This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-06-24T11:58:06+00:00 www.secnews.physaphae.fr Security Affairs - Blog Secu Experts discovered a malicious package on the Python Package Index (PyPI) that uses steganographic to hide malware within image files. CheckPoint researchers discovered a malicious package, named ‘apicolor,’ on the Python Package Index (PyPI) that uses steganographic to hide malware within image files. The malicious package infects PyPI users through open-source projects on Github.  The […] ]]> 2022-11-10T16:15:55+00:00 https://securityaffairs.co/wordpress/138342/security/malicious-package-pypi-steganography.html www.secnews.physaphae.fr/article.php?IdArticle=7928862 False Malware None None Graham Cluley - Blog Security 2022-11-10T15:21:29+00:00 https://www.tripwire.com/state-of-security/laptop-flaws-could-help-malware-survive-hard-disk-wipe www.secnews.physaphae.fr/article.php?IdArticle=7927730 False Malware None None Bleeping Computer - Magazine Américain 2022-11-10T14:17:25+00:00 https://www.bleepingcomputer.com/news/security/worok-hackers-hide-new-malware-in-pngs-using-steganography/ www.secnews.physaphae.fr/article.php?IdArticle=7931678 False Malware,Threat None None InformationSecurityBuzzNews - Site de News Securite 2022-11-10T13:40:53+00:00 https://informationsecuritybuzz.com/advanced-rat-agenttesla-revealed-as-most-widespread-malware-in-october/ www.secnews.physaphae.fr/article.php?IdArticle=7925968 False Malware,Threat None None InformationSecurityBuzzNews - Site de News Securite 2022-11-10T13:28:52+00:00 https://informationsecuritybuzz.com/security-expert-on-icexloader-malware/ www.secnews.physaphae.fr/article.php?IdArticle=7925969 False Malware None None Anomali - Firm Blog ESG research found that survey respondents want to use more data for security operations, driving the need for scalable, high-performance, cloud-based back-end data repositories. The research found that 80% of organizations use more than 10 data sources as part of security operations to detect malicious activities, believing the most important to be: endpoint security data, threat intelligence feeds, security device logs, cloud security data, and network flow logs. While these are all valuable in their own right, they can also be difficult to collect, store, analyze, and correlate across multiple systems. Big data analytics has made it possible for organizations to combine multiple sources of information into one unified view of an event or incident. Though there have been advanced, many security tools still lack the ability to integrate, especially if they are from multiple vendors. This makes sharing information harder and highlights the need for better integration between telemetry sources and analysis tools. Challenges with Big Data There is no shortage of hype surrounding big data. Many companies are already reaping the benefits of big data and applying it to improve their operations. Big data is often described as “dense,” meaning that it contains a lot of information and is hard to analyze. While this makes it easier to collect, it also challenges organizations to figure out what information is relevant and how to apply it. The same goes for cybersecurity threats. There is a lot of buzz about the potential of big data to help identify attackers, but the reality is that it doesn’t just work like that. Instead, big data also provides a way for attackers to hide within vast amounts of information. They can further exploit this to avoid detection and even change their identity multiple times before unleashing a cyber attack. Using Data for Cybersecurity Even though data is the most appetizing and easily accessible target for attackers, that doesn’t mean you shouldn’t collect and analyze it. Data analysis can provide insights into how attackers target your organization for a cyber attack and what they might do next. According to the ESG Research, SOC teams collect, process, and analyze a variety of security telemetry to help them determine detection weaknesses where custom rules are needed. Security teams customize vendor rule sets to meet their needs and develop custom rules to detect threats targeting their industry or organization. Data Visualization & Analytics Big data analytics allows an organization to visualize attacks, detect anomalies, and discover relationships between different data sets. Machine Learning & Predictive Modeling Machine learning helps identify potential threats and behavior patterns by analyzing the data collected during the attack and comparing it with patterns we know about. We can even build predictive models based on our experience to detect similar attacks in the future. Security Controls Automation Artificial intelligence can help quickly automate threat intelligence to security controls to protect against security breaches. For example, machine learning could help identify activities related to a particular type of event and block access to those actions or events. The Need to Understand the Attacker Threat actors use three main attack vectors: social engineering, malware, and brute force. Social engineering occurs when someone attempts to trick another person into disclosing confidential information or giving up control]]> 2022-11-10T11:49:00+00:00 https://www.anomali.com/blog/the-need-for-more-data-in-security-operations www.secnews.physaphae.fr/article.php?IdArticle=7924478 False Malware,Vulnerability,Threat None None AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC over 80% of account holders engage in some form of digital banking. The popularity of digital banking stems from the convenience and level of personalization that it offers. But is digital banking good for you, or do the risks, such as cybersecurity issues, outweigh the benefits?  Below, let’s explore some of the pros and cons of digital transformation in banking. Pros of digital transformation in banking Digital banking offers several advantages to the modern banking customer. Here are a few: 24/7 Access to your bank One of the most significant benefits of digital banking is that it gives you round-the-clock access to your account. You don’t have to wait for working hours to deposit your funds, get an account statement, change your account details, or transact funds. You can do it at any time from wherever you are.  Additionally, you don’t have to waste time in long queues in the banking hall. Digital banking is like having your personal bank right in your pocket. Better rates, lower fees Banks typically charge account maintenance and transaction fees to cover expenses like employees, bank premises, etc. Since digital banking allows customers to serve themselves directly over the internet, there’s less demand for bank employees and multiple brick-and-mortar branches. Therefore, banks embracing digital transformation have lower overheads and can offer their customers lower fees and higher interest rates. These benefits are especially pronounced for purely digital banks without physical premises. Better customer experience A 2021 survey by Deloitte Insights found that digital-first banks routinely outperform traditional banks in multiple areas that matter most to customers, including simplicity of transactions, transaction speed, and the overall quality of the banking experience. Digital banks provide a smoother experience compared to traditional banks. For instance, transacting on a digital bank takes just a few minutes on your smartphone or laptop. In contrast, simply making a transaction in a traditional bank could take close to an hour as you must get to the physical bank, wait in line, fill out transaction forms, and speak to a teller. In addition, digital banks offer features like budgeting tools that make it easier to manage your money. They also update you on every aspect of your account with text and email alerts, such as when you make transactions, when you don’t have enough money for an upcoming bill, and so on. This makes the digital banking experience much better than what you get with a traditional bank. Automated payments With digital banks, it’s amazingly easy to automate your payments. You can set up payments that you want to make from your account every month, s]]> 2022-11-10T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/the-pros-and-cons-of-the-digital-transformation-in-banking www.secnews.physaphae.fr/article.php?IdArticle=7923522 False Ransomware,Malware,Tool Deloitte,Deloitte None SANS Institute - SANS est un acteur de defense et formation 2022-11-10T10:48:11+00:00 https://isc.sans.edu/diary/rss/29238 www.secnews.physaphae.fr/article.php?IdArticle=7925090 False Malware,Threat None None AhnLab - Korean Security Firm The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from October 31st, 2022 (Monday) to November 6th (Sunday). For the main category, downloader ranked top with 64.8%, followed by infostealer with 25.9%, backdoor with 6.6%, ransomware with 2.2%, and CoinMiner with 0.4%. Top 1 – BeamWinHTTP BeamWinHTTP is a downloader malware that ranked top with 39.6%. The malware is distributed via malware disguised... ]]> 2022-11-10T05:50:39+00:00 https://asec.ahnlab.com/en/41650/ www.secnews.physaphae.fr/article.php?IdArticle=7918504 True Ransomware,Malware None None AhnLab - Korean Security Firm Malicious MS Office Word documents have long been used for the distribution of additional RTF malware by exploiting the fact that Word files allow external connection. However, AhnLab has identified the files that seem to have been made to avoid anti-malware detection are being distributed in Korea. Similar to past cases, an email disguised as a work email with a Word document attachment is used, but a unique factor exists in the webSettings.xml.rels file which can be identified within the... ]]> 2022-11-10T05:49:52+00:00 https://asec.ahnlab.com/en/41472/ www.secnews.physaphae.fr/article.php?IdArticle=7918505 False Malware None None The Register - Site journalistique Anglais 2022-11-10T04:46:41+00:00 https://go.theregister.com/feed/www.theregister.com/2022/11/10/icexloader_malware_microsoft_users/ www.secnews.physaphae.fr/article.php?IdArticle=7917646 False Malware None None SecurityWeek - Security News 2022-11-09T19:18:30+00:00 https://www.securityweek.com/microsoft-patches-motw-zero-day-exploited-malware-delivery www.secnews.physaphae.fr/article.php?IdArticle=7910704 False Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-11-09T18:36:00+00:00 https://thehackernews.com/2022/11/several-cyber-attacks-observed.html www.secnews.physaphae.fr/article.php?IdArticle=7905524 False Malware None None Bleeping Computer - Magazine Américain 2022-11-09T17:51:08+00:00 https://www.bleepingcomputer.com/news/security/new-strelastealer-malware-steals-your-outlook-thunderbird-accounts/ www.secnews.physaphae.fr/article.php?IdArticle=7924226 False Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-11-09T16:31:00+00:00 https://thehackernews.com/2022/11/experts-warn-of-browser-extensions.html www.secnews.physaphae.fr/article.php?IdArticle=7904089 False Malware,Threat None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-11-09T15:45:00+00:00 https://thehackernews.com/2022/11/new-icexloader-malware-loader-variant.html www.secnews.physaphae.fr/article.php?IdArticle=7904091 False Malware None None SecurityWeek - Security News 2022-11-09T14:01:34+00:00 https://www.securityweek.com/attackers-using-ipfs-distributed-bulletproof-malware-hosting www.secnews.physaphae.fr/article.php?IdArticle=7906203 False Malware None None Security Affairs - Blog Secu Experts noticed that the Amadey malware is being used to deploy LockBit 3.0 ransomware on compromised systems. Researchers from AhnLab Security Emergency Response Center (ASEC) reported that the Amadey malware is being used to deploy LockBit 3.0 ransomware on compromised systems, researchers have warned. Amadey Bot is a data-stealing malware that was first spotted in 2018, it also allows […] ]]> 2022-11-09T13:31:43+00:00 https://securityaffairs.co/wordpress/138292/malware/amadey-malware-deploying-lockbit-3-0.html www.secnews.physaphae.fr/article.php?IdArticle=7905588 False Ransomware,Malware None None CISCO Talos - Cisco Research blog 2022-11-09T13:00:17+00:00 https://blog.talosintelligence.com/ipfs-abuse/ www.secnews.physaphae.fr/article.php?IdArticle=7905774 False Malware,Threat None None Network World - Magazine Info 2022-11-09T10:53:00+00:00 https://www.csoonline.com/article/3679628/researchers-show-techniques-for-malware-persistence-on-f5-and-citrix-load-balancers.html#tk.rss_security www.secnews.physaphae.fr/article.php?IdArticle=7909215 False Malware None None InfoSecurity Mag - InfoSecurity Magazine 2022-11-09T10:30:00+00:00 https://www.infosecurity-magazine.com/news/advanced-rat-agenttesla-malware/ www.secnews.physaphae.fr/article.php?IdArticle=7903514 False Malware None None Global Security Mag - Site de news francais Malwares]]> 2022-11-09T10:03:50+00:00 http://www.globalsecuritymag.fr/Classement-Top-Malware-Check-Point-du-mois-d-octobre-2022-IcedID-prend-la-tete.html www.secnews.physaphae.fr/article.php?IdArticle=7902835 False Malware None None SANS Institute - SANS est un acteur de defense et formation 1]. The last one I found was only a “proof-of-concept” (my guess) but it demonstrates how easy such malware can be developed and how they remain undetected by most antivirus products. ]]> 2022-11-09T02:27:20+00:00 https://isc.sans.edu/diary/rss/29234 www.secnews.physaphae.fr/article.php?IdArticle=7899325 False Ransomware,Malware None None Krebs on Security - Chercheur Américain 2022-11-09T01:50:14+00:00 https://krebsonsecurity.com/2022/11/patch-tuesday-november-2022-election-edition/ www.secnews.physaphae.fr/article.php?IdArticle=7897220 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-11-08T20:22:00+00:00 https://thehackernews.com/2022/11/amadey-bot-spotted-deploying-lockbit-30.html www.secnews.physaphae.fr/article.php?IdArticle=7890067 False Ransomware,Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-11-08T19:10:00+00:00 https://thehackernews.com/2022/11/new-laplas-clipper-malware-targeting.html www.secnews.physaphae.fr/article.php?IdArticle=7890068 False Malware None None Security Affairs - Blog Secu Researchers observed a SmokeLoader campaign that is distributing a new clipper malware dubbed Laplas Clipper that targets cryptocurrency users. Cyble researchers uncovered a SmokeLoader campaign that is distributing community malware, such as SystemBC and Raccoon Stealer 2.0, along with a new clipper malware tracked as Laplas. The experts detected more than 180 different samples of the clipper […] ]]> 2022-11-08T18:22:33+00:00 https://securityaffairs.co/wordpress/138251/malware/smokeloader-delivers-laplas-clipper.html www.secnews.physaphae.fr/article.php?IdArticle=7892664 False Malware None None Bleeping Computer - Magazine Américain 2022-11-08T17:56:13+00:00 https://www.bleepingcomputer.com/news/security/lockbit-affiliate-uses-amadey-bot-malware-to-deploy-ransomware/ www.secnews.physaphae.fr/article.php?IdArticle=7895316 False Ransomware,Malware None None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Cobalt Strike Analysis and Tutorial: Identifying Beacon Team Servers in the Wild (published: November 3, 2022) Cobalt Strike remains a popular post-exploitation tool for threat actors trying to evade threat detection. Cobalt Strike’s Beacons use advanced, flexible command-and-control (C2) communication profiles for stealth communication with an attacker-controlled Linux application called Team Server. Beacon implants can covertly utilize the DNS protocol or communicate via HTTP/HTTPs using the the default Malleable C2 profile or Malleable C2 Gmail profile. Palo Alto researchers probed the Internet for these three types of communication to find previously-unknown active Team Server instances. Researchers were preselecting suspicious IP addresses with Shodan, actively probing them with stager requests and initializing a connection with the netcat tool to test, verify and extract communication profile settings (such as the served stager bytes). Analyst Comment: Network fingerprinting and active scanning technologies allow for proactive identification of threats such as Cobalt Strike’s C2 IP addresses. Network defenders and intelligence feed providers can get better coverage by improving their collaboration and coverage via threat intelligence platforms such as ThreatStream provided by Anomali. MITRE ATT&CK: [MITRE ATT&CK] Application Layer Protocol - T1071 Tags: detection:Cobalt Strike Beacon, detection:Cobalt Strike, detection:Cobalt Strike Team Server, Cobalt Strike stager, Active scanning, Shodan, netcat, Post-exploitation tool, Gmail, DNS, TCP, HTTP, Windows Abusing Microsoft Customer Voice to Send Phishing Links (published: November 3, 2022) Avanan researchers detected a phishing campaign that abuses Microsoft Dynamics 365 Customer Voice since at least September 2022. These phishing emails come from legitimate email address surveys@email.formspro.microsoft.com, and clicking the link opens the Microsoft’s Customer Voice domain on a page with URL starting with: customervoice.microsoft.com/Pages/ResponsePage.aspx?id=... At the same time, a user clicking on the embedded “Play Voicemail” link redirects to an attacker-controlled phishing page asking for Microsoft account login credentials. Analyst Comment: Organizations can use services like Anomali Digital Risk Protection, which defends your brand against brand abuse and continuously monitors domains for cybersquatters and domain hijacking to prevent phishing and malware attacks. Users are advised to always check the current domain by hovering over the URL, especially before entering credentials. MITRE ATT&CK: [MITRE ATT&CK] Phishing - T1566 Tags: Customer Voice, Phishing, Microsoft, Forms Pro Black Basta Ransomware]]> 2022-11-08T16:00:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-active-probing-revealed-cobalt-strike-c2s-black-basta-ransomware-connected-to-fin7-robin-banks-phishing-as-a-service-became-stealthier-and-more www.secnews.physaphae.fr/article.php?IdArticle=7890921 False Ransomware,Malware,Tool,Threat None None Minerva - Minerva Security researcher Blog IceXLoader was discovered last June by FortiGuard Labs. It is a commercial malware used to download and deploy additional malware on infected machines. While the version discovered in June (v3.0) looked like a work-in-progress, we recently observed a newer v3.3.3 loader which looks to be fully functionable and includes a multi-stage delivery chain.  Figure 1. […] ]]> 2022-11-08T14:18:48+00:00 https://minerva-labs.com/blog/new-updated-icexloader-claims-thousands-of-victims-around-the-world/ www.secnews.physaphae.fr/article.php?IdArticle=8296138 False Malware None 3.0000000000000000 Checkpoint - Fabricant Materiel Securite Check Point Research reports a significant increase in Lokibot attacks in October, taking it to third place for the first time in five months. New vulnerability, Text4Shell, was disclosed for the first time, and AgentTesla took the top spot as the most prevalent malware Our latest Global Threat Index for October 2022 reports that keylogger… ]]> 2022-11-08T11:00:39+00:00 https://blog.checkpoint.com/2022/11/08/octobers-most-wanted-malware-agenttesla-knocks-formbook-off-top-spot-and-new-text4shell-vulnerability-disclosed/ www.secnews.physaphae.fr/article.php?IdArticle=7887848 False Malware,Vulnerability,Threat None None AhnLab - Korean Security Firm The ASEC analysis team has confirmed that attackers are using Amadey Bot to install LockBit. Amadey Bot, a malware that was first discovered in 2018, is capable of stealing information and installing additional malware by receiving commands from the attacker. Like other malware strains, it is being sold in illegal forums and still being used by various attackers. It was used in the past to install ransomware by attackers of GandCrab or to install FlawedAmmyy by the TA505 group which... ]]> 2022-11-08T00:35:33+00:00 https://asec.ahnlab.com/en/41450/ www.secnews.physaphae.fr/article.php?IdArticle=7884770 True Ransomware,Malware None None SecurityWeek - Security News 2022-11-07T18:14:23+00:00 https://www.securityweek.com/microsoft-china-flaw-disclosure-law-part-zero-day-exploit-surge www.secnews.physaphae.fr/article.php?IdArticle=7882878 False Malware,Threat None None Security Intelligence - Site de news Américain Not so long ago, the Mac was thought to be impervious to viruses. In fact, Apple once stated on its website that “it doesn’t get PC viruses”. But that was before the Mac OS X Trojan Flashback malware appeared in 2012. Since then, Mac and iPhone security issues have changed dramatically — and so has […] ]]> 2022-11-07T17:29:50+00:00 https://securityintelligence.com/articles/how-mac-trojan-flashback-changed-cybersecurity/ www.secnews.physaphae.fr/article.php?IdArticle=7882442 False Malware None None The Register - Site journalistique Anglais 2022-11-07T15:30:08+00:00 https://go.theregister.com/feed/www.theregister.com/2022/11/07/in_brief_security/ www.secnews.physaphae.fr/article.php?IdArticle=7881532 False Malware None 5.0000000000000000 SentinelOne (Crimeware) - Cyber Firms SocGholish operators continue to infect websites at a massive scale, and the threat actor is ramping up its infrastructure to match.]]> 2022-11-07T13:54:49+00:00 https://www.sentinelone.com/labs/socgholish-diversifies-and-expands-its-malware-staging-infrastructure-to-counter-defenders/ www.secnews.physaphae.fr/article.php?IdArticle=8388342 False Malware,Threat None 3.0000000000000000 TrendMicro - Security Firm Blog 2022-11-07T00:00:00+00:00 https://www.trendmicro.com/en_us/research/22/k/massive-phishing-campaigns-target-india-banks-clients.html www.secnews.physaphae.fr/article.php?IdArticle=7880772 False Malware None None SANS Institute - SANS est un acteur de defense et formation 2022-11-05T22:02:59+00:00 https://isc.sans.edu/diary/rss/29222 www.secnews.physaphae.fr/article.php?IdArticle=7853990 False Malware None None Security Affairs - Blog Secu Cybersecurity researchers discovered 29 malicious PyPI packages delivering the W4SP stealer to developers’ systems. Cybersecurity researchers have discovered 29 packages in the official Python Package Index (PyPI) repository designed to infect developers’ systems with an info-stealing malware dubbed W4SP Stealer. “It appears that these packages are a more sophisticated attempt to deliver the W4SP Stealer on […] ]]> 2022-11-05T21:34:11+00:00 https://securityaffairs.co/wordpress/138113/hacking/pypi-packages-delivers-w4sp-stealer.html www.secnews.physaphae.fr/article.php?IdArticle=7852189 False Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-11-05T14:05:00+00:00 https://thehackernews.com/2022/11/researchers-uncover-29-malicious-pypi.html www.secnews.physaphae.fr/article.php?IdArticle=7840052 False Malware None 2.0000000000000000 UnderNews - Site de news "pirate" francais D'un simple cheval de Troie bancaire à un botnet en passant par une infrastructure de diffusion de contenu, le malware Emotet a bien évolué au fil des années et réapparaît malgré son démantèlement en janvier 2021 par des autorités internationales (États-Unis, Pays-Bas, Royaume-Uni, France, Ukraine, Lituanie et Canada).  The post Emotet revient après un an d'inactivité first appeared on UnderNews.]]> 2022-11-05T09:55:10+00:00 https://www.undernews.fr/malwares-virus-antivirus/emotet-revient-apres-un-an-dinactivite.html www.secnews.physaphae.fr/article.php?IdArticle=7840855 True Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-11-04T19:13:00+00:00 https://thehackernews.com/2022/11/researchers-detail-new-malware-campaign.html www.secnews.physaphae.fr/article.php?IdArticle=7823053 False Malware,Threat APT 36 None Global Security Mag - Site de news francais Malwares]]> 2022-11-04T11:27:14+00:00 http://www.globalsecuritymag.fr/Emotet-revient-apres-un-an-d,20221104,131898.html www.secnews.physaphae.fr/article.php?IdArticle=7822324 False Malware None None SecurityWeek - Security News 2022-11-03T19:14:10+00:00 https://www.securityweek.com/offense-gets-glory-defense-wins-game www.secnews.physaphae.fr/article.php?IdArticle=7807323 False Malware None None Security Affairs - Blog Secu Threat actors compromised a media company to deliver FakeUpdates malware through the websites of hundreds of newspapers in the US. Researchers at Proofpoint Threat Research observed threat actor TA569 intermittently injecting malicious code on a media company that serves many major news outlets. The media company serves The media company provides video content and advertising […] ]]> 2022-11-03T16:28:32+00:00 https://securityaffairs.co/wordpress/138052/cyber-crime/supply-chain-attack-fakeupdates.html www.secnews.physaphae.fr/article.php?IdArticle=7804949 False Malware,Threat None None Bleeping Computer - Magazine Américain 2022-11-03T15:36:50+00:00 https://www.bleepingcomputer.com/news/security/romcom-rat-malware-campaign-impersonates-keepass-solarwinds-npm-veeam/ www.secnews.physaphae.fr/article.php?IdArticle=7807461 False Malware,Threat None None ProofPoint - Firm Security 2022-11-03T12:34:53+00:00 https://www.proofpoint.com/us/newsroom/news/more-250-us-news-sites-inject-malware-possible-supply-chain-attack www.secnews.physaphae.fr/article.php?IdArticle=7830708 False Malware None None ProofPoint - Firm Security 2022-11-03T11:14:30+00:00 https://www.proofpoint.com/us/newsroom/news/crime-group-hijacks-hundreds-us-news-websites-push-malware www.secnews.physaphae.fr/article.php?IdArticle=7830709 False Malware None None CSO - CSO Daily Dashboard NotPetya malware attack that damaged the Mondelez network and infrastructure. The specifics of the settlement are unknown, but that it would come mid-trial has caught everyone's attention.The pain was felt on June 27, 2017, when NotPetya wiped out 24,000 laptops and 1,700 servers within the Mondelez network. The malware, designed to destroy, did just that. Mondelez estimated damages would approach $100 million USD.To read this article in full, please click here]]> 2022-11-03T10:41:00+00:00 https://www.csoonline.com/article/3678970/mondelez-and-zurich-s-notpetya-cyber-attack-insurance-settlement-leaves-behind-no-legal-precedent.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7805750 False Malware NotPetya,NotPetya 4.0000000000000000 SecurityWeek - Security News 2022-11-03T10:14:02+00:00 https://www.securityweek.com/over-250-us-news-websites-deliver-malware-supply-chain-attack www.secnews.physaphae.fr/article.php?IdArticle=7799984 False Malware None None AhnLab - Korean Security Firm The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from October 24th, 2022 (Monday) to October 30th (Sunday). For the main category, Infostealer ranked top with 43.2%, followed by downloader with 34.7%, backdoor with 19.4%, and ransomware with 2.2%. Top 1 – Agent Tesla AgentTesla is an Infostealer that ranked first place with 22.1%. It is an Infostaler that leaks user credentials saved in... ]]> 2022-11-03T05:23:46+00:00 https://asec.ahnlab.com/en/41139/ www.secnews.physaphae.fr/article.php?IdArticle=7795955 True Ransomware,Malware None None Security Affairs - Blog Secu Threat actors are using previously undocumented Android spyware, dubbed SandStrike, to spy on a Persian-speaking religion minority. In Q3 2022, Kaspersky researchers uncovered a previously undocumented Android spyware, dubbed SandStrike, employed in an espionage campaign targeting the Persian-speaking religion minority, Baháʼí. The threat actors were distributing a VPN app embedding a highly sophisticated spyware. The […] ]]> 2022-11-02T18:55:55+00:00 https://securityaffairs.co/wordpress/137990/hacking/sandstrike-malware-cyberespionage.html www.secnews.physaphae.fr/article.php?IdArticle=7786609 False Malware,Threat None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-11-02T16:58:00+00:00 https://thehackernews.com/2022/11/inside-raccoon-stealer-v2.html www.secnews.physaphae.fr/article.php?IdArticle=7781664 False Malware None None Bleeping Computer - Magazine Américain 2022-11-02T16:35:15+00:00 https://www.bleepingcomputer.com/news/security/hundreds-of-us-news-sites-hit-in-socgholish-supply-chain-attack/ www.secnews.physaphae.fr/article.php?IdArticle=7788314 False Malware,Threat None None Bleeping Computer - Magazine Américain 2022-11-02T16:35:15+00:00 https://www.bleepingcomputer.com/news/security/hundreds-of-us-news-sites-push-malware-in-supply-chain-attack/ www.secnews.physaphae.fr/article.php?IdArticle=7790045 True Malware,Threat None None Data Security Breach - Site de news Francais 2022-11-02T15:22:01+00:00 https://www.datasecuritybreach.fr/furball-domestic-kitten/ www.secnews.physaphae.fr/article.php?IdArticle=7783911 True Malware None None Bleeping Computer - Magazine Américain 2022-11-02T14:41:42+00:00 https://www.bleepingcomputer.com/news/security/emotet-botnet-starts-blasting-malware-again-after-4-month-break/ www.secnews.physaphae.fr/article.php?IdArticle=7811758 True Malware None None Bleeping Computer - Magazine Américain 2022-11-02T14:41:42+00:00 https://www.bleepingcomputer.com/news/security/emotet-botnet-starts-blasting-malware-again-after-5-month-break/ www.secnews.physaphae.fr/article.php?IdArticle=7786595 False Malware None None Bleeping Computer - Magazine Américain 2022-11-02T13:21:26+00:00 https://www.bleepingcomputer.com/news/security/dozens-of-pypi-packages-caught-dropping-w4sp-info-stealing-malware/ www.secnews.physaphae.fr/article.php?IdArticle=7785756 False Malware None None NozomiNetwork - Société spécialisé dans les sondes réseaux Industrielles Threat actors are known to modify their malware to evade detection and make additional profits. They do this by changing the file name and IP address, along with other features. This gives them an advantage, as it makes detection more difficult and helps them stay under the radar. The modifications are so common that we […] ]]> 2022-11-02T09:00:23+00:00 https://www.nozominetworks.com/blog/could-threat-actors-be-downgrading-their-malware-to-evade-detection/ www.secnews.physaphae.fr/article.php?IdArticle=7823850 False Malware,Threat None None AhnLab - Korean Security Firm The ASEC analysis team has recently discovered a case of AppleSeed being distributed to nuclear power plant-related companies. AppleSeed is a backdoor malware used by Kimsuky, one of the organizations affiliated with North Korea, and this malware is being actively distributed to many companies. The filenames of the AppleSeed dropper were identified by the ASEC analysis team as follows, and a double file extension was used to deceive users. When the file is executed, the encoded data inside is decoded... ]]> 2022-11-02T01:49:15+00:00 https://asec.ahnlab.com/en/41015/ www.secnews.physaphae.fr/article.php?IdArticle=7772777 False Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-11-01T20:45:00+00:00 https://thehackernews.com/2022/11/chinese-hackers-using-new-stealthy.html www.secnews.physaphae.fr/article.php?IdArticle=7766451 False Malware,Threat APT 10 None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Threat Analysis: Active C2 Discovery Using Protocol Emulation Part3 (ShadowPad) (published: October 27, 2022) ShadowPad is a custom, modular malware in use by multiple China-sponsored groups since 2015. VMware researchers analyzed the command-and-control (C2) protocol in recent ShadowPad samples. They uncovered decoding routines and protocol/port combinations such as HTTP/80, HTTP/443, TCP/443, UDP/53, and UDP/443. Active probing revealed 83 likely ShadowPad C2 servers (during September 2021 to September 2022). Additional samples communicating with this infrastructure included Spyder (used by APT41) and ReverseWindow (used by the LuoYu group). Analyst Comment: Researchers can use reverse engineering and active probing to map malicious C2 infrastructure. At the same time, the ShadowPad malware changes the immediate values used in the packet encoding per variant, so finding new samples is crucial for this monitoring. MITRE ATT&CK: [MITRE ATT&CK] Application Layer Protocol - T1071 | [MITRE ATT&CK] Exfiltration Over Alternative Protocol - T1048 | [MITRE ATT&CK] System Information Discovery - T1082 | [MITRE ATT&CK] Ingress Tool Transfer - T1105 Tags: detection:ShadowPad, C2, APT, China, source-country:CN, actor:APT41, actor:LuoYu, detection:Spyder, detection:ReverseWindow, TCP, HTTP, HTTPS, UDP Raspberry Robin Worm Part of Larger Ecosystem Facilitating Pre-Ransomware Activity (published: October 27, 2022) The Raspberry Robin USB-drive-targeting worm is an increasingly popular infection and delivery method. Raspberry Robin works as a three-file infection: Raspberry Robin LNK file on an USB drive, Raspberry Robin DLL (aka Roshtyak) backdoor, and a heavily-obfuscated .NET DLL that writes LNKs to USB drives. Microsoft researchers analyzed several infection chains likely centered around threat group EvilCorp (aka DEV-0206/DEV-0243). Besides being the initial infection vector, Raspberry Robin was seen delivered by the Fauppod malware, which shares certain code similarities both with Raspberry Robin and with EvilCorp’s Dridex malware. Fauppod/Raspberry Robin infections were followed by additional malware (Bumblebee, Cobalt Strike, IcedID, TrueBot), and eventually led to a ransomware infection (LockBit, Clop). Analyst Comment: Organizations are advised against enabling Autorun of removable media on Windows by default, as it allows automated activation of an inserted, Raspberry Robin-infected USB drive. Apply best practices related to credential hygiene, network segmentation, and attack surface reduction. MITRE ATT&CK: [MITRE ATT&CK] Replicat]]> 2022-11-01T15:00:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-active-probing-revealed-shadowpad-c2s-fodcha-hides-behind-obscure-tlds-awaiting-openssl-30-patch-and-more www.secnews.physaphae.fr/article.php?IdArticle=7765391 False Ransomware,Malware,Hack,Tool,Vulnerability,Threat,Guideline APT 41 None Bleeping Computer - Magazine Américain 2022-11-01T06:48:34+00:00 https://www.bleepingcomputer.com/news/security/google-ad-for-gimporg-served-info-stealing-malware-via-lookalike-site/ www.secnews.physaphae.fr/article.php?IdArticle=7762907 False Malware None None Krebs on Security - Chercheur Américain 2022-10-31T20:53:27+00:00 https://krebsonsecurity.com/2022/10/accused-raccoon-malware-developer-fled-ukraine-after-russian-invasion/ www.secnews.physaphae.fr/article.php?IdArticle=7757299 False Malware None None The Register - Site journalistique Anglais 2022-10-31T16:30:08+00:00 https://go.theregister.com/feed/www.theregister.com/2022/10/31/cranefly_microsoft_iis_symantec/ www.secnews.physaphae.fr/article.php?IdArticle=7755587 False Malware,Threat None None Security Affairs - Blog Secu Reflecting on the Wannacry ransomware attack, which is the lesson learnt e why most organizations are still ignoring it. In the early afternoon of Friday 12 May 2017, the media broke the news of a global computer security attack carried out through a malicious code capable of encrypting data residing in information systems and demanding […] ]]> 2022-10-31T14:37:01+00:00 https://securityaffairs.co/wordpress/137894/cyber-crime/wannacry-hybrid-malware.html www.secnews.physaphae.fr/article.php?IdArticle=7754874 False Ransomware,Malware Wannacry,Wannacry 2.0000000000000000 Bleeping Computer - Magazine Américain 2022-10-31T11:34:52+00:00 https://www.bleepingcomputer.com/news/security/hacking-group-abuses-antivirus-software-to-launch-lodeinfo-malware/ www.secnews.physaphae.fr/article.php?IdArticle=7755377 False Malware APT 10 None AhnLab - Korean Security Firm In the ASEC blog post uploaded on April 2022 (New Malware of Lazarus Threat Actor Group Exploiting INITECH Process, https://asec.ahnlab.com/en/33801/), the team discussed the fact that the Lazarus attack group had been exploiting the INITECH process to infect systems with malware.  This article aims to cover the details of the Lazarus group using the watering hole technique to hack into systems before exploiting the vulnerability of the MagicLine4NX product from Dream Security in order to additionally hack into systems in... ]]> 2022-10-31T01:57:31+00:00 https://asec.ahnlab.com/en/40830/ www.secnews.physaphae.fr/article.php?IdArticle=7747128 False Malware,Hack,Vulnerability,Threat,Medical APT 38 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-10-28T16:31:00+00:00 https://thehackernews.com/2022/10/researchers-uncover-stealthy-techniques.html www.secnews.physaphae.fr/article.php?IdArticle=7717997 False Malware None None Bleeping Computer - Magazine Américain 2022-10-28T16:08:28+00:00 https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-28th-2022-healthcare-leaks/ www.secnews.physaphae.fr/article.php?IdArticle=7718848 False Ransomware,Malware None None InfoSecurity Mag - InfoSecurity Magazine 2022-10-28T16:00:00+00:00 https://www.infosecurity-magazine.com/news/cranefly-hackers-stealthyly/ www.secnews.physaphae.fr/article.php?IdArticle=7718932 False Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-10-28T15:48:00+00:00 https://thehackernews.com/2022/10/raspberry-robin-operators-selling.html www.secnews.physaphae.fr/article.php?IdArticle=7718000 False Malware,Threat None None CSO - CSO Daily Dashboard phishing emails in the third quarter this year increased by more than 31% quarter on quarter, with the number of emails containing malware in the first three quarters surpassing the 2021 level by 55.8 million.Malware emails in the third quarter of 2022 alone increased by 217% compared to same period in 2021. Malware email volume peaked in July, reaching 19.2 million, before month-over-month declines in August and September, with numbers dropping to 16.8 million and 16.5 million respectively.To read this article in full, please click here]]> 2022-10-28T10:01:00+00:00 https://www.csoonline.com/article/3678311/phishing-attacks-increase-by-over-31-in-third-quarter-report.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7718793 False Malware,Threat None 4.0000000000000000 Bleeping Computer - Magazine Américain 2022-10-28T06:00:00+00:00 https://www.bleepingcomputer.com/news/security/hackers-use-microsoft-iis-web-server-logs-to-control-malware/ www.secnews.physaphae.fr/article.php?IdArticle=7717333 False Malware None None Bleeping Computer - Magazine Américain 2022-10-28T06:00:00+00:00 https://www.bleepingcomputer.com/news/security/android-malware-droppers-with-130k-installs-found-on-google-play/ www.secnews.physaphae.fr/article.php?IdArticle=7717332 False Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-10-27T19:49:00+00:00 https://thehackernews.com/2022/10/researchers-expose-over-80-shadowpad.html www.secnews.physaphae.fr/article.php?IdArticle=7704302 False Malware,Threat None None Bleeping Computer - Magazine Américain 2022-10-27T13:10:18+00:00 https://www.bleepingcomputer.com/news/security/drinik-android-malware-now-targets-users-of-18-indian-banks/ www.secnews.physaphae.fr/article.php?IdArticle=7705773 False Malware None None Dragos - CTI Society PIPEDREAM is the seventh known malware affecting industrial control systems (ICS). It’s a flexible ICS attack framework and the first... The post Analyzing PIPEDREAM: Results from Runtime Testing first appeared on Dragos.]]> 2022-10-27T13:00:00+00:00 https://www.dragos.com/blog/analyzing-pipedream-results-from-runtime-testing/ www.secnews.physaphae.fr/article.php?IdArticle=7702143 False Malware None None AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC new compliance requirement in many industries, including healthcare, finance, and retail. In the event of a data breach, companies are often required to notify their customers and partners, which can be costly. Cyber insurance can help cover these expenses. Employee training Employees are often the weakest link in a company's cybersecurity defenses. They may not be aware of the latest cyber threats or how to protect themselves from them. That's why it's important to provide employees with regular training on cybersecurity risks and best practices. There are many different types of employee training programs available, ranging from in-person seminars to online courses. Some companies even offer financial incentives for employees who complete training programs. In the remote work era, employee education also increasingly means arming remote workers with knowledge that will keep company data safe while they are working on networks that might not be well secured. This is especially the case if you know people are connecting via public networks at cafes, co-working spaces, and airports. Endpoint security Endpoints are the devices that connect to a network, such as laptops, smartphones, and tablets. They are also a common entry point for cyber-attacks. That's why it's important to invest in endpoint security, which includes solutions such as antivirus software, firewalls, and encryption. You can invest in endpoint security by purchasing it from a vendor or by implementing it yourself. There are also many free and open-source solutions available. Make sure you test any endpoint security solution before deploying it in your environment. Identity and access management Identity and access management (IAM) is a process for managing user identities and permissions. It can be used to control who has access to what data and resources, and how they can use them. IAM solutions often include features such as Single Sign-On (SSO), which allows users to access multiple applications with one set of credentials, and two-factor authentication (2FA), which adds an extra layer of security. IAM solutions can be deployed on-premises or in the cloud. They can also be integrated with other security solutions, such as firewalls and intrusion detection systems. Intrusion detection and prevention Intrusion detection and prevention systems (IDPS) are designed to detect and prevent cyber-attacks. They work by monitoring network traffic for suspicious activity and blocking or flagging it as needed. IDPS solutions can be deployed on-premises or in the cloud. There are many different types of IDPS solutions available, ranging from simple network-based solutions to more sophisticated host-based ones. Make sure you choose a solution that is right for your environment and needs. Security information and event management Security information and event management (SIEM) solutions are designed to collect and analyze data from a variety of security ]]> 2022-10-27T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/11-cybersecurity-investments-you-can-make-right-now www.secnews.physaphae.fr/article.php?IdArticle=7700503 False Data Breach,Spam,Malware,Vulnerability,Patching None None AhnLab - Korean Security Firm The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from October 17th, 2022 (Monday) to October 23rd (Sunday). For the main category, info-stealer ranked top with 52.7%, followed by downloader with 37.0%, backdoor with 8.8%, ransomware with 1.0%, and banking malware with 0.5%. Top 1 –  Agent Tesla AgentTesla is an infostealer that ranked first place with 23.4%. It is an info-stealer that leaks... ]]> 2022-10-27T00:16:33+00:00 https://asec.ahnlab.com/en/40787/ www.secnews.physaphae.fr/article.php?IdArticle=7693833 True Ransomware,Malware None None AhnLab - Korean Security Firm The ASEC analysis team has identified the Qakbot malware that was introduced in the past is being distributed to Korean users. The overall operation process, including the fact that it uses ISO files, is similar to the previous version, but a process to bypass behavior detection was added. The email distributed to Korean users is as shown below. It has hijacked a normal existing email and replied to it with a malicious file in the attachment, and this distribution process... ]]> 2022-10-27T00:05:57+00:00 https://asec.ahnlab.com/en/40682/ www.secnews.physaphae.fr/article.php?IdArticle=7693834 False Malware None None AhnLab - Korean Security Firm The FormBook malware that was recently detected by a V3 software had been downloaded to the system and executed while the user was using a web browser. FormBook is an info-stealer that aims to steal the user’s web browser login information, keyboard input, clipboard, and screenshots. It targets random individuals, and is usually distributed through spam mails or uploaded to infiltrated websites. FormBook operates by injecting into a running process memory, and the targets of injection are explorer.exe and arbitrary... ]]> 2022-10-26T23:52:48+00:00 https://asec.ahnlab.com/en/40663/ www.secnews.physaphae.fr/article.php?IdArticle=7693118 False Spam,Malware None None The Register - Site journalistique Anglais 2022-10-26T23:06:26+00:00 https://go.theregister.com/feed/www.theregister.com/2022/10/26/feds_indict_ukrainian_raccoon/ www.secnews.physaphae.fr/article.php?IdArticle=7693181 False Malware None None Malwarebytes Labs - MalwarebytesLabs Categories: NewsTags: POS Tags: malware Tags: credit card Tags: credit identity theft Tags: C2 Tags: MajikPOS Tags: Treasure Hunter Researchers have discovered the theft of 167,000 sets of credit card detials by MajikPOS and Treasure Hunter POS malware (Read more...) ]]> 2022-10-26T22:30:00+00:00 https://www.malwarebytes.com/blog/news/2022/10/point-of-sale-malware-used-stole-the-details-of-over-167000-credit-cards www.secnews.physaphae.fr/article.php?IdArticle=7693493 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-10-26T21:39:00+00:00 https://thehackernews.com/2022/10/us-charges-ukrainian-hacker-over-role.html www.secnews.physaphae.fr/article.php?IdArticle=7688331 False Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-10-26T21:20:00+00:00 https://thehackernews.com/2022/10/kimsuky-hackers-spotted-using-3-new.html www.secnews.physaphae.fr/article.php?IdArticle=7688333 False Malware None None Ars Technica - Risk Assessment Security Hacktivism 2022-10-26T18:38:03+00:00 https://arstechnica.com/?p=1893051 www.secnews.physaphae.fr/article.php?IdArticle=7690585 False Malware None None Malwarebytes Labs - MalwarebytesLabs Categories: NewsTags: MOTW Tags: mark of the web Tags: signature Tags: malformed Tags: malware Tags: ransomware Tags: bypass Tags: SmartScreen We take a look at reports that malware authors are using what appears to be a years-old bug to bypass Mark of the Web alerts. (Read more...) ]]> 2022-10-26T14:00:00+00:00 https://www.malwarebytes.com/blog/news/2022/10/malware-authors-use-malformed-signature-trick-to-bypass-mark-of-the-web www.secnews.physaphae.fr/article.php?IdArticle=7693495 False Malware None None SecurityWeek - Security News Raccoon Infostealer," the US Justice Department said Tuesday. ]]> 2022-10-25T21:05:19+00:00 https://www.securityweek.com/us-charges-ukrainian-raccoon-infostealer-cybercrimes www.secnews.physaphae.fr/article.php?IdArticle=7676066 False Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-10-25T17:03:00+00:00 https://thehackernews.com/2022/10/cybercriminals-used-two-pos-malware-to.html www.secnews.physaphae.fr/article.php?IdArticle=7671980 False Malware,Threat None None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Alert (AA22-294A) #StopRansomware: Daixin Team (published: October 21, 2022) Daixin Team is a double-extortion ransomware group that has been targeting US businesses, predominantly in the healthcare sector. Since June 2022, Daixin Team has been encrypting electronic health record services, diagnostics services, imaging services, and intranet services. The group has exfiltrated personal identifiable information and patient health information. Typical intrusion starts with initial access through virtual private network (VPN) servers gained by exploitation or valid credentials derived from prior phishing. They use SSH and RDP for lateral movement and target VMware ESXi systems with ransomware based on leaked Babuk Locker source code. Analyst Comment: Network defenders should keep organization’s VPN servers up-to-date on security updates. Enable multifactor authentication (MFA) on your VPN server and other critical accounts (administrative, backup-related, and webmail). Restrict the use of RDP, SSH, Telnet, virtual desktop and similar services in your environment. MITRE ATT&CK: [MITRE ATT&CK] Exploit Public-Facing Application - T1190 | [MITRE ATT&CK] Valid Accounts - T1078 | [MITRE ATT&CK] Account Manipulation - T1098 | [MITRE ATT&CK] OS Credential Dumping - T1003 | [MITRE ATT&CK] Remote Service Session Hijacking - T1563 | [MITRE ATT&CK] Use Alternate Authentication Material - T1550 | [MITRE ATT&CK] Exfiltration Over Web Service - T1567 | [MITRE ATT&CK] Data Encrypted for Impact - T1486 Tags: actor:Daixin Team, malware-type:Ransomware, PHI, SSH, RDP, Rclone, Ngrok, target-sector:Health Care NAICS 62, ESXi, VMware, Windows Exbyte: BlackByte Ransomware Attackers Deploy New Exfiltration Tool (published: October 21, 2022) Symantec detected a new custom data exfiltration tool used in a number of BlackByte ransomware attacks. This infostealer, dubbed Exbyte, performs anti-sandbox checks and proceeds to exfiltrate selected file types to a hardcoded Mega account. BlackByte ransomware-as-a-service operations were first uncovered in February 2022. The group’s recent attacks start with exploiting public-facing vulnerabilities of ProxyShell and ProxyLogon families. BlackByte removes Kernel Notify Routines to bypass Endpoint Detection and Response (EDR) products. The group uses AdFind, AnyDesk, Exbyte, NetScan, and PowerView tools and deploys BlackByte 2.0 ransomware payload. Analyst Comment: It is crucial that your company ensures that servers are]]> 2022-10-25T16:53:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-daixin-team-ransoms-healthcare-sector-earth-berberoka-breaches-casinos-for-data-windows-affected-by-bring-your-own-vulnerable-driver-attacks-and-more www.secnews.physaphae.fr/article.php?IdArticle=7673563 False Ransomware,Malware,Tool,Vulnerability,Threat,Medical APT 38 None Bleeping Computer - Magazine Américain 2022-10-25T15:02:37+00:00 https://www.bleepingcomputer.com/news/security/ukrainian-charged-for-operating-raccoon-stealer-malware-service/ www.secnews.physaphae.fr/article.php?IdArticle=7674380 False Malware None None InfoSecurity Mag - InfoSecurity Magazine 2022-10-25T15:00:00+00:00 https://www.infosecurity-magazine.com/news/pos-malware-steal-over-167000/ www.secnews.physaphae.fr/article.php?IdArticle=7672824 False Malware None None Security Affairs - Blog Secu Researchers reported that threat actors used 2 PoS malware variants to steal information about more than 167,000 credit cards. Cybersecurity firm Group-IB discovered two PoS malware to steal data associated with more than 167,000 credit cards from point-of-sale payment terminals. On April 19, 2022, Group-IB researchers identified the C2 server of the POS malware called MajikPOS. […] ]]> 2022-10-25T14:59:22+00:00 https://securityaffairs.co/wordpress/137608/malware/pos-malware-stolen-card-data.html www.secnews.physaphae.fr/article.php?IdArticle=7672738 False Malware,Threat None None InformationSecurityBuzzNews - Site de News Securite 2022-10-25T14:12:28+00:00 https://informationsecuritybuzz.com/expert-comments/thousands-of-fake-poc-exploits-in-github-repositories-deliver-malware-expert-comments/ www.secnews.physaphae.fr/article.php?IdArticle=7672618 True Malware None None InformationSecurityBuzzNews - Site de News Securite 2022-10-25T13:40:13+00:00 https://informationsecuritybuzz.com/expert-comments/payment-card-attack-could-be-worth-3-3m/ www.secnews.physaphae.fr/article.php?IdArticle=7672289 False Malware None None InformationSecurityBuzzNews - Site de News Securite 2022-10-25T13:28:52+00:00 https://informationsecuritybuzz.com/expert-comments/typosquat-campaign-mimics-27-brands-to-push-windows-android-malware/ www.secnews.physaphae.fr/article.php?IdArticle=7672290 False Malware None None ProofPoint - Firm Security 2022-10-25T13:27:54+00:00 https://www.proofpoint.com/us/newsroom/news/massive-typosquatting-racket-pushes-malware-windows-android-users www.secnews.physaphae.fr/article.php?IdArticle=7677384 False Malware None None AhnLab - Korean Security Firm On October 17th, 2022, the Korean Internet & Security Agency (KISA) published a security notice titled “Advising Caution on Cyber Attacks Exploiting the Kakao Service Malfunction Issue’, and according to the notice, malware disguised as a KakaoTalk installation file (KakaoTalkUpdate.zip etc.) is being distributed via email. The ASEC analysis team was able to secure a file that seems to be of the type while monitoring relevant samples. This malware has the same filename and icon as the actual messenger program,... ]]> 2022-10-25T01:04:42+00:00 https://asec.ahnlab.com/en/40483/ www.secnews.physaphae.fr/article.php?IdArticle=7669359 False Malware None None