This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-12T15:53:49+00:00 www.secnews.physaphae.fr IndustrialCyber - cyber risk firms for industrial La société critique de protection contre les infrastructures (CIP) La société de solutions de cybersécurité Opswat a annoncé son acquisition d'enquête, un fournisseur de solutions de cybersécurité connue ...

---

>Critical infrastructure protection (CIP) cybersecurity solutions company OPSWAT announced its acquisition of InQuest, a cybersecurity solutions provider known... ]]> 2024-08-07T15:22:18+00:00 https://industrialcyber.co/news/opswat-acquires-inquest-boosts-federal-go-to-market-strategy-network-detection-and-threat-intelligence/ www.secnews.physaphae.fr/article.php?IdArticle=8553490 False Threat None 3.0000000000000000 LogPoint - Blog Secu Il ne fait aucun doute que Microsoft 365 est largement utilisé par les entreprises de toutes tailles. Cette puissante suite d'outils de productivité donne des moyens d'action élaborés aux équipes de sécurité des entreprises disposant d'un grand nombre de systèmes endpoint, d'utilisateurs et surtout de données. L'intégration de Logpoint avec l'API Microsoft Graph aide les [...] ]]> 2024-08-07T14:02:57+00:00 https://www.logpoint.com/fr/blog/detection-et-surveillance-des-menaces-avec-microsoft-365/ www.secnews.physaphae.fr/article.php?IdArticle=8568573 False Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-08-07T13:49:42+00:00 https://community.riskiq.com/article/7514ee17 www.secnews.physaphae.fr/article.php?IdArticle=8553454 False Malware,Tool,Threat None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial Claroty, une société de protection des systèmes cyber-physiques (CPS), a annoncé mardi un accord de collaboration stratégique pluriannuelle (SCA) avec Amazon ...

---

>Claroty, a cyber-physical systems (CPS) protection company, announced on Tuesday a multi-year strategic collaboration agreement (SCA) with Amazon... ]]> 2024-08-07T12:28:40+00:00 https://industrialcyber.co/news/claroty-aws-join-to-improve-asset-visibility-exposure-management-threat-detection-for-cyber-physical-systems/ www.secnews.physaphae.fr/article.php?IdArticle=8553395 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have lifted the lid on a new technique adopted by threat actors behind the Chameleon Android banking trojan targeting users in Canada by masquerading as a Customer Relationship Management (CRM) app. "Chameleon was seen masquerading as a CRM app, targeting a Canadian restaurant chain operating internationally," Dutch security outfit ThreatFabric said in a technical]]> 2024-08-07T11:55:00+00:00 https://thehackernews.com/2024/08/chameleon-android-banking-trojan.html www.secnews.physaphae.fr/article.php?IdArticle=8553253 False Threat,Mobile,Technical None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot Researchers at Aqua Nautilus identified a DDoS campaign named "Panamorfi" targeting Jupyter notebooks. The]]> 2024-08-07T11:29:59+00:00 https://community.riskiq.com/article/fe2bc706 www.secnews.physaphae.fr/article.php?IdArticle=8553393 False Tool,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch 2024-08-07T09:17:28+00:00 https://www.darkreading.com/threat-intelligence/cybersecurity-industry-leaders-launch-the-cyber-threat-intelligence-capability-maturity-model www.secnews.physaphae.fr/article.php?IdArticle=8553959 False Threat None 2.0000000000000000 ProofPoint - Cyber Firms 2024-08-07T07:16:45+00:00 https://www.proofpoint.com/us/blog/security-awareness-training/generative-ai-risks-to-know www.secnews.physaphae.fr/article.php?IdArticle=8553455 False Tool,Threat,Prediction,Technical None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot Elastic Security Labs identified a Windows backdoor called BITSLOTH, which uses the Background Intelligent Transfer Service (BITS) for command-and-control communication. ## Description This backdoor was uncovered during an intrusion in the LATA]]> 2024-08-06T21:47:56+00:00 https://community.riskiq.com/article/a05ba23d www.secnews.physaphae.fr/article.php?IdArticle=8553025 False Malware,Tool,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch Protections like Windows Smart App Control are useful but susceptible to attacks that allow threat actors initial access to an environment without triggering any alerts.]]> 2024-08-06T20:58:14+00:00 https://www.darkreading.com/application-security/attackers-use-multiple-techniques-to-bypass-reputation-based-security www.secnews.physaphae.fr/article.php?IdArticle=8552976 False Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-08-06T19:51:15+00:00 https://community.riskiq.com/article/b9d401fd www.secnews.physaphae.fr/article.php?IdArticle=8552972 False Ransomware,Malware,Tool,Threat None 2.0000000000000000 Global Security Mag - Site de news francais Investigations]]> 2024-08-06T19:27:41+00:00 https://www.globalsecuritymag.fr/une-etude-de-hp-wolf-security-revele-qu-1-entreprise-sur-4-en-france-est.html www.secnews.physaphae.fr/article.php?IdArticle=8552947 False Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-08-06T19:20:13+00:00 https://community.riskiq.com/article/2a6f014d www.secnews.physaphae.fr/article.php?IdArticle=8552973 False Malware,Threat,Cloud None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-08-06T18:23:27+00:00 https://community.riskiq.com/article/2346de18 www.secnews.physaphae.fr/article.php?IdArticle=8552945 False Malware,Tool,Threat,Industrial None 3.0000000000000000 Recorded Future - FLux Recorded Future 2024-08-06T17:18:46+00:00 https://therecord.media/android-zero-day-google-fix-august-patch www.secnews.physaphae.fr/article.php?IdArticle=8552893 False Vulnerability,Threat,Mobile None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korea-linked threat actor known as Moonstone Sleet has continued to push malicious npm packages to the JavaScript package registry with the aim of infecting Windows systems, underscoring the persistent nature of their campaigns. The packages in question, harthat-api and harthat-hash, were published on July 7, 2024, according to Datadog Security Labs. Both the libraries did not attract]]> 2024-08-06T16:47:00+00:00 https://thehackernews.com/2024/08/north-korean-hackers-moonstone-sleet.html www.secnews.physaphae.fr/article.php?IdArticle=8552716 False Threat None 3.0000000000000000 Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique Netskope et Wiz aident les organisations à simplifier et à automatiser la gestion des politiques dans des environnements cloud complexes.Ce partenariat met en évidence l'intégration transparente entre le partage de la sécurité des services de sécurité et les informations sur les menaces pour permettre à NetSkope de modifier automatiquement les politiques existantes ou d'élaborer de nouvelles.Ci-dessous, nous présentons deux des principaux cas d'utilisation que les clients exploitent avec notre conjoint [& # 8230;]

---

>Netskope and Wiz help organizations simplify and automate policy management across complex cloud environments. This partnership highlights the seamless integration between Wiz sharing security risk and threat insights to enable Netskope to modify existing policies or craft new ones automatically.  Below, we present two of the primary use cases that customers leverage with our joint […] ]]> 2024-08-06T16:00:00+00:00 https://www.netskope.com/blog/wiz-and-netskope-making-iaas-zero-trust-magic www.secnews.physaphae.fr/article.php?IdArticle=8552828 False Threat,Cloud None 3.0000000000000000 Global Security Mag - Site de news francais mise à jour malveillant

---

Malware-as-a-Service (MaaS) and Ransomware-as-a-Service (RaaS) continue to dominate the threat landscape Email phishing remains a top threat, with 17.8 million phishing emails detected between December 2023 and July 2024, and 62% bypassing DMARC checks designed to safeguard against unauthorized use Emergence of new threats such as Qilin ransomware and increased exploitation of edge infrastructure vulnerabilities - Malware Update]]> 2024-08-06T15:06:22+00:00 https://www.globalsecuritymag.fr/darktrace-half-year-threat-report-2024-reveals-persistent-cybercrime-as-a.html www.secnews.physaphae.fr/article.php?IdArticle=8552803 False Ransomware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Users in Russia have been the target of a previously undocumented Android post-compromise spyware called LianSpy since at least 2021. Cybersecurity vendor Kaspersky, which discovered the malware in March 2024, noted its use of Yandex Cloud, a Russian cloud service, for command-and-control (C2) communications as a way to avoid having a dedicated infrastructure and evade detection. "This threat is]]> 2024-08-06T15:06:00+00:00 https://thehackernews.com/2024/08/new-android-spyware-lianspy-evades.html www.secnews.physaphae.fr/article.php?IdArticle=8552657 False Malware,Threat,Mobile,Cloud None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot Researchers at Securelist discovered a campaign targeting individuals in Russia with a new Android spyware called "Li]]> 2024-08-06T14:31:12+00:00 https://community.riskiq.com/article/c98f683c www.secnews.physaphae.fr/article.php?IdArticle=8552826 False Malware,Threat,Mobile,Cloud None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC LevelBlue Labs has identified a new evolution in the toolset of threat actors. Threat actors are hijacking legitimate anti-virus software to carry out malicious activities undetected. A new tool, named SbaProxy, has been found masquerading as legitimate anti-virus components to establish proxy connections through a command and control (C&C) server. This tool, distributed in various formats such as DLLs, EXEs, and PowerShell scripts, is challenging to detect due to its sophisticated design and legitimate appearance. By modifying legitimate anti-virus binaries and using valid certificates, the threat actors have made SbaProxy particularly stealthy. This threat has a significant impact, as it can be used to create proxy services that facilitate malicious activities and potentially be sold for financial gain. LevelBlue Labs is committed to continuing its efforts to monitor and combat this evolving threat. What you need to understand at the highest level: Hijacking of Legitimate Software. Threat actors leverage legitimate anti-virus components, modifying them to serve malicious purposes while maintaining their appearance as benign software, making detection difficult. In this new iteration of the campaign, we have observed Malwarebytes, BitDefender, APEX products, and others being targeted. Introduction of SbaProxy. A new tool, SbaProxy, has been identified as part of this threat actor\'s evolving toolkit, capable of establishing proxy connections they use to generate revenue. Sophisticated Evasion Tactics. The malicious binaries are signed with valid or seemingly valid certificates, which helps them bypass security checks and evade detection. Variety of Distribution Formats. SbaProxy is being distributed in multiple formats, including DLLs, EXEs, and PowerShell scripts, all with the same underlying functionality, increasing the attack\'s resilience. Ongoing Threat Monitoring. LevelBlue Labs is actively tracking this threat to stay ahead of the actors\' evolving techniques and protect their clients from emerging cyber risks.  Technical Analysis: A Closer Look at How It’s Done. In early June, LevelBlue Labs observed suspicious activity originating from seemingly legitimate anti-virus binaries. Upon investigation, this activity was from a new tool associated with the campaign already reported by Sophos in late April. It marks a new iteration in the toolset used by this threat actor. It’s controlled from a C&C server and establishes a proxy connection between the C&C server and a target through the infected machine. We believe this proxy service is then sold to other criminals. We are tracking this as SbaProxy following the nomenclature given by Sophos. SbaProxy is being distributed in several formats: PowerShell scripts DLL libraries EXE binaries. Even though the format varies and there are technical differences among the different types of files, the functionality offered is the same. Notably, when the chosen format is DLL or EXE, the samples are based on the legitimate anti-virus components they are trying to imitate but are modified to include malicious code. This is done to disguise their binaries as legitimate, as the larger portion of the code is benign. Of course, the original anti-virus binaries were signed by their respective manufacturers, and the modifications performed by the malicious threat actor broke the signature. The threat actor has opted to sign the files again with counterfeit certificates. While some of the certificates used by the threat]]> 2024-08-06T13:00:00+00:00 https://cybersecurity.att.com/blogs/labs-research/hijacked-how-cybercriminals-are-turning-anti-virus-software-against-you www.secnews.physaphae.fr/article.php?IdArticle=8552770 False Malware,Tool,Threat,Prediction,Technical None 2.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Au milieu d'une touche d'attaques de ransomwares, le Comité du renseignement du Sénat veut traiter le phénomène comme le terrorisme.

---

>Amid a rash of ransomware attacks, the Senate Intelligence Committee wants to treat the phenomenon like terrorism. ]]> 2024-08-06T10:00:00+00:00 https://cyberscoop.com/ransomware-terrorism-ndaa-2025/ www.secnews.physaphae.fr/article.php?IdArticle=8552658 False Ransomware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new zero-day pre-authentication remote code execution vulnerability has been disclosed in the Apache OFBiz open-source enterprise resource planning (ERP) system that could allow threat actors to achieve remote code execution on affected instances. Tracked as CVE-2024-38856, the flaw has a CVSS score of 9.8 out of a maximum of 10.0. It affects Apache OFBiz versions prior to 18.12.15. "The]]> 2024-08-06T09:46:00+00:00 https://thehackernews.com/2024/08/new-zero-day-flaw-in-apache-ofbiz-erp.html www.secnews.physaphae.fr/article.php?IdArticle=8552528 False Vulnerability,Threat None 3.0000000000000000 InformationSecurityBuzzNews - Site de News Securite Proficio, a Managed Detection and Response (MDR) provider, has rolled out its ProBAS Breach and Attack Simulation service. The solution “rigorously” tests businesses\' security defenses, to ensure they can prevent compromise events and detect attacks throughout the entire threat detection and response process. From device alert logs to SIEM, SOC detection, and containment response actions, ProBAS [...]]]> 2024-08-06T04:37:34+00:00 https://informationsecuritybuzz.com/profico-unveils-attack-simulation/ www.secnews.physaphae.fr/article.php?IdArticle=8552523 False Threat None 3.0000000000000000 The State of Security - Magazine Américain Cybercriminals are notorious for their opportunism. No situation is off limits: whether they exploit conflict and human suffering, blackmail vulnerable individuals by threatening to leak therapy notes, or even bring healthcare organizations to their knees, cybercriminals will stop at nothing to make a quick buck. Hurricane season is a particularly lucrative time of year for cybercriminals. Every year, inclement weather rips through the Atlantic and Gulf of Mexico, causing billions of dollars in damage and putting lives at risk. This year\'s season began with unusual ferocity as Hurricane Beryl...]]> 2024-08-06T03:41:20+00:00 https://www.tripwire.com/state-of-security/hurricane-season-scams-what-you-need-know www.secnews.physaphae.fr/article.php?IdArticle=8552632 False Threat,Medical None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-08-05T21:26:54+00:00 https://community.riskiq.com/article/00383b84 www.secnews.physaphae.fr/article.php?IdArticle=8552380 False Malware,Tool,Vulnerability,Threat APT 28 4.0000000000000000 Global Security Mag - Site de news francais revues de produits

---

Checkmarx Introduces Advanced Container Security, Delivering Up to 40% Vulnerability Reduction and Significant Efficiency Gains Enhanced threat detection combines static analysis with malicious package analysis and integrated Sysdig runtime insights - Product Reviews]]> 2024-08-05T20:25:04+00:00 https://www.globalsecuritymag.fr/checkmarx-introduces-advanced-container-security.html www.secnews.physaphae.fr/article.php?IdArticle=8552327 False Vulnerability,Threat None 3.0000000000000000 Global Security Mag - Site de news francais revues de produits

---

Cybersixgill Introduces Pulse: Disrupting Cyber Threat Intelligence with Personalized Content Stream - Product Reviews]]> 2024-08-05T20:18:04+00:00 https://www.globalsecuritymag.fr/cybersixgill-introduces-pulse.html www.secnews.physaphae.fr/article.php?IdArticle=8552328 False Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-08-05T20:11:48+00:00 https://community.riskiq.com/article/9b5042f0 www.secnews.physaphae.fr/article.php?IdArticle=8552324 False Ransomware,Malware,Tool,Threat,Commercial None 3.0000000000000000 Global Security Mag - Site de news francais revues de produits

---

AppOmni Announces SaaS-Aware Identity Threat Detection and Response (ITDR) Capabilities to Combat Attacks Against SaaS Applications ● Identity-centric analysis now combines with threshold and sequence rules in AppOmni\'s patent pending threat detection engine to provide unparalleled detection accuracy ● Enhanced open source SaaS Event Maturity Matrix provides greater clarity on events from each SaaS app to refine detection rules ● New SaaS Security Health Dashboard provides a holistic metrics-based view on overall health of the SaaS estate to identify and mitigate risks - Product Reviews]]> 2024-08-05T19:50:40+00:00 https://www.globalsecuritymag.fr/appomni-announces-saas-aware-identity-threat-detection-and-response-itdr.html www.secnews.physaphae.fr/article.php?IdArticle=8552296 False Threat,Cloud None 3.0000000000000000 Bleeping Computer - Magazine Américain Android security updates this month patch 46 vulnerabilities, including a high-severity remote code execution (RCE) exploited in targeted attacks. [...]]]> 2024-08-05T18:40:48+00:00 https://www.bleepingcomputer.com/news/security/google-fixes-android-kernel-zero-day-exploited-in-targeted-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8552382 False Vulnerability,Threat,Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have uncovered design weaknesses in Microsoft\'s Windows Smart App Control and SmartScreen that could enable threat actors to gain initial access to target environments without raising any warnings. Smart App Control (SAC) is a cloud-powered security feature introduced by Microsoft in Windows 11 to block malicious, untrusted, and potentially unwanted apps from being run]]> 2024-08-05T18:32:00+00:00 https://thehackernews.com/2024/08/researchers-uncover-flaws-in-windows.html www.secnews.physaphae.fr/article.php?IdArticle=8552091 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Organizations in Kazakhstan are the target of a threat activity cluster dubbed Bloody Wolf that delivers a commodity malware called STRRAT (aka Strigoi Master). "The program selling for as little as $80 on underground resources allows the adversaries to take control of corporate computers and hijack restricted data," cybersecurity vendor BI.ZONE said in a new analysis. The cyber attacks employ]]> 2024-08-05T18:12:00+00:00 https://thehackernews.com/2024/08/kazakh-organizations-targeted-by-bloody.html www.secnews.physaphae.fr/article.php?IdArticle=8552092 False Malware,Threat None 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Delta devra tenir compte de ses propres lacunes si elle suit une menace basée sur un «récit trompeur», a déclaré Crowdstrike.

---

>Delta will have to account for its own shortcomings if it follows through on a threat based on a “misleading narrative,” CrowdStrike said. ]]> 2024-08-05T16:43:22+00:00 https://cyberscoop.com/crowdstrike-points-finger-back-at-delta-after-airline-threatened-to-sue-over-outages/ www.secnews.physaphae.fr/article.php?IdArticle=8552205 False Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-08-05T16:41:23+00:00 https://community.riskiq.com/article/cd475258 www.secnews.physaphae.fr/article.php?IdArticle=8552235 False Ransomware,Malware,Tool,Threat None 3.0000000000000000 Global Security Mag - Site de news francais Malwares]]> 2024-08-05T15:01:41+00:00 https://www.globalsecuritymag.fr/cybercriminalite-fighting-ursa-utilise-une-annonce-de-vente-de-voiture-comme.html www.secnews.physaphae.fr/article.php?IdArticle=8552154 False Malware,Threat APT 28 3.0000000000000000 Checkpoint Research - Fabricant Materiel Securite Pour les dernières découvertes en cyberLes meilleures attaques et violations American Blood Donation Center Oneblood ont été victimes d'une attaque de ransomware qui a perturbé son système logiciel, affectant les opérations dans plus de 350 hôpitaux en Floride, en Géorgie et [& # 8230;]

---

>For the latest discoveries in cyber research for the week of 5th August, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES American blood donation center OneBlood has been a victim of a ransomware attack that caused disruption to its software system, affecting operations across more than 350 hospitals in Florida, Georgia, and the […] ]]> 2024-08-05T14:55:21+00:00 https://research.checkpoint.com/2024/5th-august-threat-intelligence-report/ www.secnews.physaphae.fr/article.php?IdArticle=8552153 False Ransomware,Threat None 3.0000000000000000 Bleeping Computer - Magazine Américain South Korea\'s National Cyber Security Center (NCSC) warns that state-backed DPRK hackers hijacked flaws in a VPN\'s software update to deploy malware and breach networks. [...]]]> 2024-08-05T13:21:04+00:00 https://www.bleepingcomputer.com/news/security/north-korean-hackers-exploit-vpn-update-flaw-to-install-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8552237 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A high-severity security bypass vulnerability has been disclosed in Rockwell Automation ControlLogix 1756 devices that could be exploited to execute common industrial protocol (CIP) programming and configuration commands. The flaw, which is assigned the CVE identifier CVE-2024-6242, carries a CVSS v3.1 score of 8.4. "A vulnerability exists in the affected products that allows a threat actor to]]> 2024-08-05T11:37:00+00:00 https://thehackernews.com/2024/08/critical-flaw-in-rockwell-automation.html www.secnews.physaphae.fr/article.php?IdArticle=8551870 False Vulnerability,Threat,Industrial None 4.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-08-05T10:51:17+00:00 https://community.riskiq.com/article/ed438f56 www.secnews.physaphae.fr/article.php?IdArticle=8552050 False Ransomware,Spam,Malware,Tool,Vulnerability,Threat,Mobile APT33,APT 41,APT 33,APT-C-17 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The China-linked threat actor known as Evasive Panda compromised an unnamed internet service provider (ISP) to push malicious software updates to target companies in mid-2023, highlighting a new level of sophistication associated with the group. Evasive Panda, also known by the names Bronze Highland, Daggerfly, and StormBamboo, is a cyber espionage group that\'s been active since at least 2012,]]> 2024-08-05T09:46:00+00:00 https://thehackernews.com/2024/08/china-linked-hackers-compromise-isp-to.html www.secnews.physaphae.fr/article.php?IdArticle=8551840 False Threat None 3.0000000000000000 Global Security Mag - Site de news francais Malwares]]> 2024-08-05T08:49:14+00:00 https://www.globalsecuritymag.fr/eset-research-devoile-une-vague-massive-de-phishing-ciblant-les-pme-en-europe.html www.secnews.physaphae.fr/article.php?IdArticle=8551971 False Threat None 3.0000000000000000 Resecurity - cyber risk firms 2024-08-05T00:00:00+00:00 https://www.resecurity.com/blog/article/resecurity-introduced-context-ai-to-accelerate-threat-intelligence-and-incident-response-capabilities www.secnews.physaphae.fr/article.php?IdArticle=8552264 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have disclosed details of a new distributed denial-of-service (DDoS) attack campaign targeting misconfigured Jupyter Notebooks. The activity, codenamed Panamorfi by cloud security firm Aqua, utilizes a Java-based tool called mineping to launch a TCP flood DDoS attack. Mineping is a DDoS package designed for Minecraft game servers. Attack chains entail the exploitation]]> 2024-08-03T09:29:00+00:00 https://thehackernews.com/2024/08/hackers-exploit-misconfigured-jupyter.html www.secnews.physaphae.fr/article.php?IdArticle=8550344 False Tool,Threat,Cloud None 3.0000000000000000 HexaCorn - Blog de recherche ContinuerReading & # 8594;

---

The IT/cyber Buy vs. Build discussions often focus on, and present the issue at hand as a zerosum game. And in this game you MUST choose between either ‘Buy’ or ‘Build’. How limiting… TL;DR; This article suggests that you should … Continue reading →]]> 2024-08-02T23:10:38+00:00 https://www.hexacorn.com/blog/2024/08/02/the-value-proposition-of-building-and-maintaining-an-internal-threat-hunting-team/ www.secnews.physaphae.fr/article.php?IdArticle=8550148 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A Taiwanese government-affiliated research institute that specializes in computing and associated technologies was breached by nation-state threat actors with ties to China, according to new findings from Cisco Talos. The unnamed organization was targeted as early as mid-July 2023 to deliver a variety of backdoors and post-compromise tools like ShadowPad and Cobalt Strike. It has been attributed]]> 2024-08-02T22:02:00+00:00 https://thehackernews.com/2024/08/apt41-hackers-use-shadowpad-cobalt.html www.secnews.physaphae.fr/article.php?IdArticle=8549909 False Tool,Threat APT 41 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A Russia-linked threat actor has been linked to a new campaign that employed a car for sale as a phishing lure to deliver a modular Windows backdoor called HeadLace. "The campaign likely targeted diplomats and began as early as March 2024," Palo Alto Networks Unit 42 said in a report published today, attributing it with medium to high level of confidence to APT28, which is also referred to as]]> 2024-08-02T21:46:00+00:00 https://thehackernews.com/2024/08/apt28-targets-diplomats-with-headlace.html www.secnews.physaphae.fr/article.php?IdArticle=8549910 False Malware,Threat APT 28 4.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-08-02T21:37:59+00:00 https://community.riskiq.com/article/25f17fe1 www.secnews.physaphae.fr/article.php?IdArticle=8550146 False Spam,Malware,Tool,Threat,Prediction None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-08-02T21:00:42+00:00 https://community.riskiq.com/article/4202ef09 www.secnews.physaphae.fr/article.php?IdArticle=8550106 False Threat,Mobile,Prediction,Technical None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-08-02T20:39:07+00:00 https://community.riskiq.com/article/39795708 www.secnews.physaphae.fr/article.php?IdArticle=8550107 False Ransomware,Malware,Tool,Vulnerability,Threat,Legislation,Cloud None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-08-02T20:30:41+00:00 https://community.riskiq.com/article/938927ca www.secnews.physaphae.fr/article.php?IdArticle=8550108 False Ransomware,Spam,Malware,Tool,Threat,Prediction None 3.0000000000000000 Dark Reading - Informationweek Branch The state-sponsored Chinese threat actor gained access to three systems and stole at least some research data around computing and related technologies.]]> 2024-08-02T19:20:49+00:00 https://www.darkreading.com/threat-intelligence/chinas-apt41-targets-taiwan-research-institute-for-cyber-espionage www.secnews.physaphae.fr/article.php?IdArticle=8550033 False Threat APT 41 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot In mid-2023, researchers at Volexity detected multiple incidents where StormBamboo, also known as Evasive Panda, used DNS poisoning to compromise systems at the ISP level. ## Description This attack allowed StormBamboo to manipulate DNS responses and target insecure software update mechanisms to surreptitiously install malware on macOS and Windows systems. Key malware deployed included new variants of the MACMA malware, showing a convergence with the GIMMICK malware family. The attackers also utilized a malicious browser extension, RELOADEXT, to exfiltrate email data from victim machines. An analysis revealed that the infection vector was DNS poisoning at the ISP level, redirecting software update requests to attacker-controlled servers. This attack method exploited vulnerabilities in update mechanisms that did not properly validate digital signatures, similar to previous attacks attributed to DriftingBamboo. Volexity confirmed this method in a real-world scenario, highlighting the sophisticated and persistent nature of StormBamboo\'s operations. ## Detections/Hunting Queries **Microsoft Defender Antivirus** Microsoft Defender Antivirus detects the following threat components as malware: - *[Backdoor:MacOS/Macma](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:MacOS/Macma)* ## References [StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms](https://www.volexity.com/blog/2024/08/02/stormbamboo-compromises-isp-to-abuse-insecure-software-update-mechanisms/). Volexity (accessed 2024-08-02) ## Copyright **© Microsoft 2024**. All rights reserved. Reproduction or distribution of the content of this site, or any part thereof, without written permission of Microsoft is prohibit]]> 2024-08-02T19:00:46+00:00 https://community.riskiq.com/article/53b20184 www.secnews.physaphae.fr/article.php?IdArticle=8550030 False Malware,Vulnerability,Threat None 4.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-08-02T17:13:44+00:00 https://community.riskiq.com/article/9f6ee01b www.secnews.physaphae.fr/article.php?IdArticle=8549948 False Ransomware,Malware,Tool,Threat None 3.0000000000000000 HackRead - Chercher Cyber “Panamorfi,” a new DDoS attack, exploits Discord, Minecraft, and Jupyter Notebooks. Cybersecurity researchers warn of this threat targeting…]]> 2024-08-02T16:47:03+00:00 https://hackread.com/panamorfi-ddos-attack-misconfigured-jupyter-notebooks/ www.secnews.physaphae.fr/article.php?IdArticle=8549908 False Threat None 3.0000000000000000 Global Security Mag - Site de news francais rapports spéciaux

---

A recent investigation by Heimdal reveals that the EU is facing a surge in brute force cyber-attacks on corporate and institutional networks, primarily originating from Russia. These attackers exploit Microsoft infrastructure, particularly in Belgium and the Netherlands, to avoid detection. - Special Reports]]> 2024-08-02T15:33:50+00:00 https://www.globalsecuritymag.fr/russia-linked-brute-force-campaign-targets-eu-via-microsoft-infrastructure.html www.secnews.physaphae.fr/article.php?IdArticle=8549878 False Threat None 3.0000000000000000 The Register - Site journalistique Anglais It\'s hard to track down individuals, so why not disrupt the underground market itself? Feature  Some of the world\'s most notorious ransomware and malware-as-a-service (RaaS/MaaS) operators have shut up shop in the past 12 months thanks to international law enforcement efforts, but just because household names like Conti, LockBit, and ALPHV/BlackCat are on the ropes, it doesn\'t mean we\'re free from the threat of commodity malware.…]]> 2024-08-02T14:44:13+00:00 https://go.theregister.com/feed/www.theregister.com/2024/08/02/malware_economy_of_trust/ www.secnews.physaphae.fr/article.php?IdArticle=8549831 False Ransomware,Malware,Threat,Legislation None 3.0000000000000000 Global Security Mag - Site de news francais opinion

---

The CrowdStrike situation is a reminder that delivering software quality at scale is incredibly difficult. While it\'s easy to pile on the criticism, the security industry and its customers should take this opportunity to reflect on our own practices and review our threat models to ensure that when things like this happen in the future–and they will–we have prevention and resilience strategies in place to mitigate the impact. - Opinion]]> 2024-08-02T09:19:09+00:00 https://www.globalsecuritymag.fr/in-the-aftermath-of-the-crowdstrike-outage-the-challenges-of-maintaining.html www.secnews.physaphae.fr/article.php?IdArticle=8549632 False Threat None 3.0000000000000000 InformationSecurityBuzzNews - Site de News Securite A recently discovered vulnerability in the Domain Name System (DNS), dubbed ‘Sitting Ducks,’ has left millions of domains susceptible to hijacking. This attack vector, actively exploited since 2019, enables threat actors to deliver malware, phish, impersonate brands, and exfiltrate data. Researchers at Infoblox and Eclypsium identified the vulnerability, coordinating with law enforcement and national Computer [...]]]> 2024-08-02T06:28:52+00:00 https://informationsecuritybuzz.com/dns-vulnerability-sitting-ducks/ www.secnews.physaphae.fr/article.php?IdArticle=8549513 False Malware,Vulnerability,Threat,Legislation None 3.0000000000000000 ProofPoint - Cyber Firms 2024-08-02T06:00:00+00:00 https://www.proofpoint.com/us/blog/security-awareness-training/unlocking-the-power-of-targeted-learning www.secnews.physaphae.fr/article.php?IdArticle=8547298 False Tool,Vulnerability,Threat,Cloud,Technical None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot TrustedSec identified a new red team post-exploitation framework called "Specula," which leverages a vulnerability in Microsoft Outlook to remotely execute code by setting malicious home pages via registry modifications. ## Description The novel Specula framework exploits [CVE-2017-11774](https://sip.security.microsoft.com/vulnerabilities/vulnerability/CVE-2017-11774/overview), a security feature bypass vulnerability in Outlook that allows threat actors to set a custom Outlook home page via registry keys and run vbscript or jscript to execute arbitrary commands on compromised Windows systems. Despite being patched, attackers can still create malicious home pages using Windows Registry values, enabling them to achieve persistence and laterally spread to other systems. The method is notable for its ability to bypass security software by leveraging Outl]]> 2024-08-02T00:53:15+00:00 https://community.riskiq.com/article/4b71ce29 www.secnews.physaphae.fr/article.php?IdArticle=8549339 False Tool,Vulnerability,Threat APT33,APT 33 3.0000000000000000 Resecurity - cyber risk firms 2024-08-02T00:00:00+00:00 https://www.resecurity.com/blog/article/c2-frameworks-threat-hunting-in-action-with-yara-rules www.secnews.physaphae.fr/article.php?IdArticle=8549949 False Threat None 3.0000000000000000 Dark Reading - Informationweek Branch Researchers say the attacks are easy to perform, difficult to contact, nearly unrecognizable, and "entirely preventable."]]> 2024-08-01T21:18:29+00:00 https://www.darkreading.com/vulnerabilities-threats/sitting-ducks-attacks-create-hijacking-threat-for-domain-name-owners www.secnews.physaphae.fr/article.php?IdArticle=8549198 False Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-08-01T19:22:03+00:00 https://community.riskiq.com/article/63b1cec8 www.secnews.physaphae.fr/article.php?IdArticle=8549150 False Ransomware,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In yet another sign that threat actors are always looking out for new ways to trick users into downloading malware, it has come to light that the question-and-answer (Q&A) platform known as Stack Exchange has been abused to direct unsuspecting developers to bogus Python packages capable of draining their cryptocurrency wallets. "Upon installation, this code would execute automatically,]]> 2024-08-01T19:02:00+00:00 https://thehackernews.com/2024/08/hackers-distributing-malicious-python.html www.secnews.physaphae.fr/article.php?IdArticle=8548885 False Malware,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-08-01T18:42:27+00:00 https://community.riskiq.com/article/d791dc39 www.secnews.physaphae.fr/article.php?IdArticle=8549111 False Malware,Tool,Vulnerability,Threat APT 41 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-08-01T15:51:01+00:00 https://community.riskiq.com/article/767518e9 www.secnews.physaphae.fr/article.php?IdArticle=8548996 True Ransomware,Malware,Tool,Threat,Legislation None 3.0000000000000000 Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique Netskope Threat Labs publie un article de blog de résumé trimestriel des principales menaces que nous suivons sur la plate-forme NetSkope.Cet article vise à fournir une intelligence stratégique et exploitable sur les menaces actives contre les utilisateurs d'entreprise du monde entier.Résumé Les attaquants de livraison de logiciels malveillants cloud tentent de voler sous le radar en livrant du contenu malveillant via des applications cloud populaires.Abuser du nuage [& # 8230;]

---

>Netskope Threat Labs publishes a quarterly summary blog post of the top threats we track on the Netskope platform. This post aims to provide strategic, actionable intelligence on active threats against enterprise users worldwide. Summary Cloud Malware Delivery Attackers attempt to fly under the radar by delivering malicious content via popular cloud apps. Abusing cloud […] ]]> 2024-08-01T15:00:00+00:00 https://www.netskope.com/blog/netskope-threat-labs-quarterly-stats-for-july-2024 www.secnews.physaphae.fr/article.php?IdArticle=8548919 False Malware,Threat,Cloud None 3.0000000000000000 Bleeping Computer - Magazine Américain Researchers are warning of threat actors increasingly abusing the Cloudflare Tunnel service in malware campaigns that usually deliver remote access trojans (RATs). [...]]]> 2024-08-01T14:33:07+00:00 https://www.bleepingcomputer.com/news/security/hackers-abuse-free-trycloudflare-to-deliver-remote-access-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8549076 False Malware,Threat None 3.0000000000000000 ProofPoint - Cyber Firms 2024-08-01T11:50:23+00:00 https://www.proofpoint.com/us/blog/threat-insight/threat-actor-abuses-cloudflare-tunnels-deliver-rats www.secnews.physaphae.fr/article.php?IdArticle=8548693 False Malware,Threat None 3.0000000000000000 Global Security Mag - Site de news francais Points de Vue]]> 2024-08-01T08:34:47+00:00 https://www.globalsecuritymag.fr/la-revolution-de-l-ia-dans-la-lutte-contre-la-fatigue-des-alertes-une-nouvelle.html www.secnews.physaphae.fr/article.php?IdArticle=8548704 False Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-08-01T01:09:55+00:00 https://community.riskiq.com/article/5a21ed31 www.secnews.physaphae.fr/article.php?IdArticle=8548461 False Ransomware,Spam,Malware,Tool,Threat,Studies None 3.0000000000000000 TrendLabs Security - Editeur Antivirus We uncovered a malvertising campaign where the threat actor hijacks social media pages, renames them to mimic popular AI photo editors, then posts malicious links to fake websites.]]> 2024-08-01T00:00:00+00:00 https://www.trendmicro.com/en_us/research/24/h/malvertising-campaign-fake-ai-editor-website-credential-theft.html www.secnews.physaphae.fr/article.php?IdArticle=8548694 False Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-07-31T22:40:07+00:00 https://community.riskiq.com/article/028baa37 www.secnews.physaphae.fr/article.php?IdArticle=8548397 False Ransomware,Spam,Malware,Tool,Vulnerability,Threat,Legislation,Prediction,Cloud None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-07-31T21:17:43+00:00 https://community.riskiq.com/article/7ced2119 www.secnews.physaphae.fr/article.php?IdArticle=8548363 True Ransomware,Spam,Tool,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch 2024-07-31T20:17:42+00:00 https://www.darkreading.com/threat-intelligence/ai-driven-executive-impersonations-emerge-as-significant-threat-to-business-payment-processes www.secnews.physaphae.fr/article.php?IdArticle=8548305 False Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-07-31T20:02:49+00:00 https://community.riskiq.com/article/30e059a3 www.secnews.physaphae.fr/article.php?IdArticle=8548297 True Ransomware,Malware,Tool,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch Malicious actors could potentially exploit this vulnerability if they gain physical access to a user\'s device.]]> 2024-07-31T19:17:20+00:00 https://www.darkreading.com/vulnerabilities-threats/siri-bug-enables-data-theft-on-locked-apple-devices www.secnews.physaphae.fr/article.php?IdArticle=8548264 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind an ongoing malware campaign targeting software developers have demonstrated new malware and tactics, expanding their focus to include Windows, Linux, and macOS systems. The activity cluster, dubbed DEV#POPPER and linked to North Korea, has been found to have singled out victims across South Korea, North America, Europe, and the Middle East. "This form of attack is an]]> 2024-07-31T18:38:00+00:00 https://thehackernews.com/2024/07/north-korea-linked-malware-targets.html www.secnews.physaphae.fr/article.php?IdArticle=8548044 False Malware,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-07-31T18:17:54+00:00 https://community.riskiq.com/article/03d1ee52 www.secnews.physaphae.fr/article.php?IdArticle=8548260 True Ransomware,Malware,Tool,Vulnerability,Threat,Mobile,Industrial,Technical None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-07-31T16:40:35+00:00 https://community.riskiq.com/article/95fcb48e www.secnews.physaphae.fr/article.php?IdArticle=8548188 True Ransomware,Malware,Tool,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Japanese organizations are the target of a Chinese nation-state threat actor that leverages malware families like LODEINFO and NOOPDOOR to harvest sensitive information from compromised hosts while stealthily remaining under the radar in some cases for a time period ranging from two to three years. Israeli cybersecurity company Cybereason is tracking the campaign under the name Cuckoo Spear,]]> 2024-07-31T16:31:00+00:00 https://thehackernews.com/2024/07/chinese-hackers-target-japanese-firms.html www.secnews.physaphae.fr/article.php?IdArticle=8547960 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Companies in Russia and Moldova have been the target of a phishing campaign orchestrated by a little-known cyber espionage group known as XDSpy. The findings come from cybersecurity firm F.A.C.C.T., which said the infection chains lead to the deployment of a malware called DSDownloader. The activity was observed this month, it added. XDSpy is a threat actor of indeterminate origin that was first]]> 2024-07-31T15:07:00+00:00 https://thehackernews.com/2024/07/cyber-espionage-group-xdspy-targets.html www.secnews.physaphae.fr/article.php?IdArticle=8547890 False Malware,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-07-31T15:03:11+00:00 https://community.riskiq.com/article/61e7cc38 www.secnews.physaphae.fr/article.php?IdArticle=8548111 False Ransomware,Malware,Tool,Threat None 3.0000000000000000 Global Security Mag - Site de news francais Produits]]> 2024-07-31T14:42:52+00:00 https://www.globalsecuritymag.fr/cohesity-renforce-la-cyber-resilience-des-entreprises-grace-a-de-nouvelles.html www.secnews.physaphae.fr/article.php?IdArticle=8548084 False Threat,Cloud None 3.0000000000000000 Bleeping Computer - Magazine Américain Google has fallen victim to its own ad platform, allowing threat actors to create fake Google Authenticator ads that push the DeerStealer information-stealing malware. [...]]]> 2024-07-31T13:47:13+00:00 https://www.bleepingcomputer.com/news/security/google-ads-push-fake-google-authenticator-site-installing-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8548194 False Malware,Threat None 3.0000000000000000 Global Security Mag - Site de news francais rapports spéciaux

---

BEC emails see a 20% year-on-year increase, malicious links increase by 74%, and malicious attachments double VIPRE Security Group has unveiled its Q2 2024 Email Threat Trends Report. The report highlights the ingenuity of cyber criminals in using AI to evade detection and maliciously scam individuals and enterprises. VIPRE processed 1.8 billion emails globally, detecting 226.45 million spam emails and 16.91 million malicious URLs to identify the email threat trends that impact enterprises the most. - Special Reports]]> 2024-07-31T12:04:11+00:00 https://www.globalsecuritymag.fr/the-new-face-of-fraud-40-of-business-email-compromise-bec-emails-are-ai.html www.secnews.physaphae.fr/article.php?IdArticle=8547967 False Spam,Threat,Studies None 4.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC affecting 66% of organizations in 2023 and pulling over $1 billion from the victims. These attacks have increased in frequency and sophistication, resulting in significant financial loss, operation disruption, theft of sensitive data, and reduced productivity rates. Also, it damages the organization\'s reputation and results in the loss of customer trust and compliance violations. An organization needs a comprehensive protection strategy to reduce the frequency of these attacks and the risks they pose. Ransomware Business Model: How These Attacks Are Evolving? In the past, ransomware attacks mainly relied on phishing emails, remote desktop protocol exploits, and vulnerable ports to increase their chances of success. Additionally, these attacks employ evasion techniques to bypass traditional security measures like firewalls or antivirus software. These methods have resulted in famous attacks like WannaCry, TeslaCrypt, and NotPetya. With time, ransomware attackers have evolved and have become more sophisticated, targeted, and profitable for cybercriminals. Below is an insight into the latest trends that hackers adopt to launch a successful ransomware attack: Exploiting Zero-Day Vulnerabilities The shift in ransomware gangs and their sophisticated tactics and procedures (TTPs) raise the number of ransomware attacks. . Previously, REvil, Conti, and LockBit were the famous ransomware gangs, but now Clop, Cuban, and Play are gaining immense popularity by employing advanced hacking techniques like zero-day vulnerabilities. Sophos\'s State of Ransomware 2024 revealed exploited vulnerabilities as the root cause of ransomware attacks. The Clop ransomware gang has used the zero-day vulnerability in the MOVEit Transfer platform to steal the sensitive data of different organizations. This group also targeted the GoAnywhere zero-day vulnerability in January 2023, affecting 130 organizations, and exploited the Accellion FTA servers in 2020. Similarly, Cuban and Play used the same attacking technique to compromise the unpatched Microsoft Exchange servers. Double and Triple Extortion Another reason for the rise in ransomware attacks is the introduction of the double or triple extortion technique. Cybersecurity firm Venafi reported that 83% of ransomware attacks included multiple ransom demands in 2022. Cybercriminals encrypt the data, exfiltrate sensitive information, and threaten to release it or sell it on the dark web if the ransom is not paid in a double extortion scheme. This tactic prove]]> 2024-07-31T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/are-ransomware-attacks-still-a-growing-threat-in-2024 www.secnews.physaphae.fr/article.php?IdArticle=8547886 False Ransomware,Malware,Tool,Vulnerability,Threat,Studies,Legislation,Prediction,Medical,Technical NotPetya,Wannacry,Deloitte 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-07-30T21:34:07+00:00 https://community.riskiq.com/article/a8648a54 www.secnews.physaphae.fr/article.php?IdArticle=8547579 False Ransomware,Tool,Threat,Technical None 2.0000000000000000 Dark Reading - Informationweek Branch According to the study, around 400 stolen GenAI credentials are being sold by threat actors per day.]]> 2024-07-30T20:42:59+00:00 https://www.darkreading.com/threat-intelligence/criminal-hackers-add-genai-credentials-to-underground-markets www.secnews.physaphae.fr/article.php?IdArticle=8547525 False Threat,Studies None 3.0000000000000000 Dark Reading - Informationweek Branch With sufficient privileges in Active Directory, attackers only have to create an "ESX Admins" group in the targeted domain and add a user to it.]]> 2024-07-30T20:07:08+00:00 https://www.darkreading.com/cloud-security/ransomware-gangs-exploit-esxi-bug-for-instant-mass-encryption-of-vms www.secnews.physaphae.fr/article.php?IdArticle=8547494 False Ransomware,Threat None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Supply chain and third-party risk AI company Exiger announced on Tuesday the acquisition of software supply chain risk... ]]> 2024-07-30T19:04:29+00:00 https://industrialcyber.co/news/exiger-acquires-adolus-to-boost-software-supply-chain-visibility-in-increased-cyber-threat-environment/ www.secnews.physaphae.fr/article.php?IdArticle=8547460 False Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-07-30T18:39:52+00:00 https://community.riskiq.com/article/76541ce1 www.secnews.physaphae.fr/article.php?IdArticle=8547492 False Ransomware,Malware,Threat None 3.0000000000000000 Global Security Mag - Site de news francais revues de produits

---

Appdome Unveils GenAI-Powered Mobile Threat Resolution New Threat Resolution Center revolutionizes cyber support, dramatically lowering resolution time and getting users back to using the mobile apps they love. - Product Reviews]]> 2024-07-30T18:19:19+00:00 https://www.globalsecuritymag.fr/appdome-announced-its-new-threat-resolution-center.html www.secnews.physaphae.fr/article.php?IdArticle=8547464 False Threat,Mobile None 3.0000000000000000 Global Security Mag - Site de news francais opinion

---

Financial firms are urged to adopt a proactive approach to cybersecurity resilience as the threat landscape continues to evolve - Opinion]]> 2024-07-30T18:15:04+00:00 https://www.globalsecuritymag.fr/financial-firms-are-urged-to-adopt-a-proactive-approach-to-cybersecurity.html www.secnews.physaphae.fr/article.php?IdArticle=8547424 False Threat None 3.0000000000000000 knowbe4 - cybersecurity services ]]> 2024-07-30T17:47:32+00:00 https://blog.knowbe4.com/organizations-prepare-for-ai-based-cyberattacks-as-deepfakes-rise-to-top-concern www.secnews.physaphae.fr/article.php?IdArticle=8547421 False Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-07-30T17:42:47+00:00 https://community.riskiq.com/article/3cb7ee3f www.secnews.physaphae.fr/article.php?IdArticle=8547456 True Ransomware,Malware,Tool,Vulnerability,Threat APT-C-17 3.0000000000000000 Global Security Mag - Site de news francais rapports spéciaux

---

A Dark Web Research Report by Transmit Security Reveals How Threat Actors Are Using GenAI to Fuel Identity Attacks and Fraud - Special Reports]]> 2024-07-30T17:03:19+00:00 https://www.globalsecuritymag.fr/a-dark-web-research-report-by-transmit-security-reveals-how-threat-actors-are.html www.secnews.physaphae.fr/article.php?IdArticle=8547388 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) As more people work remotely, IT departments must manage devices distributed over different cities and countries relying on VPNs and remote monitoring and management (RMM) tools for system administration.  However, like any new technology, RMM tools can also be used maliciously. Threat actors can establish connections to a victim\'s device and run commands, exfiltrate data, and stay]]> 2024-07-30T16:56:00+00:00 https://thehackernews.com/2024/07/the-power-and-peril-of-rmm-tools.html www.secnews.physaphae.fr/article.php?IdArticle=8547264 False Tool,Threat None 3.0000000000000000 CrowdStrike - CTI Society On July 24, 2024, an unattributed threat actor distributed a password-protected installer masquerading as an inauthentic Falcon Crash Reporter Installer to a German entity in an unattributed spear-phishing attempt. Subsequent analysis revealed that executing the installer with the threat actor-provided password leads to a novel execution chain in which an agent written to the Mythic […]]]> 2024-07-30T16:36:41+00:00 https://www.crowdstrike.com/blog/malicious-inauthentic-falcon-crash-reporter-installer-ciro-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8558725 False Threat None 3.0000000000000000