labs-research/proxynation-the-dark-nexus-between-proxy-apps-and-malware www.secnews.physaphae.fr/article.php?IdArticle=8370652 False Malware,Tool,Threat,Prediction None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC AuKill malware on the client\'s print server to disable the server\'s installed EDR solution, SentinelOne, by brute forcing an administrator account and downgrading a driver to a vulnerable version. AuKill, first identified by Sophos X-Ops researchers in June 2021, is a sophisticated malware designed to target and neutralize specific EDR solutions, including SentinelOne and Sophos. Distributed as a dropper, AuKill drops a vulnerable driver named PROCEXP.SYS (from Process Explorer release version 16.32) into the system\'s C:\Windows\System32\drivers folder. This malware has been observed in the wild, utilized by ransomware groups to bypass endpoint security measures and effectively spread ransomware variants such as Medusa Locker and Lockbit on vulnerable systems. In this case, SentinelOne managed to isolate most of the malicious files before being disabled, preventing a full-scale ransomware incident. As a result, AT&T MXDR found no evidence of data exfiltration or encryption. Despite this, the client opted to rebuild the print server as a precautionary measure. This study provides an in-depth analysis of the attack and offers recommendations to mitigate the risk of future attacks. Investigating the first phase of the attack Initial intrusion The targeted asset was the print server, which we found unusual. However, upon further investigation we concluded the attacker misidentified the asset as a Domain Controller (DC), as it had recently been repurposed from a DC to a print server. The attacker needed both local administrator credentials and kernel-level access to successfully run AuKill and disable SentinelOne on the asset. To gain those local administrator credentials, the attacker successfully brute-forced an administrator account. Shortly after the compromise, this account was observed making unauthorized registry changes.    Establishing a beachhead After compromising the local administrator account, the attackers used the "\Users\Administrator\Music\aSentinel" folder as a staging area for subsequent phases of their attack. All AuKill-related binaries and scripts were executed from this path, with the innocuous "Music" folder name helping to conceal their malicious activities. AuKill malware has been found to operate using two Windows services named "aSentinel.exe" and "aSentinelX.exe" in its SentinelOne variant. In other variants, it targets different EDRs, such as Sophos, by utilizing corresponding Windows services like "aSophos.exe" and "aSophosX.exe".  Establishing persistence We also discovered "aSentinel.exe" running from "C:\Windows\system32", indicating that the attackers attempted to establish a foothold on the compromised server. Malware authors frequently target the system32 folder because it is a trusted location, and security software may not scrutinize files within it as closely as those in other locations. This can help malware bypass security measures and remain hidden. It is likely that the malware was initially placed in the "\Users\Administrator\Music\aSentinel" direct]]> 2023-08-16T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/stories-from-the-soc-silent-sabotage-unveiling-the-stealthy-tactics-of-aukill-malware www.secnews.physaphae.fr/article.php?IdArticle=8370627 False Ransomware,Malware,Tool,Threat,Studies None 4.0000000000000000 Global Security Mag - Site de news francais Produits]]> 2023-08-16T08:09:42+00:00 https://www.globalsecuritymag.fr/La-solution-Identity-Security-Insights-de.html www.secnews.physaphae.fr/article.php?IdArticle=8370611 False Threat None 2.0000000000000000 AhnLab - Korean Security Firm Tendances du groupe APT & # 8211;Juin 2023 1) Andariel 2) APT28 3) Cadet Blizzard (Dev-0586) 4) Camaro Dragon 5) Chicheau charmant (Mint Sandstorm) 6) Gamaredon (Shuckworm) 7) Ke3Chang (Apt15, Nickel) 8) Kimsuky 9) Lazarus 10) Eau boueuse 11) Mustang Panda 12) Oceanlotus 13) Patchwork (éléphant blanc) 14) REd Eyes (APT37) 15) Sharp Panda 16) Sidecopy 17) Soldat Stealth ATIP_2023_JUN_THREAT Rapport de tendance sur les groupes APT

---

APT Group Trends – June 2023  1) Andariel 2) APT28 3) Cadet Blizzard (DEV-0586) 4) Camaro Dragon 5) Charming Kitten (Mint Sandstorm) 6) Gamaredon (Shuckworm) 7) Ke3chang (APT15, Nickel) 8) Kimsuky 9) Lazarus 10) Muddy Water 11) Mustang Panda 12) OceanLotus 13) Patchwork (White Elephant) 14) Red Eyes (APT37) 15) Sharp Panda 16) SideCopy 17) Stealth Soldier ATIP_2023_Jun_Threat Trend Report on APT Groups ]]> 2023-08-16T06:46:45+00:00 https://asec.ahnlab.com/en/56195/ www.secnews.physaphae.fr/article.php?IdArticle=8370575 False Threat,Prediction APT 38,APT 35,APT 35,APT 25,APT 32,APT 32,APT 37,APT 37,APT 15,APT 15,APT 28,APT 28 2.0000000000000000 AhnLab - Korean Security Firm Ce rapport de tendance sur le Web Deep et le réseau sombre de juin 2023 est sectionné en ransomware, forums & # & #38;Marchés noirs et acteur de menace.Nous tenons à dire à l'avance qu'une partie du contenu n'a pas encore été confirmée comme vraie.1) Ransomware (1) CLOP (2) Lockbit (3) Snatch (4) groupe RA (5) groupes de ransomwares & # 8217;Recrutement affilié ADS 2) Forum & # 38;Marché noir (1) Le marché du monopole & # 8217; S'exploitant arrêté (2) Suspension des exposés pour pour les forums (3) la renaissance de BreachForums 3) Menace ...

---

This trend report on the deep web and dark web of June 2023 is sectioned into Ransomware, Forums & Black Markets, and Threat Actor. We would like to state beforehand that some of the content has yet to be confirmed to be true. 1) Ransomware (1) CLOP (2) LockBit (3) Snatch (4) RA Group (5) Ransomware Groups’ Affiliate Recruitment Ads 2) Forum & Black Market (1) Monopoly Market’s Operator Arrested (2) Suspension of ExposedForums (3) Rebirth of BreachForums 3) Threat... ]]> 2023-08-16T06:46:19+00:00 https://asec.ahnlab.com/en/56213/ www.secnews.physaphae.fr/article.php?IdArticle=8370576 False Ransomware,Threat,Prediction None 2.0000000000000000 AhnLab - Korean Security Firm Les activités du groupe Kimsuk observées en juin 2023 ont montré une légère augmentation du nombre global de domaine entièrement qualifié entièrement qualifiéNoms (FQDN), avec plus de types d'applications détectés par rapport aux activités du groupe en mai.À un moment donné, la fonction de collecte d'informations a été retirée du type de fleurs, mais quelques jours plus tard, les échantillons ont été équipés de ladite fonctionnalité.De plus, le type RandomQuery a montré des tentatives pour se transformer en un nouveau système après mars 2023, mais il semble ...

---

Activities of the Kimsuky group observed during June 2023 showed a slight increase in the overall number of fully qualified domain names (FQDNs), with more AppleSeed types detected in comparison to the group’s activities in May. At one point, the information collection feature was removed from the FlowerPower type, but a few days later, samples were equipped with the said feature again. Also, the RandomQuery type showed attempts to change into a new system after March 2023, but it seems... ]]> 2023-08-16T06:45:59+00:00 https://asec.ahnlab.com/en/56206/ www.secnews.physaphae.fr/article.php?IdArticle=8370577 False Threat,Prediction None 2.0000000000000000 AhnLab - Korean Security Firm Ce rapport fournit des statistiques sur de nouveaux échantillons de ransomware, des systèmes attaqués et des entreprises ciblées en juin 2023, ainsi queEn tant que problèmes de ransomware notables en Corée et dans d'autres pays.D'autres problèmes et statistiques majeurs pour les ransomwares qui ne sont pas mentionnés dans le rapport peuvent être trouvés en recherchant les mots clés suivants ou via le menu Statistiques de la plate-forme AHNLAB Threat Intelligence (ATIP).Les statistiques des ransomwares en tapant le nombre d'échantillons de ransomware et de systèmes ciblés sont basés sur les noms de détection désignés ...

---

This report provides statistics on new ransomware samples, attacked systems, and targeted businesses in June 2023, as well as notable ransomware issues in Korea and other countries. Other major issues and statistics for ransomware that are not mentioned in the report can be found by searching for the following keywords or via the Statistics menu at AhnLab Threat Intelligence Platform (ATIP). Ransomware Statistics by Type The number of ransomware samples and targeted systems are based on the detection names designated... ]]> 2023-08-16T06:45:39+00:00 https://asec.ahnlab.com/en/56201/ www.secnews.physaphae.fr/article.php?IdArticle=8370578 False Ransomware,Threat,Prediction None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors\' use of Cloudflare R2 to host phishing pages has witnessed a 61-fold increase over the past six months. "The majority of the phishing campaigns target Microsoft login credentials, although there are some pages targeting Adobe, Dropbox, and other cloud apps," Netskope security researcher Jan Michael said. Cloudflare R2, analogous to Amazon Web Service S3, Google Cloud Storage, and]]> 2023-08-15T23:44:00+00:00 https://thehackernews.com/2023/08/cybercriminals-abusing-cloudflare-r2.html www.secnews.physaphae.fr/article.php?IdArticle=8370359 False Threat,Cloud None 3.0000000000000000