This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-06-24T11:42:26+00:00 www.secnews.physaphae.fr TrendLabs Security - Editeur Antivirus 2022-09-21T00:00:00+00:00 https://www.trendmicro.com/en_us/research/22/i/atlassian-confluence-vulnerability-cve-2022-26134-abused-for-cryptocurrency-mining-other-malware.html www.secnews.physaphae.fr/article.php?IdArticle=7040149 False Malware,Vulnerability None None Security Affairs - Blog Secu Russia-linked APT group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. Russia-linked cyberespionage group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. Multiple security firms have reported that the Sandworm APT continues to target Ukraine with multiple means, including custom malware and botnet like Cyclops […] ]]> 2022-09-20T20:49:10+00:00 https://securityaffairs.co/wordpress/135996/apt/sandworm-targets-ukraine-teleco.html www.secnews.physaphae.fr/article.php?IdArticle=7022332 False Malware None None Dark Reading - Informationweek Branch 2022-09-20T20:33:17+00:00 https://www.darkreading.com/attacks-breaches/chromeloader-malware-prevalent-more-dangerous-cyber-threat www.secnews.physaphae.fr/article.php?IdArticle=7023125 False Malware,Threat None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-09-20T18:26:00+00:00 https://thehackernews.com/2022/09/russian-sandworm-hackers-impersonate.html www.secnews.physaphae.fr/article.php?IdArticle=7015625 False Malware,Threat None None Bleeping Computer - Magazine Américain 2022-09-20T18:12:15+00:00 https://www.bleepingcomputer.com/news/security/2k-games-says-hacked-help-desk-targeted-players-with-malware/ www.secnews.physaphae.fr/article.php?IdArticle=7024289 False Malware None None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Hacker Pwns Uber Via Compromised VPN Account (published: September 16, 2022) On September 15, 2022, ride-sharing giant Uber started an incident response after discovering a data breach. According to Group-IB researchers, download file name artifacts point to the attacker getting access to fresh keylogger logs affecting two Uber employees from Indonesia and Brazil that have been infected with Racoon and Vidar stealers. The attacker allegedly used a compromised VPN account credentials and performed multifactor authentication fatigue attack by requesting the MFA push notification many times and then making a social-engineering call to the affected employee. Once inside, the attacker allegedly found valid credentials for privilege escalation: a PowerShell script containing hardcoded credentials for a Thycotic privileged access management admin account. On September 18, 2022, Rockstar Games’ Grand Theft Auto 6 suffered a confirmed data leak, likely caused by the same attacker. Analyst Comment: Network defenders can consider setting up alerts for signs of an MFA fatigue attack such as a large number of MFA requests in a relatively short period of time. Review your source code for embedded credentials, especially those with administrative privileges. MITRE ATT&CK: [MITRE ATT&CK] Valid Accounts - T1078 | [MITRE ATT&CK] Credentials from Password Stores - T1555 Tags: MFA fatigue, Social engineering, Data breach, Uber, GTA 6, GTA VI, detection:Racoon, detection:Vidar, malware-type:Keylogger, malware-type:Stealer Self-Spreading Stealer Attacks Gamers via YouTube (published: September 15, 2022) Kaspersky researchers discovered a new campaign spreading the RedLine commodity stealer. This campaign utilizes a malicious bundle: a single self-extracting archive. The bundle delivers RedLine and additional malware, which enables spreading the malicious archive by publishing promotional videos on victim’s Youtube channel. These videos target gamers with promises of “cheats” and “cracks.” Analyst Comment: Kids and other online gamers should be reminded to avoid illegal software. It might be better to use different machines for your gaming and banking activities. MITRE ATT&CK: [MITRE ATT&CK] User Execution - T1204 | [MITRE ATT&CK] Credentials from Password Stores - T1555 | [MITRE ATT&CK] Resource Hijacking - T1496 Tags: detection:RedLine, malware-type:Stealer, Bundle, Self-spreading, Telegraph, Youtub]]> 2022-09-20T15:00:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-uber-and-gta-6-were-breached-redline-bundle-file-advertises-itself-on-youtube-supply-chain-attack-via-ecommerce-fishpig-extensions-and-more www.secnews.physaphae.fr/article.php?IdArticle=7016803 False Ransomware,Malware,Tool,Vulnerability,Threat,Guideline Uber,Uber,APT 15,APT 41 None Bleeping Computer - Magazine Américain 2022-09-20T12:13:10+00:00 https://www.bleepingcomputer.com/news/security/game-dev-2k-s-support-site-hacked-to-push-malware-via-fake-tickets/ www.secnews.physaphae.fr/article.php?IdArticle=7018544 False Malware None None Bleeping Computer - Magazine Américain 2022-09-20T12:13:10+00:00 https://www.bleepingcomputer.com/news/security/2k-game-support-hacked-to-email-redline-info-stealing-malware/ www.secnews.physaphae.fr/article.php?IdArticle=7021396 True Malware None None Security Affairs - Blog Secu VMware and Microsoft are warning of a widespread Chromeloader malware campaign that distributes several malware families. ChromeLoader is a malicious Chrome browser extension, it is classified as a pervasive browser hijacker that modifies browser settings to redirect user traffic. The malware is able to redirect the user's traffic and hijacking user search queries to popular […] ]]> 2022-09-20T05:11:39+00:00 https://securityaffairs.co/wordpress/135949/malware/chromeloader-malware-campaigns.html www.secnews.physaphae.fr/article.php?IdArticle=7009427 False Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-09-19T18:12:00+00:00 https://thehackernews.com/2022/09/emotet-botnet-started-distributing.html www.secnews.physaphae.fr/article.php?IdArticle=7002462 False Ransomware,Malware,Threat None None Bleeping Computer - Magazine Américain 2022-09-19T14:50:01+00:00 https://www.bleepingcomputer.com/news/security/russian-sandworm-hackers-pose-as-ukrainian-telcos-to-drop-malware/ www.secnews.physaphae.fr/article.php?IdArticle=7004814 False Malware None None Bleeping Computer - Magazine Américain 2022-09-19T12:07:36+00:00 https://www.bleepingcomputer.com/news/security/vmware-microsoft-warn-of-widespread-chromeloader-malware-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=7003828 False Ransomware,Malware,Tool None None Fortinet - Fabricant Materiel Securite 2022-09-19T11:32:00+00:00 https://www.fortinet.com/blog/threat-research/excel-document-delivers-malware-by-exploiting-cve-2017-11882 www.secnews.physaphae.fr/article.php?IdArticle=7003889 False Malware None None Security Affairs - Blog Secu AquaSec researchers observed the cybercrime gang TeamTNT hijacking servers to run Bitcoin solver since early September. In the first week of September, AquaSec researchers identified at least three different attacks targeting their honeypots, the experts associated them with the cybercrime gang TeamTNT. The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 […] ]]> 2022-09-19T05:09:43+00:00 https://securityaffairs.co/wordpress/135911/cyber-crime/teamtnt-is-back-encryption-solvers.html www.secnews.physaphae.fr/article.php?IdArticle=6997016 False Malware None None SANS Institute - SANS est un acteur de defense et formation 2022-09-18T22:58:27+00:00 https://isc.sans.edu/diary/rss/29062 www.secnews.physaphae.fr/article.php?IdArticle=6990802 False Malware None 5.0000000000000000 Bleeping Computer - Magazine Américain 2022-09-17T11:17:23+00:00 https://www.bleepingcomputer.com/news/security/emotet-botnet-now-pushes-quantum-and-blackcat-ransomware/ www.secnews.physaphae.fr/article.php?IdArticle=6960717 False Ransomware,Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-09-16T19:47:00+00:00 https://thehackernews.com/2022/09/researchers-find-link-bw-privateloader.html www.secnews.physaphae.fr/article.php?IdArticle=6932172 False Malware,Threat None None Global Security Mag - Site de news francais Malwares]]> 2022-09-16T12:29:16+00:00 http://www.globalsecuritymag.fr/Le-Top-des-Malwares-du-mois-d-aout,20220916,129957.html www.secnews.physaphae.fr/article.php?IdArticle=6929537 False Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-09-15T20:00:00+00:00 https://thehackernews.com/2022/09/researchers-warn-of-self-spreading.html www.secnews.physaphae.fr/article.php?IdArticle=6911053 False Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-09-15T17:55:00+00:00 https://thehackernews.com/2022/09/russian-gamaredon-hackers-target.html www.secnews.physaphae.fr/article.php?IdArticle=6909439 False Malware None None Security Affairs - Blog Secu Threat actors target gamers looking for cheats on YouTube with the RedLine Stealer information-stealing malware and crypto miners Researchers from Kaspersky have spotted a self-extracting archive, served to gamers looking for cheats on YouTube, that was employed to deliver the RedLine Stealer information-stealing malware and crypto miners. The RedLine malware allows operators to steal several […] ]]> 2022-09-15T15:32:00+00:00 https://securityaffairs.co/wordpress/135788/malware/self-spreading-malware-target-gamers.html www.secnews.physaphae.fr/article.php?IdArticle=6911148 False Malware None None Bleeping Computer - Magazine Américain 2022-09-15T13:35:15+00:00 https://www.bleepingcomputer.com/news/security/new-malware-bundle-self-spreads-through-youtube-gaming-videos/ www.secnews.physaphae.fr/article.php?IdArticle=6912783 False Malware None None Bleeping Computer - Magazine Américain 2022-09-15T10:38:02+00:00 https://www.bleepingcomputer.com/news/security/russian-hackers-use-new-info-stealer-malware-against-ukrainian-orgs/ www.secnews.physaphae.fr/article.php?IdArticle=6910323 False Malware None None Checkpoint - Fabricant Materiel Securite Cyberattacks are increasing in number all the time. Indeed, our 2022 Mid-Year Report revealed a 42% global year-on-year increase in attacks. And according to the World Economic Forum's 2022 Global Risk Report, 95% of cybersecurity issues are traced back to human error. This should be a red flag for all organizations, especially with the transition… ]]> 2022-09-15T10:35:26+00:00 https://blog.checkpoint.com/2022/09/15/the-mobile-malware-landscape-in-2022-of-spyware-zero-click-attacks-smishing-and-store-security/ www.secnews.physaphae.fr/article.php?IdArticle=6907007 False Malware None None Malwarebytes Labs - MalwarebytesLabs Categories: BusinessThreat hunting can weed out malware before anything bad like a data breach can happen, but cyber threat hunting is more difficult for SMBs to do than it is for large organizations due to resource constraints. That's where Managed Detection and Response (MDR) can help. (Read more...) ]]> 2022-09-15T10:00:00+00:00 https://www.malwarebytes.com/blog/business/2022/09/cyber-threat-hunting-for-smbs-how-mdr-can-help www.secnews.physaphae.fr/article.php?IdArticle=6918132 False Data Breach,Malware,Threat None None CISCO Talos - Cisco Research blog By Asheer Malhotra and Guilherme Venere.Cisco Talos recently identified a new, ongoing campaign attributed to the Russia-linked Gamaredon APT that infects Ukrainian users with information-stealing malware.The adversary is using phishing documents containing lures related to the Russian invasion of Ukraine.LNK files, PowerShell and VBScript enable initial access, while malicious binaries are deployed in the post-infection phase.We discovered the use of a custom-made information stealer implant that can exfiltrate victim files of interest and deploy additional payloads as directed by the attackers. Cisco Talos discovered Gamaredon APT activity targeting users in Ukraine with malicious LNK files distributed in RAR archives. The campaign, part of an ongoing espionage operation observed as recently as August 2022, aims to deliver information-stealing malware to Ukrainian victim machines and makes heavy use of multiple modular PowerShell and VBScript (VBS) scripts as part of the infection chain. The infostealer is a dual-purpose malware that includes capabilities for exfiltrating specific file types and deploying additional binary and script-based payloads on an infected endpoint. The adversary uses phishing emails to deliver Microsoft Office documents containing remote templates with malicious VBScript macros. These macros download and open RAR archives containing LNK files that subsequently download and activate the next-stage payload on the infected endpoint. We observed considerable overlap between the tactics, techniques and procedures (TTPs), malware artifacts and infrastructure used in this campaign and those used in a series of attacks the Ukraine Computer Emergency Response Team (CERT-UA) recently attributed to Gamaredon.We also observed intrusion attempts against several Ukrainian entities. Based on these observations and Gamaredon's operational history of almost exclusively targeting Ukraine, we assess that this latest campaign is almost certainly directly targeting entities based in Ukraine.Attack ChainInitial AccessGamaredon APT actors likely gained initial footholds into targeted networks through malicious Microsoft Office documents distributed via email. This is consistent with spear-phishing techniques common to this APT. Malicious VBS macros concealed within remote templates execute when the user opens the document. The macros download RAR archives containing LNK files. The naming convention of the RAR archives in this campaign follows a similar pattern:31.07.2022.rar04.08.2022.rar ]]> 2022-09-15T08:02:21+00:00 http://blog.talosintelligence.com/2022/09/gamaredon-apt-targets-ukrainian-agencies.html www.secnews.physaphae.fr/article.php?IdArticle=6908845 False Malware,Threat None None Bleeping Computer - Magazine Américain 2022-09-15T06:00:00+00:00 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ www.secnews.physaphae.fr/article.php?IdArticle=6907108 False Malware None None McAfee Labs - Editeur Logiciel McAfee's Mobile Research team recently analyzed new malware targeting NTT DOCOMO users in Japan. The malware which was distributed on... ]]> 2022-09-14T17:33:13+00:00 https://www.mcafee.com/blogs/other-blogs/mcafee-labs/fake-security-app-found-abusing-japanese-payment-system/ www.secnews.physaphae.fr/article.php?IdArticle=6898648 False Malware None None TechRepublic - Security News US Lazarus, a North Korean cyberespionage group, keeps hitting energy providers in the U.S., Canada and Japan with a new malware arsenal. ]]> 2022-09-14T17:22:49+00:00 https://www.techrepublic.com/article/lazarus-targets-energy-providers/ www.secnews.physaphae.fr/article.php?IdArticle=6892335 False Malware APT 38 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-09-14T15:50:00+00:00 https://thehackernews.com/2022/09/sparklinggoblin-apt-hackers-using-new.html www.secnews.physaphae.fr/article.php?IdArticle=6886819 False Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-09-14T15:40:00+00:00 https://thehackernews.com/2022/09/how-to-do-malware-analysis.html www.secnews.physaphae.fr/article.php?IdArticle=6886820 False Malware,Threat None None InfoSecurity Mag - InfoSecurity Magazine 2022-09-14T15:00:00+00:00 https://www.infosecurity-magazine.com/news/formbook-knocks-off-emotet/ www.secnews.physaphae.fr/article.php?IdArticle=6889610 False Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-09-14T14:21:00+00:00 https://thehackernews.com/2022/09/researchers-detail-originlogger-rat.html www.secnews.physaphae.fr/article.php?IdArticle=6884128 False Malware,Threat None None InformationSecurityBuzzNews - Site de News Securite 2022-09-14T12:34:36+00:00 https://informationsecuritybuzz.com/expert-comments/hackers-are-using-wetransfer-links-to-spread-malware/ www.secnews.physaphae.fr/article.php?IdArticle=6887703 False Malware None None SecurityWeek - Security News 2022-09-14T11:45:00+00:00 https://www.securityweek.com/malware-infects-magento-powered-stores-fishpig-distribution-server www.secnews.physaphae.fr/article.php?IdArticle=6887693 False Malware None None ComputerWeekly - Computer Magazine 2022-09-14T10:30:00+00:00 https://www.computerweekly.com/news/252524928/FormBook-knocks-Emotet-off-top-of-malware-chart www.secnews.physaphae.fr/article.php?IdArticle=6889493 False Malware None None Bleeping Computer - Magazine Américain 2022-09-14T08:07:28+00:00 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ www.secnews.physaphae.fr/article.php?IdArticle=6888672 False Malware None None SANS Institute - SANS est un acteur de defense et formation 1&#;x26;#;x5d;. When I&#;x26;#;39;m teaching FOR610, students are often surprised that it&#;x26;#;39;s a feature of the operating system, so, by default, not malicious. Microsoft offers all the required API calls to perform this. Some legit applications use many process injection techniques like your best antivirus or EDR solution! ]]> 2022-09-14T06:57:33+00:00 https://isc.sans.edu/diary/rss/29048 www.secnews.physaphae.fr/article.php?IdArticle=6883270 False Malware None None AhnLab - Korean Security Firm The ASEC analysis team has been building a honeypot to collect various malware strains that are being distributed both in Korea and overseas. The honeypot also collects phishing emails and recently caught one targeting Korean users, which was being distributed continuously to Korean email accounts only since August. The phishing website the email is redirected to is disguised as a login page for a Korean groupware site, and over 2,500 cases were confirmed to access the website. Thus users must... ]]> 2022-09-14T00:40:00+00:00 https://asec.ahnlab.com/en/38786/ www.secnews.physaphae.fr/article.php?IdArticle=6876973 False Malware None None AhnLab - Korean Security Firm The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from August 29th, 2022 (Monday) to September 4th, 2022 (Sunday). For the main category, info-stealer ranked top with 45.9%, followed by downloader with 28.1%, backdoor with 18.5%, ransomware with 6.2%, and CoinMiner and banking malware with 0.7% each. Top 1 – GuLoader GuLoader, which ranked first place with 22.6%, is a downloader malware that... ]]> 2022-09-14T00:30:00+00:00 https://asec.ahnlab.com/en/38739/ www.secnews.physaphae.fr/article.php?IdArticle=6876974 True Ransomware,Malware None None CVE Liste - Common Vulnerability Exposure 2022-09-13T19:15:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39206 www.secnews.physaphae.fr/article.php?IdArticle=6874449 False Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-09-13T16:04:00+00:00 https://thehackernews.com/2022/09/asian-governments-and-organizations.html www.secnews.physaphae.fr/article.php?IdArticle=6868090 True Malware None None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Microsoft Investigates Iranian Attacks Against the Albanian Government (published: September 8, 2022) Microsoft researchers discovered that groups working under Iran’s Ministry of Intelligence and Security (MOIS, tracked as OilRig) attacked the government of Albania. The attackers started with initial intrusion in May 2021, proceeded with mailbox exfiltrations between October 2021 and January 2022, organized controlled leaks, and culminated on July 15, 2022, with disruptive ransomware and wiper attacks. This attack is probably a response to the June 2021 Predatory Sparrow’s anti-Iranian cyber operations promoting the Mujahedin-e Khalq (MEK), an Iranian dissident group largely based in Albania. Analyst Comment: MOIS attack on Albania uses messaging and targeting similar to the previous MEK-associated attack on Iran. It tells us that Iran has chosen to engage in a form of direct and proportional retaliation as it sees it. Still, the attack and its attribution caused Albania to cut diplomatic ties with Iran and expel the country's embassy staff. Organizations should implement multifactor authentication (MFA) for mailbox access and remote connectivity. Anomali platform users advised to block known OilRig network indicators. MITRE ATT&CK: [MITRE ATT&CK] Exploit Public-Facing Application - T1190 | [MITRE ATT&CK] Data Encrypted for Impact - T1486 | [MITRE ATT&CK] Impair Defenses - T1562 | [MITRE ATT&CK] Indicator Removal on Host - T1070 Tags: OilRig, Helix Kitten, APT34, MOIS, Ministry of Intelligence and Security, Predatory Sparrow, Wiper, CVE-2021-26855, CVE-2019-0604, CVE-2022-28799, Government, Albania, target-country:AL, Iran, source-country:IR, DEV-0842, DEV-0861, DEV-0166, DEV-0133, Europium, APT, detection:Jason, detection:Mellona BRONZE PRESIDENT Targets Government Officials (published: September 8, 2022) Secureworks researchers detected a new campaign by China-sponsored group Mustang Panda (Bronze President). In June and July 2022, the group used spearphishing to deliver the PlugX malware to government officials in Europe, the Middle East, and South America. To bypass mail-scanning antiviruses, the archived email attachment had malware embedded eight levels deep in a sequence of hidden folders named with special characters. Analyst Comment: Many advanced attacks start with basic techniques such as unwarranted email with malicious attachment that requires the user to open it and enable macros. It is important to teach your users basic online hygiene and phishing awareness. MITRE ATT&CK: [MITRE ATT&CK] Phishing - T1566 | ]]> 2022-09-13T15:00:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-iran-albanian-cyber-conflict-ransomware-adopts-intermittent-encryption-dll-side-loading-provides-variety-to-plugx-infections-and-more www.secnews.physaphae.fr/article.php?IdArticle=6869959 False Ransomware,Malware,Tool,Vulnerability,Threat,Guideline APT 27,APT 34 None Bleeping Computer - Magazine Américain 2022-09-13T11:21:48+00:00 https://www.bleepingcomputer.com/news/security/hackers-breach-software-vendor-for-magento-supply-chain-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=6870480 False Malware None None SecurityWeek - Security News 2022-09-13T10:15:39+00:00 https://www.securityweek.com/spyware-ransomware-cryptojacking-malware-increasingly-detected-ics-devices www.secnews.physaphae.fr/article.php?IdArticle=6868067 False Ransomware,Malware None None InfoSecurity Mag - InfoSecurity Magazine 2022-09-13T08:45:00+00:00 https://www.infosecurity-magazine.com/news/researchers-674-surge-deadbolt/ www.secnews.physaphae.fr/article.php?IdArticle=6867154 False Ransomware,Malware None None Bleeping Computer - Magazine Américain 2022-09-13T06:00:00+00:00 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ www.secnews.physaphae.fr/article.php?IdArticle=6869168 False Malware None None Schneier on Security - Chercheur Cryptologue Américain pretty nasty: The malware was dubbed “Shikitega” for its extensive use of the popular Shikata Ga Nai polymorphic encoder, which allows the malware to “mutate” its code to avoid detection. Shikitega alters its code each time it runs through one of several decoding loops that AT&T said each deliver multiple attacks, beginning with an ELF file that’s just 370 bytes. Shikitega also downloads Mettle, a Metasploit interpreter that gives the attacker the ability to control attached webcams and includes a sniffer, multiple reverse shells, process control, shell command execution and additional abilities to control the affected system...]]> 2022-09-12T14:41:17+00:00 https://www.schneier.com/blog/archives/2022/09/new-linux-cryptomining-malware.html www.secnews.physaphae.fr/article.php?IdArticle=6860765 False Malware None None SANS Institute - SANS est un acteur de defense et formation tools, I ran through the following checks to see what could be embedded in it that is likely suspicious. I first checked the file using oledump.py to see if there were any OLE files in this document. ]]> 2022-09-10T17:42:59+00:00 https://isc.sans.edu/diary/rss/29034 www.secnews.physaphae.fr/article.php?IdArticle=6827896 False Malware None None The Register - Site journalistique Anglais 2022-09-10T11:00:07+00:00 https://go.theregister.com/feed/www.theregister.com/2022/09/10/in_brief_security/ www.secnews.physaphae.fr/article.php?IdArticle=6820849 False Malware None None TroyHunt - Blog Security 2022-09-09T20:22:31+00:00 https://arstechnica.com/?p=1880148 www.secnews.physaphae.fr/article.php?IdArticle=6810385 False Malware None None TechRepublic - Security News US Jack Wallen ponders the rising tide of Linux malware and offers advice on how to help mitigate the issue. ]]> 2022-09-09T15:25:18+00:00 https://www.techrepublic.com/article/linux-malware-tips-securing-oss/ www.secnews.physaphae.fr/article.php?IdArticle=6804429 False Malware None None Bleeping Computer - Magazine Américain 2022-09-09T10:00:00+00:00 https://www.bleepingcomputer.com/news/security/lampion-malware-returns-in-phishing-attacks-abusing-wetransfer/ www.secnews.physaphae.fr/article.php?IdArticle=6803527 False Malware,Threat None None Fortinet ThreatSignal - Harware Vendor 2022-09-08T19:21:11+00:00 https://fortiguard.fortinet.com/threat-signal-report/4736 www.secnews.physaphae.fr/article.php?IdArticle=6794501 False Ransomware,Malware,Threat None None Fortinet ThreatSignal - Harware Vendor 2022-09-08T19:12:07+00:00 https://fortiguard.fortinet.com/threat-signal-report/4735 www.secnews.physaphae.fr/article.php?IdArticle=6794502 False Malware,Vulnerability,Threat None None SecurityWeek - Security News 2022-09-08T18:01:32+00:00 https://www.securityweek.com/new-shikitega-linux-malware-grabs-complete-control-infected-systems www.secnews.physaphae.fr/article.php?IdArticle=6789283 False Malware None None Bleeping Computer - Magazine Américain 2022-09-08T16:51:52+00:00 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ www.secnews.physaphae.fr/article.php?IdArticle=6790131 False Malware,Tool None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-09-08T16:32:00+00:00 https://thehackernews.com/2022/09/chinese-hackers-target-government.html www.secnews.physaphae.fr/article.php?IdArticle=6783507 False Malware None None CSO - CSO Daily Dashboard remote access Trojan (RAT) being used in attack campaigns this year by Lazarus, a threat actor tied to the North Korean government. The new RAT has been used alongside other malware implants attributed to Lazarus and it's mainly used in the first stages of an attack.Dubbed MagicRAT, the new Lazarus malware program was developed using Qt, a framework commonly used to develop graphical user interfaces for cross-platform applications. Since the Trojan doesn't have a GUI, researchers from Cisco Talos believe the reason for using Qt was to make detection harder.To read this article in full, please click here]]> 2022-09-08T14:14:00+00:00 https://www.csoonline.com/article/3673094/north-korean-state-sponsored-hacker-group-lazarus-adds-new-rat-to-its-malware-toolset.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=6790810 False Malware,Threat APT 38 None The Register - Site journalistique Anglais 2022-09-08T12:00:09+00:00 https://go.theregister.com/feed/www.theregister.com/2022/09/08/lazarus_group_energy_firms_trade_secrets/ www.secnews.physaphae.fr/article.php?IdArticle=6783464 False Malware,Medical APT 38 None AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Forrester, 88% of security experts believe that these AI-powered attacks will become more common in recent years. For now, some of the most prevalent AI-based cyber-attacks that have surfaced are as follows:  AI manipulation or data poisoning For a long time, AI manipulation or data poisoning has become the typical type of AI-based cyber-attack. It is an adversarial attack that features hackers implementing data poisoning on trained AI models forcing them to become malicious. Nowadays, the use of AI is prevalent in almost every organization. AI tools play an essential part in data storage and analysis along with protection from various cyber-attacks such as malware or phishing. Such tools that are designed to automate tasks, but may enable threat protection to become a target of data poisoning. Since the AI works by observing behavior patterns and pre-fed information, a hacker can easily remove the pre-fed information and feed the AI tool with malicious data. Such an act can cause an adversarial impact. For example, hackers can manipulate a phishing tool designed to detect and delete phishing emails into accepting them within its users' inboxes. One common example of data poisoning attacks is AI-manipulated deepfakes that have taken the social media platform by storm.   AI-based social engineering attacks Since AI is designed to develop principles and tasks typically associated with human cognition, cybercriminals can exploit it for several nefarious purposes, such as enhancing social engineering attacks. AI works by trying to identify and replicate anomalies in human behavior, making them a convenient tool to persuade users into undermining systems and handing over confidential information. Apart from that, during the reconnaissance phase of an attack, AI can be used to study the target by scouring social media and various databases. AI can find out the behavioral patterns of the target, such as the language they use, their interests, and what topics they usually talk about. The information collected can be used to create a successful spear phishing or BEC attack.  AI automation Another significant advantage cyber criminals have in using AI-based attacks is automation. AI tools can significantly endanger endpoint security by automating intrusion detection techniques and launching attacks at unprecedented speeds. Moreover, AI can also scour target networks, computers, and applications for possible vulnerabilities and loopholes that hackers can exploit. Apart from that, automation allows cybercriminals to launch significantly larger attack campaigns. With AI automating most of their work, such as vulnerability assessment and data analysis, cybercriminals now have the leve]]> 2022-09-08T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/why-does-preparing-for-ai-attacks-need-to-be-your-next-big-agenda www.secnews.physaphae.fr/article.php?IdArticle=6782357 False Malware,Tool,Vulnerability,Threat None None CISCO Talos - Cisco Research blog By Jung soo An, Asheer Malhotra and Vitor Ventura.Cisco Talos has been tracking a new campaign operated by the Lazarus APT group, attributed to North Korea by the United States government. This campaign involved the exploitation of vulnerabilities in VMWare Horizon to gain an initial foothold into targeted organizations.Targeted organizations include energy providers from around the world, including those headquartered in the United States, Canada and Japan. The campaign is meant to infiltrate organizations around the world for establishing long term access and subsequently exfiltrating data of interest to the adversary's nation-state.Talos has discovered the use of two known families of malware in these intrusions - VSingle and YamaBot.Talos has also discovered the use of a recently disclosed implant we're calling "MagicRAT" in this campaign. IntroductionCisco Talos observed North Korean state-sponsored APT Lazarus Group conducting malicious activity between February and July 2022. Lazarus has been previously attributed to the North Korean government by the U.S. Cybersecurity and Infrastructure Security Agency (CISA). The entry vectors involve the successful exploitation of vulnerabilities in VMWare products to establish initial footholds into enterprise networks, followed by the deployment of the group's custom malware implants, VSingle and YamaBot. In addition to these known malware families, we have also discovered the use of a previously unknown malware implant we're calling "MagicRAT."This campaign was previously partially disclosed by other security firms, but our findings reveal more details about the adversary's modus operandi. We have also observed an overlap of command and control (C2) and payload-hosting infrastructure between our findings and the U.S. Cybersecurity and Infrastructure Security Agency's (CISA) June advisory that detailed continued attempts from threat actors to compromise vulnerable VMWare Horizon servers.In this research, we illustrate Lazarus Group's post-exploitation tactics, techniques and procedures (TTPs) to establish a foothold, perform initial reconnaissance, deploy bespoke malware and move laterally across infected enterprises. We also provide details about the activities performed by the attackers when the VSingle backdoor is instrumented on the infected endpoints.In this campaign, Lazarus was primarily targeting energy companies in Canada, the U.S. and Japan. The main goal of these attacks was likely to establish long-term access into victim networks to conduct espionage operations in support of North Korean govern]]> 2022-09-08T08:39:42+00:00 http://blog.talosintelligence.com/2022/09/lazarus-three-rats.html www.secnews.physaphae.fr/article.php?IdArticle=6785115 False Malware,Tool,Vulnerability,Threat,Medical APT 38 None ComputerWeekly - Computer Magazine 2022-09-08T07:00:00+00:00 https://www.computerweekly.com/news/252524710/Chinese-APT-using-PlugX-malware-on-espionage-targets www.secnews.physaphae.fr/article.php?IdArticle=6782776 False Malware None None SecureWork - SecureWork: incident response 2022-09-08T05:00:00+00:00 https://www.secureworks.com/blog/bronze-president-targets-government-officials www.secnews.physaphae.fr/article.php?IdArticle=6782929 False Malware,Threat None None Malwarebytes Labs - MalwarebytesLabs Categories: NewsCategories: ThreatsResearchers from the AT&T Alien Labs Resarch have discovered a stealthy new Linux malware. (Read more...) ]]> 2022-09-07T22:45:00+00:00 https://www.malwarebytes.com/blog/news/2022/09/evasive-shikitega-linux-malware-drops-monero-cryptominer www.secnews.physaphae.fr/article.php?IdArticle=6811325 False Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-09-07T18:08:00+00:00 https://thehackernews.com/2022/09/new-stealthy-shikitega-malware.html www.secnews.physaphae.fr/article.php?IdArticle=6767438 False Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-09-07T17:40:00+00:00 https://thehackernews.com/2022/09/north-korean-hackers-spotted-using-new.html www.secnews.physaphae.fr/article.php?IdArticle=6767439 False Malware,Medical APT 38 None Security Affairs - Blog Secu A new Linux malware dubbed Shikitega leverages a multi-stage infection chain to target endpoints and IoT devices. Researchers from AT&T Alien Labs discovered a new piece of stealthy Linux malware, dubbed Shikitega, that targets endpoints and IoT devices. The malware outstands for its multistage infection chain, threat actors use it to can gain full control of the system […] ]]> 2022-09-07T16:38:18+00:00 https://securityaffairs.co/wordpress/135437/malware/shikitega-linux-malware.html www.secnews.physaphae.fr/article.php?IdArticle=6769653 False Malware,Threat None None Dark Reading - Informationweek Branch 2022-09-07T15:53:37+00:00 https://www.darkreading.com/vulnerabilities-threats/next-gen-linux-malware-takes-over-devices-unique-toolset www.secnews.physaphae.fr/article.php?IdArticle=6807462 False Malware,Tool None None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence EvilProxy Phishing-As-A-Service With MFA Bypass Emerged In Dark Web (published: September 5, 2022) Resecurity researchers analyzed EvilProxy, a phishing kit that uses reverse proxy and cookie injection methods to bypass two-factor authentication (2FA). EvilProxy uses extensive virtual machine checks and browser fingerprinting. If the victim passes the checks, Evilproxy acts as a proxy between the victim and the legitimate site that asks for credentials. EvilProxy is being sold as a service on the dark web. Since early May 2022, Evilproxy enables phishing attacks against customer accounts of major brands such as Apple, Facebook, GoDaddy, GitHub, Google, Dropbox, Instagram, Microsoft, Twitter, Yahoo, Yandex, and others. Analyst Comment: EvilProxy is a dangerous automation tool that enables more phishing attacks. Additionally, EvilProxy targeting GitHub and npmjs accounts increases risks of follow-up supply-chain attacks. Anomali platform has historic EvilProxy network indicators that can help when investigating incidents affecting 2FA. With 2FA bypass, users need to be aware of phishing risks and pay even more attention to domains that ask for their credentials and 2FA codes. MITRE ATT&CK: [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] Proxy - T1090 | [MITRE ATT&CK] Supply Chain Compromise - T1195 Tags: EvilProxy, Phishing, Phishing-as-s-service, Reverse proxy, Cookie injection, 2FA, MFA, Supply chain Ragnar Locker Ransomware Targeting the Energy Sector (published: September 1, 2022) Cybereason researchers investigated the Ragnar Locker ransomware that was involved in cyberattack on DESFA, a Greek pipeline company. On August 19, 2022, the Ragnar Locker group listed DESFA on its data leak site. The group has been active since 2019 and it is not the first time it targets critical infrastructure companies with the double-extortion scheme. Their Ragnar Locker ransomware shows the typical abilities of modern ransomware including system information and location collection, deleting shadow copies, identifying processes (antiviruses, backup solutions, IT remote management solutions, and virtual-based software), and encrypting the system with the exception list in mind. Analyst Comment: Ragnar Locker appears to be an aggressive ransomware group that is not shy attacking critical infrastructure as far as they are not in the Commonwealth of Independent States (Russia and associated countries). Always be on high alert while reading emails, in particular those with attachments, URL redirection, false sense of urgency or poor grammar. Use anti-spam and antivirus protection, and avoid opening email from untrusted or unverified senders. Additionally, it is important to have a comprehensive and teste]]> 2022-09-07T15:00:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-evilproxy-defeats-second-factor-ragnar-locker-ransomware-hits-critical-infrastructure-montenegro-blames-russia-for-massive-cyberattack-and-more www.secnews.physaphae.fr/article.php?IdArticle=6768417 False Ransomware,Malware,Tool,Threat,Patching,Guideline Yahoo None The Register - Site journalistique Anglais 2022-09-07T12:34:49+00:00 https://go.theregister.com/feed/www.theregister.com/2022/09/07/gaming_threats_kaspersky/ www.secnews.physaphae.fr/article.php?IdArticle=6766639 False Malware None None Malwarebytes Labs - MalwarebytesLabs Categories: NewsTags: interpol Tags: sextortion Tags: mobile malware Tags: extortion In an international police action supported by Interpol, law enforcement agencies have uncovered and dismantled an international sextortion ring. (Read more...) ]]> 2022-09-07T11:00:00+00:00 https://www.malwarebytes.com/blog/news/2022/09/sextortionists-used-mobile-malware-to-steal-nude-videos-contact-lists-from-victims www.secnews.physaphae.fr/article.php?IdArticle=6774965 False Malware None None Bleeping Computer - Magazine Américain 2022-09-07T10:18:39+00:00 https://www.bleepingcomputer.com/news/security/new-iranian-hacking-group-apt42-deploys-custom-android-spyware/ www.secnews.physaphae.fr/article.php?IdArticle=6768215 False Malware APT 42 None CISCO Talos - Cisco Research blog By Jung soo An, Asheer Malhotra and Vitor Ventura.Cisco Talos has discovered a new remote access trojan (RAT) we're calling "MagicRAT," developed and operated by the Lazarus APT group, which the U.S. government believes is a North Korean state-sponsored actor.Lazarus deployed MagicRAT after the successful exploitation of vulnerabilities in VMWare Horizon platforms.We've also found links between MagicRAT and another RAT known as "TigerRAT," disclosed and attributed to Lazarus by the Korean Internet & Security Agency (KISA) recently.TigerRAT has evolved over the past year to include new functionalities that we illustrate in this blog. Executive SummaryCisco Talos has discovered a new remote access trojan (RAT), which we are calling "MagicRAT," that we are attributing with moderate to high confidence to the Lazarus threat actor, a state-sponsored APT attributed to North Korea by the U.S. Cyber Security & Infrastructure Agency (CISA). This new RAT was found on victims that had been initially compromised through the exploitation of publicly exposed VMware Horizon platforms. While being a relatively simple RAT capability-wise, it was built with recourse to the Qt Framework, with the sole intent of making human analysis harder, and automated detection through machine learning and heuristics less likely.We have also found evidence to suggest that once MagicRAT is deployed on infected systems, it launches additional payloads such as custom-built port scanners. Additionally, we've found that MagicRAT's C2 infrastructure was also used to host newer variants of known Lazarus implants such as TigerRAT. The discovery of MagicRAT in the wild is an indication of Lazarus' motivations to rapidly build new, bespoke malware to use along with their previously known malware such as TigerRAT to target organizations worldwide.Actor profile]]> 2022-09-07T08:01:43+00:00 http://blog.talosintelligence.com/2022/09/lazarus-magicrat.html www.secnews.physaphae.fr/article.php?IdArticle=6766837 False Malware,Threat,Medical APT 38 3.0000000000000000 Dark Reading - Informationweek Branch 2022-09-06T20:16:44+00:00 https://www.darkreading.com/operations/teslagun-blast-new-wave-backdoor-cyberattacks www.secnews.physaphae.fr/article.php?IdArticle=6754314 False Malware,Threat None None Bleeping Computer - Magazine Américain 2022-09-06T16:40:11+00:00 https://www.bleepingcomputer.com/news/security/moobot-botnet-is-coming-for-your-unpatched-d-link-router/ www.secnews.physaphae.fr/article.php?IdArticle=6754489 False Malware None None Security Affairs - Blog Secu Experts spotted new Android spyware that was used by China-linked threat actors to spy on the Uyghur community in China. Researchers from Cyble Research & Intelligence Labs (CRIL) started their investigation after MalwareHunterTeam experts shared information about a new Android malware used to spy on the Uyghur community. The malware disguised as a book titled “The China […] ]]> 2022-09-06T16:23:32+00:00 https://securityaffairs.co/wordpress/135403/malware/android-malware-spy-uyghur.html www.secnews.physaphae.fr/article.php?IdArticle=6751989 False Malware,Threat None None The Register - Site journalistique Anglais 2022-09-06T16:15:14+00:00 https://go.theregister.com/feed/www.theregister.com/2022/09/06/worok_espionage_asia/ www.secnews.physaphae.fr/article.php?IdArticle=6751878 False Malware None None Bleeping Computer - Magazine Américain 2022-09-06T15:53:09+00:00 https://www.bleepingcomputer.com/news/security/minecraft-is-hackers-favorite-game-title-for-hiding-malware/ www.secnews.physaphae.fr/article.php?IdArticle=6753856 False Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-09-06T15:27:00+00:00 https://thehackernews.com/2022/09/ta505-hackers-using-teslagun-panel-to.html www.secnews.physaphae.fr/article.php?IdArticle=6749522 False Malware,Threat None None Bleeping Computer - Magazine Américain 2022-09-06T11:34:48+00:00 https://www.bleepingcomputer.com/news/security/new-linux-malware-evades-detection-using-multi-stage-deployment/ www.secnews.physaphae.fr/article.php?IdArticle=6751399 False Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-09-06T10:48:00+00:00 https://thehackernews.com/2022/09/researchers-find-new-android-spyware.html www.secnews.physaphae.fr/article.php?IdArticle=6749525 False Malware,Guideline None None AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Figure 1. Shikitega operation process. Background With a rise of nearly 650% in malware and ransomware for Linux this year, reaching an all-time high in the first half year of 2022, threat actors find servers, endpoints and IoT devices based on Linux operating systems more and more valuable and find new ways to deliver their malicious payloads. New malwares like BotenaGo and EnemyBot are examples of how malware writers rapidly incorporate  recently discovered vulnerabilities to find new victims and increase their reach. Shikitega uses an infection chain in multiple layers, where the first one contains only a few hundred bytes, and each module is responsible for a specific task, from downloading and executing Metasploit meterpreter, exploiting Linux vulnerabilities, setting persistence in the infected machine to downloading and executing a cryptominer. Analysis The main dropper of the malware is a very small ELF file, where its total size is around only 370 bytes, while its actual code size is around 300 bytes. (figure 2) Figure 2. Malicious ELF file with a total of only 376 bytes. The malware uses the “Shikata Ga Nai” polymorphic XOR additive feedback encoder, which is one of the most popular encoders used in Metasploit. Using the encoder, the malware runs through several decode loops, where one loop decodes the next layer, until the final shellcode payload is decoded and executed. The encoder stud is generated based on dynamic instruction substitution and dynamic block ordering. In addition, registers are selected dynamically.  Below we can see how the encoder decrypts the first two loops: (figures 3 and 4) Figure 3. First “Shikata Ga Nai” decryption loop. Figure 4. Second “Shikata Ga Nai” decryption loop created by the first one. After several decryption loops, the final payload shellcode will be decrypted and executed. As the malware doe]]> 2022-09-06T10:00:00+00:00 https://cybersecurity.att.com/blogs/labs-research/shikitega-new-stealthy-malware-targeting-linux www.secnews.physaphae.fr/article.php?IdArticle=6748018 False Ransomware,Malware,Vulnerability,Threat None 3.0000000000000000 CISCO Talos - Cisco Research blog Transparent Tribe group he's written about several times. “At some point, I say 'Hey, I don't think I've seen this before.' I start analyzing public disclosures, and slowly start gaining confidence and being able to craft a narrative around the motivations and tactics around a specific threat actor or malware campaign,” he said. In the case of Transparent Tribe, Malhotra's tracked their growth as a major player in the threat landscape in Asia, as they've added several remote access trojans to their arsenal, targeted high-profile government-adjacent entities in India and expanded their scope across the region.  When he's not threat hunting, Malhotra also speaks to Cisco customers about the current state of cybersecurity in briefings and delivers presentations at conferences around the world (mainly virtually during the COVID-19 pandemic).  “I always try to find the latest and new stuff to talk about. … I've been honing my skills and trying to speak more confidently publicly, but the confidence is backed up with the right kind of knowledge and the threat intelligence, that's what helps me succeed,” he said.  Malhotra is a native of India and spent most of his life there before coming to the U.S. for his master's degree at Mississippi State University. Mississippi was a far cry from everything else he had known up until that point, but he quickly adjusted. “That was the 'Deep South,'” he said. “So there was a culture shock, but the southern hospitality is such a real thing, and it felt very normal there.” Growing up, Malhotra always knew he wanted to work with computers, starting out as a teenager reverse-engineering exploits he'd see others talk about on the internet or just poking at smaller applications. His additional interest in politics and national security made it natural for him to combine the two and focus his research on state-sponsored actors.  He enjoys continuing his research in the Indian subcontinent and sees many parallels between the state of security in India and the U.S. “Th]]> 2022-09-06T08:00:00+00:00 http://blog.talosintelligence.com/2022/09/researcher-spotlight-how-asheer.html www.secnews.physaphae.fr/article.php?IdArticle=6750298 False Ransomware,Malware,Threat,Guideline APT 36 None 01net. Actualites - Securite - Magazine Francais Des chercheurs ont trouvé un antivirus et un logiciel d'optimisation sur Google Play qui installent en douce le logiciel malveillant SharkBot. Ils ont été téléchargés plus de 50 000 fois. L'article Android : n'utilisez pas cet antivirus, c'est un cheval de Troie bancaire est à retrouver sur 01net.com.]]> 2022-09-06T05:30:06+00:00 https://www.01net.com/actualites/android-nutilisez-pas-cet-antivirus-cest-un-cheval-de-troie-bancaire.html www.secnews.physaphae.fr/article.php?IdArticle=6745901 False Malware None None InfoSecurity Mag - InfoSecurity Magazine 2022-09-05T15:45:00+00:00 https://www.infosecurity-magazine.com/news/sharkbot-resurfaces-google-play/ www.secnews.physaphae.fr/article.php?IdArticle=6741335 False Malware None None Security Affairs - Blog Secu Microsoft released a Windows Defender update to fix a problem that caused Defender antivirus to identify Chromium, Electron, as malware Microsoft released a Windows Defender update to fix a problem that caused Defender antivirus software to identify the app based on the Chromium browser engine or the Electron JavaScript framework as malware. Multiple users reported […] ]]> 2022-09-05T11:44:19+00:00 https://securityaffairs.co/wordpress/135326/security/windows-defender-flase-positive.html www.secnews.physaphae.fr/article.php?IdArticle=6739548 False Ransomware,Malware None None Security Affairs - Blog Secu Experts spotted an upgraded version of the SharkBot malware that was uploaded to the official Google Play Store. Fox IT researchers have spotted an upgraded version of a SharkBot dropper that was uploaded to the official Google Play Store. While previous variants of the dropper relied on Accessibility permissions to automatically install the Sharkbot malware, […] ]]> 2022-09-05T08:02:25+00:00 https://securityaffairs.co/wordpress/135303/malware/sharkbot-variant-google-play.html www.secnews.physaphae.fr/article.php?IdArticle=6738029 False Malware None None The Register - Site journalistique Anglais 2022-09-05T06:57:12+00:00 https://go.theregister.com/feed/www.theregister.com/2022/09/05/windows_defender_chrome_false_positive/ www.secnews.physaphae.fr/article.php?IdArticle=6737483 False Malware None None Bleeping Computer - Magazine Américain 2022-09-04T10:07:14+00:00 https://www.bleepingcomputer.com/news/security/sharkbot-malware-sneaks-back-on-google-play-to-steal-your-logins/ www.secnews.physaphae.fr/article.php?IdArticle=6726953 False Malware None None Security Affairs - Blog Secu The author of the remote access trojan (RAT) CodeRAT has leaked the source code of its malware on GitHub. The development team behind the remote access trojan (RAT) CodeRAT has leaked the source code of its malware on GitHub after the SafeBreach Labs researchers recently analyzed a new targeted attack aimed at Farsi-speaking code developers. […] ]]> 2022-09-04T09:14:26+00:00 https://securityaffairs.co/wordpress/135255/malware/coderat-malware.html www.secnews.physaphae.fr/article.php?IdArticle=6722594 False Malware,Threat None None Bleeping Computer - Magazine Américain 2022-09-03T10:12:14+00:00 https://www.bleepingcomputer.com/news/security/malware-dev-open-sources-coderat-after-being-exposed/ www.secnews.physaphae.fr/article.php?IdArticle=6711993 False Malware None None SANS Institute - SANS est un acteur de defense et formation Wednesday&#;x26;#;39;s stormcast, Johannes talked about a JPEG picture (coming from the Jales Webb telescope) that malware authors had laced with malware. ]]> 2022-09-02T19:22:15+00:00 https://isc.sans.edu/diary/rss/29010 www.secnews.physaphae.fr/article.php?IdArticle=6691817 False Malware None None Security Affairs - Blog Secu The information-stealing malware Prynt Stealer contains a backdoor that allows stealing the data it has infiltrated from victims. Zscaler researchers discovered Telegram channel-based backdoor in the information stealing malware, Prynt Stealer, which allows to secretly steal a copy of the data exfiltrated from the victims. “Zscaler ThreatLabz researchers have uncovered the Prynt Stealer builder, also […] ]]> 2022-09-02T17:31:54+00:00 https://securityaffairs.co/wordpress/135229/malware/prynt-stealer-backdoor.html www.secnews.physaphae.fr/article.php?IdArticle=6688283 False Malware None None Dark Reading - Informationweek Branch 2022-09-02T16:52:51+00:00 https://www.darkreading.com/threat-intelligence/raspberry-robin-malware-russian-evil-corp www.secnews.physaphae.fr/article.php?IdArticle=6688934 False Malware None None Bleeping Computer - Magazine Américain 2022-09-02T14:47:17+00:00 https://www.bleepingcomputer.com/news/security/dev-backdoors-own-malware-to-steal-data-from-other-hackers/ www.secnews.physaphae.fr/article.php?IdArticle=6689172 False Malware None None Security Affairs - Blog Secu Researchers attribute the Raspberry Robin malware to the Russian cybercrime group known as Evil Corp group. IBM Security X-Force researchers discovered similarities between a component used in the Raspberry Robin malware and a Dridex malware loader, which was part of the malicious operations of the cybercrime gang Evil Corp. Raspberry Robin is a Windows worm discovered […] ]]> 2022-09-02T12:54:09+00:00 https://securityaffairs.co/wordpress/135206/cyber-crime/raspberry-robin-linked-to-evil-corp.html www.secnews.physaphae.fr/article.php?IdArticle=6683865 False Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-09-02T12:30:00+00:00 https://thehackernews.com/2022/09/new-evidence-links-raspberry-robin.html www.secnews.physaphae.fr/article.php?IdArticle=6680342 False Malware None None 01net. Actualites - Securite - Magazine Francais Une fausse application Google Traduction se propage sur la toile. Elle cache un malware capable de miner du Monero, une cryptomonnaie très appréciée des cybercriminels, avec l'ordinateur des internautes. L'article Une fausse application Google mine des cryptomonnaies sur des milliers de PC est à retrouver sur 01net.com.]]> 2022-09-02T06:01:02+00:00 https://www.01net.com/actualites/fausse-application-google-mine-cryptomonnaies-milliers-pc.html www.secnews.physaphae.fr/article.php?IdArticle=6677922 False Malware None None Anomali - Firm Blog recent research by ESG, 52% of respondents believe security operations are more difficult today than they were two years ago. Responses stated this was due to multiple factors, such as the increasingly dangerous threat landscape, a growing attack surface, the volume and complexity of security alerts, and public cloud proliferation.  Today’s threats are more sophisticated than ever, making them more challenging to defend against. Security teams must constantly do more with less, protecting more data, endpoints, and applications. And, as the threat landscape evolves, so will they, but chances are they must do so with fewer resources. The growing list of challenges is never-ending. So what tops the list? An Ever-Growing Attack Surface Organizations are collecting and storing more data than ever, driven by more cloud-based applications and services. This new on-prem/off-prem environment has created more potential entry points for attackers. Additionally, many organizations lose track of their assets, failing to update policies and their security infrastructure, leaving them vulnerable to attacks that exploit known vulnerabilities. Another reason security teams face more challenges today is the increasing number of mobile devices and cloud apps used by employees. These devices and apps can provide a convenient way for employees to access company data, but they can also be a security risk if they are not adequately secured. The Evolving Threat Landscape  As the attack surface grows, so does the number of potential threats. Security teams must now contend with a broader range of threats, including sophisticated malware, zero-day exploits, and ransomware. Additionally, attackers are becoming more brazen and are targeting high-profile organizations with well-funded security operations. In addition, the rise of social media has created new opportunities for hackers to launch cyber attacks. Social media platforms can spread malware or gather information about people’s online habits, used to launch targeted attacks and infiltrate enterprise organizations. Increasing Compliance Requirements Organizations must comply with an ever-growing number of regulations, such as the EU’s General Data Protection Regulation (GDPR), that require security teams to put in place additional controls and processes, which can be costly and time-consuming. Additionally, compliance failures can result in heavy fines and strain an already tight budget. Limited Resources According to (ISC)²'s 2021 Cyber Workforce Report, the global cybersecurity workforce needs to grow 65 percent to defend organizations’ critical assets effectively. While the number of professionals required to fill the gap has decreased, the number of qualified cyber professionals will fall even further due to the growing demand for highly skilled individuals. Complex Tech Stack Enterprises frequently deploy new security tools and services to address changing needs and increased threats. As previously mentioned, a typical enterprise SOC may use a combination of twenty or more technologies, making it difficult to customize each solution for its environment. The interoperability issues caused by the possibility of using multiple vendors make it very challenging to get a complete picture of your overall security environment. The Need to Adapt Despite these challenges, security teams must find ways to adapt to protect their organizations effectively against ever-evolving threats.  So what c]]> 2022-09-01T16:50:00+00:00 https://www.anomali.com/blog/security-operations-are-more-difficult-now-more-than-ever-buy-why www.secnews.physaphae.fr/article.php?IdArticle=6667648 False Malware,Tool,Threat,Guideline None None