This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-06-26T01:59:55+00:00 www.secnews.physaphae.fr The State of Security - Magazine Américain On June 22nd, 2023, the National Cyber Security Centre ( NCSC ), the UK\'s cybersecurity agency, released a Cyber Threat Report for the country\'s legal sector. Developed to update a previous iteration from 2018, the report reflects a dramatic change in the cybersecurity threat landscape, offering advice that considers the security issues inherent with remote working , new data revealing the UK legal sector\'s vulnerability to cybercrime, and the increasing prevalence of attacks on smaller organizations. Many experts have hailed the NCSC\'s report as the most important of the year - for good...]]> 2023-08-30T02:47:45+00:00 https://www.tripwire.com/state-of-security/updated-ncsc-report-highlights-key-threats-uk-legal-sector www.secnews.physaphae.fr/article.php?IdArticle=8376607 False Vulnerability,Threat None 2.0000000000000000 TrendLabs Security - Editeur Antivirus We break down a new cyberespionage campaign deployed by a cybercriminal group we named Earth Estries. Analyzing the tactics, techniques, and procedures (TTPs) employed, we observed overlaps with the advanced persistent threat (APT) group FamousSparrow as Earth Estries targets governments and organizations in the technology sector.]]> 2023-08-30T00:00:00+00:00 https://www.trendmicro.com/en_us/research/23/h/earth-estries-targets-government-tech-for-cyberespionage.html www.secnews.physaphae.fr/article.php?IdArticle=8376621 False Threat None 2.0000000000000000 Global Security Mag - Site de news francais Interviews / affiche]]> 2023-08-29T23:30:00+00:00 https://www.globalsecuritymag.fr/Wojtek-Sochacki-Lead-detection-chez-Hermes-L-Itineraire-fabuleux-d-un-jeune.html www.secnews.physaphae.fr/article.php?IdArticle=8376241 False Threat None 2.0000000000000000 Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique Pour le travail à distance et les environnements de travail hybrides où nous sommes désormais plus dispersés, le point central de collecte des captures de trafic se trouve dans le cloud.Les équipes de mise en réseau, d'infrastructure, d'exploitation et de sécurité ont besoin d'une visibilité sur le trafic pour le dépannage, la surveillance des performances, la détection des menaces, la découverte des actifs et pour traiter les cas d'utilisation de conformité.En tant que solutions Security Service Edge (SSE) […]

---

>For remote work and hybrid working environments where we are now more dispersed the central collection point for traffic captures is within the cloud. Networking, infrastructure and operations, and security teams require traffic visibility for troubleshooting, performance monitoring, threat detection, discovery of assets, and to address compliance use cases. As security service edge (SSE) solutions […] ]]> 2023-08-29T21:28:41+00:00 https://www.netskope.com/blog/new-cloud-tap-traffic-capture-for-netskope-intelligent-sse www.secnews.physaphae.fr/article.php?IdArticle=8376446 False Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A suspected Chinese-nexus hacking group exploited a recently disclosed zero-day flaw in Barracuda Networks Email Security Gateway (ESG) appliances to breach government, military, defense and aerospace, high-tech industry, and telecom sectors as part of a global espionage campaign. Mandiant, which is tracking the activity under the name UNC4841, described the threat actor as "highly responsive to]]> 2023-08-29T20:24:00+00:00 https://thehackernews.com/2023/08/chinese-hacking-group-exploits.html www.secnews.physaphae.fr/article.php?IdArticle=8376270 False Threat None 2.0000000000000000 Global Security Mag - Site de news francais Rapports spéciaux

---

The Emergence of Ransomed: An Uncertain Cyber Threat in the Making On August 15, 2023, Ransomed emerged as a new illicit forum. It quickly rebranded as a ransomware blog soon after, and is using data protection laws to pressure victims for financial gain. - Special Reports]]> 2023-08-29T17:14:24+00:00 https://www.globalsecuritymag.fr/The-Emergence-of-Ransomed-An-Uncertain-Cyber-Threat-in-the-Making.html www.secnews.physaphae.fr/article.php?IdArticle=8376342 False Ransomware,Threat None 3.0000000000000000 Checkpoint - Fabricant Materiel Securite Nous sommes fiers d'annoncer que Check Point Software a été nommé leader de l'innovation et de la croissance dans le cadre du Frost Radar™Rapport de détection et de réponse étendu !« XDR est un outil essentiel qui se distingue en fournissant aux organisations une détection et une réponse aux menaces à plusieurs niveaux, nécessaires pour protéger les actifs critiques de l'entreprise à l'ère des attaques sophistiquées », déclare Lucas Ferreyra, analyste du secteur de la cybersécurité chez Frost &.;Sullivan.« En tant qu'acteur récent sur le marché XDR, nous pensons que la solution Check Point Horizon XDR/XPR possède d'excellentes capacités de détection, d'intégration et de visibilité des menaces, ainsi que plusieurs innovations louables qui offrent des […]

---

We are proud to announce that Check Point Software has been named an innovation and growth leader in the 2023 Frost Radar™ Extended Detection and Response Report! “XDR is an essential tool that distinguishes itself by providing organizations with cross-layered threat detection and response, which is needed to safeguard business-critical assets in the age of sophisticated attacks,” says Lucas Ferreyra, Cybersecurity Industry Analyst at Frost & Sullivan. “As a recent entrant into the XDR market, we believe that the Check Point Horizon XDR/XPR solution has excellent threat detection, integration, and visibility capabilities, along with several commendable innovations that deliver high-end […] ]]> 2023-08-29T16:52:36+00:00 https://blog.checkpoint.com/security/check-point-software-xdr-leader-in-frost-radar-2023-report/ www.secnews.physaphae.fr/article.php?IdArticle=8376314 False Tool,Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Sophos X-Ops suspects the involvement of a well-known ransomware threat actor known as STAC4663]]> 2023-08-29T15:30:00+00:00 https://www.infosecurity-magazine.com/news/ransomware-targets-citrix/ www.secnews.physaphae.fr/article.php?IdArticle=8376294 False Ransomware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Unpatched Citrix NetScaler systems exposed to the internet are being targeted by unknown threat actors in what\'s suspected to be a ransomware attack. Cybersecurity company Sophos is tracking the activity cluster under the moniker STAC4663. Attack chains involve the exploitation of CVE-2023-3519, a critical code injection vulnerability impacting NetScaler ADC and Gateway servers that could]]> 2023-08-29T14:47:00+00:00 https://thehackernews.com/2023/08/citrix-netscaler-alert-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=8376137 False Ransomware,Vulnerability,Threat None 3.0000000000000000 SecurityWeek - Security News Les acteurs chinois exploitant les appliances Barracuda ESG ont déployé des mécanismes de persistance en préparation des efforts de remédiation.

---

>Chinese threat actor exploiting Barracuda ESG appliances deployed persistence mechanisms in preparation for remediation efforts. ]]> 2023-08-29T13:00:43+00:00 https://www.securityweek.com/chinese-apt-was-prepared-for-remediation-efforts-in-barracuda-esg-zero-day-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8376269 False Threat None 2.0000000000000000 Recorded Future - FLux Recorded Future Selon le dernier rapport sur les menaces de Meta, de faux articles se faisant passer pour des articles légitimes du Washington Post et de Fox News ont été diffusés en ligne par une campagne de désinformation russe visant à saper le soutien occidental à l'Ukraine.Les tentatives relativement nouvelles visant à usurper les organisations médiatiques aux États-Unis s'étendent sur le ciblage concentré précédent de la campagne sur l'Allemagne,

---

Fake articles masquerading as legitimate stories from The Washington Post and Fox News were spread online by a Russian disinformation campaign attempting to undermine Western support for Ukraine, according to Meta\'s latest threat report. The relatively new moves to spoof media organizations in the United States expands upon the campaign\'s previous concentrated targeting of Germany,]]> 2023-08-29T12:00:00+00:00 https://therecord.media/russians-fake-news-anti-ukraine www.secnews.physaphae.fr/article.php?IdArticle=8376190 False Threat None 4.0000000000000000 Zimperium - cyber risk firms for mobile Le 10 août 2023, le rapport du Département américain de la sécurité intérieure (DHS) a publié le rapport du Cyber Safety Review Board (CSRB) résumant les conclusions de son examen dans les activités du groupe d'acteur de menace Lapsus $, qui, à la fin de 2021 et à continuerà la fin de 2022, a tenté d'extorquer des dizaines de mondiaux bien connus [& # 8230;]

---

>On August 10, 2023, the U.S. Department of Homeland Security (DHS) released the Cyber Safety Review Board (CSRB) report summarizing the findings of its review into the activities of threat actor group Lapsus$, who, beginning in late 2021 and continuing into late 2022, attempted to extort dozens of well-known global […] ]]> 2023-08-29T11:00:00+00:00 https://www.zimperium.com/blog/unveiling-the-tactics-of-lapsus-a-review-of-internal-attacks-vectors-mobile-device-exploitation-and-social-engineering-techniques/ www.secnews.physaphae.fr/article.php?IdArticle=8418417 False Threat,Mobile None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC NotPetya malware was concealed in a software update for a widely-used tax program in Ukraine. Though primarily affecting IT networks, the malware caused shutdowns in industrial operations, illustrating how a corrupted element in the supply chain can have far-reaching effects on both IT and OT systems. These real-world incidents emphasize the multifaceted nature of cybersecurity risks within interconnected ICS/OT systems. They serve as a prelude to a deeper exploration of specific challenges and vulnerabilities, including: Malware attacks on ICS/OT: Specific targeting of components can disrupt operations and cause physical damage. Third-party vulnerabilities: Integration of third-party systems within the supply chain can create exploitable weak points. Data integrity issues: Unauthorized data manipulation within ICS/OT systems can lead to faulty decision-making. Access control challenges: Proper identity and access management within complex environments are crucial. Compliance with best practices: Adherence to guidelines such as NIST\'s best practices is essential for resilience. Rising threats in manufacturing: Unique challenges include intellectual property theft and process disruptions. Traditional defenses are proving inadequate, and a multifaceted strategy, including technologies like Content Disarm and Reconstruction (CDR), is required to safeguard these vital systems. Supply chain defense: The power of content disarm and reconstruction Content Disarm and Reconstruction (CDR) is a cutting-edge technology. It operates on a simple, yet powerful premise based on the Zero Trust principle: all files could be malicious. What does CDR do? In the complex cybersecurity landscape, CDR stands as a unique solution, transforming the way we approach file safety. Sanitizes and rebuilds files: By treating every file as potentially harmful, CDR ensures they are safe for use while mainta]]> 2023-08-29T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/battling-malware-in-the-industrial-supply-chain www.secnews.physaphae.fr/article.php?IdArticle=8376274 False Malware,Vulnerability,Threat,Industrial,Cloud NotPetya,Solardwinds,Wannacry 2.0000000000000000 Mandiant - Blog Sécu de Mandiant un article de blog détaillant un espionnage global de 8 mois Un4841 .Dans cet article de blog de suivi, nous détaillerons des tactiques, des techniques et des procédures supplémentaires (TTP) employés par UNC4841 qui ont depuis été découverts par le biais des engagements de réponse aux incidents de Mandiant, ainsi que par des efforts de collaboration avec les réseaux de Barracuda et notrePartenaires du gouvernement international. Au cours de cet article de blog, Mandiant détaillera comment UNC4841 a continué à montrer la sophistication et l'adaptabilité dans

---

On June 15, 2023, Mandiant released a blog post detailing an 8-month-long global espionage campaign conducted by a Chinese-nexus threat group tracked as UNC4841. In this follow-up blog post, we will detail additional tactics, techniques, and procedures (TTPs) employed by UNC4841 that have since been uncovered through Mandiant\'s incident response engagements, as well as through collaborative efforts with Barracuda Networks and our International Government partners.  Over the course of this blog post, Mandiant will detail how UNC4841 has continued to show sophistication and adaptability in]]> 2023-08-29T07:00:00+00:00 https://www.mandiant.com/resources/blog/unc4841-post-barracuda-zero-day-remediation www.secnews.physaphae.fr/article.php?IdArticle=8377325 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered a case of privilege escalation associated with a Microsoft Entra ID (formerly Azure Active Directory) application by taking advantage of an abandoned reply URL. "An attacker could leverage this abandoned URL to redirect authorization codes to themselves, exchanging the ill-gotten authorization codes for access tokens," Secureworks Counter Threat Unit (]]> 2023-08-28T21:35:00+00:00 https://thehackernews.com/2023/08/experts-uncover-how-cybercriminals.html www.secnews.physaphae.fr/article.php?IdArticle=8375782 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cyber attacks on e-commerce applications are a common trend in 2023 as e-commerce businesses become more omnichannel, they build and deploy increasingly more API interfaces, with threat actors constantly exploring more ways to exploit vulnerabilities. This is why regular testing and ongoing monitoring are necessary to fully protect web applications, identifying weaknesses so they can be]]> 2023-08-28T16:57:00+00:00 https://thehackernews.com/2023/08/cyberattacks-targeting-e-commerce.html www.secnews.physaphae.fr/article.php?IdArticle=8375669 False Threat,Prediction None 2.0000000000000000 Global Security Mag - Site de news francais Produits]]> 2023-08-28T14:37:48+00:00 https://www.globalsecuritymag.fr/Dynatrace-devoile-Security-Analytics.html www.secnews.physaphae.fr/article.php?IdArticle=8375743 False Threat None 3.0000000000000000 Checkpoint Research - Fabricant Materiel Securite Pour connaître les dernières découvertes en matière de cyber-recherche pour la semaine du 28 août, veuillez télécharger notre Bulletin Threat_Intelligence PRINCIPALES ATTAQUES ET VIOLATIONS Une campagne d'espionnage en cours ciblant des dizaines d'organisations à Taiwan a été découverte.Les chercheurs ont attribué cette activité à un groupe chinois APT surnommé Flax Typhoon, qui chevauche Ethereal Panda.La menace […]

---

>For the latest discoveries in cyber research for the week of 28th August, please download our Threat_Intelligence Bulletin TOP ATTACKS AND BREACHES An ongoing espionage campaign targeting dozens of organizations in Taiwan has been discovered. Researchers have attributed the activity to a Chinese APT group dubbed Flax Typhoon, which overlaps with Ethereal Panda. The threat […] ]]> 2023-08-28T12:12:18+00:00 https://research.checkpoint.com/2023/28th-august-threat-intelligence-report/ www.secnews.physaphae.fr/article.php?IdArticle=8375664 False Threat None 2.0000000000000000 Bleeping Computer - Magazine Américain Threat actors take advantage of common password mistakes to breach corporate networks. Learn more from Specops Software on the four most common mistakes and how to strengthen your Active Directory against these risks. [...]]]> 2023-08-28T10:02:01+00:00 https://www.bleepingcomputer.com/news/security/four-common-password-mistakes-hackers-love-to-exploit/ www.secnews.physaphae.fr/article.php?IdArticle=8375713 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The leak of the LockBit 3.0 ransomware builder last year has led to threat actors abusing the tool to spawn new variants. Russian cybersecurity company Kaspersky said it detected a ransomware intrusion that deployed a version of LockBit but with a markedly different ransom demand procedure. "The attacker behind this incident decided to use a different ransom note with a headline related to a]]> 2023-08-26T15:56:00+00:00 https://thehackernews.com/2023/08/lockbit-30-ransomware-builder-leak.html www.secnews.physaphae.fr/article.php?IdArticle=8374839 False Ransomware,Tool,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In today\'s digital landscape, your business data is more than just numbers-it\'s a powerhouse. Imagine leveraging this data not only for profit but also for enhanced AI and Machine Learning (ML) threat detection. For companies like Comcast, this isn\'t a dream. It\'s reality. Your business comprehends its risks, vulnerabilities, and the unique environment in which it operates. No generic,]]> 2023-08-25T17:19:00+00:00 https://thehackernews.com/2023/08/learn-how-your-business-data-can.html www.secnews.physaphae.fr/article.php?IdArticle=8374508 False Threat,General Information None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A nation-state activity group originating from China has been linked to cyber attacks on dozens of organizations in Taiwan as part of a suspected espionage campaign. The Microsoft Threat Intelligence team is tracking the activity under the name Flax Typhoon, which is also known as Ethereal Panda. "Flax Typhoon gains and maintains long-term access to Taiwanese organizations\' networks with minimal]]> 2023-08-25T16:11:00+00:00 https://thehackernews.com/2023/08/china-linked-flax-typhoon-cyber.html www.secnews.physaphae.fr/article.php?IdArticle=8374472 False Threat None 2.0000000000000000 Dark Reading - Informationweek Branch Using AI for threat detection and response is essential - but it can\'t replace human intelligence, expertise, and intuition.]]> 2023-08-25T14:00:00+00:00 https://www.darkreading.com/cloud/is-bias-in-ai-algorithms-a-threat-to-cloud-security www.secnews.physaphae.fr/article.php?IdArticle=8374522 False Threat,Cloud None 2.0000000000000000 Checkpoint - Fabricant Materiel Securite Selon cybersecurityventures.com, les postes vacants en matière de cybersécurité atteindront 3,5 millions en 2023, dont plus de 750 000 aux États-Unis. Le manque de talents dans ce domaine peut conduire à une détection inadéquate des menaces, à une sécurité et à une conformité plus faibles.problèmes.Pour combler cette lacune, les organisations cherchent à sous-traiter les opérations et la maintenance quotidiennes à des prestataires informatiques et de sécurité.Voici sept façons dont une solution SASE peut vous aider : Sécurité mise à jour en permanence Garder une longueur d'avance sur les cybermenaces nécessite des mécanismes de défense en temps réel.Une solution SASE fournit les dernières informations sur les menaces pour bloquer automatiquement les derniers sites de logiciels malveillants et de phishing.Cela minimise […]

---

>According to cybersecurityventures.com unfilled cyber security positions will hit 3.5 million in 2023, with more than 750,000 of those positions based in the U.S. The lack of talent in this area can lead to inadequate threat detection, weaker security, and compliance issues. To address this gap, organizations are looking to outsource day-to-day operations and maintenance to IT and security providers. Here are seven ways a SASE solution can help: Continuously Updated Security Staying ahead of cyber threats requires real-time defense mechanisms. A SASE solution provides the latest threat intelligence to automatically block the newest malware and phishing sites. This minimizes […] ]]> 2023-08-25T13:00:49+00:00 https://blog.checkpoint.com/security/how-to-close-the-it-talent-gap-with-a-sase-solution/ www.secnews.physaphae.fr/article.php?IdArticle=8374493 False Malware,Threat None 2.0000000000000000 Soc Radar - Blog spécialisé SOC In the world of cybersecurity, vulnerability intelligence is like a guiding light for experts dealing... ]]> 2023-08-25T12:30:00+00:00 https://socradar.io/navigating-the-cyber-threat-landscape-with-socradars-vulnerability-intelligence-and-cveradar/ www.secnews.physaphae.fr/article.php?IdArticle=8374494 False Vulnerability,Threat None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC 2023-08-25T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/the-sec-demands-more-transparency-about-cybersecurity-incidents-in-public-companies www.secnews.physaphae.fr/article.php?IdArticle=8374424 False Vulnerability,Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Threat actors use unique infection chains to deploy QakBot malware]]> 2023-08-25T06:30:00+00:00 https://www.infosecurity-magazine.com/news/creative-qakbot-attack-tactics/ www.secnews.physaphae.fr/article.php?IdArticle=8374380 False Malware,Threat None 3.0000000000000000 AhnLab - Korean Security Firm Le centre de réponse d'urgence de sécurité (ASEC) d'AhnLab a récemment découvert des cas de proxyjacking ciblant des serveurs MS-SQL mal gérés..Les serveurs MS-SQL accessibles au public avec des mots de passe simples sont l'un des principaux vecteurs d'attaque utilisés pour cibler les systèmes Windows.En règle générale, les acteurs malveillants ciblent les serveurs MS-SQL mal gérés et tentent d'y accéder par force brute ou par dictionnaire.En cas de succès, ils installent des logiciels malveillants sur le système infecté.Les acteurs malveillants installent LoveMiner sur des serveurs MS-SQL depuis un certain temps, et leur...

---

AhnLab Security Emergency response Center (ASEC) has recently discovered cases of proxyjacking targeting poorly managed MS-SQL servers. Publicly accessible MS-SQL servers with simple passwords are one of the main attack vectors used when targeting Windows systems. Typically, threat actors target poorly managed MS-SQL servers and attempt to gain access through brute force or dictionary attacks. If successful, they install malware on the infected system. The threat actors have been installing LoveMiner on MS-SQL servers for quite some time, and their... ]]> 2023-08-24T23:52:31+00:00 https://asec.ahnlab.com/en/56350/ www.secnews.physaphae.fr/article.php?IdArticle=8374274 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korea-linked threat actor known as Lazarus Group has been observed exploiting a now-patched critical security flaw impacting Zoho ManageEngine ServiceDesk Plus to distribute a remote access trojan called such as QuiteRAT. Targets include internet backbone infrastructure and healthcare entities in Europe and the U.S., cybersecurity company Cisco Talos said in a two-part analysis]]> 2023-08-24T20:46:00+00:00 https://thehackernews.com/2023/08/lazarus-group-exploits-critical-zoho.html www.secnews.physaphae.fr/article.php?IdArticle=8374129 False Malware,Threat APT 38,APT 38 2.0000000000000000 Cisco - Security Firm Blog Cisco has observed instances where threat actors appear to be targeting organizations that do not configure multi-factor authentication for their VPN users. This highlights the importance of enabling multi-factor authentication (MFA) in VPN implementations.]]> 2023-08-24T20:00:32+00:00 https://blogs.cisco.com/security/akira-ransomware-targeting-vpns-without-multi-factor-authentication www.secnews.physaphae.fr/article.php?IdArticle=8374483 False Ransomware,Threat None 2.0000000000000000 RedCanary - Red Canary We\'ve refreshed our popular Incident Response Guide to help your team address new obstacles in the ever-evolving cloud threat landscape.]]> 2023-08-24T18:56:27+00:00 https://redcanary.com/blog/incident-response-and-readiness-guide/ www.secnews.physaphae.fr/article.php?IdArticle=8374176 False Threat,Cloud None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new financially motivated operation is leveraging a malicious Telegram bot to help threat actors scam their victims. Dubbed Telekopye, a portmanteau of Telegram and kopye (meaning "spear" in Russian), the toolkit functions as an automated means to create a phishing web page from a premade template and send the URL to potential victims, codenamed Mammoths by the criminals. "This toolkit is]]> 2023-08-24T18:03:00+00:00 https://thehackernews.com/2023/08/new-telegram-bot-telekopye-powering.html www.secnews.physaphae.fr/article.php?IdArticle=8374067 False Threat None 3.0000000000000000 Dark Reading - Informationweek Branch Thanks to a simple Telegram bot that democratizes phishing, ordinary Russians can conduct full-fledged phishing attacks with zero technical knowhow.]]> 2023-08-24T17:46:00+00:00 https://www.darkreading.com/threat-intelligence/ebay-users-russian-telekopye-telegram-phishing-bot www.secnews.physaphae.fr/article.php?IdArticle=8374164 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The SmokeLoader malware is being used to deliver a new Wi-Fi scanning malware strain called Whiffy Recon on compromised Windows machines. "The new malware strain has only one operation. Every 60 seconds it triangulates the infected systems\' positions by scanning nearby Wi-Fi access points as a data point for Google\'s geolocation API," Secureworks Counter Threat Unit (CTU) said in a statement]]> 2023-08-24T16:54:00+00:00 https://thehackernews.com/2023/08/new-whiffy-recon-malware-triangulates.html www.secnews.physaphae.fr/article.php?IdArticle=8374039 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A recently patched security flaw in the popular WinRAR archiving software has been exploited as a zero-day since April 2023, new findings from Group-IB reveal. The vulnerability, cataloged as CVE-2023-38831, allows threat actors to spoof file extensions, thereby making it possible to launch malicious scripts contained within an archive that masquerades as seemingly innocuous image or text files.]]> 2023-08-24T16:42:00+00:00 https://thehackernews.com/2023/08/winrar-security-flaw-exploited-in-zero.html www.secnews.physaphae.fr/article.php?IdArticle=8374040 False Threat None 2.0000000000000000 Bleeping Computer - Magazine Américain Ransomware threat actors are spending less time on compromised networks before security solutions sound the alarm. In the first half of the year the hackers\' median dwell time dropped to five days from nine in 2022 [...]]]> 2023-08-24T14:18:04+00:00 https://www.bleepingcomputer.com/news/security/ransomware-hackers-dwell-time-drops-to-5-days-rdp-still-widely-used/ www.secnews.physaphae.fr/article.php?IdArticle=8374177 False Ransomware,Threat None 2.0000000000000000 Global Security Mag - Site de news francais opinion

---

The Biggest Threat to Consumer Electronics is Data Security, says Web3 and IT Expert Simon Bain - Opinion]]> 2023-08-24T13:24:12+00:00 https://www.globalsecuritymag.fr/Data-security-is-the-biggest-threat-to-consumer-electronics-according-to-Simon.html www.secnews.physaphae.fr/article.php?IdArticle=8374084 False Threat None 2.0000000000000000 Checkpoint - Fabricant Materiel Securite Le tunneling DNS est probablement considéré comme une relique des premiers jours d'Internet, à l'époque où les premiers pare-feu ont été déployés et que l'analyse des logiciels malveillants était un peu plus simple qu'aujourd'hui.Bien que les attaquants aient évolué, en utilisant la stéganographie et le chiffrement pour communiquer sur HTTP, le tunneling DNS n'est pas obsolète.En fait, les acteurs de logiciels malveillants modernes continuent de s'engager dans des tunnelings DNS, comme en témoignent les infections de Coinloader, rapportées pour la première fois par Avira.Même aujourd'hui, nous voyons de nouvelles utilisations du tunneling DNS par des pirates.En fait, notre analyse du tunneling DNS confirme que les acteurs de la menace utilisent toujours cette technique, y compris les acteurs et les cybercriminels parrainés par l'État.[& # 8230;]

---

>DNS Tunneling is probably considered a relic of the early Internet days, back when the first firewalls were deployed and malware analysis was a little bit simpler than it is today. Though attackers have evolved, using steganography and encryption to communicate over HTTP, DNS Tunneling is not obsolete. In fact, modern malware actors continue to engage in DNS Tunneling, as evidenced by the CoinLoader infections, first reported by Avira. Even today, we see new uses of DNS Tunneling by hackers. In fact, our analysis of DNS Tunneling confirms threat actors are still using this technique, including state-sponsored actors and cybercriminals. […] ]]> 2023-08-24T13:00:34+00:00 https://blog.checkpoint.com/security/preventing-dns-tunneling-with-artificial-intelligence/ www.secnews.physaphae.fr/article.php?IdArticle=8374055 False Malware,Threat None 2.0000000000000000 Security Intelligence - Site de news Américain Début juillet, la nouvelle a annoncé que les acteurs de la menace en Chine ont utilisé un défaut de sécurité Microsoft pour exécuter un espionnage hautement ciblé et sophistiqué contre des dizaines d'entités.Les victimes comprenaient le secrétaire au commerce américain, plusieurs responsables du Département d'État américain et d'autres organisations qui ne sont pas encore nommées publiquement.Les responsables et les chercheurs craignent que les produits Microsoft soient [& # 8230;]

---

>In early July, the news broke that threat actors in China used a Microsoft security flaw to execute highly targeted and sophisticated espionage against dozens of entities. Victims included the U.S. Commerce Secretary, several U.S. State Department officials and other organizations not yet publicly named. Officials and researchers alike are concerned that Microsoft products were […] ]]> 2023-08-24T13:00:00+00:00 https://securityintelligence.com/articles/lessons-learned-from-the-microsoft-cloud-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8374103 False Threat,Cloud None 3.0000000000000000 Dark Reading - Informationweek Branch The world\'s most notorious threat actor is using an unprecedented tactic for sneaking spyware into the IT networks of important companies.]]> 2023-08-24T12:05:00+00:00 https://www.darkreading.com/attacks-breaches/north-koreas-lazarus-group-used-gui-framework-to-build-stealthy-rat www.secnews.physaphae.fr/article.php?IdArticle=8374035 False Threat APT 38,APT 38 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC 2023-08-24T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/is-cybersecurity-as-a-service-csaas-the-answer-move-faster-do-more www.secnews.physaphae.fr/article.php?IdArticle=8373993 False Tool,Threat None 2.0000000000000000 IT Security Guru - Blog Sécurité At the IT Security Guru we\'re showcasing organisations that are passionate about making cybersecurity a healthier, more mindful industry. This week, Jack Chapman, VP of Threat Intelligence at Egress, spoke to the Gurus about the human side of phishing, leading by example, and eradicating blame culture. When it comes to mental health and wellbeing support, […] ]]> 2023-08-24T09:44:06+00:00 https://www.itsecurityguru.org/2023/08/24/cyber-mindfulness-corner-company-spotlight-egress/?utm_source=rss&utm_medium=rss&utm_campaign=cyber-mindfulness-corner-company-spotlight-egress www.secnews.physaphae.fr/article.php?IdArticle=8373991 False Threat None 2.0000000000000000 Mandiant - Blog Sécu de Mandiant

---

Artificial intelligence (AI) and large language models (LLMs) can help threat intelligence teams to detect and understand novel threats at scale, reduce burnout-inducing toil, and grow their existing talent by democratizing access to subject matter expertise. However, broad access to foundational Open Source Intelligence (OSINT) data and AI/ML technologies has quickly led to an overwhelming amount of noise for users to sift through. Mandiant, by contrast, takes a more nuanced approach to fuse industry-leading expertise, unique proprietary data sources, and cutting-edge ML to enable a holistic]]> 2023-08-24T09:00:00+00:00 https://www.mandiant.com/resources/blog/ai-five-phases-intelligence-lifecycle www.secnews.physaphae.fr/article.php?IdArticle=8377326 False Threat None 4.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine A Sophos report finds that attackers are adapting their approaches in the face of improved detection capabilities]]> 2023-08-24T08:00:00+00:00 https://www.infosecurity-magazine.com/news/attack-dwell-times-faster/ www.secnews.physaphae.fr/article.php?IdArticle=8373957 False Threat None 2.0000000000000000 Global Security Mag - Site de news francais Malwares]]> 2023-08-24T07:29:08+00:00 https://www.globalsecuritymag.fr/Les-risques-de-cyberattaques-n-ont-jamais-ete-aussi-eleves-ces-trois-dernieres.html www.secnews.physaphae.fr/article.php?IdArticle=8373959 False Threat None 2.0000000000000000 Techworm - News therecord qu'il a été gratté des informations de profil public, mais aucune violation ou piratage de données ne s'était produit. Ils ont ajouté qu'une enquête interne était en cours pour découvrir la nécessité de mesures de sécurité supplémentaires. Cependant, ils n'ont pas mentionné le fait que les adresses e-mail privées, qui ne sont pas publiques, faisaient également partie des données exposées. Récemment, l'ensemble de données d'utilisateur 2,6 millions de grattes avec toutes les informations a été publié sur une nouvelle version du forum de piratage violé pour 8 crédits de site, d'une valeur de 2,13 $, qui a été repéré pour la première fois par vx-underground . "Hello BreachForums Community, aujourd'hui, j'ai téléchargé le Scrape Duolingo pour que vous puissiez télécharger, merci d'avoir lu et apprécié!"lit un article sur le forum de piratage. Ces données ont été grattées en exploitant la vulnérabilité dans l'interface de programmation d'applications (API) de Duolingo, qui permet à quiconque de soumettre un nom d'utilisateur et de récupérer une sortie JSON comprenant des informations de profil public de l'utilisateur (nom, nom,e-mail, langues étudiées). L'API exposée est diffusée ouvertement et connue depuis au moins mars 2023. De plus, les chercheurs tweetent et documentant publiquement comment utiliser l'API. Selon VX-Underground, les pirates peuvent facilement exploiter ce défaut en soumettant une adresse e-mail dans l'API pour confirmer si elle est liée à un compte Duolingo valide.Ils avertissent que les données divulguées pourraient être utilisées pour le doxxing et peuvent également conduire à des attaques de phishing ciblées. BleepingComputer a confirmé que l'API est toujours accessible au public malgré le fait que Duolingo soit informé qu'il était ouvert en janvier 2023. Duolingo n'a pas encore répondu à la ]]> 2023-08-24T06:04:03+00:00 https://www.techworm.net/2023/08/hacker-dumps-data-million-duolingo-users.html www.secnews.physaphae.fr/article.php?IdArticle=8393059 False Data Breach,Hack,Vulnerability,Threat None 2.0000000000000000 CVE Liste - Common Vulnerability Exposure Craft is a CMS for creating custom digital experiences on the web and beyond. Bypassing the validatePath function can lead to potential remote code execution. This vulnerability can lead to malicious control of vulnerable systems and data exfiltrations. Although the vulnerability is exploitable only in the authenticated users, configuration with ALLOW_ADMIN_CHANGES=true, there is still a potential security threat (Remote Code Execution). This issue has been patched in version 4.4.15 and version 3.8.15.]]> 2023-08-23T21:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40035 www.secnews.physaphae.fr/article.php?IdArticle=8373843 False Vulnerability,Threat None None Dark Reading - Informationweek Branch Attacks targeting the now-patched bug have been going on since at least April 2023, security vendor says.]]> 2023-08-23T21:15:00+00:00 https://www.darkreading.com/attacks-breaches/threat-actor-exploits-zero-day-in-winrar-to-target-crypto-accounts www.secnews.physaphae.fr/article.php?IdArticle=8373824 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Federal Bureau of Investigation (FBI) on Tuesday warned that threat actors affiliated with North Korea may attempt to cash out stolen cryptocurrency worth more than $40 million. The law enforcement agency attributed the blockchain activity to an adversary the U.S. government tracks as TraderTraitor, which is also known by the name Jade Sleet. An investigation undertaken by the FBI found]]> 2023-08-23T18:13:00+00:00 https://thehackernews.com/2023/08/north-korean-affiliates-suspected-in.html www.secnews.physaphae.fr/article.php?IdArticle=8373643 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A Syrian threat actor named EVLF has been outed as the creator of malware families CypherRAT and CraxsRAT. "These RATs are designed to allow an attacker to remotely perform real-time actions and control the victim device\'s camera, location, and microphone," Cybersecurity firm Cyfirma said in a report published last week. CypherRAT and CraxsRAT are said to be offered to other cybercriminals as]]> 2023-08-23T17:14:00+00:00 https://thehackernews.com/2023/08/syrian-threat-actor-evlf-unmasked-as.html www.secnews.physaphae.fr/article.php?IdArticle=8373615 False Malware,Threat None 3.0000000000000000 Global Security Mag - Site de news francais opinion

---

World Internaut Day: Navigating the Digital Realm Safely Begins with Understanding the Threat Landscape • As Statista underscores, a substantial portion of the global population, over two-thirds to be precise, is deeply embedded in the digital ecosystem, spending an average of 6.4 hours online every day. • The past year witnessed an alarming 38% surge in cyberattacks, underscoring the absolute necessity for vigilant and proactive online security. - Opinion]]> 2023-08-23T15:42:28+00:00 https://www.globalsecuritymag.fr/World-Internaut-Day-Navigating-the-Digital-Realm-Safely-Begins-with.html www.secnews.physaphae.fr/article.php?IdArticle=8373721 False Threat None 2.0000000000000000 InformationSecurityBuzzNews - Site de News Securite St Helens Borough Council in Merseyside has fallen victim to a suspected ransomware attack, according to an official statement released on Monday, August 21. The local authority has described the incident as a “complex and evolving situation,” with cybersecurity experts currently investigating the breach. The ransomware attack, a type of cyber threat where criminals encrypt […]]]> 2023-08-23T12:59:35+00:00 https://informationsecuritybuzz.com/st-helens-council-targeted-in-suspected-ransomware-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8373631 False Ransomware,Threat None 3.0000000000000000 InformationSecurityBuzzNews - Site de News Securite St Helens Borough Council in Merseyside has fallen victim to a suspected ransomware attack, according to an official statement released on Monday, August 21. The local authority has described the incident as a “complex and evolving situation,” with cybersecurity experts currently investigating the breach. The ransomware attack, a type of cyber threat where criminals encrypt […]]]> 2023-08-23T12:59:35+00:00 https://informationsecuritybuzz.com/st-helens-council-targeted-in-suspected-ransomware-attack/?utm_source=rss&utm_medium=rss&utm_campaign=st-helens-council-targeted-in-suspected-ransomware-attack www.secnews.physaphae.fr/article.php?IdArticle=8374088 False Ransomware,Threat None 2.0000000000000000 Global Security Mag - Site de news francais Business]]> 2023-08-23T10:40:58+00:00 https://www.globalsecuritymag.fr/Tanium-rejoint-la-Joint-Cyber-Defense-Collaboration.html www.secnews.physaphae.fr/article.php?IdArticle=8373594 False Threat None 2.0000000000000000 Network World - Magazine Info Package Versa Sase qui inclut SD WAN, un pare-feu de nouvelle génération et d'application Web, la prévention des intrusions, le support zéro fiducie et la prévention de la perte de données. Pour lire cet article en entier, veuillez cliquer ici

---

Versa is bolstering the AI security management features of its integrated Secure Access Service Edge (SASE) package to include improved malware detection for Advanced Threat Protection, network microsegmention and generative AI protection to help customers better detect and quickly mitigate threats to their networked service and applications.The vendor supports AI in its integrated Versa SASE package that includes SD WAN, a next-generation and web application firewall, intrusion prevention, zero trust support and data loss prevention.To read this article in full, please click here]]> 2023-08-23T10:00:00+00:00 https://www.networkworld.com/article/3705056/versa-enhances-sase-package-with-ai-based-security-tools.html#tk.rss_security www.secnews.physaphae.fr/article.php?IdArticle=8373748 False Malware,Tool,Threat None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Unified endpoint management (UEM) has played a significant role over the years in enabling companies to improve the productivity and security of their corporate mobile devices and applications. In the early days of endpoint management there were separate workflows and products as it pertains to traditional endpoints, such as desktops and laptops, versus mobile devices. Over time, administrators grew frustrated with the number of tools they were required to learn and manage so developers moved toward an integrated solution where all endpoint devices, regardless of type, could be inventoried, managed, and have consistent policies applied through a single pane of glass. Today, UEMs allow IT administrators to be more productive by enabling them to set and enforce policies as to the type of data and applications an employee can access, providing the administrators with granular control and more effective security. These UEM platforms boast security features including the ability to identify jailbroken or rooted devices, enforcing passcodes, and enabling companies to wipe the data from mobile devices in the event they become lost or stolen. In general, UEMs have and continue to play an integral part in improving the management and productivity of business-critical mobile endpoints.  Possible avenues for attack However, in today’s environment, companies are experiencing a significant rise in the number of sophisticated and targeted malware attacks whose goal is to capture their proprietary data.  Only a few years ago, losing a mobile device meant forfeiture of content such as text messages, photographs, contacts, and calling information. Today’s smartphones have become increasingly sophisticated not only in their transactional capabilities but also represent a valuable target, storing a trove of sensitive corporate and personal data, and in many cases include financial information. If the phone stores usernames and passwords, it may allow a malicious actor to access and manipulate a user’s account via banking or e-commerce websites and apps.  To give you a sense of the magnitude of the mobile security issues: The number of mobile users in enterprise environments clicking on more than six malicious links annually has jumped from 1.6% in 2020 to 11.8% in 2022 In 2021, banking trojan attacks on Android devices have increased by 80% In 2022, 80% of phishing attacks targeted mobile devices or were designed to function on both mobile devices and desktops  In 2022, 43% of all compromised devices were fully exploited, not jailbroken or rooted-an increase of 187% YOY   Attack vectors come in various forms, with the most common categorized below: Device-based threats – These threats are designed to exploit outdated operating systems, risky device configurations and jailbroken/rooted devices. App threats – Malicious apps can install malware, spyware or rootkits, or share information with the developer or third parties unbeknownst to the user, including highly sensitive business and personal data. Web and content threats – Threats may be transmitted ]]> 2023-08-23T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/mobile-threat-defense-or-bust www.secnews.physaphae.fr/article.php?IdArticle=8373701 False Malware,Tool,Vulnerability,Threat None 3.0000000000000000 TrendMicro - Security Firm Blog Global threat intelligence helps to disrupt thousands of African cyber crimes networks]]> 2023-08-23T00:00:00+00:00 https://www.trendmicro.com/en_us/research/23/h/african-cybercrime-networks.html www.secnews.physaphae.fr/article.php?IdArticle=8373764 False Threat,Prediction None 2.0000000000000000 TrendLabs Security - Editeur Antivirus In this entry, we discuss how a threat actor abuses paid Facebook promotions featuring LLMs to spread malicious code, with the goal of installing a malicious browser add-on and stealing victims\' credentials.]]> 2023-08-23T00:00:00+00:00 https://www.trendmicro.com/en_us/research/23/h/profile-stealers-spread-via-llm-themed-facebook-ads.html www.secnews.physaphae.fr/article.php?IdArticle=8373475 False Threat None 3.0000000000000000 Resecurity - cyber risk firms 2023-08-23T00:00:00+00:00 https://www.resecurity.com/blog/article/cl0p-ups-the-ante-with-massive-moveit-transfer-supply-chain-exploit www.secnews.physaphae.fr/article.php?IdArticle=8416123 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new State of SaaS Security Posture Management Report from SaaS cybersecurity provider AppOmni indicates that Cybersecurity, IT, and business leaders alike recognize SaaS cybersecurity as an increasingly important part of the cyber threat landscape. And at first glance, respondents appear generally optimistic about their SaaS cybersecurity. Over 600 IT, cybersecurity, and business leaders at]]> 2023-08-22T16:50:00+00:00 https://thehackernews.com/2023/08/cisos-tout-saas-cybersecurity.html www.secnews.physaphae.fr/article.php?IdArticle=8373073 False Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A previously undocumented threat cluster has been linked to a software supply chain attack targeting organizations primarily located in Hong Kong and other regions in Asia. The Symantec Threat Hunter Team, part of Broadcom, is tracking the activity under its insect-themed moniker Carderbee. The attacks, per the cybersecurity firm, leverage a trojanized version of a legitimate software called]]> 2023-08-22T15:42:00+00:00 https://thehackernews.com/2023/08/carderbee-attacks-hong-kong.html www.secnews.physaphae.fr/article.php?IdArticle=8373055 False Threat None 3.0000000000000000 Recorded Future - FLux Recorded Future Les pirates ont pu abuser des logiciels légitimes lors d'une attaque de chaîne d'approvisionnement présumée ciblant environ 100 ordinateurs utilisés par des organisations de Hong Kong et d'autres régions d'Asie.Les experts derrière la recherche - de l'équipe de chasseurs de menaces de Symantec - n'ont pas pu lier la campagne à un groupe de menace persistant avancé (APT) connu (APT)

---

Hackers were able to abuse legitimate software during a suspected supply chain attack targeting about 100 computers used by organizations in Hong Kong and other regions of Asia. The experts behind the research - from the Symantec Threat Hunter Team - were unable to tie the campaign to any known advanced persistent threat (APT) group]]> 2023-08-22T13:36:00+00:00 https://therecord.media/hong-kong-software-supply-chain-attack-carderbee-apt www.secnews.physaphae.fr/article.php?IdArticle=8373108 False Threat None 3.0000000000000000 Global Security Mag - Site de news francais vulnérabilité de sécurité

---

The Threat Lurking in Data Centers – Hack Power Management Systems, Take All the Power By Sam Quinn, Jesse Chick, and Philippe Laulheret – August 12, 2023 - Security Vulnerability]]> 2023-08-22T13:28:58+00:00 https://www.globalsecuritymag.fr/The-Threat-Lurking-in-Data-Centers-Hack-Power-Management-Systems-Take-All-the.html www.secnews.physaphae.fr/article.php?IdArticle=8373110 False Hack,Threat None 2.0000000000000000 SecurityWeek - Security News L'acteur de menace derrière Hiatusrat a été vu en reconnaissance de la reconnaissance contre un système d'approvisionnement militaire américain en juin 2023.

---

>The threat actor behind HiatusRAT was seen performing reconnaissance against a US military procurement system in June 2023. ]]> 2023-08-22T13:11:22+00:00 https://www.securityweek.com/us-military-targeted-in-recent-hiatusrat-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8373107 False Threat None 2.0000000000000000 Bleeping Computer - Magazine Américain In a new HiatusRAT malware campaign, threat actors have targeted a server belonging to the U.S. Department of Defense in what researchers described as a reconnaissance attack. [...]]]> 2023-08-22T12:47:21+00:00 https://www.bleepingcomputer.com/news/security/new-hiatusrat-malware-attacks-target-us-defense-department/ www.secnews.physaphae.fr/article.php?IdArticle=8373169 False Malware,Threat None 2.0000000000000000 AhnLab - Korean Security Firm Les serveurs Web sont vulnérables aux attaques car ils sont accessibles au public à un large éventail d'utilisateurs à des fins de finfournir des services Web.Cette accessibilité en fait une cible principale pour les acteurs de la menace.AHNLAB Security Emergency Response Center (ASEC) surveillait les attaques ciblant les serveurs Web vulnérables qui n'ont pas été corrigés ou mal gérés.Dans cet article, nous avons compilé les cas d'attaque APT où les serveurs Web des sociétés coréens ont été continuellement ciblés au fil des ans.Nous avons ...

---

Web servers are vulnerable to attacks because they are publicly accessible to a wide range of users for the purpose of delivering web services. This accessibility makes them a prime target for threat actors. AhnLab Security Emergency response Center (ASEC) is monitoring attacks targeting vulnerable web servers that have not been patched or are poorly managed. In this post, we have compiled APT attack cases where the web servers of Korean corporations were continuously targeted over the years. We have... ]]> 2023-08-22T02:13:28+00:00 https://asec.ahnlab.com/en/56236/ www.secnews.physaphae.fr/article.php?IdArticle=8372953 False Threat None 3.0000000000000000 CybeReason - Vendor blog ]]> 2023-08-21T20:45:00+00:00 https://www.cybereason.com/blog/threat-analysis-assemble-lockbit-3 www.secnews.physaphae.fr/article.php?IdArticle=8372917 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A high-severity security flaw has been disclosed in the WinRAR utility that could be potentially exploited by a threat actor to achieve remote code execution on Windows systems. Tracked as CVE-2023-40477 (CVSS score: 7.8), the vulnerability has been described as a case of improper validation while processing recovery volumes. "The issue results from the lack of proper validation of user-supplied]]> 2023-08-21T19:14:00+00:00 https://thehackernews.com/2023/08/new-winrar-vulnerability-could-allow.html www.secnews.physaphae.fr/article.php?IdArticle=8372770 False Vulnerability,Threat None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Aujourd'hui, SC Media a annoncé les gagnants de ses prix annuels de cybersécurité pour l'excellence et les réalisations. À AT & amp; T Cybersecurity Nous sommes ravis que AT & amp; t Les laboratoires extraterrestres Intelligence dans cette prestigieuse compétition.L'équipe Alien Labs travaille en étroite collaboration avec l'Open Keners Exchange (OTX), & NBSP; une plate-forme ouverte et gratuite qui permet aux professionnels de la sécurité partager, rechercher et valider les dernières menaces, tendances et techniques. Avec plus de 200 000 professionnels de la sécurité mondiale et des professionnels de l'informatique soumettant quotidiennement les données, OTX est devenu l'une des plus grandes communautés de renseignement de menace ouverte du monde.Il offre un contexte et des détails sur les menaces, y compris les acteurs de menaces, les organisations et les industries ciblés et les indicateurs de compromis connexes. La liste complète des gagnants est Ici .

---

Today, SC Media announced the winners of its annual cybersecurity awards for excellence and achievements. At AT&T Cybersecurity we are thrilled that AT&T Alien Labs was awarded Best Threat Intelligence in this prestigious competition. The Alien Labs team works closely with the Open Threat Exchange (OTX), an open and free platform that lets security professionals easily share, research, and validate the latest threats, trends and techniques. With more than 200,000 global security and IT professionals submitting data daily, OTX has become one of the world’s largest open threat intelligence communities. It offers context and details on threats, including threat actors, organizations and industries targeted, and related indicators of compromise. The full list of winners is here.]]> 2023-08-21T17:35:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/att-cybersecurity-wins-sc-media-award-for-best-threat-intelligence www.secnews.physaphae.fr/article.php?IdArticle=8372869 False Threat None 2.0000000000000000 Global Security Mag - Site de news francais rapports spéciaux

---

91% of Security and IT Professionals Agree Cybercriminals are Already Using AI in Email Attacks, per Report from SlashNext and Osterman Research New market research reveals email and multi-channel messaging security is a top concern for organizations, as AI plays a pivotal role in the threat landscape - Special Reports]]> 2023-08-21T17:12:58+00:00 https://www.globalsecuritymag.fr/91-of-Security-and-IT-Professionals-Agree-Cybercriminals-are-Already-Using-AI.html www.secnews.physaphae.fr/article.php?IdArticle=8372813 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are leveraging access to malware-infected Windows and macOS machines to deliver a proxy server application and use them as exit nodes to reroute proxy requests. According to AT&T Alien Labs, the unnamed company that offers the proxy service operates more than 400,000 proxy exit nodes, although it\'s not immediately clear how many of them were co-opted by malware installed on]]> 2023-08-21T15:39:00+00:00 https://thehackernews.com/2023/08/this-malware-turned-thousands-of-hacked.html www.secnews.physaphae.fr/article.php?IdArticle=8372694 False Malware,Threat None 3.0000000000000000 Soc Radar - Blog spécialisé SOC We have been monitoring Telegram for a long time as many of the threat actors... ]]> 2023-08-21T13:25:05+00:00 https://socradar.io/on-the-horizon-ransomed-vc-ransomware-group-spotted-in-the-wild/ www.secnews.physaphae.fr/article.php?IdArticle=8372755 False Ransomware,Threat None 3.0000000000000000 Checkpoint Research - Fabricant Materiel Securite Pour les dernières découvertes de la cyber-recherche pour la semaine du 21 août, veuillez télécharger notre Bulletin Mende_Intellince Bulletin et violer l'Association allemande du barreau fédéral (BRAK), qui supervise 28 barreaux régionaux dans toute l'Allemagne et représente environ 166 000 avocats d'un niveau national et internationalScale, étudie actuellement une attaque de ransomware sur ses Bruxelles [& # 8230;]

---

>For the latest discoveries in cyber research for the week of 21st August, please download our Threat_Intelligence Bulletin TOP ATTACKS AND BREACHES The German Federal Bar (BRAK) Association, which oversees 28 regional bars throughout Germany and represents approximately 166,000 lawyers on a national and international scale, is currently investigating a ransomware attack on its Brussels […] ]]> 2023-08-21T12:52:12+00:00 https://research.checkpoint.com/2023/21st-august-threat-intelligence-report/ www.secnews.physaphae.fr/article.php?IdArticle=8372731 False Ransomware,Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine An advisory by US intelligence provides guidance for space firms on how to identify an espionage campaign, report and mitigate it]]> 2023-08-21T12:30:00+00:00 https://www.infosecurity-magazine.com/news/us-space-industry-threat-foreign/ www.secnews.physaphae.fr/article.php?IdArticle=8372730 False Threat None 2.0000000000000000 Data Security Breach - Site de news Francais 2023-08-21T11:52:37+00:00 https://www.datasecuritybreach.fr/emotet-darkgate-lokibot/ www.secnews.physaphae.fr/article.php?IdArticle=8372712 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind the HiatusRAT malware have returned from their hiatus with a new wave of reconnaissance and targeting activity aimed at Taiwan-based organizations and a U.S. military procurement system. Besides recompiling malware samples for different architectures, the artifacts are said to have been hosted on new virtual private servers (VPSs), Lumen Black Lotus Labs said in a report]]> 2023-08-21T11:07:00+00:00 https://thehackernews.com/2023/08/hiatusrat-malware-resurfaces-taiwan.html www.secnews.physaphae.fr/article.php?IdArticle=8372598 False Malware,Threat None 2.0000000000000000 UnderNews - Site de news "pirate" francais Kaspersky a prêté main forte à INTERPOL en lui fournissant des données de renseignement sur les menaces dans le cadre de son opération Africa Cyber Surge II, qui a permis aux enquêteurs d’identifier des infrastructures compromises et d’appréhender des acteurs de la menace présumés dans tout le continent africain. L’opération a abouti à l’arrestation de […] The post Kaspersky assiste INTERPOL dans ses opérations de lutte contre la cybercriminalité en Afrique first appeared on UnderNews.]]> 2023-08-21T09:44:43+00:00 https://www.undernews.fr/hacking-hacktivisme/kaspersky-assiste-interpol-dans-ses-operations-de-lutte-contre-la-cybercriminalite-en-afrique.html www.secnews.physaphae.fr/article.php?IdArticle=8372671 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are using Android Package (APK) files with unknown or unsupported compression methods to elude malware analysis. That\'s according to findings from Zimperium, which found 3,300 artifacts leveraging such compression algorithms in the wild. 71 of the identified samples can be loaded on the operating system without any problems. There is no evidence that the apps were available on the]]> 2023-08-19T11:58:00+00:00 https://thehackernews.com/2023/08/thousands-of-android-malware-apps-using.html www.secnews.physaphae.fr/article.php?IdArticle=8372107 False Malware,Threat None 3.0000000000000000 TechRepublic - Security News US About 2,000 Citrix NetScalers were compromised in automated massive attack campaigns. Find out more about the threat actors and how to protect from them.]]> 2023-08-18T19:26:51+00:00 https://www.techrepublic.com/article/citrix-netscalers-compromised/ www.secnews.physaphae.fr/article.php?IdArticle=8371900 False Threat None 2.0000000000000000 Recorded Future - FLux Recorded Future Les pirates ciblent les serveurs de courriels de collaboration Zimbra dans une campagne de phishing en cours, ont découvert les chercheurs.Selon un Rapport De la société de logiciels slovaques ESET, leLes attaquants recueillent des informations d'identification des utilisateurs de compte Zimbra depuis au moins avril.Les chercheurs n'ont pas attribué les attaques à tous les acteurs de menace connus.Bien que cette campagne ne soit pas «techniquement

---

Hackers are targeting Zimbra Collaboration email servers in an ongoing phishing campaign, researchers have discovered. According to a report from Slovak software company ESET, the attackers have been gathering credentials of Zimbra account users since at least April. The researchers haven\'t attributed the attacks to any known threat actors. Although this campaign is not “technically]]> 2023-08-18T16:24:00+00:00 https://therecord.media/hackers-compromise-zimbra-accounts www.secnews.physaphae.fr/article.php?IdArticle=8371826 False Threat None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC 2023-08-18T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/securely-implementing-active-directory-on-windows-server-2019 www.secnews.physaphae.fr/article.php?IdArticle=8371681 False Tool,Threat None 2.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET DEF CON, the annual hacker convention in Las Vegas, was interrupted on Saturday evening when authorities evacuated the event\'s venue due to a bomb threat]]> 2023-08-18T09:54:37+00:00 https://www.welivesecurity.com/en/videos/evacuation-of-30-000-hackers-week-in-security-with-tony-anscombe/ www.secnews.physaphae.fr/article.php?IdArticle=8382228 False Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Threat actors use several evasion techniques to stay hidden]]> 2023-08-18T08:30:00+00:00 https://www.infosecurity-magazine.com/news/proxyjacking-cryptomining-campaign/ www.secnews.physaphae.fr/article.php?IdArticle=8371661 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An ongoing cyber attack campaign originating from China is targeting the Southeast Asian gambling sector to deploy Cobalt Strike beacons on compromised systems.  Cybersecurity firm SentinelOne said the tactics, techniques, and procedures point to the involvement of a threat actor tracked as Bronze Starlight (aka Emperor Dragonfly or Storm-0401), which has been linked to the use of short-lived]]> 2023-08-17T21:10:00+00:00 https://thehackernews.com/2023/08/china-linked-bronze-starlight-group.html www.secnews.physaphae.fr/article.php?IdArticle=8371316 False Threat None 2.0000000000000000 Dark Reading - Informationweek Branch In this Dark Reading News Desk segment, Cybersixgill\'s Michael-Angelo Zummo discusses how to empower security with AI.]]> 2023-08-17T20:50:00+00:00 https://www.darkreading.com/threat-intelligence/intelligent-vigilance-empowering-security-with-threat-intel-copilot-ai www.secnews.physaphae.fr/article.php?IdArticle=8371491 False Threat None 2.0000000000000000 Dark Reading - Informationweek Branch In this Dark Reading News Desk segment, Nick Biasini from Cisco Talos discusses the latest attacker tactics, techniques, and procedures (TTPs).]]> 2023-08-17T20:40:00+00:00 https://www.darkreading.com/threat-intelligence/cisco-bringing-more-intelligence-to-bear-on-the-threat-landscape www.secnews.physaphae.fr/article.php?IdArticle=8371450 False Threat None 2.0000000000000000 Dark Reading - Informationweek Branch In this Dark Reading News Desk segment, CrowdSec CEO/co-founder Philippe Humeau discusses how the concept of a network effect applies to threat management.]]> 2023-08-17T20:20:00+00:00 https://www.darkreading.com/threat-intelligence/crowdsec-what-network-effect-brings-to-cybersecurity-table www.secnews.physaphae.fr/article.php?IdArticle=8371453 False Threat None 2.0000000000000000 Dark Reading - Informationweek Branch In this Dark Reading News Desk segment, OPSWAT founder Benny Czarny outlines the threat landscape affecting critical infrastructure sectors.]]> 2023-08-17T20:20:00+00:00 https://www.darkreading.com/ics-ot/securing-critical-infrastructure-in-the-face-of-evolving-cyber-threats www.secnews.physaphae.fr/article.php?IdArticle=8371454 False Threat,Industrial None 3.0000000000000000 Dark Reading - Informationweek Branch In this Dark Reading News Desk segment, Cribl\'s Abby Strong and Exabeam\'s Chris Cesio discuss how their companies work together to detect and respond to threats.]]> 2023-08-17T20:10:00+00:00 https://www.darkreading.com/vulnerabilities-threats/cribl-exabeam-partner-on-threat-detection-investigation-and-response www.secnews.physaphae.fr/article.php?IdArticle=8371492 False Threat None 2.0000000000000000 Dark Reading - Informationweek Branch In this Dark Reading News Desk segment, Interpres Security\'s Nick Lantuh discusses how security practitioners can get the most out of various threat intelligence offerings.]]> 2023-08-17T20:05:00+00:00 https://www.darkreading.com/threat-intelligence/interpres-getting-the-most-out-of-threat-intelligence-resources www.secnews.physaphae.fr/article.php?IdArticle=8371495 False Threat None 2.0000000000000000 Dark Reading - Informationweek Branch In this Dark Reading News Desk segment, Qualys CEO and president Sumedh Thakar offers advice on reducing cloud risks.]]> 2023-08-17T20:05:00+00:00 https://www.darkreading.com/cloud/qualys-offers-threat-forecast-for-cloud-and-tips-for-reducing-cloud-risks www.secnews.physaphae.fr/article.php?IdArticle=8371494 False Threat,Cloud None 2.0000000000000000 CVE Liste - Common Vulnerability Exposure The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, Due to improper input validation, a path traversal vulnerability exists when the ThinManager software processes a certain function. If exploited, an unauthenticated remote threat actor can delete arbitrary files with system privileges. A malicious user could exploit this vulnerability by sending a specifically crafted synchronization protocol message resulting in a denial-of-service condition.]]> 2023-08-17T16:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2915 www.secnews.physaphae.fr/article.php?IdArticle=8371378 False Vulnerability,Threat None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An ongoing campaign targeting ministries of foreign affairs of NATO-aligned countries points to the involvement of Russian threat actors. The phishing attacks feature PDF documents with diplomatic lures, some of which are disguised as coming from Germany, to deliver a variant of a malware called Duke, which has been attributed to APT29 (aka BlueBravo, Cloaked Ursa, Cozy Bear, Iron Hemlock,]]> 2023-08-17T15:09:00+00:00 https://thehackernews.com/2023/08/russian-hackers-use-zulip-chat-app-for.html www.secnews.physaphae.fr/article.php?IdArticle=8371161 False Malware,Threat APT 29 2.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber L'utilisation de l'intelligence artificielle à des fins malignes est limitée mais en croissance et en mûrisse de manière clé, ont déclaré les chercheurs avec Mandiant de Google \\.

---

>The use of artificial intelligence for malign purposes is limited but growing and maturing in key ways, researchers with Google\'s Mandiant said Thursday. ]]> 2023-08-17T12:00:00+00:00 https://cyberscoop.com/online-influence-operators-continue-fine-tuning-use-of-ai-to-deceive-their-targets-researchers-say/ www.secnews.physaphae.fr/article.php?IdArticle=8371215 False Threat None 2.0000000000000000 Soc Radar - Blog spécialisé SOC Dans le paysage en constante évolution des cyber-menaces, la compréhension des profils des acteurs de menace individuelle est ...

---

>In the ever-evolving landscape of cyber threats, understanding the profiles of individual threat actors is... ]]> 2023-08-17T11:04:42+00:00 https://socradar.io/dark-web-profile-bjorka/ www.secnews.physaphae.fr/article.php?IdArticle=8371196 False Threat None 2.0000000000000000 Bleeping Computer - Magazine Américain Threat actors increasingly distribute malicious Android APKs (packaged app installers) that resist decompilation using unsupported, unknown, or heavily tweaked compression algorithms. [...]]]> 2023-08-17T10:51:12+00:00 https://www.bleepingcomputer.com/news/security/thousands-of-android-apks-use-compression-trick-to-thwart-analysis/ www.secnews.physaphae.fr/article.php?IdArticle=8371282 False Threat None 2.0000000000000000 SentinelOne (Adversary) - Cyber Firms Threat actors abuse Adobe Creative Cloud, Edge, and other executables vulnerable to DLL hijacking in campaign targeting the Southeast Asian gambling sector.]]> 2023-08-17T09:55:08+00:00 https://www.sentinelone.com/labs/chinese-entanglement-dll-hijacking-in-the-asian-gambling-sector/ www.secnews.physaphae.fr/article.php?IdArticle=8388317 False Threat None 3.0000000000000000 BlackBerry - Fabricant Matériel et Logiciels BlackBerry has discovered and documented new tools used by the Cuba ransomware threat group. The good news is that BlackBerry protects against Cuba ransomware.]]> 2023-08-17T08:01:00+00:00 https://blogs.blackberry.com/en/2023/08/cuba-ransomware-deploys-new-tools-targets-critical-infrastructure-sector-in-the-usa-and-it-integrator-in-latin-america www.secnews.physaphae.fr/article.php?IdArticle=8393076 False Ransomware,Tool,Threat None 2.0000000000000000 Mandiant - Blog Sécu de Mandiant Since at least 2019, Mandiant has tracked threat actor interest in, and use of, AI capabilities to facilitate a variety of malicious activity. Based on our own observations and open source accounts, adoption of AI in intrusion operations remains limited and primarily related to social engineering.  In contrast, information operations actors of diverse motivations and capabilities have increasingly leveraged AI-generated content, particularly imagery and video, in their campaigns, likely due at least in part to the readily apparent applications of such fabrications in disinformation]]> 2023-08-17T07:00:00+00:00 https://www.mandiant.com/resources/blog/threat-actors-generative-ai-limited www.secnews.physaphae.fr/article.php?IdArticle=8377329 False Threat None 3.0000000000000000 Recorded Future - FLux Recorded Future Des alarmes ont été soulevées sur plusieurs vulnérabilités affectant les produits de Citrix qui sont largement exploités par une variété d'acteurs de menace.Mercredi, l'Agence américaine de sécurité de la cybersécurité et de l'infrastructure a déclaré qu'une vulnérabilité affectant l'outil de collaboration de contenu Citrix avait été exploitée et a obligé aux agences civiles fédérales américaines [corriger le problème d'ici septembre

---

Alarms have been raised about several vulnerabilities affecting products from Citrix that are being exploited widely by a variety of threat actors. On Wednesday, the U.S. Cybersecurity and Infrastructure Security Agency said a vulnerability affecting the Citrix Content Collaboration tool had been exploited and mandated that U.S. federal civilian agencies [patch the issue by September]]> 2023-08-16T21:14:00+00:00 https://therecord.media/cisa-warns-of-citrix-vulnerabilities www.secnews.physaphae.fr/article.php?IdArticle=8370930 False Tool,Vulnerability,Threat None 2.0000000000000000