This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-12T15:27:38+00:00 www.secnews.physaphae.fr The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors with ties to Pakistan have been linked to a long-running malware campaign dubbed Operation Celestial Force since at least 2018. The activity, still ongoing, entails the use of an Android malware called GravityRAT and a Windows-based malware loader codenamed HeavyLift, according to Cisco Talos, which are administered using another standalone tool referred to as GravityAdmin. The]]> 2024-06-13T15:56:00+00:00 https://thehackernews.com/2024/06/pakistan-linked-malware-campaign.html www.secnews.physaphae.fr/article.php?IdArticle=8517165 False Malware,Tool,Threat,Mobile None 3.0000000000000000 Bleeping Computer - Magazine Américain U.S. food chain giant Panera Bread is notifying employees of a data breach after unknown threat actors stole their sensitive personal information in a March ransomware attack. [...]]]> 2024-06-13T14:32:14+00:00 https://www.bleepingcomputer.com/news/security/panera-warns-of-employee-data-breach-after-march-ransomware-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8517337 False Ransomware,Data Breach,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch Why the company took so long to address the issue is not known given that most other stakeholders had a fix out for the issue months ago.]]> 2024-06-13T14:30:35+00:00 https://www.darkreading.com/vulnerabilities-threats/microsoft-late-dangerous-dnssec-zero-day-flaw www.secnews.physaphae.fr/article.php?IdArticle=8517185 False Vulnerability,Threat None 3.0000000000000000 Mandiant - Blog Sécu de Mandiant 0ktapus," "Octo Tempest," "Scatter Swine," and "Scattered Spider," and has been observed adapting its tactics to include data theft from software-as-a-service (SaaS) applications to attacker-owned cloud storage objects (using cloud synchronization tools), persistence mechanisms against virtualization platforms, and lateral movement via SaaS permissions abuse. Active since at least May 2022, UNC3944 has leveraged underground communities like Telegram to acquire tools, services, and support to enhance their operations. Initially, UNC3944 focused on credential harvesting and SIM swapping attacks in their operations, eventually migrating to ransomware and data theft extortion. However, recently, UNC3944 has shifted to primarily data theft extortion without the use of ransomware. This change in objectives has precipitated an expansion of targeted industries and organizations as evidenced by Mandiant investigations. Evidence also suggests UNC3944 has occasionally resorted to fearmongering tactics to gain access to victim credentials. These tactics include threats of doxxing personal information, physical harm to victims and their families, and the distribution of compromising material. This blog post aims to spotlight UNC3944\'s attacks against SaaS applications, providing insights into the group\'s evolving TTPs in line with its shifting mission objectives. Tactics, Techniques, and Procedures (TTPs) Figure 1: UNC3944 attack lifecycle Mandiant has observed UNC3944 in multiple engagements leveraging social engineering techniques against corporate help desks to gain initial access to existing privileged accounts. Mandiant has analyzed several forensic recordings of these call center attacks, and of the observed r]]> 2024-06-13T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/unc3944-targets-saas-applications/ www.secnews.physaphae.fr/article.php?IdArticle=8517358 False Ransomware,Tool,Threat,Cloud None 3.0000000000000000 Checkpoint - Fabricant Materiel Securite Une nouvelle attaque sophistiquée de logiciels malveillants / trojan est conçue pour voler des informations d'identification de connexion et des informations sur les cartes de crédit des systèmes de paiement, des banques et des échanges de crypto.Cette attaque trompe les applications commerciales légitimes dans l'exécution des fichiers de bibliothèque de liens dynamiques compromis mais innocents (DLL) & # 8212;Rendant les choses très difficiles à détecter et à bloquer.La charge de touche DLL est une technique utilisée par les cybercriminels pour exécuter du code malveillant sur un système cible en exploitant la façon dont Windows charge les bibliothèques de liens dynamiques (DLL).Ce blog explore comment les moteurs à émulation de menace avancés de Check Point \\, qui font partie de l'infini menacecloud AI, ont détecté et empêché une attaque de téléchargement de DLL contre l'un de nos clients.[& # 8230;]

---

>A sophisticated new malware/trojan attack is designed to steal login credentials and credit card information from payment systems, banks and crypto exchanges. This attack tricks legitimate business applications into running compromised but innocent-looking dynamic link library (DLL) files — making it very difficult to detect and block. DLL sideloading is a technique used by cybercriminals to execute malicious code on a target system by exploiting the way Windows loads dynamic link libraries (DLLs). This blog explores how Check Point\'s advanced Threat Emulation engines, part of Infinity ThreatCloud AI, detected and prevented a DLL Sideloading attack on one of our customers. […] ]]> 2024-06-13T13:00:46+00:00 https://blog.checkpoint.com/security/how-threatcloud-ais-threat-emulation-engine-prevents-dll-sideloading-trojan-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8517329 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google has warned that a security flaw impacting Pixel Firmware has been exploited in the wild as a zero-day. The high-severity vulnerability, tagged as CVE-2024-32896, has been described as an elevation of privilege issue in Pixel Firmware. The company did not share any additional details related to the nature of attacks exploiting it, but noted "there are indications that CVE-2024-32896 may be]]> 2024-06-13T12:38:00+00:00 https://thehackernews.com/2024/06/google-warns-of-pixel-firmware-security.html www.secnews.physaphae.fr/article.php?IdArticle=8517168 False Vulnerability,Threat None 3.0000000000000000 HackRead - Chercher Cyber A terminated employee deleted his employer\'s servers, causing major financial loss. Read about the growing threat of disgruntled ex-employees and how companies can protect themselves from this threat.]]> 2024-06-13T12:19:26+00:00 https://hackread.com/indian-ex-employee-jail-wiping-singapore-virtual-servers/ www.secnews.physaphae.fr/article.php?IdArticle=8517344 False Threat,Legislation None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A previously undocumented cross-platform malware codenamed Noodle RAT has been put to use by Chinese-speaking threat actors either for espionage or cybercrime for years. While this backdoor was previously categorized as a variant of Gh0st RAT and Rekoobe, Trend Micro security researcher Hara Hiroaki said "this backdoor is not merely a variant of existing malware, but is a new type altogether."]]> 2024-06-13T11:55:00+00:00 https://thehackernews.com/2024/06/new-cross-platform-malware-noodle-rat.html www.secnews.physaphae.fr/article.php?IdArticle=8517169 False Malware,Threat,Prediction None 2.0000000000000000 InformationSecurityBuzzNews - Site de News Securite Ransomware gangs pose a massive threat to businesses, with 59% of organizations reporting an attack in 2023. To protect against ransomware attacks, organizations must understand the groups that launch them and their tactics. So, let’s unpack the top 10 most dangerous ransomware gangs. What is Ransomware? First, we must understand what ransomware is. Ransomware is […]]]> 2024-06-13T11:16:37+00:00 https://informationsecuritybuzz.com/unpacking-the-ten-most-dangerous-ransomware-gangs/ www.secnews.physaphae.fr/article.php?IdArticle=8524723 False Ransomware,Threat None 3.0000000000000000 ProjectZero - Blog de recherche Google There are recent public examples of third-party drivers containing serious vulnerabilities that are exploited on Android. While there exists a well-established body of public (and In-the-Wild) security research on Android GPU drivers, other chipset components may not be as frequently audited so this research sought to explore those drivers in greater detail.Driver Enumeration: Not as Easy as it Looks This research focused on three Android devices (chipset manufacturers in parentheses): - Google Pixel 7 (Tensor) - Xiaomi 11T (MediaTek) - Asus ROG 6D (MediaTek) In order to perform driver research on these devices I first had to find all of the kernel drivers that were accessible from an unprivileged context on each device; a task complicated by the non-uniformity of kernel drivers (and their permissions structures) across different devices even within the same chipset manufacturer. There are several different methodologies for discovering these drivers. The most straightforward technique is to search the associated filesystems looking for exposed driver device files. These files serve as the primary method by which userland can interact with the driver. Normally the “file” is open’d by a userland process, which then uses a combination of read, write, ioctl, or even mmap to interact with the driver. The driver then “translates” those interactions into manipulations of the underlying hardware device sending the output of that device back to userland as warranted. Effectively all drivers expose their interfaces through the ProcFS or DevFS filesystems, so I focused on the /proc and /dev directories while searching for viable attack surfaces. Theoretically, evaluating all the userland accessible drivers should be as simple as calling find /dev or find /proc, attempting to open every file discovered, and logging which open]]> 2024-06-13T11:03:53+00:00 https://googleprojectzero.blogspot.com/2024/06/driving-forward-in-android-drivers.html www.secnews.physaphae.fr/article.php?IdArticle=8516986 False Tool,Vulnerability,Threat,Patching,Mobile,Technical None 3.0000000000000000 Global Security Mag - Site de news francais Points de Vue]]> 2024-06-13T09:34:42+00:00 https://www.globalsecuritymag.fr/les-collectivites-cybermenaces-specifiques-et-reponses-adaptees.html www.secnews.physaphae.fr/article.php?IdArticle=8517281 False Threat None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial Symantec researchers have detailed ransomware attacks by the Black Basta group, which may have utilized a privilege escalation... ]]> 2024-06-13T08:53:20+00:00 https://industrialcyber.co/ransomware/symantec-reports-black-basta-ransomware-group-suspected-of-exploiting-zero-day-in-likely-failed-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8517150 False Ransomware,Vulnerability,Threat None 2.0000000000000000 AhnLab - Korean Security Firm 1.Présentation Ahnlab Security Intelligence Center (ASEC) a confirmé que la tendance des botnets depuis 2019 a été continuellement utilisée pour installer des logiciels malveillants Ninerat.Un botnet est un groupe d'appareils infectés par des logiciels malveillants et contrôlés par un acteur de menace.Parce que les acteurs de la menace ont principalement lancé des attaques DDOS à l'aide de botnets dans le passé, Nitol et d'autres souches de logiciels malveillants utilisées dans les attaques DDOS ont été perçues comme les souches clés qui forment des botnets.Récemment, cependant, des souches de logiciels malveillants tels que Nanocore et Emotet qui effectuent des comportements malveillants ...

---

1. Overview AhnLab Security intelligence Center (ASEC) confirmed that botnets trending since 2019 have been continuously used to install NiceRAT malware. A botnet is a group of devices infected by malware and controlled by a threat actor. Because threat actors mainly launched DDoS attacks using botnets in the past, Nitol and other malware strains used in DDoS attacks were perceived as the key strains that form botnets. Recently, however, malware strains such as NanoCore and Emotet that perform malicious behaviors... ]]> 2024-06-13T07:44:20+00:00 https://asec.ahnlab.com/en/66790/ www.secnews.physaphae.fr/article.php?IdArticle=8517355 False Malware,Threat None 2.0000000000000000 AhnLab - Korean Security Firm Ahnlab Security Intelligence Center (ASEC) a identifié les détails du groupe de menaces Kimsuky qui exploitait récemment une vulnérabilité (CVE-2017-11882) Dans l'éditeur d'équation inclus dans MS Office (Eqnedt32.exe) pour distribuer un Keylogger.L'acteur de menace a distribué le Keylogger en exploitant la vulnérabilité pour exécuter une page avec un script malveillant intégré avec le processus MSHTA.La page à laquelle Mshta se connecte est http://xxxxxxxxxx.xxxxxx.xxxxxxx.com/images/png/error.php et utilise le nom de fichier error.php.Comme le montre la figure 2, le & # 8220; introuvable & # 8221;Le message le fait ...

---

AhnLab SEcurity intelligence Center (ASEC) has identified the details of the Kimsuky threat group recently exploiting a vulnerability (CVE-2017-11882) in the equation editor included in MS Office (EQNEDT32.EXE) to distribute a keylogger. The threat actor distributed the keylogger by exploiting the vulnerability to run a page with an embedded malicious script with the mshta process. The page that mshta connects to is http://xxxxxxxxxxx.xxxxxx.xxxxxxxx.com/images/png/error.php and uses the file name error.php. As shown in Figure 2, the “Not Found” message makes it... ]]> 2024-06-13T07:06:14+00:00 https://asec.ahnlab.com/en/66720/ www.secnews.physaphae.fr/article.php?IdArticle=8517356 False Vulnerability,Threat None 3.0000000000000000 ProofPoint - Cyber Firms 2024-06-13T05:00:22+00:00 https://www.proofpoint.com/us/blog/threat-insight/security-brief-scammers-create-fraudulent-olympics-ticketing-websites www.secnews.physaphae.fr/article.php?IdArticle=8517324 False Threat,Legislation None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-06-12T20:22:36+00:00 https://community.riskiq.com/article/b74a41ff www.secnews.physaphae.fr/article.php?IdArticle=8517378 False Ransomware,Spam,Malware,Tool,Threat None 2.0000000000000000 TechRepublic - Security News US A threat actor exploited the Snowflake platform to target organizations for data theft and extortion using compromised credentials. Learn how to protect your business from this threat.]]> 2024-06-12T19:34:26+00:00 https://www.techrepublic.com/article/snowflake-data-theft-extortion/ www.secnews.physaphae.fr/article.php?IdArticle=8516891 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have warned of an ongoing cryptojacking campaign targeting misconfigured Kubernetes clusters to mine Dero cryptocurrency. Cloud security firm Wiz, which shed light on the activity, said it\'s an updated variant of a financially motivated operation that was first documented by CrowdStrike in March 2023. "In this incident, the threat actor abused anonymous access to an]]> 2024-06-12T19:12:00+00:00 https://thehackernews.com/2024/06/cryptojacking-campaign-targets.html www.secnews.physaphae.fr/article.php?IdArticle=8517170 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors linked to the Black Basta ransomware may have exploited a recently disclosed privilege escalation flaw in the Microsoft Windows Error Reporting Service as a zero-day, according to new findings from Symantec. The security flaw in question is CVE-2024-26169 (CVSS score: 7.8), an elevation of privilege bug in the Windows Error Reporting Service that could be exploited to achieve]]> 2024-06-12T16:41:00+00:00 https://thehackernews.com/2024/06/black-basta-ransomware-may-have.html www.secnews.physaphae.fr/article.php?IdArticle=8517172 False Ransomware,Vulnerability,Threat None 3.0000000000000000 Veracode - Application Security Research, News, and Education Blog Cyberattacks are a growing threat, making it crucial for us to understand the tools and techniques available to secure applications.  Today, we dive into the differences and similarities between Dynamic Application Security Testing (DAST) and Penetration Testing with insights from a Veracode industry expert and certified penetration tester, Florian Walter. DAST is an automated technique designed to identify security vulnerabilities in web applications and APIs during runtime. It effectively simulates attacks to detect common issues like SQL injections and cross-site scripting vulnerabilities, making it ideal for continuous security checks across various stages of the software development lifecycle. Conversely, Penetration Testing involves expert testers manually examining applications to pinpoint vulnerabilities that automated tools might miss. This method provides deep insights, especially in complex environments handling sensitive data, offering a nuanced…]]> 2024-06-12T15:48:53+00:00 https://www.veracode.com/blog/managing-appsec/understanding-nuances-dast-vs-penetration-testing www.secnews.physaphae.fr/article.php?IdArticle=8516856 False Tool,Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch An RCE vulnerability that affects the Web scripting language on Windows systems is easy to exploit and can provide a broad attack surface.]]> 2024-06-12T15:41:26+00:00 https://www.darkreading.com/vulnerabilities-threats/tellyouthepass-ransomware-exploits-critical-php-flaw www.secnews.physaphae.fr/article.php?IdArticle=8517194 False Ransomware,Vulnerability,Threat None 3.0000000000000000 Bleeping Computer - Magazine Américain Google has released patches for 50 security vulnerabilities impacting its Pixel devices and warned that one of them had already been exploited in targeted attacks as a zero-day. [...]]]> 2024-06-12T15:06:16+00:00 https://www.bleepingcomputer.com/news/security/google-patches-exploited-android-zero-day-on-pixel-devices/ www.secnews.physaphae.fr/article.php?IdArticle=8517339 False Vulnerability,Threat,Mobile None 3.0000000000000000 Intigrity - Blog À mesure que les cybermenaces évoluent, les organisations doivent détecter et traiter de manière proactive les vulnérabilités de sécurité avant que les acteurs malveillants puissent les exploiter.Cette bataille en cours contre les violations potentielles est essentielle pour la sauvegarde des informations et la protection de la réputation et de la continuité opérationnelle de l'entreprise. & # 160;Deux méthodes importantes pour découvrir et remédier aux vulnérabilités sont les programmes de primes de bogues et les tests de pénétration, également appelés [& # 8230;]

---

>As cyber threats evolve, organizations must proactively detect and address security vulnerabilities before malicious actors can exploit them. This ongoing battle against potential breaches is vital for safeguarding information and protecting a company’s reputation and operational continuity.  Two prominent methods to uncover and remedy vulnerabilities are bug bounty programs and penetration testing, also known as […] ]]> 2024-06-12T14:56:51+00:00 https://blog.intigriti.com/2024/06/12/penetration-testing-vs-bug-bounty-programs/ www.secnews.physaphae.fr/article.php?IdArticle=8516861 False Vulnerability,Threat None 2.0000000000000000 Mandiant - Blog Sécu de Mandiant   Individuals and organizations in Brazil face a unique cyber threat landscape because it is a complex interplay of global and local threats, posing significant risks to individuals, organizations, and critical sectors of Brazilian society. Many of the cyber espionage threat actors that are prolific in campaigns across the globe are also active in carrying out attempted intrusions into critical sectors of Brazilian society. Brazil also faces threats posed by the worldwide increase in multifaceted extortion, as ransomware and data theft continue to rise. At the same time, the threat landscape in Brazil is shaped by a domestic cybercriminal market, where threat actors coordinate to carry out account takeovers, conduct carding and fraud, deploy banking malware and facilitate other cyber threats targeting Brazilians. The rise of the Global South, with Brazil at the forefront, marks a significant shift in the geopolitical landscape; one that extends into the cyber realm. As Brazil\'s influence grows, so does its digital footprint, making it an increasingly attractive target for cyber threats originating from both global and domestic actors. This blog post brings together Google\'s collective understanding of the Brazilian threat landscape, combining insights from Google\'s Threat Analysis Group (TAG) and Mandiant\'s frontline intelligence. As Brazil\'s economic and geopolitical role in global affairs continues to rise, threat actors from an array of motivations will further seek opportunities to exploit the digital infrastructure that Brazilians rely upon across all aspects of society. By sharing our global perspective, we hope to enable greater resiliency in mitigating these threats. Google uses the results of our research to improve the safety and security of our products, making them secure by default. Chrome OS has built-in and proactive security to protect from ransomware, and there have been no reported ransomware attacks ever on any business, education, or consumer Chrome OS device. Google security teams continuously monitor for new threat activity, and all identified websites and domains are added to Safe Browsing to protect users from further exploitation. We deploy and constantly update Android detections to protect users\' devices and prevent malicious actors from publishing malware to the Google Play Store. We send targeted Gmail and Workspace users government-backed attacker alerts, notifying them of the activity and encouraging potential targets to enable Enhanced Safe Browsing for Chrome and ensure that all devices are updated.   Cyber Espionage Operations Targeting Brazil Brazil\'s status as a globally influential power and the largest economy in South America have drawn attention from c]]> 2024-06-12T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/cyber-threats-targeting-brazil/ www.secnews.physaphae.fr/article.php?IdArticle=8516847 False Ransomware,Spam,Malware,Tool,Vulnerability,Threat,Mobile,Medical,Cloud,Technical APT 28 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) State-sponsored threat actors backed by China gained access to 20,000 Fortinet FortiGate systems worldwide by exploiting a known critical security flaw between 2022 and 2023, indicating that the operation had a broader impact than previously known. "The state actor behind this campaign was already aware of this vulnerability in FortiGate systems at least two months before Fortinet disclosed the]]> 2024-06-12T13:36:00+00:00 https://thehackernews.com/2024/06/china-backed-hackers-exploit-fortinet.html www.secnews.physaphae.fr/article.php?IdArticle=8517174 False Vulnerability,Threat None 3.0000000000000000 Checkpoint - Fabricant Materiel Securite Introduction Qushing-Qr Code phishing - est une menace en évolution rapide.À partir d'août, lorsque nous avons vu la première augmentation rapide, nous avons également vu un changement dans le type d'attaques de code QR.Il a commencé avec les demandes d'authentification MFA standard.Il a ensuite évolué vers le routage conditionnel et le ciblage personnalisé.Maintenant, nous voyons une autre évolution dans la manipulation des codes QR.Les chercheurs par e-mail d'harmonie ont découvert une nouvelle campagne, où le code QR n'est pas dans une image, mais plutôt créé via des caractères HTML et ASCII.Les chercheurs par e-mail d'harmonie ont vu plus de 600 e-mails similaires fin mai.Exemple d'e-mail Dans cet e-mail, le [& # 8230;]

---

>Introduction Quishing-QR code phishing-is a rapidly evolving threat. Starting around August, when we saw the first rapid increase, we\'ve also seen a change in the type of QR code attacks. It started with standard MFA authentication requests. It then evolved to conditional routing and custom targeting. Now, we\'re seeing another evolution, into the manipulation of QR codes. Harmony Email Researchers have uncovered a new campaign, where the QR code is not in an image, but rather created via HTML and ASCII characters. Harmony Email researchers have seen over 600 similar emails in late May. Email Example In this email, the […] ]]> 2024-06-12T13:00:02+00:00 https://blog.checkpoint.com/harmony-email/the-evolution-of-qr-code-phishing-ascii-based-qr-codes/ www.secnews.physaphae.fr/article.php?IdArticle=8517330 False Threat None 4.0000000000000000 Security Intelligence - Site de news Américain La prolifération des assistants par courrier électronique de l'intelligence artificielle générative (Genai) tels que GPT-3 d'Openai et de la composition intelligente de Google ont révolutionné des flux de travail de communication.Malheureusement, il a également introduit de nouveaux vecteurs d'attaque pour les cybercriminels.Tirant parti des progrès récents dans l'IA et le traitement du langage naturel, les acteurs malveillants peuvent exploiter les vulnérabilités dans les systèmes Genai pour orchestrer les cyberattaques sophistiquées avec une grande portée [& # 8230;]

---

>The proliferation of generative artificial intelligence (GenAI) email assistants such as OpenAI’s GPT-3 and Google’s Smart Compose has revolutionized communication workflows. Unfortunately, it has also introduced novel attack vectors for cyber criminals. Leveraging recent advancements in AI and natural language processing, malicious actors can exploit vulnerabilities in GenAI systems to orchestrate sophisticated cyberattacks with far-reaching […] ]]> 2024-06-12T13:00:00+00:00 https://securityintelligence.com/posts/morris-ii-self-replicating-malware-genai-email-assistants/ www.secnews.physaphae.fr/article.php?IdArticle=8516877 False Vulnerability,Threat None 2.0000000000000000 Bleeping Computer - Magazine Américain Safety and location services company Life360 says it was the target of an extortion attempt after a threat actor breached and stole sensitive information from a Tile customer support platform. [...]]]> 2024-06-12T12:45:55+00:00 https://www.bleepingcomputer.com/news/security/life360-says-hacker-tried-to-extort-them-after-tile-data-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8517340 False Data Breach,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch The threat group behind breaches at Caesars and MGM moves its business over to a different ransomware-as-a-service operation.]]> 2024-06-12T10:00:00+00:00 https://www.darkreading.com/threat-intelligence/ransomhub-brings-scattered-spider-into-its-raas-fold www.secnews.physaphae.fr/article.php?IdArticle=8517196 False Threat None 3.0000000000000000 SlashNext - Cyber Firm Dans le monde hyper-connecté d'aujourd'hui, les travailleurs modernes s'appuient sur une multitude d'outils de communication et de collaboration pour faire le travail efficacement.Email, SMS, Slack, Microsoft Teams & # 8211;L'employé moyen jongle entre 6 et 10 applications sanctionnées par jour.Et cela ne compte même pas les outils non autorisés qui volent sous le radar.Cette prolifération des canaux [& # 8230;] Le post menace multi-canal Lelinpot quittera votre organisation qui quittera votre organisationVulnérable à la violation est apparu pour la première fois sur slashnext .

---

>In today’s hyper-connected world, modern workers rely on a multitude of communication and collaboration tools to get work done efficiently. Email, SMS, Slack, Microsoft Teams – the average employee juggles between 6-10 sanctioned apps on any given day. And that’s not even counting the unsanctioned tools that fly under IT’s radar. This proliferation of channels […] The post Multi-Channel Threat Blindspot Will Leave Your Organization Vulnerable to Breach first appeared on SlashNext.]]> 2024-06-12T09:45:07+00:00 https://slashnext.com/blog/multi-channel-threat-blindspot-will-leave-your-organization-vulnerable-to-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8517251 False Tool,Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine June Patch Tuesday sees Microsoft fix over 50 bugs, including one already publicly disclosed]]> 2024-06-12T09:15:00+00:00 https://www.infosecurity-magazine.com/news/microsoft-patches-critica-zeroday/ www.secnews.physaphae.fr/article.php?IdArticle=8517221 False Vulnerability,Threat None 2.0000000000000000 HackRead - Chercher Cyber A critical vulnerability (CVE-2024-30103) in Microsoft Outlook allows attackers to execute malicious code simply by opening an email. This "zero-click" exploit doesn\'t require user interaction and poses a serious threat. Learn how this vulnerability works and how to stay protected.]]> 2024-06-12T08:59:25+00:00 https://hackread.com/outlook-rce-vulnerability-exploits-preview-pane/ www.secnews.physaphae.fr/article.php?IdArticle=8517348 False Vulnerability,Threat None 3.0000000000000000 Global Security Mag - Site de news francais rapports spéciaux

---

New research by WithSecure Intelligence explores the trend of mass exploitation of edge services and infrastructure, and puts forward several theories as to why they have been so heavily – and successfully – targeted by attackers. The cyber threat landscape in 2023 and 2024 has been dominated by mass exploitation. A previous WithSecure report on the professionalization of cybercrime noted the growing importance of mass exploitation as an infection vector, but the volume and severity of this (...) - Special Reports]]> 2024-06-12T08:35:41+00:00 https://www.globalsecuritymag.fr/withsecure-intelligence-research-sets-mass-exploitation-of-edge-services-as-the.html www.secnews.physaphae.fr/article.php?IdArticle=8517294 False Threat,Prediction None 2.0000000000000000 ProofPoint - Cyber Firms 2024-06-12T06:00:15+00:00 https://www.proofpoint.com/us/blog/insider-threat-management/how-recognize-malicious-insider-threat-motivations www.secnews.physaphae.fr/article.php?IdArticle=8517325 False Data Breach,Threat None 2.0000000000000000 AhnLab - Korean Security Firm Bondnet est devenu le public pour la première fois dans un rapport d'analyse publié par GuardiCore en 20171 et Bondnet & # 8217;S Backdoor a été couvert dans un rapport d'analyse sur le mineur XMRIG ciblant les serveurs SQL publiés par le rapport DFIR en 20222. Il n'y a eu aucune information sur les activités de l'actrice de Bondnet Threat, mais il a été confirmé qu'ils avaient poursuivi leurs attaques jusqu'à ce queCes derniers temps.Ahnlab Security Intelligence Center (ASEC) a trouvé à travers l'analyse des systèmes infectés par des mineurs BondNet que le Bondnet menace ...

---

Bondnet first became known to the public in an analysis report published by GuardiCore in 20171 and Bondnet’s backdoor was covered in an analysis report on XMRig miner targeting SQL servers released by DFIR Report in 20222. There has not been any information on the Bondnet threat actor’s activities thereon, but it was confirmed that they had continued their attacks until recent times. AhnLab SEcurity Intelligence Center (ASEC) found through analyzing systems infected with Bondnet miners that the Bondnet threat... ]]> 2024-06-12T04:20:20+00:00 https://asec.ahnlab.com/en/66662/ www.secnews.physaphae.fr/article.php?IdArticle=8516811 False Threat None 2.0000000000000000 HackRead - Chercher Cyber Enhance business security with AI-driven decision-making. Use advanced tools for accurate threat detection, compliance, and proactive crisis management.…]]> 2024-06-11T23:20:20+00:00 https://hackread.com/ai-in-business-security-decision-enhancing-protection/ www.secnews.physaphae.fr/article.php?IdArticle=8517349 False Tool,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot Zscaler ThreatLabz has identified a recent multi-stage campaign deploying the latest ValleyRAT version, developed by a China-based threat actor. ## Description ValleyRAT is a remote access trojan (RAT) first documented in early 2023. It aims to infiltrate systems, granting attackers unauthorized control. Typically distributed via phishing emails or malicious downloads, the latest version includes new commands for capturing screenshots, process filtering, forced shutdowns, and clearing Windows event logs. The campaign starts with an initial stage downloader using an HTTP File Server (HFS) to fetch necessary files. The downloader employs various evasion techniques, such as anti-virus checks, DLL sideloading, and process injection. A specific marker identifies the configuration for communication with the command-and-control (C2) server, detailing the C2 IP, port, and communication protocol. Notable updates in ValleyRAT include enhanced device fingerprinting and changes in bot ID generation. The first stage downloader ]]> 2024-06-11T22:54:08+00:00 https://community.riskiq.com/article/c599ee92 www.secnews.physaphae.fr/article.php?IdArticle=8517379 False Malware,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-06-11T19:47:45+00:00 https://community.riskiq.com/article/bebf8696 www.secnews.physaphae.fr/article.php?IdArticle=8517380 False Ransomware,Spam,Malware,Tool,Threat,Cloud None 3.0000000000000000 Dark Reading - Informationweek Branch The fresh-baked malware is being widely distributed, but still specifically targets individuals with tailored lures. It\'s poised to evolve into a bigger threat, researchers warn.]]> 2024-06-11T16:26:08+00:00 https://www.darkreading.com/cyberattacks-data-breaches/warmcookie-cyberattackers-backdoor-initial-access www.secnews.physaphae.fr/article.php?IdArticle=8517206 False Malware,Threat None 3.0000000000000000 The State of Security - Magazine Américain Today\'s VERT Alert addresses Microsoft\'s June 2024 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1110 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2023-50868 The only disclosed vulnerability we have this month, is CVE-2023-50868, a DNSSEC protocol level vulnerability that can lead to denial of service. The vulnerability is a CPU Exhaustion related to the Closest Encloser Proof in NSEC3, a mechanism within DNSSEC. NSEC3 is the improved version of NSEC, a technology that helps prevent against DNS Cache Poisoning...]]> 2024-06-11T15:19:50+00:00 https://www.tripwire.com/state-of-security/vert-threat-alert-june-2024-patch-tuesday-analysis www.secnews.physaphae.fr/article.php?IdArticle=8517243 False Vulnerability,Threat None 2.0000000000000000 Global Security Mag - Site de news francais Malwares]]> 2024-06-11T13:25:23+00:00 https://www.globalsecuritymag.fr/rapport-2023-de-trend-micro-sur-la-cybersecurite-proteger-les-frontieres.html www.secnews.physaphae.fr/article.php?IdArticle=8517303 False Threat,Prediction None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Arm is warning of a security vulnerability impacting Mali GPU Kernel Driver that it said has been actively exploited in the wild. Tracked as CVE-2024-4610, the use-after-free issue impacts the following products - Bifrost GPU Kernel Driver (all versions from r34p0 to r40p0) Valhall GPU Kernel Driver (all versions from r34p0 to r40p0) "A local non-privileged user can make improper GPU memory]]> 2024-06-11T12:07:00+00:00 https://thehackernews.com/2024/06/arm-warns-of-actively-exploited-zero.html www.secnews.physaphae.fr/article.php?IdArticle=8517182 False Vulnerability,Threat None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC the global eSports industry is worth $4.3 billion, up from just $1.2 billion in 2017. Major eSports tournaments now fill virtual arenas and stadiums, with millions of viewers tuning in. Amid the excitement and fanfare, however, a crucial aspect often gets overlooked – cybersecurity. Maintaining integrity and security in these virtual environments has become increasingly vital. From the potential for game-altering hacks and cheats to the risk of data breaches and cyberattacks, the challenges facing the industry are growing more complex by the day. Understanding the Cybersecurity Threats in eSports The eSports industry\'s rapid growth, lucrative prize pools, and massive online viewership have made it an attractive target for cybercriminals and unscrupulous actors seeking to disrupt events, compromise systems, or gain an unfair advantage. Additionally, some eSports organizations like FaZe Clan are experiencing surges on the stock market, making them even more attractive targets than, let’s say, stealing data from individual players. To begin with, let’s go through the primary cybersecurity threats plaguing the world of eSports: DDoS Attacks Distributed Denial of Service (DDoS) attacks involve sending an influx of malicious traffic to a network or server, overwhelming it and making it unable to respond to legitimate requests, effectively taking it offline. In eSports, DDoS attacks can disrupt live tournaments, causing delays, disconnections, and frustration for players and viewers alike. These can also target individual players, knocking them offline during crucial matches. For instance, in 2023, a DDoS attack on the 24 Hours of Le Mans Virtual eSports event kicked out Max Verstappen, who was leading the race. Activision Blizzard was also hit with multiple DDoS attacks in 2020, affecting several of its game titles, including Call of Duty, Overwatch, and World of Warcraft. Account Hijacking Account hijacking involves unauthorized access to a player\'s account, typically through phishing, keylogging, or exploiting security vulnerabilities. Hijacked accounts can be used for cheating, sabotage, or even sold on the black market, putting players at risk of financial loss and reputational damage. In 2019, for example, ]]> 2024-06-11T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/the-hidden-risks-of-esports-cybersecurity-on-the-virtual-battlefield www.secnews.physaphae.fr/article.php?IdArticle=8517210 False Ransomware,Malware,Tool,Vulnerability,Threat,Legislation None 3.0000000000000000 AhnLab - Korean Security Firm Ahnlab Security Intelligence Center (ASEC) répond à des cas récemment découverts qui utilisent les logiciels malveillants Smalltiger pour attaquerEntreprises sud-coréennes.La méthode d'accès initial n'a pas encore été identifiée, mais l'acteur de menace a distribué Smalltiger dans les entreprises & # 8217;Systèmes pendant la phase de mouvement latérale.Les entrepreneurs de la défense sud-coréens, les constructeurs de pièces automobiles et les fabricants de semi-conducteurs sont quelques-uns des objectifs confirmés.Les attaques ont été trouvées pour la première fois en novembre 2023 et les souches de logiciels malveillants trouvés à l'intérieur des systèmes affectés ...

---

AhnLab SEcurity intelligence Center (ASEC) is responding to recently discovered cases that are using the SmallTiger malware to attack South Korean businesses. The method of initial access has not yet been identified, but the threat actor distributed SmallTiger into the companies’ systems during the lateral movement phase. South Korean defense contractors, automobile part manufacturers, and semiconductor manufacturers are some of the confirmed targets. The attacks were first found in November 2023, and the malware strains found inside the affected systems... ]]> 2024-06-11T01:06:56+00:00 https://asec.ahnlab.com/en/66546/ www.secnews.physaphae.fr/article.php?IdArticle=8516587 False Malware,Threat None 2.0000000000000000 AhnLab - Korean Security Firm Ahnlab Security Intelligence Center (ASEC) a récemment découvert que Remcos Rat était distribué via des dossiers Uuencoding (UUE)comprimé à l'aide de Power Archiver.L'image ci-dessous montre un e-mail de phishing distribuant le téléchargeur Remcos Rat.Les destinataires doivent être vigilants car les e-mails de phishing sont déguisés en e-mails concernant l'importation / exportation des expéditions ou des devis.1. Uue L'acteur de menace distribue un script VBS codé à l'aide de la méthode UUe via une pièce jointe.La méthode UUE, abréviation du codage Unix-to-Unix, est une méthode utilisée pour échanger des données ...

---

AhnLab SEcurity intelligence Center (ASEC) recently discovered that Remcos RAT is being distributed via UUEncoding (UUE) files compressed using Power Archiver. The image below shows a phishing email distributing the Remcos RAT downloader. Recipients must be vigilant as phishing emails are disguised as emails about importing/exporting shipments or quotations. 1. UUE The threat actor distributes a VBS script encoded using the UUE method through an attachment. The UUE method, short for Unix-to-Unix Encoding, is a method used to exchange data... ]]> 2024-06-11T00:56:03+00:00 https://asec.ahnlab.com/en/66463/ www.secnews.physaphae.fr/article.php?IdArticle=8516588 False Threat None 3.0000000000000000 AhnLab - Korean Security Firm Ahnlab Security Intelligence Center (ASEC) a partagé des cas d'attaques dans lesquels les acteurs de la menace utilisent des services de cloud telsEn tant que Google Drive, OneDrive et Dropbox pour collecter des informations utilisateur ou distribuer des logiciels malveillants.[1] [2] [3] & # 160; Les acteurs de la menace télécharge principalement des scripts malveillants, des souches de logiciels malveillants de rat et des documents de leurre sur les serveurs cloud pour effectuer des attaques.Les fichiers téléchargés fonctionnent systématiquement et effectuent divers comportements malveillants.Le processus du premier fichier de distribution à l'exécution des logiciels malveillants de rat est le suivant: dans tel ...

---

AhnLab SEcurity intelligence Center (ASEC) has been sharing cases of attacks in which threat actors utilize cloud services such as Google Drive, OneDrive, and Dropbox to collect user information or distribute malware. [1][2][3] The threat actors mainly upload malicious scripts, RAT malware strains, and decoy documents onto the cloud servers to perform attacks. The uploaded files work systematically and perform various malicious behaviors. The process from the first distribution file to the execution of RAT malware is as follows: In such... ]]> 2024-06-11T00:44:51+00:00 https://asec.ahnlab.com/en/66429/ www.secnews.physaphae.fr/article.php?IdArticle=8516589 False Malware,Threat,Cloud None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-06-10T22:09:54+00:00 https://community.riskiq.com/article/58dd52ff www.secnews.physaphae.fr/article.php?IdArticle=8516558 False Ransomware,Malware,Tool,Threat,Technical None 3.0000000000000000 Dark Reading - Informationweek Branch A threat actor has accessed data belonging to at least 165 organizations using valid credentials to their Snowflake accounts, thanks to no MFA and poor password hygiene.]]> 2024-06-10T21:47:00+00:00 https://www.darkreading.com/cloud-security/snowflake-cloud-accounts-rampant-credential-issues www.secnews.physaphae.fr/article.php?IdArticle=8516515 False Threat,Cloud None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-06-10T18:56:54+00:00 https://community.riskiq.com/article/e3b51ad8 www.secnews.physaphae.fr/article.php?IdArticle=8516457 False Malware,Tool,Threat None 4.0000000000000000 Bleeping Computer - Magazine Américain Threat actors impersonate GitHub\'s security and recruitment teams in phishing attacks to hijack repositories using malicious OAuth apps in an ongoing extortion campaign wiping compromised repos. [...]]]> 2024-06-10T18:24:16+00:00 https://www.bleepingcomputer.com/news/security/gitloker-attacks-abuse-github-notifications-to-push-malicious-oauth-apps/ www.secnews.physaphae.fr/article.php?IdArticle=8516539 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google has revealed that it took down 1,320 YouTube channels and 1,177 Blogger blogs as part of a coordinated influence operation connected to the People\'s Republic of China (PRC). "The coordinated inauthentic network uploaded content in Chinese and English about China and U.S. foreign affairs," Google Threat Analysis Group (TAG) researcher Billy Leonard said in the company\'s quarterly bulletin]]> 2024-06-10T16:30:00+00:00 https://thehackernews.com/2024/06/google-takes-down-influence-campaigns.html www.secnews.physaphae.fr/article.php?IdArticle=8516276 False Threat None 3.0000000000000000 The Last Watchdog - Blog Sécurité de Byron V Acohido Torrance, Californie, 10 juin 2024, CyberNewswire & # 8212;AI Spera, un leader des solutions de Cyber ​​Threat Intelligence (CTI), a annoncé qu'elle avait commencé à vendre ses données de détection de menaces payantes à partir de son moteur de recherche CTI & # 8216; IP criminel & # 8216;sur le neigeflake & # 8230;(Plus…) Le post ]]> 2024-06-10T15:58:26+00:00 https://www.lastwatchdog.com/news-alert-criminal-ip-unveils-innovative-fraud-detection-data-products-on-snowflake-marketplace/ www.secnews.physaphae.fr/article.php?IdArticle=8516352 False Threat None 3.0000000000000000 Checkpoint Research - Fabricant Materiel Securite Pour les dernières découvertes de cyber-recherche pour la semaine du 10 juin, veuillez télécharger notre bulletin Threat_Intelligence.Les principales attaques et violations des services de pathologie Synnovis ont connu une attaque de ransomware qui a affecté les procédures et les opérations dans plusieurs grands hôpitaux de Londres, notamment le ministère de la Santé et des Coins sociaux, NHS Qilin (anciennement Agenda) Ransomware [& # 8230;]

---

>For the latest discoveries in cyber research for the week of 10th June, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES Pathology services provider Synnovis has experienced a ransomware attack that affected procedures and operations in several major hospitals in London, including the Department of Health and Social Care, NHS Qilin (formerly Agenda) ransomware […] ]]> 2024-06-10T14:30:57+00:00 https://research.checkpoint.com/2024/10th-june-threat-intelligence-report/ www.secnews.physaphae.fr/article.php?IdArticle=8516331 False Ransomware,Threat None 2.0000000000000000 Mandiant - Blog Sécu de Mandiant Victim Notification Program. To date, Mandiant and Snowflake have notified approximately 165 potentially exposed organizations. Snowflake\'s Customer Support has been directly engaged with these customers to ensure the safety of their accounts and data. Mandiant and Snowflake have been conducting a joint investigation into this ongoing threat campaign and coordinating with relevant law enforcement agencies. On May 30, 2024, Snowflake published detailed detection and hardening guidance to Snowflake customers. ]]> 2024-06-10T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/unc5537-snowflake-data-theft-extortion/ www.secnews.physaphae.fr/article.php?IdArticle=8516264 False Malware,Tool,Threat,Legislation,Cloud None 2.0000000000000000 ZoneAlarm - Security Firm Blog Alors que l'Euro 2024 approche, l'excitation parmi les fans de football est palpable.Cependant, alors que des millions de passionnés se préparent à profiter du beau jeu, les cybercriminels se préparent également à exploiter la ferveur.Des escroqueries au phishing aux logiciels malveillants, les menaces numériques lors de ces événements de haut niveau sont réelles et significatives.Les principaux événements sportifs comme Euro 2024 attirent & # 8230;

---

>As Euro 2024 draws near, the excitement among football fans is palpable. However, while millions of enthusiasts gear up to enjoy the beautiful game, cybercriminals are also preparing to exploit the fervor. From phishing scams to malware, the digital threats during such high-profile events are real and significant.  Major sporting events like Euro 2024 attract … ]]> 2024-06-10T13:33:43+00:00 https://blog.zonealarm.com/2024/06/euro-2024-ensuring-cybersecurity-during-football-fever/ www.secnews.physaphae.fr/article.php?IdArticle=8516296 False Malware,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch The threat environment will continue to grow in complexity. Now is the time for organizations to streamline how they manage and mitigate overlooked vulnerabilities.]]> 2024-06-10T13:31:29+00:00 https://www.darkreading.com/vulnerabilities-threats/choices-for-stronger-vulnerability-management www.secnews.physaphae.fr/article.php?IdArticle=8516301 False Vulnerability,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-06-10T13:07:23+00:00 https://community.riskiq.com/article/f0cc9c82 www.secnews.physaphae.fr/article.php?IdArticle=8516318 False Ransomware,Malware,Tool,Vulnerability,Threat,Prediction None 2.0000000000000000 Global Security Mag - Site de news francais Investigations]]> 2024-06-10T13:05:02+00:00 https://www.globalsecuritymag.fr/enquete-opentext-cybersecurity-msp-mssp-survey-les-entreprises-recherchent-une.html www.secnews.physaphae.fr/article.php?IdArticle=8516271 False Threat None 3.0000000000000000 Checkpoint - Fabricant Materiel Securite Les chercheurs ont découvert une campagne avec un botnet Phorpiex utilisé pour répandre les ransomwares grâce à des millions de courriels de phishing.Pendant ce temps, le groupe Ransomware Lockbit3 a rebondi après une courte pause représentant un tiers des attaques de ransomware publiées, notre dernier indice de menace mondial pour mai 2024 a révélé que les chercheurs avaient découvert une campagne de Malspam orchestrée par le botnet Phorpiex.Les millions de courriels de phishing envoyés contenaient Lockbit Black & # 8211;basé sur LockBit3 mais non affilié au groupe Ransomware.Dans un développement non lié, le groupe réel de Lockbit3 Ransomware-as-a-Service (RAAS) a augmenté en prévalence après une courte interruption après un démontage mondial des forces de l'ordre, comptabilité [& # 8230;]

---

>Researchers uncovered a campaign with Phorpiex botnet being used to spread ransomware through millions of phishing emails. Meanwhile, the Lockbit3 Ransomware group has rebounded after a short hiatus accounting for one-third of published ransomware attacks Our latest Global Threat Index for May 2024 revealed that researchers had uncovered a malspam campaign orchestrated by the Phorpiex botnet. The millions of phishing emails sent contained LockBit Black – based on LockBit3 but unaffiliated with the Ransomware group. In an unrelated development, the actual LockBit3 ransomware-as-a-Service (RaaS) group surged in prevalence after a short hiatus following a global takedown by law enforcement, accounting […] ]]> 2024-06-10T13:00:31+00:00 https://blog.checkpoint.com/research/may-2024s-most-wanted-malware-phorpiex-botnet-unleashes-phishing-frenzy-while-lockbit3-dominates-once-again/ www.secnews.physaphae.fr/article.php?IdArticle=8516266 False Ransomware,Malware,Threat,Legislation None 3.0000000000000000 ProofPoint - Cyber Firms 2024-06-10T12:00:50+00:00 https://www.proofpoint.com/us/blog/security-awareness-training/best-practices-threat-driven-security-awareness-content www.secnews.physaphae.fr/article.php?IdArticle=8516268 False Tool,Vulnerability,Threat,Prediction None 3.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain Hyperlink Wijacking: exploiter des liens d'url erronés vers des domaines du fantôme & # 8220;: Résumé: Les utilisateurs Web suivent souvent les hyperliens à la hâte, s'attendant à ce qu'ils soient correctement programmés.Cependant, il est possible que ces liens contiennent des fautes de frappe ou d'autres erreurs.En découvrant des hyperliens actifs mais erronés, un acteur malveillant peut usurper un site Web ou un service, l'identité du contenu attendu et le phishing des informations privées.Dans & # 8220; typosquatting, & # 8221;Les erreurs d'orthographe des domaines communs sont enregistrés pour exploiter les erreurs lorsque les utilisateurs tirent un détournement d'une adresse Web.Pourtant, aucune recherche préalable n'a été consacrée aux situations où les erreurs de liaison des éditeurs Web (c'est-à-dire les développeurs et contributeurs de contenu) se propagent aux utilisateurs.Nous émettons l'hypothèse que ces hyperliens hijackables & # 8221;existent en grande quantité avec le potentiel de générer un trafic substantiel.Analyse des programmes à grande échelle du Web à l'aide de l'informatique haute performance, nous montrons que le Web contient actuellement des liens actifs vers plus de 572 000 domaines DOT-COM qui n'ont jamais été enregistrés, ce que nous appelons & # 8216; Domains Phantom. & # 8217;En enregistrant 51 d'entre eux, nous voyons 88% des domaines fantômes dépassant le trafic d'un domaine de contrôle, avec jusqu'à 10 fois plus de visites.Notre analyse montre que ces liens existent en raison de 17 modes d'erreur d'éditeurs courants, avec les domaines fantômes qu'ils indiquent gratuitement pour que quiconque puisse acheter et exploiter pendant moins de 20 ans, représentant une faible barrière à l'entrée pour les attaquants potentiels ...

---

Interesting research: “Hyperlink Hijacking: Exploiting Erroneous URL Links to Phantom Domains“: Abstract: Web users often follow hyperlinks hastily, expecting them to be correctly programmed. However, it is possible those links contain typos or other mistakes. By discovering active but erroneous hyperlinks, a malicious actor can spoof a website or service, impersonating the expected content and phishing private information. In “typosquatting,” misspellings of common domains are registered to exploit errors when users mistype a web address. Yet, no prior research has been dedicated to situations where the linking errors of web publishers (i.e. developers and content contributors) propagate to users. We hypothesize that these “hijackable hyperlinks” exist in large quantities with the potential to generate substantial traffic. Analyzing large-scale crawls of the web using high-performance computing, we show the web currently contains active links to more than 572,000 dot-com domains that have never been registered, what we term ‘phantom domains.’ Registering 51 of these, we see 88% of phantom domains exceeding the traffic of a control domain, with up to 10 times more visits. Our analysis shows that these links exist due to 17 common publisher error modes, with the phantom domains they point to free for anyone to purchase and exploit for under 20, representing a low barrier to entry for potential attackers...]]> 2024-06-10T11:08:15+00:00 https://www.schneier.com/blog/archives/2024/06/exploiting-mistyped-urls.html www.secnews.physaphae.fr/article.php?IdArticle=8516242 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have disclosed details of a threat actor known as Sticky Werewolf that has been linked to cyber attacks targeting entities in Russia and Belarus. The phishing attacks were aimed at a pharmaceutical company, a Russian research institute dealing with microbiology and vaccine development, and the aviation sector, expanding beyond their initial focus of government]]> 2024-06-10T10:59:00+00:00 https://thehackernews.com/2024/06/sticky-werewolf-expands-cyber-attack.html www.secnews.physaphae.fr/article.php?IdArticle=8516123 False Threat None 3.0000000000000000 BHconsulting - Consulting Le PDG de BH Consulting, Brian Honan, a souligné que les logiciels espions critiques de la menace aux individus, à la société et aux entreprises.Lire la suite>

---

>BH Consulting CEO, Brian Honan emphasised the critical threat spyware poses to individuals, society and businesses. Read More>   ]]> 2024-06-10T09:40:26+00:00 https://bhconsulting.ie/spyware-threat/ www.secnews.physaphae.fr/article.php?IdArticle=8516188 False Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine An anonymous 4Chan user is claiming to have shared a trove of source code stolen from the New York Times]]> 2024-06-10T09:30:00+00:00 https://www.infosecurity-magazine.com/news/threat-actor-leak-270gb-new-york/ www.secnews.physaphae.fr/article.php?IdArticle=8516194 False Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-06-07T22:28:02+00:00 https://community.riskiq.com/article/5c05cdcd www.secnews.physaphae.fr/article.php?IdArticle=8514966 False Threat,Legislation,Mobile None 4.0000000000000000 Dark Reading - Informationweek Branch Since at least February, a threat actor has been attempting to extort victims by stealing or wiping data in their GitHub repositories.]]> 2024-06-07T21:28:44+00:00 https://www.darkreading.com/application-security/github-repos-targeted-in-cyber-extortion-attacks www.secnews.physaphae.fr/article.php?IdArticle=8514924 False Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-06-07T21:10:07+00:00 https://community.riskiq.com/article/dccc6ab3 www.secnews.physaphae.fr/article.php?IdArticle=8514942 False Ransomware,Malware,Tool,Threat,Mobile,Prediction None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-06-07T19:53:27+00:00 https://community.riskiq.com/article/d4ad1229 www.secnews.physaphae.fr/article.php?IdArticle=8514887 False Ransomware,Malware,Tool,Vulnerability,Threat,Prediction,Cloud None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot Arctic Wolf Labs has discovered a new ransomware variant called Fog, which has been observed in several Arctic Wolf Incident Response cases. ## Description The newly discovered ransomware operation named \'Fog\' has been targeting educational organizations in the U.S. by using compromised VPN credentials to gain initial access to victim networks. Although the ransomware gang has not yet set up an extortion portal, they have been observed stealing data for double-extortion attacks, leveraging the stolen data to intimidate victims into paying. The threat actors behind Fog have been accessing victim environments through compromised VPN credentials from at least two different VPN gateway vendors. Once inside the network, they employ techniques such as "pass-the-hash" attacks on administrator accounts, credential stuffing, PsExec deployment on multiple hosts, and disabling Windows Defender on Windows servers to avoid detection. The ransomware encrypts VMDK files in Virtual Machine storage and deletes backups from object storage in Veeam and Windows volume shadow copies to hinder restoration. Encrypted files are given either the \'.FOG\' or \'.FLOCKED\' extension, and a ransom note is ]]> 2024-06-07T19:48:12+00:00 https://community.riskiq.com/article/b474122c www.secnews.physaphae.fr/article.php?IdArticle=8514888 False Ransomware,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-06-07T17:32:33+00:00 https://community.riskiq.com/article/46bbe9fb www.secnews.physaphae.fr/article.php?IdArticle=8514830 False Malware,Tool,Vulnerability,Threat None 3.0000000000000000 SecurityWeek - Security News Des histoires remarquables qui pourraient avoir glissé sous le radar: Tiktok Patchs Compte Rijacking Zero-Day, 300 millions de dollars DMM Bitcoin Hack, Applications VPN Android gratuites analysées.

---

>Noteworthy stories that might have slipped under the radar: TikTok patches account hijacking zero-day, $300 million DMM Bitcoin hack, free Android VPN apps analyzed. ]]> 2024-06-07T14:33:48+00:00 https://www.securityweek.com/in-other-news-tiktok-zero-day-dmm-bitcoin-hack-free-vpn-app-analysis/ www.secnews.physaphae.fr/article.php?IdArticle=8514761 False Hack,Vulnerability,Threat,Mobile None 3.0000000000000000 Global Security Mag - Site de news francais opinion

---

Threat landscape trends: Faster cybercriminals, unpatched vulnerabilities and less ransomware Dave Spillane, Systems Engineer Director at Fortinet - Opinion]]> 2024-06-07T14:28:34+00:00 https://www.globalsecuritymag.fr/threat-landscape-trends-faster-cybercriminals-unpatched-vulnerabilities-and.html www.secnews.physaphae.fr/article.php?IdArticle=8514733 False Ransomware,Vulnerability,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot Reported by Infoblox, a global domain name system (DNS) probing operation targeting open resolvers has been ongoing since at least June 2023. This operation, conducted by a threat actor referred to as "Secshow," utilizes name servers within the China Education and Research Network (CERNET) to identify open DNS resolvers and assess their reactions to different responses.  Secshow has previously leveraged DNS tunneling, according to Palo Alto. [Microsoft reported Palo Alto\'s findings here.](https://security.microsoft.com/intel-explorer/articles/7f0d7aa3) ## Description Secshow\'s activities involve sending DNS queries worldwide to pinpoint open resolvers, often exploited for DNS distributed denial-of-service (DDoS) attacks. These queries contain encoded information like target IP addresses and timestamps, exhibiting different formats over time. Additionally, Secshow utilizes selective wildcard DNS responses, generating a broad set of resolution IP addresses for its domains. Techniques such as DNAME and CNAME responses are used to evaluate resolver behavior and gather information about resolver paths. Inflobox mentions that Secshow\'s end goal is unknown at the time of this reporting, and that operations have recently ceased. Additionally, Infoblox mentions research on "Muddling Meerkat", another Chinese actor identified performing DNS probing this year. [Read more about Muddling Meerkat here.](https://security.microsoft.com/intel-explorer/articles/b6049233) ## Recommendations [Read more here ab]]> 2024-06-07T14:24:24+00:00 https://community.riskiq.com/article/09ef555f www.secnews.physaphae.fr/article.php?IdArticle=8514780 False Threat None 4.0000000000000000 Global Security Mag - Site de news francais nouvelles commerciales

---

CrowdStrike Wins Most Categories of Any Vendor at SC Awards Europe 2024 The Falcon platform further validates position as cybersecurity\'s consolidation platform of choice; wins Best Cloud Security, Endpoint, AI, Threat Intelligence and Incident Response - Business News]]> 2024-06-07T13:26:42+00:00 https://www.globalsecuritymag.fr/crowdstrike-wins-most-categories-of-any-vendor-at-sc-awards-europe-2024.html www.secnews.physaphae.fr/article.php?IdArticle=8514700 False Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks targeting defense forces in the country with a malware called SPECTR as part of an espionage campaign dubbed SickSync. The agency attributed the attacks to a threat actor it tracks under the moniker UAC-0020, which is also called Vermin and is assessed to be associated with security agencies of the Luhansk]]> 2024-06-07T12:43:00+00:00 https://thehackernews.com/2024/06/spectr-malware-targets-ukraine-defense.html www.secnews.physaphae.fr/article.php?IdArticle=8514542 False Malware,Threat None 2.0000000000000000 SecurityWeek - Security News Mozilla a annoncé un programme de primes de bug de 0 jour d'investigation (0Din) pour les LLM et autres technologies d'apprentissage en profondeur.

---

>Mozilla has announced a 0Day Investigative Network (0Din) bug bounty program for LLMs and other deep learning tech. ]]> 2024-06-07T12:34:45+00:00 https://www.securityweek.com/mozilla-launches-0din-gen-ai-bug-bounty-program/ www.secnews.physaphae.fr/article.php?IdArticle=8514699 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor known as Commando Cat has been linked to an ongoing cryptojacking attack campaign that leverages poorly secured Docker instances to deploy cryptocurrency miners for financial gain. "The attackers used the cmd.cat/chattr docker image container that retrieves the payload from their own command-and-control (C&C) infrastructure," Trend Micro researchers Sunil Bharti and Shubham]]> 2024-06-07T10:40:00+00:00 https://thehackernews.com/2024/06/commando-cat-cryptojacking-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=8514493 False Threat,Prediction None 2.0000000000000000 Global Security Mag - Site de news francais revues de produits

---

Darktrace Launches Managed Detection & Response Service to Bolster Security Operations New MDR service combines AI-powered threat containment with 24/7 human expert support - Product Reviews]]> 2024-06-07T07:36:07+00:00 https://www.globalsecuritymag.fr/darktrace-launches-managed-detection-response-service.html www.secnews.physaphae.fr/article.php?IdArticle=8514543 False Threat None 3.0000000000000000 ProofPoint - Cyber Firms 2024-06-07T06:47:56+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/preventing-impersonation-fraud-semantic-analysis-llm www.secnews.physaphae.fr/article.php?IdArticle=8514729 False Tool,Threat,Cloud,Commercial None 3.0000000000000000 Dark Reading - Informationweek Branch One monitoring firm has detected exploitation attempts targeting CVE-2024-24919 from more than 780 unique IP addresses in the past week.]]> 2024-06-06T20:16:47+00:00 https://www.darkreading.com/cyberattacks-data-breaches/attacks-surge-on-check-points-recent-vpn-zero-day-flaw www.secnews.physaphae.fr/article.php?IdArticle=8514313 False Vulnerability,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-06-06T20:12:19+00:00 https://community.riskiq.com/article/96c5190e www.secnews.physaphae.fr/article.php?IdArticle=8514354 False Malware,Tool,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The distributed denial-of-service (DDoS) botnet known as Muhstik has been observed leveraging a now-patched security flaw impacting Apache RocketMQ to co-opt susceptible servers and expand its scale. "Muhstik is a well-known threat targeting IoT devices and Linux-based servers, notorious for its ability to infect devices and utilize them for cryptocurrency mining and launching Distributed Denial]]> 2024-06-06T18:44:00+00:00 https://thehackernews.com/2024/06/muhstik-botnet-exploiting-apache.html www.secnews.physaphae.fr/article.php?IdArticle=8514147 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Learn about critical threats that can impact your organization and the bad actors behind them from Cybersixgill\'s threat experts. Each story shines a light on underground activities, the threat actors involved, and why you should care, along with what you can do to mitigate risk.  In an increasingly interconnected world, supply chain attacks have emerged as a formidable threat, compromising]]> 2024-06-06T17:00:00+00:00 https://thehackernews.com/2024/06/third-party-cyber-attacks-threat-no-one.html www.secnews.physaphae.fr/article.php?IdArticle=8514089 False Threat None 2.0000000000000000 Global Security Mag - Site de news francais 2024-06-06T15:40:02+00:00 https://www.globalsecuritymag.fr/kyndryl-presente-de-nouveaux-services-d-analyse-des-menaces-pour-aws.html www.secnews.physaphae.fr/article.php?IdArticle=8514176 False Threat None 2.0000000000000000 ZD Net - Magazine Info Recall AI hasn\'t launched yet but it\'s already a target.]]> 2024-06-06T15:35:00+00:00 https://www.zdnet.com/article/ethical-hacker-says-his-windows-11-recall-ai-extraction-tool-is-not-rocket-science/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=8514227 False Tool,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Tom works for a reputable financial institution. He has a long, complex password that would be near-impossible to guess. He\'s memorized it by heart, so he started using it for his social media accounts and on his personal devices too. Unbeknownst to Tom, one of these sites has had its password database compromised by hackers and put it up for sale on the dark web. Now threat actors are working]]> 2024-06-06T15:25:00+00:00 https://thehackernews.com/2024/06/prevent-account-takeover-with-better.html www.secnews.physaphae.fr/article.php?IdArticle=8514039 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are increasingly abusing legitimate and commercially available packer software such as BoxedApp to evade detection and distribute malware such as remote access trojans and information stealers. "The majority of the attributed malicious samples targeted financial institutions and government industries," Check Point security researcher Jiri Vinopal said in an analysis. The volume of]]> 2024-06-06T15:24:00+00:00 https://thehackernews.com/2024/06/hackers-exploit-legitimate-packer.html www.secnews.physaphae.fr/article.php?IdArticle=8514040 False Malware,Threat None 3.0000000000000000 SecurityWeek - Security News Google et Microsoft mettent en garde contre les risques élevés de cyber-menaces auxquelles sont confrontés les Jeux olympiques de Paris 2024, en particulier des acteurs de la menace russe.

---

>Google and Microsoft warn of elevated risks of cyber threats facing the 2024 Paris Olympics, especially from Russian threat actors. ]]> 2024-06-06T12:51:38+00:00 https://www.securityweek.com/google-microsoft-russian-threat-actors-pose-high-risk-to-2024-paris-olympics/ www.secnews.physaphae.fr/article.php?IdArticle=8514118 False Threat None 3.0000000000000000 knowbe4 - cybersecurity services Les efforts coordonnés entre les agences d'application de la loi dans neuf pays ont entraîné une perturbation majeure des logiciels malveillants d'un groupe de menaces et ransomware opérations.

---

Coordinated efforts between law enforcement agencies across nine countries has resulted in a major disruption of a threat group\'s malware and ransomware operations.]]> 2024-06-06T12:27:15+00:00 https://blog.knowbe4.com/operation-endgame-season-1-ends-with-arrests www.secnews.physaphae.fr/article.php?IdArticle=8514083 False Malware,Threat,Legislation None 2.0000000000000000 Cisco - Security Firm Blog

---

Discover how the Cisco XDR and Meraki MX integration provides advanced threat detection and network insights. Join us at Cisco Live 2024 for a demo.]]> 2024-06-06T12:00:21+00:00 https://feedpress.me/link/23535/16706450/securing-meraki-networks-with-cisco-xdr www.secnews.physaphae.fr/article.php?IdArticle=8514030 False Threat None 2.0000000000000000 Bleeping Computer - Magazine Américain Chinese shopping platform Pandabuy told BleepingComputer it previously paid a a ransom demand to prevent stolen data from being leaked, only for the same threat actor to extort the company again this week. [...]]]> 2024-06-06T11:18:01+00:00 https://www.bleepingcomputer.com/news/security/pandabuy-pays-ransom-to-hacker-only-to-get-extorted-again/ www.secnews.physaphae.fr/article.php?IdArticle=8514172 False Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Supply chains pose a significant but often invisible risk to organizations across all sectors, experts warn]]> 2024-06-06T11:00:00+00:00 https://www.infosecurity-magazine.com/news/infosec2024-supply-chains-hidden/ www.secnews.physaphae.fr/article.php?IdArticle=8514050 False Threat None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial Des chercheurs de la société de sécurité Sophos ont détaillé l'opération Crimson Palace Clusters de menace d'activités parrainées par l'État chinois ciblant un sud-est ...

---

>Researchers from security firm Sophos detailed Operation Crimson Palace threat clusters of Chinese state-sponsored activity targeting a Southeast... ]]> 2024-06-06T10:53:05+00:00 https://industrialcyber.co/ransomware/chinese-state-sponsored-cyberespionage-crimson-palace-campaign-targets-southeast-asia-federal-agency/ www.secnews.physaphae.fr/article.php?IdArticle=8514045 False Threat None 2.0000000000000000 Dragos - CTI Society Les informations fournies ici proviennent de chasseurs d'adversaires et d'analystes de la cyber-menace de l'intelligence et des analystes qui effectuent des recherches sur l'adversaire ... Le post ciblage de la technologie opérationnelle: le chemin du Hacktivist \\ vers l'attention et la perturbation du public Il est apparu pour la première fois sur dragos .

---

>Information provided here is sourced from Dragos OT Cyber Threat Intelligence adversary hunters and analysts who conduct research on adversary... The post Targeting Operational Technology: The Hacktivist\'s Path to Public Attention and Disruption first appeared on Dragos.]]> 2024-06-06T06:00:00+00:00 https://www.dragos.com/blog/hacktivist-tactics-targeting-operational-technology/ www.secnews.physaphae.fr/article.php?IdArticle=8514032 False Threat,Industrial None 2.0000000000000000 The State of Security - Magazine Américain Threats to sensitive data are everywhere. From sophisticated cybercriminal syndicates to accidental exposure to nation-state-backed advanced persistent threat (APT) groups and everything in between, it\'s never been more critical for organizations to have the correct data protection tools. When designing how to protect company information from loss, regardless of the method, companies deploy a “defense in depth” strategy or leverage multiple security measures to protect an organization\'s assets. When correlated, this creates a powerful approach to identifying when something is going wrong in...]]> 2024-06-06T02:57:41+00:00 https://www.tripwire.com/state-of-security/what-difference-between-fim-and-dlp www.secnews.physaphae.fr/article.php?IdArticle=8514036 False Tool,Threat None 3.0000000000000000 The Register - Site journalistique Anglais Beware of zero-click malware sliding into your DMs Miscreants exploited a zero-day in TikTok to compromised the accounts of CNN and other big names. The app maker has confirmed there was a cyberattack, and that it has scrambled to secure accounts and prevent any further exploitation.… ]]> 2024-06-05T21:45:10+00:00 https://go.theregister.com/feed/www.theregister.com/2024/06/05/tiktok_confirms_cnn_accounts_hijacked/ www.secnews.physaphae.fr/article.php?IdArticle=8513866 False Malware,Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch CVE-2020-1472 is a privilege escalation flaw that allows an attacker to take over an organization\'s domain controllers.]]> 2024-06-05T21:24:14+00:00 https://www.darkreading.com/cyberattacks-data-breaches/ransomhub-actors-exploit-zerologon-vuln-in-recent-ransomware-attacks www.secnews.physaphae.fr/article.php?IdArticle=8513868 False Ransomware,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-06-05T21:10:50+00:00 https://community.riskiq.com/article/aff8b8d5 www.secnews.physaphae.fr/article.php?IdArticle=8513887 False Ransomware,Spam,Malware,Tool,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-06-05T20:12:47+00:00 https://community.riskiq.com/article/57d133ec www.secnews.physaphae.fr/article.php?IdArticle=8513888 False Ransomware,Malware,Tool,Vulnerability,Threat,Patching None 2.0000000000000000 TechRepublic - Security News US Find out how the cyberespionage threat actor LilacSquid operates, and then learn how to protect your business from this security risk.]]> 2024-06-05T19:13:11+00:00 https://www.techrepublic.com/article/cisco-talos-lilacsquid-purpleink-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8513811 False Malware,Threat None 2.0000000000000000