This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-06-23T20:07:42+00:00 www.secnews.physaphae.fr AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC launch their own ransomware attacks. All they need is to sign up for a RaaS platform and pay a fee (usually a percentage of the ransom they collect). RaaS is a growing threat because it makes it easy for anyone to launch attacks. Cybercriminals can target any organization, no matter its size or resources. And, because RaaS platforms typically take care of all the technical details, ransomware attacks can be launched with little effort. In the past several years, there have been a number of high-profile ransomware attacks that have made headlines. In May 2017, the WannaCry ransomware attack affected more than 200,000 computers in 150 countries. The attack caused billions of dollars in damage and disrupted critical infrastructure, such as hospitals and banks. In December 2017, the NotPetya ransomware attack hit more than 10,000 organizations in over 60 countries. The attack caused billions of dollars in damage and disrupted critical infrastructure, such as hospitals and banks. Ransomware attacks have become more sophisticated and targeted. Cybercriminals are now using RaaS platforms to launch targeted attacks against specific organizations. These attacks are often called "spear phishing" attacks because they use carefully crafted emails to trick people into clicking on malicious links or opening attachments that install ransomware on their computers. Organizations of all sizes need to be aware of the threat of ransomware and take steps to protect themselves. This includes having a robust backup and recovery plan in place in case of an attack. Internet of Things The Internet of Things (IoT) is a network of physical devices, vehicles, home appliances, and other items that are embedded with electronics, software, sensors, and connectivity enabling these objects to connect and exchange data. The IoT is a growing market with more and more devices being connected to the internet every day. However, this also creates new security risks. Because IoT devices are often connected to the internet, they can be hacked and used to launch attacks. In October 2016, a massive Distributed Denial of Service (DDoS) attack was launched against the Dyn DNS service using a network of IoT devices that had been infected with the Mirai malware. The attack caused widespread internet disruptions and took down major websites, such as Twitter and Netflix. The IoT presents a unique challenge for security because there are so many different types of devices that can be connected to the internet. Each type of device has its own security risks and vulnerabilities. And, as the number of IoT devices continues to grow, so do the opportunities for cybercriminals to exploit them. Cloud security The cloud has become an essential part of business for many organizations. It offers a number of advantages, such as flexibility, scalability, and cost savings. However, the cloud also creates new security risks. One of the biggest security risks associated with the cloud is data breaches. Because data is stored remotely on servers, it is more vulnerable to attack. In addition, cloud service providers often have access to customer data, which creates another potential point of entry for hackers. Another security risk associated with the ]]> 2022-10-06T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/7-biggest-cybersecurity-threats-of-the-21st-century www.secnews.physaphae.fr/article.php?IdArticle=7317553 False Ransomware,Malware,Threat NotPetya,NotPetya,Wannacry,Wannacry None Kaspersky - Kaspersky Research blog 2022-10-06T08:00:38+00:00 https://securelist.com/atm-pos-malware-landscape-2020-2022/107656/ www.secnews.physaphae.fr/article.php?IdArticle=7316471 False Malware,Threat None 2.0000000000000000 Security Affairs - Blog Secu Hundreds of Microsoft SQL servers all over the world have been infected with a new piece of malware tracked as Maggie. Security researchers Johann Aydinbas and Axel Wauer from the DCSO CyTec have spotted a new piece of malware, named Maggie, that has already infected over 250 Microsoft SQL servers worldwide. Most of the infected instances […] ]]> 2022-10-05T20:21:06+00:00 https://securityaffairs.co/wordpress/136693/cyber-crime/maggie-malware-microsoft-sql-server.html www.secnews.physaphae.fr/article.php?IdArticle=7310633 False Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-10-05T18:16:00+00:00 https://thehackernews.com/2022/10/experts-warn-of-new-ratmilad-android.html www.secnews.physaphae.fr/article.php?IdArticle=7306887 False Malware None None Dark Reading - Informationweek Branch 2022-10-05T13:01:39+00:00 https://www.darkreading.com/mobile/ratmilad-spyware-scurries-enterprise-android-phones www.secnews.physaphae.fr/article.php?IdArticle=7306752 False Malware None None Fortinet - Fabricant Materiel Securite 2022-10-05T12:43:00+00:00 https://www.fortinet.com/blog/threat-research/excel-document-delivers-multiple-malware-exploiting-cve-2017-11882-part-two www.secnews.physaphae.fr/article.php?IdArticle=7328428 False Malware None None Bleeping Computer - Magazine Américain 2022-10-05T12:01:06+00:00 https://www.bleepingcomputer.com/news/security/hundreds-of-microsoft-sql-servers-backdoored-with-new-malware/ www.secnews.physaphae.fr/article.php?IdArticle=7308032 False Malware None None Kaspersky - Kaspersky Research blog 2022-10-05T09:00:14+00:00 https://securelist.com/uncommon-infection-and-malware-propagation-methods/107640/ www.secnews.physaphae.fr/article.php?IdArticle=7304583 False Malware None None Bleeping Computer - Magazine Américain 2022-10-05T07:00:00+00:00 https://www.bleepingcomputer.com/news/security/new-android-malware-ratmilad-can-steal-your-data-record-audio/ www.secnews.physaphae.fr/article.php?IdArticle=7305957 False Malware None None Bleeping Computer - Magazine Américain 2022-10-04T19:08:56+00:00 https://www.bleepingcomputer.com/news/security/hackers-stole-data-from-us-defense-org-using-impacket-covalentstealer/ www.secnews.physaphae.fr/article.php?IdArticle=7306988 True Malware None None Bleeping Computer - Magazine Américain 2022-10-04T19:08:56+00:00 https://www.bleepingcomputer.com/news/security/us-govt-hackers-stole-data-from-us-defense-org-using-new-malware/ www.secnews.physaphae.fr/article.php?IdArticle=7300174 False Malware None None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence New Royal Ransomware Emerges in Multi-Million Dollar Attacks (published: September 29, 2022) AdvIntel and BleepingComputer researchers describe the Royal ransomware group. Several experienced ransomware actors formed this group in January 2022. It started with third-party encryptors such as BlackCat, switched to using its own custom Zeon ransomware, and, since the middle of September 2022, the Royal ransomware. Royal group utilizes targeted callback phishing attacks. Its phishing emails impersonating food delivery and software providers contained phone numbers to cancel the alleged subscription (after the alleged end of a free trial). If an employee calls the number, Royal uses social engineering to convince the victim to install a remote access tool, which is used to gain initial access to the corporate network. Analyst Comment: Use services such as Anomali's Premium Digital Risk Protection to detect the abuse of your brands in typosquatting and phishing attacks. Organizations should include callback phishing attacks awareness into their anti-phishing training. MITRE ATT&CK: [MITRE ATT&CK] Data Encrypted for Impact - T1486 | [MITRE ATT&CK] Phishing - T1566 Tags: actor:Royal, detection:Zeon, detection:Royal, malware-type:Ransomware, detection:BlackCat, detection:Cobalt Strike, Callback phishing attacks, Spearphishing, Social Engineering ZINC Weaponizing Open-Source Software (published: September 29, 2022) Microsoft researchers described recent developments in Lazarus Group (ZINC) campaigns that start from social engineering conversations on LinkedIn. Since June 2022, Lazarus was able to trojanize several open-source tools (KiTTY, muPDF/Subliminal Recording software installer, PuTTY, TightVNC, and Sumatra PDF Reader). When a target extracts the trojanized tool from the ISO file and installs it, Lazarus is able to deliver their custom malware such as EventHorizon and ZetaNile. In many cases, the final payload was not delivered unless the target manually established an SSH connection to an attacker-controlled IP address provided in the attached ReadMe.txt file. Analyst Comment: All known indicators connected to this recent Lazarus Group campaign are available in the Anomali platform and customers are advised to block these on their infrastructure. Researchers should monitor for the additional User Execution step required for payload delivery. Defense contractors should be aware of advanced social engineering efforts abusing LinkedIn and other means of establishing trusted communication. MITRE ATT&CK: [MITRE ATT&CK] User Execution - T1204 | [MITRE ATT&CK] Scheduled Task - T1053 | ]]> 2022-10-04T18:08:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-canceling-subscription-installs-royal-ransomware-lazarus-covinces-to-ssh-to-its-servers-polyglot-file-executed-itself-as-a-different-file-type-and-more www.secnews.physaphae.fr/article.php?IdArticle=7298043 False Ransomware,Malware,Tool,Threat,Medical APT 38 None McAfee Labs - Editeur Logiciel Malicious software, or “malware,” refers to any program designed to infect and disrupt computer systems and networks. The risks associated... ]]> 2022-10-04T17:25:40+00:00 https://www.mcafee.com/blogs/tips-tricks/a-guide-to-remove-malware-from-your-iphone/ www.secnews.physaphae.fr/article.php?IdArticle=7303534 False Malware None None Fortinet - Fabricant Materiel Securite 2022-10-04T11:56:00+00:00 https://www.fortinet.com/blog/threat-research/delivery-of-malware-phishing-campaigns-in-q3-2022 www.secnews.physaphae.fr/article.php?IdArticle=7301615 False Malware None None CISCO Talos - Cisco Research blog By Jaeson Schultz.Over the past several years, high-profile software supply chain attacks have increased in frequency. These attacks can be difficult to detect and source code repositories became a key focus of this research.Developer account takeovers present a substantial risk to the software supply chain because attackers who successfully compromise a developer account could conceal malicious code in software packages used by others.Talos analyzed several of the major software repositories to assess the level of developer account security, focusing specifically on whether developer accounts could be recovered by re-registering expired domain names and triggering password resets.Many software repositories have already begun taking steps to enhance the security of developer accounts. Talos has identified additional areas where the security of developer accounts could be improved. Talos worked with vulnerable repositories to resolve issues that we found. Software supply chain attacks, once the exclusive province of sophisticated state-sponsored attackers, have been gaining popularity recently among a broader range of cyber criminals. Attackers everywhere have realized that software supply chain attacks can be very effective, and can result in a large number of compromised victims. Software supply chain attacks more than tripled in 2021 when compared with 2020. Why are software supply chain attacks so effective? Organizations that possess solid cyber defenses may be difficult to attack directly. However, these same organizations are likely vulnerable to a software supply chain attack because they still regularly run/build software obtained from vendors who are trusted.Rather than attacking an entire software repository itself, or identifying an unpatched vulnerability in a software package, compromising the software supply chain can be as simple as attacking the accounts of the package developers and maintainers. Most software repositories track the identities of their software developers using those developers' email addresses. If a cybercriminal somehow gains access to a developer's email account, the attacker can theoretically generate password reset emails at these software repositories a]]> 2022-10-04T08:51:05+00:00 http://blog.talosintelligence.com/2022/10/developer-account-body-snatchers-pose.html www.secnews.physaphae.fr/article.php?IdArticle=7295714 False Malware,Vulnerability None None TrendMicro - Security Firm Blog 2022-10-04T00:00:00+00:00 https://www.trendmicro.com/en_us/research/22/j/tracking-earth-aughiskys-malware-and-changes.html www.secnews.physaphae.fr/article.php?IdArticle=7295108 False Malware None None Dark Reading - Informationweek Branch 2022-10-03T20:56:00+00:00 https://www.darkreading.com/attacks-breaches/bumblebee-malware-loader-s-payloads-significantly-vary-by-victim-system www.secnews.physaphae.fr/article.php?IdArticle=7290820 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-10-03T20:05:00+00:00 https://thehackernews.com/2022/10/comm100-chat-provider-hijacked-to.html www.secnews.physaphae.fr/article.php?IdArticle=7292666 False Malware,Threat None None Fortinet - Fabricant Materiel Securite 2022-10-03T14:50:00+00:00 https://www.fortinet.com/blog/threat-research/leveraging-microsoft-office-documents-to-deliver-agent-tesla-and-njrat www.secnews.physaphae.fr/article.php?IdArticle=7292748 False Malware None None 01net. Actualites - Securite - Magazine Francais Les pirates du groupe Witchetty utilisent la stéganographie pour cacher leur programme malveillant, comme l'ont découvert les chercheurs en sécurité de la société Symantec Enterprise. L'article Attention : ce logo de Windows peut contenir un dangereux malware est à retrouver sur 01net.com.]]> 2022-10-03T14:33:10+00:00 https://www.01net.com/actualites/attention-ce-logo-de-windows-peut-contenir-un-dangereux-malware.html www.secnews.physaphae.fr/article.php?IdArticle=7287998 False Malware None None Bleeping Computer - Magazine Américain 2022-10-03T13:58:56+00:00 https://www.bleepingcomputer.com/news/security/live-support-service-hacked-to-spread-malware-in-supply-chain-attack/ www.secnews.physaphae.fr/article.php?IdArticle=7289758 False Malware None None The Register - Site journalistique Anglais 2022-10-03T10:00:10+00:00 https://go.theregister.com/feed/www.theregister.com/2022/10/03/ibm_incident_reponder_survey/ www.secnews.physaphae.fr/article.php?IdArticle=7286050 False Ransomware,Malware None None CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-10-03T08:42:00+00:00 https://www.csoonline.com/article/3675539/liveaction-adds-new-soc-focused-features-to-threateye-ndr-platform.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7288626 False Malware,Threat None None Korben - Bloger francais Suite]]> 2022-10-03T07:00:00+00:00 https://korben.info/rustdeck-clone-gratuit-team-viewer.html www.secnews.physaphae.fr/article.php?IdArticle=7292833 False Malware None None Fortinet ThreatSignal - Harware Vendor 2022-10-02T22:04:17+00:00 https://fortiguard.fortinet.com/threat-signal-report/4093 www.secnews.physaphae.fr/article.php?IdArticle=7284043 False Ransomware,Malware,Threat None None Fortinet ThreatSignal - Harware Vendor 2022-10-02T22:02:34+00:00 https://fortiguard.fortinet.com/threat-signal-report/4198 www.secnews.physaphae.fr/article.php?IdArticle=7284045 False Ransomware,Malware,Threat None None The Register - Site journalistique Anglais 2022-10-02T08:47:05+00:00 https://go.theregister.com/feed/www.theregister.com/2022/10/02/in-brief-security/ www.secnews.physaphae.fr/article.php?IdArticle=7266271 False Ransomware,Malware None None SecureMac - Security focused on MAC Apple is helping to end CAPTCHAs with Private Access Tokens; the dangers of login fatigue; and malware in the App Store! ]]> 2022-10-01T14:30:00+00:00 https://www.securemac.com/checklist/checklist-297-avoiding-captcha www.secnews.physaphae.fr/article.php?IdArticle=7249218 False Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-09-30T20:12:00+00:00 https://thehackernews.com/2022/09/new-malware-families-found-targeting.html www.secnews.physaphae.fr/article.php?IdArticle=7225691 False Malware,Threat None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-09-30T17:22:00+00:00 https://thehackernews.com/2022/09/cyber-attacks-against-middle-east.html www.secnews.physaphae.fr/article.php?IdArticle=7224733 False Malware,Threat None None CISCO Talos - Cisco Research blog Cisco Talos has released new coverage to detect and prevent the exploitation of two recently disclosed vulnerabilities collectively referred to as "ProxyNotShell," affecting Microsoft Exchange Servers 2013, 2016 and 2019. One of these vulnerabilities could allow an attacker to execute remote code on the targeted server. Limited exploitation of these vulnerabilities in the wild has been reported. CVE-2022-41040 is a Server Side Request Forgery (SSRF) vulnerability, while CVE-2022-41082 enables Remote Code Execution (RCE) when PowerShell is accessible to the attackers. While no fixes or patches are available yet, Microsoft has provided mitigations for on-premises Microsoft Exchange users on Sept. 29, 2022. Even organizations that use Exchange Online may still be affected if they run a hybrid server. Cisco Talos is closely monitoring the recent reports of exploitation attempts against these vulnerabilities and strongly recommends users implement mitigation steps while waiting for security patches for these vulnerabilities. Exchange vulnerabilities have become increasingly popular with threat actors, as they can provide initial access to network environments and are often used to facilitate more effective phishing and malspam campaigns. The Hafnium threat actor exploited several zero-day vulnerabilities in Exchange Server in 2021 to deliver ransomware, and Cisco Talos Incident Response reported that the exploitation of Exchange Server issues was one of the four attacks they saw most often last year.Vulnerability details and ongoing exploitationExploit requests for these vulnerabilities look similar to previously discovered ProxyShell exploitation attempts:autodiscover/autodiscover.json?@evil.com/&Email=autodiscover/autodiscover.json%3f@evil.comSuccessful exploitation of the vulnerabilities observed in the wild leads to preliminary information-gathering operations and the persistence of WebShells for continued access to compromised servers. Open-source reporting indicates that webShells such as Antsword, a popular Chinese language-based open-source webshell, SharPyShell an ASP.NET-based webshell and China Chopper have been deployed on compromised systems consisting of the following artifacts:C:\inetpub\wwwroot\aspnet_client\Xml.ashxC:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\owa\auth\errorEE.aspxC:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\owa\auth\pxh4HG1v.ashxC:\Program Files\Microsoft\Exchange Server\V15]]> 2022-09-30T17:16:47+00:00 http://blog.talosintelligence.com/2022/09/threat-advisory-exchange-server-vulns.html www.secnews.physaphae.fr/article.php?IdArticle=7232588 False Malware,Threat,Guideline None None InfoSecurity Mag - InfoSecurity Magazine 2022-09-30T17:02:00+00:00 https://www.infosecurity-magazine.com/news/hackers-target-middle-east-via/ www.secnews.physaphae.fr/article.php?IdArticle=7227736 False Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-09-30T15:50:00+00:00 https://thehackernews.com/2022/09/new-malware-campaign-targeting-job.html www.secnews.physaphae.fr/article.php?IdArticle=7222828 False Malware None None InformationSecurityBuzzNews - Site de News Securite 2022-09-30T13:15:12+00:00 https://informationsecuritybuzz.com/expert-comments/new-botnet-chaos-targeting-linux-windows-systems/ www.secnews.physaphae.fr/article.php?IdArticle=7224701 False Malware None None CSO - CSO Daily Dashboard According to researchers from Mandiant who found and analyzed the backdoors, they were packaged and deployed on infected servers as vSphere Installation Bundles (VIBs). VIBs are software packages used to distribute components that extend VMware ESXi functionality. The malicious VIBs provided hackers with remote command execution and persistence capabilities on the servers and the ability to execute commands on the guest virtual machines running on the servers.To read this article in full, please click here]]> 2022-09-30T13:12:00+00:00 https://www.csoonline.com/article/3675555/cyberespionage-group-developed-backdoors-tailored-for-vmware-esxi-hypervisors.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7231471 False Malware None None Global Security Mag - Site de news francais Malwares]]> 2022-09-30T12:37:27+00:00 http://www.globalsecuritymag.fr/Prilex-un-groupe-malveillant,20220930,130550.html www.secnews.physaphae.fr/article.php?IdArticle=7223938 False Malware None 4.0000000000000000 Security Affairs - Blog Secu Researchers from Mandiant have discovered a novel malware persistence technique within VMware ESXi Hypervisors. Mandiant detailed a novel technique used by malware authors to achieve administrative access within VMware ESXi Hypervisors and take over vCenter servers and virtual machines for Windows and Linux to perform the following actions: Send commands to the hypervisor that will […] ]]> 2022-09-30T05:17:30+00:00 https://securityaffairs.co/wordpress/136408/hacking/vmware-esxi-hypervisors-malware.html www.secnews.physaphae.fr/article.php?IdArticle=7217278 False Malware None None TechRepublic - Security News US A new malware named Chaos raises concerns as it spreads on multiple architectures and operating systems. ]]> 2022-09-29T21:37:02+00:00 https://www.techrepublic.com/article/new-chaos-malware-spreads-multiple-architectures/ www.secnews.physaphae.fr/article.php?IdArticle=7209755 False Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-09-29T19:45:00+00:00 https://thehackernews.com/2022/09/brazilian-prilex-hackers-resurfaced.html www.secnews.physaphae.fr/article.php?IdArticle=7202880 False Malware,Threat None None Bleeping Computer - Magazine Américain 2022-09-29T17:14:07+00:00 https://www.bleepingcomputer.com/news/security/hacking-group-hides-backdoor-malware-inside-windows-logo-image/ www.secnews.physaphae.fr/article.php?IdArticle=7209564 False Malware None None SecurityWeek - Security News 2022-09-29T17:05:59+00:00 https://www.securityweek.com/north-korean-gov-hackers-caught-rigging-legit-software www.secnews.physaphae.fr/article.php?IdArticle=7207542 False Malware None None Fortinet ThreatSignal - Harware Vendor 2022-09-29T15:50:23+00:00 https://fortiguard.fortinet.com/threat-signal-report/4774 www.secnews.physaphae.fr/article.php?IdArticle=7210482 False Ransomware,Malware,Vulnerability None None The Register - Site journalistique Anglais 2022-09-29T13:00:09+00:00 https://go.theregister.com/feed/www.theregister.com/2022/09/29/vmware_malware_mandiant/ www.secnews.physaphae.fr/article.php?IdArticle=7201007 False Malware None None Checkpoint - Fabricant Materiel Securite Customers can now learn Malware Analysis and Threat Hunting using Memory Forensics from the author of the best selling book and the Black Hat Trainer Monnappa K.A MIND – Check Point Software's learning & Training organization announced a new partnership with training vendor Monnappa K.A, providing customer and partners the ability to advance their skills… ]]> 2022-09-29T11:00:25+00:00 https://blog.checkpoint.com/2022/09/29/check-point-mind-announces-new-partnership-with-training-vendor-monnappa-k-a/ www.secnews.physaphae.fr/article.php?IdArticle=7199175 False Malware,Threat None None Bleeping Computer - Magazine Américain 2022-09-29T09:00:18+00:00 https://www.bleepingcomputer.com/news/security/new-malware-backdoors-vmware-esxi-servers-to-hijack-virtual-machines/ www.secnews.physaphae.fr/article.php?IdArticle=7201134 False Malware None None Mandiant - Blog Sécu de Mandiant partie la première , nous avons couvert les attaquants \\«Utilisation de malveillants paquets d'installation vsphere (« vibs ») à installerPlusieurs déroges sur les hyperviseurs ESXi, en se concentrant sur les logiciels malveillants présents dans les charges utiles VIB.Dans cet épisode, nous continuerons à élaborer davantage sur d'autres actions de l'attaquant telles que les horodomages, à décrire les méthodologies de détection ESXi pour vider la mémoire du processus et effectuer des scans YARA, et discuter de la façon de durcir davantage les hyperviseurs pour minimiser la surface d'attaque des hôtes ESXi.Pour plus de détails, VMware a publié Informations supplémentaires sur la protection de vsphere . Loggation ESXi les deux

---

In part one, we covered attackers\' usage of malicious vSphere Installation Bundles (“VIBs”) to install multiple backdoors across ESXi hypervisors, focusing on the malware present within the VIB payloads. In this installment, we will continue to elaborate further on other attacker actions such as timestomping, describe ESXi detection methodologies to dump process memory and perform YARA scans, and discuss how to further harden hypervisors to minimize the attack surface of ESXi hosts. For more details, VMware has released additional information on protecting vSphere.  ESXI Logging Both]]> 2022-09-29T08:01:00+00:00 https://www.mandiant.com/resources/blog/esxi-hypervisors-detection-hardening www.secnews.physaphae.fr/article.php?IdArticle=8377427 False Malware None 3.0000000000000000 Mandiant - Blog Sécu de Mandiant ne prends généralement pas en charge EDR tels que les appareils réseau, les tableaux SAN et les serveurs ESXi VMware. Plus tôt cette année, Mandiant a identifié un nouvel écosystème de logiciels malveillants ayant un impact sur VMware ESXi, les serveurs Linux VCenter et les machines virtuelles Windows qui permet à un acteur de menace de prendre les actions suivantes: Maintenir un accès administratif persistant à l'hyperviseur Envoyez des commandes au

---

As endpoint detection and response (EDR) solutions improve malware detection efficacy on Windows systems, certain state-sponsored threat actors have shifted to developing and deploying malware on systems that do not generally support EDR such as network appliances, SAN arrays, and VMware ESXi servers. Earlier this year, Mandiant identified a novel malware ecosystem impacting VMware ESXi, Linux vCenter servers, and Windows virtual machines that enables a threat actor to take the following actions: Maintain persistent administrative access to the hypervisor Send commands to the]]> 2022-09-29T08:00:00+00:00 https://www.mandiant.com/resources/blog/esxi-hypervisors-malware-persistence www.secnews.physaphae.fr/article.php?IdArticle=8377425 False Malware,Threat None 3.0000000000000000 Security Affairs - Blog Secu A new multifunctional Go-based malware dubbed Chaos is targeting both Windows and Linux systems, experts warn. Researchers from Black Lotus Labs at Lumen Technologies, recently uncovered a multifunctional Go-based malware that was developed to target devices based on multiple architectures, including Windows and Linux. The malicious code was developed to target a broad range of devices, […] ]]> 2022-09-29T07:28:01+00:00 https://securityaffairs.co/wordpress/136384/malware/chaos-malware-windows-linux.html www.secnews.physaphae.fr/article.php?IdArticle=7196491 False Malware None None Bleeping Computer - Magazine Américain 2022-09-29T03:05:27+00:00 https://www.bleepingcomputer.com/news/security/upgraded-prilex-point-of-sale-malware-bypasses-credit-card-security/ www.secnews.physaphae.fr/article.php?IdArticle=7201135 False Malware None None Ars Technica - Risk Assessment Security Hacktivism 2022-09-28T23:48:03+00:00 https://arstechnica.com/?p=1885478 www.secnews.physaphae.fr/article.php?IdArticle=7190000 False Malware None None Malwarebytes Labs - MalwarebytesLabs Categories: NewsTags: APT28 Tags: Fancy Bear Tags: PowerPoint Tags: PowerShell Tags: One Drive Tags: SyncAppvPublishingServer The Russian APT known as Fancy Bear was caught using an old mouseover technique that doesn't need macros (Read more...) ]]> 2022-09-28T21:15:00+00:00 https://www.malwarebytes.com/blog/news/2022/09/powerpoint-mouseover-triggers-powershell-script-for-malware-delivery www.secnews.physaphae.fr/article.php?IdArticle=7189077 False Malware APT 28 None Dark Reading - Informationweek Branch 2022-09-28T20:59:09+00:00 https://www.darkreading.com/attacks-breaches/sophisticated-cyberattack-campaign-targets-defense-contractors www.secnews.physaphae.fr/article.php?IdArticle=7186706 False Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-09-28T19:30:00+00:00 https://thehackernews.com/2022/09/researchers-warn-of-new-go-based.html www.secnews.physaphae.fr/article.php?IdArticle=7179496 False Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-09-28T18:06:00+00:00 https://thehackernews.com/2022/09/cyber-criminals-using-quantum-builder.html www.secnews.physaphae.fr/article.php?IdArticle=7179497 False Malware None None The Register - Site journalistique Anglais 2022-09-28T17:00:07+00:00 https://go.theregister.com/feed/www.theregister.com/2022/09/28/quantum_builder_agent_tesla_rat/ www.secnews.physaphae.fr/article.php?IdArticle=7182178 False Malware,Tool None None InfoSecurity Mag - InfoSecurity Magazine 2022-09-28T17:00:00+00:00 https://www.infosecurity-magazine.com/news/malware-volume-down-encrypted/ www.secnews.physaphae.fr/article.php?IdArticle=7182372 False Malware,Threat None None Dark Reading - Informationweek Branch 2022-09-28T16:12:09+00:00 https://www.darkreading.com/attacks-breaches/chaos-malware-resurfaces-go-based-ddos-cryptomining-threat www.secnews.physaphae.fr/article.php?IdArticle=7182081 False Ransomware,Malware None None Security Affairs - Blog Secu The recently discovered malware builder Quantum Builder is being used by threat actors to deliver the Agent Tesla RAT. A recently discovered malware builder called Quantum Builder is being used to deliver the Agent Tesla remote access trojan (RAT), Zscaler ThreatLabz researchers warn. “Quantum Builder (aka “Quantum Lnk Builder”) is used to create malicious shortcut […] ]]> 2022-09-28T15:43:32+00:00 https://securityaffairs.co/wordpress/136370/uncategorized/quantum-builder-agent-tesla-rat.html www.secnews.physaphae.fr/article.php?IdArticle=7181400 False Malware,Threat None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-09-28T15:39:00+00:00 https://thehackernews.com/2022/09/hackers-using-powerpoint-mouseover.html www.secnews.physaphae.fr/article.php?IdArticle=7176862 False Malware,Threat APT 28 3.0000000000000000 Security Affairs - Blog Secu The Russia-linked APT28 group is using mouse movement in decoy Microsoft PowerPoint documents to distribute malware. The Russia-linked APT28 employed a technique relying on mouse movement in decoy Microsoft PowerPoint documents to deploy malware, researchers from Cluster25 reported. Cluster25 researchers were analyzing a lure PowerPoint document used to deliver a variant of Graphite malware, which is known to be used […] ]]> 2022-09-28T13:47:10+00:00 https://securityaffairs.co/wordpress/136358/apt/apt28-powerpoint-mouseover-technique.html www.secnews.physaphae.fr/article.php?IdArticle=7179609 False Malware APT 28 None Bleeping Computer - Magazine Américain 2022-09-28T11:22:22+00:00 https://www.bleepingcomputer.com/news/security/new-chaos-malware-infects-windows-linux-devices-for-ddos-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=7181380 False Malware None None Malwarebytes Labs - MalwarebytesLabs Categories: NewsTags: erbium Tags: malware Tags: data theft Tags: stealer Tags: wallets Tags: cryptocurrency Tags: browsers Tags: browser Tags: infection Tags: malware as a service We take a look at reports of new data theft malware relying on sold old tricks (Read more...) ]]> 2022-09-28T10:30:00+00:00 https://www.malwarebytes.com/blog/news/2022/09/increasingly-popular-erbium-stealer-on-the-hunt-for-data www.secnews.physaphae.fr/article.php?IdArticle=7189079 False Malware None None AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC AT&T Managed Extended Detection and Response customers. Executive summary The Mirai botnet is infamous for the impact and the everlasting effect it has had on the world. Since the inception and discovery of this malware in 2016, to present day and all the permutations that have spawned as a result, cybersecurity professionals have been keeping a keen eye on this form of Command and Control (C2 or CnC) malware and associated addresses. The botnet malware utilizes malicious IP addresses that serve as intermediaries between compromised hosts and the central command server, which can use a wide range of Technique’s, Tactics, and Procedures (TTP’s) to deliver a payload in line with the malicious actor's goals. Recently, one of these malicious IP addresses reached out to an asset in an organization over port 22 and created an unmitigated Secure Shell (SSH) session to the company's file server, a breach that was mitigated by the security best practices of this company preventing any follow up or lateral movement in the environment. This breach ultimately resulted in the IP getting blocklisted and stopped due to a healthy security posture that prevented malicious pivoting or exploitation. Investigation Initial alarm review Indicators of Compromise (IOC) The alarm initially came in due to an inbound connection from a known malicious IP as reported by the Open Threat Exchange (OTX) pulse related to Mirai botnet activity. OTX is open source threat sharing platform that contains a wide variety of Indicators of Compromise (IOC’s) that leverage user submitted data and the collective cybersecurity world to form an ever-evolving threat landscape. The evidenced corresponding action ‘InboundConnectionAccepted’ is self-explanatory in that the connection was not mitigated and there was communication taking place over port 22. The associated event further detailed this inbound connection with the initiating processes, logged on user, and process parents. This revealed that the affected asset is a fileserver managed by SolarWinds software and it was likely this inbound connection was accepted in part due to typical network behavior and stateful firewall rules. Expanded investigation Events search C2 activity typically utilizes positive feedback to gain persistence, relying on some sort of beacon placed in the victim’s environment that lets the attacker know there is a device or network ready for command execution. After seeing a successful connection occur with the malicious IP, the next step was to determine if the malicious IP address had further infiltrated the environment or attempted any lateral movement. A thorough search in the instance showed only the single referenced event as it pertains to the malicious IP however, the contextual events surrounding this successful connection corroborate attempted C2 activity. Event deep dive A further look into the event associated with the alarm shows that this is a fileserver utilizing Serv-U.exe, a File Transfer Protocol (FTP) software created by SolarWinds. The destination port 22 successfully hosted communication with the malicious IP and appears to have been automatically proxied by the software, which could also contribute to the reason this connection was accepte]]> 2022-09-28T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/stories-from-the-soc-c2-over-port-22 www.secnews.physaphae.fr/article.php?IdArticle=7176315 False Malware,Tool,Threat None None CISCO Talos - Cisco Research blog By Chetan Raghuprasad and Vanja Svajcer. Cisco Talos discovered a malicious campaign in August 2022 delivering Cobalt Strike beacons that could be used in later, follow-on attacks.Lure themes in the phishing documents in this campaign are related to the job details of a government organization in the United States and a trade union in New Zealand. The attack involves a multistage and modular infection chain with fileless, malicious scripts. Cisco Talos recently discovered a malicious campaign with a modularised attack technique to deliver Cobalt Strike beacons on infected endpoints. The initial vector of this attack is a phishing email with a malicious Microsoft Word document attachment containing an exploit that attempts to exploit the vulnerability CVE-2017-0199, a remote code execution issue in Microsoft Office. If a victim opens the maldoc, it downloads a malicious Word document template hosted on an attacker-controlled Bitbucket repository. Talos discovered two attack methodologies employed by the attacker in this campaign: One in which the downloaded DOTM template executes an embedded malicious Visual Basic script, which leads to the generation and execution of other obfuscated VB and PowerShell scripts and another that involves the malicious VB downloading and running a Windows executable that executes malicious PowerShell commands to download and implant the payload. The payload discovered is a leaked version of a Cobalt Strike beacon. The beacon configuration contains commands to perform targeted process injection of arbitrary binaries and has a high reputation domain configured, exhibiting the redirection technique to masquerade the beacon's traffic. Although the payload discovered in this campaign is a Cobalt Strike beacon, Talos also observed usage of the Redline information-stealer and Amadey botnet executables as payloads. This campaign is a typical example of a threat actor using the technique of generating and executing malicious scripts in the victim's system memory. Defenders should implement behavioral protection capabilities in the organization's defense to effectively protect them against fileless threats. Organizations should be constantly vigilant on the Cobalt Strike beacons and implement layered defense capabilities to thwart the attacker's attempts in the earlier stage of the attack's infection chain. Initial vectorThe initial infection email is themed to entice the recipient to review the attached Word document and provide some of their personal information. Initial malicious email message.The maldocs have lures containing text related to the collection of personally identifiable information (PII) which is used to determ]]> 2022-09-28T08:18:45+00:00 http://blog.talosintelligence.com/2022/09/new-campaign-uses-government-union.html www.secnews.physaphae.fr/article.php?IdArticle=7178779 False Malware,Vulnerability,Threat,Guideline None None CSO - CSO Daily Dashboard Addressing Russian cyber activity this year, Cameron stated that, while we have not seen the “cyber-Armageddon” some predicted, there has been a “very significant conflict in cyberspace – probably the most sustained and intensive cyber campaign on record – with the Russian State launching a series of major cyberattacks in support of their illegal invasion in February.”To read this article in full, please click here]]> 2022-09-28T08:03:00+00:00 https://www.csoonline.com/article/3674871/ncsc-chief-warns-uk-organizations-ukraine-s-allies-of-possible-massive-cyberattacks-by-russia.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7181346 False Malware None None AhnLab - Korean Security Firm The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from September 19th, 2022 (Monday) to September 25th, 2022 (Sunday). For the main category, info-stealer ranked top with 51.3%, followed by backdoor with 21.1%, downloader with 17.2%, and ransomware with 10.3%. Top 1 – Agent Tesla AgentTesla is an infostealer that ranked first place with 20.7%. It is an info-stealer that leaks user credentials saved... ]]> 2022-09-28T04:06:47+00:00 https://asec.ahnlab.com/en/39370/ www.secnews.physaphae.fr/article.php?IdArticle=7171546 True Ransomware,Malware None None AhnLab - Korean Security Firm The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from September 12th, 2022 (Monday) to September 18th, 2022 (Sunday). For the main category, info-stealer ranked top with 41.5%, followed by downloader with 27.5%, backdoor with 19.9%, ransomware with 8.2%, and banking malware with 2.9%. Top 1 – AgentTesla AgentTesla is an infostealer that ranked first place with 18.1%. It is an info-stealer that... ]]> 2022-09-28T03:39:14+00:00 https://asec.ahnlab.com/en/39332/ www.secnews.physaphae.fr/article.php?IdArticle=7170701 True Ransomware,Malware None None WatchGuard - Fabricant Matériel et Logiciels 2022-09-28T00:00:00+00:00 https://www.watchguard.com/fr/wgrd-news/press-releases/rapport-watchguard-le-volume-general-dattaques-de-malware-est-en-baisse www.secnews.physaphae.fr/article.php?IdArticle=8393226 False Malware,Threat None 2.0000000000000000 Security Affairs - Blog Secu North Korea-linked Lazarus APT group is targeting macOS Users searching for jobs in the cryptocurrency industry. North Korea-linked Lazarus APT group continues to target macOS with a malware campaign using job opportunities as a lure. The attackers aimed at stealing credentials for the victims’ wallets. Last week, SentinelOne researchers discovered a decoy documents advertising positions […] ]]> 2022-09-27T20:39:33+00:00 https://securityaffairs.co/wordpress/136297/apt/lazarus-apt-targeting-macos.html www.secnews.physaphae.fr/article.php?IdArticle=7164732 False Malware APT 38 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-09-27T18:49:00+00:00 https://thehackernews.com/2022/09/new-nullmixer-malware-campaign-stealing.html www.secnews.physaphae.fr/article.php?IdArticle=7159833 False Malware None None SecurityWeek - Security News 2022-09-27T18:44:39+00:00 https://www.securityweek.com/researchers-crowdsourcing-effort-identify-mysterious-metador-apt www.secnews.physaphae.fr/article.php?IdArticle=7163759 False Malware,Threat None None Bleeping Computer - Magazine Américain 2022-09-27T17:08:49+00:00 https://www.bleepingcomputer.com/news/security/new-nullmixer-dropper-infects-your-pc-with-a-dozen-malware-families/ www.secnews.physaphae.fr/article.php?IdArticle=7165562 False Malware None None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence A Multimillion Dollar Global Online Credit Card Scam Uncovered (published: September 23, 2022) ReasonLabs researchers discovered a large network of fake dating and customer support websites involved in credit card fraud operations. The threat actor builds a basic website, registers it with a payment processor (RocketGate), buys credit card data from other threat actors, and subscribes victims to monthly charging plans. The US was the most targeted, and a lower number of sites were targeting France. To pass the processor checks and lower the number of charge-backs the actor avoided test charges, used a generic billing name, charged only a small, typical for the industry payment, and hired a legitimate support center provider, providing effortless canceling and returning of the payment. Analyst Comment: Users are advised to regularly check their bank statements and dispute fraudulent charges. Researchers can identify a fraudulent website by overwhelming dominance of direct-traffic visitors from a single country, small network of fake profiles, and physical address typed on a picture to avoid indexing. Tags: Credit card, Fraud, Scam, Chargeback, Payment processor, Fake dating site, USA, target-country:US, France, target-country:FR, target-sector:Finance NAICS 52 Malicious OAuth Applications Used to Compromise Email Servers and Spread Spam (published: September 22, 2022) Microsoft researchers described a relatively stealthy abuse of a compromised Exchange server used to send fraud spam emails. After using valid credentials to get access, the actor deployed a malicious OAuth application, gave it admin privileges and used it to change Exchange settings. The first modification created a new inbound connector allowing mails from certain actor IPs to flow through the victim’s Exchange server and look like they originated from the compromised Exchange domain. Second, 12 new transport rules were set to delete certain anti-spam email headers. Analyst Comment: If you manage an Exchange server, strengthen account credentials and enable multifactor authentication. Investigate if receiving alerts regarding suspicious email sending and removal of antispam header. MITRE ATT&CK: [MITRE ATT&CK] Valid Accounts - T1078 | [MITRE ATT&CK] Indicator Removal on Host - T1070 Tags: Exchange, Microsoft, PowerShell, Inbound connector, Transport rule, Fraud, Spam NFT Malware Gets New Evasion Abilities (published: September 22, 2022) Morphisec researchers describe a campaign targeting non-fungible token (NFT) communities since November 2020. A malicious link is being sent via Discord or other forum private phishing message related to an NFT or financial opportunity. If the user ]]> 2022-09-27T16:51:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-sandworm-uses-html-smuggling-and-commodity-rats-blackcat-ransomware-adds-new-features-domain-shadowing-is-rarely-detected-and-more www.secnews.physaphae.fr/article.php?IdArticle=7161515 False Ransomware,Spam,Malware,Tool,Threat None None InfoSecurity Mag - InfoSecurity Magazine 2022-09-27T15:00:00+00:00 https://www.infosecurity-magazine.com/news/microsoft-sway-phishing-and/ www.secnews.physaphae.fr/article.php?IdArticle=7160467 False Malware None None Bleeping Computer - Magazine Américain 2022-09-27T14:55:43+00:00 https://www.bleepingcomputer.com/news/security/lazarus-hackers-drop-macos-malware-via-cryptocom-job-offers/ www.secnews.physaphae.fr/article.php?IdArticle=7163019 False Malware,Hack APT 38 None SecurityWeek - Security News 2022-09-27T13:24:21+00:00 https://www.securityweek.com/new-infostealer-malware-erbium-offered-maas-thousands-dollars www.secnews.physaphae.fr/article.php?IdArticle=7160739 False Malware,Threat None None Security Affairs - Blog Secu The recently discovered Erbium information-stealer is being distributed as fake cracks and cheats for popular video games. Threat actors behind the new ‘Erbium’ information-stealing malware are distributing it as fake cracks and cheats for popular video games to steal victims’ credentials and cryptocurrency wallets. The Erbium info-stealing malware was first spotted by researchers at threat […] ]]> 2022-09-27T09:40:39+00:00 https://securityaffairs.co/wordpress/136285/malware/erbium-info-stealing-malware.html www.secnews.physaphae.fr/article.php?IdArticle=7158257 True Malware,Threat None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-09-26T16:03:00+00:00 https://thehackernews.com/2022/09/blackcat-ransomware-attackers-spotted.html www.secnews.physaphae.fr/article.php?IdArticle=7149017 False Ransomware,Malware None None Bleeping Computer - Magazine Américain 2022-09-26T15:54:17+00:00 https://www.bleepingcomputer.com/news/security/new-erbium-password-stealing-malware-spreads-as-game-cracks-cheats/ www.secnews.physaphae.fr/article.php?IdArticle=7153339 False Malware None None InfoSecurity Mag - InfoSecurity Magazine 2022-09-26T15:00:00+00:00 https://www.infosecurity-magazine.com/news/nullmixer-and-seo-to-spread-malware/ www.secnews.physaphae.fr/article.php?IdArticle=7150587 False Malware None None Bleeping Computer - Magazine Américain 2022-09-26T14:40:47+00:00 https://www.bleepingcomputer.com/news/security/hackers-use-powerpoint-files-for-mouseover-malware-delivery/ www.secnews.physaphae.fr/article.php?IdArticle=7152615 False Malware None None knowbe4 - cybersecurity services According to nearly every study conducted over the last decade, social engineering is involved in the vast majority of cyber attacks. The figures range from about 30% to 90% of all hacking and malware attacks. There is no other root exploitation cause that organizations can focus on mitigating that would decrease cybersecurity risk more.]]> 2022-09-26T12:00:00+00:00 https://blog.knowbe4.com/you-need-aggressive-cybersecurity-training www.secnews.physaphae.fr/article.php?IdArticle=7149233 False Malware None None Security Affairs - Blog Secu Ransomware operators switch to new extortion tactics by using the Exmatter malware and adding new data corruption functionality. The data extortion landscape is constantly evolving and threat actors are devising new extortion techniques, this is the case of threat actors using the Exmatter malware. Cyderes Special Operations and Stairwell Threat Research researchers spotted a sample […] ]]> 2022-09-26T06:22:16+00:00 https://securityaffairs.co/wordpress/136226/cyber-crime/exmatter-tool-shift-extortion-tactics.html www.secnews.physaphae.fr/article.php?IdArticle=7146767 False Malware,Tool,Threat None None Bleeping Computer - Magazine Américain 2022-09-25T11:14:27+00:00 https://www.bleepingcomputer.com/news/security/ransomware-data-theft-tool-may-show-a-shift-in-extortion-tactics/ www.secnews.physaphae.fr/article.php?IdArticle=7151252 False Ransomware,Malware,Tool None None The Register - Site journalistique Anglais 2022-09-25T08:50:14+00:00 https://go.theregister.com/feed/www.theregister.com/2022/09/25/noberus_ransomware_symantec/ www.secnews.physaphae.fr/article.php?IdArticle=7127058 False Ransomware,Malware None None CVE Liste - Common Vulnerability Exposure 2022-09-23T14:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3144 www.secnews.physaphae.fr/article.php?IdArticle=7085978 False Malware None None CSO - CSO Daily Dashboard a new report. "The threat actors used blog post titles that an individual would search for whose organization may be of interest to a foreign intelligence service e.g., 'Confidentiality Agreement for Interpreters.' The Threat Intel Team discovered the threat actors highly likely created 192 blog posts on one site."To read this article in full, please click here]]> 2022-09-23T13:42:00+00:00 https://www.csoonline.com/article/3674791/seo-poisoning-campaign-directs-search-engine-visitors-from-multiple-industries-to-javascript-malwar.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7089429 False Malware,Threat,Guideline None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-09-23T12:45:00+00:00 https://thehackernews.com/2022/09/fake-indian-banking-rewards-apps.html www.secnews.physaphae.fr/article.php?IdArticle=7078241 True Malware None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine 2022-09-23T09:30:00+00:00 https://www.infosecurity-magazine.com/news/sevenyear-mobile-campaign-targets/ www.secnews.physaphae.fr/article.php?IdArticle=7079317 False Malware None None SANS Institute - SANS est un acteur de defense et formation 1];, the very popular communication tool used daily by millions of people (me too). Security researchers found that Teams storesÂ; ;session tokens in clear text on the file system. I wonâ;€;™;t discuss the vulnerability here; read the blog post if you want to learn more. The critical element is that once the token has been stolen, an attacker can impersonate the user. ]]> 2022-09-23T08:41:43+00:00 https://isc.sans.edu/diary/rss/29082 www.secnews.physaphae.fr/article.php?IdArticle=7079171 False Malware,Tool,Vulnerability None None AhnLab - Korean Security Firm The ASEC analysis team is constantly monitoring malware distributed to vulnerable MS-SQL servers. The analysis team has recently discovered the distribution of FARGO ransomware that is targeting vulnerable MS-SQL servers. Along with GlobeImposter, FARGO is one of the prominent ransomware that targets vulnerable MS-SQL servers. In the past, it was also called the Mallox because it used the file extension .mallox. – [ASEC Blog] Cobalt Strike Being Distributed to Vulnerable MS-SQL Servers– [ASEC Blog] Cobalt Strike Being Distributed to Vulnerable MS-SQL Servers... ]]> 2022-09-23T00:14:52+00:00 https://asec.ahnlab.com/en/39152/ www.secnews.physaphae.fr/article.php?IdArticle=7071026 False Ransomware,Malware None None The Register - Site journalistique Anglais 2022-09-22T13:45:08+00:00 https://go.theregister.com/feed/www.theregister.com/2022/09/22/zoom_malware_infosteal_cyble/ www.secnews.physaphae.fr/article.php?IdArticle=7061463 False Malware None None Security Intelligence - Site de news Américain 2022-09-22T13:00:00+00:00 https://securityintelligence.com/articles/follina-vulnerability-abandon-microsoft-office/ www.secnews.physaphae.fr/article.php?IdArticle=7062521 False Malware,Vulnerability None None Malwarebytes Labs - MalwarebytesLabs Categories: NewsTags: 2k games Tags: redline Tags: support Tags: The 2K games support helpdesk was abused to mail a link to download the RedLine infostealing malware to customers whose email address was in the system (Read more...) ]]> 2022-09-22T11:00:00+00:00 https://www.malwarebytes.com/blog/news/2022/09/2k-games-helpdesk-abused-to-spread-redline-malware www.secnews.physaphae.fr/article.php?IdArticle=7070493 False Malware None None 01net. Actualites - Securite - Magazine Francais Des pirates ont envoyé à des joueurs des messages en se faisant passer pour le support technique de 2K Games. Ces messages contenaient des liens vers le malware RedLine Information Stealer. L'article Méfiez-vous des mails de support de 2K Games, ils peuvent contenir un dangereux malware est à retrouver sur 01net.com.]]> 2022-09-22T09:55:24+00:00 https://www.01net.com/actualites/victime-de-pirates-lediteur-de-jeux-2k-games-envoie-un-malware-a-certains-joueurs.html www.secnews.physaphae.fr/article.php?IdArticle=7058222 False Malware None None The Register - Site journalistique Anglais 2022-09-21T15:56:01+00:00 https://go.theregister.com/feed/www.theregister.com/2022/09/21/malwarebytes_blocks_google_domains/ www.secnews.physaphae.fr/article.php?IdArticle=7041026 False Malware None None Bleeping Computer - Magazine Américain 2022-09-21T13:55:49+00:00 https://www.bleepingcomputer.com/news/technology/malwarebytes-mistakenly-blocks-google-youtube-for-malware/ www.secnews.physaphae.fr/article.php?IdArticle=7043146 False Malware None None SecurityWeek - Security News 2022-09-21T10:14:28+00:00 https://www.securityweek.com/vmware-warns-chromeloader-delivering-ransomware-destructive-malware www.secnews.physaphae.fr/article.php?IdArticle=7036113 False Ransomware,Malware None None The Register - Site journalistique Anglais 2022-09-21T09:26:11+00:00 https://go.theregister.com/feed/www.theregister.com/2022/09/21/vmware_microsoft_chromeloader_threat/ www.secnews.physaphae.fr/article.php?IdArticle=7035171 False Ransomware,Malware,Threat None None AhnLab - Korean Security Firm The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from September 5th, 2022 (Monday) to September 11th, 2022 (Sunday). For the main category, info-stealer ranked top with 47.1%, followed by downloader with 32.7%, backdoor with 12.5%, and ransomware with 7.7%. Top 1 – GuLoader GuLoader, which ranked first place with 21.1%, is a downloader malware that downloads additional malware and runs it. It... ]]> 2022-09-21T00:28:20+00:00 https://asec.ahnlab.com/en/38942/ www.secnews.physaphae.fr/article.php?IdArticle=7026164 True Ransomware,Malware None None