This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-06-26T01:13:21+00:00 www.secnews.physaphae.fr SecurityWeek - Security News Le malware ICS lié à la Russie nommé Cosmicenergy ne constitue pas une menace directe pour les systèmes OT car il contient des erreurs et manque de maturité.

---

>The Russia-linked ICS malware named CosmicEnergy does not pose a direct threat to OT systems as it contains errors and lacks maturity. ]]> 2023-06-13T15:30:40+00:00 https://www.securityweek.com/cosmicenergy-ics-malware-poses-no-immediate-threat-but-should-not-be-ignored/ www.secnews.physaphae.fr/article.php?IdArticle=8344880 False Malware,Threat CosmicEnergy ,CosmicEnergy 3.0000000000000000 Global Security Mag - Site de news francais rapports spéciaux

---

CRITICALSTART® Unveils Mid-Year Cyber Threat Intelligence Report Highlighting Key Threats Disrupting Businesses Report finds two-step phishing attacks increasing; Beep malware top of mind for organizations; state-sponsored cyber-espionage on the rise - Special Reports]]> 2023-06-13T14:37:47+00:00 https://www.globalsecuritymag.fr/CRITICALSTART-R-Unveils-Mid-Year-Cyber-Threat-Intelligence-Report-Highlighting.html www.secnews.physaphae.fr/article.php?IdArticle=8344852 False Malware,Threat None 2.0000000000000000 TechRepublic - Security News US Les hypothèses d'une entreprise ne devraient pas faire sur ses défenses DDOS et les mesures qu'elle devrait prendre maintenant pour réduire sa probabilité d'attaque.

---

>The assumptions a business shouldn\'t make about its DDoS defenses and the steps it should take now to reduce its likelihood of attack. ]]> 2023-06-13T14:18:37+00:00 https://www.techrepublic.com/article/ddos-threats-defense/ www.secnews.physaphae.fr/article.php?IdArticle=8344841 False Threat,General Information,Guideline None 2.0000000000000000 Global Security Mag - Site de news francais rapports spéciaux

---

Economic squeeze and rise of AI increase identity-centric cybersecurity risk • 100% of UK organisations expect an identity-related security compromise in 2023 • Human and machine identities per firm set to more than triple - Special Reports]]> 2023-06-13T13:47:29+00:00 https://www.globalsecuritymag.fr/The-CyberArk-2023-Identity-Security-Threat-Landscape-Report.html www.secnews.physaphae.fr/article.php?IdArticle=8344827 False Threat None 2.0000000000000000 knowbe4 - cybersecurity services CyberheistNews Vol 13 #24  |   June 13th, 2023 [The Mind\'s Bias] Pretexting Now Tops Phishing in Social Engineering Attacks The New Verizon DBIR is a treasure trove of data. As we will cover a bit below, Verizon reported that 74% of data breaches Involve the "Human Element," so people are one of the most common factors contributing to successful data breaches. Let\'s drill down a bit more in the social engineering section. They explained: "Now, who has received an email or a direct message on social media from a friend or family member who desperately needs money? Probably fewer of you. This is social engineering (pretexting specifically) and it takes more skill. "The most convincing social engineers can get into your head and convince you that someone you love is in danger. They use information they have learned about you and your loved ones to trick you into believing the message is truly from someone you know, and they use this invented scenario to play on your emotions and create a sense of urgency. The DBIR Figure 35 shows that Pretexting is now more prevalent than Phishing in Social Engineering incidents. However, when we look at confirmed breaches, Phishing is still on top." A social attack known as BEC, or business email compromise, can be quite intricate. In this type of attack, the perpetrator uses existing email communications and information to deceive the recipient into carrying out a seemingly ordinary task, like changing a vendor\'s bank account details. But what makes this attack dangerous is that the new bank account provided belongs to the attacker. As a result, any payments the recipient makes to that account will simply disappear. BEC Attacks Have Nearly Doubled It can be difficult to spot these attacks as the attackers do a lot of preparation beforehand. They may create a domain doppelganger that looks almost identical to the real one and modify the signature block to show their own number instead of the legitimate vendor. Attackers can make many subtle changes to trick their targets, especially if they are receiving many similar legitimate requests. This could be one reason why BEC attacks have nearly doubled across the DBIR entire incident dataset, as shown in Figure 36, and now make up over 50% of incidents in this category. Financially Motivated External Attackers Double Down on Social Engineering Timely detection and response is crucial when dealing with social engineering attacks, as well as most other attacks. Figure 38 shows a steady increase in the median cost of BECs since 2018, now averaging around $50,000, emphasizing the significance of quick detection. However, unlike the times we live in, this section isn\'t all doom and ]]> 2023-06-13T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-24-the-minds-bias-pretexting-now-tops-phishing-in-social-engineering-attacks www.secnews.physaphae.fr/article.php?IdArticle=8344804 False Spam,Malware,Vulnerability,Threat,Patching ChatGPT,ChatGPT,APT 43,APT 37,Uber 2.0000000000000000 IT Security Guru - Blog Sécurité Today, Dragos Inc. has announced the launch of the Dragos Global Partner Program, the only channel program to comprise OT cybersecurity technology, services, and threat intelligence. The Dragos Partner Program also offers training that prepares partners as experts who can offer their customers assessment services based on Dragos\'s proven assessment methodology; resell the Dragos Platform […] ]]> 2023-06-13T12:36:04+00:00 https://www.itsecurityguru.org/2023/06/13/dragos-launches-ot-cyber-industrys-only-global-partner-program-to-span-technology-services-threat-intelligence-and-training/?utm_source=rss&utm_medium=rss&utm_campaign=dragos-launches-ot-cyber-industrys-only-global-partner-program-to-span-technology-services-threat-intelligence-and-training www.secnews.physaphae.fr/article.php?IdArticle=8344787 False Threat None 2.0000000000000000 Soc Radar - Blog spécialisé SOC Zacks Investment Research has suffered an undisclosed data breach. As a result, a threat actor... ]]> 2023-06-13T10:53:30+00:00 https://socradar.io/data-breach-at-zacks-investment-research-8-8m-customer-records-are-exposed/ www.secnews.physaphae.fr/article.php?IdArticle=8344763 False Data Breach,Threat None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC fastest-growing consumer app in internet history, reaching 100 million users as 2023 began. The generative AI application has revolutionized not only the world of artificial intelligence but is impacting almost every industry. In the world of cybersecurity, new tools and technologies are typically adopted quickly; unfortunately, in many cases, bad actors are the earliest to adopt and adapt. This can be bad news for your business, as it escalates the degree of difficulty in managing threats.  Using ChatGPT’s large language model, anyone can easily generate malicious code or craft convincing phishing emails, all without any technical expertise or coding knowledge. While cybersecurity teams can leverage ChatGPT defensively, the lower barrier to entry for launching a cyberattack has both complicated and escalated the threat landscape. Understanding the role of ChatGPT in modern ransomware attacks We’ve written about ransomware many times, but it’s crucial to reiterate that the cost to individuals, businesses, and institutions can be massive, both financially and in terms of data loss or reputational damage. With AI, cybercriminals have a potent tool at their disposal, enabling more precise, adaptable, and stealthy attacks. They\'re using machine learning algorithms to simulate trusted entities, create convincing phishing emails, and even evade detection. The problem isn\'t just the sophistication of the attacks, but their sheer volume. With AI, hackers can launch attacks on an unprecedented scale, exponentially expanding the breadth of potential victims. Today, hackers use AI to power their ransomware attacks, making them more precise, adaptable, and destructive. Cybercriminals can leverage AI for ransomware in many ways, but perhaps the easiest is more in line with how many ChatGPT users are using it: writing and creating content. For hackers, especially foreign ransomware gangs, AI can be used to craft sophisticated phishing emails that are much more difficult to detect than the poorly-worded message that was once so common with bad actors (and their equally bad grammar). Even more concerning, ChatGPT-fueled ransomware can mimic the style and tone of a trusted individual or company, tricking the recipient into clicking a malicious link or downloading an infected attachment. This is where the danger lies. Imagine your organization has the best cybersecurity awareness program, and all your employees have gained expertise in deciphering which emails are legitimate and which can be dangerous. Today, if the email can mimic tone and appear 100% genuine, how are the employees going to know? It’s almost down to a coin flip in terms of odds. Furthermore, AI-driven ransomware can study the behavior of the security software on a system, identify patterns, and then either modify itself or choose th]]> 2023-06-13T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/how-chatgpt-is-revolutionizing-ransomware-attacks www.secnews.physaphae.fr/article.php?IdArticle=8344709 False Ransomware,Malware,Tool,Threat ChatGPT,ChatGPT 2.0000000000000000 Soc Radar - Blog spécialisé SOC New threat actors are emerging on the dark web daily, and cybercrimes are increasing exponentially.... ]]> 2023-06-13T09:43:28+00:00 https://socradar.io/what-is-new-in-the-mitre-attck-framework-v12-and-v13/ www.secnews.physaphae.fr/article.php?IdArticle=8345219 False Threat None 2.0000000000000000 Mandiant - Blog Sécu de Mandiant ne prennent généralement pas en charge Edr tels que les appareils réseau, les tableaux SAN, etHôtes VMware ESXi. À la fin de 2022, les détails publiés mandiant entourant un Nouveau système de logiciels malveillants Déploié par unc3886, un groupe de cyber-espionnage chinois, qui Impact hôtes VMware ESXi impactés ESXI Hosts ESXi impactés ESXi hôtes ESXi Hosts VMware ESXI Hosts VMware ESXI IACT., serveurs vCenter

---

Requires access to the hypervisor to exploit the vulnerability (e.g. through stolen ESXi credentials) As Endpoint Detection and Response (EDR) solutions improve malware detection efficacy on Windows and Linux systems, certain state-sponsored threat actors have shifted to developing and deploying malware on systems that do not generally support EDR such as network appliances, SAN arrays, and VMware ESXi hosts.  In late 2022, Mandiant published details surrounding a novel malware system deployed by UNC3886, a Chinese cyber espionage group, which impacted VMware ESXi hosts, vCenter servers]]> 2023-06-13T09:00:00+00:00 https://www.mandiant.com/resources/blog/vmware-esxi-zero-day-bypass www.secnews.physaphae.fr/article.php?IdArticle=8377348 False Malware,Vulnerability,Threat None 4.0000000000000000 AhnLab - Korean Security Firm Ahnlab Security Emergency Response Center (ASEC) surveille les menaces par e-mail avec le système d'analyse automatique ASEC (Rapit) et le pot de miel.Ce message couvrira les cas de distribution des e-mails de phishing au cours de la semaine du 28 mai 2023 au 3 juin 2023 et fournira des informations statistiques sur chaque type.Généralement, le phishing est cité comme une attaque qui fuit les utilisateurs & # 8217;Connexion des informations de connexion en déguisant ou en imitant un institut, une entreprise ou un individu grâce à des méthodes d'ingénierie sociale.Sur une note plus large, ...

---

AhnLab Security Emergency response Center (ASEC) monitors phishing email threats with the ASEC automatic sample analysis system (RAPIT) and honeypot. This post will cover the cases of distribution of phishing emails during the week from May 28th, 2023 to June 3rd, 2023 and provide statistical information on each type. Generally, phishing is cited as an attack that leaks users’ login account credentials by disguising as or impersonating an institute, company, or individual through social engineering methods. On a broader note,... ]]> 2023-06-13T00:00:00+00:00 https://asec.ahnlab.com/en/54163/ www.secnews.physaphae.fr/article.php?IdArticle=8344625 False Threat None 2.0000000000000000 Dark Reading - Informationweek Branch The attack highlights growing interest among threat actors to target data from software-as-a-service providers.]]> 2023-06-12T22:26:00+00:00 https://www.darkreading.com/cloud/researchers-report-first-instance-of-automated-saas-ransomware-extortion www.secnews.physaphae.fr/article.php?IdArticle=8344560 False Ransomware,Threat,Cloud None 2.0000000000000000 Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique Netskope Threat Labs publie un article de blog de résumé mensuel des principales menaces que nous suivons sur la plate-forme Netskope.Le but de cet article est de fournir des renseignements stratégiques et exploitables sur les menaces actives contre les utilisateurs d'entreprise du monde entier.Les attaquants récapitulatifs continuent de tenter de voler sous le radar en utilisant des applications cloud pour fournir des logiciels malveillants, [& # 8230;]

---

>Netskope Threat Labs publishes a monthly summary blog post of the top threats we are tracking on the Netskope platform. The purpose of this post is to provide strategic, actionable intelligence on active threats against enterprise users worldwide. Summary Attackers continue to attempt to fly under the radar by using cloud apps to deliver malware, […] ]]> 2023-06-12T21:45:02+00:00 https://www.netskope.com/blog/netskope-threat-labs-stats-for-may-2023 www.secnews.physaphae.fr/article.php?IdArticle=8344549 False Threat,Cloud None 2.0000000000000000 Dark Reading - Informationweek Branch The group appears to be targeting victims based on their proximity and involvement to and within pro-Ukraine organizations.]]> 2023-06-12T19:34:00+00:00 https://www.darkreading.com/threat-intelligence/romcom-threat-actor-targets-ukrainian-politicians-us-healthcare www.secnews.physaphae.fr/article.php?IdArticle=8344510 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Security researchers have warned about an "easily exploitable" flaw in the Microsoft Visual Studio installer that could be abused by a malicious actor to impersonate a legitimate publisher and distribute malicious extensions. "A threat actor could impersonate a popular publisher and issue a malicious extension to compromise a targeted system," Varonis researcher Dolev Taler said. "Malicious]]> 2023-06-12T18:17:00+00:00 https://thehackernews.com/2023/06/researchers-uncover-publisher-spoofing.html www.secnews.physaphae.fr/article.php?IdArticle=8344399 False Threat None 2.0000000000000000 Dark Reading - Informationweek Branch Active threat hunting is the best protection against supply chain attacks like MOVEit and 3CX, experts say.]]> 2023-06-12T16:26:00+00:00 https://www.darkreading.com/threat-intelligence/supply-chain-attack-defense-threat-hunting-monitoring www.secnews.physaphae.fr/article.php?IdArticle=8344451 False Threat None 2.0000000000000000 Checkpoint - Fabricant Materiel Securite Nous sommes fiers d'être nommés leader dans le Forrester Wave & # x2122;: Enterprise Email Security, Rapport Q2 2023.Email Harmony & # 38;La collaboration (HEC) a reçu le score le plus élevé possible dans neuf critères, notamment le filtrage des e-mails et la détection de messagerie malveillante, l'analyse et le traitement du contenu, les antimalware et le sable, la détection d'URL malveillante et la sécurité du contenu Web, la messagerie de la messagerie et de la collaboration, la sécurité des applications et des menaces, entre autres, entre autres.Comme le note le rapport, «les pros de sécurité et les risques intéressés par un passage à une solution basée sur l'API sans certaines fonctionnalités SEG standard devraient évaluer le point de contrôle de l'harmonie par e-mail & # 38;Collaboration."Les classements des fournisseurs sont basés sur une analyse rigoureuse et approfondie dans [& # 8230;]

---

>We’re proud to be named a Leader in The Forrester Wave™: Enterprise Email Security, Q2 2023 report. Harmony Email & Collaboration (HEC) received the highest score possible in nine criteria, including email filtering and malicious email detection, content analysis and processing, antimalware and sandboxing, malicious URL detection and web content security, messaging and collaboration app security, and threat intelligence, among others. As the report notes, “security and risk pros interested in a move to an API-based solution without some standard SEG features should evaluate Check Point Harmony Email & Collaboration.” Vendor rankings are based on a rigorous, in-depth analysis across […] ]]> 2023-06-12T15:56:25+00:00 https://blog.checkpoint.com/harmony-email/forrester-names-check-point-a-leader-in-enterprise-email-security-wave/ www.secnews.physaphae.fr/article.php?IdArticle=8344435 False Threat None 2.0000000000000000 Checkpoint Research - Fabricant Materiel Securite Pour les dernières découvertes de cyber-recherche pour la semaine du 12 juin, veuillez télécharger notre Bulletin Menace_Intelligence Top Attacks and Breach Cl0p Ransomware Gang a revendiqué la responsabilité d'une exploitation majeure d'un outil de transfert de fichiers géré & # 8211;Le gang a exploité la vulnérabilité d'injection SQL zéro-jour (CVE-2023-34362) qui a potentiellement exposé les données de centaines d'entreprises.[& # 8230;]

---

>For the latest discoveries in cyber research for the week of 12th June, please download our Threat_Intelligence Bulletin TOP ATTACKS AND BREACHES Cl0p ransomware gang claimed responsibility for a major exploitation of a managed file transfer tool – The gang leveraged zero-day SQL injection vulnerability (CVE-2023-34362) that potentially exposed the data of hundreds of companies. […] ]]> 2023-06-12T14:29:50+00:00 https://research.checkpoint.com/2023/12th-june-threat-intelligence-report/ www.secnews.physaphae.fr/article.php?IdArticle=8344411 False Ransomware,Tool,Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A previously undetected cryptocurrency scam has leveraged a constellation of over 1,000 fraudulent websites to ensnare users into a bogus rewards scheme since at least January 2021. "This massive campaign has likely resulted in thousands of people being scammed worldwide," Trend Micro researchers said in a report published last week, linking it to a Russian-speaking threat actor named "Impulse]]> 2023-06-12T13:00:00+00:00 https://thehackernews.com/2023/06/beware-1000-fake-cryptocurrency-sites.html www.secnews.physaphae.fr/article.php?IdArticle=8344320 False Threat,Prediction None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Fortinet has released patches to address a critical security flaw in its FortiGate firewalls that could be abused by a threat actor to achieve remote code execution. The vulnerability, tracked as CVE-2023-27997, is "reachable pre-authentication, on every SSL VPN appliance," Lexfo Security researcher Charles Fol, who discovered and reported the flaw, said in a tweet over the weekend. Details]]> 2023-06-12T12:19:00+00:00 https://thehackernews.com/2023/06/critical-rce-flaw-discovered-in.html www.secnews.physaphae.fr/article.php?IdArticle=8344305 False Threat None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC 2023-06-12T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/understanding-ai-risks-and-how-to-secure-using-zero-trust www.secnews.physaphae.fr/article.php?IdArticle=8344332 False Tool,Threat ChatGPT,ChatGPT 2.0000000000000000 CrowdStrike - CTI Society Japan, known for its innovation and efficiency, is a globally recognized industry leader. This puts Japan-based organizations at risk of being recognized as potentially valuable targets by both criminally motivated and targeted cyber adversaries. This blog, directly from the front lines of CrowdStrike® Falcon OverWatch™ threat hunting, shares intrusion insights drawn from activity observed in […]]]> 2023-06-12T00:52:24+00:00 https://www.crowdstrike.com/blog/japanese-overwatch-adversary-insights/ www.secnews.physaphae.fr/article.php?IdArticle=8346223 False Threat None 2.0000000000000000 Kovrr - cyber risk management platform 2023-06-12T00:00:00+00:00 https://www.kovrr.com/reports/ransomware-in-transportation-a-deep-dive-into-cybersecurity-threats-and-trends www.secnews.physaphae.fr/article.php?IdArticle=8393596 False Ransomware,Malware,Threat None 3.0000000000000000 UnderNews - Site de news "pirate" francais Le malware le plus recherché en mai 2023 : la nouvelle version de Guloader, un téléchargeur d'applications largement répandu, fournit des charges utiles chiffrées basées sur le cloud. Le Check Point’s Global Threat Index révèle l’existence de malwares innovants, chiffrés et basés sur le cloud donc moins détectable ; le secteur de l’éducation et de […] The post Most Wanted : Classement Top Malware Check Point – Mai 2023 first appeared on UnderNews.]]> 2023-06-10T16:11:05+00:00 https://www.undernews.fr/malwares-virus-antivirus/most-wanted-classement-top-malware-check-point-mai-2023.html www.secnews.physaphae.fr/article.php?IdArticle=8343940 True Malware,Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor known as Asylum Ambuscade has been observed straddling cybercrime and cyber espionage operations since at least early 2020. "It is a crimeware group that targets bank customers and cryptocurrency traders in various regions, including North America and Europe," ESET said in an analysis published Thursday. "Asylum Ambuscade also does espionage against government entities in Europe]]> 2023-06-09T19:07:00+00:00 https://thehackernews.com/2023/06/asylum-ambuscade-cybercrime-group-with.html www.secnews.physaphae.fr/article.php?IdArticle=8343674 False Threat None 2.0000000000000000 Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique Résumé Le but de la série Roundup de Netkope Threat Labs est de fournir aux équipes de sécurité des entreprises un mémoire de la meilleure cybersécurité du monde entier.Le mémoire comprend des résumés et des liens vers les meilleurs articles couvrant des menaces compatibles avec le cloud, des logiciels malveillants et des ransomwares.Top Stories Security incident sur Twitter exposant les tweets a [& # 8230;]

---

>Summary The purpose of the Netskope Threat Labs News Roundup series is to provide enterprise security teams an actionable brief on the top cybersecurity news from around the world. The brief includes summaries and links to the top news items spanning cloud-enabled threats, malware, and ransomware. Top Stories Security incident on Twitter exposing tweets A […] ]]> 2023-06-09T17:48:19+00:00 https://www.netskope.com/blog/threat-labs-news-roundup-may-2023 www.secnews.physaphae.fr/article.php?IdArticle=8343729 False Threat None 2.0000000000000000 Dark Reading - Informationweek Branch Security teams should be empowered with the right amount of intelligence to track new and emerging threats and connect that intel to historical data.]]> 2023-06-09T13:35:00+00:00 https://www.darkreading.com/microsoft/how-continuous-monitoring-and-threat-intel-can-help-prevent-ransomware www.secnews.physaphae.fr/article.php?IdArticle=8343673 False Ransomware,Threat None 2.0000000000000000 Veracode - Application Security Research, News, and Education Blog Introduction   In today\'s digital landscape, the importance of application security cannot be overstated, as businesses worldwide face evolving cyber threats. Both defenders and attackers are now harnessing the power of Artificial Intelligence (AI) to their advantage. As AI-driven attacks become increasingly sophisticated, it is crucial for organizations to adopt a comprehensive approach to application security that effectively addresses this emerging threat landscape. In this blog post, we will explore the significance of adopting a robust application security strategy in the face of AI-driven attacks and provide concrete examples to support our claims.   The Evolving Threat Landscape: AI-powered Attacks   AI has transformed numerous industries, unfortunately including cybercrime. Hackers are leveraging AI to develop advanced and automated attacks that can bypass traditional security measures. Let\'s delve into some concrete examples of AI-powered attacks:   1. AI-powered Malware:…]]> 2023-06-09T12:10:38+00:00 https://www.veracode.com/blog/intro-appsec/application-security-era-ai-driven-attacks www.secnews.physaphae.fr/article.php?IdArticle=8343707 False Threat None 2.0000000000000000 Checkpoint - Fabricant Materiel Securite Vérifier la recherche sur les points rapportés sur une nouvelle version du téléchargeur basé sur Shellcode Guloader avec des charges utiles entièrement cryptées pour la livraison basée sur le cloud.Notre dernier indice mondial des menaces pour le mois de mai 2023 a vu des chercheurs se présenter sur une nouvelle version du téléchargeur basé sur Shellcode Guloader, qui était le quatrième malware le plus répandu.Avec des charges utiles entièrement chiffrées et des techniques d'anti-analyse, le dernier formulaire peut être stocké non détecté dans des services de cloud public bien connues, y compris Google Drive.Pendant ce temps, QBOT et Anubis prennent la première place sur leurs listes respectives, et l'éducation / la recherche est restée l'industrie la plus exploitée.Guloader est l'un des cybercriminels les plus importants utilisés pour échapper à l'antivirus [& # 8230;]

---

>Check Point Research reported on a new version of shellcode-based downloader GuLoader featuring fully encrypted payloads for cloud-based delivery.   Our latest Global Threat Index for May 2023 saw researchers report on a new version of shellcode-based downloader GuLoader, which was the fourth most prevalent malware. With fully encrypted payloads and anti-analysis techniques, the latest form can be stored undetected in well-known public cloud services, including Google Drive. Meanwhile, Qbot and Anubis are taking first place on their respective lists, and Education/Research remained the most exploited industry. GuLoader is one of the most prominent downloader cybercriminals use to evade antivirus […] ]]> 2023-06-09T11:00:42+00:00 https://blog.checkpoint.com/security/may-2023s-most-wanted-malware-new-version-of-guloader-delivers-encrypted-cloud-based-payloads/ www.secnews.physaphae.fr/article.php?IdArticle=8343642 False Threat,Cloud None 2.0000000000000000 Dragos - CTI Society Dragos a récemment analysé le nouveau logiciel malveillant des systèmes de contrôle industriel (ICS) surnommé CosmiceCénergie par Mandiant le 25 mai 2023. Ce malware, ... Le post Les logiciels malveillants cosmicenergy ne sont pas une menace immédiateaux systèmes de contrôle industriel est apparu pour la première fois sur dragos .

---

>Dragos recently analyzed the new industrial control systems (ICS) malware dubbed COSMICENERGY by Mandiant on May 25, 2023. This malware,... The post COSMICENERGY Malware Is Not an Immediate Threat to Industrial Control Systems first appeared on Dragos.]]> 2023-06-09T11:00:00+00:00 https://www.dragos.com/blog/cosmicenergy-malware-is-not-an-immediate-threat-to-industrial-control-systems/ www.secnews.physaphae.fr/article.php?IdArticle=8343551 False Malware,Threat,Industrial CosmicEnergy ,CosmicEnergy 3.0000000000000000 Global Security Mag - Site de news francais Business]]> 2023-06-09T07:48:01+00:00 https://www.globalsecuritymag.fr/Classement-Top-Malware-Check-Point-Mai-2023-Le-malware-le-plus-recherche-en-mai.html www.secnews.physaphae.fr/article.php?IdArticle=8343522 False Malware,Threat,Cloud None 2.0000000000000000 AhnLab - Korean Security Firm Dans ce rapport, nous couvrons des groupes de menaces dirigés par la nation présumés de mener des activités de cyber-intelligence ou destructrices sous lesSoutien des gouvernements de certains pays, appelés «groupes de menace persistante avancés (APT)» par souci de commodité.Par conséquent, ce rapport ne contient pas d'informations sur les groupes de cybercriminaux visant à obtenir des bénéfices financiers.Nous avons organisé des analyses liées aux groupes APT divulgués par les sociétés de sécurité et les institutions au cours du mois précédent;Cependant, le contenu de certains groupes APT peut ne pas ...

---

In this report, we cover nation-led threat groups presumed to conduct cyber intelligence or destructive activities under the support of the governments of certain countries, referred to as “Advanced Persistent Threat (APT) groups” for the sake of convenience. Therefore, this report does not contain information on cyber criminal groups aiming to gain financial profits. We organized analyses related to APT groups disclosed by security companies and institutions during the previous month; however, the content of some APT groups may not... ]]> 2023-06-09T05:10:18+00:00 https://asec.ahnlab.com/en/53971/ www.secnews.physaphae.fr/article.php?IdArticle=8343504 False Threat,Prediction None 2.0000000000000000 AhnLab - Korean Security Firm Ce rapport de tendance sur le web profond et le réseau sombre d'avril 2023 est sectionné en ransomware, forums & # & #38;Marchés noirs et acteur de menace.Nous tenons à dire à l'avance qu'une partie du contenu n'a pas encore été confirmée comme vraie.Ransomware Alphv (Blackcat) Akira Cipherlocker Lockbit Money Message Forum & # 38;Clôture du marché noir du marché Genesis après la clôture des forums violés de la menace des forums du groupe de retraite du groupe de retraite.

---

This trend report on the deep web and dark web of April 2023 is sectioned into Ransomware, Forums & Black Markets, and Threat Actor. We would like to state beforehand that some of the content has yet to be confirmed to be true. Ransomware ALPHV (BlackCat) Akira CipherLocker LockBit Money Message  Forum & Black Market Closing of Genesis Market  After the Closing of Breached Forums Threat Actor Bassterlord’s Retirement Hacktivist Group’s Activity ATIP_2023_Apr_Deep Web and Dark Web Threat Trend Report ]]> 2023-06-09T05:09:33+00:00 https://asec.ahnlab.com/en/53983/ www.secnews.physaphae.fr/article.php?IdArticle=8343505 False Ransomware,Threat,Prediction None 2.0000000000000000 AhnLab - Korean Security Firm Ce rapport fournit des statistiques sur de nouveaux échantillons de ransomware, des systèmes attaqués et des entreprises ciblées en avril 2023, ainsi queEn tant que problèmes de ransomware notables en Corée et à l'étranger.D'autres problèmes et statistiques majeurs pour les ransomwares qui ne sont pas mentionnés dans le rapport peuvent être trouvés en recherchant les mots clés suivants ou via le menu Statistiques de la plate-forme AHNLAB Threat Intelligence (ATIP).Les statistiques des ransomwares en tapant le nombre d'échantillons de ransomware et de systèmes ciblés sont basés sur les noms de détection désignés par ...

---

This report provides statistics on new ransomware samples, attacked systems, and targeted businesses in April 2023, as well as notable ransomware issues in Korea and overseas. Other major issues and statistics for ransomware that are not mentioned in the report can be found by searching for the following keywords or via the Statistics menu at AhnLab Threat Intelligence Platform (ATIP). Ransomware Statistics by Type The number of ransomware samples and targeted systems are based on the detection names designated by... ]]> 2023-06-09T05:08:34+00:00 https://asec.ahnlab.com/en/53988/ www.secnews.physaphae.fr/article.php?IdArticle=8343506 False Ransomware,Threat,Prediction None 2.0000000000000000 AhnLab - Korean Security Firm Les activités de Kimsuky en mars en mars en mars en mars, tombant sous la moitié du nombre du mois précédent.Les domaines coréens ont été utilisés pour la puissance de fleurs comme avant sans changements majeurs, et le type de pierre aléatoire est également resté le même.Enfin, nous avons confirmé que le domaine responsable de la distribution d'Appleseed a diffusé le script de configuration de bureau à distance Google Chrome.En outre, le fichier dropper et le fichier Appleseed ont utilisé des valeurs d'argument différentes, qui est un changement ...

---

The Kimsuky group’s activities in April 2023 showed a decline in comparison to their activities in March, falling under half the number of the previous month. Korean domains were used for FlowerPower like before without major changes, and the RandomQuery type also remained the same. Lastly, we confirmed that the domain responsible for distributing AppleSeed has been spreading the Google Chrome Remote Desktop setup script. Also, the dropper file and AppleSeed file used different argument values, which is a shift... ]]> 2023-06-09T05:06:21+00:00 https://asec.ahnlab.com/en/53977/ www.secnews.physaphae.fr/article.php?IdArticle=8343508 False Threat,Prediction None 2.0000000000000000 AhnLab - Korean Security Firm Ahnlab Security Emergency Response Center (ASEC) surveille les menaces par e-mail avec le système d'analyse automatique ASEC (Rapit) et le pot de miel.Ce message couvrira les cas de distribution des e-mails de phishing au cours de la semaine du 21 mai 2023 au 27 mai 2023 et fournira des informations statistiques sur chaque type.Généralement, le phishing est cité comme une attaque qui fuit les utilisateurs & # 8217;Connexion des informations de connexion en déguisant ou en imitant un institut, une entreprise ou un individu grâce à des méthodes d'ingénierie sociale.Sur une note plus large, ...

---

AhnLab Security Emergency response Center (ASEC) monitors phishing email threats with the ASEC automatic sample analysis system (RAPIT) and honeypot. This post will cover the cases of distribution of phishing emails during the week from May 21st, 2023 to May 27th, 2023 and provide statistical information on each type. Generally, phishing is cited as an attack that leaks users’ login account credentials by disguising as or impersonating an institute, company, or individual through social engineering methods. On a broader note,... ]]> 2023-06-08T23:00:00+00:00 https://asec.ahnlab.com/en/53726/ www.secnews.physaphae.fr/article.php?IdArticle=8343447 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Details have emerged about a now-patched actively exploited security flaw in Microsoft Windows that could be abused by a threat actor to gain elevated privileges on affected systems. The vulnerability, tracked as CVE-2023-29336, is rated 7.8 for severity and concerns an elevation of privilege bug in the Win32k component. "An attacker who successfully exploited this vulnerability could gain]]> 2023-06-08T20:29:00+00:00 https://thehackernews.com/2023/06/experts-unveil-poc-exploit-for-recent.html www.secnews.physaphae.fr/article.php?IdArticle=8343331 False Vulnerability,Threat None 2.0000000000000000 Krebs on Security - Chercheur Américain It\'s not often that a zero-day vulnerability causes a network security vendor to urge customers to physically remove and decommission an entire line of affected hardware -- as opposed to just applying software updates. But experts say that is exactly what transpired this week with Barracuda Networks, as the company struggled to combat a sprawling malware threat which appears to have undermined its email security appliances in such a fundamental way that they can no longer be safely updated with software fixes.]]> 2023-06-08T20:17:06+00:00 https://krebsonsecurity.com/2023/06/barracuda-urges-replacing-not-patching-its-email-security-gateways/ www.secnews.physaphae.fr/article.php?IdArticle=8343399 False Malware,Vulnerability,Threat,Patching None 4.0000000000000000 Dark Reading - Informationweek Branch Patching, wiping ESG devices not enough to deny threat actor access following compromise, Barracuda says.]]> 2023-06-08T18:29:00+00:00 https://www.darkreading.com/attacks-breaches/barracuda-warns-all-esg-appliances-need-urgent-rip-and-replace- www.secnews.physaphae.fr/article.php?IdArticle=8343385 False Threat None 2.0000000000000000 Checkpoint - Fabricant Materiel Securite Faits saillants: Check Point Research a identifié une porte dérobée utilisée pour des attaques d'espionnage hautement ciblées en Libye.La nouvelle porte dérobée, surnommée «Stealth Soldat», est spécialisée dans les fonctions de surveillance comme l'exfiltration des fichiers, l'enregistrement d'écran, la journalisation de la touche et le vol d'informations sur le navigateur.L'infrastructure associée au soldat de furtivité a des chevauchements avec celle de «l'œil sur le Nil», marquant la réapparition possible de cet acteur de menace depuis leurs activités ciblant la société civile égyptienne en 2019. Résumé exécutif au premier trimestre de 2023, la région africaineavait le plus grand nombre de cyberattaques hebdomadaires moyennes par organisation & # 8211;1 983.Maintenant, Check Point Research (RCR) a identifié [& # 8230;]

---

>Highlights: Check Point Research identified a backdoor used for highly targeted espionage attacks in Libya. The new backdoor, dubbed “Stealth Soldier,” specializes in surveillance functions like file exfiltration, screen recording, keystroke logging, and stealing browser information. The infrastructure associated with Stealth Soldier has some overlaps with that of “The Eye on the Nile,” marking the possible reappearance of this threat actor since their activities targeting Egyptian civilian society in 2019. Executive summary In the first quarter of 2023, the African region had the highest number of average weekly cyberattacks per organization – 1,983. Now, Check Point Research (CPR) has identified […] ]]> 2023-06-08T15:43:02+00:00 https://blog.checkpoint.com/security/check-point-research-warns-of-new-backdoor-used-in-targeted-espionage-attacks-in-north-africa/ www.secnews.physaphae.fr/article.php?IdArticle=8343344 False Threat None 2.0000000000000000 Global Security Mag - Site de news francais revues de produits

---

Kyndryl and AWS Collaborate on Cyber Threat Intelligence Platform - Product Reviews]]> 2023-06-08T13:24:48+00:00 https://www.globalsecuritymag.fr/Kyndryl-and-AWS-Collaborate-on-Cyber-Threat-Intelligence-Platform.html www.secnews.physaphae.fr/article.php?IdArticle=8343321 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korean nation-state threat actor known as Kimsuky has been linked to a social engineering campaign targeting experts in North Korean affairs with the goal of stealing Google credentials and delivering reconnaissance malware. "Further, Kimsuky\'s objective extends to the theft of subscription credentials from NK News," cybersecurity firm SentinelOne said in a report shared with The]]> 2023-06-08T09:53:00+00:00 https://thehackernews.com/2023/06/kimsuky-targets-think-tanks-and-news.html www.secnews.physaphae.fr/article.php?IdArticle=8343243 False Threat APT 43 3.0000000000000000 Soc Radar - Blog spécialisé SOC Ces dernières années, les attaques ciblant & # 160; les infrastructures critiques & # 160; et les chiffres politiques des États ont augmenté.Ces attaques sont ...

---

>In recent years, attacks targeting critical infrastructures and political figures of states have increased. These attacks are... ]]> 2023-06-08T09:34:51+00:00 https://socradar.io/countering-nation-state-cyber-attacks-with-threat-intelligence/ www.secnews.physaphae.fr/article.php?IdArticle=8343278 False Threat None 2.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET A curious case of a threat actor at the border between crimeware and cyberespionage ]]> 2023-06-08T09:30:17+00:00 https://www.welivesecurity.com/2023/06/08/asylum-ambuscade-crimeware-or-cyberespionage/ www.secnews.physaphae.fr/article.php?IdArticle=8343480 False Threat None 2.0000000000000000 The State of Security - Magazine Américain Contrary to stereotype, today\'s cyberattacks aren\'t limited to complex tactics such as the use of zero-day exploits or polymorphic malware that flies under the radar of traditional defenses. Instead of going the extra mile to set such schemes in motion, most threat actors take a shortcut and piggyback the human factor. A combination of a would-be victim\'s security awareness gap, insufficient attention to detail, and innate gullibility create a potential recipe for disaster when seasoned cybercriminals step in. To increase the success rate of such attacks, fraudsters accurately align their...]]> 2023-06-08T04:07:03+00:00 https://www.tripwire.com/state-of-security/offbeat-social-engineering-tricks-scammers-handbook www.secnews.physaphae.fr/article.php?IdArticle=8343277 False Malware,Threat None 2.0000000000000000 Recorded Future - FLux Recorded Future Le géant japonais de la fermeture éclair, YKK, a confirmé que ses opérations américaines étaient ciblées par des pirates au cours des dernières semaines, mais ont déclaré qu'elle avait pu contenir la menace avant les dommages causés.La société basée à Tokyo ne dirait pas si elle avait été frappée de ransomwares, mais un porte-parole a déclaré à Future News qu'une fois que YKK a découvert que son américain

---

Japanese zipper giant YKK confirmed that its U.S. operations were targeted by hackers in recent weeks but said it was able to contain the threat before damage was caused. The Tokyo-based corporation would not say if it was hit with ransomware, but a spokesperson told Recorded Future News that once YKK discovered that its U.S.-based]]> 2023-06-07T19:04:00+00:00 https://therecord.media/ykk-zipper-manufacturer-cyberattack-us-operations www.secnews.physaphae.fr/article.php?IdArticle=8343122 False Threat None 3.0000000000000000 TechRepublic - Security News US Un récent rapport de Kaspersky a révélé une méthode d'attaque zéro-clic qui ne nécessite aucune action des victimes pour infecter les appareils iOS.

---

>A recent report from Kaspersky revealed a zero-click attack method that requires no action from victims to infect iOS devices. ]]> 2023-06-07T18:57:41+00:00 https://www.techrepublic.com/article/iphone-zero-click-hack/ www.secnews.physaphae.fr/article.php?IdArticle=8343098 False Threat None 4.0000000000000000 Veracode - Application Security Research, News, and Education Blog As the cyber threat landscape continues to evolve, you know there\'s a growing need to ensure applications and software are protected from malicious actors. A holistic and intelligent approach to threat and vulnerability management is essential for ensuring security against modern cyber risk. By leveraging AI-powered tools, especially for tasks like remediating security flaws, you can manage and reduce risk quickly and effectively. Let\'s explore why using AI to bolster and modernize your threat and vulnerability management strategies will pay off big time in the long run.  Reason 1: To Stay Ahead of Rapidly Evolving Cybersecurity Threats  Threat and vulnerability management helps businesses understand and respond to risk, but what about when the threat landscape is evolving so rapidly? When new threats emerge constantly, it\'s challenging to take a preventative approach to potential attacks in applications, software, and networks.  For example, one particularly concerning new trend is…]]> 2023-06-07T16:19:57+00:00 https://www.veracode.com/blog/intro-appsec/3-reasons-leverage-ai-enhanced-threat-and-vulnerability-management www.secnews.physaphae.fr/article.php?IdArticle=8343131 False Vulnerability,Threat,Prediction None 2.0000000000000000 Dark Reading - Informationweek Branch Threat actors are lifting public images and videos from the Internet, altering them, and posting them online in a new wave of sextortion campaigns.]]> 2023-06-07T14:38:00+00:00 https://www.darkreading.com/attacks-breaches/fbi-sextortionist-campaigns-deepfakes-children-adults www.secnews.physaphae.fr/article.php?IdArticle=8343047 False Threat None 2.0000000000000000 Global Security Mag - Site de news francais Investigations]]> 2023-06-07T12:09:09+00:00 https://www.globalsecuritymag.fr/Visual-Threat-Intelligence.html www.secnews.physaphae.fr/article.php?IdArticle=8343017 False Threat None 4.0000000000000000 Detection Engineering - Blog Sécu Threat actors, ya nice, sweet, fantastic!]]> 2023-06-07T12:01:51+00:00 https://www.detectionengineering.net/p/detection-engineering-weekly-26-i www.secnews.physaphae.fr/article.php?IdArticle=8342998 False Threat None 2.0000000000000000 IT Security Guru - Blog Sécurité Cybersecurity risk management specialists Outpost24 have today announced the acquisition of Sweepatic. Based in Leuven, Belgium, Sweepatic is an innovative external attack surface management (EASM) platform. Gartner identified EASM as a top Security and Risk Management (SRM) trend for 2022. By leveraging their EASM solution across Outpost24s full-stack security assessment and threat intelligence offering, customers […] ]]> 2023-06-07T11:06:32+00:00 https://www.itsecurityguru.org/2023/06/07/outpost24-acquires-easm-provider-sweepatic/?utm_source=rss&utm_medium=rss&utm_campaign=outpost24-acquires-easm-provider-sweepatic www.secnews.physaphae.fr/article.php?IdArticle=8342983 False Threat,Prediction None 2.0000000000000000 Soc Radar - Blog spécialisé SOC Researchers have recently discovered a new ransomware developer named Cyclops group. This group takes pride in... ]]> 2023-06-07T10:45:45+00:00 https://socradar.io/cyclops-ransomware-cross-platform-threat-with-raas-and-advanced-features/ www.secnews.physaphae.fr/article.php?IdArticle=8342991 False Ransomware,Threat None 2.0000000000000000 InformationSecurityBuzzNews - Site de News Securite The Verizon 2023 Data Breach Investigations Report (DBIR) presents a comprehensive analysis of global data breaches, offering valuable insights into the contemporary state of cybersecurity threats. In this analysis, we will delve into key findings from the report, including the prevalent role of human error, persistent threat of ransomware, and the impact of the Log4j […]]]> 2023-06-07T10:30:07+00:00 https://informationsecuritybuzz.com/a-deep-dive-into-the-verizon-2023-dbir-report-human-error-ransomware-and-log4j-exploits/ www.secnews.physaphae.fr/article.php?IdArticle=8342982 False Data Breach,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An unknown threat actor has been observed targeting the U.S. aerospace industry with a new PowerShell-based malware called PowerDrop. "PowerDrop uses advanced techniques to evade detection such as deception, encoding, and encryption," according to Adlumin, which found the malware implanted in an unnamed domestic aerospace defense contractor in May 2023. "The name is derived from the tool,]]> 2023-06-07T10:10:00+00:00 https://thehackernews.com/2023/06/new-powerdrop-malware-targeting-us.html www.secnews.physaphae.fr/article.php?IdArticle=8342807 False Malware,Threat None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC more than half of these businesses experienced some form of cyber-attack in 2022. It\'s also reported that state-sponsored threat actors are diversifying their tactics and shifting their focus toward smaller enterprises. Cyber-attacks against small-sized businesses do not always make headlines, but they have potentially catastrophic impacts. These attacks can result in significant financial and data loss, sometimes shutting down the business. Therefore, it’s crucial that small businesses make cybersecurity a top priority. What drives more cybersecurity attacks on small businesses? Small businesses are on the target list of hackers mainly because they focus less on security. On average, SMBs and small businesses allocate 5%-20% of their total budget to security. Additionally, human mistakes are the root cause of 82% of cyber breaches in organizations. Cybercriminals take advantage of their weak security infrastructure and exploit the behavior of careless employees to launch insider threats and other cyber-attacks successfully. A report reveals various cyber-attacks that often target small businesses, such as malware, phishing, data breaches, and ransomware attacks. Also, small businesses are vulnerable to malware, brute-force attacks, ransomware, and social attacks and may not survive one incident. The influx of remote working culture has added new challenges and cybersecurity risks for small businesses. This culture has given rise to a large number of personal devices like mobile phones, laptops, and tablets that can easily access sensitive information. Many employees don\'t undergo regular scans of their phones and laptops for potential vulnerabilities. In addition, few companies can provide access to password management software or VPNs to protect their internet connection and credentials and maintain security on rogue Wi-Fi networks. Statistics also reveal that only 17% of small businesses encrypt their data, which is alarming. Moreover, small businesses are at a higher risk of being attacked because they have limited resources to respond to cyber-attacks. Unlike large organizations, they don\'t have a dedicated IT team with exceptional skills and experience to deal with complex cyber-attacks. They also have a limited budget to spend on effective cyber security measures. Hence they don\'t invest in advanced cybersecurity solutions or hire professionals to manage their cybersecurity. Impacts of a Cybersecurity attack on small businesses Cyber-attacks on small businesses can result in ]]> 2023-06-07T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/how-can-small-businesses-ensure-cybersecurity www.secnews.physaphae.fr/article.php?IdArticle=8342968 False Ransomware,Data Breach,Vulnerability,Threat,Cloud None 2.0000000000000000 Fortinet - Fabricant Materiel Securite As the threat landscape continues to evolve and enterprise environments grow more complex, it\'s critical for vendors and IT teams alike to keep the pulse of the NGFW industry. Here are four trends to watch.]]> 2023-06-07T09:07:00+00:00 https://www.fortinet.com/blog/industry-trends/next-generation-firewall-market-four-trends www.secnews.physaphae.fr/article.php?IdArticle=8343071 False Threat None 2.0000000000000000 Soc Radar - Blog spécialisé SOC The cybersecurity landscape in the healthcare industry is becoming increasingly treacherous, as detailed in SOCRadar’s... ]]> 2023-06-07T08:29:47+00:00 https://socradar.io/the-state-of-cybersecurity-in-healthcare-a-review-of-socradars-healthcare-threat-landscape-report/ www.secnews.physaphae.fr/article.php?IdArticle=8342953 False Threat None 4.0000000000000000 Kaspersky - Kaspersky Research blog Recent BlueNoroff and Roaming Mantis activities, new APT related to the Russo-Ukrainian conflict, ChatGPT and threat intelligence, malvertising through search engines, cryptocurrency theft campaign and fake Tor browser]]> 2023-06-07T08:00:34+00:00 https://securelist.com/it-threat-evolution-q1-2023/109838/ www.secnews.physaphae.fr/article.php?IdArticle=8342940 False Threat ChatGPT,ChatGPT 3.0000000000000000 Kaspersky - Kaspersky Research blog The smartphone threat statistics for Q1 2023 includes data for Android malware, adware, banking Trojans and ransomware.]]> 2023-06-07T08:00:26+00:00 https://securelist.com/it-threat-evolution-q1-2023-mobile-statistics/109893/ www.secnews.physaphae.fr/article.php?IdArticle=8342941 False Threat None 3.0000000000000000 Kaspersky - Kaspersky Research blog PC malware statistics for the Q1 2023 includes data on miners, ransomware, banking Trojans, and other threats to Windows, macOS and IoT devices.]]> 2023-06-07T08:00:18+00:00 https://securelist.com/it-threat-evolution-q1-2023-pc-statistics/109917/ www.secnews.physaphae.fr/article.php?IdArticle=8342942 False Malware,Threat None 3.0000000000000000 BlackBerry - Fabricant Matériel et Logiciels In RomCom\'s latest campaign, BlackBerry observed the threat actor targeting politicians in Ukraine who are working closely with Western countries, and a U.S.-based healthcare company providing humanitarian aid to refugees fleeing from Ukraine.]]> 2023-06-07T08:00:00+00:00 https://blogs.blackberry.com/en/2023/06/romcom-resurfaces-targeting-ukraine www.secnews.physaphae.fr/article.php?IdArticle=8393080 False Threat None 2.0000000000000000 Global Security Mag - Site de news francais rapports spéciaux

---

Research highlights the importance of creating a security-aware culture on top of advanced detection and prevention technology IRONSCALES, the leading enterprise cloud email security platform protecting more than 10,000 global enterprises, unveiled the findings of a new research report in collaboration with TechTarget\'s Enterprise Strategy Group (ESG). The study, Tackling SaaS Communication and Collaboration Security Challenges: Trends and Strategies for Enterprises, investigates the (...) - Special Reports]]> 2023-06-07T06:59:38+00:00 https://www.globalsecuritymag.fr/New-Study-from-ESG-IRONSCALES-Shows-Email-as-Primary-Threat-Vector-Despite.html www.secnews.physaphae.fr/article.php?IdArticle=8342930 False Threat,Cloud None 4.0000000000000000 Dark Reading - Informationweek Branch In addition to injecting a card skimmer into target Magento, WooCommerce, Shopify, and WordPress sites, the the threat actor is also hijacking targeted domains to deliver the malware to other sites.]]> 2023-06-06T21:55:17+00:00 https://www.darkreading.com/attacks-breaches/different-kind-magecart-card-skimming-campaign www.secnews.physaphae.fr/article.php?IdArticle=8342760 False Malware,Threat None 3.0000000000000000 Recorded Future - FLux Recorded Future Un nouveau script PowerShell malveillant vise l'industrie aérospatiale des États-Unis, ont révélé des chercheurs.Le malware, surnommé PowerDrop, a été trouvé implanté sur le réseau d'un entrepreneur de défense sans nom en mai par Adlumin menace Research .Le malware est utilisé comme un cheval de Troie à distance pour exécuter des commandes sur les réseaux de victime après avoir accédé à

---

A new malicious PowerShell script is targeting the United States aerospace industry, researchers have found. The malware, dubbed PowerDrop, was found implanted on the network of an unnamed defense contractor in May by Adlumin Threat Research. The malware is used as a remote access trojan to run commands on victim networks after getting access to]]> 2023-06-06T21:05:00+00:00 https://therecord.media/powerdrop-malware-targets-us-aerospace-industry www.secnews.physaphae.fr/article.php?IdArticle=8342740 False Malware,Threat None 2.0000000000000000 Anomali - Firm Blog Figure 1 - Diagrammes de résumé du CIO.Ces graphiques résument les CIO attachés à ce magazine et donnent un aperçu des menaces discutées. Cyber News et Intelligence des menaces vulnérabilité de la journée zéro dansTransfert Moveit exploité pour le vol de données (Publié: 2 juin 2023) Une vulnérabilité du zéro-day dans le logiciel de transfert de fichiers géré de transfert Moveit (CVE-2023-34362) a été annoncée par Progress Software Corporation le 31 mai 2023. Les chercheurs mandiants ont observé une large exploitation qui avait déjà commencé le 27 mai le 27 mai, 2023. Cette campagne opportuniste a affecté le Canada, l'Allemagne, l'Inde, l'Italie, le Pakistan, les États-Unis et d'autres pays.Les attaquants ont utilisé le shell Web LemurLoot personnalisé se faisant passer pour un composant légitime du transfert Moveit.Il est utilisé pour exfiltrater les données précédemment téléchargées par les utilisateurs de systèmes de transfert Moveit individuels.Cette activité d'acteur est surnommée UNC4857 et elle a une faible similitude de confiance avec l'extorsion de vol de données attribuée à FIN11 via le site de fuite de données de ransomware CL0P. Commentaire des analystes: L'agence américaine de sécurité de cybersécurité et d'infrastructure a ajouté le CVE-2023-34362 du CVE-2023-34362 à sa liste de vulnérabilités exploitées connues, ordonnant aux agences fédérales américaines de corriger leurs systèmes d'ici le 23 juin 2023.Progress Software Corporation STAPES RESTATIONS, notamment le durcissement, la détection, le nettoyage et l'installation des récentes correctifs de sécurité de transfert Moveit.Les règles YARA et les indicateurs basés sur l'hôte associés à la coque en ligne Lemurloot sont disponibles dans la plate-forme Anomali pour la détection et la référence historique. mitre att & amp; ck: [mitre att & amp; ck] t1587.003 - développer des capacités:Certificats numériques | [mitre att & amp; ck] t1190 - exploiter la demande publique | [mitre att & amp; ck] t1036 - masquée | [mitre att & amp; ck] t1136 - créer un compte | [mitre att & amp; ck] t1083 - Discovery de dossier et d'annuaire | [mitre att & amp; ck] t1560.001 -Données collectées des archives: Archive via l'utilitaire Signatures: LEMURLOOT WEBSHELL DLL TARDS - YARA BY BYMandiant | scénarisation de la webshell lemurloot ASP.net - yara par mandiant | Moveit Exploitation - Yara par Florian Roth . Tags: Malware: LemurLoot,]]> 2023-06-06T19:11:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-lemurloot-on-exploited-moveit-transfers-zero-click-ios-exploit-targeted-kaspersky-qakbot-turns-bots-into-proxies www.secnews.physaphae.fr/article.php?IdArticle=8342695 False Ransomware,Malware,Tool,Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google on Monday released security updates to patch a high-severity flaw in its Chrome web browser that it said is being actively exploited in the wild. Tracked as CVE-2023-3079, the vulnerability has been described as a type confusion bug in the V8 JavaScript engine. Clement Lecigne of Google\'s Threat Analysis Group (TAG) has been credited with reporting the issue on June 1, 2023. "Type]]> 2023-06-06T15:51:00+00:00 https://thehackernews.com/2023/06/zero-day-alert-google-issues-patch-for.html www.secnews.physaphae.fr/article.php?IdArticle=8342518 False Vulnerability,Threat None 2.0000000000000000 knowbe4 - cybersecurity services CyberheistNews Vol 13 #23  |   June 6th, 2023 [Wake-Up Call] It\'s Time to Focus More on Preventing Spear Phishing Fighting spear phishing attacks is the single best thing you can do to prevent breaches. Social engineering is involved in 70% to 90% of successful compromises. It is the number one way that all hackers and malware compromise devices and networks. No other initial root cause comes close (unpatched software and firmware is a distant second being involved in about 33% of attacks). A new, HUGE, very important, fact has been gleaned by Barracuda Networks which should impact the way that EVERYONE does security awareness training. Everyone needs to know about this fact and react accordingly. This is that fact: "...spear phishing attacks that use personalized messages... make up only 0.1% of all email-based attacks according to Barracuda\'s data but are responsible for 66% of all breaches." Let that sink in for a moment. What exactly is spear phishing? Spear phishing is when a social engineering attacker uses personal or confidential information they have learned about a potential victim or organization in order to more readily fool the victim into performing a harmful action. Within that definition, spear phishing can be accomplished in thousands of different ways, ranging from basic attacks to more advanced, longer-range attacks. [CONTINUED] at KnowBe4 blog:https://blog.knowbe4.com/wake-up-call-its-time-to-focus-more-on-preventing-spear-phishing [Live Demo] Ridiculously Easy Security Awareness Training and Phishing Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense. Join us TOMORROW, Wednesday, June 7, @ 2:00 PM (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing. Get a look at THREE NEW FEATURES and see how easy it is to train and phish your users. NEW! Executive Reports - Can create, tailor and deliver advanced executive-level reports NEW! KnowBe4 ]]> 2023-06-06T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-23-wake-up-call-its-time-to-focus-more-on-preventing-spear-phishing www.secnews.physaphae.fr/article.php?IdArticle=8342545 False Ransomware,Malware,Hack,Tool,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors associated with the Cyclops ransomware have been observed offering an information stealer malware that\'s designed to capture sensitive data from infected hosts. "The threat actor behind this [ransomware-as-a-service] promotes its offering on forums," Uptycs said in a new report. "There it requests a share of profits from those engaging in malicious activities using its malware."]]> 2023-06-06T12:27:00+00:00 https://thehackernews.com/2023/06/cyclops-ransomware-gang-offers-go-based.html www.secnews.physaphae.fr/article.php?IdArticle=8342414 False Ransomware,Malware,Threat None 2.0000000000000000 SentinelOne (APT) - Cyber Firms Threat actor targets experts in North Korean affairs with spoofed URLs and weaponized Office documents to steal Google and other credentials.]]> 2023-06-06T10:55:44+00:00 https://www.sentinelone.com/labs/kimsuky-new-social-engineering-campaign-aims-to-steal-credentials-and-gather-strategic-intelligence/ www.secnews.physaphae.fr/article.php?IdArticle=8388349 False Threat None 3.0000000000000000 IT Security Guru - Blog Sécurité New research by Armis shows organisations in the U.K. are facing immediate cybersecurity challenges stemming from a heightened regulatory environment, staffing and recruitment difficulties and an expanded attack surface.  In this complex environment, threat intelligence has become the top priority on their agenda, but with inventory information often updated infrequently, annually or quarterly in some cases, […] ]]> 2023-06-06T10:39:26+00:00 https://www.itsecurityguru.org/2023/06/06/uk-organisations-lack-clear-path-to-achieve-threat-intelligence/?utm_source=rss&utm_medium=rss&utm_campaign=uk-organisations-lack-clear-path-to-achieve-threat-intelligence www.secnews.physaphae.fr/article.php?IdArticle=8342463 False Threat None 2.0000000000000000 Bleeping Computer - Magazine Américain Stealer logs represent one of the primary threat vectors for modern companies. This Flare explainer article will delve into the lifecycle of stealer malware and provide tips for detection and remediation. [...]]]> 2023-06-06T10:04:08+00:00 https://www.bleepingcomputer.com/news/security/dissecting-the-dark-web-supply-chain-stealer-logs-in-context/ www.secnews.physaphae.fr/article.php?IdArticle=8342626 False Malware,Threat None 2.0000000000000000 TrendLabs Security - Editeur Antivirus We have been able to uncover a massive cryptocurrency scam involving more than a thousand websites handled by different affiliates linked to a program called Impulse Project, run by a threat actor named Impulse Team.]]> 2023-06-06T00:00:00+00:00 https://www.trendmicro.com/en_us/research/23/f/impulse-team-massive-cryptocurrency-scam.html www.secnews.physaphae.fr/article.php?IdArticle=8342431 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft has officially linked the ongoing active exploitation of a critical flaw in the Progress Software MOVEit Transfer application to a threat actor it tracks as Lace Tempest. "Exploitation is often followed by deployment of a web shell with data exfiltration capabilities," the Microsoft Threat Intelligence team said in a series of tweets today. "CVE-2023-34362 allows attackers to]]> 2023-06-05T17:33:00+00:00 https://thehackernews.com/2023/06/microsoft-lace-tempest-hackers-behind.html www.secnews.physaphae.fr/article.php?IdArticle=8342144 False Threat None 2.0000000000000000 Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique Soyez le premier à recevoir la note de menaces de cloud directement dans votre boîte de réception en vous abonnant ici.Le rose foncé (également connu sous le nom de SAAIWC Group) est un acteur de menace avancé qui fonctionne depuis la mi-2021, principalement dans la région Asie-Pacifique et dans une moindre mesure en Europe, tirant parti d'une gamme d'outils de personnalité sophistiqués dans un sophistiqué [& &# 8230;]

---

>Be the first to receive the Cloud Threats Memo directly in your inbox by subscribing here. Dark Pink (also known as Saaiwc Group) is an advanced threat actor that has been operating since mid-2021, mainly in the Asia-Pacific region and to a lesser extent in Europe, leveraging a range of sophisticated custom tools within a sophisticated […] ]]> 2023-06-05T17:27:21+00:00 https://www.netskope.com/blog/cloud-threats-memo-threat-actors-continue-to-exploit-the-flexibility-of-github-for-malicious-purposes www.secnews.physaphae.fr/article.php?IdArticle=8342247 False Threat,Cloud None 2.0000000000000000 Dark Reading - Informationweek Branch Social media data can provide critical clues to help get ahead of the next cyberattack, experts say.]]> 2023-06-05T16:29:00+00:00 https://www.darkreading.com/threat-intelligence/twitters-trove-threat-intel-enterprise-security www.secnews.physaphae.fr/article.php?IdArticle=8342220 False Threat None 2.0000000000000000 Dark Reading - Informationweek Branch With shades of the GoAnywhere attacks, a cyber threat actor linked to FIN11 is leveraging a bug in the widely used managed file transfer product to steal data from organizations in multiple countries.]]> 2023-06-05T15:02:00+00:00 https://www.darkreading.com/application-security/mass-exploitation-0-day-bug-imoveit-file-transfer-underway www.secnews.physaphae.fr/article.php?IdArticle=8342184 False Threat None 2.0000000000000000 Global Security Mag - Site de news francais opinion

---

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in Progress Software Corp.\'s MOVEit file transfer software to its Known Exploited Vulnerabilities Catalog and reportedly ordered all federal agencies to patch their systems by June 23. The vulnerability in the software, tracked as CVE-2023-34362, is being actively exploited by threat actors. An unauthenticated, remote attacker can exploit the vulnerability by sending a specially crafted SQL injection to a vulnerable MOVEit Transfer instance. Sylvain Cortes, Hackuity VP Strategy & 17x Microsoft MVP comments: - Opinion]]> 2023-06-05T14:05:23+00:00 https://www.globalsecuritymag.fr/Hackuity-Comment-CISA-adds-critical-vulnerability-in-MOVEit-file-transfer.html www.secnews.physaphae.fr/article.php?IdArticle=8342187 False Vulnerability,Threat None 2.0000000000000000 knowbe4 - cybersecurity services ]]> 2023-06-05T14:00:28+00:00 https://blog.knowbe4.com/be-a-certified-security-awareness-and-culture-professional-sacp www.secnews.physaphae.fr/article.php?IdArticle=8342154 False Threat None 3.0000000000000000 Checkpoint Research - Fabricant Materiel Securite Pour les dernières découvertes de la cyber-recherche pour la semaine du 5 juin, veuillez télécharger nos principales attaques de menace_ingence et violation de l'une des plus grandes assureurs dentaires des États-Unis, MCNA a informé les régulateurs que les informations de 8,9 millions de la société \Les clients de \ ont été divulgués à la suite d'une attaque de ransomware.Ransomware notoire [& # 8230;]

---

>For the latest discoveries in cyber research for the week of 5th June, please download our Threat_Intelligence Bulletin TOP ATTACKS AND BREACHES One of the United States\' largest dental insurers, MCNA, has notified regulators that information of 8.9 million of the company\'s customers has been leaked as a result of a ransomware attack. Notorious ransomware […] ]]> 2023-06-05T13:56:27+00:00 https://research.checkpoint.com/2023/5th-june-threat-intelligence-report/ www.secnews.physaphae.fr/article.php?IdArticle=8342153 False Ransomware,Threat None 3.0000000000000000 Soc Radar - Blog spécialisé SOC Alors que les cyberattaques augmentent de nos jours, les acteurs de la menace cherchent à mettre en œuvre différentes méthodes et techniques comme ...

---

>While cyber-attacks are increasing nowadays, threat actors seek to implement different methods and techniques as... ]]> 2023-06-05T13:53:42+00:00 https://socradar.io/dark-web-profile-play-ransomware/ www.secnews.physaphae.fr/article.php?IdArticle=8342157 False Ransomware,Threat None 2.0000000000000000 Global Security Mag - Site de news francais opinion

---

Tim West, Head of Threat Intelligence at WithSecure Comment: Major Spanish lender, Globalcaja, dealing with Ransomware attack - Opinion]]> 2023-06-05T11:50:52+00:00 https://www.globalsecuritymag.fr/WithSecure-Comment-Major-Spanish-lender-dealing-with-Ransomware-attack.html www.secnews.physaphae.fr/article.php?IdArticle=8342145 False Ransomware,Threat None 2.0000000000000000 DarkTrace - DarkTrace: AI bases detection Insider threats consistently bypass legacy tools. Learn how Darktrace\'s AI stopped an insider from stealing valuable IP.]]> 2023-06-05T11:01:52+00:00 https://darktrace.com/blog/every-rule-has-an-exception-how-to-detect-insider-threat-without-rules www.secnews.physaphae.fr/article.php?IdArticle=8342175 False Threat None 2.0000000000000000 InformationSecurityBuzzNews - Site de News Securite Our recent Threat Report showed that while, on the whole, overall threat detections fell by 13.2%, there was one category that thrived: Android. The category registered a remarkable growth of 57% in detections, driven by a 163% increase in Adware and an 83% increase in HiddenApps detections. Whilst Android users worldwide are being targeted, the […]]]> 2023-06-05T10:41:02+00:00 https://informationsecuritybuzz.com/how-does-android-stack-up-vs-ios/ www.secnews.physaphae.fr/article.php?IdArticle=8342108 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An unknown cybercrime threat actor has been observed targeting Spanish- and Portuguese-speaking victims to compromise online banking accounts in Mexico, Peru, and Portugal. "This threat actor employs tactics such as LOLBaS (living-off-the-land binaries and scripts), along with CMD-based scripts to carry out its malicious activities," the BlackBerry Research and Intelligence Team said in a report]]> 2023-06-05T10:18:00+00:00 https://thehackernews.com/2023/06/brazilian-cybercriminals-using-lolbas.html www.secnews.physaphae.fr/article.php?IdArticle=8342039 False Threat None 3.0000000000000000 Bleeping Computer - Magazine Américain Online sellers are targeted in a new campaign to push the Vidar information-stealing malware, allowing threat actors to steal credentials for more damaging attacks. [...]]]> 2023-06-03T11:52:24+00:00 https://www.bleepingcomputer.com/news/security/online-sellers-targeted-by-new-information-stealing-malware-campaign/ www.secnews.physaphae.fr/article.php?IdArticle=8341797 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Spanish-speaking users in Latin America have been at the receiving end of a new botnet malware dubbed Horabot since at least November 2020. "Horabot enables the threat actor to control the victim\'s Outlook mailbox, exfiltrate contacts\' email addresses, and send phishing emails with malicious HTML attachments to all addresses in the victim\'s mailbox," Cisco Talos researcher Chetan Raghuprasad]]> 2023-06-02T17:33:00+00:00 https://thehackernews.com/2023/06/new-botnet-malware-horabot-targets.html www.secnews.physaphae.fr/article.php?IdArticle=8341484 False Malware,Threat None 2.0000000000000000 Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique Résumé Une nouvelle vulnérabilité critique de zéro-jour dans le logiciel de transfert Moveit est activement exploitée par les attaquants pour exfiltrer les données des organisations.Moveit Transfer est un logiciel de transfert de fichiers géré (MFT), développé par Progress, conçu pour fournir aux organisations un moyen de transférer en toute sécurité les fichiers, qui peuvent être implémentés sur site ou en tant que plate-forme SaaS Cloud.[& # 8230;]

---

>Summary A new critical zero-day vulnerability in the MOVEit Transfer software is being actively exploited by attackers to exfiltrate data from organizations. MOVEit Transfer is a managed file transfer (MFT) software, developed by Progress, designed to provide organizations a way to securely transfer files, which can be implemented on-premise or as a cloud SaaS platform. […] ]]> 2023-06-02T17:25:11+00:00 https://www.netskope.com/blog/netskope-threat-coverage-moveit-transfer-zero-day www.secnews.physaphae.fr/article.php?IdArticle=8341549 False Vulnerability,Threat,Cloud None 2.0000000000000000 Cyber Skills - Podcast Cyber The Joint Committee on Transport and Communications met on Wednesday, 31st May 2023, to discuss a common vision for cyber security in Ireland. MTU\'s Chair of Cybersecurity and Cyber Skills Project Lead, Prof. Donna O\'Shea, and Computer Science Head of Department, Dr. Sean McSweeney had the opportunity to contribute to the discussion. Watch the full Committee discussion and Prof. Donna O\'Shea\'s opening statement at 38.25 minutes https://www.oireachtas.ie/en/oireachtas-tv/video-archive/committees/7900 Their recommendations for the future of cyber security in Ireland include: Establishing an SFI Research Centre in Cybersecurity bringing together HEIs with industry, business, public sector, and security forces partners. Ensuring a fixed percentage of all national funding for digitalization be specifically ring fenced for cybersecurity. Establishing cybersecurity infrastructure to support collaborative R&D and skills and training. In her opening statement, Prof Donna O\'Shea stated that “Cyber capabilities within our own borders are important because even though talent can often be evenly distributed throughout the world, the opportunity for engaging that talent in the innovation economy is not equal. Innovation driven entrepreneurship clusters develop high concentration clusters around the world. In the cybersecurity sector, this clustering is particularly evident w]]> 2023-06-02T00:00:00+00:00 https://www.cyberskills.ie/explore/news/prof-donna-oshea-contributes-to-joint-committee-on-transport-and-communications-vision-for-cyber-security.html www.secnews.physaphae.fr/article.php?IdArticle=8517400 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A previously unknown advanced persistent threat (APT) is targeting iOS devices as part of a sophisticated and long-running mobile campaign dubbed Operation Triangulation that began in 2019. "The targets are infected using zero-click exploits via the iMessage platform, and the malware runs with root privileges, gaining complete control over the device and user data," Kaspersky said. The Russian]]> 2023-06-01T20:44:00+00:00 https://thehackernews.com/2023/06/new-zero-click-hack-targets-ios-users.html www.secnews.physaphae.fr/article.php?IdArticle=8341248 False Malware,Hack,Threat None 2.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Un groupe international d'experts travaille à construire la prochaine génération de systèmes spatiaux sécurisés par conception.

---

>An international group of experts are working to build the next generation of secure-by-design space systems. ]]> 2023-06-01T19:23:05+00:00 https://cyberscoop.com/space-secure-by-design/ www.secnews.physaphae.fr/article.php?IdArticle=8341320 False Threat None 2.0000000000000000 Palo Alto Network - Site Constructeur Lire sur la construction de SOC, en tirant parti des équipes rouges pour les tests de stylo, en surveillant les paysages des menaces et en utilisant des produits comme Cortex Xsoar et Cortex Xpanse.

---

>Read about building SOCs, leveraging red teams for pen testing, monitoring threat landscapes and using products like Cortex XSOAR and Cortex Xpanse. ]]> 2023-06-01T16:30:38+00:00 https://www.paloaltonetworks.com/blog/2023/06/cracking-the-code-how-machine-learning-supercharges-threat-detection/ www.secnews.physaphae.fr/article.php?IdArticle=8341263 False Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Cisco Talos said the threat actor behind the campaign is believed to be located in Brazil]]> 2023-06-01T16:30:00+00:00 https://www.infosecurity-magazine.com/news/horabot-campaign-targets-spanish/ www.secnews.physaphae.fr/article.php?IdArticle=8341270 False Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Trend Micro said the motives of Void Rabisu seem to have changed since at least October 2022]]> 2023-06-01T16:00:00+00:00 https://www.infosecurity-magazine.com/news/romcom-backdoor-reveals-shifting/ www.secnews.physaphae.fr/article.php?IdArticle=8341246 False Threat,Prediction None 3.0000000000000000 Checkpoint Research - Fabricant Materiel Securite Résumé de l'exécutif Depuis début janvier 2023, il y a eu une augmentation notable de l'activité ciblant les entités européennes des affaires étrangères liées au sud-est et en Asie de l'Est.Les acteurs de la menace responsables sont suivis par des recherches sur le point de contrôle comme & # 160; Camaro Dragon & # 160; et sont associés à un large réseau d'opérations d'espionnage alignées sur les intérêts chinois.Une partie du groupe \'s [& # 8230;]

---

>Executive summary Since early January 2023, there has been a notable surge in activity targeting European foreign affairs entities linked to Southeast and East Asia. The threat actors responsible are tracked by Check Point Research as Camaro Dragon and are associated with a broad network of espionage operations aligned with Chinese interests. A portion of the group\'s […] ]]> 2023-06-01T14:56:20+00:00 https://research.checkpoint.com/2023/malware-spotlight-camaro-dragons-tinynote-backdoor/ www.secnews.physaphae.fr/article.php?IdArticle=8341238 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind BlackCat ransomware have come up with an improved variant that prioritizes speed and stealth in an attempt to bypass security guardrails and achieve their goals. The new version, dubbed Sphynx and announced in February 2023, packs a "number of updated capabilities that strengthen the group\'s efforts to evade detection," IBM Security X-Force said in a new analysis. The "]]> 2023-06-01T14:49:00+00:00 https://thehackernews.com/2023/06/improved-blackcat-ransomware-strikes.html www.secnews.physaphae.fr/article.php?IdArticle=8341159 False Ransomware,Threat None 2.0000000000000000 Bleeping Computer - Magazine Américain Harvard Pilgrim Health Care (HPHC) has disclosed that a ransomware attack it suffered in April 2023 impacted 2,550,922 people, with the threat actors also stealing their sensitive data from compromised systems. [...]]]> 2023-06-01T13:02:54+00:00 https://www.bleepingcomputer.com/news/security/harvard-pilgrim-health-care-ransomware-attack-hits-25-million-people/ www.secnews.physaphae.fr/article.php?IdArticle=8341260 False Ransomware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have offered a closer look at the RokRAT remote access trojan that\'s employed by the North Korean state-sponsored actor known as ScarCruft. "RokRAT is a sophisticated remote access trojan (RAT) that has been observed as a critical component within the attack chain, enabling the threat actors to gain unauthorized access, exfiltrate sensitive information, and potentially]]> 2023-06-01T12:28:00+00:00 https://thehackernews.com/2023/06/n-korean-scarcruft-hackers-exploit.html www.secnews.physaphae.fr/article.php?IdArticle=8341141 False Threat APT 37 2.0000000000000000 Global Security Mag - Site de news francais revues de produits

---

GTT Protects Enterprises Against Cyber Threats With Bolstered MDR and DDoS Mitigation Service Offerings Enhanced offerings deliver increased service-level assurance for Managed Detection and Response for expedited threat discovery and increased flexibility for DDoS Mitigation service - Product Reviews]]> 2023-06-01T12:15:12+00:00 https://www.globalsecuritymag.fr/GTT-Protects-Enterprises-Against-Cyber-Threats-With-Bolstered-MDR-and-DDoS.html www.secnews.physaphae.fr/article.php?IdArticle=8341206 False Threat None 2.0000000000000000 GoogleSec - Firm Security Blog Programme de récompenses de vulnérabilité Chrome . À partir d'aujourd'hui et jusqu'au 1er décembre 2023, le premier rapport de bogue de sécurité que nous recevons avec un exploit fonctionnel de la chaîne complète, résultant en une évasion chromée de sable, est éligible à triple le montant de la récompense complet .Votre exploit en pleine chaîne pourrait entraîner une récompense pouvant atteindre 180 000 $ (potentiellement plus avec d'autres bonus). Toutes les chaînes complètes ultérieures soumises pendant cette période sont éligibles pour doubler le montant de récompense complet ! Nous avons historiquement mis une prime sur les rapports avec les exploits & # 8211;«Des rapports de haute qualité avec un exploit fonctionnel» est le niveau le plus élevé de montants de récompense dans notre programme de récompenses de vulnérabilité.Au fil des ans, le modèle de menace de Chrome Browser a évolué à mesure que les fonctionnalités ont mûri et de nouvelles fonctionnalités et de nouvelles atténuations, tels a miracleptr , ont été introduits.Compte tenu de ces évolutions, nous sommes toujours intéressés par les explorations d'approches nouvelles et nouvelles pour exploiter pleinement le navigateur Chrome et nous voulons offrir des opportunités pour mieux inciter ce type de recherche.Ces exploits nous fournissent un aperçu précieux des vecteurs d'attaque potentiels pour exploiter Chrome et nous permettent d'identifier des stratégies pour un meilleur durcissement des caractéristiques et des idées de chrome spécifiques pour de futures stratégies d'atténuation à grande échelle. Les détails complets de cette opportunité de bonus sont disponibles sur le Chrome VRP Rules and Rewards page .Le résumé est le suivant: Les rapports de bogues peuvent être soumis à l'avance pendant que le développement de l'exploitation se poursuit au cours de cette fenêtre de 180 jours.Les exploits fonctionnels doivent être soumis à Chrome à la fin de la fenêtre de 180 jours pour être éligible à la triple ou double récompense. Le premier exploit fonctionnel de la chaîne complète que nous recevons est éligible au triple de récompense. L'exploit en chaîne complète doit entraîner une évasion de bac à sable de navigateur Chrome, avec une démonstration de contrôle / exécution de code de l'attaquant en dehors du bac à sable. L'exploitation doit pouvoir être effectuée à distance et aucune dépendance ou très limitée à l'interaction utilisateur. L'exploit doit avoir été fonctionnel dans un canal de libération actif de Chrome (Dev, Beta, stable, étendu stable) au moment des rapports initiaux des bogues dans cette chaîne.Veuillez ne pas soumettre des exploits développés à partir de bogues de sécurité divulgués publiquement ou d'autres artefacts dans les anciennes versions passées de Chrome. Comme cela est conforme à notre politique générale de récompenses, si l'exploit permet l'exécution du code distant (RCE) dans le navigateur ou un autre processus hautement privilégié, tel que le processus de réseau ou de GPU, pour entraîner une évasion de bac à sable sans avoir besoin d'une première étapeBug, le montant de récompense pour le rendu «rapport de haute qualité avec exploit fonctionnel» serait accordé et inclus dans le calcul du total de récompense de bonus. Sur la base de notre ]]> 2023-06-01T11:59:52+00:00 http://security.googleblog.com/2023/06/announcing-chrome-browser-full-chain.html www.secnews.physaphae.fr/article.php?IdArticle=8341245 False Vulnerability,Threat None 3.0000000000000000