This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-06-24T12:13:20+00:00 www.secnews.physaphae.fr AhnLab - Korean Security Firm The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from October 10th, 2022 (Monday) to October 16th, 2022 (Sunday). For the main category, downloader ranked top with 44.4%, followed by info-stealer with 41.7%, backdoor with 12.5%, ransomware with 0.9%, and CoinMiner with 0.5%. Top1. SmokeLoader Smokeloader is infostealer / downloader malware that is distributed via exploit kits. This week, it ranked first place... ]]> 2022-10-25T00:52:47+00:00 https://asec.ahnlab.com/en/40526/ www.secnews.physaphae.fr/article.php?IdArticle=7669205 True Ransomware,Malware None None The Register - Site journalistique Anglais 2022-10-24T22:11:11+00:00 https://go.theregister.com/feed/www.theregister.com/2022/10/24/pos_malware_campaign_steals_33m/ www.secnews.physaphae.fr/article.php?IdArticle=7668849 False Malware None None InfoSecurity Mag - InfoSecurity Magazine 2022-10-24T16:00:00+00:00 https://www.infosecurity-magazine.com/news/rce-vulnerabilities-in-veeam/ www.secnews.physaphae.fr/article.php?IdArticle=7666957 False Ransomware,Malware None 2.0000000000000000 IT Security Guru - Blog Sécurité 2022-10-24T14:45:43+00:00 https://www.itsecurityguru.org/2022/10/24/https-www-infosecurity-magazine-com-news-clicker-malware-20-million/?utm_source=rss&utm_medium=rss&utm_campaign=https-www-infosecurity-magazine-com-news-clicker-malware-20-million www.secnews.physaphae.fr/article.php?IdArticle=7666778 False Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-10-24T11:55:00+00:00 https://thehackernews.com/2022/10/sidewinder-apt-using-new-warhawk.html www.secnews.physaphae.fr/article.php?IdArticle=7662160 False Malware APT-C-17 None CyberScoop - scoopnewsgroup.com special Cyber Using two malware variants, unknown operators managed to compile stolen card data potentially worth more than $3 million, researchers said. ]]> 2022-10-24T11:00:00+00:00 https://www.cyberscoop.com/majikpos-point-of-sale-malware-credit-card-fraud/ www.secnews.physaphae.fr/article.php?IdArticle=7664325 False Malware None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine 2022-10-24T09:30:00+00:00 https://www.infosecurity-magazine.com/news/clicker-malware-20-million/ www.secnews.physaphae.fr/article.php?IdArticle=7665034 False Malware None None SANS Institute - SANS est un acteur de defense et formation 2022-10-24T07:12:13+00:00 https://isc.sans.edu/diary/rss/29180 www.secnews.physaphae.fr/article.php?IdArticle=7663343 False Malware None None Bleeping Computer - Magazine Américain 2022-10-23T11:15:19+00:00 https://www.bleepingcomputer.com/news/security/thousands-of-github-repositories-deliver-fake-poc-exploits-with-malware/ www.secnews.physaphae.fr/article.php?IdArticle=7652097 False Malware None None Bleeping Computer - Magazine Américain 2022-10-23T10:17:34+00:00 https://www.bleepingcomputer.com/news/security/typosquat-campaign-mimics-27-brands-to-push-windows-android-malware/ www.secnews.physaphae.fr/article.php?IdArticle=7652098 False Malware None None TroyHunt - Blog Security 2022-10-21T22:31:58+00:00 https://arstechnica.com/?p=1892156 www.secnews.physaphae.fr/article.php?IdArticle=7615866 False Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-10-21T22:17:00+00:00 https://thehackernews.com/2022/10/emotet-botnet-distributing-self.html www.secnews.physaphae.fr/article.php?IdArticle=7609913 False Malware None None We Live Security - Editeur Logiciel Antivirus ESET 2022-10-21T13:15:23+00:00 https://www.welivesecurity.com/videos/apt-c-50-updates-furball-android-malware-week-security-tony-anscombe/ www.secnews.physaphae.fr/article.php?IdArticle=7619378 False Malware None None IT Security Guru - Blog Sécurité 2022-10-21T11:00:36+00:00 https://www.itsecurityguru.org/2022/10/21/https-www-infosecurity-magazine-com-news-oldgremlin-ransomware-russian/?utm_source=rss&utm_medium=rss&utm_campaign=https-www-infosecurity-magazine-com-news-oldgremlin-ransomware-russian www.secnews.physaphae.fr/article.php?IdArticle=7604262 False Ransomware,Malware None None SecurityWeek - Security News 2022-10-21T10:28:32+00:00 https://www.securityweek.com/cisa-tells-organizations-patch-linux-kernel-vulnerability-exploited-malware www.secnews.physaphae.fr/article.php?IdArticle=7603443 False Malware,Vulnerability None None The Register - Site journalistique Anglais 2022-10-21T10:28:06+00:00 https://go.theregister.com/feed/www.theregister.com/2022/10/21/ursnif_trojan_shift_ransomware/ www.secnews.physaphae.fr/article.php?IdArticle=7603421 False Ransomware,Malware None None AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Bloomberg US Edition, allege that Russian-associated cybercrime group Killnet is responsible for a series of distributed-denial-of-service (DDoS) attacks during the week of October 6 that took several state government and other websites offline. While most of the websites were restored within 48 hours, these volumetric attacks can leave even the most secure sites paralyzed and susceptible to further damage. AT&T Alien Labs, the threat intelligence arm of AT&T Cybersecurity, suggests politically motivated cyber strikes such as the ones that hit web sites in October are nothing new. Killnet has a long history of successfully attacking both public and private organizations and businesses. Research Killnet on the Alien Labs Open Threat Exchange (OTX), among the largest open threat intelligence sharing communities in the world. Figure 1: OTX pulse on Killnet. “We have been following Killnet for years and have seen a marked increased activity in the last few weeks. Their attacks, however, appear to be opportunistic DDoS campaigns aimed at attracting media coverage,” says Research Director Santiago Cortes Diaz. “Their efforts seem to be coordinated with the Russian government as part of their FUD (fear, uncertainty and doubt) campaign around the geopolitical conflict.” Aside from a temporary takedown that can disrupt operations, there is also a reputational cost to DDoS attacks. Moves against government websites potentially aim to destroy faith among voters that U.S. elections are a secure and insulated process. And, though the election process is mostly separated from the Internet, consecutive attacks of this nature could also negatively impact confidence in the United States’ digital defenses. DDoS attacks, though typically short-lived, succeed in getting the public’s attention by causing a digital flood of information on websites with an otherwise regular flow of traffic. A botnet, a group of machines infected with malware and controlled as a malicious group, generates bogus requests and junk directed at the target while hiding within a site’s usual traffic patterns.  DDoS attacks are not to be underestimated. They will likely continue to proliferate as hackers acquire access to more botnets and resources allowing them to commit larger attacks — and the resources will come with the next era of computing. As organizations continue to deploy edge applications and take advantage of 5G, the threat of DDoS attacks is potentially compounded. To this point, in a survey of 1,500 global respondents for the AT&T Cybersecurity Insights Report: 5G and the Journey to the Edge, 83% believe attacks on web-based applications will present a big security challenge.   Why? Because along with the improvements in speed, capacity, and latency of 5G and edge computing, there is also going to be an explosion in connected devices. For example, in the same Insights Report, the top three use cases expected to be in production within three years for edge computing include: industrial IoT or OT, enterprise IoT, and industry-oriented consumer IoT functions — all of which are driven by applications that can be connected to the internet.  This increase in devices and network quality as well as explosion in appli]]> 2022-10-21T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/do-the-recent-ddos-attacks-signal-future-web-application-rsks www.secnews.physaphae.fr/article.php?IdArticle=7602826 False Malware,Threat None None Global Security Mag - Site de news francais Malwares]]> 2022-10-21T09:32:50+00:00 http://www.globalsecuritymag.fr/ESET-decouvre-une-nouvelle-version,20221021,131397.html www.secnews.physaphae.fr/article.php?IdArticle=7602731 False Malware None None Security Affairs - Blog Secu 2022-10-21T07:50:12+00:00 https://securityaffairs.co/wordpress/137435/malware/ursnif-shift-backdoor.html www.secnews.physaphae.fr/article.php?IdArticle=7600844 False Malware None None AhnLab - Korean Security Firm The ASEC analysis team has discovered that the GuLoader malware is being distributed to Korean corporate users. GuLoader is a downloader that has been steadily distributed since the past, downloading various malware. The phishing mail being distributed is as follows, and has an HTML file attached. When the user opens the attached HTML file, a compressed file is downloaded from the URL below. The compressed file contains an IMG file and the GuLoader malware is inside this IMG file. GuLoader... ]]> 2022-10-21T03:56:17+00:00 https://asec.ahnlab.com/en/40283/ www.secnews.physaphae.fr/article.php?IdArticle=7597081 False Malware None None AhnLab - Korean Security Firm Overview Ordinarily, attackers install malware through various methods such as spear phishing emails with a malicious attachment, malvertising, vulnerabilities, and disguising the malware as normal software and uploading them to websites. The malware that is installed include infostealers which steal information from the infected system, ransomware which encrypts files to demand ransom, and DDoS Bots which are used in DDoS attacks. In addition to these, backdoor and RAT are also major malware programs used by attackers. Backdoor malware is installed... ]]> 2022-10-21T02:30:43+00:00 https://asec.ahnlab.com/en/40263/ www.secnews.physaphae.fr/article.php?IdArticle=7596127 False Ransomware,Malware None None SANS Institute - SANS est un acteur de defense et formation 2022-10-21T00:03:49+00:00 https://isc.sans.edu/diary/rss/29170 www.secnews.physaphae.fr/article.php?IdArticle=7594422 False Malware None None Fortinet - Fabricant Materiel Securite 2022-10-20T20:23:00+00:00 https://www.fortinet.com/blog/threat-research/multiple-malware-campaigns-target-vmware-vulnerability www.secnews.physaphae.fr/article.php?IdArticle=7595463 False Malware,Vulnerability None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-10-20T17:03:00+00:00 https://thehackernews.com/2022/10/hackers-using-new-version-of-furball.html www.secnews.physaphae.fr/article.php?IdArticle=7583728 False Malware,Threat None None Bleeping Computer - Magazine Américain 2022-10-20T16:00:37+00:00 https://www.bleepingcomputer.com/news/security/ursnif-malware-switches-from-bank-account-theft-to-initial-access/ www.secnews.physaphae.fr/article.php?IdArticle=7589994 False Malware None None RedCanary - Red Canary 2022-10-20T15:44:24+00:00 https://redcanary.com/blog/intelligence-insights-october-2022/ www.secnews.physaphae.fr/article.php?IdArticle=7586310 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-10-20T14:34:00+00:00 https://thehackernews.com/2022/10/these-16-clicker-malware-infected.html www.secnews.physaphae.fr/article.php?IdArticle=7581105 False Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-10-20T14:09:00+00:00 https://thehackernews.com/2022/10/latest-ursnif-variant-shifts-focus-from.html www.secnews.physaphae.fr/article.php?IdArticle=7581106 False Ransomware,Malware,Threat None None Anomali - Firm Blog A new threat report is published from an intel provider describing a new variant of malware that has been catastrophic at similar organizations. This report would ideally contain information around the process tree, registry key, etc., to help the cyber threat hunters not just hunt for detection of the associated IOCs but dig deeper to identify patterns that match the behavior of the malware across the network, like abnormal PowerShell executio]]> 2022-10-20T13:36:00+00:00 https://www.anomali.com/blog/threat-hunting-eight-tactics-to-a-accelerating-threat-hunting www.secnews.physaphae.fr/article.php?IdArticle=7666507 False Spam,Malware,Tool,Vulnerability,Threat None None Bleeping Computer - Magazine Américain 2022-10-20T11:03:41+00:00 https://www.bleepingcomputer.com/news/security/oldgremlin-hackers-use-linux-ransomware-to-attack-russian-orgs/ www.secnews.physaphae.fr/article.php?IdArticle=7585563 False Ransomware,Malware None None Checkpoint - Fabricant Materiel Securite Highlights: Check Point Research (CPR) puts a special spotlight on how the Black Basta gang delivers malware to its victims and provides best practices to lower risks of being victimized CPR details evasions and anti-analysis techniques of this ransomware, which was found to prevent security protections from detecting this malware Check Point Research provides links… ]]> 2022-10-20T09:58:54+00:00 https://blog.checkpoint.com/2022/10/20/check-point-research-analyzes-the-newly-emerged-black-basta-ransomware-alerts-organizations-to-adopt-prevention-best-practices/ www.secnews.physaphae.fr/article.php?IdArticle=7581145 False Malware None None We Live Security - Editeur Logiciel Antivirus ESET APT-C-50's Domestic Kitten campaign continues, targeting Iranian citizens with a new version of the FurBall malware masquerading as an Android translation app ]]> 2022-10-20T09:30:02+00:00 https://www.welivesecurity.com/2022/10/20/domestic-kitten-campaign-spying-iranian-citizens-furball-malware/ www.secnews.physaphae.fr/article.php?IdArticle=7588976 False Malware None None CSO - CSO Daily Dashboard a new report.To read this article in full, please click here]]> 2022-10-20T06:00:00+00:00 https://www.csoonline.com/article/3677448/attackers-switch-to-self-extracting-password-protected-archives-to-distribute-email-malware.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7584664 False Spam,Malware,Threat None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-10-19T18:03:00+00:00 https://thehackernews.com/2022/10/chinese-hackers-targeting-online.html www.secnews.physaphae.fr/article.php?IdArticle=7561952 False Malware,Threat None None Global Security Mag - Site de news francais Malwares]]> 2022-10-19T15:57:23+00:00 http://www.globalsecuritymag.fr/Mandiant-Research-Pourquoi-cette,20221019,131350.html www.secnews.physaphae.fr/article.php?IdArticle=7563963 False Malware None None Global Security Mag - Site de news francais Malwares]]> 2022-10-19T08:39:21+00:00 http://www.globalsecuritymag.fr/Classement-Top-Malware-Check-Point,20221019,131301.html www.secnews.physaphae.fr/article.php?IdArticle=7557713 False Malware None None DarkTrace - DarkTrace: AI bases detection 2022-10-19T00:00:00+00:00 https://darktrace.com/blog/growing-your-onion-autoit-malware-in-the-darktrace-kill-chain www.secnews.physaphae.fr/article.php?IdArticle=7564714 False Malware None None AhnLab - Korean Security Firm The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from October 3rd, 2022 (Monday) to October 9th, 2022 (Sunday). For the main category, downloader ranked top with 45.0%, followed by info-stealer with 39.6%, backdoor with 14.6%, ransomware with 0.4%, and CoinMiner with 0.4%. Top1. SmokeLoader Smokeloader is infostealer / downloader malware that is distributed via exploit kits. This week, it ranked first place... ]]> 2022-10-18T23:44:15+00:00 https://asec.ahnlab.com/en/40056/ www.secnews.physaphae.fr/article.php?IdArticle=7549250 True Ransomware,Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-10-18T15:41:00+00:00 https://thehackernews.com/2022/10/chinese-spyder-loader-malware-spotted.html www.secnews.physaphae.fr/article.php?IdArticle=7538339 False Malware,Threat,Guideline APT 41 None InfoSecurity Mag - InfoSecurity Magazine 2022-10-18T15:00:00+00:00 https://www.infosecurity-magazine.com/news/spyder-loader-target-hong-kong/ www.secnews.physaphae.fr/article.php?IdArticle=7541729 False Malware None None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Ransom Cartel Ransomware: A Possible Connection With REvil (published: October 14, 2022) Palo Alto Networks researchers analyzed Ransom Cartel, a double extortion ransomware-as-a-service group. Ransom Cartel came to existence in mid-December 2021 after the REvil group shut down. The Ransom Cartel group uses the Ransom Cartel ransomware, which shares significant code similarities with REvil, indicating close connections, but lacks REvil obfuscation engine capabilities. Ransom Cartel has almost no obfuscation outside of the configuration: unlike REvil it does not use string encryption and API hashing. Among multiple tools utilized by Ransom Cartel, the DonPAPI credential dumper is unique for this group. It performs Windows Data Protection API (DPAPI) dumping by targeting DPAPI-protected credentials such as credentials saved in web browsers, RDP passwords, and Wi-Fi keys. Analyst Comment: Network defenders should consider monitoring or blocking high-risk connections such as TOR traffic that is often abused by Ransom Cartel and its affiliates. It is crucial that your company ensure that servers are always running the most current software version. Your company should have policies in place in regards to the proper configurations needed for your servers in order to conduct your business needs safely. MITRE ATT&CK: [MITRE ATT&CK] Valid Accounts - T1078 | [MITRE ATT&CK] External Remote Services - T1133 | [MITRE ATT&CK] Software Deployment Tools - T1072 | [MITRE ATT&CK] Command and Scripting Interpreter - T1059 | [MITRE ATT&CK] OS Credential Dumping - T1003 | [MITRE ATT&CK] Create Account - T1136 | [MITRE ATT&CK] Account Manipulation - T1098 | [MITRE ATT&CK] Boot or Logon Autostart Execution - T1547 | [MITRE ATT&CK] BITS Jobs - T1197 | [MITRE ATT&CK] Exploitation for Privilege Escalation - T1068 | [MITRE ATT&CK] File and Directory Permissions Modification - T1222 | [MITRE ATT&CK] Modify Registry - T1112 | [MITRE ATT&CK] Indicator Removal on Host - T1070 | [MITRE ATT&CK] Signed Binary Proxy Execution - T1218 | [MITRE ATT&CK] Impair Defenses - T1562 | [MITRE ATT&CK] Indicator Removal on Host -]]> 2022-10-18T15:00:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-ransom-cartel-uses-dpapi-dumping-unknown-china-sponsored-group-targeted-telecommunications-alchimist-c2-framework-targets-multiple-operating-systems-and-more www.secnews.physaphae.fr/article.php?IdArticle=7541845 False Ransomware,Malware,Tool,Threat APT 27 None CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-10-18T09:47:00+00:00 https://www.csoonline.com/article/3676834/why-unified-platforms-are-the-future-of-network-security.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7543279 False Malware None None The Register - Site journalistique Anglais 2022-10-18T07:31:14+00:00 https://go.theregister.com/feed/www.theregister.com/2022/10/18/prestige_ransomware_microsoft_ukraine/ www.secnews.physaphae.fr/article.php?IdArticle=7536038 False Ransomware,Malware None None SecurityWeek - Security News 2022-10-17T15:55:24+00:00 https://www.securityweek.com/zimbra-patches-under-attack-code-execution-bug www.secnews.physaphae.fr/article.php?IdArticle=7529564 False Malware None None Security Affairs - Blog Secu Black Lotus is a new, powerful Windows UEFI rootkit advertised on underground criminal forums, researcher warns. Cybersecurity researcher Scott Scheferman reported that a new Windows UEFI rootkit, dubbed Black Lotus, is advertised on underground criminal forums. The powerful malware is offered for sale at $5,000, with $200 payments per new updates. The researcher warns that […] ]]> 2022-10-17T15:00:10+00:00 https://securityaffairs.co/wordpress/137252/malware/black-lotus-uefi-rootkit.html www.secnews.physaphae.fr/article.php?IdArticle=7528752 False Malware None None SANS Institute - SANS est un acteur de defense et formation 1]. By "fileless", it means that the malware tries to reduce at the minimum interactions with the file system. But, to achieve persistence, it must write something on the disk. Most of the time, it&#;x26;#;39;s done through registry keys. That&#;x26;#;39;s what happens with this sample: ]]> 2022-10-17T10:05:24+00:00 https://isc.sans.edu/diary/rss/29156 www.secnews.physaphae.fr/article.php?IdArticle=7527852 False Malware None None Bleeping Computer - Magazine Américain 2022-10-16T10:07:14+00:00 https://www.bleepingcomputer.com/news/security/new-php-information-stealing-malware-targets-facebook-accounts/ www.secnews.physaphae.fr/article.php?IdArticle=7508734 False Malware,Threat None None Security Affairs - Blog Secu Experts spotted a PHP version of an information-stealing malware called Ducktail spread as cracked installers for legitimate apps and games. Zscaler researchers discovered a PHP version of an information-stealing malware tracked as Ducktail. The malicious code is distributed as free/cracked application installers for a variety of applications including games, Microsoft Office applications, Telegram, and others.   Ducktail has been […] ]]> 2022-10-15T16:41:24+00:00 https://securityaffairs.co/wordpress/137145/malware/ducktail-php-targets-facebook.html www.secnews.physaphae.fr/article.php?IdArticle=7485682 False Malware None None TroyHunt - Blog Security 2022-10-14T16:26:54+00:00 https://arstechnica.com/?p=1889745 www.secnews.physaphae.fr/article.php?IdArticle=7459825 False Malware None None The Security Ledger - Blog Sécurité Read the whole entry... »Click the icon below to listen. ]]> 2022-10-14T16:05:00+00:00 https://feeds.feedblitz.com/~/715650802/0/thesecurityledger~Episode-ZuoRAT-brings-APT-Tactics-to-Home-Networks/ www.secnews.physaphae.fr/article.php?IdArticle=7470312 False Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-10-14T15:42:00+00:00 https://thehackernews.com/2022/10/new-php-version-of-ducktail-malware.html www.secnews.physaphae.fr/article.php?IdArticle=7456678 False Malware None None IT Security Guru - Blog Sécurité 2022-10-14T13:54:11+00:00 https://www.itsecurityguru.org/2022/10/14/https-www-infosecurity-magazine-com-news-magniber-ransomware-adopts/?utm_source=rss&utm_medium=rss&utm_campaign=https-www-infosecurity-magazine-com-news-magniber-ransomware-adopts www.secnews.physaphae.fr/article.php?IdArticle=7457026 False Ransomware,Malware None None The Register - Site journalistique Anglais 2022-10-14T08:32:11+00:00 https://go.theregister.com/feed/www.theregister.com/2022/10/14/nhs_software_hosting_provider_advanced_ransomware_lockbit/ www.secnews.physaphae.fr/article.php?IdArticle=7451895 False Ransomware,Malware None None Fortinet ThreatSignal - Harware Vendor 2022-10-14T01:24:52+00:00 https://fortiguard.fortinet.com/threat-signal-report/4805 www.secnews.physaphae.fr/article.php?IdArticle=7451988 False Spam,Malware,Vulnerability None None The Register - Site journalistique Anglais 2022-10-13T23:35:05+00:00 https://go.theregister.com/feed/www.theregister.com/2022/10/13/blacklotus_malware_kaspersky/ www.secnews.physaphae.fr/article.php?IdArticle=7443451 False Malware,Guideline None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-10-13T17:47:00+00:00 https://thehackernews.com/2022/10/new-chinese-malware-attack-framework.html www.secnews.physaphae.fr/article.php?IdArticle=7433642 False Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-10-13T13:09:00+00:00 https://thehackernews.com/2022/10/modified-whatsapp-app-caught-infecting.html www.secnews.physaphae.fr/article.php?IdArticle=7430197 False Malware None None UnderNews - Site de news "pirate" francais L'analyse révèle l'émergence de la triple extorsion, ainsi qu'un regain d'activité potentiel chez les cybercriminels. OpenText™ a annoncé aujourd'hui " les Nastiest Malware of 2022 ", un classement des cybermenaces les plus inquiétantes de l'année. Pour la cinquième année consécutive, les experts en threat intelligence d'OpenText Security Solutions ont examiné les données, analysé différents comportements et identifié les charges utiles malveillantes les plus dangereuses. The post OpenText Security Solutions dévoile les malwares les plus dangereux de 2022 first appeared on UnderNews.]]> 2022-10-13T12:16:07+00:00 https://www.undernews.fr/malwares-virus-antivirus/opentext-security-solutions-devoile-les-malwares-les-plus-dangereux-de-2022.html www.secnews.physaphae.fr/article.php?IdArticle=7433546 False Malware,Threat None None Anomali - Firm Blog blog post, I dove deeper into why security is more challenging than ever. And it all comes back to people. People are the heart of any security organization. Security tools are a requirement, but they don’t replace people. According to (ISC) ²’s 2021 Cyber Workforce Report, there is still a cybersecurity workforce gap of more than 2.72 million. Which for some organizations can mean they’re already behind before even starting. Improving Your Security Posture There are many ways an organization can improve its security posture. They can share threat intelligence. They can invest in threat intelligence platforms or XDR solutions that improve their existing investments. For this blog, I’ve narrowed it down to five: 1) Understanding Your Relevant Threat Landscape Understanding the attack surface is key to knowing what assets need protection and how best to protect them. Unfortunately, most organizations struggle because their attack surface keeps changing. Start with an attack surface assessment. Find out how an attacker sees you. Map your assets against their potential vulnerabilities and readiness to prevent or respond to threats. This will help understand how well current tools and investments protect critical assets and what additional measures need to be taken to improve protection. A comprehensive assessment should include the following: • Visibility into all external facing assets to uncover exposed assets • Identify and evaluate the current security programs • Evaluate the effectiveness of information security policies, procedures, and processes • Determine the effect of cybersecurity incidents on KPIs, including availability, integrity, and privacy • Assess the maturity level of current tools and investments ]]> 2022-10-13T10:00:00+00:00 https://www.anomali.com/blog/see-yourself-in-cyber-top-five-ways-to-help-improve-your-organizations-security-posture www.secnews.physaphae.fr/article.php?IdArticle=7431361 False Ransomware,Malware,Hack,Threat,Guideline None None AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Sixth Annual Bank Survey found that more than 70% of fintech companies named information security as their top issue. According to VMware's Modern Bank Heists study, since the COVID-19 epidemic, there have been 238% more cyberattacks on companies in the financial sector. Artificial intelligence (AI) and self-learning malware are making cyberattacks more sophisticated. While ransomware assaults are the most profitable for cybercriminals, phishing attacks prey on unsuspecting and defenseless consumers. Thus, it should come as no surprise that 39% of financial industry executives think that the overall network security threat to BFSI sector companies has increased significantly. Financial and banking firms in the US must put cybersecurity first above all else given the volume of sensitive data that the BFSI sector must manage. Leading analytics company GlobalData predicts that rising demand for cybersecurity would cause worldwide security revenues in the retail banking industry to climb from $7.9 billion in 2019 to $9.8 billion in 2024. What are the biggest concerns facing the financial sector in the United States for 2022? Reimbursing cyber scams As banks are under pressure to compensate their scammed consumers, rising cybercrime rates translate to rising costs for the industry. More than half (58%) of those who conduct their banking online encounter scams via email or SMS at least once per week, and 23% report having fallen victim to a cyberattack. Banks currently reimburse authorized push payment (APP) fraud at an average rate of 46%. Although many banking institutions are refusing reimbursements for online fraud, this is due to change soon, or else the situation will backfire. For example, measures supported by the UK government will require banks to reimburse everyone. This is only one illustration of the fact that if banks are to secure their consumers and their business line in 2022, they must prioritize cybersecurity more highly. To exchange efficient strategies, banks will need to collaborate with governments and industry organizations. The public must continue to get education on preventative measures, but ultimately it is the banks' responsibility to establish security models that will give them and their clients the greatest level of safety. Maintain compliance with strict privacy regulations The use of social engineering and account takeover fraud will increase over the next years. Financial institutions must not only conduct comprehensive data checks beyond document verification at account opening to fight this but also keep track of customer identities throughout the customer lifecycle.   Banks must decide how to manage sensitive personal data like biometrics as ]]> 2022-10-13T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/the-biggest-concerns-within-the-us-financial-sector-in-2022 www.secnews.physaphae.fr/article.php?IdArticle=7431394 False Ransomware,Malware,Vulnerability,Threat,Guideline Uber None CISCO Talos - Cisco Research blog By Chetan Raghuprasad, Asheer Malhotra and Vitor Ventura, with contributions from Matt Thaxton.Cisco Talos discovered a new attack framework including a command and control (C2) tool called "Alchimist" and a new malware "Insekt" with remote administration capabilities.The Alchimist has a web interface in Simplified Chinese with remote administration features.The attack framework is designed to target Windows, Linux and Mac machines. Alchimist and Insekt binaries are implemented in GoLang.This campaign consists of additional bespoke tools such as a MacOS exploitation tool, a custom backdoor and multiple off-the-shelf tools such as reverse proxies. Cisco Talos has discovered a new single-file command and control (C2) framework the authors call "Alchimist [sic]." Talos researchers found this C2 on a server that had a file listing active on the root directory along with a set of post-exploitation tools.Cisco Talos assesses with moderate-high confidence that this framework is being used in the wild. "Alchimist" is a 64-bit Linux executable written in GoLang and packed with assets including resources for the web interface and Insekt RAT payloads compiled for Windows and Linux. Insekt RAT, a new trojan Cisco Talos discovered, is Alchimist's beacon implant written in GoLang and has a variety of remote access capabilities that can be instrumented by the Alchimist C2 server.Alchimist C2 has a web interface written in Simplified Chinese and can generate a configured payload, establish remote sessions, deploy payload to the remote machines, capture screenshots, perform remote shellcode execution and run arbitrary commands. Among the remaining tools, Cisco Talos found a Mach-O dropper embedded with an exploit to target a known vulnerability CVE-2021-4034, a privilege escalation issue in polkit's pkexec utility, and a Mach-O bind shell backdoor. The Qualys Research Team discovered CVE-2021-4034 in November 2021, and in January 2022, the U.S.'s National Security Agency Cybersecurity Director warned that the vulnerability was being exploited in the wild. The server also contained dual-use tools like psexec and netcat, along with a scanning tool called "fscan," which the author defines as an "intranet scanning tool," essentially all the necessary tools for lateral movement. Alchimist framework The attack framework we discovered during the course of this research consists of a standalone C2 server called "Alchimist" and its corresponding implants the authors call the "Insekt" RAT family.Alchimist isn't the first self-contained framework we've discovered recently, with Manjusaka being another single file-based C2 framework disclosed by Talos recently. Both follow the same design philosophy, albeit implemented in different ways, to the point where they both seem to have the same list of requirements despite being implemented by different programmers. However, Manjusaka and Alchimist have virtually the same set of feat]]> 2022-10-13T08:00:07+00:00 http://blog.talosintelligence.com/2022/10/alchimist-offensive-framework.html www.secnews.physaphae.fr/article.php?IdArticle=7433830 False Malware,Tool,Vulnerability,Threat None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-10-12T20:32:00+00:00 https://thehackernews.com/2022/10/hackers-using-vishing-tactics-to-trick.html www.secnews.physaphae.fr/article.php?IdArticle=7415600 False Malware None None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence VMware Report Exposes Emotet Malware’s Supply Chain (published: October 10, 2022) VMware researchers analyzed the Emotet malware-as-a-service evolution and its command-and-control (C2) infrastructure. In June 2022, Emotet added two new modules: one stealing credit card information from Google Chrome browsers, and another one that leverages the SMB protocol to spread laterally. Emotet’s main component is a DLL file that stores a highly obfuscated list of C2 IP:port pairs. More than half of the ports counted were port 8080 used as a proxy port on compromised legitimate servers abused to proxy traffic to the real C2 servers. Analyst Comment: For network defenders it is important to strengthen email security and implement network segmentation whenever possible. Despite its continuous evolution, Emotet botnets can reuse previously identified infrastructure. Block known network-based indicators available via Anomali platform. MITRE ATT&CK: [MITRE ATT&CK] Obfuscated Files or Information - T1027 | [MITRE ATT&CK] Deobfuscate/Decode Files or Information - T1140 | [MITRE ATT&CK] Ingress Tool Transfer - T1105 | [MITRE ATT&CK] Signed Binary Proxy Execution - T1218 | [MITRE ATT&CK] Signed Script Proxy Execution - T1216 | [MITRE ATT&CK] Encrypted Channel - T1573 | [MITRE ATT&CK] Exfiltration Over C2 Channel - T1041 | [MITRE ATT&CK] Credentials from Password Stores - T1555 | [MITRE ATT&CK] Email Collection - T1114 Tags: mitre-software:Emotet, mitre-group:Wizard Spider, SMB, Proxy, Botnet, Malware-as-a-service, Windows LofyGang Hackers Built a Credential-Stealing Enterprise on Discord, NPM (published: October 7, 2022) Checkmarx Security researchers described a financially-motivated threat actor group dubbed LofyGang (Lofy). This group aims at stealing credentials and credit card data by distributing approximately 200 malicious packages and fake hacking tools on code-hosting platforms, such as NPM and GitHub. LofyGang uses package name typosquatting and the starjacking technique of displaying fake popularity statistics. The first LofyGang package typically does not have a malicious behavior besides getting the second-stage malicious package. For its command-and-control communication the group often abuses legitimate services such as Discord, GitHub, glitch, Heroku, and Repl.it. Analyst Comment: Developers should be extra cautious and sensitized to the growing exploitation of the open source eco]]> 2022-10-12T18:06:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-emotet-added-two-new-modules-lofygang-distributed-200-malicious-packages-bumblebee-loader-expanded-its-reach-and-more www.secnews.physaphae.fr/article.php?IdArticle=7417719 False Ransomware,Malware,Tool,Threat None None InfoSecurity Mag - InfoSecurity Magazine 2022-10-12T17:00:00+00:00 https://www.infosecurity-magazine.com/news/formbook-most-wanted-malware/ www.secnews.physaphae.fr/article.php?IdArticle=7415762 False Malware None None SentinelOne (APT) - Cyber Firms Precision targeting of critical infrastructure industries indicates espionage-related activity by an unattributed Chinese-speaking threat group.]]> 2022-10-12T14:27:47+00:00 https://www.sentinelone.com/labs/wip19-espionage-new-chinese-apt-targets-it-service-providers-and-telcos-with-signed-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8388355 False Malware,Threat None 3.0000000000000000 SecurityWeek - Security News 2022-10-12T12:19:36+00:00 https://www.securityweek.com/qbot-malware-infects-over-800-corporate-users-new-ongoing-campaign www.secnews.physaphae.fr/article.php?IdArticle=7412886 False Malware None None AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC protect your WordPress site, is to ensure that all your plugins and software are up-to-date. Outdated software is one of the most common ways that attackers gain access to websites. By keeping everything up to date, you can help to prevent vulnerabilities from being exploited. You can usually enable auto-updates for most plugins and software from within their setting's menus. For WordPress sites, there is also a plugin called Easy Updates Manager that can help you to keep everything up to date with ease. 2.  A strong password policy A strong password policy is the first step to protecting your website from malicious actors. By requiring strong and unique passwords, you can make it significantly more difficult for attackers to gain access to your site. You need to ensure that your website's backend is well protected and that only authorized users have access. To do this, you should consider using a password manager to generate and store strong passwords for your site. You definitely should not be using the same password for multiple sites. 3. Two-factor authentication Two-factor authentication (2FA) is an important security measure that you should consider implementing for your website. 2FA adds an extra layer of security by requiring users to provide two pieces of information before they can access your site. This could include a password and a one-time code that is generated by an app on your phone. 2FA can help to prevent attackers from gaining access to your site, even if they have your password. 4.  A secure socket layer (SSL) certificate An SSL certificate is a must-have for any website that wants to protect their users' information. SSL encrypts the communications between your website and your users' web browsers. This means that even if an attacker was able to intercept the communication, they would not be able to read it. SSL also provides authentication, which means you can be sure that your users are communicating with the intended website and not a fake site set up by an attacker. Increasingly, having things like HTTPS and an SSL certificate are part of Google's ranking metrics and will help your website's SEO. If you aren't making an effort to protect your visitors and users (the people who give you their sensitive credit card information), they may take their business elsewhere. 5. A web application firewall (WAF) A web application firewall (WAF) is a piece of software that sits between your website and the internet. It filters traffic to your site and blocks any requests that it considers to be malicious. WAFs can be very effective at stopping attacks such as SQL injection and cross-site scripting (XSS). 6. Intrusion detection and prevention systems (IDPS) Intrusion detection and prevention systems (IDPS) are designed to]]> 2022-10-12T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/12-essential-ways-to-improve-your-website-security www.secnews.physaphae.fr/article.php?IdArticle=7409530 False Spam,Malware,Threat None 4.0000000000000000 Security Affairs - Blog Secu Lockbit ransomware affiliates are compromising Microsoft Exchange servers to deploy their ransomware, experts warn. South-Korean cybersecurity firm AhnLab reported that Lockbit ransomware affiliates are distributing their malware via compromised Microsoft Exchange servers. In July 2022, two servers operated by a customer of the security firm were infected with LockBit 3.0 ransomware.  Threat actors initially deployed […] ]]> 2022-10-12T05:54:56+00:00 https://securityaffairs.co/wordpress/136968/cyber-crime/microsoft-exchange-lockbit-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=7405732 False Ransomware,Malware,Threat None None AhnLab - Korean Security Firm The ASEC analysis team has recently identified through internal monitoring that the GlobeImposter ransomware, which targets vulnerable MS-SQL servers, is being distributed. This GlobeImposter ransomware has also been mentioned in AhnLab TIP’s quarterly statistics, specifically in the ‘2022 1st and 2nd Quarter Statistical Report on Malware Targeting MS-SQL,’ and in the 2nd quarter, GlobeImposter took up 52.6% of ransomware targeting MS-SQL. It has been identified that the GlobeImposter ransomware is still appearing in the soon-to-be-released 3rd quarter statistics. This ransomware... ]]> 2022-10-12T04:24:38+00:00 https://asec.ahnlab.com/en/39706/ www.secnews.physaphae.fr/article.php?IdArticle=7404636 False Ransomware,Malware None None AhnLab - Korean Security Firm The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from September 26th, 2022 (Monday) to October 2nd, 2022 (Sunday). For the main category, downloader ranked top with 38.2%, followed by info-stealer with 35.1%, ransomware with 14.7%, backdoor with 11.6%, and CoinMiner with 0.4%. Top 1 –  BeamWinHTTP BeamWinHTTP is a downloader malware that ranked top with 16.7%. BeamWinHTTP is distributed via malware disguised... ]]> 2022-10-12T04:18:45+00:00 https://asec.ahnlab.com/en/39627/ www.secnews.physaphae.fr/article.php?IdArticle=7404637 True Ransomware,Malware None None AhnLab - Korean Security Firm There is a recent increase in the distribution method of malware through ISO files. Among the malware, it has been identified that Qakbot, an online banking malware, has had its distribution method changed from Excel 4.0 Macro to ISO files. The ASEC blog introduced cases of ISO file usage for not only Qakbot, but also AsyncRAT, IcedID, and BumbleBee malware. As such, we can see that cases of using ISO files for malware distribution are increasing. The phishing mail that... ]]> 2022-10-12T04:01:25+00:00 https://asec.ahnlab.com/en/39537/ www.secnews.physaphae.fr/article.php?IdArticle=7404638 False Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-10-11T22:11:00+00:00 https://thehackernews.com/2022/10/bazarcall-callback-phishing-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=7395186 False Malware None None TechRepublic - Security News US Attacks using ATM or PoS malware are on the rise again in 2022 after the COVID-19 lockdowns. ]]> 2022-10-11T20:36:41+00:00 https://www.techrepublic.com/article/atm-pos-malware-landscape/ www.secnews.physaphae.fr/article.php?IdArticle=7397577 False Malware None None Global Security Mag - Site de news francais Interviews / affiche, ASSISES2022]]> 2022-10-11T20:15:24+00:00 http://www.globalsecuritymag.fr/Frederic-Grelot-GLIMPS-Nous,20221011,131035.html www.secnews.physaphae.fr/article.php?IdArticle=7397521 False Malware,Guideline None 2.0000000000000000 GoogleSec - Firm Security Blog 1 Pixel phones also get better every few months with Feature Drops that provide the latest product updates, tips and tricks from Google. And Pixel 7 and Pixel 7 Pro users will receive at least five years of security updates2, so your Pixel gets even more secure over time. Your protection, built into PixelYour digital life and most sensitive information lives on your phone: financial information, passwords, personal data, photos – you name it. With Google Tensor G2 and our custom Titan M2 security chip, Pixel 7 and Pixel 7 Pro have multiple layers of hardware security to help keep you and your personal information safe. We take a comprehensive, end-to-end approach to security with verifiable protections at each layer - the network, application, operating system and multiple layers on the silicon itself. If you use Pixel for your business, this approach helps protect your company data, too. Google Tensor G2 is Pixel's newest powerful processor custom built with Google AI, and makes Pixel 7 faster, more efficient and secure3. Every aspect of Tensor G2 was designed to improve Pixel's performance and efficiency for great battery life, amazing photos and videos. Tensor's built-in security core works with our Titan M2 security chip to keep your personal information, PINs and passwords safe. Titan family chips are also used to protect Google Cloud data centers and Chromebooks, so the same hardware that protects Google servers also secures your sensitive information stored on Pixel. And, in a first for Google, Titan M2 hardware has now been certified under Common Criteria PP0084: the international gold standard for hardware security components also used for identity, SIM cards, and bankcard security chips.]]> 2022-10-11T19:22:42+00:00 http://security.googleblog.com/2022/10/google-pixel-7-and-pixel-7-pro-next.html www.secnews.physaphae.fr/article.php?IdArticle=7482584 False Spam,Malware,Vulnerability,Guideline,Industrial APT 40 None Fortinet - Fabricant Materiel Securite 2022-10-11T14:49:00+00:00 https://www.fortinet.com/blog/threat-research/ukrainian-excel-file-delivers-multi-stage-cobalt-strike-loader www.secnews.physaphae.fr/article.php?IdArticle=7402927 False Malware,Guideline None None Security Affairs - Blog Secu Threat actors behind the Emotet bot are continually improving their tactics, techniques, and procedures to avoid detection. VMware researchers have analyzed the supply chain behind the Emotet malware reporting that its operators are continually shifting their tactics, techniques, and procedures to avoid detection. The Emotet banking trojan has been active at least since 2014, the botnet is operated by […] ]]> 2022-10-11T10:40:22+00:00 https://securityaffairs.co/wordpress/136935/malware/emotet-evolution-ttps.html www.secnews.physaphae.fr/article.php?IdArticle=7390601 False Malware None None We Live Security - Editeur Logiciel Antivirus ESET ESET researchers analyzed previously undocumented custom backdoors and cyberespionage tools deployed in Israel by the POLONIUM APT group ]]> 2022-10-11T09:30:08+00:00 https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/ www.secnews.physaphae.fr/article.php?IdArticle=7402702 False Malware None 3.0000000000000000 Bleeping Computer - Magazine Américain 2022-10-11T05:30:00+00:00 https://www.bleepingcomputer.com/news/security/hacking-group-polonium-uses-creepy-malware-against-israel/ www.secnews.physaphae.fr/article.php?IdArticle=7390008 False Malware,Threat None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-10-10T20:46:00+00:00 https://thehackernews.com/2022/10/researchers-detail-malicious-tools-used.html www.secnews.physaphae.fr/article.php?IdArticle=7383479 False Malware,Threat None None Dark Reading - Informationweek Branch 2022-10-10T20:35:32+00:00 https://www.darkreading.com/threat-intelligence/emotet-rises-again-with-more-sophistication-evasion www.secnews.physaphae.fr/article.php?IdArticle=7392973 False Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-10-10T18:40:00+00:00 https://thehackernews.com/2022/10/new-report-uncovers-emotets-delivery.html www.secnews.physaphae.fr/article.php?IdArticle=7382627 False Malware,Threat None None Bleeping Computer - Magazine Américain 2022-10-10T16:24:51+00:00 https://www.bleepingcomputer.com/news/security/hackers-behind-icedid-malware-attacks-diversify-delivery-tactics/ www.secnews.physaphae.fr/article.php?IdArticle=7385250 False Malware,Threat None None InformationSecurityBuzzNews - Site de News Securite 2022-10-10T10:12:56+00:00 https://informationsecuritybuzz.com/expert-comments/kaspersky-warns-of-a-new-wave-of-malicious-email-campaign-spreading-the-qbot-malware/ www.secnews.physaphae.fr/article.php?IdArticle=7381343 False Malware None None The Register - Site journalistique Anglais 2022-10-10T09:29:11+00:00 https://go.theregister.com/feed/www.theregister.com/2022/10/10/eternity_lilithbot_malware_bundle/ www.secnews.physaphae.fr/article.php?IdArticle=7380916 False Malware,Threat None None CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-10-10T02:00:00+00:00 https://www.csoonline.com/article/3676229/secure-web-browsers-for-the-enterprise-compared-how-to-pick-the-right-one.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7380997 False Malware None None Bleeping Computer - Magazine Américain 2022-10-09T15:26:40+00:00 https://www.bleepingcomputer.com/news/security/solana-phantom-security-update-nfts-push-password-stealing-malware/ www.secnews.physaphae.fr/article.php?IdArticle=7372553 False Malware,Guideline None None Bleeping Computer - Magazine Américain 2022-10-09T15:26:40+00:00 https://www.bleepingcomputer.com/news/security/fake-solana-phantom-security-updates-push-crypto-stealing-malware/ www.secnews.physaphae.fr/article.php?IdArticle=7385515 True Malware,Guideline None None Fortinet ThreatSignal - Harware Vendor 2022-10-07T15:31:31+00:00 https://fortiguard.fortinet.com/threat-signal-report/4795 www.secnews.physaphae.fr/article.php?IdArticle=7340348 False Ransomware,Malware None None Fortinet ThreatSignal - Harware Vendor 2022-10-07T15:31:00+00:00 https://fortiguard.fortinet.com/threat-signal-report/4794 www.secnews.physaphae.fr/article.php?IdArticle=7340349 False Malware None None IT Security Guru - Blog Sécurité 2022-10-07T13:32:40+00:00 https://www.itsecurityguru.org/2022/10/07/https-www-infosecurity-magazine-com-news-whatsapp-sues-chinese-devs-malware/?utm_source=rss&utm_medium=rss&utm_campaign=https-www-infosecurity-magazine-com-news-whatsapp-sues-chinese-devs-malware www.secnews.physaphae.fr/article.php?IdArticle=7334362 False Malware None None AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC NIST and CISA.  As you analyze what is best for your organization, consider the ever-changing threat landscape and how you plan to adjust.  The following model offers an agile approach to reducing the risk of a ransomware incident: Assess – identify gaps including people, process, and technology (where are we today?) Plan – take action to address gaps (enable measurement) Practice – test people, process, and technology (phishing, social engineering) Measure – how are we doing?  identify remaining gaps Adjust – close remaining gaps Testing is a critical to step to confirming technology, people, and process work cohesively, yet is often overlooked.  As you establish your plan, emphasize testing and measurements to ensure the desired outcomes are being obtained. Communicate with key stakeholders and align to promote a culture of awareness. The elephant in the room: To pay or not to pay: All businesses need to be prepared for “if, not when.”  Cyber criminals exploit vulnerabilities, not always a specific business.  The average time to dwell is closing in on 300 days.  Once exploited, a malicious actor can work their way to financial information.  If financial information is known, the ransom is set at our below an expected threshold.  This is critical for small and medium businesses due to limited resources and ownership having extreme emotional ties to the firm.  Malicious actors strike on the emotional vulnerability and negotiate payment based on known financials.  Establishing a plan is critical to reducing the risk of emotion driving the decision to pay. Paying a ransom is a business financial decision, like converting cash to crypto on your balance sheet. It can also be considered illegal and not an option as you effectively support terrorism. Outside of legal issues, something to consider: How much data entry must be inputted to offset from the last backup? Is this possible/feasible? Often this amount exceeds the ransom demand. What assuran]]> 2022-10-07T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/ransomware-undeniably-top-of-minc www.secnews.physaphae.fr/article.php?IdArticle=7331731 False Ransomware,Malware,Tool,Vulnerability,Threat,Guideline None None InfoSecurity Mag - InfoSecurity Magazine 2022-10-07T09:10:00+00:00 https://www.infosecurity-magazine.com/news/whatsapp-sues-chinese-devs-malware/ www.secnews.physaphae.fr/article.php?IdArticle=7331575 False Spam,Malware None None Global Security Mag - Site de news francais Malwares]]> 2022-10-07T08:55:43+00:00 http://www.globalsecuritymag.fr/Kaspersky-met-en-garde-contre-une,20221007,130880.html www.secnews.physaphae.fr/article.php?IdArticle=7330943 False Malware None None SANS Institute - SANS est un acteur de defense et formation 2022-10-07T06:21:03+00:00 https://isc.sans.edu/diary/rss/29122 www.secnews.physaphae.fr/article.php?IdArticle=7330143 False Malware None None Security Affairs - Blog Secu Researchers linked the threat actor behind the Eternity malware-as-a-service (MaaS) to a new malware strain called LilithBot. Zscaler researchers linked a recently discovered sample of a new malware called LilithBot to the Eternity group (aka EternityTeam; Eternity Project). The Eternity group operates a homonymous malware-as-a-service (MaaS), it is linked to the Russian “Jester Group,” which is […] ]]> 2022-10-07T05:02:45+00:00 https://securityaffairs.co/wordpress/136764/breaking-news/lilithbot-malware-eternity-group.html www.secnews.physaphae.fr/article.php?IdArticle=7328289 False Malware,Threat None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-10-06T18:27:00+00:00 https://thehackernews.com/2022/10/eternity-group-hackers-offering-new.html www.secnews.physaphae.fr/article.php?IdArticle=7321508 False Malware,Threat None None Dark Reading - Informationweek Branch 2022-10-06T15:15:20+00:00 https://www.darkreading.com/remote-workforce/russia-linked-cybercrime-group-hawks-combo-of-malicious-services-with-lilithbot www.secnews.physaphae.fr/article.php?IdArticle=7320326 False Malware None None TechRepublic - Security News US A new malware is causing 'Chaos,' Intel's looking to charm developers and a study from Qualtrics XM Institute reveals tech leaders' thoughts. ]]> 2022-10-06T12:44:01+00:00 https://www.techrepublic.com/article/tech-news-sept-29-oct-6/ www.secnews.physaphae.fr/article.php?IdArticle=7319123 False Malware,Guideline None None Anomali - Firm Blog ESG Research found that the MITRE ATT&CK framework has grown in popularity to the point that nearly nine in ten organizations use it today. As SOC managers look into the future, they see even greater MITRE utilization. 97% of security professionals believe that MITRE ATT&CK (and derivative projects) will be critically important to their organization’s security operations strategy. If you missed our recent webinar, here’s an excerpt on how to explain Mitre ATT&CK to executives:    Or check out our “What is the Mitre ATT&CK Framework” resource for an in-depth overview. Seeing the Big Picture with the Mitre ATT&CK Framework Breaches are inevitable. Anyone who tells you otherwise probably has a bridge for sale as well. The reality is that breaches happen—and often multiple times. Our Cybersecurity Insights report showed that no industry is safe as even with increased investment, most businesses (87%) have fallen victim to successful cyberattacks in the past three years that resulted in damage, disruption, or a breach to their businesses. As an organization’s attack surface grows, it provides more opportunities and vulnerabilities for attackers to exploit. Adversaries continuously improve their stealth and TTPs to bypass existing security controls, a reality that is forcing organizations to change how they approach threat detection and response. MITRE ATT&CK helps organizations understand the bigger picture by shifting their focus away from just looking at IP addresses and domains to one that illuminates the threat within the context of an organization’s overall cybersecurity posture. With MITRE ATTACK, organizations are creating more secure futures by detecting incoming attacks and identifying and mitigating them before they cause damage. The ATT&CK framework helps security professionals with their daily technical analyses, making them better at what they do. When used to its full potential, MITRE ATT&CK can help security executives gain better value from existing technologies, including threat intelligence platforms (TIPs), SIEMs, and other security analytics tools. Using ATT&CK to Understand Gaps ATT&CK helps organizations establish strategic visibility into gaps in controls, making it easier to prioritize security investments in people, processes, services, and solutions.  By using the MITRE ATT&CK framework to apply contextualization to security postures and controls, organiza]]> 2022-10-06T10:28:00+00:00 https://www.anomali.com/blog/getting-value-with-the-mitre-attck-framework www.secnews.physaphae.fr/article.php?IdArticle=7318116 False Malware,Vulnerability,Threat,Guideline None None