This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-06-23T18:51:38+00:00 www.secnews.physaphae.fr AhnLab - Korean Security Firm The ASEC analysis team recently discovered that a Linux malware developed with Shc has been installing a CoinMiner. It is presumed that after successful authentication through a dictionary attack on inadequately managed Linux SSH servers, various malware were installed on the target system. Among those installed were the Shc downloader, XMRig CoinMiner installed through the former, and DDoS IRC Bot, developed with Perl. 1. Shc (Shell Script Compiler) Shc is an abbreviation for Shell Script Compiler and is responsible for... ]]> 2023-01-04T01:52:19+00:00 https://asec.ahnlab.com/en/45182/ www.secnews.physaphae.fr/article.php?IdArticle=8297636 False Malware None 2.0000000000000000 SC Magazine - Magazine 2023-01-03T23:01:09+00:00 https://www.scmagazine.com/brief/malware/new-york-county-cyberattack-under-investigation www.secnews.physaphae.fr/article.php?IdArticle=8297654 False Malware None 2.0000000000000000 Dark Reading - Informationweek Branch 2023-01-03T19:03:00+00:00 https://www.darkreading.com/attacks-breaches/wordpress-under-attack-from-new-linux-backdoor-malware www.secnews.physaphae.fr/article.php?IdArticle=8297512 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2023-01-03T17:02:00+00:00 https://thehackernews.com/2023/01/hackers-using-stolen-bank-information.html www.secnews.physaphae.fr/article.php?IdArticle=8297438 False Malware None 3.0000000000000000 Dark Reading - Informationweek Branch 2023-01-03T16:55:17+00:00 https://www.darkreading.com/threat-intelligence/raspberry-robin-worm-highly-complex-upgrade www.secnews.physaphae.fr/article.php?IdArticle=8297499 False Malware None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine 2023-01-03T16:10:00+00:00 https://www.infosecurity-magazine.com/news/researchers-linux-mlware-wordpress/ www.secnews.physaphae.fr/article.php?IdArticle=8297489 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2023-01-03T15:43:00+00:00 https://thehackernews.com/2023/01/raspberry-robin-worm-evolves-to-attack.html www.secnews.physaphae.fr/article.php?IdArticle=8297412 False Malware None 3.0000000000000000 Bleeping Computer - Magazine Américain 2023-01-03T13:10:01+00:00 https://www.bleepingcomputer.com/news/security/bitrat-malware-campaign-uses-stolen-bank-data-for-phishing/ www.secnews.physaphae.fr/article.php?IdArticle=8297514 False Malware,Threat None 2.0000000000000000 SecurityWeek - Security News 2023-01-03T12:50:38+00:00 https://www.securityweek.com/malware-delivered-pytorch-users-supply-chain-attack www.secnews.physaphae.fr/article.php?IdArticle=8297447 False Malware None 1.00000000000000000000 UnderNews - Site de news "pirate" francais Les experts de Kaspersky ont découvert que le groupe APT BlueNoroff dispose désormais de nouvelles souches de malware sophistiquées pour déployer ses attaques. Tribune Kaspersky – BlueNoroff, acteur bien connu du paysage de la menace ciblant les crypto-monnaies des entités financières dans le monde entier, vise notamment les sociétés de capital-risque, les start-ups crypto et […] The post Nouvelles attaques du groupe BlueNoroff : l'acteur APT se faisant passer pour une société de capital-risque étend son arsenal stratégique first appeared on UnderNews.]]> 2023-01-03T12:10:05+00:00 https://www.undernews.fr/hacking-hacktivisme/nouvelles-attaques-du-groupe-bluenoroff-lacteur-apt-se-faisant-passer-pour-une-societe-de-capital-risque-etend-son-arsenal-strategique.html www.secnews.physaphae.fr/article.php?IdArticle=8297436 False Malware None 3.0000000000000000 The State of Security - Magazine Américain 2023-01-03T03:37:37+00:00 https://www.tripwire.com/state-of-security/what-are-sandboxes-how-create-your-own-sandbox www.secnews.physaphae.fr/article.php?IdArticle=8297409 False Malware None 2.0000000000000000 AhnLab - Korean Security Firm Infostealer is a type of information-stealing malware with the goal of stealing user credentials such as the user account information, cryptocurrency wallet address, and files that are saved in programs such as web browsers and email clients. According to the ASEC report for Q3 2022, Infostealers make up more than half of malware types with executable formats reported by client companies or collected by AhnLab. As the downloader types also actually install Infostealers or backdoor-type malware, it can be said... ]]> 2023-01-03T00:36:00+00:00 https://asec.ahnlab.com/en/45150/ www.secnews.physaphae.fr/article.php?IdArticle=8297387 False Malware,Threat None 2.0000000000000000 CVE Liste - Common Vulnerability Exposure 2023-01-02T22:15:18+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4417 www.secnews.physaphae.fr/article.php?IdArticle=8297296 False Malware None None InformationSecurityBuzzNews - Site de News Securite 2023-01-02T15:05:06+00:00 https://informationsecuritybuzz.com/linux-malware-exploits-plugins-wordpress-sites/ www.secnews.physaphae.fr/article.php?IdArticle=8297171 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2023-01-02T13:20:00+00:00 https://thehackernews.com/2023/01/wordpress-security-alert-new-linux.html www.secnews.physaphae.fr/article.php?IdArticle=8297103 False Malware None 3.0000000000000000 AhnLab - Korean Security Firm The ASEC analysis team uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from December 19th, 2022 (Monday) to December 25th, 2022 (Sunday). For the main category, Infostealer ranked top with 37.3%, followed by downloader with 35.7%, backdoor with 23.9%, and ransomware with 3.1%. Top 1 – BeamWinHTTP BeamWinHTTP is a downloader malware that ranked top with 23.3%. The malware is distributed via malware disguised as PUP installer.... ]]> 2023-01-02T01:18:00+00:00 https://asec.ahnlab.com/en/45023/ www.secnews.physaphae.fr/article.php?IdArticle=8297064 True Ransomware,Malware None 2.0000000000000000 Bleeping Computer - Magazine Américain 2022-12-30T10:41:11+00:00 https://www.bleepingcomputer.com/news/security/new-linux-malware-uses-30-plugin-exploits-to-backdoor-wordpress-sites/ www.secnews.physaphae.fr/article.php?IdArticle=8296032 False Malware None 3.0000000000000000 Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence New RisePro Stealer Distributed by the Prominent PrivateLoader (published: December 22, 2022) RisePro is a new commodity infostealer that is being sold and supported by Telegram channels. Log credentials derived from RisePro are for sale on illicit markets since December 13, 2022. RisePro targets password stores and particular file patterns to extract cookies, credit card information, cryptocurrency wallets, installed software credentials, and passwords. RisePro was delivered by PrivateLoader and these two malware families have significant code similarity. It also shares similarity with the Vidar stealer in a way that both use dropped DLL dependencies. Analyst Comment: Infostealers are a continually rising threat for organizations especially with hybrid workers utilizing their own and other non-corporate devices to access cloud based resources and applications. Information from these sessions, useful to attackers, can be harvested unknown to the worker or end organization. In addition, the rise of threat actor reliance on potent commodity malware is one of the trends that Anomali analysts observe going into 2023 (see Predictions below). Network defenders are advised to block known PrivateLoader and RisePro indicators (available on the Anomali platform). MITRE ATT&CK: [MITRE ATT&CK] T1213 - Data From Information Repositories | [MITRE ATT&CK] T1113 - Screen Capture | [MITRE ATT&CK] T1555.004 - Credentials from Password Stores: Windows Credential Manager | [MITRE ATT&CK] T1140 - Deobfuscate/Decode Files Or Information | [MITRE ATT&CK] T1222: File and Directory Permissions Modification | [MITRE ATT&CK] T1027 - Obfuscated Files Or Information | [MITRE ATT&CK] T1027.005 - Obfuscated Files or Information: Indicator Removal From Tools | [MITRE ATT&CK] T1087 - Account Discovery | [MITRE ATT&CK] T1083 - File And Directory Discovery | [MITRE ATT&CK] T1057 - Process Discovery | [MITRE ATT&CK] T1012: Query Registry | [MITRE ATT&CK] T1518 - Software Discovery | [MITRE ATT&CK] Picus: The System Information Discovery Technique Explained - MITRE ATT&CK T1082 | ]]> 2022-12-29T16:30:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-zerobot-added-new-exploits-and-ddos-methods-gamaredon-group-bypasses-dns-proxynotshell-exploited-prior-to-dll-side-loading-attacks-and-more www.secnews.physaphae.fr/article.php?IdArticle=8295813 False Malware,Tool,Threat None 2.0000000000000000 SC Magazine - Magazine 2022-12-29T11:56:34+00:00 https://www.scmagazine.com/brief/malware/malware-increasingly-spread-through-google-ads-exploits www.secnews.physaphae.fr/article.php?IdArticle=8296267 False Malware,Threat None 2.0000000000000000 Bleeping Computer - Magazine Américain 2022-12-28T14:12:16+00:00 https://www.bleepingcomputer.com/news/security/hackers-abuse-google-ads-to-spread-malware-in-legit-software/ www.secnews.physaphae.fr/article.php?IdArticle=8295608 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-12-28T12:42:00+00:00 https://thehackernews.com/2022/12/apt-hackers-turn-to-malicious-excel-add.html www.secnews.physaphae.fr/article.php?IdArticle=8295465 False Malware,Threat None 1.00000000000000000000 AhnLab - Korean Security Firm 0. Overview This post is a summary of the TI report, ‘Report on the Trends and Types of Recent .NET Packers.’ Please refer to the report in the hyperlink for more details on the topic. Recently, packers made with .NET are being found in various places both in and outside Korea. Thus, the ASEC analysis team aims to introduce the five most commonly distributed .NET packers and their distribution trends in Korea. We will overview the types of malware distributed... ]]> 2022-12-27T23:35:42+00:00 https://asec.ahnlab.com/en/44809/ www.secnews.physaphae.fr/article.php?IdArticle=8295363 False Malware None 4.0000000000000000 SecureMac - Security focused on MAC Mac malware in 2022: An overview of four important macOS malware variants found in 2022 and tips on staying safe. ]]> 2022-12-27T17:13:27+00:00 https://www.securemac.com/news/4-mac-malware-finds-in-2022 www.secnews.physaphae.fr/article.php?IdArticle=8295277 False Malware None 3.0000000000000000 knowbe4 - cybersecurity services ]]> 2022-12-27T14:20:16+00:00 https://blog.knowbe4.com/qbot-malware-attacks-use-svg-files-to-perform-html-smuggling www.secnews.physaphae.fr/article.php?IdArticle=8295247 True Malware None 1.00000000000000000000 SC Magazine - Magazine 2022-12-27T13:35:58+00:00 https://www.scmagazine.com/brief/malware/risepro-info-stealer-distributed-through-privateloader-ppi-service www.secnews.physaphae.fr/article.php?IdArticle=8296272 True Malware None 1.00000000000000000000 SC Magazine - Magazine 2022-12-27T13:34:53+00:00 https://www.scmagazine.com/brief/malware/security-system-bypass-techniques-added-to-guloader-malware-downloader www.secnews.physaphae.fr/article.php?IdArticle=8296273 False Malware None 3.0000000000000000 Kaspersky - Kaspersky Research blog 2022-12-27T08:00:26+00:00 https://securelist.com/bluenoroff-methods-bypass-motw/108383/ www.secnews.physaphae.fr/article.php?IdArticle=8295164 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-12-26T17:57:00+00:00 https://thehackernews.com/2022/12/guloader-malware-utilizing-new.html www.secnews.physaphae.fr/article.php?IdArticle=8294962 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-12-26T17:42:00+00:00 https://thehackernews.com/2022/12/privateloader-ppi-service-found.html www.secnews.physaphae.fr/article.php?IdArticle=8294952 False Malware None 2.0000000000000000 AhnLab - Korean Security Firm The ASEC analysis team uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from December 12th, 2022 (Monday) to December 18th, 2022 (Sunday). For the main category, downloader ranked top with 61.9%, followed by Infostealer with 24.7%, backdoor with 12.5%, and ransomware with 0.9%. Top 1 – SmokeLoader SmokeLoader is an Infostealer/downloader malware that is distributed via exploit kits. This week, it ranked first place with 28.9%. Like... ]]> 2022-12-26T04:51:42+00:00 https://asec.ahnlab.com/en/44732/ www.secnews.physaphae.fr/article.php?IdArticle=8294853 True Ransomware,Malware None 2.0000000000000000 AhnLab - Korean Security Firm Microsoft announced details on the distribution of malware signed with a Microsoft certificate.[1] According to the announcement, a driver authenticated with the Windows Hardware Developer Program had been abused due to the leakage of multiple Windows developer accounts. To prevent damage, Microsoft blocked the related accounts and applied a security update (Microsoft Defender 1.377.987.0 or later). To prevent security risks, Windows only allows the loading of kernel mode drivers that are signed. If a driver is not signed, it cannot... ]]> 2022-12-26T04:08:49+00:00 https://asec.ahnlab.com/en/44726/ www.secnews.physaphae.fr/article.php?IdArticle=8294854 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-12-24T18:21:00+00:00 https://thehackernews.com/2022/12/w4sp-stealer-discovered-in-multiple.html www.secnews.physaphae.fr/article.php?IdArticle=8294492 False Malware,Threat None 3.0000000000000000 Bleeping Computer - Magazine Américain 2022-12-24T10:08:16+00:00 https://www.bleepingcomputer.com/news/security/new-info-stealer-malware-infects-software-pirates-via-fake-cracks-sites/ www.secnews.physaphae.fr/article.php?IdArticle=8295060 False Malware None 2.0000000000000000 TrendMicro - Security Firm Blog 2022-12-23T00:00:00+00:00 https://www.trendmicro.com/en_us/research/22/l/icedid-botnet-distributors-abuse-google-ppc-to-distribute-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8294149 False Malware None 3.0000000000000000 The Register - Site journalistique Anglais 2022-12-22T18:34:52+00:00 https://go.theregister.com/feed/www.theregister.com/2022/12/22/zerobot_microsoft_iot_botnet/ www.secnews.physaphae.fr/article.php?IdArticle=8293764 False Malware None 3.0000000000000000 TechRepublic - Security News US The use of .XLL Excel files by threat actors to infect computers with malware is growing fast. Learn more about this relatively new technique and how to protect from it. ]]> 2022-12-22T18:25:13+00:00 https://www.techrepublic.com/article/cisco-talos-xll-excel-vulnerability/ www.secnews.physaphae.fr/article.php?IdArticle=8293768 False Malware,Vulnerability,Threat None 1.00000000000000000000 RedCanary - Red Canary 2022-12-22T15:43:07+00:00 https://redcanary.com/blog/intelligence-insights-december-2022/ www.secnews.physaphae.fr/article.php?IdArticle=8293724 False Malware None 3.0000000000000000 knowbe4 - cybersecurity services ]]> 2022-12-22T14:44:21+00:00 https://blog.knowbe4.com/polymorphic-wiper-malware-leaves-attacked-environments-unrecoverable www.secnews.physaphae.fr/article.php?IdArticle=8293717 False Malware None 2.0000000000000000 InformationSecurityBuzzNews - Site de News Securite 2022-12-22T14:03:30+00:00 https://informationsecuritybuzz.com/brazilian-bank-users-target-brasdex/ www.secnews.physaphae.fr/article.php?IdArticle=8293700 False Malware,Threat None 2.0000000000000000 Cisco - Security Firm Blog 2022-12-22T13:00:50+00:00 https://blogs.cisco.com/security/black-hat-europe-2022-noc-when-planning-meets-execution www.secnews.physaphae.fr/article.php?IdArticle=8293682 True Malware None 3.0000000000000000 Cisco - Security Firm Blog 2022-12-22T13:00:22+00:00 https://blogs.cisco.com/security/black-hat-europe-2022-noc-the-soc-inside-the-noc www.secnews.physaphae.fr/article.php?IdArticle=8293683 True Malware None 3.0000000000000000 Fortinet - Fabricant Materiel Securite 2022-12-22T12:37:00+00:00 https://www.fortinet.com/blog/threat-research/trying-to-steal-christmas-again www.secnews.physaphae.fr/article.php?IdArticle=8293747 False Malware None 2.0000000000000000 01net. Actualites - Securite - Magazine Francais Un redoutable malware s'attaque aux smartphones Android. Inspiré du tristement célèbre " Anubis ", le virus est conçu pour siphonner les économies des utilisateurs. Il vise plus de 400 applications bancaires et de cryptomonnaies.]]> 2022-12-22T10:15:05+00:00 https://www.01net.com/actualites/malware-android-plan-implacable-ruiner-victimes.html www.secnews.physaphae.fr/article.php?IdArticle=8293652 False Malware None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine 2022-12-22T09:00:00+00:00 https://www.infosecurity-magazine.com/news/ai-malware-classification-for-5g/ www.secnews.physaphae.fr/article.php?IdArticle=8293628 False Malware None 3.0000000000000000 The Register - Site journalistique Anglais 2022-12-22T02:20:36+00:00 https://go.theregister.com/feed/www.theregister.com/2022/12/22/godfather_banking_trojan/ www.secnews.physaphae.fr/article.php?IdArticle=8293562 False Malware None 3.0000000000000000 AhnLab - Korean Security Firm There’s been a recent increase in the distribution of malware using disk image files. Out of these, the Qakbot malware has been distributed in ISO and IMG file formats, and the ASEC analysis team discovered that it has recently changed its distribution to the use of VHD files. Such use of disk image files (IMG, ISO, VHD) is seen to be Qakbot’s method of bypassing Mark of the Web (MOTW). Disk image files can bypass the MOTW feature because when the files inside... ]]> 2022-12-22T01:22:41+00:00 https://asec.ahnlab.com/en/44662/ www.secnews.physaphae.fr/article.php?IdArticle=8293551 False Malware None 4.0000000000000000 AhnLab - Korean Security Firm Vidar Malware is one of the active Infostealers, and its distribution has been significantly increasing. Its characteristics include the use of famous platforms such as Telegram and Mastodon as an intermediary C2. The link below is a post about a case where malicious behaviors were performed using Mastodon. Even afterward, Vidar saw continuous version updates while actively being distributed. In the recent samples in circulation, various other platforms such as Steam and TikTok were used aside from Telegram and Mastodon.... ]]> 2022-12-22T01:16:00+00:00 https://asec.ahnlab.com/en/44554/ www.secnews.physaphae.fr/article.php?IdArticle=8293552 False Malware None 3.0000000000000000 AhnLab - Korean Security Firm The ASEC analysis team recently discovered that a threat actor has been using Nitol DDoS Bot to install Amadey. Amadey is a downloader that has been in circulation since 2018, and besides extorting user credentials, it can also be used for the purpose of installing additional malware. Amadey is being actively distributed again this year, and even until very recently, it has been propagating itself on websites disguised as cracks and keygens for normal software and installing other malware on... ]]> 2022-12-22T01:03:21+00:00 https://asec.ahnlab.com/en/44504/ www.secnews.physaphae.fr/article.php?IdArticle=8293540 False Malware,Threat None 3.0000000000000000 WatchGuard - Fabricant Matériel et Logiciels 2022-12-22T00:00:00+00:00 https://www.watchguard.com/fr/wgrd-news/press-releases/le-rapport-threat-lab-de-watchguard-revele-que-la-principale-menace www.secnews.physaphae.fr/article.php?IdArticle=8393223 False Ransomware,Malware,Tool,Threat APT 3 3.0000000000000000 SC Magazine - Magazine 2022-12-21T17:04:56+00:00 https://www.scmagazine.com/brief/malware/fake-payload-deployed-by-raspberry-robin-in-new-attacks www.secnews.physaphae.fr/article.php?IdArticle=8296288 False Malware None 2.0000000000000000 SC Magazine - Magazine 2022-12-21T17:03:42+00:00 https://www.scmagazine.com/brief/cybercrime/more-cybercriminals-leveraging-risepro-info-stealing-malware www.secnews.physaphae.fr/article.php?IdArticle=8296289 False Malware,Threat None 2.0000000000000000 SC Magazine - Magazine 2022-12-21T16:59:43+00:00 https://www.scmagazine.com/brief/malware/xll-files-in-excel-increasingly-used-for-malicious-activity www.secnews.physaphae.fr/article.php?IdArticle=8296290 False Malware,Threat None 2.0000000000000000 Bleeping Computer - Magazine Américain 2022-12-21T16:47:58+00:00 https://www.bleepingcomputer.com/news/security/corsair-keyboard-bug-makes-it-type-on-its-own-no-malware-involved/ www.secnews.physaphae.fr/article.php?IdArticle=8293471 False Malware None 3.0000000000000000 Bleeping Computer - Magazine Américain 2022-12-21T16:10:36+00:00 https://www.bleepingcomputer.com/news/security/zerobot-malware-now-spreads-by-exploiting-apache-vulnerabilities/ www.secnews.physaphae.fr/article.php?IdArticle=8293472 False Malware None 3.0000000000000000 SentinelOne (Research) - Cyber Firms ChatGPT has captured the imagination of many across infosec. Here\'s how it can superpower the efforts of reversers and malware analysts.]]> 2022-12-21T15:15:59+00:00 https://www.sentinelone.com/labs/11-problems-chatgpt-can-solve-for-reverse-engineers-and-malware-analysts/ www.secnews.physaphae.fr/article.php?IdArticle=8388329 False Malware ChatGPT 3.0000000000000000 InformationSecurityBuzzNews - Site de News Securite 2022-12-21T15:10:49+00:00 https://informationsecuritybuzz.com/top-open-source-cyber-security-tools-best-for-you/ www.secnews.physaphae.fr/article.php?IdArticle=8293405 False Malware None 4.0000000000000000 Dark Reading - Informationweek Branch 2022-12-21T15:03:30+00:00 https://www.darkreading.com/attacks-breaches/godfather-banking-trojan-masquerades-legitimate-google-play-app www.secnews.physaphae.fr/article.php?IdArticle=8296204 False Malware None 3.0000000000000000 knowbe4 - cybersecurity services ]]> 2022-12-21T13:59:29+00:00 https://blog.knowbe4.com/xll-files-used-to-deliver-malware www.secnews.physaphae.fr/article.php?IdArticle=8293385 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-12-21T12:42:00+00:00 https://thehackernews.com/2022/12/ukraines-delta-military-system-users.html www.secnews.physaphae.fr/article.php?IdArticle=8293309 False Malware,Threat None 3.0000000000000000 The Register - Site journalistique Anglais 2022-12-21T09:45:12+00:00 https://go.theregister.com/feed/www.theregister.com/2022/12/21/pypi_malware_sentinelone/ www.secnews.physaphae.fr/article.php?IdArticle=8293328 False Malware None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine 2022-12-21T09:30:00+00:00 https://www.infosecurity-magazine.com/news/godfather-trojan-400-financial/ www.secnews.physaphae.fr/article.php?IdArticle=8293333 False Malware None 3.0000000000000000 Anomali - Firm Blog 2022-12-21T05:11:00+00:00 https://www.anomali.com/blog/2023-anomali-predictions-new-risks-to-put-added-pressure-on-enterprise-defenders www.secnews.physaphae.fr/article.php?IdArticle=8293292 False Malware,Threat,Prediction None 3.0000000000000000 Bleeping Computer - Magazine Américain 2022-12-21T03:00:00+00:00 https://www.bleepingcomputer.com/news/security/godfather-android-malware-targets-400-banks-crypto-exchanges/ www.secnews.physaphae.fr/article.php?IdArticle=8293311 False Malware None 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber 2022-12-20T22:47:50+00:00 https://www.cyberscoop.com/russian-hackers-jfk-airport-taxi-scheme/ www.secnews.physaphae.fr/article.php?IdArticle=8293212 False Malware None 3.0000000000000000 Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence APT5: Citrix ADC Threat Hunting Guidance (published: December 13, 2022) On December 13, 2022, the US National Security Agency published a report on the ongoing exploitation of Citrix products. Citrix confirmed that this critical remote code execution vulnerability (CVE-2022-27518, CTX474995) affects Citrix Application Delivery Controller™ (Citrix ADC) and Citrix Gateway versions: 12.1 and 13.0 before 13.0-58.32. Active exploitation of the CVE-2022-27518 zero-day was attributed to China-sponsored APT5 (Keyhole Panda, Manganese, UNC2630) and its custom Tricklancer malware. Analyst Comment: All customers using the affected builds are urged to install the current build or upgrade to the newest version (13.1 or newer) immediately. Anomali Platform has YARA signatures for the Tricklancer malware, network defenders are encouraged to follow additional NSA hunting suggestions (LINK). Check md5 hashes for key executables of the Citrix ADC appliance. Analyze your off-device logs: look for gaps and mismatches in logs, unauthorized modification of user permissions, unauthorized modifications to the crontab, and other known signs of APT5’s activities. MITRE ATT&CK: [MITRE ATT&CK] Exploit Public-Facing Application - T1190 Tags: actor:APT5, actor:UNC2630, actor:Manganese, actor:Keyhole Panda, CVE-2022-27518, CTX474995, Citrix ADC, Citrix Gateway, Zero-day, China, source-country:CN Linux Cryptocurrency Mining Attacks Enhanced via CHAOS RAT (published: December 12, 2022) In November 2022, a new cryptojacking campaign was detected by Trend Micro researchers. Unlike previously-recorded campaigns that aim at installing a cryptomining software, this one is utilizing a remote access trojan (RAT): a Linux-targeting version of the open-source Chaos RAT. This Go-based RAT is multi-functional and has the ability to download additional files, run a reverse shell, and take screenshots. Analyst Comment: Implement timely patching and updating to your systems. Monitor for a sudden increase in resource utilization, track open ports, and check the usage of and changes made to DNS routing. MITRE ATT&CK: [MITRE ATT&CK] External Remote Services - T1133 | [MITRE ATT&CK] Network Service Scanning - T1046 | [MITRE ATT&CK] Command and Scripting Interpreter - T1059 | [MITRE ATT&CK] Scheduled Task - T1053 | [MITRE ATT&CK] Screen Capture - T1113 | [MITRE ATT&CK] Remote Access Tools - T12]]> 2022-12-20T20:46:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-apt5-exploited-citrix-zero-days-azov-data-wiper-features-advanced-anti-analysis-techniques-inception-apt-targets-russia-controlled-territories-and-more www.secnews.physaphae.fr/article.php?IdArticle=8295338 False Malware,Tool,Vulnerability,Threat,Patching,Prediction APT 5 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-12-20T20:03:00+00:00 https://thehackernews.com/2022/12/beware-cybercriminals-launch-new.html www.secnews.physaphae.fr/article.php?IdArticle=8293085 False Malware,Threat None 2.0000000000000000 The Register - Site journalistique Anglais 2022-12-20T19:30:10+00:00 https://go.theregister.com/feed/www.theregister.com/2022/12/20/macos_gatekeeper_flaw_microsoft/ www.secnews.physaphae.fr/article.php?IdArticle=8293151 False Malware None 2.0000000000000000 SC Magazine - Magazine 2022-12-20T17:49:05+00:00 https://www.scmagazine.com/brief/application-security/addressed-macos-vulnerability-enables-malware-evasion-of-security-checks www.secnews.physaphae.fr/article.php?IdArticle=8296296 False Malware,Vulnerability,Threat None 3.0000000000000000 Bleeping Computer - Magazine Américain 2022-12-20T16:11:00+00:00 https://www.bleepingcomputer.com/news/security/virustotal-cheat-sheet-makes-it-easy-to-search-for-specific-results/ www.secnews.physaphae.fr/article.php?IdArticle=8293170 False Malware,Guideline None 3.0000000000000000 Bleeping Computer - Magazine Américain 2022-12-20T13:42:20+00:00 https://www.bleepingcomputer.com/news/security/hackers-bombard-pypi-platform-with-information-stealing-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8293145 False Malware None 1.00000000000000000000 Schneier on Security - Chercheur Cryptologue Américain reporting on a trojaned Windows installer that targets Ukrainian users. The installer was left on various torrent sites, presumably ensnaring people downloading pirated copies of the operating system: Mandiant uncovered a socially engineered supply chain operation focused on Ukrainian government entities that leveraged trojanized ISO files masquerading as legitimate Windows 10 Operating System installers. The trojanized ISOs were hosted on Ukrainian- and Russian-language torrent file sharing sites. Upon installation of the compromised software, the malware gathers information on the compromised system and exfiltrates it. At a subset of victims, additional tools are deployed to enable further intelligence gathering. In some instances, we discovered additional payloads that were likely deployed following initial reconnaissance including the STOWAWAY, BEACON, and SPAREPART backdoors...]]> 2022-12-20T12:30:47+00:00 https://www.schneier.com/blog/archives/2022/12/trojaned-windows-installer-targets-ukraine.html www.secnews.physaphae.fr/article.php?IdArticle=8293058 False Malware None 2.0000000000000000 SecurityWeek - Security News 2022-12-20T11:41:31+00:00 https://www.securityweek.com/new-risepro-infostealer-increasingly-popular-among-cybercriminals www.secnews.physaphae.fr/article.php?IdArticle=8293050 False Malware None 2.0000000000000000 Bleeping Computer - Magazine Américain 2022-12-20T10:15:59+00:00 https://www.bleepingcomputer.com/news/security/raspberry-robin-worm-drops-fake-malware-to-confuse-researchers/ www.secnews.physaphae.fr/article.php?IdArticle=8293087 False Malware None 5.0000000000000000 CVE Liste - Common Vulnerability Exposure 2022-12-20T04:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47578 www.secnews.physaphae.fr/article.php?IdArticle=8292995 False Malware None None TrendLabs Security - Editeur Antivirus 2022-12-20T00:00:00+00:00 https://www.trendmicro.com/en_us/research/22/l/raspberry-robin-malware-targets-telecom-governments.html www.secnews.physaphae.fr/article.php?IdArticle=8293005 False Malware None 2.0000000000000000 Dark Reading - Informationweek Branch 2022-12-19T21:28:00+00:00 https://www.darkreading.com/attacks-breaches/darktortilla-malware-imposter-cisco-grammarly-phishing www.secnews.physaphae.fr/article.php?IdArticle=8296220 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-12-19T15:35:00+00:00 https://thehackernews.com/2022/12/new-agenda-ransomware-variant-written.html www.secnews.physaphae.fr/article.php?IdArticle=8292703 False Ransomware,Malware None 2.0000000000000000 Bleeping Computer - Magazine Américain 2022-12-19T14:37:18+00:00 https://www.bleepingcomputer.com/news/security/microsoft-achilles-macos-bug-lets-hackers-bypass-gatekeeper/ www.secnews.physaphae.fr/article.php?IdArticle=8292858 False Malware,Vulnerability None 2.0000000000000000 Bleeping Computer - Magazine Américain 2022-12-19T14:37:18+00:00 https://www.bleepingcomputer.com/news/security/microsoft-finds-macos-bug-that-lets-malware-bypass-security-checks/ www.secnews.physaphae.fr/article.php?IdArticle=8293088 True Malware,Vulnerability None 2.0000000000000000 Security Intelligence - Site de news Américain In 2012, Reveton ransomware emerged. It’s considered to be the first Ransomware-as-a-Service (RaaS) operation ever. Since then, RaaS has enabled gangs with basic technical skills to launch attacks indiscriminately. Now, nearly anyone can create highly effective malware campaigns. We now see RaaS outfits with organizational capabilities that rival the most professional Software-as-a-Service (SaaS) brands. But […] ]]> 2022-12-19T14:00:00+00:00 https://securityintelligence.com/articles/how-reveton-raas-changed-cybersecurity/ www.secnews.physaphae.fr/article.php?IdArticle=8292767 False Ransomware,Malware None 3.0000000000000000 Bleeping Computer - Magazine Américain 2022-12-19T12:39:27+00:00 https://www.bleepingcomputer.com/news/security/ukraines-delta-military-system-users-targeted-by-info-stealing-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8292831 False Malware None 3.0000000000000000 Bleeping Computer - Magazine Américain 2022-12-17T11:08:16+00:00 https://www.bleepingcomputer.com/news/security/glupteba-malware-is-back-in-action-after-google-disruption/ www.secnews.physaphae.fr/article.php?IdArticle=8292401 False Malware None 3.0000000000000000 Dark Reading - Informationweek Branch 2022-12-16T16:00:03+00:00 https://www.darkreading.com/attacks-breaches/chinese-apt-group-mirrorface-interferes-japanese-elections www.secnews.physaphae.fr/article.php?IdArticle=8296236 False Malware None 3.0000000000000000 Dark Reading - Informationweek Branch 2022-12-16T14:00:00+00:00 https://www.darkreading.com/attacks-breaches/live-from-london-next-gen-cybersecurity-takes-stage-at-black-hat-europe www.secnews.physaphae.fr/article.php?IdArticle=8296239 False Malware None 2.0000000000000000 Zataz - Magazine Francais de secu 2022-12-16T11:46:06+00:00 https://www.zataz.com/moneymonger-un-nouveau-malware-dissimule-dans-des-applications-mobiles-de-pret-dargent/ www.secnews.physaphae.fr/article.php?IdArticle=8291949 True Malware None 2.0000000000000000 Bleeping Computer - Magazine Américain 2022-12-16T10:23:17+00:00 https://www.bleepingcomputer.com/news/security/microsoft-warns-of-new-minecraft-ddos-malware-infecting-windows-linux/ www.secnews.physaphae.fr/article.php?IdArticle=8291993 False Malware None 2.0000000000000000 GoogleSec - Firm Security Blog launched in 2019 with a mission to protect Android users from bad apps through shared intelligence and coordinated detection between alliance partners. Earlier this year, the App Defense Alliance expanded to include new initiatives outside of malware detection and is now the home for several industry-led collaborations including Malware Mitigation, MASA (Mobile App Security Assessment) & CASA (Cloud App Security Assessment). With a new dedicated landing page at appdefensealliance.dev, the ADA has an expanded mission to protect Android users by removing threats while improving app quality across the ecosystem. Let's walk through some of the latest program updates from the past year, including the addition of new ADA members. Malware MitigationTogether, with the founding ADA members - Google, ESET, Lookout, and Zimperium, the alliance has been able to reduce the risk of app-based malware and better protect Android users. These partners have access to mobile apps as they are being submitted to the Google Play Store and scan thousands of apps daily, acting as another, vital set of eyes prior to an app going live on Play. Knowledge sharing and industry collaboration are important aspects in securing the world from attacks and that's why we're continuing to invest in the program. New ADA MembersWe're excited to see the ADA expand with the additions of McAfee and Trend Micro. Both McAfee and Trend Micro are leaders in the antivirus space and we look forward to their contributions to the program. Mobile App Security Assessment (MASA)With consumers spending four to five hours per day in mobile apps, ensuring the safety of these services is more important than ever. According to Data.ai, the pandemic accelerated existing mobile habits - with app categories like finance growing 25% YoY and users spending over 100 billion hours in shopping apps. That's why the ADA introduced MASA (Mobile App Security Assessment), which allows developers to have their apps independently validated against the Mobile Application Security Verification Standard (MASVS standard) under the OWASP Mobile Application Security project. The project's mission is to “Define the industry standard for mobile application security,” and has been used by both public and private sector organizations as a form of industry best practices when it comes to mobile application security. Developers can work directly with an ADA Authorized Lab to have their apps evaluated against a set of MASVS L1 requirements. Once successful, the app's validation is listed in the recently launched App Validation Directory, which provides users a single place to view all app validations. The Directory also allows users to access more assessment details including validation date, test lab, and a report showing all test steps and requirements. The Directory will be updated over time with new features and search functionality to make it more user friendly. The Google Play Store is the first commercial app store to recognize and display a badge for any app that has completed an independent security review through ADA MASA. The badge is displayed within an app's respective ]]> 2022-12-15T20:51:24+00:00 http://security.googleblog.com/2022/12/app-defense-alliance-expansion.html www.secnews.physaphae.fr/article.php?IdArticle=8294655 False Malware,Guideline,Prediction Uber 2.0000000000000000 Global Security Mag - Site de news francais Malware Update]]> 2022-12-15T17:15:19+00:00 https://www.globalsecuritymag.fr/WatchGuard-Threat-Lab-Report-Finds-Top-Threat-Arriving-Exclusively-Over.html www.secnews.physaphae.fr/article.php?IdArticle=8291639 False Malware,Threat APT 3 2.0000000000000000 Dark Reading - Informationweek Branch 2022-12-15T16:20:20+00:00 https://www.darkreading.com/vulnerabilities-threats/blackmailing-moneymonger-malware-hides-flutter-mobile-apps www.secnews.physaphae.fr/article.php?IdArticle=8296246 False Malware,Threat,Prediction None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine 2022-12-15T16:00:00+00:00 https://www.infosecurity-magazine.com/news/loan-scam-campaign-moneymonger/ www.secnews.physaphae.fr/article.php?IdArticle=8291594 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-12-15T15:54:00+00:00 https://thehackernews.com/2022/12/android-malware-campaign-leverages.html www.secnews.physaphae.fr/article.php?IdArticle=8291505 False Malware None 3.0000000000000000 Mandiant - Blog Sécu de Mandiant Executive Summary Mandiant identified an operation focused on the Ukrainian government via trojanized Windows 10 Operating System installers. These were distributed via torrent sites in a supply chain attack. Threat activity tracked as UNC4166 likely trojanized and distributed malicious  Windows Operating system installers which drop malware that conducts reconnaissance and deploys additional capability on some victims to conduct data theft. The trojanized files use the Ukrainian language pack and are designed to target Ukrainian users. Following compromise targets selected for follow]]> 2022-12-15T15:00:00+00:00 https://www.mandiant.com/resources/blog/trojanized-windows-installers-ukrainian-government www.secnews.physaphae.fr/article.php?IdArticle=8377393 False Malware None 3.0000000000000000 Global Security Mag - Site de news francais Malware Update]]> 2022-12-15T13:33:39+00:00 https://www.globalsecuritymag.fr/Zimperium-Discovers-Novel-Predatory-Loan-Malware-Hiding-in-Mobile-Apps.html www.secnews.physaphae.fr/article.php?IdArticle=8291569 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-12-15T11:32:00+00:00 https://thehackernews.com/2022/12/hacking-using-svg-files-to-smuggle-qbot.html www.secnews.physaphae.fr/article.php?IdArticle=8291456 False Malware None 3.0000000000000000 Global Security Mag - Site de news francais Malwares]]> 2022-12-15T10:23:49+00:00 https://www.globalsecuritymag.fr/Zimperium-decouvre-un-nouveau-malware-dissimule-dans-des-applications-mobiles.html www.secnews.physaphae.fr/article.php?IdArticle=8291518 False Malware None 2.0000000000000000 NozomiNetwork - Société spécialisé dans les sondes réseaux Industrielles Glupteba is a trojan horse typically deployed via malicious installers and software cracks. It is a modular malware operators can use to perform a wide range of tasks. Surprisingly, Glupteba leverages the Bitcoin blockchain to distribute its C&C domains. ]]> 2022-12-15T06:44:06+00:00 https://www.nozominetworks.com/blog/tracking-malicious-glupteba-activity-through-the-blockchain/ www.secnews.physaphae.fr/article.php?IdArticle=8291644 False Malware None 2.0000000000000000 AhnLab - Korean Security Firm The ASEC analysis team uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from December 5th, 2022 (Monday) to December 11th, 2022 (Sunday). For the main category, downloader ranked top with 44.3%, followed by Infostealer with 28.2%, backdoor with 18.3%, ransomware with 8.5%, and CoinMiner with 0.7%. Top 1 – Amadey This week, Amadey Bot ranked first place with 15.9%. Amadey is a downloader that can receive commands... ]]> 2022-12-15T06:10:39+00:00 https://asec.ahnlab.com/en/44354/ www.secnews.physaphae.fr/article.php?IdArticle=8291461 True Ransomware,Malware None 2.0000000000000000 AhnLab - Korean Security Firm The ASEC analysis team discovered that the STOP ransomware is being distributed in Korea. This ransomware is being distributed at a very high volume that it is ranked among the Top 3 in the ASEC Weekly Malware Statistics (November 28th, 2022 – December 4th, 2022). The files that are currently being distributed are in the form of MalPe just like SmokeLoader and Vidar, and the filenames include a random 4-byte string as shown below. When the ransomware is executed, it first... ]]> 2022-12-15T06:02:24+00:00 https://asec.ahnlab.com/en/43861/ www.secnews.physaphae.fr/article.php?IdArticle=8291450 False Ransomware,Malware None 1.00000000000000000000 Anomali - Firm Blog download our ebook, The Need to Focus on the Adversary, to learn why understanding the attacker is important. Intelligence Channels:  Security teams are under pressure to do more with less. Unfortunately, most organizations need help effectively implementing threat intelligence, not benefiting from the value their threat intelligence team, processes, and tools provide. We’ve made it easier for Security teams to implement out-of-the-box tailored intelligence with Intelligence Channels. Intelligence Channels are for organizations that need help implementing threat intelligence. Curated by The Anomali]]> 2022-12-15T05:12:00+00:00 https://www.anomali.com/blog/anomali-november-quarterly-product-update www.secnews.physaphae.fr/article.php?IdArticle=8291449 False Malware,Threat None 1.00000000000000000000 Bleeping Computer - Magazine Américain 2022-12-15T02:36:18+00:00 https://www.bleepingcomputer.com/news/security/hackers-target-japanese-politicians-with-new-mirrorstealer-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8291591 False Malware None 1.00000000000000000000