This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-06-25T07:11:04+00:00 www.secnews.physaphae.fr The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Is your organization constantly under threat from credential phishing? Even with comprehensive security awareness training, many employees still fall victim to credential phishing scams. The result? Cybercriminals gaining immediate and unhindered access to sensitive data, email accounts, and other applications. But what if you could outsmart these criminals and protect your organization? Join]]> 2023-08-15T13:01:00+00:00 https://thehackernews.com/2023/08/catching-catphish-join-expert-webinar.html www.secnews.physaphae.fr/article.php?IdArticle=8370106 False Threat None 2.0000000000000000 Security Intelligence - Site de news Américain La chasse aux menaces implique la recherche de menaces et d'adversaires dans une infrastructure numérique de l'organisation que les outils de sécurité existants ne détectent pas.Il recherche de manière proactive des menaces dans l'environnement en supposant que l'adversaire est en train de compromettre l'environnement ou a compromis l'environnement.Les chasseurs de menaces peuvent avoir des objectifs et des mentalités différents tandis que [& # 8230;]

---

>Threat hunting involves looking for threats and adversaries in an organization’s digital infrastructure that existing security tools don’t detect. It is proactively looking for threats in the environment by assuming that the adversary is in the process of compromising the environment or has compromised the environment. Threat hunters can have different goals and mindsets while […] ]]> 2023-08-15T13:00:00+00:00 https://securityintelligence.com/posts/threat-hunting-101-how-to-outthink-attackers/ www.secnews.physaphae.fr/article.php?IdArticle=8370249 False Tool,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The npm package registry has emerged as the target of yet another highly targeted attack campaign that aims to entice developers into downloading malevolent modules. Software supply chain security firm Phylum told The Hacker News the activity exhibits similar behaviors to that of a previous attack wave uncovered in June, which has since been linked to North Korean threat actors. As many as nine]]> 2023-08-15T12:38:00+00:00 https://thehackernews.com/2023/08/north-korean-hackers-suspected-in-new.html www.secnews.physaphae.fr/article.php?IdArticle=8370107 False Threat None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC The State of API Security Q1 Report 2023 survey finding concluded that the attacks targeting APIs had increased 400% during the past six months. Security vulnerabilities within APIs compromise critical systems, resulting in unauthorized access and data breaches like Twitter and Optus API breaches. Cybercriminals can exploit the vulnerabilities and launch various attacks like authentication attacks, distributed denial-of-service attacks (DDoS), and malware attacks. API security has emerged as a significant business issue as another report reveals that by 2023, API abuses will be the most frequent attack vector causing data breaches, and also, 50% of data theft incidents will happen due to insecure APIs. As a result, API security has. become a top priority for organizations to safeguard their data, which may cost businesses $75 billion annually. Why does API security still pose a threat in 2023? Securing APIs has always been a daunting task for most organizations, mainly because of the misconfigurations within APIs and the rise in cloud data breaches. As the security landscape evolved, API sprawl became the top reason that posed a threat to API security. API sprawl is the uncontrolled proliferation of APIs across an organization and is a common problem for enterprises with multiple applications, services, and development teams. As more APIs are created, they expanded the attack surface and emerged as an attractive target for hackers. The issue is that the APIs are not always designed by keeping security standards in mind. This leads to a lack of authorization and authentication, exposing sensitive data like personally identifiable information (PII) or other business data.  API sprawl]]> 2023-08-15T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/why-is-api-security-the-next-big-thing-in-cybersecurity www.secnews.physaphae.fr/article.php?IdArticle=8370101 False Malware,Tool,Vulnerability,Threat,Cloud Uber 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new remote access trojan (RAT) called QwixxRAT is being advertised for sale by its threat actor through Telegram and Discord platforms. "Once installed on the victim\'s Windows platform machines, the RAT stealthily collects sensitive data, which is then sent to the attacker\'s Telegram bot, providing them with unauthorized access to the victim\'s sensitive information," Uptycs said in a new]]> 2023-08-14T21:24:00+00:00 https://thehackernews.com/2023/08/qwixxrat-new-remote-access-trojan.html www.secnews.physaphae.fr/article.php?IdArticle=8369978 False Threat None 2.0000000000000000 Checkpoint - Fabricant Materiel Securite & # 160;Le point de chèque est ravi d'accepter le prix international Business Awards \\ 'Gold Stevie pour notre plateforme de sécurité quantique Titan!Au point de contrôle, nous transformons comment les organisations sécurisent leurs réseaux dans les environnements sur site, cloud et IoT.Propulsé par ThreatCloud AI, Quantum Titan fournit une prévention avancée des menaces et une protection contre les cyberattaques les plus sophistiquées, y compris les exploits de système de phishing et de nom de domaine zéro-jour.Alors que les cyberattaques sont devenues plus sophistiquées avec une fréquence et un coût accrus, l'expansion des appareils IoT sur les réseaux et les environnements multi-clouds a créé plus de complexité des réseaux et de menaces pour une organisation.Quantum Titan répond à la nécessité d'une meilleure sécurité et [& # 8230;]

---

>  Check Point is thrilled to accept the International Business Awards\' Gold Stevie award for our Quantum Titan security platform! At Check Point, we are transforming how organizations secure their networks across on-premise, cloud and IoT environments. Powered by ThreatCloud AI, Quantum Titan provides advanced threat prevention and protection against the most sophisticated cyberattacks, including zero-day phishing and domain name system exploits. While cyberattacks have become more sophisticated with increased frequency and cost, IoT device expansion on networks and multi-cloud environments have created more network complexity and threats to an organization. Quantum Titan addresses the need for better security and […] ]]> 2023-08-14T17:28:10+00:00 https://blog.checkpoint.com/securing-the-network/check-point-wins-gold-stevie-international-business-award/ www.secnews.physaphae.fr/article.php?IdArticle=8370001 False Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Why SaaS Security Is a Challenge In today\'s digital landscape, organizations are increasingly relying on Software-as-a-Service (SaaS) applications to drive their operations. However, this widespread adoption has also opened the doors to new security risks and vulnerabilities. The SaaS security attack surface continues to widen. It started with managing misconfigurations and now requires a]]> 2023-08-14T16:43:00+00:00 https://thehackernews.com/2023/08/identity-threat-detection-and-response.html www.secnews.physaphae.fr/article.php?IdArticle=8369891 False Threat,Cloud None 2.0000000000000000 Techworm - News Stellar Cyber, announced today that their OpenXDR platform is now accessible to those that use Oracle Cloud Infrastructure (OCI). Customers who have adopted the cloud and seek simpler and smarter solutions to improve their security can now purchase Stellar Cyberr\'s platform via the Oracle Cloud Marketplace,  applying Oracle Universal Credits (OUCs) toward the purchase price. How does OpenXDR technology help businesses to better manage the security of their cloud structures, and what does this new partnership mean for Oracle Cloud users? Table Of ContentsCapabilities of Stellar Cyber\'s OpenXDR PlatformNow Available on Oracle Cloud InfrastructureThe Future of Cloud Security Capabilities of Stellar Cyber\'s OpenXDR Platform Stellar Cyber has developed Open Extended Detection and Response (OpenXDR) to facilitate security for both companies facing a large volume of attacks and overwhelmed security professionals. To achieve this, it unites the capabilities of several tools that are essential for security - many of which used to be incompatible. Some of the security solutions that are currently integrated into the platform are NextGen SIEM and Network Detection and Response (NDR). One of the key issues that the company has focused on since its beginning is the large quantity of data that is incoming from versatile incompatible security tools. Today, the issue of having to manage and make sense of large amounts of data is more emphasized than ever before. Why? Because organizations have added more security points to their systems - mostly to protect the new cloud technology that is now a regular part of their network. For instance, the data management solution integrated within OpenXDR can gather insights that are generated from versatile tools the platform supports. To make the reports more accurate and comprehensive, it can correlate the findings gathered from the tools it supports. As a result, the professionals retain visibility of ever-growing attack surfaces and get correct as well as actionable reports on the state of security in real-time. This helps them to react to sophisticated threats early - before they escalate into major security incidents. The tools that can be found under Stellar Cyber\'s umbrella platform are AI and machine-learning-powered. This means that they promptly and automatically mitigate well-known threats, but they continually learn about the company and use the findings to detect anomalies early. Also, they\'re available from a single dashboard since the platform unites the capabilities of versatile previously siloed solutions in one place. For those that already use Oracle Cloud, the new collaborations mean they\'ll now have the capabilities of the OpenXDR platform at their disposal as well. “Stellar Cyber is committed to providing the critical capabilities security teams need to deliver consistent security outcomes-all for a single license and price on a single platform,” said Jim O\'Hara, Chief Revenue Officer at Stellar Cyber. “This simple yet comprehensive model makes it easy for customers to measure how our Open XDR platform dramatically impacts their security ROI.” Now Available on Oracle Cloud Infrastructure Oracle Clou]]> 2023-08-14T15:01:22+00:00 https://www.techworm.net/2023/08/stellar-cyber-openxdr-oracle-cloud-infrastructure.html www.secnews.physaphae.fr/article.php?IdArticle=8393063 False Tool,Threat,Cloud None 2.0000000000000000 Mandiant - Blog Sécu de Mandiant Article de blog sur le compromis de Citrix NetScaler Delivery Controller (ADC) et des appareils de passerelle NetScaler liés à la vulnérabilité du jour zéro suivi sous le nom de cve-2023-3519 .Le CVE-2023-3519 est une vulnérabilité zéro-jour qui peut permettre l'exécution du code distant, et a été observé exploité dans la nature par un acteur de menace cohérent avec une Chine-Nexus basée sur des capacités connues et une histoire de ciblage des ADC Citrix.Récemment, la preuve de concepts pour exploiter cette vulnérabilité a été publiquement posté . Aujourd'hui, nous publions un outil pour aider

---

Mandiant recently published a blog post about the compromise of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway Appliances related to the zero-day vulnerability tracked as CVE-2023-3519. CVE-2023-3519 is a zero-day vulnerability that can enable remote code execution, and has been observed being exploited in the wild by a threat actor consistent with a China-nexus based on known capabilities and history of targeting Citrix ADCs. Recently, proof-of-concepts to exploit this vulnerability have been publicly posted.  Today we are releasing a tool to help]]> 2023-08-14T14:30:00+00:00 https://www.mandiant.com/resources/blog/citrix-adc-vulnerability-ioc-scanner www.secnews.physaphae.fr/article.php?IdArticle=8377330 False Tool,Vulnerability,Threat None 3.0000000000000000 Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique De février à juillet 2023, Netskope Threat Labs a suivi une augmentation stupéfiante de 61 fois le trafic vers les pages de phishing hébergées dans CloudFlare R2.La majorité des campagnes de phishing ciblent les informations d'identification de connexion Microsoft, bien qu'il existe des pages ciblant Adobe, Dropbox et d'autres applications cloud.Les attaques ont ciblé les victimes principalement dans le nord [& # 8230;]

---

>From February to July 2023, Netskope Threat Labs has been tracking a staggering 61-fold increase in traffic to phishing pages hosted in Cloudflare R2. The majority of the phishing campaigns target Microsoft login credentials, although there are some pages targeting Adobe, Dropbox, and other cloud apps. The attacks have been targeting victims mainly in North […] ]]> 2023-08-14T14:05:39+00:00 https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile www.secnews.physaphae.fr/article.php?IdArticle=8369920 False Threat,Cloud None 2.0000000000000000 Checkpoint Research - Fabricant Materiel Securite Pour les dernières découvertes de cyber-recherche pour la semaine du 14 août, veuillez télécharger nos principales attaques de menace_ingence et violation de la Belt Railway Company de Chicago, le plus grand chemin de fer de la terminale intermédiaire, mène actuellement une enquête sur une attaque intermédiaireExécuté par le groupe Akira Ransomware.Ce groupe a [& # 8230;]

---

>For the latest discoveries in cyber research for the week of 14th August, please download our Threat_Intelligence Bulletin TOP ATTACKS AND BREACHES The Belt Railway Company of Chicago, the largest intermediate switching terminal railroad in the United States, is currently conducting an investigation into an attack executed by the Akira ransomware group. This group has […] ]]> 2023-08-14T11:52:38+00:00 https://research.checkpoint.com/2023/14th-august-threat-intelligence-report/ www.secnews.physaphae.fr/article.php?IdArticle=8369887 False Ransomware,Threat None 2.0000000000000000 Recorded Future - FLux Recorded Future Les autorités chinoises se sont engagées à «divulguer publiquement un système de reconnaissance mondial hautement secret» exploité par le gouvernement américain à la suite d'une enquête sur le piratage présumé de l'équipement de surveillance des tremblements de terre à Wuhan.La réclamation marque la dernière d'une série de tentatives de la République de Chine du peuple pour mettre en évidence les efforts de collecte de renseignement de Washington en réponse à

---

Chinese authorities have pledged to “publicly disclose a highly secretive global reconnaissance system” operated by the U.S. government following an investigation into the alleged hacking of earthquake monitoring equipment in Wuhan. The claim marks the latest of a series of attempts by the People\'s Republic of China to highlight Washington\'s intelligence-gathering efforts in response to]]> 2023-08-14T11:46:00+00:00 https://therecord.media/china-accuses-us-global-reconnaissance-system-wuhan www.secnews.physaphae.fr/article.php?IdArticle=8369888 False Threat None 2.0000000000000000 Global Security Mag - Site de news francais opinion

---

Does MFA Solve the Threat of Account Takeover? by Jim Downey, Senior Product Marketing Manager, F5 For criminals trying to conduct account takeover fraud via credential stuffing, multifactor authentication (MFA) adds hurdles, but attackers have discovered ways to bypass MFA. Enterprises therefore need to take additional measures to bolster the security of MFA, including bot mitigation and the monitoring of contextual risk. - Opinion]]> 2023-08-14T11:41:12+00:00 https://www.globalsecuritymag.fr/Does-MFA-Solve-the-Threat-of-Account-Takeover.html www.secnews.physaphae.fr/article.php?IdArticle=8369889 False Threat None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC account for a huge 62% of all commercial attacks, a clear indication of the scale of the challenge faced by the supply chain and the logistics industry as a whole. There are solutions out there, however, and the most simple of these concerns a simple upskilling of supply chain professionals to be aware of cybersecurity systems and threats. In an industry dominated by the need for trust, this is something that perhaps can come naturally for the supply chain. Building trust and awareness At the heart of a successful supply chain relationship is trust between partners. Building that trust, and securing high quality business partners, relies on a few factors. Cybersecurity experts and responsible officers will see some familiarity - due diligence, scrutiny over figures, and continuous monitoring. In simple terms, an effective framework of checking and rechecking work, monitored for compliance on all sides. These factors are a key part of new federal cybersecurity rules, according to news agency Reuters. Among other measures are a requirement for companies to have rigorous control over system patching, and measures that would require cloud hosted services to identify foreign customers. These are simple but important steps, and give a hint to supply chain businesses as to what they should be doing; putting in measures to monitor, control, and enact compliance on cybersecurity threats. That being said, it can be the case that the software isn’t in place within individual businesses to ensure that level of control. The right tools, and the right personnel, is also essential. The importance of software Back in April, the UK’s National Cyber Security Centre released details of specific threats made by Russian actors against business infrastructure in the USA and UK. Highlighted in this were specific weaknesses in business systems, and that includes in hardware and software used by millions of businesses worldwide. The message is simple - even industry standard software and devices have their problems, and businesses have to keep track of that. There are two arms to ensure this is completed. Firstly, the business should have a cybersecurity officer in place whose role it is to monitor current measures and ensure they are kept up to date. Secondly, budget and time must be allocated at an executive level firstly to promote networking between the business and cybersecurity firms, and between partner businesses to ensure that even cybersecurity measures are implemented across the chain. Utilizing AI There is something of a digital arms race when it comes to artificial intelligence. As ZDNet notes, the lack of clear regulation is providing a lot of leeway for malicious actors to innovate, but for businesses to act, too. While regulations are now coming in, it remains that there is a clear role for AI in prevention. According t]]> 2023-08-14T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/building-cybersecurity-into-the-supply-chain-is-essential-as-threats-mount www.secnews.physaphae.fr/article.php?IdArticle=8369852 False Threat,Cloud ChatGPT,APT 28 2.0000000000000000 Fortinet - Fabricant Materiel Securite Read how supply chain attacks in PyPI are detected by an AI engine assistant. See how a threat author distributes malicious python packages using different PyPI account IDs.]]> 2023-08-14T08:00:00+00:00 https://www.fortinet.com/blog/threat-research/continued-oss-supply-chain-attacks-hidden-in-pypi www.secnews.physaphae.fr/article.php?IdArticle=8370286 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A hitherto undocumented threat actor operating for nearly a decade and codenamed MoustachedBouncer has been attributed to cyber espionage attacks aimed at foreign embassies in Belarus. "Since 2020, MoustachedBouncer has most likely been able to perform adversary-in-the-middle (AitM) attacks at the ISP level, within Belarus, in order to compromise its targets," ESET security researcher Matthieu]]> 2023-08-11T19:53:00+00:00 https://thehackernews.com/2023/08/researchers-uncover-decade-long-cyber.html www.secnews.physaphae.fr/article.php?IdArticle=8368956 False Threat None 1.00000000000000000000 Dark Reading - Informationweek Branch In an annual survey, 62% of respondents admited their threat intel efforts need stepping up.]]> 2023-08-11T18:50:00+00:00 https://www.darkreading.com/threat-intelligence/oswap-releases-threat-intelligence-survey-reveals-need-for-enhancement www.secnews.physaphae.fr/article.php?IdArticle=8369072 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Chinese threat actor known as APT31 (aka Bronze Vinewood, Judgement Panda, or Violet Typhoon) has been linked to a set of advanced backdoors that are capable of exfiltrating harvested sensitive information to Dropbox. The malware is part of a broader collection of more than 15 implants that have been put to use by the adversary in attacks targeting industrial organizations in Eastern Europe]]> 2023-08-11T15:42:00+00:00 https://thehackernews.com/2023/08/researchers-shed-light-on-apt31s.html www.secnews.physaphae.fr/article.php?IdArticle=8368885 False Malware,Threat,Industrial APT 31,APT 31 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An unknown threat actor has been linked to a cyber attack on a power generation company in South Africa with a new variant of the SystemBC malware called DroxiDat as a precursor to a suspected ransomware attack. "The proxy-capable backdoor was deployed alongside Cobalt Strike Beacons in a South African nation\'s critical infrastructure," Kurt Baumgartner, principal security researcher at]]> 2023-08-11T15:10:00+00:00 https://thehackernews.com/2023/08/new-systembc-malware-variant-targets.html www.secnews.physaphae.fr/article.php?IdArticle=8368855 False Ransomware,Malware,Threat None 4.0000000000000000 Recorded Future - FLux Recorded Future Vendredi, la principale agence nationale de renseignement nationale de la Nouvelle-Zélande a accusé la Chine de «des activités continues en Nouvelle-Zélande» dans un rapport non classifié décrivant l'environnement de menace du pays.Le rapport de 53 pages du NZ Security Intelligence Service (NZSIS) a décrit l'activité chinoise comme« un préoccupation complexe de renseignement pour la Nouvelle-Zélande », l'agence notant que« les groupes

---

New Zealand\'s primary national intelligence agency on Friday accused China of “ongoing activity in and against New Zealand” in an unclassified report describing the country\'s threat environment. The 53-page report from the NZ Security Intelligence Service (NZSIS) described the Chinese activity as “a complex intelligence concern for New Zealand,” with the agency noting that “groups]]> 2023-08-11T12:00:00+00:00 https://therecord.media/new-zealand-report-china-interference-cyber-intelligence www.secnews.physaphae.fr/article.php?IdArticle=8368901 False Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Enterprise usages of generative AI are what is going to turn the threat model of many organizations upside down, Maria Markstedter argued during her speech at Black Hat USA]]> 2023-08-11T10:30:00+00:00 https://www.infosecurity-magazine.com/news/security-risks-to-boom-generative/ www.secnews.physaphae.fr/article.php?IdArticle=8368887 False Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Device manufacturers and users have a role to play in mitigating the threat]]> 2023-08-11T08:30:00+00:00 https://www.infosecurity-magazine.com/news/researchers-tackle-thermal-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8368840 False Threat None 2.0000000000000000 Bleeping Computer - Magazine Américain The U.S. government released a report after analyzing simple techniques, e.g. SIM swapping, used by the Lapsus$ extortion group to breach dozens of organizations with a strong security posture. [...]]]> 2023-08-11T02:23:46+00:00 https://www.bleepingcomputer.com/news/security/lapsus-hackers-took-sim-swapping-attacks-to-the-next-level/ www.secnews.physaphae.fr/article.php?IdArticle=8368919 False Threat None 3.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET Listen as ESET\'s Director of Threat Research Jean-Ian Boutin unravels the tactics, techniques and procedures of MoustachedBouncer, an APT group taking aim at foreign embassies in Belarus]]> 2023-08-10T19:49:00+00:00 https://www.welivesecurity.com/en/podcasts/eset-research-podcast-unmasking-moustachedbouncer/ www.secnews.physaphae.fr/article.php?IdArticle=8382222 False Threat None 2.0000000000000000 Global Security Mag - Site de news francais rapports spéciaux

---

New SecurityGen study highlights hidden threat to 5G mobile networks from GTP-based cyber-attacks Telecom security experts call on operators to put in place comprehensive cyber-security measures against GTP threats - Special Reports]]> 2023-08-10T19:48:39+00:00 https://www.globalsecuritymag.fr/New-SecurityGen-study-highlights-hidden-threat-to-5G-mobile-networks-from-GTP.html www.secnews.physaphae.fr/article.php?IdArticle=8368531 False Threat,Studies None 2.0000000000000000 knowbe4 - cybersecurity services à Black Hat USA 2023, une session dirigée par une équipe de chercheurs en sécurité, dont Fredrik Heiding, Bruce Schneier, Arun Vishwanath et Jeremy Bernstein, ont dévoilé une expérience intrigante.Ils ont testé de grands modèles de langue (LLM) pour voir comment ils ont fonctionné à la fois dans l'écriture de courriels de phishing convaincants et les détecter.Ceci est le PDF document technique . L'expérience: l'élaboration des e-mails de phishing L'équipe a testé quatre LLM commerciaux, y compris le chatppt de l'Openai \\, Bard de Google \\, Claude \\ de Google et Chatllama, dans des attaques de phishing expérimentales contre les étudiants de Harvard.L'expérience a été conçue pour voir comment la technologie de l'IA pouvait produire des leurres de phishing efficaces. Heriding, chercheur à Harvard, a souligné qu'une telle technologie a déjà eu un impact sur le paysage des menaces en facilitant la création de courriels de phishing.Il a dit: "GPT a changé cela. Vous n'avez pas besoin d'être un orateur anglais natif, vous n'avez pas besoin de faire beaucoup. Vous pouvez entrer une invite rapide avec seulement quelques points de données." L'équipe a envoyé des e-mails de phishing offrant des cartes-cadeaux Starbucks à 112 étudiants, en comparant Chatgpt avec un modèle non AI appelé V-Triad.Les résultats ont montré que l'e-mail V-Triad était le plus efficace, avec un taux de clic de 70%, suivi d'une combinaison V-Triad-Chatgpt à 50%, Chatgpt à 30% et le groupe témoin à 20%. Cependant, dans une autre version du test, Chatgpt a fonctionné beaucoup mieux, avec un taux de clic de près de 50%, tandis que la combinaison V-Triad-Chatgpt a mené avec près de 80%.Heriding a souligné qu'un LLM non formé et à usage général a pu créer rapidement des attaques de phishing très efficaces. Utilisation de LLMS pour la détection de phishing La deuxième partie de l'expérience s'est concentrée sur l'efficacité des LLM pour déterminer l'intention des e-mails suspects.L'équipe a utilisé les e-mails de Starbucks de la première partie de l'expérience et a demandé aux LLM de déterminer l'intention, qu'elle ait été composée par un humain ou une IA, d'identifier tout aspect suspect et d'offrir des conseils sur la façon de répondre. Les résultats étaient à la fois surprenants et encourageants.Les modèles avaient des taux de réussite élevés dans l'identification des e-mails marketing, mais ont eu des difficultés avec l'intention des e-mails de phishing V-Triad et Chatgpt.Ils se sont mieux comportés lorsqu'ils sont chargés d'identifier le contenu suspect, les résultats de Claude \\ étant mis en évidence pour non seulement pour obtenir des résultats élevés dans les tests de détection mais aussi fournir des conseils judicieux pour les utilisateurs. La puissance de phishing de LLMS Dans l'ensemble, Heriding a conclu que les LLMS prêtesété formé sur toutes les données de sécurité.Il a déclaré: "C'est vraiment quelque chose que tout le monde peut utiliser en ce moment. C'est assez puissant." L'expér]]> 2023-08-10T18:39:58+00:00 https://blog.knowbe4.com/ais-role-in-cybersecurity-black-hat-usa-2023-reveals-how-large-language-models-are-shaping-the-future-of-phishing-attacks-and-defense www.secnews.physaphae.fr/article.php?IdArticle=8368532 False Tool,Threat ChatGPT,ChatGPT 2.0000000000000000 Dark Reading - Informationweek Branch 2023-08-10T18:01:00+00:00 https://www.darkreading.com/vulnerabilities-threats/securitygen-study-highlights-hidden-threat-to-5g-mobile-networks-from-gtp-based-cyberattacks www.secnews.physaphae.fr/article.php?IdArticle=8368546 False Threat,Studies None 3.0000000000000000 Recorded Future - FLux Recorded Future Les dirigeants du panel de la Chine de la Chine ont demandé à la Federal Communications Commission (FCC) d'aider à lutter contre la menace posée par les modules de connectivité cellulaire fabriqués chinois intégrés dans les appareils Internet des objets (IoT).Les législateurs ont cité un incident l'année dernière pour illustrer la facilité avec laquelle les modules peuvent être interceptés et fermés l'année dernièrede loin.

---

Leaders of the House\'s panel on China have asked the Federal Communications Commission (FCC) to help combat the threat posed by Chinese-manufactured cellular connectivity modules embedded in Internet of Things (IoT) devices. The lawmakers cited an incident last year to illustrate the ease with which the modules can be intercepted and shut down from afar.]]> 2023-08-10T15:32:00+00:00 https://therecord.media/china-cellular-modules-fcc-house-letter www.secnews.physaphae.fr/article.php?IdArticle=8368425 False Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine OPSWAT presented the findings is its latest Threat Intelligence Survey]]> 2023-08-10T15:30:00+00:00 https://www.infosecurity-magazine.com/news/bhusa-threat-intelligence-programs/ www.secnews.physaphae.fr/article.php?IdArticle=8368431 False Threat,Studies None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are increasingly using a phishing-as-a-service (PhaaS) toolkit dubbed EvilProxy to pull off account takeover attacks aimed at high-ranking executives at prominent companies. According to Proofpoint, an ongoing hybrid campaign has leveraged the service to target thousands of Microsoft 365 user accounts, sending approximately 120,000 phishing emails to hundreds of organizations]]> 2023-08-10T15:15:00+00:00 https://thehackernews.com/2023/08/cybercriminals-increasingly-using.html www.secnews.physaphae.fr/article.php?IdArticle=8368321 False Threat None 2.0000000000000000 Recorded Future - FLux Recorded Future Le Service de renseignement national de l'Allemagne a publié jeudi un avertissement de cyber-espionnage que les organisations et individus dissidents iraniens du pays étaient ciblés par un groupe de menaces suspecté parrainé par l'État.Officiellement connu sous le nom de Federal Office for the Protection of the Constitution (BFV), l'agence ]]> 2023-08-10T15:12:00+00:00 https://therecord.media/charming-kitten-iran-targets-dissidents-in-germany www.secnews.physaphae.fr/article.php?IdArticle=8368427 False Threat None 3.0000000000000000 Security Intelligence - Site de news Américain In May 2023, the Department of Defense (DoD) released an unclassified fact sheet detailing its latest cyber strategy. This latest update is another indication of the Pentagon’s intent to combat threat actors, coming fast on the heels of the 2022 National Security Strategy and the 2022 National Defense Strategy. A more complete summary of the […] ]]> 2023-08-10T13:00:00+00:00 https://securityintelligence.com/articles/the-pentagons-2023-cyber-strategy-what-you-need-to-know/ www.secnews.physaphae.fr/article.php?IdArticle=8368393 False Threat None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC SentinelOne in 2021 and Microsoft in 2022. As stated in Microsoft’s report on UpdateAgent, a malware delivering AdLoad through drive-by compromise, AdLoad redirected users’ traffic through the adware operators’ servers, injecting advertisements and promotions into webpages and search results with a Person-in-The-Middle (PiTM) attack. These two previous campaigns, together with the campaign described in this blog, support the theory that AdLoad could be running a pay-per-Install campaign in the infected systems. The main purpose of the malware has always been to act as a downloader for subsequent payloads. It has been identified delivering a wide range of payloads (adware, bundleware, PiTM, backdoors, proxy applications, etc.) every few months to a year, sometimes conveying different payloads depending on the system settings such as geolocation, device make and model, operating system version, or language settings, as reported by SentinelOne. In all observed samples, regardless of payload, they report an Adload server during execution on the victim’s system. This beacon (analyzed later in Figure 3 & 4) includes system information in the user agent and the body, without any relevant response aside from a 200 HTTP response code. This activity probably represents AdLoad\'s method of keeping count of the number of infected systems, supporting the pay-per-Install scheme. AT&T Alien Labs™ has observed similar activity in our threat analysis systems throughout the last year, with the AdLoad malware being installed in the infected systems. However, Alien Labs is now observing a previously unreported payload being delivered to the victims. The payload corresponds to a proxy application, converting its targets into proxy exit nodes after infection. As seen in Figure 1, the threat actors behind this campaign have been very active since the beginning of 2022. Figure 1. Histogram of AdLoad samples identified by Alien Labs. The vast numb]]> 2023-08-10T10:00:00+00:00 https://cybersecurity.att.com/blogs/labs-research/mac-systems-turned-into-proxy-exit-nodes-by-adload www.secnews.physaphae.fr/article.php?IdArticle=8368296 False Spam,Malware,Threat,Cloud APT 32 2.0000000000000000 Dark Reading - Informationweek Branch Diplomats who didn\'t use VPNs may have lost sensitive state information to a Belarusian threat actor that wields the "Disco" and "Nightclub" malware.]]> 2023-08-10T09:30:00+00:00 https://www.darkreading.com/attacks-breaches/moustached-bouncer-apt-spied-embassies-belarus www.secnews.physaphae.fr/article.php?IdArticle=8368297 False Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Threat actors are targeting execs and Microsoft 365 accounts]]> 2023-08-10T09:00:00+00:00 https://www.infosecurity-magazine.com/news/evilproxy-campaign-120000-phishing/ www.secnews.physaphae.fr/article.php?IdArticle=8368280 False Threat None 2.0000000000000000 The State of Security - Magazine Américain What is Rhysida? Rhysida is a Windows-based ransomware operation that has come to prominence since May 2023, after being linked to a series of high profile cyber attacks in Western Europe, North and South America, and Australia. The group appears to have links to the notorious Vice Society ransomware gang. What kind of organisations has Rhysida been hitting with ransomware? The US Department of Health and Human Services\' Health Sector Cybersecurity Coordination Center has this month described Rhysida as a "significant threat to the healthcare sector", Rhysida has targeted hospitals and clinics...]]> 2023-08-10T06:51:20+00:00 https://www.tripwire.com/state-of-security/rhysida-ransomware-what-you-need-know www.secnews.physaphae.fr/article.php?IdArticle=8368337 False Ransomware,Threat None 1.00000000000000000000 Recorded Future - FLux Recorded Future Les acteurs de la menace ont utilisé la boîte à outils de phishing EvilProxy pour prendre le contrôle des comptes Microsoft 365 basés sur le cloud appartenant aux dirigeants de sociétés éminentes, ont révélé des chercheurs.Le Cybersecurity Firm Proofpoint, qui a publié un Rapport Sur les incidents mercredi, a déclaré que les attaques présentaient à la fois la prévalence de la boîte à outils préemballée au phishing-as-a-service, ainsi que l'augmentation du contournement

---

Threat actors have been using the phishing toolkit EvilProxy to take control of cloud-based Microsoft 365 accounts belonging to executives at prominent companies, researchers have found. The cybersecurity firm Proofpoint, which released a report on the incidents Wednesday, said the attacks exhibited both the prevalence of pre-packaged phishing-as-a-service toolkits, as well as the increased bypassing]]> 2023-08-09T20:53:00+00:00 https://therecord.media/evilproxy-phishing-kit-targets-ceos-executives www.secnews.physaphae.fr/article.php?IdArticle=8368072 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Hackers associated with China\'s Ministry of State Security (MSS) have been linked to attacks in 17 different countries in Asia, Europe, and North America from 2021 to 2023. Cybersecurity firm Recorded Future attributed the intrusion set to a nation-state group it tracks under the name RedHotel (previously Threat Activity Group-22 or TAG-222), which overlaps with a cluster of activity broadly]]> 2023-08-09T19:13:00+00:00 https://thehackernews.com/2023/08/china-linked-hackers-strike-worldwide.html www.secnews.physaphae.fr/article.php?IdArticle=8367909 False Threat None 2.0000000000000000 Dark Reading - Informationweek Branch Events like RSA Conference and Infosecurity Europe provide industry collaboration opportunities required to address the evolving cybersecurity threat landscape.]]> 2023-08-09T17:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/top-3-insights-i-learned-at-recent-cybersecurity-events www.secnews.physaphae.fr/article.php?IdArticle=8367981 False Threat,Conference None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.K. Electoral Commission on Tuesday disclosed a "complex" cyber attack on its systems that went undetected for over a year, allowing the threat actors to access years worth of voter data belonging to 40 million people. "The incident was identified in October 2022 after suspicious activity was detected on our systems," the regulator said. "It became clear that hostile actors had first]]> 2023-08-09T15:52:00+00:00 https://thehackernews.com/2023/08/uk-electoral-commission-breach-exposes.html www.secnews.physaphae.fr/article.php?IdArticle=8367831 False Threat None 2.0000000000000000 Dark Reading - Informationweek Branch Nearly a decade after it was disclosed, the Shellshock vulnerability still plagues organizations. Learn how to protect yourself.]]> 2023-08-09T14:00:00+00:00 https://www.darkreading.com/attacks-breaches/why-shellshock-remains-cybersecurity-threat-after-9-years www.secnews.physaphae.fr/article.php?IdArticle=8367891 False Vulnerability,Threat None 3.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain détecter des touches par une précision à 95%. & # 8220; Une attaque de canal latéral acoustique basé sur l'apprentissage en profondeur sur les claviers & # 8221; Résumé: Avec les développements récents de l'apprentissage en profondeur, l'omniprésence des microphones et l'augmentation des services en ligne via des appareils personnels, les attaques de canaux latéraux acoustiques présentent une plus grande menace pour les claviers que jamais.Cet article présente une implémentation pratique d'un modèle d'apprentissage en profondeur de pointe afin de classer les touches d'ordinateur portable, à l'aide d'un microphone intégré pour smartphone.Lorsqu'elle est formée sur des frappes enregistrées par un téléphone à proximité, le classificateur a atteint une précision de 95%, la précision la plus élevée observée sans utiliser un modèle de langue.Lorsqu'elle est formée sur des clés enregistrées à l'aide du zoom du logiciel de conférence vidéo, une précision de 93% a été obtenue, un nouveau meilleur pour le support.Nos résultats prouvent l'aspect pratique de ces attaques de canaux latéraux via un équipement et des algorithmes standard.Nous discutons d'une série de méthodes d'atténuation pour protéger les utilisateurs contre ces séries d'attaques ...

---

Researchers have trained a ML model to detect keystrokes by sound with 95% accuracy. “A Practical Deep Learning-Based Acoustic Side Channel Attack on Keyboards” Abstract: With recent developments in deep learning, the ubiquity of microphones and the rise in online services via personal devices, acoustic side channel attacks present a greater threat to keyboards than ever. This paper presents a practical implementation of a state-of-the-art deep learning model in order to classify laptop keystrokes, using a smartphone integrated microphone. When trained on keystrokes recorded by a nearby phone, the classifier achieved an accuracy of 95%, the highest accuracy seen without the use of a language model. When trained on keystrokes recorded using the video-conferencing software Zoom, an accuracy of 93% was achieved, a new best for the medium. Our results prove the practicality of these side channel attacks via off-the-shelf equipment and algorithms. We discuss a series of mitigation methods to protect users against these series of attacks...]]> 2023-08-09T11:08:07+00:00 https://www.schneier.com/blog/archives/2023/08/using-machine-learning-to-detect-keystrokes.html www.secnews.physaphae.fr/article.php?IdArticle=8367847 False Threat None 3.0000000000000000 Checkpoint - Fabricant Materiel Securite Les recherches sur les points de contrôle ont rapporté que les remcos de rat avaient augmenté quatre places en raison des installateurs de trojanisés, les logiciels malveillants mobiles Anubis ont évincé Spinok et l'éducation / la recherche encore le plus durement frappé notre dernier indice de menace mondial pour le juillet 2023 SAVELS SAVECTEURS SATEUR que les Remcos ont déménagé à la troisième place après menace après menace pour juillet 2023Les acteurs ont créé de faux sites Web le mois dernier pour diffuser des téléchargeurs malveillants portant le rat.Pendant ce temps, le cheval de Troie de la banque mobile Anubis a frappé le nouveau venu relatif Spinok de la première place sur la liste des logiciels malveillants mobiles, et l'éducation / la recherche était l'industrie la plus touchée.Remcos est un rat vu pour la première fois dans la nature en 2016 et est régulièrement distribué via des documents Microsoft malveillants ou [& # 8230;]

---

>Check Point Research reported that RAT Remcos rose four places due to trojanized installers, Anubis Mobile Malware Ousted SpinOk and Education/Research Still Hardest Hit Our latest Global Threat Index for July 2023 saw researchers report that Remcos moved to third place after threat actors created fake websites last month to spread malicious downloaders carrying the RAT. Meanwhile, mobile banking Trojan Anubis knocked relative newcomer SpinOk from top spot on the mobile malware list, and Education/Research was the most impacted industry. Remcos is a RAT first seen in the wild in 2016 and is regularly distributed through malicious Microsoft documents or […] ]]> 2023-08-09T11:00:45+00:00 https://blog.checkpoint.com/security/july-2023s-most-wanted-malware-remote-access-trojan-rat-remcos-climbs-to-third-place-while-mobile-malware-anubis-returns-to-top-spot/ www.secnews.physaphae.fr/article.php?IdArticle=8367885 False Malware,Threat None 2.0000000000000000 Bleeping Computer - Magazine Américain Healthcare organizations are increasingly at risk from threat actors targeting Internet of Medical Things. Learn more from Outpost24 on how attack surface management can secure the IoMT devices. [...]]]> 2023-08-09T10:02:04+00:00 https://www.bleepingcomputer.com/news/security/preventative-medicine-for-securing-iot-tech-in-healthcare-organizations/ www.secnews.physaphae.fr/article.php?IdArticle=8367933 False Threat,Medical None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC 2023-08-09T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/mind-the-interpretation-gap-another-reason-why-threat-modeling-is-important www.secnews.physaphae.fr/article.php?IdArticle=8367976 False Tool,Vulnerability,Threat,Industrial,Prediction None 2.0000000000000000 CVE Liste - Common Vulnerability Exposure An authenticated attacker with administrative access to the appliance can inject malicious JavaScript code inside the definition of a Threat Intelligence rule, that will later be executed by another legitimate user viewing the details of such a rule. An attacker may be able to perform unauthorized actions on behalf of legitimate users. JavaScript injection was possible in the content for Yara rules, while limited HTML injection has been proven for packet and STYX rules. The injected code will be executed in the context of the authenticated victim\'s session.]]> 2023-08-09T09:15:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22843 www.secnews.physaphae.fr/article.php?IdArticle=8367806 False Threat None None Checkpoint - Fabricant Materiel Securite & # 160;Selon Check Point Research (RCR): En moyenne, 1 organisation de santé sur 29 aux États-Unis a été touchée par des ransomwares au cours des quatre dernières semaines.Les soins de santé sont actuellement l'industrie n ° 1 la plus touchée par les ransomwares.En fait, en 2022, l'industrie des soins de santé a connu une augmentation de 78% en glissement annuel des cyberattaques, avec une moyenne de 1 426 tentatives de violation par semaine par organisation.Les attaques de ransomwares peuvent être particulièrement perturbatrices pour les organisations de soins de santé, comme en témoignent la récente attaque contre Prospect Medical Holdings (PMH), ce qui les a forcés à fermer les salles d'urgence à travers le pays.Les ambulances ont été réinstallées et les chirurgies électives ont reprogrammé & # 8212;[& # 8230;]

---

>  According to Check Point Research (CPR): on average, 1 in 29 healthcare organizations in the United States were impacted by ransomware over the past four weeks. Healthcare is currently the #1 most impacted industry by ransomware. In fact, in 2022, the healthcare industry experienced a 78% year-on-year increase in cyberattacks, with an average of 1,426 attempted breaches per week per organization. Ransomware attacks can be especially disruptive to healthcare organizations, as evidenced by the recent attack against Prospect Medical Holdings (PMH), which forced them to close emergency rooms across the country. Ambulances were re-routed and elective surgeries rescheduled — […] ]]> 2023-08-08T22:53:37+00:00 https://blog.checkpoint.com/security/us-hospitals-under-increasing-threat-of-ransomware/ www.secnews.physaphae.fr/article.php?IdArticle=8367614 False Ransomware,Threat,Medical None 2.0000000000000000 Global Security Mag - Site de news francais rapports spéciaux

---

Picus Security analysis of 14m attack simulations reveals organizations only prevent 6 out of every 10 attacks Blue Report highlights four "impossible trade-offs" security teams make with threat exposure management - Special Reports]]> 2023-08-08T21:16:02+00:00 https://www.globalsecuritymag.fr/Picus-Security-analysis-of-14m-attack-simulations-reveals-organizations-only.html www.secnews.physaphae.fr/article.php?IdArticle=8367592 False Threat None 2.0000000000000000 Dark Reading - Informationweek Branch The threat actor is targeting organizations in Bulgaria, China, Vietnam, and various English-speaking nations.]]> 2023-08-08T19:10:00+00:00 https://www.darkreading.com/threat-intelligence/custom-yashma-ransomware-crashes-into-the-scene www.secnews.physaphae.fr/article.php?IdArticle=8367455 False Ransomware,Threat None 2.0000000000000000 Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique Netskope Threat Labs publie un article de blog de résumé mensuel des principales menaces que nous suivons sur la plate-forme Netskope.Le but de cet article est de fournir des renseignements stratégiques et exploitables sur les menaces actives contre les utilisateurs d'entreprise du monde entier.Les attaquants récapitulatifs continuent de tenter de voler sous le radar en utilisant des applications cloud pour fournir des logiciels malveillants, [& # 8230;]

---

>Netskope Threat Labs publishes a monthly summary blog post of the top threats we are tracking on the Netskope platform. The purpose of this post is to provide strategic, actionable intelligence on active threats against enterprise users worldwide. Summary Attackers continue to attempt to fly under the radar by using cloud apps to deliver malware, […] ]]> 2023-08-08T18:33:07+00:00 https://www.netskope.com/blog/netskope-threat-labs-stats-for-july-2023 www.secnews.physaphae.fr/article.php?IdArticle=8367419 False Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) New research has revealed that threat actors are abusing Cloudflare Tunnels to establish covert communication channels from compromised hosts and retain persistent access. "Cloudflared is functionally very similar to ngrok," Nic Finn, a senior threat intelligence analyst at GuidePoint Security, said. "However, Cloudflared differs from ngrok in that it provides a lot more usability for free,]]> 2023-08-08T17:52:00+00:00 https://thehackernews.com/2023/08/hackers-abusing-cloudflare-tunnels-for.html www.secnews.physaphae.fr/article.php?IdArticle=8367210 False Threat None 3.0000000000000000 Bleeping Computer - Magazine Américain Microsoft today released a defense-in-depth update for Microsoft Office that prevents exploitation of a remote code execution (RCE) vulnerability tracked as CVE-2023-36884 that threat actors have already leveraged in attacks. [...]]]> 2023-08-08T16:15:31+00:00 https://www.bleepingcomputer.com/news/security/microsoft-office-update-breaks-actively-exploited-rce-attack-chain/ www.secnews.physaphae.fr/article.php?IdArticle=8367470 False Vulnerability,Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The elusive ransomware group, Royal, might be collaborating with Hive and Black Basta]]> 2023-08-08T15:30:00+00:00 https://www.infosecurity-magazine.com/news/ransomware-connections-sophos/ www.secnews.physaphae.fr/article.php?IdArticle=8367356 False Ransomware,Threat None 2.0000000000000000 CVE Liste - Common Vulnerability Exposure A vulnerability was discovered in the Rockwell Automation Armor PowerFlex device when the product sends communications to the local event log. Threat actors could exploit this vulnerability by sending an influx of network commands, causing the product to generate an influx of event log traffic at a high rate. If exploited, the product would stop normal operations and self-reset creating a denial-of-service condition. The error code would need to be cleared prior to resuming normal operations.]]> 2023-08-08T15:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2423 www.secnews.physaphae.fr/article.php?IdArticle=8367376 False Vulnerability,Threat None None The State of Security - Magazine Américain Today\'s VERT Alert addresses Microsoft\'s August 2023 Security Updates, which includes a recently introduced release notes format. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1068 on Wednesday, August 9th. In-The-Wild & Disclosed CVEs CVE-2023-38180 A vulnerability in Kestrel could allow for a denial of service. Kestrel is the cross-platform web server that is included with (and enabled by default in) ASP.NET Core. When detecting a potentially malicious client, Kestrel will sometimes fail to disconnect said client, resulting in the denial of service...]]> 2023-08-08T14:48:12+00:00 https://www.tripwire.com/state-of-security/vert-threat-alert-august-2023-patch-tuesday-analysis www.secnews.physaphae.fr/article.php?IdArticle=8367452 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An unknown threat actor is using a variant of the Yashma ransomware to target various entities in English-speaking countries, Bulgaria, China, and Vietnam at least since June 4, 2023. Cisco Talos, in a new write-up, attributed the operation with moderate confidence to an adversary of likely Vietnamese origin. "The threat actor uses an uncommon technique to deliver the ransom note," security]]> 2023-08-08T14:23:00+00:00 https://thehackernews.com/2023/08/new-yashma-ransomware-variant-targets.html www.secnews.physaphae.fr/article.php?IdArticle=8367147 False Ransomware,Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Pushed to the edges by efficient EDRs, threat actors are forced to use living-off-the-land techniques]]> 2023-08-08T13:00:00+00:00 https://www.infosecurity-magazine.com/news/black-hat-identity-most-breaches/ www.secnews.physaphae.fr/article.php?IdArticle=8367211 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered a set of 11 living-off-the-land binaries-and-scripts (LOLBAS) that could be maliciously abused by threat actors to conduct post-exploitation activities.  "LOLBAS is an attack method that uses binaries and scripts that are already part of the system for malicious purposes," Pentera security researcher Nir Chako said. "This makes it hard for security teams]]> 2023-08-08T12:53:00+00:00 https://thehackernews.com/2023/08/lolbas-in-wild-11-living-off-land.html www.secnews.physaphae.fr/article.php?IdArticle=8367116 False Threat None 2.0000000000000000 GoogleSec - Firm Security Blog False Base Stations (FBS) and Stingrays exploit weaknesses in cellular telephony standards to cause harm to users. Additionally, a smartphone cannot reliably know the legitimacy of the cellular base station before attempting to connect to it. Attackers exploit this in a number of ways, ranging from traffic interception and malware sideloading, to sophisticated dragnet surveillance. Recognizing the far reaching implications of these attack vectors, especially for at-risk users, Android has prioritized hardening cellular telephony. We are tackling well-known insecurities such as the risk presented by 2G networks, the risk presented by null ciphers, other false base station (FBS) threats, and baseband hardening with our ecosystem partners. 2G and a history of inherent security risk The mobile ecosystem is rapidly adopting 5G, the latest wireless standard for mobile, and many carriers have started to turn down 2G service. In the United States, for example, most major carriers have shut down 2G networks. However, all existing mobile devices still have support for 2G. As a result, when available, any mobile device will connect to a 2G network. This occurs automatically when 2G is the only network available, but this can also be remotely triggered in a malicious attack, silently inducing devices to downgrade to 2G-only connectivity and thus, ignoring any non-2G network. This behavior happens regardless of whether local operators have already sunset their 2G infrastructure. 2G networks, first implemented in 1991, do not provide the same level of security as subsequent mobile generat]]> 2023-08-08T11:59:13+00:00 http://security.googleblog.com/2023/08/android-14-introduces-first-of-its-kind.html www.secnews.physaphae.fr/article.php?IdArticle=8367399 False Malware,Tool,Threat,Conference None 3.0000000000000000 Global Security Mag - Site de news francais Investigations]]> 2023-08-08T09:06:35+00:00 https://www.globalsecuritymag.fr/10-minutes-suffisent-pour-lancer-une-cyberattaque-selon-Sysdig.html www.secnews.physaphae.fr/article.php?IdArticle=8367150 False Threat,Cloud None 2.0000000000000000 CrowdStrike - CTI Society CrowdStrike is proud to announce the launch of CrowdStrike Counter Adversary Operations, a newly formed, first-of-its kind team that brings together CrowdStrike Falcon® Intelligence and the CrowdStrike® Falcon OverWatch™ threat hunting team to disrupt today\'s adversaries and ultimately raise their cost of doing business.  Both threat hunting and intelligence operations are essential to detect, disrupt […]]]> 2023-08-08T04:00:01+00:00 https://www.crowdstrike.com/blog/crowdstrike-debuts-counter-adversary-operations-team/ www.secnews.physaphae.fr/article.php?IdArticle=8372889 False Threat None 3.0000000000000000 Dark Reading - Informationweek Branch Threat actors such as the operators of the Cl0p ransomware family increasingly exploit unknown and day-one vulnerabilities in their attacks.]]> 2023-08-08T02:00:00+00:00 https://www.darkreading.com/threat-intelligence/ransomware-victims-surge-as-threat-actors-pivot-to-zero-day-exploits www.secnews.physaphae.fr/article.php?IdArticle=8367025 False Ransomware,Vulnerability,Threat None 2.0000000000000000 The State of Security - Magazine Américain Safeguarding sensitive data is a huge concern for organizations. One of the biggest challenges they face is the threat posed by insiders who work for the organization. In fact, a report found that 74% of organizations are at least moderately vulnerable to threats from insiders. This has increased spending towards protecting against insider threats by more than 76% between 2018 to 2022, according to a global report by the Ponemon Institute. Safeguarding sensitive data from insider threats is crucial in the environment of PCI DSS, especially with the release of PCI DSS 4.0. But first, let\'s...]]> 2023-08-08T01:44:09+00:00 https://www.tripwire.com/state-of-security/protecting-sensitive-data-insider-threats-pci-dss-40 www.secnews.physaphae.fr/article.php?IdArticle=8367102 False Threat None 2.0000000000000000 Dark Reading - Informationweek Branch Accenture\'s Cyber Threat Intelligence unit has observed a tenfold rise in Dark Web threat actors targeting macOS since 2019, and the trend is poised to continue.]]> 2023-08-08T00:54:00+00:00 https://www.darkreading.com/attacks-breaches/accenture-sees-big-mac-attacks www.secnews.physaphae.fr/article.php?IdArticle=8367012 False Threat,Prediction None 2.0000000000000000 TrendLabs Security - Editeur Antivirus How generative AI influenced threat trends in 1H 2023]]> 2023-08-08T00:00:00+00:00 https://www.trendmicro.com/en_us/research/23/h/cybersecurity-threat-2023-generative-ai.html www.secnews.physaphae.fr/article.php?IdArticle=8367615 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new malware campaign has been observed making use of malicious OpenBullet configuration files to target inexperienced cyber criminals with the goal of delivering a remote access trojan (RAT) capable of stealing sensitive information. Bot mitigation company Kasada said the activity is designed to "exploit trusted criminal networks," describing it as an instance of advanced threat actors "]]> 2023-08-07T21:27:00+00:00 https://thehackernews.com/2023/08/new-malware-campaign-targets.html www.secnews.physaphae.fr/article.php?IdArticle=8366834 False Malware,Threat None 2.0000000000000000 Recorded Future - FLux Recorded Future Les chercheurs pensent qu'une nouvelle souche de ransomwares est utilisée pour cibler des organisations en Chine, au Vietnam, en Bulgarie et à plusieurs autres pays anglophones.Des experts de Cisco Talos ont déclaré lundi qu'ils avaient découvert un acteur de menace inconnu & # 8211;prétendument du Vietnam & # 8211;mener des attaques qui ont commencé dès le 4 juin. Le malware est

---

Researchers believe a new strain of ransomware is being used to target organizations in China, Vietnam, Bulgaria and several other English-speaking countries. Experts from Cisco Talos said on Monday that they have discovered a previously unknown threat actor – allegedly from Vietnam – conducting attacks that started as early as June 4. The malware is]]> 2023-08-07T20:01:00+00:00 https://therecord.media/vietnamese-hacker-targets-chinese-bulgarian-organizations-with-new-ransomware www.secnews.physaphae.fr/article.php?IdArticle=8367011 False Ransomware,Malware,Threat None 2.0000000000000000 Recorded Future - FLux Recorded Future Les pirates ont ciblé les agences gouvernementales ukrainiennes avec une campagne de phishing utilisant un programme open-source appelé Merlinagent, selon les derniers recherche .Début août, un acteur de menace non identifié a suivi la UAC-0154 a envoyé des e-mails malveillants à ses cibles, contenant prétendument des conseils de sécurité de l'équipe d'intervention d'urgence informatique d'Ukraine \\ (CERT-UA).Ces e-mails contenaient des pièces jointes malveillantes qui ont infecté les victimes \\ '

---

Hackers targeted Ukrainian government agencies with a phishing campaign using an open-source program called MerlinAgent, according to the latest research. In early August, an unidentified threat actor tracked as UAC-0154 sent malicious emails to its targets, purportedly containing security tips from Ukraine\'s computer emergency response team (CERT-UA). These emails contained malicious attachments that infected victims\']]> 2023-08-07T19:58:00+00:00 https://therecord.media/ukrainian-agencies-targeted-with-merlin www.secnews.physaphae.fr/article.php?IdArticle=8366913 False Malware,Threat None 3.0000000000000000 Recorded Future - FLux Recorded Future Le principal fabricant de missiles de la Russie a été violé par des pirates nord-coréens soutenus par l'État pendant des mois, ont révélé des chercheurs.Au moins deux groupes de menaces nord-coréens nord-coréens ont été liés au piratage de Mashinostroyeniya, ou de Mash, la célèbre société de conception de fusées de Russie.L'incident a commencé fin 2021 et s'est poursuivi jusqu'en mai de l'année dernière, la cybersécurité

---

Russia\'s major missile manufacturer was breached by state-backed North Korean hackers for months, researchers have found. At least two different North Korean nation-state threat groups have been linked to the hack of Mashinostroyeniya, or Mash, Russia\'s famous rocket design company. The incident began in late 2021 and continued until May of last year, the cybersecurity]]> 2023-08-07T18:10:00+00:00 https://therecord.media/north-korean-hackers-breach-Russia www.secnews.physaphae.fr/article.php?IdArticle=8366878 False Hack,Threat None 2.0000000000000000 Checkpoint Research - Fabricant Materiel Securite Pour les dernières découvertes de cyber-recherche pour la semaine du 7 août, veuillez télécharger nos principaux attaques et violations de Prospect Medical Holdings, un important fournisseur de services de santé qui exploite 16 hôpitaux et 166 cliniques et centres ambulatoires aux États-Unis, a subi une importanteAttaque des ransomwares.L'attaque a perturbé les opérations de l'entreprise [& # 8230;]

---

>For the latest discoveries in cyber research for the week of 7th August, please download our Threat_Intelligence Bulletin TOP ATTACKS AND BREACHES Prospect Medical Holdings, a major healthcare services provider that operates 16 hospitals and 166 outpatient clinics and centers in the US, suffered a significant ransomware attack. The attack has disrupted the company\'s operations […] ]]> 2023-08-07T15:16:10+00:00 https://research.checkpoint.com/2023/7th-august-threat-intelligence-report/ www.secnews.physaphae.fr/article.php?IdArticle=8366817 False Ransomware,Threat,Medical None 2.0000000000000000 Checkpoint - Fabricant Materiel Securite Black Hat USA approche à grands pas, l'équipe de point de contrôle a un programme complet prévu pour que vous profitiez au maximum de votre visite.En plus des séances de conférence, nous organiserons des séances d'évasion et de théâtre, des démos, des événements d'hospitalité, des jeux et des prix, etc.Visitez notre stand, 3040, chez Black Hat, alors que nous mettons en lumière notre suite de sécurité qui fournit une prévention des menaces zéro-jour complète pour votre réseau, votre e-mail, vos points de terminaison, l'IoT, le cloud et le code.Gardez une compréhension de la façon dont le portefeuille consolidé de Check Point Infinity protège les entreprises et les institutions gouvernementales des cyberattaques de 5e génération avec un taux de capture de malveillance de pointe, [& # 8230;]

---

Black Hat USA is just around the corner, the Check Point team has a full agenda planned for you to make the most of your visit. In addition to the conference sessions, we will host breakout and theater sessions, demos, hospitality events, games and prizes, and more. Visit our booth, 3040, at Black Hat, as we spotlight our security suite that provides comprehensive zero-day threat prevention for your network, email, endpoints, IoT, cloud, and code. Gain an understanding of how Check Point Infinity’s consolidated portfolio protects businesses and government institutions from 5th-generation cyber-attacks with an industry-leading capture rate of malware, […] ]]> 2023-08-07T14:00:50+00:00 https://blog.checkpoint.com/company-and-culture/dont-miss-check-points-black-hat-demos-sessions/ www.secnews.physaphae.fr/article.php?IdArticle=8366795 False Threat,Conference None 1.00000000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC As we go about our daily lives, whether that be shopping with the family, enjoying dinner at a restaurant, finding our gate at the airport, or even watching TV, we find ourselves more and more often encountering the QR code. These black-and-white checkerboards of sorts have gained a reputation for being a fast and convenient way of obtaining information via our smartphones while at the same time contributing to environmental conservation, as they allow businesses such as retailers and restaurants to print fewer paper menus or flyers. But before you whip out that phone and activate your camera, you should be aware that these seemingly innocuous QR codes can also be used for purposes you aren’t anticipating. Adversaries can also abuse them to steal your money, identity, or other data.  In fact, the term in the cybersecurity industry for attacks that leverage QR codes as a means of delivery is “quishing.” Although this may sound cute, the intentions behind these intrusions are, in reality, quite sinister. A brief history of the QR code While it may seem like we have only been interacting with QR codes over the past several years, they were in fact invented almost 30 years ago in 1994 by a Japanese company called Denso Wave, a subsidiary of Toyota Motor Corporation, for the purposes of tracking automotive parts in the assembly process. QR stands for “quick response” and is a sophisticated type of bar code that utilizes a square pattern containing even smaller black and white squares that represent numbers, letters, or even non-Latin scripts which can be scanned into a computer system. Have you ever noticed that there are larger black and white squares in just three of the corners of a QR code? Their purpose is to allow a scanning device to determine the code’s orientation, regardless of how it may be turned. The use of QR codes has expanded considerably since 1994. They have become a favored means for businesses to circulate marketing collateral or route prospects to web forms, and other even more creative uses have also been cultivated. Instead of printing resource-consuming user manuals, manufacturers may direct their consumers to web-hosted versions that can be reached by scanning codes printed on the packaging materials. Event venues print QR codes on tickets that can be scanned upon entry to verify validity, and museums post signs next to exhibits with QR codes for visitors to obtain more information. During the COVID-19 pandemic, the use of QR codes accelerated as organizations sought to create contactless methods of doing business. The dangers that lie beneath QR codes don’t appear to be going away anytime soon. The speed, and versatility they offer is hard to deny. However, any hacker worth their salt understands that the most effective attacks leverage social engineering to prey upon human assumptions or habits. We’ve become accustomed to scanning QR codes to quickly transact or to satisfy our sense of curiosity, but this convenience can come at a cost. There are several websites that make it incredibly simple and low cost (or free) for cybercriminals to generate QR codes, which they can use to do any of the following: Open a spoofed web page – Upon scanning the QR code, your browser will open a fake web page that appears to be a legitimate business, such as a bank or e-commerce site, where you are requested to provide login credentials or payment data, also known as a phishing attack. It is also possible that this site contains links to malware. Recommend an unscrupulous app – You will be directed to a particular app on the Apple App or Google Play Store and given the option to download the app to your mobile device. These apps can contain malware that installs additi]]> 2023-08-07T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/what-may-be-lurking-behind-that-qr-code www.secnews.physaphae.fr/article.php?IdArticle=8366831 False Spam,Malware,Threat,Cloud None 3.0000000000000000 SentinelOne (Adversary) - Cyber Firms North Korean threat actors attempt to further missile program by compromising sanctioned Russian defense company with OpenCarrot backdoor.]]> 2023-08-07T09:58:32+00:00 https://www.sentinelone.com/labs/comrades-in-arms-north-korea-compromises-sanctioned-russian-missile-engineering-company/ www.secnews.physaphae.fr/article.php?IdArticle=8388318 False Threat None 3.0000000000000000 Fortinet - Fabricant Materiel Securite FortiGuard Labs examine the cyber-threat landscape over the year\'s first half to identify trends and share insights with security professionals. Read more into the key takeaways from the report.]]> 2023-08-07T06:00:00+00:00 https://www.fortinet.com/blog/threat-research/fortiguard-labs-threat-report-key-findings-1h-2023 www.secnews.physaphae.fr/article.php?IdArticle=8366777 False Threat,Studies None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are using an open-source rootkit called Reptile to target Linux systems in South Korea. "Unlike other rootkit malware that typically only provide concealment capabilities, Reptile goes a step further by offering a reverse shell, allowing threat actors to easily take control of systems," the AhnLab Security Emergency Response Center (ASEC) said in a report published this week. "Port]]> 2023-08-05T13:22:00+00:00 https://thehackernews.com/2023/08/reptile-rootkit-advanced-linux-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8366011 False Malware,Threat None 2.0000000000000000 Recorded Future - FLux Recorded Future Microsoft a résolu une vulnérabilité qui permet aux acteurs de menace d'accéder aux informations gérées par Azure AD, une offre cloud utilisée par les grandes entreprises pour gérer l'authentification des utilisateurs.Les préoccupations concernant la question ont fait irruption dans le public cette semaine quand Amit Yoran, PDG de la société de cybersécurité Tenable, a publié un post linkedin cinglant

---

Microsoft has resolved a vulnerability that allows threat actors to gain access to information managed by Azure AD, a cloud offering used by large companies for managing user authentication. Concerns about the issue burst into public view this week when Amit Yoran, the CEO of cybersecurity firm Tenable, published a scathing LinkedIn post bashing the]]> 2023-08-04T22:00:00+00:00 https://therecord.media/microsoft-resolves-vulnerability-following-criticism www.secnews.physaphae.fr/article.php?IdArticle=8365861 False Vulnerability,Threat,Cloud None 4.0000000000000000 Dark Reading - Informationweek Branch The incident marks the second time since 2019 that a misconfiguration could have let threat actors "have it their way" when it comes to BK\'s data.]]> 2023-08-04T19:22:00+00:00 https://www.darkreading.com/application-security/burger-king-serves-up-sensitive-data-cyberattackers-no-mayo www.secnews.physaphae.fr/article.php?IdArticle=8365805 False Threat None 2.0000000000000000 Dark Reading - Informationweek Branch It is unclear who the threat actors were or what kind of cyberattack was attempted on the observatory, but for now it, and a sister site in Chile, remain closed to the skies.]]> 2023-08-04T19:20:00+00:00 https://www.darkreading.com/ics-ot/gemini-north-observatory-suspended-after-cyberattack www.secnews.physaphae.fr/article.php?IdArticle=8365806 False Threat None 2.0000000000000000 CrowdStrike - CTI Society The CrowdStrike Falcon® platform achieved 100% attack detection with zero false positives in the Q2 2023 SE Labs Enterprise Advanced Security (EAS) test, earning the AAA award for its perfect performance in the rigorous evaluation.  SE Labs analysts\' intelligence-led testing employed the real-world tactics, techniques and procedures (TTPs) of four advanced threat groups, using four […]]]> 2023-08-04T18:00:44+00:00 https://www.crowdstrike.com/blog/crowdstrike-achieves-100-percent-attack-detection/ www.secnews.physaphae.fr/article.php?IdArticle=8367007 False Threat None 2.0000000000000000 Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique Les acteurs de la menace parrainés par l'État continuent d'exploiter les services cloud légitimes, et en particulier un groupe, l'APT29 russe (également connu sous le nom de confortable ours, Ursa masqué, Bluebravo, Midnight Blizzard et anciennement Nobelium), semble particulièrement actif.Entre mars et mai 2023, les chercheurs en sécurité du groupe INSIKT de Future \\ ont déniché une campagne de cyber-espionnage par la même [& # 8230;]

---

>State-sponsored threat actors continue to exploit legitimate cloud services, and especially one group, the Russian APT29 (also known as Cozy Bear, Cloaked Ursa, BlueBravo, Midnight Blizzard, and formerly Nobelium), seems to be particularly active. Between March and May 2023, security researchers at Recorded Future\'s Insikt Group have unearthed a cyber espionage campaign by the same […] ]]> 2023-08-04T16:48:11+00:00 https://www.netskope.com/blog/cloud-threats-memo-russian-state-sponsored-threat-actors-increasingly-exploiting-legitimate-cloud-services www.secnews.physaphae.fr/article.php?IdArticle=8365743 False Threat,Cloud APT 29,APT 29 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine ReversingLabs said the attackers displayed a sophisticated approach and techniques]]> 2023-08-04T16:00:00+00:00 https://www.infosecurity-magazine.com/news/vmconnect-threat-imitates-pypi/ www.secnews.physaphae.fr/article.php?IdArticle=8365726 False Threat None 2.0000000000000000 Global Security Mag - Site de news francais vulnérabilité de sécurité

---

The LOL Isn\'t So Funny When It Bites You in the BAS - Security Vulnerability]]> 2023-08-04T15:24:55+00:00 https://www.globalsecuritymag.fr/Microsoft-Teams-Breach-Highlights-Looming-Threat.html www.secnews.physaphae.fr/article.php?IdArticle=8365729 False Threat None 2.0000000000000000 Soc Radar - Blog spécialisé SOC Les cyberattaques augmentent en fréquence dans le monde, posant des défis importants pour les organisations alors qu'elles s'efforcent de ...

---

>Cyberattacks are increasing in frequency worldwide, posing significant challenges for organizations as they strive to... ]]> 2023-08-04T14:16:29+00:00 https://socradar.io/threat-informed-defense-tid-a-threat-intelligence-perspective/ www.secnews.physaphae.fr/article.php?IdArticle=8365710 False Threat None 2.0000000000000000 McAfee Labs - Editeur Logiciel Rendu par Sangryol Ryu, chercheur à menace McAfee, nous vivons dans un monde où les publicités sont partout, et ce n'est pas une surprise ...

---

> Authored by SangRyol Ryu, McAfee Threat Researcher We live in a world where advertisements are everywhere, and it’s no surprise... ]]> 2023-08-04T13:36:07+00:00 https://www.mcafee.com/blogs/other-blogs/mcafee-labs/invisible-adware-unveiling-ad-fraud-targeting-android-users/ www.secnews.physaphae.fr/article.php?IdArticle=8367587 False Threat,Mobile None 2.0000000000000000 SecurityWeek - Security News Les acteurs de menace ont été observés abusant de l'outil de tunnel de nuage de nuage open source.

---

>Threat actors have been observed abusing the open source Cloudflare Tunnel tool Cloudflared to maintain stealthy, persistent access to compromised systems. ]]> 2023-08-04T13:20:47+00:00 https://www.securityweek.com/threat-actors-abuse-cloudflare-tunnel-for-persistent-access-data-theft/ www.secnews.physaphae.fr/article.php?IdArticle=8365692 False Tool,Threat None 2.0000000000000000 Soc Radar - Blog spécialisé SOC Les chercheurs ont découvert une tactique de phishing très efficace, qui utilise Google AMP (pages mobiles accélérées) ....

---

>Researchers have uncovered a highly effective phishing tactic, which utilizes Google AMP (Accelerated Mobile Pages).... ]]> 2023-08-04T12:29:56+00:00 https://socradar.io/threat-actors-employ-new-phishing-tactic-using-google-amp/ www.secnews.physaphae.fr/article.php?IdArticle=8365674 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are leveraging a technique called versioning to evade Google Play Store\'s malware detections and target Android users. "Campaigns using versioning commonly target users\' credentials, data, and finances," Google Cybersecurity Action Team (GCAT) said in its August 2023 Threat Horizons Report shared with The Hacker News. While versioning is not a new phenomenon, it\'s sneaky and hard]]> 2023-08-03T21:48:00+00:00 https://thehackernews.com/2023/08/malicious-apps-use-sneaky-versioning.html www.secnews.physaphae.fr/article.php?IdArticle=8365329 False Malware,Threat None 3.0000000000000000 Bleeping Computer - Magazine Américain Microsoft\'s new Azure Active Directory Cross-Tenant Synchronization (CTS) feature, introduced in June 2023, has created a new potential attack surface that might allow threat actors to more easily spread laterally to other Azure tenants. [...]]]> 2023-08-03T18:55:44+00:00 https://www.bleepingcomputer.com/news/security/new-microsoft-azure-ad-cts-feature-can-be-abused-for-lateral-movement/ www.secnews.physaphae.fr/article.php?IdArticle=8365439 False Threat None 3.0000000000000000 Security Intelligence - Site de news Américain Aujourd'hui, les défenseurs traitent à la fois un paysage de menace qui change constamment et les attaques constamment qui ont résisté à l'épreuve du temps.L'innovation et les meilleures pratiques coexistent dans le monde criminel, et l'une ne nous distrait de l'autre.IBM X-Force observe continuellement de nouveaux vecteurs d'attaque et de nouveaux logiciels malveillants dans la nature, alors que les adversaires recherchent [& # 8230;]

---

>Today defenders are dealing with both a threat landscape that’s constantly changing and attacks that have stood the test of time. Innovation and best practices co-exist in the criminal world, and one mustn’t distract us from the other. IBM X-Force is continuously observing new attack vectors and novel malware in the wild, as adversaries seek […] ]]> 2023-08-03T18:00:00+00:00 https://securityintelligence.com/threat-intelligence-adversary-insights-forefront-x-force-research-hub/ www.secnews.physaphae.fr/article.php?IdArticle=8365385 False Malware,Threat None 2.0000000000000000 Security Intelligence - Site de news Américain Aujourd'hui, les défenseurs traitent à la fois un paysage de menace qui change constamment et les attaques constamment qui ont résisté à l'épreuve du temps.L'innovation et les meilleures pratiques coexistent dans le monde criminel, et l'une ne nous distrait de l'autre.IBM X-Force observe continuellement de nouveaux vecteurs d'attaque et de nouveaux logiciels malveillants dans la nature, alors que les adversaires recherchent [& # 8230;]

---

>Today defenders are dealing with both a threat landscape that’s constantly changing and attacks that have stood the test of time. Innovation and best practices co-exist in the criminal world, and one mustn’t distract us from the other. IBM X-Force is continuously observing new attack vectors and novel malware in the wild, as adversaries seek […] ]]> 2023-08-03T18:00:00+00:00 https://securityintelligence.com/posts/threat-intelligence-adversary-insights-forefront-x-force-research-hub/ www.secnews.physaphae.fr/article.php?IdArticle=8366208 False Malware,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch The emerging threat has carried out 750 DDoS attacks and 78 website defacements in just one year to support its religious and political motives.]]> 2023-08-03T17:39:00+00:00 https://www.darkreading.com/dr-global/hactivist-group-mysterious-team-bangladesh-goes-on-ddos-rampage www.secnews.physaphae.fr/article.php?IdArticle=8365347 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft is warning of the threat malicious cyber actors pose to stadium operations, warning that the cyber risk surface of live sporting events is "rapidly expanding." "Information on athletic performance, competitive advantage, and personal information is a lucrative target," the company said in a Cyber Signals report shared with The Hacker News. "Sports teams, major league and global]]> 2023-08-03T15:31:00+00:00 https://thehackernews.com/2023/08/microsoft-flags-growing-cybersecurity.html www.secnews.physaphae.fr/article.php?IdArticle=8365179 False Threat None 3.0000000000000000 Dark Reading - Informationweek Branch Industrial devices are less likely to be patched due to expensive downtime, and threat actors have taken notice.]]> 2023-08-03T14:08:31+00:00 https://www.darkreading.com/ics-ot/unpatched-iot-ot-devices-pile-up-ics-cyberattacks www.secnews.physaphae.fr/article.php?IdArticle=8365271 False Threat,Threat,Industrial None 4.0000000000000000 Soc Radar - Blog spécialisé SOC What is LOTL Attack? Living Off the Land (LOTL), also known as lolbins, is a... ]]> 2023-08-03T13:33:39+00:00 https://socradar.io/living-off-the-land-lotl-the-invisible-cyber-threat-lurking-in-your-system/ www.secnews.physaphae.fr/article.php?IdArticle=8365233 False Threat None 4.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine BlackBerry found that public services now rank as the second most targeted industry by threat actors]]> 2023-08-03T13:00:00+00:00 https://www.infosecurity-magazine.com/news/cyberattacks-government-agencies/ www.secnews.physaphae.fr/article.php?IdArticle=8365216 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft on Wednesday disclosed that it identified a set of highly targeted social engineering attacks mounted by a Russian nation-state threat actor using credential theft phishing lures sent as Microsoft Teams chats. The tech giant attributed the attacks to a group it tracks as Midnight Blizzard (previously Nobelium). It\'s also called APT29, BlueBravo, Cozy Bear, Iron Hemlock, and The Dukes.]]> 2023-08-03T12:08:00+00:00 https://thehackernews.com/2023/08/microsoft-exposes-russian-hackers.html www.secnews.physaphae.fr/article.php?IdArticle=8365093 False Threat APT 29 2.0000000000000000 Soc Radar - Blog spécialisé SOC Le monde numérique est un paysage en constante évolution, et avec elle vient l'évolution du cyber ...

---

>The digital world is an ever-evolving landscape, and with it comes the evolution of cyber... ]]> 2023-08-03T12:03:47+00:00 https://socradar.io/threat-profile-rhysida-ransomware/ www.secnews.physaphae.fr/article.php?IdArticle=8365196 False Ransomware,Threat None 3.0000000000000000 Mandiant - Blog Sécu de Mandiant août 2023 Rapport des horizons de menace , Et notre

---

The Google Cloud Threat Horizons Report first launched in November 2021 with the ultimate goal of providing security decision-makers with strategic intelligence about threats to cloud enterprise users, along with data, metrics, trends, and additional cloud research. Perhaps most importantly, the report aimed to provide recommendations from Google\'s intelligence and security teams to help defenders protect against, detect, and respond to the latest cloud and other threats. Today marks the release of the seventh edition of our quarterly publication, August 2023 Threat Horizons Report, and our]]> 2023-08-03T11:30:00+00:00 https://www.mandiant.com/resources/blog/threat-horizons-report-august-2023 www.secnews.physaphae.fr/article.php?IdArticle=8377332 False Threat,Cloud None 3.0000000000000000 Mandiant - Blog Sécu de Mandiant google a été nommé leader dans The Forrester Wave ™: External Threat Intelligence Service Providers, Q3 2023 .Forrester a identifié 12 grandes entreprises dans l'espace de renseignement des menaces et Google a reçu le score le plus élevé possible en 15 des 29 critères. Le rapport Forrester indique: "Google est prêt à devenir le fournisseur de renseignement de menace le plus pertinent et le plus dominant."De plus, l'acquisition de Google \\ de Mandiant et la puissance des intégrations sont mentionnées dans le rapport: «Les offres mandiantes peuvent désormais tirer parti de la puissance, de l'échelle et de l'innovation de Google pour découvrir, personnaliser et

---

Google was named a Leader in The Forrester Wave™: External Threat Intelligence Service Providers, Q3 2023. Forrester identified 12 top companies in the threat intelligence space and Google received the highest possible score in 15 out of the 29 criteria. The Forrester report states, “Google is poised to become the most relevant and dominant threat intelligence provider.” Additionally, Google\'s acquisition of Mandiant and the power of the integrations are mentioned in the report, “The Mandiant offerings can now leverage the power, scale, and innovation of Google to discover, personalize, and]]> 2023-08-03T09:30:00+00:00 https://www.mandiant.com/resources/blog/google-threat-intelligence-leader-forrester-q3-2023 www.secnews.physaphae.fr/article.php?IdArticle=8377333 False Threat None 2.0000000000000000 Korben - Bloger francais Suite]]> 2023-08-03T07:30:00+00:00 https://korben.info/surfshark-antivirus-menaces.html www.secnews.physaphae.fr/article.php?IdArticle=8365106 False Threat None 2.0000000000000000