This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-06-24T12:06:34+00:00 www.secnews.physaphae.fr Dark Reading - Informationweek Branch 2023-01-18T19:21:00+00:00 https://www.darkreading.com/threat-intelligence/chatgpt-could-create-polymorphic-malware-researchers-warn www.secnews.physaphae.fr/article.php?IdArticle=8302349 False Malware ChatGPT 3.0000000000000000 Dark Reading - Informationweek Branch 2023-01-18T17:10:00+00:00 https://www.darkreading.com/ics-ot/ics-confronted-by-attackers-armed-with-new-motives-tactics-and-malware www.secnews.physaphae.fr/article.php?IdArticle=8302312 False Malware,Threat,Industrial None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2023-01-18T16:35:00+00:00 https://thehackernews.com/2023/01/iranian-government-entities-under.html www.secnews.physaphae.fr/article.php?IdArticle=8302223 False Malware,Threat None 3.0000000000000000 Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Malicious ‘Lolip0p’ PyPi Packages Install Info-Stealing Malware (published: January 16, 2023) On January 10, 2023, Fortinet researchers detected actor Lolip0p offering malicious packages on the Python Package Index (PyPI) repository. The packages came with detailed, convincing descriptions pretending to be legitimate HTTP clients or, in one case, a legitimate improvement for a terminal user interface. Installation of the libraries led to infostealing malware targeting browser data and authentication (Discord) tokens. Analyst Comment: Free repositories such as PyPI become increasingly abused by threat actors. Before adding a package, software developers should review its author and reviews, and check the source code for any suspicious or malicious intent. MITRE ATT&CK: [MITRE ATT&CK] T1204 - User Execution | [MITRE ATT&CK] T1555 - Credentials From Password Stores Tags: actor:Lolip0p, Malicious package, malware-type:Infostealer, Discord, PyPi, Social engineering, Windows Analysis of FG-IR-22-398 – FortiOS - Heap-Based Buffer Overflow in SSLVPNd (published: January 11, 2023) In December 2022, the Fortinet network security company fixed a critical, heap-based buffer overflow vulnerability (FG-IR-22-398, CVE-2022-42475) in FortiOS SSL-VPN. The vulnerability was exploited as a zero-day by an advanced persistent threat (APT) actor who was customizing a Linux implant specifically for FortiOS of relevant FortiGate hardware versions. The targeting was likely aimed at governmental or government-related targets. The attribution is not clear, but the compilation timezone UTC+8 may point to China, Russia, and some other countries. Analyst Comment: Users of the affected products should make sure that the December 2022 FortiOS security updates are implemented. Zero-day based attacks can sometimes be detected by less conventional methods, such as behavior analysis, and heuristic and machine learning based detection systems. Network defenders are advised to monitor for suspicious traffic, such as suspicious TCP sessions with Get request for payloads. MITRE ATT&CK: [MITRE ATT&CK] T1622 - Debugger Evasion | [MITRE ATT&CK] T1190 - Exploit Public-Facing Application | [MITRE ATT&CK] T1105 - Ingress Tool Transfer | [MITRE ATT&CK] T1090 - Proxy | [MITRE ATT&CK] T1070 - Indicator Removal On Host Tags: FG-IR-22-398, CVE-2022-42]]> 2023-01-18T16:35:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-fortios-zero-day-has-been-exploited-by-an-apt-two-rats-spread-by-four-types-of-jar-polyglot-files-promethium-apt-continued-android-targeting www.secnews.physaphae.fr/article.php?IdArticle=8302291 False Malware,Tool,Vulnerability,Threat,Guideline LastPass 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine 2023-01-18T16:00:00+00:00 https://www.infosecurity-magazine.com/news/chatgpt-creates-polymorphic-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8302283 False Malware ChatGPT 2.0000000000000000 Bleeping Computer - Magazine Américain 2023-01-18T14:57:51+00:00 https://www.bleepingcomputer.com/news/security/ukraine-links-data-wiping-attack-on-news-agency-to-russian-hackers/ www.secnews.physaphae.fr/article.php?IdArticle=8302344 False Malware None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine 2023-01-18T11:45:00+00:00 https://www.infosecurity-magazine.com/news/critical-manufacturing-risk-of/ www.secnews.physaphae.fr/article.php?IdArticle=8302228 False Malware None 2.0000000000000000 Global Security Mag - Site de news francais Malwares]]> 2023-01-18T10:32:15+00:00 https://www.globalsecuritymag.fr/Classement-Top-Malware-Check-Point-decembre-2022-Emotet-Qbot-et-Kryptik-sont.html www.secnews.physaphae.fr/article.php?IdArticle=8302203 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2023-01-17T18:15:00+00:00 https://thehackernews.com/2023/01/hackers-can-abuse-legitimate-github.html www.secnews.physaphae.fr/article.php?IdArticle=8301852 False Malware,Threat None 3.0000000000000000 Bleeping Computer - Magazine Américain 2023-01-17T18:09:38+00:00 https://www.bleepingcomputer.com/news/security/hackers-push-malware-via-google-search-ads-for-vlc-7-zip-ccleaner/ www.secnews.physaphae.fr/article.php?IdArticle=8302322 True Malware CCleaner,CCleaner 1.00000000000000000000 Bleeping Computer - Magazine Américain 2023-01-17T18:09:38+00:00 https://www.bleepingcomputer.com/news/security/hackers-turn-to-google-search-ads-to-push-info-stealing-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8301993 False Malware None 3.0000000000000000 Mandiant - Blog Sécu de Mandiant Phishing is one of the most common techniques used to deliver malware and gain access to target networks. This is not only because of its simplicity and scalability, but also because of its efficiency in exploiting vulnerabilities in human behavior. Despite the existence of sophisticated detection tooling and security awareness of phishing techniques, defenders across all industry verticals continue to struggle to avoid phishing compromises. Mandiant regularly observes actors spreading phishing emails that contain terminology and concepts specific to industrial sectors, such as energy]]> 2023-01-17T17:15:00+00:00 https://www.mandiant.com/resources/blog/phishing-hunting-industrial-emails www.secnews.physaphae.fr/article.php?IdArticle=8377387 False Malware,Vulnerability,Industrial None 4.0000000000000000 Bleeping Computer - Magazine Américain 2023-01-17T14:53:40+00:00 https://www.bleepingcomputer.com/news/security/hackers-can-use-github-codespaces-to-host-and-deliver-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8301938 False Malware None 1.00000000000000000000 CSO - CSO Daily Dashboard a new report. "However, if ports are shared with the public (that is, without authentication or authentication context), attackers can abuse this feature to host malicious content such as scripts and malware samples."To read this article in full, please click here]]> 2023-01-17T13:53:00+00:00 https://www.csoonline.com/article/3685419/how-attackers-might-use-github-codespaces-to-hide-malware-delivery.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8301964 False Malware,Prediction None 1.00000000000000000000 SecurityWeek - Security News 2023-01-17T13:09:56+00:00 https://www.securityweek.com/attackers-can-abuse-github-codespaces-malware-delivery www.secnews.physaphae.fr/article.php?IdArticle=8301845 False Malware,Prediction None 1.00000000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2023-01-17T12:06:00+00:00 https://thehackernews.com/2023/01/researchers-uncover-3-pypi-packages.html www.secnews.physaphae.fr/article.php?IdArticle=8301731 False Malware,Threat None 3.0000000000000000 AhnLab - Korean Security Firm On January 8th, the ASEC analysis team identified the distribution of a document-type malware targeting workers in the security field. The obtained malware uses an external object within a Word document to execute an additional malicious macro. Such a technique is called the template Injection method. and a similar attack case was covered in a previous blog post. When the Word document is opened, it downloads and executes an additional malicious Word macro document from the threat actor’s C&C server.... ]]> 2023-01-17T00:31:00+00:00 https://asec.ahnlab.com/en/45658/ www.secnews.physaphae.fr/article.php?IdArticle=8301683 False Malware,Threat None 2.0000000000000000 TrendMicro - Security Firm Blog 2023-01-17T00:00:00+00:00 https://www.trendmicro.com/en_us/research/23/a/batloader-malware-abuses-legitimate-tools-uses-obfuscated-javasc.html www.secnews.physaphae.fr/article.php?IdArticle=8301843 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2023-01-16T18:17:00+00:00 https://thehackernews.com/2023/01/raccoon-and-vidar-stealers-spreading.html www.secnews.physaphae.fr/article.php?IdArticle=8301499 False Malware None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine 2023-01-16T17:00:00+00:00 https://www.infosecurity-magazine.com/news/circleci-breach-caused-by/ www.secnews.physaphae.fr/article.php?IdArticle=8301578 False Data Breach,Malware Uber 4.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine 2023-01-16T16:00:00+00:00 https://www.infosecurity-magazine.com/news/qbot-tops-december-2022s-most/ www.secnews.physaphae.fr/article.php?IdArticle=8301538 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2023-01-16T15:39:00+00:00 https://thehackernews.com/2023/01/new-backdoor-created-using-leaked-cias.html www.secnews.physaphae.fr/article.php?IdArticle=8301455 False Malware,Threat None 4.0000000000000000 Global Security Mag - Site de news francais Opinion]]> 2023-01-16T13:54:36+00:00 https://www.globalsecuritymag.fr/IcedID-malware-ATTACK-comment.html www.secnews.physaphae.fr/article.php?IdArticle=8301509 False Malware None 2.0000000000000000 SecurityWeek - Security News 2023-01-16T11:53:44+00:00 https://www.securityweek.com/circleci-hacked-malware-employee-laptop www.secnews.physaphae.fr/article.php?IdArticle=8301475 False Data Breach,Malware None 3.0000000000000000 Bleeping Computer - Magazine Américain 2023-01-16T11:41:30+00:00 https://www.bleepingcomputer.com/news/security/malicious-lolip0p-pypi-packages-install-info-stealing-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8301576 False Malware,Threat None 3.0000000000000000 Soc Radar - Blog spécialisé SOC 2023-01-16T10:36:01+00:00 https://socradar.io/attackers-infected-a-circleci-employee-with-malware-to-steal-customer-session-tokens/ www.secnews.physaphae.fr/article.php?IdArticle=8301452 False Data Breach,Malware None 2.0000000000000000 Bleeping Computer - Magazine Américain 2023-01-16T07:15:34+00:00 https://www.bleepingcomputer.com/news/security/avast-releases-free-bianlian-ransomware-decryptor/ www.secnews.physaphae.fr/article.php?IdArticle=8301488 False Ransomware,Malware None 2.0000000000000000 Recorded Future - FLux Recorded Future An unusual announcement appeared in Russian Dark Web forums in June of 2020. Amid the hundreds of ads offering stolen credit card numbers and batches of personally identifiable information there was a Call for Papers. “We're kicking off the summer PAPER CONTEST,” it read. “Accepted article topics include any methods for popuring shells, malware and […]]> 2023-01-16T05:00:03+00:00 https://therecord.media/ransomware-diaries-undercover-with-the-leader-of-lockbit/ www.secnews.physaphae.fr/article.php?IdArticle=8301398 False Ransomware,Malware,Guideline None 3.0000000000000000 TrendLabs Security - Editeur Antivirus 2023-01-16T00:00:00+00:00 https://www.trendmicro.com/en_us/research/23/a/abusing-github-codespaces-for-malware-delivery.html www.secnews.physaphae.fr/article.php?IdArticle=8301503 False Malware None 3.0000000000000000 Checkpoint Research - Fabricant Materiel Securite Today’s AI can beat humans at Jeopardy, chess, recognizing faces and diagnosing medical conditions. As of last Fall it can write malware, too. In fact, it can write an entire attack chain: phishing emails, macros, reverse shells, you name it. What do we do now? ]]> 2023-01-15T22:05:17+00:00 https://research.checkpoint.com/2023/ai-can-write-malware-now-are-we-doomed/ www.secnews.physaphae.fr/article.php?IdArticle=8301342 False Malware,Medical None 2.0000000000000000 Bleeping Computer - Magazine Américain 2023-01-14T17:28:34+00:00 https://www.bleepingcomputer.com/news/security/circlecis-hack-caused-by-malware-stealing-engineers-2fa-backed-session/ www.secnews.physaphae.fr/article.php?IdArticle=8301181 False Malware,Hack None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2023-01-14T14:11:00+00:00 https://thehackernews.com/2023/01/malware-attack-on-circleci-engineers.html www.secnews.physaphae.fr/article.php?IdArticle=8301096 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2023-01-13T22:09:00+00:00 https://thehackernews.com/2023/01/beware-tainted-vpns-being-used-to.html www.secnews.physaphae.fr/article.php?IdArticle=8300929 False Malware None 3.0000000000000000 Dark Reading - Informationweek Branch 2023-01-13T20:00:00+00:00 https://www.darkreading.com/threat-intelligence/malware-standard-android-tv-box-amazon www.secnews.physaphae.fr/article.php?IdArticle=8300962 False Malware,Prediction None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2023-01-13T16:56:00+00:00 https://thehackernews.com/2023/01/cybercriminals-using-polyglot-files-in.html www.secnews.physaphae.fr/article.php?IdArticle=8300852 False Malware,Threat None 3.0000000000000000 Fortinet - Fabricant Materiel Securite 2023-01-13T14:43:00+00:00 https://www.fortinet.com/blog/threat-research/2022-iot-threat-review www.secnews.physaphae.fr/article.php?IdArticle=8301044 False Malware,Threat None 4.0000000000000000 CSO - CSO Daily Dashboard CVE-2022-42475, is in the SSL-VPN functionality of FortiOS and can be exploited by remote attackers without authentication. Successful exploitation can result in the execution of arbitrary code and commands.To read this article in full, please click here]]> 2023-01-13T12:01:00+00:00 https://www.csoonline.com/article/3685670/attackers-deploy-sophisticated-linux-implant-on-fortinet-network-security-devices.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8300961 False Malware,Vulnerability None 3.0000000000000000 Checkpoint - Fabricant Materiel Securite Check Point Research reports that Glupteba has returned to the top ten list for the first time since July 2022. Qbot overtook Emotet as the most prevalent malware in December, while android malware Hiddad made a comeback Our latest Global Threat Index for December 2022 saw Glupteba Malware, an ambitious blockchain-enabled Trojan botnet, return to… ]]> 2023-01-13T11:00:40+00:00 https://blog.checkpoint.com/2023/01/13/december-2022s-most-wanted-malware-glupteba-entering-top-ten-and-qbot-in-first-place/ www.secnews.physaphae.fr/article.php?IdArticle=8300841 False Malware,Threat None 2.0000000000000000 AhnLab - Korean Security Firm The ASEC analysis team uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from January 2nd, 2023 (Monday) to January 8th, 2023 (Sunday). For the main category, downloader ranked top with 55.9%, followed by Infostealer with 21.3%, backdoor with 14.2%, ransomware with 7.9%, and CoinMiner with 0.8%. Top 1 – BeamWinHTTP BeamWinHTTP is a downloader malware that ranked top with 32.3%. The malware is distributed via malware disguised... ]]> 2023-01-13T04:32:36+00:00 https://asec.ahnlab.com/en/45636/ www.secnews.physaphae.fr/article.php?IdArticle=8300767 True Ransomware,Malware None 2.0000000000000000 AhnLab - Korean Security Firm The ASEC analysis team recently identified Orcus RAT being distributed on file-sharing sites disguised as a cracked version of Hangul Word Processor. The threat actor that distributed this malware is the same person that distributed BitRAT and XMRig CoinMiner disguised as a Windows license verification tool on file-sharing sites.[1] The malware distributed by the threat actor has a similar form as those of the past, except for the fact that Orcus RAT was used instead of BitRAT. Furthermore, the new malware... ]]> 2023-01-13T00:52:34+00:00 https://asec.ahnlab.com/en/45462/ www.secnews.physaphae.fr/article.php?IdArticle=8300704 False Malware,Tool,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch 2023-01-12T22:20:00+00:00 https://www.darkreading.com/threat-intelligence/digital-crime-haven-investigating-magecart-activity www.secnews.physaphae.fr/article.php?IdArticle=8300677 False Malware,Guideline None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2023-01-12T20:16:00+00:00 https://thehackernews.com/2023/01/icedid-malware-strikes-again-active.html www.secnews.physaphae.fr/article.php?IdArticle=8300573 False Malware,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch 2023-01-12T19:11:00+00:00 https://www.darkreading.com/remote-workforce/critical-cisco-smb-router-bug-authentication-bypass-poc-available www.secnews.physaphae.fr/article.php?IdArticle=8300641 False Malware None 2.0000000000000000 Bleeping Computer - Magazine Américain 2023-01-12T17:24:02+00:00 https://www.bleepingcomputer.com/news/security/rat-malware-campaign-tries-to-evade-detection-using-polyglot-files/ www.secnews.physaphae.fr/article.php?IdArticle=8300678 False Malware None 3.0000000000000000 Bleeping Computer - Magazine Américain 2023-01-12T15:41:56+00:00 https://www.bleepingcomputer.com/news/security/android-tv-box-on-amazon-came-pre-installed-with-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8300654 False Malware None 3.0000000000000000 CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2023-01-12T09:58:00+00:00 https://www.csoonline.com/article/3685531/the-unrelenting-rise-of-botnet-threats.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8300631 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2023-01-11T23:05:00+00:00 https://thehackernews.com/2023/01/new-analysis-reveals-raspberry-robin.html www.secnews.physaphae.fr/article.php?IdArticle=8300238 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2023-01-11T19:54:00+00:00 https://thehackernews.com/2023/01/australian-healthcare-sector-targeted.html www.secnews.physaphae.fr/article.php?IdArticle=8300020 False Malware None 2.0000000000000000 SecurityWeek - Security News 2023-01-11T16:12:31+00:00 https://www.securityweek.com/red-hat-announces-general-availability-malware-detection-service www.secnews.physaphae.fr/article.php?IdArticle=8300215 False Malware None 2.0000000000000000 InformationSecurityBuzzNews - Site de News Securite 2023-01-11T14:13:11+00:00 https://informationsecuritybuzz.com/kinsing-malware-hits-kubernetes-clusters-flawed-postgresql/ www.secnews.physaphae.fr/article.php?IdArticle=8300025 False Malware,Threat Uber 2.0000000000000000 Global Security Mag - Site de news francais Sonderberichte ]]> 2023-01-11T14:11:14+00:00 https://www.globalsecuritymag.fr/Analyse-des-Royal-Ransomware-Exploits.html www.secnews.physaphae.fr/article.php?IdArticle=8300026 False Ransomware,Malware None 2.0000000000000000 Bleeping Computer - Magazine Américain 2023-01-11T12:24:19+00:00 https://www.bleepingcomputer.com/news/security/gootkit-malware-abuses-vlc-to-infect-healthcare-orgs-with-cobalt-strike/ www.secnews.physaphae.fr/article.php?IdArticle=8300216 False Malware None 2.0000000000000000 Fortinet - Fabricant Materiel Securite 2023-01-11T07:17:00+00:00 https://www.fortinet.com/blog/psirt-blogs/analysis-of-fg-ir-22-398-fortios-heap-based-buffer-overflow-in-sslvpnd www.secnews.physaphae.fr/article.php?IdArticle=8300264 False Malware None 2.0000000000000000 Bleeping Computer - Magazine Américain 2023-01-11T02:00:00+00:00 https://www.bleepingcomputer.com/news/security/new-dark-pink-apt-group-targets-govt-and-military-with-custom-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8299902 False Malware,Threat None 2.0000000000000000 Security Intelligence - Site de news Américain James Kilner contributed to the technical editing of this blog. Nethanella Messer, Segev Fogel, Or Ben Nun and Liran Tiebloom contributed to the blog. Although in the PC realm it is common to see financial malware used in web attacks to commit fraud, in Android-based financial malware this is a new trend. Traditionally, financial malware […] ]]> 2023-01-11T01:00:00+00:00 https://securityintelligence.com/posts/view-into-webview-attacks-android/ www.secnews.physaphae.fr/article.php?IdArticle=8299852 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2023-01-10T22:10:00+00:00 https://thehackernews.com/2023/01/strongpity-hackers-distribute.html www.secnews.physaphae.fr/article.php?IdArticle=8299591 True Malware,Threat None 1.00000000000000000000 SC Magazine - Magazine 2023-01-10T21:19:41+00:00 https://www.scmagazine.com/brief/malware/novel-macos-malware-strains-with-chinese-origins-prevalent www.secnews.physaphae.fr/article.php?IdArticle=8299848 False Malware None 2.0000000000000000 SC Magazine - Magazine 2023-01-10T21:14:26+00:00 https://www.scmagazine.com/brief/breach/kubernetes-clusters-compromised-by-kinsing-malware www.secnews.physaphae.fr/article.php?IdArticle=8299850 False Malware Uber 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2023-01-10T18:24:00+00:00 https://thehackernews.com/2023/01/italian-users-warned-of-malware-attack.html www.secnews.physaphae.fr/article.php?IdArticle=8299560 False Malware None 2.0000000000000000 Bleeping Computer - Magazine Américain 2023-01-10T18:05:01+00:00 https://www.bleepingcomputer.com/news/security/over-1-300-fake-anydesk-sites-push-vidar-info-stealing-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8299696 False Malware None 4.0000000000000000 Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence OPWNAI : Cybercriminals Starting to Use ChatGPT (published: January 6, 2023) Check Point researchers have detected multiple underground forum threads outlining experimenting with and abusing ChatGPT (Generative Pre-trained Transformer), the revolutionary artificial intelligence (AI) chatbot tool capable of generating creative responses in a conversational manner. Several actors have built schemes to produce AI outputs (graphic art, books) and sell them as their own. Other actors experiment with instructions to write an AI-generated malicious code while avoiding ChatGPT guardrails that should prevent such abuse. Two actors shared samples allegedly created using ChatGPT: a basic Python-based stealer, a Java downloader that stealthily runs payloads using PowerShell, and a cryptographic tool. Analyst Comment: ChatGPT and similar tools can be of great help to humans creating art, writing texts, and programming. At the same time, it can be a dangerous tool enabling even low-skill threat actors to create convincing social-engineering lures and even new malware. MITRE ATT&CK: [MITRE ATT&CK] T1566 - Phishing | [MITRE ATT&CK] T1059.001: PowerShell | [MITRE ATT&CK] T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol | [MITRE ATT&CK] T1560 - Archive Collected Data | [MITRE ATT&CK] T1005: Data from Local System Tags: ChatGPT, Artificial intelligence, OpenAI, Phishing, Programming, Fraud, Chatbot, Python, Java, Cryptography, FTP Turla: A Galaxy of Opportunity (published: January 5, 2023) Russia-sponsored group Turla re-registered expired domains for old Andromeda malware to select a Ukrainian target from the existing victims. Andromeda sample, known from 2013, infected the Ukrainian organization in December 2021 via user-activated LNK file on an infected USB drive. Turla re-registered the Andromeda C2 domain in January 2022, profiled and selected a single victim, and pushed its payloads in September 2022. First, the Kopiluwak profiling tool was downloaded for system reconnaissance, two days later, the Quietcanary backdoor was deployed to find and exfiltrate files created in 2021-2022. Analyst Comment: Advanced groups are often utilizing commodity malware to blend their traffic with less sophisticated threats. Turla’s tactic of re-registering old but active C2 domains gives the group a way-in to the pool of existing targets. Organizations should be vigilant to all kinds of existing infections and clean them up, even if assessed as “less dangerous.” All known network and host-based indicators and hunting rules associated]]> 2023-01-10T16:30:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-turla-re-registered-andromeda-domains-spynote-is-more-popular-after-the-source-code-publication-typosquatted-site-used-to-leak-companys-data www.secnews.physaphae.fr/article.php?IdArticle=8299602 False Ransomware,Malware,Tool,Threat ChatGPT,APT-C-36 2.0000000000000000 SC Magazine - Magazine 2023-01-10T16:10:39+00:00 https://www.scmagazine.com/news/cloud-security/the-number-of-cloud-apps-delivering-malware-nearly-tripled-in-2022 www.secnews.physaphae.fr/article.php?IdArticle=8299668 False Malware None 2.0000000000000000 Dark Reading - Informationweek Branch 2023-01-10T15:04:00+00:00 https://www.darkreading.com/cloud/netskope-threat-research-malware-delivering-cloud-apps-nearly-tripled-in-2022 www.secnews.physaphae.fr/article.php?IdArticle=8299556 False Malware,Threat None 3.0000000000000000 SecurityWeek - Security News 2023-01-10T12:49:25+00:00 https://www.securityweek.com/pypi-users-targeted-powerat-malware www.secnews.physaphae.fr/article.php?IdArticle=8299575 False Malware None 2.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain are seeing ChatGPT-written malware in the wild. …within a few weeks of ChatGPT going live, participants in cybercrime forums—­some with little or no coding experience­—were using it to write software and emails that could be used for espionage, ransomware, malicious spam, and other malicious tasks. “It's still too early to decide whether or not ChatGPT capabilities will become the new favorite tool for participants in the Dark Web,” company researchers wrote. “However, the cybercriminal community has already shown significant interest and are jumping into this latest trend to generate malicious code.”...]]> 2023-01-10T12:18:55+00:00 https://www.schneier.com/blog/archives/2023/01/chatgpt-written-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8299521 False Malware,Tool,Prediction ChatGPT 2.0000000000000000 The Register - Site journalistique Anglais 2023-01-09T21:15:11+00:00 https://go.theregister.com/feed/www.theregister.com/2023/01/09/pypi_aws_malware_key/ www.secnews.physaphae.fr/article.php?IdArticle=8299326 False Malware,Tool None 2.0000000000000000 Bleeping Computer - Magazine Américain 2023-01-09T16:16:26+00:00 https://www.bleepingcomputer.com/news/security/microsoft-kubernetes-clusters-hacked-in-malware-campaign-via-postgresql/ www.secnews.physaphae.fr/article.php?IdArticle=8299327 False Malware Uber 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC $3.86 million to $4.24 million in 2021. That's costly enough to put most SMBs into the red. Not to mention the reputational damage it can cause for your brand. Avoid this dreaded fate by protecting yourself against the latest cybersecurity developments — like Malware-as-a-Service (MaaS) — to protect your networks, data, systems, and business reputation. If you've never heard of Malware-as-a-Service (MaaS) before, don't fret. This article is for you. We'll teach you everything you need to know about Malware-as-a-Service and wrap it up by sharing some best practices for protecting your proprietary company data from potential threats. Let's dive in. What is Malware-as-a-Service (Maas)? Malware-as-a-Service (MaaS) is a type of cyber attack in which criminals offer malware and deployment services to other hackers or malicious actors on the internet. These services typically are available on the dark web. When purchased, a bad actor can carry out various malicious activities, such as stealing sensitive information, disrupting computer systems, or encrypting data and demanding a ransom to unlock it. Some of the most common types of malware include the following: Viruses: Programs that can replicate themselves and spread to other computers. They can cause various problems, such as disrupting computer operations, stealing information, or damaging files. Trojan horses: These programs masquerade themselves as legitimate software but can carry out malicious activities, such as stealing data or giving attackers unauthorized access to a computer. Worms: A self-replicating program that can spread across networks, disrupting computer operations and consuming network resources. Adware: Software that displays unwanted advertisements on a computer. It can be intrusive and annoying and sometimes track a user's online activities. Ransomware: Encryption of a victim's data with the demand for a ransom payment to unlock it. It can devastate businesses, resulting in losing important data and files. Spyware: Software designed to collect information about a user's online activities without their knowledge or consent to steal sensitive information (like financial statements and passwords). Bots: Often used in conjunction with other types of malware, such as viruses or worms. For example, a virus could infect a computer and then download and install a bot, which could carry out malicious activities on that computer or other computers on the network. MaaS makes it easier for cybercriminals to launch attacks, as they can purchase and use pre-made malware without developing it themselves. This distinction can make it harder for law enforcement, cybersecurity experts, and IT teams to track down the people responsible for the attacks. And sadly, cyber-attacks are industry agnostic. For example, in the transportation industry, cybercriminals exploit vulnerabilities of electronic logging devices and steal valuable information from cloud-connected trucks. MaaS is also a significant threat to online job boards like ]]> 2023-01-09T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/understanding-malware-as-a-service-maas-the-future-of-cyber-attack-accessibility www.secnews.physaphae.fr/article.php?IdArticle=8299142 False Ransomware,Data Breach,Malware,Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine 2023-01-09T10:00:00+00:00 https://www.infosecurity-magazine.com/news/threat-actors-rat-pokemon-nft-card/ www.secnews.physaphae.fr/article.php?IdArticle=8299131 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2023-01-08T11:45:00+00:00 https://thehackernews.com/2023/01/russian-turla-hackers-hijack-decade-old.html www.secnews.physaphae.fr/article.php?IdArticle=8298931 False Malware None 5.0000000000000000 Bleeping Computer - Magazine Américain 2023-01-07T10:12:06+00:00 https://www.bleepingcomputer.com/news/security/malicious-pypi-packages-create-cloudflare-tunnels-to-bypass-firewalls/ www.secnews.physaphae.fr/article.php?IdArticle=8298831 False Malware None 2.0000000000000000 TroyHunt - Blog Security 2023-01-06T22:05:06+00:00 https://arstechnica.com/?p=1908471 www.secnews.physaphae.fr/article.php?IdArticle=8298667 False Malware ChatGPT 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2023-01-06T19:45:00+00:00 https://thehackernews.com/2023/01/microsoft-reveals-tactics-used-by-4.html www.secnews.physaphae.fr/article.php?IdArticle=8298544 False Ransomware,Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2023-01-06T19:16:00+00:00 https://thehackernews.com/2023/01/dridex-malware-now-attacking-macos.html www.secnews.physaphae.fr/article.php?IdArticle=8298545 False Malware,Prediction None 3.0000000000000000 Dark Reading - Informationweek Branch 2023-01-06T18:46:00+00:00 https://www.darkreading.com/attacks-breaches/purpleurchin-devops-cloud-malware-campaign www.secnews.physaphae.fr/article.php?IdArticle=8298619 False Malware,Threat None 3.0000000000000000 SecurityWeek - Security News 2023-01-06T15:44:09+00:00 https://www.securityweek.com/many-13-new-mac-malware-families-discovered-2022-linked-china www.secnews.physaphae.fr/article.php?IdArticle=8298590 False Malware None 4.0000000000000000 The Register - Site journalistique Anglais 2023-01-06T15:30:06+00:00 https://go.theregister.com/feed/www.theregister.com/2023/01/06/dridex_macos_microsoft_malware/ www.secnews.physaphae.fr/article.php?IdArticle=8298555 False Malware None 3.0000000000000000 SecurityWeek - Security News 2023-01-06T13:36:58+00:00 https://www.securityweek.com/russian-turla-cyberspies-leveraged-other-hackers-usb-delivered-malware www.secnews.physaphae.fr/article.php?IdArticle=8298523 False Malware,Threat None 2.0000000000000000 ComputerWeekly - Computer Magazine 2023-01-06T09:17:00+00:00 https://www.computerweekly.com/news/252528934/Russias-Turla-falls-back-on-old-malware-C2-domains-to-avoid-detection www.secnews.physaphae.fr/article.php?IdArticle=8298541 False Malware None 2.0000000000000000 AhnLab - Korean Security Firm NetSupport Manager is a remote control tool that can be installed and used by ordinary or corporate users for the purpose of remotely controlling systems. However, it is being abused by many threat actors because it allows external control over specific systems. Unlike backdoors and RATs (Remote Access Trojans), which are mostly based on command lines, remote control tools (Remote Administration Tools) place emphasis on user-friendliness, so they offer remote desktops, also known as GUI environments. Even though they may... ]]> 2023-01-05T23:47:00+00:00 https://asec.ahnlab.com/en/45312/ www.secnews.physaphae.fr/article.php?IdArticle=8298371 False Malware,Tool,Threat None 2.0000000000000000 AhnLab - Korean Security Firm The ASEC analysis team uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from December 26th, 2022 (Monday) to January 1st, 2023 (Sunday). For the main category, downloader ranked top with 48.8%, followed by backdoor with 24.2%, Infostealer with 18.4%, CoinMiner with 4.8%, ransomware with 3.4%, and lastly banking malware with 0.5%. Top 1 – SmokeLoader SmokeLoader is an Infostealer/downloader malware that is distributed via exploit kits. This... ]]> 2023-01-05T23:43:53+00:00 https://asec.ahnlab.com/en/45359/ www.secnews.physaphae.fr/article.php?IdArticle=8298372 True Ransomware,Malware None 2.0000000000000000 Wired Threat Level - Security News 2023-01-05T20:01:01+00:00 https://www.wired.com/story/russia-turla-fsb-usb-infection/ www.secnews.physaphae.fr/article.php?IdArticle=8298301 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2023-01-05T18:04:00+00:00 https://thehackernews.com/2023/01/bluebottle-cybercrime-group-preys-on.html www.secnews.physaphae.fr/article.php?IdArticle=8298163 False Malware None 2.0000000000000000 Dark Reading - Informationweek Branch 2023-01-05T18:02:00+00:00 https://www.darkreading.com/attacks-breaches/bluebottle-bank-heist-assault-fresh-lol-tactics www.secnews.physaphae.fr/article.php?IdArticle=8298286 False Malware,Threat None 3.0000000000000000 SC Magazine - Magazine 2023-01-05T17:27:53+00:00 https://www.scmagazine.com/brief/malware/security-researchers-report-linux-malware-with-cryptocurrency-miner-payload www.secnews.physaphae.fr/article.php?IdArticle=8298352 False Malware None 2.0000000000000000 SC Magazine - Magazine 2023-01-05T17:26:49+00:00 https://www.scmagazine.com/brief/malware/new-malware-campaign-exploits-windows-error-reporting-tool www.secnews.physaphae.fr/article.php?IdArticle=8298353 False Malware,Tool,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2023-01-05T16:35:00+00:00 https://thehackernews.com/2023/01/spynote-strikes-again-android-spyware.html www.secnews.physaphae.fr/article.php?IdArticle=8298095 False Malware None 2.0000000000000000 Mandiant - Blog Sécu de Mandiant kopiluwak Utilitaire de reconnaissance et ]]> 2023-01-05T15:00:00+00:00 https://www.mandiant.com/resources/blog/turla-galaxy-opportunity www.secnews.physaphae.fr/article.php?IdArticle=8377392 False Malware None 4.0000000000000000 RedCanary - Red Canary 2023-01-05T14:26:38+00:00 https://redcanary.com/blog/ebpf-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8298202 False Malware None 4.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC ransomware virus? Take a deep breath and try to remain composed. It can be easy to panic or become overwhelmed in the face of an attack, but it is vital to remain calm and focused in order to make the best decisions for your organization. The initial actions to take in the event of a ransomware attack Disconnect the affected devices from the network as soon as possible. This can help to prevent the ransomware from spreading to other computers or devices. Determine what data has been affected and assess the extent of the damage. Determine the specific type of ransomware virus that has infected your devices to understand how this malware operates and what steps you need to take to remove it. It is important to notify all employees about the ransomware attack and instruct them not to click on any suspicious links or open any suspicious attachments. Consider reporting the attack. This can help to increase awareness of the attack and may also help to prevent future attacks. Please note that in some regions, business owners are required by law to report an attack. Do not rush into a decision. Take the time to carefully evaluate your options and the potential consequences of each of them before deciding whether to pay the ransom or explore other solutions. Paying the ransom is not the only option. Consider exploring other solutions, such as restoring your data from backups. If you do not have backups, cybersecurity experts may be able to help you recover your data since many ransomware strains were decrypted and keys are publicly available. Strategies cybercrooks employ to obtain funds from victims swiftly Cyber extortionists use various tactics beyond just encrypting data. They also use post-exploitation blackmail methods to coerce victims into paying them. Very often, cybercriminals use several extortion tactics simultaneously. Some examples of these tactics include: Steal and disclose Cyber extortionists not only encrypt victims' data but also often steal it. If the ransom is not paid, the stolen files may be made publicly available on special leak websites, which can cause severe damage to the victim's reputation and make them more likely to give in to the attackers' demands. Destroy keys if a negotiation company intervenes Some ransomware authors have threatened to delete the private keys necessary for decrypting victims' data if they seek the help of a professional third party to negotiate on their behalf.  Launch a DDoS attack Ransomware attackers often threaten to flood the victim's website with a large volume of traffic in an effort to put it down and intimidate the targeted company into paying the ransom faster. Cause printers to behave abnormally Some hackers were able to take control of the printers and print ransom notes directly in front of partners and customers. This provides a high level of visibility for the attack, as it is difficult for people to ignore the ransom notes being printed. Use Facebook ads for malicious purposes Criminals have been known to use advertising to gain attention for their attacks. In one ins]]> 2023-01-05T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/the-dos-and-donts-of-ransomware-negotiations www.secnews.physaphae.fr/article.php?IdArticle=8298078 False Ransomware,Malware,Threat,Prediction None 3.0000000000000000 Bleeping Computer - Magazine Américain 2023-01-05T10:17:25+00:00 https://www.bleepingcomputer.com/news/security/spynote-android-malware-infections-surge-after-source-code-leak/ www.secnews.physaphae.fr/article.php?IdArticle=8298208 False Malware None 2.0000000000000000 Anomali - Firm Blog 2023-01-05T05:50:00+00:00 https://www.anomali.com/blog/focusing-on-your-adversary www.secnews.physaphae.fr/article.php?IdArticle=8298031 False Ransomware,Malware,Tool,Vulnerability,Threat,Industrial,Prediction None 3.0000000000000000 CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2023-01-05T04:00:00+00:00 https://www.csoonline.com/article/3684730/nato-tests-ai-s-ability-to-protect-critical-infrastructure-against-cyberattacks.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8298162 False Malware None 3.0000000000000000 Bleeping Computer - Magazine Américain 2023-01-04T17:29:46+00:00 https://www.bleepingcomputer.com/news/security/new-shc-compiled-linux-malware-installs-cryptominers-ddos-bots/ www.secnews.physaphae.fr/article.php?IdArticle=8297962 False Malware None 2.0000000000000000 Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence PyTorch Discloses Malicious Dependency Chain Compromise Over Holidays (published: January 1, 2023) Between December 25th and December 30th, 2022, users who installed PyTorch-nightly were targeted by a malicious library. The malicious torchtriton dependency on PyPI uses the dependency confusion attack by having the same name as the legitimate one on the PyTorch repository (PyPI takes precedence unless excluded). The actor behind the malicious library claims that it was part of ethical research and that he alerted some affected companies via HackerOne programs (Facebook was allegedly alerted). At the same time the library’s features are more aligned with being a malware than a research project. The code is obfuscated, it employs anti-VM techniques and doesn’t stop at fingerprinting. It exfiltrates passwords, certain files, and the history of Terminal commands. Stolen data is sent to the C2 domain via encrypted DNS queries using the wheezy[.]io DNS server. Analyst Comment: The presence of the malicious torchtriton binary can be detected, and it should be uninstalled. PyTorch team has renamed the 'torchtriton' library to 'pytorch-triton' and reserved the name on PyPI to prevent similar attacks. Opensource repositories and apps are a valuable asset for many organizations but adoption of these must be security risk assessed, appropriately mitigated and then monitored to ensure ongoing integrity. MITRE ATT&CK: [MITRE ATT&CK] T1195.001 - Supply Chain Compromise: Compromise Software Dependencies And Development Tools | [MITRE ATT&CK] T1027 - Obfuscated Files Or Information | [MITRE ATT&CK] Picus: The System Information Discovery Technique Explained - MITRE ATT&CK T1082 | [MITRE ATT&CK] T1003.008 - OS Credential Dumping: /Etc/Passwd And /Etc/Shadow | [MITRE ATT&CK] T1041 - Exfiltration Over C2 Channel Tags: Dependency confusion, Dependency chain compromise, PyPI, PyTorch, torchtriton, Facebook, Meta AI, Exfiltration over DNS, Linux Linux Backdoor Malware Infects WordPress-Based Websites (published: December 30, 2022) Doctor Web researchers have discovered a new Linux backdoor that attacks websites based on the WordPress content management system. The latest version of the backdoor exploits 30 vulnerabilities in outdated versions of WordPress add-ons (plugins and themes). The exploited website pages are injected with a malicious JavaScript that intercepts all users clicks on the infected page to cause a malicious redirect. Analyst Comment: Owners of WordPress-based websites should keep all the components of the platform up-to-date, including third-party add-ons and themes. Use ]]> 2023-01-04T16:30:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-machine-learning-toolkit-targeted-by-dependency-confusion-multiple-campaigns-hide-in-google-ads-lazarus-group-experiments-with-bypassing-mark-of-the-web www.secnews.physaphae.fr/article.php?IdArticle=8297872 False Malware,Tool,Vulnerability,Threat,Patching,Medical APT 38,LastPass 2.0000000000000000 Dark Reading - Informationweek Branch 2023-01-04T15:46:00+00:00 https://www.darkreading.com/attacks-breaches/bitrat-malware-victims-bank-heist-data www.secnews.physaphae.fr/article.php?IdArticle=8297837 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2023-01-04T14:02:00+00:00 https://thehackernews.com/2023/01/new-shc-based-linux-malware-targeting.html www.secnews.physaphae.fr/article.php?IdArticle=8297704 False Malware None 2.0000000000000000 SC Magazine - Magazine 2023-01-04T12:40:40+00:00 https://www.scmagazine.com/brief/social-engineering/new-malware-campaign-using-stolen-bank-info-as-phishing-bait www.secnews.physaphae.fr/article.php?IdArticle=8297883 False Malware None 2.0000000000000000 Bleeping Computer - Magazine Américain 2023-01-04T12:16:37+00:00 https://www.bleepingcomputer.com/news/security/hackers-abuse-windows-error-reporting-tool-to-deploy-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8297879 False Malware,Tool None 2.0000000000000000 Soc Radar - Blog spécialisé SOC 2023-01-04T11:53:15+00:00 https://socradar.io/the-week-in-dark-web-4-january-2023-access-sales-data-and-malware-leakes/ www.secnews.physaphae.fr/article.php?IdArticle=8300143 False Malware None 3.0000000000000000