This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-06-25T23:20:47+00:00 www.secnews.physaphae.fr The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are actively exploiting an unpatched five-year-old flaw impacting TBK digital video recording (DVR) devices, according to an advisory issued by Fortinet FortiGuard Labs. The vulnerability in question is CVE-2018-9995 (CVSS score: 9.8), a critical authentication bypass issue that could be exploited by remote actors to gain elevated permissions. "The 5-year-old vulnerability (]]> 2023-05-03T13:00:00+00:00 https://thehackernews.com/2023/05/hackers-exploiting-5-year-old-unpatched.html www.secnews.physaphae.fr/article.php?IdArticle=8333043 False Vulnerability,Threat None 2.0000000000000000 Recorded Future - FLux Recorded Future Les pirates liés à l'État au Pakistan ont espionné le personnel militaire en Inde et la Pakistan Air Force en utilisant de fausses applications et sites Web pour compromettre leurs appareils personnels, a annoncé Meta mercredi.La campagne d'espionnage est l'une des trois opérations en Asie du Sud décrites dans le rapport de menace adversaire trimestriel de Meta \\, aux côtés des activités du Bahamut et

---

State-linked hackers in Pakistan have been spying on military personnel in India and the Pakistan Air Force using fake apps and websites to compromise their personal devices, Meta announced on Wednesday. The espionage campaign is one of three operations in South Asia described in Meta\'s quarterly adversarial threat report, alongside activities by the Bahamut and]]> 2023-05-03T12:00:00+00:00 https://therecord.media/pakistan-india-cyber-espionage-meta-bahamut-patchwork www.secnews.physaphae.fr/article.php?IdArticle=8333100 False Threat Bahamut,Bahamut 2.0000000000000000 Global Security Mag - Site de news francais revues de produits

---

Immersive Labs Unveils World\'s First Comprehensive Score to Gauge Enterprise Cyber Resilience New \'Resilience Score\' Leverages Extensive Benchmarking Data to Help Organisations Prove their People-Centric Threat Preparedness - Product Reviews]]> 2023-05-03T10:55:33+00:00 https://www.globalsecuritymag.fr/Immersive-Labs-announced-the-launch-of-the-Immersive-Labs-Resilience-Score.html www.secnews.physaphae.fr/article.php?IdArticle=8333085 False Threat None 2.0000000000000000 Soc Radar - Blog spécialisé SOC Les chercheurs en cybersécurité ont découvert un nouveau malware, appelé & # 8216; Lobshot, & # 8217;distribué via Google Ads.Ce malware ...

---

>Cybersecurity researchers have discovered a new malware, called ‘LOBSHOT,’ distributed through Google ads. This malware... ]]> 2023-05-03T10:32:23+00:00 https://socradar.io/lobshot-hvnc-malware-a-new-threat-distributed-through-google-ads/ www.secnews.physaphae.fr/article.php?IdArticle=8333079 False Threat None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC OT cybersecurity, an emerging area geared toward safeguarding industrial control systems (ICS) at the core of critical infrastructure entities. Vulnerability testing, in turn, aims to pinpoint flaws in software and helps understand how to address them. Bug bounty programs are usually limited to mobile or web applications and may or may not match a real intruder’s behavior model. In addition, the objective of a bug bounty hunter is to find a vulnerability and submit a report as quickly as possible to get a reward rather than investigating the problem in depth. BAS is the newest technique on the list. It follows a “scan, exploit, and repeat” logic and pushes a deeper automation agenda, relying on tools that execute the testing with little to no human involvement. These projects are continuous by nature and generate results dynamically as changes occur across the network. By and large, there are two things that set pentesting aside from adjacent security activities. Firstly, it is done by humans and hinges on manual offensive tactics, for the most part. Secondly, it always presupposes a comprehensive assessment of the discovered security imperfections and prioritization of the fixes based on how critical the vulnerable infrastructure components are. Choosing a penetration testing team worth its salt Let’s zoom into what factors to consider when approaching companies in this area, how to find professionals amid eye-catching marketing claims, and what pitfalls this process may entail. As a rule, the following criteria are the name of t]]> 2023-05-03T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/looking-at-a-penetration-test-through-the-eyes-of-a-target www.secnews.physaphae.fr/article.php?IdArticle=8333063 False Data Breach,Tool,Vulnerability,Threat,Industrial None 2.0000000000000000 Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique Résumé Crosslock est un groupe de ransomwares qui a émergé en avril 2023, ciblant une grande entreprise de certificateurs numériques au Brésil.Ce ransomware a été écrit dans GO, qui a également été adopté par d'autres groupes de ransomwares, y compris Hive, en raison des capacités multiplateforme offertes par la langue.Crosslock fonctionne dans le schéma à double expression, en menaçant de fuir [& # 8230;]

---

>Summary CrossLock is a ransomware group that emerged in April 2023, targeting a large digital certifier company in Brazil. This ransomware was written in Go, which has also been adopted by other ransomware groups, including Hive, due to the cross-platform capabilities offered by the language. CrossLock operates in the double-extortion scheme, by threatening to leak […] ]]> 2023-05-02T18:50:11+00:00 https://www.netskope.com/blog/netskope-threat-coverage-crosslock-ransomware www.secnews.physaphae.fr/article.php?IdArticle=8332907 False Ransomware,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch APT37 is among a growing list of threat actors that have switched to Windows shortcut files after Microsoft blocked macros last year.]]> 2023-05-02T16:47:00+00:00 https://www.darkreading.com/attacks-breaches/north-korean-apt-gets-around-macro-blocking-with-lnk-switch-up www.secnews.physaphae.fr/article.php?IdArticle=8332893 False Threat APT 37 2.0000000000000000 Security Intelligence - Site de news Américain Alors que les cyber-incidents augmentent et que les paysages de menace s'élargissent, davantage d'outils de sécurité ont émergé pour protéger l'écosystème des nuages hybrides.En conséquence, les dirigeants de la sécurité doivent rapidement évaluer leurs outils de sécurité hybrides pour progresser vers un ensemble d'outils centralisés et optimiser les coûts sans compromettre leur posture de sécurité.Malheureusement, ces mêmes dirigeants sont confrontés à une variété de défis.Un [& # 8230;]

---

>As cyber incidents rise and threat landscapes widen, more security tools have emerged to protect the hybrid cloud ecosystem. As a result, security leaders must rapidly assess their hybrid security tools to move toward a centralized toolset and optimize cost without compromising their security posture. Unfortunately, those same leaders face a variety of challenges. One […] ]]> 2023-05-02T16:00:00+00:00 https://securityintelligence.com/posts/rationalizing-your-hybrid-cloud-security-tools/ www.secnews.physaphae.fr/article.php?IdArticle=8332883 False Threat,Cloud None 2.0000000000000000 Dark Reading - Informationweek Branch The cyberattack campaign, similar to one to spread the Rhadamanthys Stealer, is part of a larger trend by attackers to use malvertising as initial access for ransomware and other threat activity.]]> 2023-05-02T15:49:00+00:00 https://www.darkreading.com/remote-workforce/fake-google-ads-lure-corporate-workers-download-lobshot-backdoor www.secnews.physaphae.fr/article.php?IdArticle=8332877 False Ransomware,Threat,Prediction None 2.0000000000000000 Global Security Mag - Site de news francais opinion

---

The Western Digital hackers have published leaked images to taunt the storage giant – the same cyber attackers that were responsible for the breach in late March 2023. The screenshots detail internal emails and other company communications in which the handling of the breach was discussed. It is now unknown if the threat actors still have access to Western Digital\'s systems. Joseph Carson, Chief Security Scientist at Delinea comments: - Opinion]]> 2023-05-02T13:14:20+00:00 https://www.globalsecuritymag.fr/Comment-Western-Digital-hackers-published-leaked-images-to-taunt-storage-giant.html www.secnews.physaphae.fr/article.php?IdArticle=8332840 False Threat None 2.0000000000000000 knowbe4 - cybersecurity services CyberheistNews Vol 13 #18  |   May 2nd, 2023 [Eye on AI] Does ChatGPT Have Cybersecurity Tells? Poker players and other human lie detectors look for "tells," that is, a sign by which someone might unwittingly or involuntarily reveal what they know, or what they intend to do. A cardplayer yawns when they\'re about to bluff, for example, or someone\'s pupils dilate when they\'ve successfully drawn a winning card. It seems that artificial intelligence (AI) has its tells as well, at least for now, and some of them have become so obvious and so well known that they\'ve become internet memes. "ChatGPT and GPT-4 are already flooding the internet with AI-generated content in places famous for hastily written inauthentic content: Amazon user reviews and Twitter," Vice\'s Motherboard observes, and there are some ways of interacting with the AI that lead it into betraying itself for what it is. "When you ask ChatGPT to do something it\'s not supposed to do, it returns several common phrases. When I asked ChatGPT to tell me a dark joke, it apologized: \'As an AI language model, I cannot generate inappropriate or offensive content,\' it said. Those two phrases, \'as an AI language model\' and \'I cannot generate inappropriate content,\' recur so frequently in ChatGPT generated content that they\'ve become memes." That happy state of easy detection, however, is unlikely to endure. As Motherboard points out, these tells are a feature of "lazily executed" AI. With a little more care and attention, they\'ll grow more persuasive. One risk of the AI language models is that they can be adapted to perform social engineering at scale. In the near term, new-school security awareness training can help alert your people to the tells of automated scamming. And in the longer term, that training will adapt and keep pace with the threat as it evolves. Blog post with links:https://blog.knowbe4.com/chatgpt-cybersecurity-tells [Live Demo] Ridiculously Easy Security Awareness Training and Phishing Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense. Join us TOMORROW, Wednesday, May 3, @ 2:00 PM (ET), for a live demonstration of how KnowBe4]]> 2023-05-02T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-18-eye-on-ai-does-chatgpt-have-cybersecurity-tells www.secnews.physaphae.fr/article.php?IdArticle=8332823 False Ransomware,Malware,Hack,Threat ChatGPT,ChatGPT 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In yet another instance of how threat actors are abusing Google Ads to serve malware, a threat actor has been observed leveraging the technique to deliver a new Windows-based financial trojan and information stealer called LOBSHOT. "LOBSHOT continues to collect victims while staying under the radar," Elastic Security Labs researcher Daniel Stepanic said in an analysis published last week. "One]]> 2023-05-02T12:39:00+00:00 https://thehackernews.com/2023/05/lobshot-stealthy-financial-trojan-and.html www.secnews.physaphae.fr/article.php?IdArticle=8332731 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korean threat actor known as ScarCruft began experimenting with oversized LNK files as a delivery route for RokRAT malware as early as July 2022, the same month Microsoft began blocking macros across Office documents by default. "RokRAT has not changed significantly over the years, but its deployment methods have evolved, now utilizing archives containing LNK files that initiate]]> 2023-05-02T12:24:00+00:00 https://thehackernews.com/2023/05/north-koreas-scarcruft-deploys-rokrat.html www.secnews.physaphae.fr/article.php?IdArticle=8332732 False Malware,Threat APT 37 2.0000000000000000 Soc Radar - Blog spécialisé SOC SOCRadar’s first technical white paper is out! Here are some highlights: Threat actors created fake... ]]> 2023-05-02T11:26:00+00:00 https://socradar.io/socradar-technical-whitepaper-snapshot-of-70-million-stealer-logs/ www.secnews.physaphae.fr/article.php?IdArticle=8333427 False Threat None 2.0000000000000000 Soc Radar - Blog spécialisé SOC We are experiencing a period in which threat actors are increasingly outsourcing and growing the... ]]> 2023-05-02T08:09:04+00:00 https://socradar.io/salesforce-credentials-leak-admin-and-webshell-access-sales-partnership-announcements/ www.secnews.physaphae.fr/article.php?IdArticle=8332727 False Threat None 2.0000000000000000 The Register - Site journalistique Anglais Nasty emails designed to infect systems with info-stealing malware The Kremlin-backed threat group APT28 is flooding Ukrainian government agencies with email messages about bogus Windows updates in the hope of dropping malware that will exfiltrate system data.…]]> 2023-05-02T06:37:07+00:00 https://go.theregister.com/feed/www.theregister.com/2023/05/02/russia_apt28_ukraine_phishing/ www.secnews.physaphae.fr/article.php?IdArticle=8332710 False Malware,Threat APT 28,APT 28 2.0000000000000000 TrendMicro - Security Firm Blog Trend\'s seventh edition of the Cyber Risk Index (CRI) reveals an in-depth analysis of cyber threat and vulnerabilities]]> 2023-05-02T00:00:00+00:00 https://www.trendmicro.com/en_us/research/23/e/global-cyber-risk-level-2h-2022.html www.secnews.physaphae.fr/article.php?IdArticle=8332917 False Threat None 2.0000000000000000 TrendLabs Security - Editeur Antivirus After months of dormancy, Earth Longzhi, a subgroup of advanced persistent threat (APT) group APT41, has reemerged using new techniques in its infection routine. This blog entry forewarns readers of Earth Longzhi\'s resilience as a noteworthy threat.]]> 2023-05-02T00:00:00+00:00 https://www.trendmicro.com/en_us/research/23/e/attack-on-security-titans-earth-longzhi-returns-with-new-tricks.html www.secnews.physaphae.fr/article.php?IdArticle=8332806 False Threat APT 41 2.0000000000000000 Anomali - Firm Blog Figure 1 - Diagrammes de résumé du CIO.Ces graphiques résument les CIO attachés à ce magazine et donnent un aperçu des menaces discutées. Cyber News et Intelligence des menaces Réaction en chaîne: Rokrat & rsquo; s.Lien manquant (Publié: 1er mai 2023) Depuis 2022, le groupe parrainé par le Nord-Korea APT37 (Group123, Ricochet Chollima) a principalement changé ses méthodes de livraison de Maldocs pour cacher des charges utiles à l'intérieur des fichiers LNK surdimensionnés.Vérifier les chercheurs a identifié plusieurs chaînes d'infection utilisées par le groupe de juillet 2022 à avril 2023. Celles-ci ont été utilisées pour livrer l'un des outils personnalisés de l'APT37 (Goldbackdoor et Rokrat), ou le malware de marchandises Amadey.Tous les leurres étudiés semblent cibler des personnes coréennes avec des sujets liés à la Corée du Sud. Commentaire de l'analyste: Le passage aux chaînes d'infection basées sur LNK permet à APT37 de l'interaction utilisateur moins requise car la chaîne peut être déclenchée par un simple double clic.Le groupe continue l'utilisation de Rokrat bien triés qui reste un outil furtif avec ses couches supplémentaires de cryptage, le cloud C2 et l'exécution en mémoire.Les indicateurs associés à cette campagne sont disponibles dans la plate-forme Anomali et il est conseillé aux clients de les bloquerleur infrastructure. mitre att & amp; ck: [mitre att & amp; ck] t1059.001: Powershell | [mitre att & amp; ck] t1055 - injection de processus | [mitre att & amp; ck] t1027 - fichiers ou informations obscurcis | [mitre att & amp; ck] t1105 - transfert d'outils d'entrée | [mitre att & amp; ck] t1204.002 - Exécution des utilisateurs: fichier malveillant | [mitre att & amp; ck] t1059.005 - commande et script interprète: visuel basique | [mitre att & amp; ck] t1140 - désobfuscate / décode ou informations | [mitre att & amp; ck] T1218.011 - Exécution par proxy binaire signée: Rundll32 Tags: malware: Rokrat, mitre-software-id: s0240, malware-Type: Rat, acteur: Groupe123, mitre-groupe: APT37, acteur: Ricochet Chollima, Country source: Corée du Nord, Country source: KP, Cible-Country: Corée du Sud, Cible-Country: KR, Type de fichier: Zip, déposer-Type: Doc, Fichier-Type: ISO, Fichier-Type: LNK, File-Type: Bat, File-Type: EXE, Fichier-Type: VBS, malware: Amadey,MALWARE: Goldbackdoor, Type de logiciels malveillants: porte dérobée, abusée: Pcloud, abusé: Cloud Yandex, abusé: OneDrive, abusé: & # 8203; & # 8203; Processeur de mots Hangul, abusé: themida, système cible: Windows ]]> 2023-05-01T23:16:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-apt37-adopts-lnk-files-charming-kitten-uses-bellaciao-implant-dropper-vipersoftx-infostealer-unique-byte-remapping-encryption www.secnews.physaphae.fr/article.php?IdArticle=8332656 False Ransomware,Malware,Tool,Vulnerability,Threat,Prediction,Cloud APT 35,APT 37,APT 37 2.0000000000000000 Dark Reading - Informationweek Branch The ransomware group adds in personal insults to ratchet up pressure on Western Digital threat hunters.]]> 2023-05-01T20:06:15+00:00 https://www.darkreading.com/remote-workforce/ransomware-group-trolls-western-digital-threat-hunters- www.secnews.physaphae.fr/article.php?IdArticle=8332621 False Ransomware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Just a few short years ago, lateral movement was a tactic confined to top APT cybercrime organizations and nation-state operators. Today, however, it has become a commoditized tool, well within the skillset of any ransomware threat actor. This makes real-time detection and prevention of lateral movement a necessity to organizations of all sizes and across all industries. But the disturbing truth]]> 2023-05-01T16:23:00+00:00 https://thehackernews.com/2023/05/wanted-dead-or-alive-real-time.html www.secnews.physaphae.fr/article.php?IdArticle=8332521 False Ransomware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A Vietnamese threat actor has been attributed as behind a "malverposting" campaign on social media platforms to infect over 500,000 devices worldwide over the past three months to deliver variants of information stealers such as S1deload Stealer and SYS01stealer. Malverposting refers to the use of promoted social media posts on services like Facebook and Twitter to mass propagate malicious]]> 2023-05-01T14:47:00+00:00 https://thehackernews.com/2023/05/vietnamese-threat-actor-infects-500000.html www.secnews.physaphae.fr/article.php?IdArticle=8332505 False Threat None 2.0000000000000000 Bleeping Computer - Magazine Américain A new malware known as \'LOBSHOT\' distributed using Google ads allows threat actors to stealthily take over infected Windows devices using hVNC. [...]]]> 2023-05-01T14:15:47+00:00 https://www.bleepingcomputer.com/news/security/new-lobshot-malware-gives-hackers-hidden-vnc-access-to-windows-devices/ www.secnews.physaphae.fr/article.php?IdArticle=8332592 False Malware,Threat None 2.0000000000000000 Checkpoint Research - Fabricant Materiel Securite Pour les dernières découvertes en cyberdes clients AT & # 38; t & # 8217;adresses mail.Les victimes rapportent que les comptes de crypto-monnaie connectés à [& # 8230;]

---

>For the latest discoveries in cyber research for the week of 1st May, please download our Threat_Intelligence Bulletin TOP ATTACKS AND BREACHES A threat actor was able to generate some mail keys of American Telecom giant AT&T, and used it to take control of AT&T customers’ email addresses. Victims report that cryptocurrency accounts connected to […] ]]> 2023-05-01T13:48:04+00:00 https://research.checkpoint.com/2023/1st-may-threat-intelligence-report/ www.secnews.physaphae.fr/article.php?IdArticle=8332628 False Threat None 2.0000000000000000 Checkpoint Research - Fabricant Materiel Securite Introduction des principales conclusions des nombreux rapports sur APT37 Au cours des derniers mois, à l'annonce de Mandiant \\ sur & # 160; APT43, beaucoup d'attention est actuellement axée sur les acteurs des menaces nord-coréennes & # 8211;Et pour raison.La Corée du Nord a une longue histoire d'attaque de son voisin du sud, en particulier par la cyber-guerre qui se poursuit aujourd'hui.Dans ce [& # 8230;]

---

>Key findings Introduction From the many reports on APT37 in recent months, to Mandiant\'s announcement on APT43, a lot of attention is currently focused on North Korean threat actors – and with good reason. North Korea has a long history of attacking its southern neighbor, especially by means of cyber warfare which continues today. In this […] ]]> 2023-05-01T11:32:18+00:00 https://research.checkpoint.com/2023/chain-reaction-rokrats-missing-link/ www.secnews.physaphae.fr/article.php?IdArticle=8332629 False Threat APT 43,APT 37 2.0000000000000000 Recorded Future - FLux Recorded Future Un groupe de piratage parrainé par l'État iranien a été accusé d'avoir déployé une nouvelle souche de logiciels malveillants nommé Bellaciao contre plusieurs victimes aux États-Unis, en Europe, en Inde, en Turquie et dans d'autres pays.Des chercheurs de la société de cybersécurité Bitdefender [attribuée] (https://www.bitdefender.com/blog/businessinsights/unpacking-bellaciaooo-a-closer-look-at-irans-latest-malware/) le maline à APT35 / APT42 & #8211;également connu sous le nom de Mint Sandstorm ou Charming Kitten & # 8211;un groupe de menaces persistantes avancé qui

---

An Iranian state-sponsored hacking group has been accused of deploying a new strain of malware named BellaCiao against several victims in the U.S., Europe, India, Turkey and other countries. Researchers from cybersecurity firm Bitdefender [attributed](https://www.bitdefender.com/blog/businessinsights/unpacking-bellaciao-a-closer-look-at-irans-latest-malware/) the malware to APT35/APT42 – also known as Mint Sandstorm or Charming Kitten – an advanced persistent threat group that]]> 2023-04-30T16:51:00+00:00 https://therecord.media/iran-apt-charming-kitten-bellaciao-malware-us-europe-asia www.secnews.physaphae.fr/article.php?IdArticle=8332393 False Malware,Threat APT 35,APT 42 3.0000000000000000 InformationSecurityBuzzNews - Site de News Securite A summary of news and events that happened this week with ransomware, data breaches, the banning of developers’ accounts, etc. Yellow Pages Canada Alerts of Cyberattack  The Black Basta cyber attack on Yellow Pages Canada shows the continued threat of cyber-attacks and data breaches to businesses and organizations. To combat these dangers, ongoing cybersecurity measures […]]]> 2023-04-29T16:26:26+00:00 https://informationsecuritybuzz.com/weekly-summary-of-news-and-events-this-week/ www.secnews.physaphae.fr/article.php?IdArticle=8332226 False Threat None 2.0000000000000000 InformationSecurityBuzzNews - Site de News Securite It follows that vectors with greater internet exposure will also attract more attention from threat actors. Because of this, malicious actors frequently exploit public email servers, and a wide variety of cyber dangers can spread through them. We found some interesting patterns after reviewing a representative sample of our 2022 emails. The 2023 Email Security […]]]> 2023-04-29T12:36:46+00:00 https://informationsecuritybuzz.com/a-comprehensive-look-at-email-based-threats-in-2023/ www.secnews.physaphae.fr/article.php?IdArticle=8332195 False Threat None 2.0000000000000000 Dark Reading - Informationweek Branch The dropper is being used in a Charming Kitten APT campaign that has hit organizations in multiple countries.]]> 2023-04-28T20:18:35+00:00 https://www.darkreading.com/cloud/bellaciao-showcases-iran-threat-groups-modernizing-malware www.secnews.physaphae.fr/article.php?IdArticle=8331989 False Malware,Threat APT 35 2.0000000000000000 Dark Reading - Informationweek Branch Invicti\'s Patrick Vandenberg joins Dark Reading\'s Terry Sweeney at Dark Reading News Desk during RSA Conference to discuss the latest global threat report.]]> 2023-04-28T19:00:00+00:00 https://www.darkreading.com/application-security/invicti-zooms-in-on-vulnerabilities-that-plague-developers-security-pros www.secnews.physaphae.fr/article.php?IdArticle=8332050 False Threat,Conference None 2.0000000000000000 Dark Reading - Informationweek Branch OpenText\'s Geoff Bibby joins Dark Reading\'s Terry Sweeney at Dark Reading News Desk during RSA Conference to discuss the latest global threat report.]]> 2023-04-28T19:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/opentext-integrating-processes-and-strategy-is-still-the-best-defense www.secnews.physaphae.fr/article.php?IdArticle=8332049 False Threat,Conference None 2.0000000000000000 Dark Reading - Informationweek Branch Patrick Harr of SlashNext joins Dark Reading\'s Terry Sweeney at Dark Reading News Desk during RSA Conference to discuss generative AI.]]> 2023-04-28T19:00:00+00:00 https://www.darkreading.com/threat-intelligence/slashnext-how-generative-ai-is-changing-the-threat-landscape www.secnews.physaphae.fr/article.php?IdArticle=8332051 False Threat,Conference None 2.0000000000000000 Dark Reading - Informationweek Branch Cisco\'s Tom Gillis joins Dark Reading\'s Terry Sweeney at Dark Reading News Desk during RSA Conference to discuss the current threat landscape.]]> 2023-04-28T19:00:00+00:00 https://www.darkreading.com/threat-intelligence/cisco-offers-customers-new-ways-to-tame-today-s-threat-landscape www.secnews.physaphae.fr/article.php?IdArticle=8332054 False Threat,Conference None 2.0000000000000000 CVE Liste - Common Vulnerability Exposure An issue was discovered in ebankIT before 7. A Denial-of-Service attack is possible through the GET parameter EStatementsIds located on the /Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx endpoint. The GET parameter accepts over 100 comma-separated e-statement IDs without throwing an error. When this many IDs are supplied, the server takes around 60 seconds to respond and successfully generate the expected ZIP archive (during this time period, no other pages load). A threat actor could issue a request to this endpoint with 100+ statement IDs every 30 seconds, potentially resulting in an overload of the server for all users.]]> 2023-04-28T18:15:26+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30455 www.secnews.physaphae.fr/article.php?IdArticle=8332004 False Threat None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are advertising a new information stealer for the Apple macOS operating system called Atomic macOS Stealer (or AMOS) on Telegram for $1,000 per month, joining the likes of MacStealer. "The Atomic macOS Stealer can steal various types of information from the victim\'s machine, including Keychain passwords, complete system information, files from the desktop and documents folder, and]]> 2023-04-28T17:29:00+00:00 https://thehackernews.com/2023/04/new-atomic-macos-stealer-can-steal-your.html www.secnews.physaphae.fr/article.php?IdArticle=8331871 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Stopping new and evasive threats is one of the greatest challenges in cybersecurity. This is among the biggest reasons why attacks increased dramatically in the past year yet again, despite the estimated $172 billion spent on global cybersecurity in 2022. Armed with cloud-based tools and backed by sophisticated affiliate networks, threat actors can develop new and evasive malware more quickly]]> 2023-04-28T17:23:00+00:00 https://thehackernews.com/2023/04/why-your-detection-first-security.html www.secnews.physaphae.fr/article.php?IdArticle=8331872 False Malware,Threat None 2.0000000000000000 TechRepublic - Security News US Les États-Unis, l'Europe et l'Ukraine seraient des cibles dans cette menace malveillante.Apprenez à protéger les routeurs Cisco affectés.

---

>The U.S., Europe and Ukraine are reportedly targets in this malware threat. Learn how to protect affected Cisco routers. ]]> 2023-04-28T16:36:57+00:00 https://www.techrepublic.com/article/apt28-cisco-routers-security-vulnerability/ www.secnews.physaphae.fr/article.php?IdArticle=8331913 False Malware,Vulnerability,Threat APT 28,APT 28 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An ongoing Magecart campaign has attracted the attention of cybersecurity researchers for leveraging realistic-looking fake payment screens to capture sensitive data entered by unsuspecting users. "The threat actor used original logos from the compromised store and customized a web element known as a modal to perfectly hijack the checkout page," Jérôme Segura, director of threat intelligence at]]> 2023-04-28T14:48:00+00:00 https://thehackernews.com/2023/04/attention-online-shoppers-dont-be.html www.secnews.physaphae.fr/article.php?IdArticle=8331831 False Threat None 2.0000000000000000 Dark Reading - Informationweek Branch The lack of understanding around open source poses a threat when legislation is considered. Governments can help by offering funding to help remediate vulnerabilities and supporting in open source\'s long-term development.]]> 2023-04-28T14:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/sossa-and-cra-spell-trouble-for-open-source-software www.secnews.physaphae.fr/article.php?IdArticle=8331886 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) South Korean education, construction, diplomatic, and political institutions are at the receiving end of new attacks perpetrated by a China-aligned threat actor known as the Tonto Team. "Recent cases have revealed that the group is using a file related to anti-malware products to ultimately execute their malicious attacks," the AhnLab Security Emergency Response Center (ASEC) said in a report]]> 2023-04-28T12:14:00+00:00 https://thehackernews.com/2023/04/tonto-team-uses-anti-malware-file-to.html www.secnews.physaphae.fr/article.php?IdArticle=8331811 False Threat None 2.0000000000000000 Dark Reading - Informationweek Branch 2023-04-27T22:11:00+00:00 https://www.darkreading.com/threat-intelligence/tessian-fully-integrates-with-m365-to-provide-threat-protection-and-insider-risk-protection www.secnews.physaphae.fr/article.php?IdArticle=8331727 False Threat None 2.0000000000000000 Dark Reading - Informationweek Branch Goodbye, PHOSPHORUS! Hello, Mint Sandstorm. Microsoft adopts two-word monikers for threat groups, but do we really need more?]]> 2023-04-27T19:57:00+00:00 https://www.darkreading.com/threat-intelligence/threat-actor-names-proliferate-adding-confusion www.secnews.physaphae.fr/article.php?IdArticle=8331672 False Threat APT 35 2.0000000000000000 Dark Reading - Informationweek Branch As threat actors around the world grow and evolve, APTs from the DPRK stand out for their spread and variety of targets.]]> 2023-04-27T19:50:44+00:00 https://www.darkreading.com/endpoint/lazarus-scarcruft-north-korean-apts-shift-tactics-thrive www.secnews.physaphae.fr/article.php?IdArticle=8331690 False Threat APT 38,APT 37 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A little-known Russian-speaking cyber-espionage group has been linked to a new politically-motivated surveillance campaign targeting high-ranking government officials, telecom services, and public service infrastructures in Tajikistan. The intrusion set, dubbed Paperbug by Swiss cybersecurity company PRODAFT, has been attributed to a threat actor known as Nomadic Octopus (aka DustSquad). "The]]> 2023-04-27T19:12:00+00:00 https://thehackernews.com/2023/04/paperbug-attack-new-politically.html www.secnews.physaphae.fr/article.php?IdArticle=8331587 False Threat None 2.0000000000000000 Dark Reading - Informationweek Branch New research from Invicti shows that an increase in security scanning cadence contributes to improved security posture over time.]]> 2023-04-27T16:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/continuous-scanning-is-imperative-for-effective-web-application-security www.secnews.physaphae.fr/article.php?IdArticle=8331618 False Threat,General Information None 2.0000000000000000 Recorded Future - FLux Recorded Future Les pirates liés à l'opération de ransomware de CloP exploitent deux vulnérabilités récemment divulguées dans le logiciel de gestion de l'impression Papercut pour voler les données de l'entreprise des victimes.Dans une série de tweets publiés mercredi, Microsoft a déclaré qu'ils attribuaient les attaques à un acteur de menace qu'ils suivent en dentelle Tempest - un groupe dont les activités se chevauchent avec FIN11 et TA505.

---

Hackers linked to the Clop ransomware operation are exploiting two recently-disclosed vulnerabilities in print management software PaperCut to steal corporate data from victims. In a series of tweets posted Wednesday, Microsoft said they attributed the attacks to a threat actor they track as Lace Tempest - a group whose activities overlap with FIN11 and TA505.]]> 2023-04-27T15:49:00+00:00 https://therecord.media/hackers-use-papercut-vulnerabilities-to-deploy-clop-ransomware www.secnews.physaphae.fr/article.php?IdArticle=8331599 False Ransomware,Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind RTM Locker have developed a ransomware strain that\'s capable of targeting Linux machines, marking the group\'s first foray into the open source operating system. "Its locker ransomware infects Linux, NAS, and ESXi hosts and appears to be inspired by Babuk ransomware\'s leaked source code," Uptycs said in a new report published Wednesday. "It uses a combination of ECDH on]]> 2023-04-27T15:45:00+00:00 https://thehackernews.com/2023/04/rtm-lockers-first-linux-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=8331525 False Ransomware,Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine At RSA, cybersecurity experts discussed the unique nature of software supply chain attacks and approaches to tackling this growing threat]]> 2023-04-27T15:15:00+00:00 https://www.infosecurity-magazine.com/news/securing-software-supply-chains/ www.secnews.physaphae.fr/article.php?IdArticle=8331603 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft has confirmed that the active exploitation of PaperCut servers is linked to attacks designed to deliver Cl0p and LockBit ransomware families. The tech giant\'s threat intelligence team is attributing a subset of the intrusions to a financially motivated actor it tracks under the name Lace Tempest (formerly DEV-0950), which overlaps with other hacking groups like FIN11, TA505, and Evil]]> 2023-04-27T13:50:00+00:00 https://thehackernews.com/2023/04/microsoft-confirms-papercut-servers.html www.secnews.physaphae.fr/article.php?IdArticle=8331487 False Ransomware,Threat None 2.0000000000000000 Kaspersky - Kaspersky Research blog For more than five years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports.]]> 2023-04-27T10:00:47+00:00 https://securelist.com/apt-trends-report-q1-2023/109581/ www.secnews.physaphae.fr/article.php?IdArticle=8331513 False Threat None 2.0000000000000000 Global Security Mag - Site de news francais opinion

---

Defense Against the Dark Web- Threat Intelligence to Enhance Business Security Posture - Opinion]]> 2023-04-27T08:54:47+00:00 https://www.globalsecuritymag.fr/Defense-Against-the-Dark-Web-Threat-Intelligence-to-Enhance-Business-Security.html www.secnews.physaphae.fr/article.php?IdArticle=8331493 False Threat None 2.0000000000000000 AhnLab - Korean Security Firm Ahnlab Security Emergency Response Center (ASEC) surveille les menaces par e-mail avec le système d'analyse automatique ASEC (Rapit) et le pot de miel.Ce message couvrira les cas de distribution des e-mails de phishing au cours de la semaine du 9 avril 2023 au 15 avril 2023 et fournira des informations statistiques sur chaque type.Généralement, le phishing est cité comme une attaque qui fuit les utilisateurs & # 8217;Connexion des informations de connexion en déguisant ou en imitant un institut, une entreprise ou un individu grâce à des méthodes d'ingénierie sociale.Sur une note plus large, ...

---

AhnLab Security Emergency response Center (ASEC) monitors phishing email threats with the ASEC automatic sample analysis system (RAPIT) and honeypot. This post will cover the cases of distribution of phishing emails during the week from April 9th, 2023 to April 15th, 2023 and provide statistical information on each type. Generally, phishing is cited as an attack that leaks users’ login account credentials by disguising as or impersonating an institute, company, or individual through social engineering methods. On a broader note,... ]]> 2023-04-27T03:20:45+00:00 https://asec.ahnlab.com/en/51821/ www.secnews.physaphae.fr/article.php?IdArticle=8331717 False Threat None 2.0000000000000000 TechRepublic - Security News US IBM a déclaré que la nouvelle plate-forme de cybersécurité est une interface unifiée qui rationalise la réponse des analystes tout au long du cycle de vie d'attaque et comprend des capacités d'IA et d'automatisation montrées pour accélérer le triage d'alerte de 55%.

---

>IBM said the new cybersecurity platform is a unified interface that streamlines analyst response across the full attack lifecycle and includes AI and automation capabilities shown to speed alert triage by 55%. ]]> 2023-04-26T22:37:26+00:00 https://www.techrepublic.com/article/ibm-launches-qradar-security-suite/ www.secnews.physaphae.fr/article.php?IdArticle=8331396 False Threat None 2.0000000000000000 Dark Reading - Informationweek Branch An old threat actor is making its comeback, sending around their old malware with a new tint.]]> 2023-04-26T18:40:28+00:00 https://www.darkreading.com/endpoint/linux-chinese-apt-alloy-taurus-back-retooling www.secnews.physaphae.fr/article.php?IdArticle=8331342 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The advanced persistent threat (APT) group referred to as Evasive Panda has been observed targeting an international non-governmental organization (NGO) in Mainland China with malware delivered via update channels of legitimate applications like Tencent QQ. The attack chains are designed to distribute a Windows installer for MgBot malware, ESET security researcher Facundo Muñoz said in a new]]> 2023-04-26T18:03:00+00:00 https://thehackernews.com/2023/04/chinese-hackers-using-mgbot-malware-to.html www.secnews.physaphae.fr/article.php?IdArticle=8331239 False Malware,Threat None 3.0000000000000000 CybeReason - Vendor blog La cyberréasie est ravie d'annoncer un développement significatif dans son approche pour stocker des données de chasse à long terme (télémétrie collectée par nos capteurs pas \\ 'Données bénignes \' détectées par et liées à un malveillantOpération, ou ]]> 2023-04-26T14:16:20+00:00 https://www.cybereason.com/blog/cybereason-announces-unified-threat-hunting-and-investigation www.secnews.physaphae.fr/article.php?IdArticle=8331281 False Threat None 2.0000000000000000 Checkpoint - Fabricant Materiel Securite La conférence RSA approche à grands pas, et l'équipe de point de contrôle a un programme complet prévu pour que vous profitiez de votre visite.En plus des séances de conférence, nous organiserons des séances d'évasion et de théâtre, des démos, des fêtes, des jeux et des prix, et plus encore.Visitez notre stand, N-6164, au RSAC, ou rejoignez-nous pratiquement alors que nous mettons en lumière notre suite de sécurité qui fournit une prévention des menaces zéro-jour complète pour votre réseau, votre e-mail, vos points de terminaison, l'IoT, le cloud et le code.Gardez une compréhension de la façon dont le portefeuille consolidé de Check Point Infinity protège les entreprises et les institutions gouvernementales des cyberattaques de 5e génération avec une capture de pointe [& # 8230;]

---

>The RSA Conference is just around the corner, and the Check Point team has a full agenda planned for you to make the most of your visit. In addition to the conference sessions, we will host breakout and theater sessions, demos, parties, games and prizes, and more. Visit our booth, N-6164, at RSAC, or join us virtually as we spotlight our security suite that provides comprehensive zero-day threat prevention for your network, email, endpoints, IoT, cloud, and code. Gain an understanding of how Check Point Infinity’s consolidated portfolio protects businesses and government institutions from 5th-generation cyber-attacks with an industry-leading capture […] ]]> 2023-04-26T11:00:37+00:00 https://blog.checkpoint.com/company-and-culture/join-check-point-at-rsa-conference-in-san-francisco/ www.secnews.physaphae.fr/article.php?IdArticle=8331213 False Threat,Conference None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Representatives of four of the five Five Eyes nations outlined the growing threat ransomware poses and approaches to thwart it]]> 2023-04-26T01:00:00+00:00 https://www.infosecurity-magazine.com/news/ransomware-threat-five-eyes/ www.secnews.physaphae.fr/article.php?IdArticle=8331117 False Ransomware,Threat None 3.0000000000000000 TrendLabs Security - Editeur Antivirus We found TrafficStealer abusing open container APIs in order to redirect traffic to specific websites and manipulate engagement with ads.]]> 2023-04-26T00:00:00+00:00 https://www.trendmicro.com/en_us/research/23/d/attackers-use-containers-for-profit-via-trafficstealer.html www.secnews.physaphae.fr/article.php?IdArticle=8331204 False Threat None 3.0000000000000000 AhnLab - Korean Security Firm Ahnlab Security Emergency Response Center (ASEC) a confirmé que le groupe de menaces Redeyes (également connu sous le nom d'APT37, Scarcruft), qui a distribué CHM malware déguisé en e-mail de sécurité d'une société financière coréenne le mois dernier, a également récemment distribué les logiciels malveillants Rokrat via des fichiers LNK.Rokrat est un logiciel malveillant capable de collecter des informations d'identification des utilisateurs et de télécharger des logiciels malveillants supplémentaires.Le malware était autrefois distribué via des fichiers HWP et Word.Les fichiers LNK qui ont été découverts cette fois contiennent des commandes PowerShell qui peuvent effectuer des malveillants ...

---

AhnLab Security Emergency response Center (ASEC) confirmed that the RedEyes threat group (also known as APT37, ScarCruft), which distributed CHM Malware Disguised as Security Email from a Korean Financial Company last month, has also recently distributed the RokRAT malware through LNK files. RokRAT is malware that is capable of collecting user credentials and downloading additional malware. The malware was once distributed through HWP and Word files. The LNK files that were discovered this time contain PowerShell commands that can perform malicious... ]]> 2023-04-25T23:30:00+00:00 https://asec.ahnlab.com/en/51751/ www.secnews.physaphae.fr/article.php?IdArticle=8331109 False Malware,Threat APT 37 3.0000000000000000 AhnLab - Korean Security Firm L'équipe Tonto est un groupe de menaces qui cible principalement les pays asiatiques et a distribué des logiciels malveillants bisonaux.Ahnlab Security Emergency Response Center (ASEC) a suivi les attaques de l'équipe Tonto contre l'éducation, la construction, la construction, les diplomatiques et les institutions politiques coréennes.Des cas récents ont révélé que le groupe utilise un fichier lié aux produits anti-malware pour finalement exécuter leurs attaques malveillantes.Figure 1. Processus de fonctionnement global L'implication de l'équipe Tonto dans la distribution du malware CHM en Corée a été ...

---

The Tonto Team is a threat group that targets mainly Asian countries, and has been distributing Bisonal malware. AhnLab Security Emergency response Center (ASEC) has been tracking the Tonto Team’s attacks on Korean education, construction, diplomatic, and political institutions. Recent cases have revealed that the group is using a file related to anti-malware products to ultimately execute their malicious attacks. Figure 1. Overall operation process The Tonto Team’s involvement in the distribution of the CHM malware in Korea has been... ]]> 2023-04-25T23:00:00+00:00 https://asec.ahnlab.com/en/51746/ www.secnews.physaphae.fr/article.php?IdArticle=8331110 False Malware,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch The Iranian threat actor displays activity similar to that of other advanced persistent threat groups.]]> 2023-04-25T20:32:00+00:00 https://www.darkreading.com/endpoint/educated-manticore-targets-israeli-victims-in-improved-phishing-attacks www.secnews.physaphae.fr/article.php?IdArticle=8331073 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An Iranian nation-state threat actor has been linked to a new wave of phishing attacks targeting Israel that\'s designed to deploy an updated version of a backdoor called PowerLess. Cybersecurity firm Check Point is tracking the activity cluster under its mythical creature handle Educated Manticore, which exhibits "strong overlaps" with a hacking crew known as APT35, Charming Kitten, Cobalt]]> 2023-04-25T18:34:00+00:00 https://thehackernews.com/2023/04/iranian-hackers-launch-sophisticated.html www.secnews.physaphae.fr/article.php?IdArticle=8330923 False Threat APT 35 3.0000000000000000 Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence First-Ever Attack Leveraging Kubernetes RBAC to Backdoor Clusters (published: April 21, 2023) A new Monero cryptocurrency-mining campaign is the first recorded case of gaining persistence via Kubernetes (K8s) Role-Based Access Control (RBAC), according to Aquasec researchers. The recorded honeypot attack started with exploiting a misconfigured API server. The attackers preceded by gathering information about the cluster, checking if their cluster was already deployed, and deleting some existing deployments. They used RBAC to gain persistence by creating a new ClusterRole and a new ClusterRole binding. The attackers then created a DaemonSet to use a single API request to target all nodes for deployment. The deployed malicious image from the public registry Docker Hub was named to impersonate a legitimate account and a popular legitimate image. It has been pulled 14,399 times and 60 exposed K8s clusters have been found with signs of exploitation by this campaign. Analyst Comment: Your company should have protocols in place to ensure that all cluster management and cloud storage systems are properly configured and patched. K8s buckets are too often misconfigured and threat actors realize there is potential for malicious activity. A defense-in-depth (layering of security mechanisms, redundancy, fail-safe defense processes) approach is a good mitigation step to help prevent actors from highly-active threat groups. MITRE ATT&CK: [MITRE ATT&CK] T1190 - Exploit Public-Facing Application | [MITRE ATT&CK] T1496 - Resource Hijacking | [MITRE ATT&CK] T1036 - Masquerading | [MITRE ATT&CK] T1489 - Service Stop Tags: Monero, malware-type:Cryptominer, detection:PUA.Linux.XMRMiner, file-type:ELF, abused:Docker Hub, technique:RBAC Buster, technique:Create ClusterRoleBinding, technique:Deploy DaemonSet, target-system:Linux, target:K8s, target:​​Kubernetes RBAC 3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible (published: April 20, 2023) Investigation of the previously-reported 3CX supply chain compromise (March 2023) allowed Mandiant researchers to detect it was a result of prior software supply chain attack using a trojanized installer for X_TRADER, a software package provided by Trading Technologies. The attack involved the publicly-available tool SigFlip decrypting RC4 stream-cipher and starting publicly-available DaveShell shellcode for reflective loading. It led to installation of the custom, modular VeiledSignal backdoor. VeiledSignal additional modules inject the C2 module in a browser process instance, create a Windows named pipe and]]> 2023-04-25T18:22:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-two-supply-chain-attacks-chained-together-decoy-dog-stealthy-dns-communication-evilextractor-exfiltrates-to-ftp-server www.secnews.physaphae.fr/article.php?IdArticle=8331005 False Ransomware,Spam,Malware,Tool,Threat,Cloud APT 38,ChatGPT,APT 43,Uber 2.0000000000000000 Dark Reading - Informationweek Branch Customers should apply updates to the print management software used by more than 100 million organizations worldwide, with typical US customers found in the SLED sector.]]> 2023-04-25T18:15:24+00:00 https://www.darkreading.com/remote-workforce/attackers-abuse-papercut-rce-flaws-to-take-over-enterprise-print-servers www.secnews.physaphae.fr/article.php?IdArticle=8331007 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A financially-motivated North Korean threat actor is suspected to be behind a new Apple macOS malware strain called RustBucket. "[RustBucket] communicates with command and control (C2) servers to download and execute various payloads," Jamf Threat Labs researchers Ferdous Saljooki and Jaron Bradley said in a technical report published last week.  The Apple device management company attributed it]]> 2023-04-25T16:57:00+00:00 https://thehackernews.com/2023/04/lazarus-subgroup-targeting-apple.html www.secnews.physaphae.fr/article.php?IdArticle=8330891 False Malware,Threat APT 38 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google\'s cloud division is following in the footsteps of Microsoft with the launch of Security AI Workbench that leverages generative AI models to gain better visibility into the threat landscape.  Powering the cybersecurity suite is Sec-PaLM, a specialized large language model (LLM) that\'s "fine-tuned for security use cases." The idea is to take advantage of the latest advances in AI to augment]]> 2023-04-25T16:09:00+00:00 https://thehackernews.com/2023/04/google-cloud-introduces-security-ai.html www.secnews.physaphae.fr/article.php?IdArticle=8330892 False Threat,Cloud None 3.0000000000000000 UnderNews - Site de news "pirate" francais Suite à la découverte de la semaine dernière, le groupe de Threat Intelligence Infoblox a dévoilé un rapport plus complet sur la menace de sécurité critique “Decoy Dog” - un cheval de Troie d'accès à distance (RAT) et doté d'un système de Commande & Contrôle (C2). The post Nouvelles découvertes sur le malware discret de Command & Control ciblant des organisations des secteurs technologie, santé, énergie et finance first appeared on UnderNews.]]> 2023-04-25T15:21:00+00:00 https://www.undernews.fr/malwares-virus-antivirus/nouvelles-decouvertes-sur-le-malware-discret-de-command-control-ciblant-des-organisations-des-secteurs-technologie-sante-energie-et-finance.html www.secnews.physaphae.fr/article.php?IdArticle=8330964 False Malware,Threat None 4.0000000000000000 Global Security Mag - Site de news francais mise à jour malveillant

---

Check Point Research uncovers rare techniques used by Iranian-affiliated threat actor, targeting Israeli entities Check Point Research reveals new findings related to Phosphorus APT group, an Iranian APT group operating in the Middle East and North America. CPR dubbed this activity cluster Educated Manticore Educated Manticore has substantially enhanced its toolkit by incorporating new techniques, embracing current attack trends, and employing ISO images and other archive files to initiate infection chains. The research puts a spotlight on the lures of the attack, which used Hebrew and Arabic languages, suggesting targets were entities in Israel. - Malware Update]]> 2023-04-25T13:03:37+00:00 https://www.globalsecuritymag.fr/Check-Point-Research-uncovers-rare-techniques-used-by-Iranian-affiliated-threat.html www.secnews.physaphae.fr/article.php?IdArticle=8330909 True Threat APT 35 3.0000000000000000 knowbe4 - cybersecurity services CyberheistNews Vol 13 #16  |   April 18th, 2023 [Finger on the Pulse]: How Phishers Leverage Recent AI Buzz Curiosity leads people to suspend their better judgment as a new campaign of credential theft exploits a person\'s excitement about the newest AI systems not yet available to the general public. On Tuesday morning, April 11th, Veriti explained that several unknown actors are making false Facebook ads which advertise a free download of AIs like ChatGPT and Google Bard. Veriti writes "These posts are designed to appear legitimate, using the buzz around OpenAI language models to trick unsuspecting users into downloading the files. However, once the user downloads and extracts the file, the Redline Stealer (aka RedStealer) malware is activated and is capable of stealing passwords and downloading further malware onto the user\'s device." Veriti describes the capabilities of the Redline Stealer malware which, once downloaded, can take sensitive information like credit card numbers, passwords, and personal information like user location, and hardware. Veriti added "The malware can upload and download files, execute commands, and send back data about the infected computer at regular intervals." Experts recommend using official Google or OpenAI websites to learn when their products will be available and only downloading files from reputable sources. With the rising use of Google and Facebook ads as attack vectors experts also suggest refraining from clicking on suspicious advertisements promising early access to any product on the Internet. Employees can be helped to develop sound security habits like these by stepping them through monthly social engineering simulations. Blog post with links:https://blog.knowbe4.com/ai-hype-used-for-phishbait [New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blocklist Now there\'s a super easy way to keep malicious emails away from all your users through the power of the KnowBe4 PhishER platform! The new PhishER Blocklist feature lets you use reported messages to prevent future malicious email with the same sender, URL or attachment from reaching other users. Now you can create a unique list of blocklist entries and dramatically improve your Microsoft 365 email filters with]]> 2023-04-25T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-17-head-start-effective-methods-how-to-teach-social-engineering-to-an-ai www.secnews.physaphae.fr/article.php?IdArticle=8330904 False Spam,Malware,Hack,Threat ChatGPT,ChatGPT,APT 28 3.0000000000000000 Global Security Mag - Site de news francais Investigations]]> 2023-04-25T12:27:54+00:00 https://www.globalsecuritymag.fr/BlackBerry-Global-Threat-Intelligence-Report-2023-Les-banques-les.html www.secnews.physaphae.fr/article.php?IdArticle=8330914 False Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Sophos warns against simple interpretation of the data]]> 2023-04-25T10:30:00+00:00 https://www.infosecurity-magazine.com/news/falling-dwell-time-faster-threat/ www.secnews.physaphae.fr/article.php?IdArticle=8330880 False Threat None 3.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain Rapport sur ses activités , la société israélienne spyware Quadreama Arrêtez . c'était quaddream: Résultats de clés Sur la base d'une analyse des échantillons partagés avec nous par Microsoft Threat Intelligence , nous avons développé des indicateurs qui nous ont permis d'identifier au moins cinq victimes de la société civile de la logicielle et d'exploits de Quadream \\ en Amérique du Nord, Asie centrale, Asie du Sud-Est, Europe et Moyen-Orient.Les victimes comprennent des journalistes, des personnalités de l'opposition politique et un travailleur des ONG.Nous ne nommons pas les victimes pour le moment. Nous identifions également les traces d'un exploit présumé iOS 14 zéro cliquez utilisé pour déployer des logiciels espions de Quadream \\.L'exploit a été déployé comme un jour zéro contre les versions iOS 14.4 et 14.4.2, et peut-être d'autres versions.L'exploit suspecté, que nous appelons ...

---

Following a report on its activities, the Israeli spyware company QuaDream has shut down. This was QuadDream: Key Findings Based on an analysis of samples shared with us by Microsoft Threat Intelligence, we developed indicators that enabled us to identify at least five civil society victims of QuaDream\'s spyware and exploits in North America, Central Asia, Southeast Asia, Europe, and the Middle East. Victims include journalists, political opposition figures, and an NGO worker. We are not naming the victims at this time. We also identify traces of a suspected iOS 14 zero-click exploit used to deploy QuaDream\'s spyware. The exploit was deployed as a zero-day against iOS versions 14.4 and 14.4.2, and possibly other versions. The suspected exploit, which we call ...]]> 2023-04-25T10:09:08+00:00 https://www.schneier.com/blog/archives/2023/04/cyberweapons-manufacturer-quadream-shuts-down.html www.secnews.physaphae.fr/article.php?IdArticle=8330885 False Threat None 3.0000000000000000 Checkpoint - Fabricant Materiel Securite Faits saillants: la recherche sur le point de contrôle révèle de nouvelles résultats liés à Manticore éduqué, un groupe hacktiviste lié à Phosphore, un acteur de menace affilié à l'Irano opérant au Moyen-Orient et en Amérique du Nord.L'éduqué Manticore a considérablement amélioré sa boîte à outils en incorporant des techniques rarement vues, en adoptant les tendances d'attaque actuelles et en utilisant des images ISO et d'autres fichiers d'archives pour initier des chaînes d'infection.La recherche met en lumière les leurres de l'attaque, qui a utilisé des langues hébreu et arabe, suggérant que des cibles étaient des entités en Israël.Les principales conclusions hacktivisme, piratage à des fins politiques ou sociales, sont en augmentation et ses agents sont de plus en plus sophistiqués.Comme [& # 8230;]

---

>Highlights: Check Point Research reveals new findings related to Educated Manticore, a hacktivist group related to Phosphorus, an Iranian-affiliated threat actor operating in the Middle East and North America. Educated Manticore has substantially enhanced its toolkit by incorporating seldom-seen techniques, embracing current attack trends, and employing ISO images and other archive files to initiate infection chains. The research puts a spotlight on the lures of the attack, which used Hebrew and Arabic languages, suggesting targets were entities in Israel. Main findings Hacktivism, hacking for political or social purposes, is on the rise and its agents are becoming more sophisticated. As […] ]]> 2023-04-25T10:05:41+00:00 https://blog.checkpoint.com/security/check-point-research-uncovers-rare-techniques-used-by-iranian-affiliated-threat-actor-targeting-israeli-entities/ www.secnews.physaphae.fr/article.php?IdArticle=8330865 False Threat APT 35 2.0000000000000000 Checkpoint Research - Fabricant Materiel Securite Résultats clés: Introduction Dans ce rapport, la recherche sur le point de contrôle révèle les nouvelles résultats d'un cluster d'activités étroitement liées au phosphore.La recherche présente une nouvelle chaîne d'infection améliorée conduisant au déploiement d'une nouvelle version de Powerless.Cet implant était & # 160; attribué & # 160; au phosphore dans le passé, un groupe de menaces affilié à l'Iran opérant au Moyen-Orient [& # 8230;]

---

>Key Findings: Introduction In this report, Check Point research reveals new findings of an activity cluster closely related to Phosphorus. The research presents a new and improved infection chain leading to the deployment of a new version of PowerLess. This implant was attributed to Phosphorus in the past, an Iran-affiliated threat group operating in the Middle East […] ]]> 2023-04-25T10:04:57+00:00 https://research.checkpoint.com/2023/educated-manticore-iran-aligned-threat-actor-targeting-israel-via-improved-arsenal-of-tools/ www.secnews.physaphae.fr/article.php?IdArticle=8330870 False Threat APT 35 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC It\'s important to understand that not all risks are created equal. While detection and incident response are critical, addressing risks that can be easily and relatively inexpensively mitigated is sensible. By eliminating the risks that can be controlled, considerable resources can be saved that would otherwise be needed to deal with a successful attack. Automation is the future of cybersecurity and incident response management. Organizations can rely on solutions that can automate an incident response protocol to help eliminate barriers, such as locating incident response plans, communicating roles and tasks to response teams, and monitoring actions during and after the threat. Establish Incident Response support before an attack In today’s rapidly changing threat environment, consider an Incident Response Retainer service which can help your organization with a team of cyber crisis specialists on speed dial, ready to take swift action. Choose a provider who can help supporting your organization at every stage of the incident response life cycle, from cyber risk assessment through remediation and recovery. Effective cybersecurity strategies are the first step in protecting your business against cybercrime. These strategies should include policies and procedures that can be used to identify and respond to potential threats and guidance on how to protect company data best. Outlining the roles and responsibilities of managing cybersecurity, especially during an economic downturn, is also essential. Managing vulnerabilities continues to be a struggle for many organizations today. It\'s essential to move from detecting vulnerabilities and weaknesses to remediation. Cybersecurity training is also crucial, as employees unaware of possible risks or failing to follow security protocols can leave the business open to attack. All employees must know how to identify phishing and follow the principle of verifying requests before trusting them. Penetration testing is an excellent way for businesses to reduce data breach risks, ensure compliance, and assure their supplier network that they are proactively safeguarding sensitive information. Successful incident response requires collaboration across an organization\'s internal and external parties. A top-down approach where senior leadership encourages a strong security culture encourages every department to do their part to support in case of an incident. Responding to a cloud incident requires understanding the differences between your visibility and control with on-premises resources and what you have in the cloud, which is especially important given the prevalence of hybrid models. Protective cybersecurity measures are essential for businesses, especially during economic downturns. By prioritizing cybersecurity, companie]]> 2023-04-25T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/improving-your-bottom-line-with-cybersecurity-top-of-mind www.secnews.physaphae.fr/article.php?IdArticle=8330871 False Data Breach,Threat,Cloud None 2.0000000000000000 The Register - Site journalistique Anglais Plus they are cliquey as all hell RSA Conference  While some spend sleepless nights worrying about the big four nation-state cyber threats, you shouldn\'t underestimate the ones possibly living under your roof: teenagers.…]]> 2023-04-25T09:44:04+00:00 https://go.theregister.com/feed/www.theregister.com/2023/04/25/mandiant_rsa_teenage_hackers/ www.secnews.physaphae.fr/article.php?IdArticle=8330866 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Russian-speaking threat actor behind a backdoor known as Tomiris is primarily focused on gathering intelligence in Central Asia, fresh findings from Kaspersky reveal. "Tomiris\'s endgame consistently appears to be the regular theft of internal documents," security researchers Pierre Delcher and Ivan Kwiatkowski said in an analysis published today. "The threat actor targets government and]]> 2023-04-24T19:30:00+00:00 https://thehackernews.com/2023/04/russian-hackers-tomiris-targeting.html www.secnews.physaphae.fr/article.php?IdArticle=8330610 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are employing a previously undocumented "defense evasion tool" dubbed AuKill that\'s designed to disable endpoint detection and response (EDR) software by means of a Bring Your Own Vulnerable Driver (BYOVD) attack. "The AuKill tool abuses an outdated version of the driver used by version 16.32 of the Microsoft utility, Process Explorer, to disable EDR processes before deploying]]> 2023-04-24T19:14:00+00:00 https://thehackernews.com/2023/04/ransomware-hackers-using-aukill-tool-to.html www.secnews.physaphae.fr/article.php?IdArticle=8330611 False Ransomware,Tool,Threat None 2.0000000000000000 Global Security Mag - Site de news francais Sonderberichte / Thales Data Threat Report 2023 , affiche

---

48 % der IT-Fachleute berichteten über einen Anstieg der Ransomware-Angriffe, wobei 22 % der Unternehmen in den letzten 12 Monaten von einem Ransomware-Angriff betroffen waren 51 % der Unternehmen haben keinen offiziellen Ransomware-Plan Von denjenigen, die in letzter Zeit von einer Datenschutzverletzung in der Cloud betroffen waren, gaben 55 % der Befragten menschliches Versagen als Hauptursache an Thales gibt die Veröffentlichung des Thales Data Threat Report 2023 bekannt, seines jährlichen Berichts über die neuesten Datensicherheitsbedrohungen, Trends und aktuellen Themen, der auf einer Umfrage unter fast 3.000 IT- und Sicherheitsexperten in 18 Ländern basiert. Der diesjährige Bericht stellt eine Zunahme von Ransomware-Angriffen und erhöhte Risiken für sensible Daten in der Cloud fest. - Sonderberichte / Thales Data Threat Report 2023 , affiche]]> 2023-04-24T17:42:01+00:00 https://www.globalsecuritymag.fr/Der-Thales-Data-Threat-Report-2023-zeigt-Zunahme-von-Ransomware-Angriffen-und.html www.secnews.physaphae.fr/article.php?IdArticle=8330678 False Threat,Cloud None 1.00000000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors have been observed leveraging a legitimate but outdated WordPress plugin to surreptitiously backdoor websites as part of an ongoing campaign, Sucuri revealed in a report published last week. The plugin in question is Eval PHP, released by a developer named flashpixx. It allows users to insert PHP code pages and posts of WordPress sites that\'s then executed every time the posts are]]> 2023-04-24T17:11:00+00:00 https://thehackernews.com/2023/04/hackers-exploit-outdated-wordpress.html www.secnews.physaphae.fr/article.php?IdArticle=8330577 False Threat None 2.0000000000000000 Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique Résumé Netskope Threat Labs suit une campagne de phishing qui imite une livraison de package FedEx comme appât pour voler les données de la carte de crédit.Ce type d'attaque d'ingénierie sociale se trouve couramment dans les pages de phishing, les e-mails et autres escroqueries, où un faux sentiment d'urgence est créé pour exhorter la victime à effectuer une action qui [& # 8230;]

---

>Summary Netskope Threat Labs is tracking a phishing campaign that mimics a FedEx package delivery as bait to steal credit card data. This type of social engineering attack is commonly found in phishing pages, emails, and other scams, where a false sense of urgency is created to urge the victim into doing an action that […] ]]> 2023-04-24T17:00:00+00:00 https://www.netskope.com/blog/fedex-phishing-campaign-abusing-trustedform-and-paay www.secnews.physaphae.fr/article.php?IdArticle=8330641 False Threat FedEx,FedEx 3.0000000000000000 Checkpoint Research - Fabricant Materiel Securite Pour les dernières découvertes de cyber-recherche pour la semaine du 24 avril, veuillez télécharger nos principales attaques de menace_ingence et violation de l'American Bar Association (ABA), la plus grande association mondiale d'avocats et de professionnels du droit, a subi une violation de données avec les pirates qui gagnentAccès aux anciennes références de 1 466 000 membres.La brèche a été d'abord [& # 8230;]

---

>For the latest discoveries in cyber research for the week of 24th April, please download our Threat_Intelligence Bulletin TOP ATTACKS AND BREACHES The American Bar Association (ABA), the largest global association of lawyers and legal professionals, has suffered a data breach with hackers gaining access to older credentials of 1,466,000 members. The breach was first […] ]]> 2023-04-24T16:06:53+00:00 https://research.checkpoint.com/2023/24th-april-threat-intelligence-report/ www.secnews.physaphae.fr/article.php?IdArticle=8330625 False Data Breach,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch Code property graphs and a threat feed powered by artificial narrow intelligence help developers incorporate AppSec into DevOps.]]> 2023-04-24T16:00:00+00:00 https://www.darkreading.com/dr-tech/qwiet-ai-builds-a-neural-net-to-catch-coding-vulnerabilities www.secnews.physaphae.fr/article.php?IdArticle=8330644 False Threat None 2.0000000000000000 Dark Reading - Informationweek Branch Deal strengthens ZeroFox\'s External Cybersecurity Platform with attack surface management (EASM) and threat intelligence capabilities.]]> 2023-04-24T15:32:00+00:00 https://www.darkreading.com/threat-intelligence/zerofox-to-acquire-lookingglass-broadening-global-attack-surface-intelligence-capabilities www.secnews.physaphae.fr/article.php?IdArticle=8330627 False Threat None 2.0000000000000000 Recorded Future - FLux Recorded Future Un incident de cybersécurité affectant un gazoduc canadien - qui a affirmé des hacktivistes pro-russes et un agent du renseignement aurait pu provoquer une explosion - est «un appel à l'action pour le secteur critique des infrastructures», selon le haut du Canada \\Cyber Officiel.L'incident a été révélé dans une mine de matériel de renseignement américain divulgué qui comprenait un

---

A cybersecurity incident affecting a Canadian gas pipeline - which pro-Russian hacktivists and an intelligence officer claimed could have caused an explosion - is “a call to action for the critical infrastructure sector,” according to Canada\'s top cyber official. The incident was revealed in a trove of leaked U.S. intelligence materials that included an apparently]]> 2023-04-24T14:36:00+00:00 https://therecord.media/russia-hacktivist-threat-to-canadian-pipelines-a-call-to-action www.secnews.physaphae.fr/article.php?IdArticle=8330626 False Threat None 2.0000000000000000 Global Security Mag - Site de news francais Produits]]> 2023-04-24T14:23:18+00:00 https://www.globalsecuritymag.fr/Trellix-annonce-son-intention-de-developper-Trellix-Threat-Intelligence.html www.secnews.physaphae.fr/article.php?IdArticle=8330606 False Threat None 2.0000000000000000 Global Security Mag - Site de news francais revues de produits

---

Zimperium Launches the Only Unified Mobile Security Platform for Threat Detection Visibility and Response for both Endpoints and Apps Integrated platform enables enterprises to seamlessly execute their mobile-first security strategy - Product Reviews]]> 2023-04-24T13:26:12+00:00 https://www.globalsecuritymag.fr/Zimperium-announced-the-launch-of-the-Zimperium-Mobile-First-Security-Platform.html www.secnews.physaphae.fr/article.php?IdArticle=8330596 True Threat None 2.0000000000000000 Dark Reading - Informationweek Branch Integrated platform enables enterprises to seamlessly execute their mobile-first security strategy.]]> 2023-04-24T13:00:00+00:00 https://www.darkreading.com/endpoint/zimperium-launches-the-only-unified-mobile-security-platform-for-threat-detection-visibility-and-response-for-both-endpoints-and-apps www.secnews.physaphae.fr/article.php?IdArticle=8330589 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new "all-in-one" stealer malware named EvilExtractor (also spelled Evil Extractor) is being marketed for sale for other threat actors to steal data and files from Windows systems. "It includes several modules that all work via an FTP service," Fortinet FortiGuard Labs researcher Cara Lin said. "It also contains environment checking and Anti-VM functions. Its primary purpose seems to be to]]> 2023-04-24T12:06:00+00:00 https://thehackernews.com/2023/04/new-all-in-one-evilextractor-stealer.html www.secnews.physaphae.fr/article.php?IdArticle=8330502 False Malware,Threat None 2.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Les plus grandes entreprises travaillant dans la cybersécurité industrielle construisent une plate-forme d'ockours précoce appelée Ethos pour partager des renseignements sur les menaces.

---

>The biggest companies working in industrial cybersecurity are building an early-warning platform called ETHOS to share threat intelligence. ]]> 2023-04-24T10:00:00+00:00 https://cyberscoop.com/emerging-threat-open-sharing-industrial-cybersecurity/ www.secnews.physaphae.fr/article.php?IdArticle=8330535 False Threat,Industrial None 3.0000000000000000 Kaspersky - Kaspersky Research blog We continued to track Tomiris as a separate threat actor over three new attack campaigns between 2021 and 2023, and our telemetry allowed us to shed light on the group. In this blog post, we\'re excited to share what we now know of Tomiris with the broader community, and discuss further evidence of a possible connection to Turla.]]> 2023-04-24T08:00:22+00:00 https://securelist.com/tomiris-called-they-want-their-turla-malware-back/109552/ www.secnews.physaphae.fr/article.php?IdArticle=8330517 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Lazarus, the prolific North Korean hacking group behind the cascading supply chain attack targeting 3CX, also breached two critical infrastructure organizations in the power and energy sector and two other businesses involved in financial trading using the trojanized X_TRADER application. The new findings, which come courtesy of Symantec\'s Threat Hunter Team, confirm earlier suspicions that the]]> 2023-04-22T12:16:00+00:00 https://thehackernews.com/2023/04/lazarus-xtrader-hack-impacts-critical.html www.secnews.physaphae.fr/article.php?IdArticle=8330173 False Hack,Threat APT 38 2.0000000000000000 Dark Reading - Informationweek Branch The medical imaging firm\'s systems were compromised by a threat actor, exposing patients\' driver\'s licenses and other identifying information.]]> 2023-04-21T20:33:00+00:00 https://www.darkreading.com/attacks-breaches/shields-health-breach-exposes-2-3m-users-data www.secnews.physaphae.fr/article.php?IdArticle=8330062 False Threat,Medical None 2.0000000000000000 Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique Google Drive continue d'être l'un des services cloud les plus maltraités par les acteurs de la menace, et la dernière édition (avril 2023) du rapport de menace des Horizons, publié par les chercheurs en sécurité dans le groupe d'analyse des menaces de Google (TAG), montre plusExemples intéressants de la façon dont les acteurs de menaces opportunistes et parrainés par l'État exploitent son service phare de stockage cloud, à [& # 8230;]

---

>Google Drive continues to be one of the most abused cloud services by threat actors, and the latest edition (April 2023) of the Threat Horizons Report, released by security researchers in Google\'s Threat Analysis Group (TAG), shows more interesting examples of how opportunistic and state-sponsored threat actors are exploiting its flagship cloud storage service, to […] ]]> 2023-04-21T19:49:00+00:00 https://www.netskope.com/blog/cloud-threats-memo-threat-actors-increasingly-exploiting-google-drive www.secnews.physaphae.fr/article.php?IdArticle=8330041 False Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have disclosed details of a now-patched zero-day flaw in Google Cloud Platform (GCP) that could have enabled threat actors to conceal an unremovable, malicious application inside a victim\'s Google account. Israeli cybersecurity startup Astrix Security, which discovered and reported the issue to Google on June 19, 2022, dubbed the shortcoming GhostToken. The issue]]> 2023-04-21T17:43:00+00:00 https://thehackernews.com/2023/04/ghosttoken-flaw-could-let-attackers.html www.secnews.physaphae.fr/article.php?IdArticle=8329931 False Threat,Cloud None 3.0000000000000000 Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique Netskope Threat Labs publie un article de blog de résumé mensuel des principales menaces que nous suivons sur la plate-forme Netskope.Le but de cet article est de fournir des renseignements stratégiques et exploitables sur les menaces actives contre les utilisateurs d'entreprise du monde entier.Les attaquants récapitulatifs continuent de tenter de voler sous le radar en utilisant des applications cloud pour fournir des logiciels malveillants, [& # 8230;]

---

>Netskope Threat Labs publishes a monthly summary blog post of the top threats we are tracking on the Netskope platform. The purpose of this post is to provide strategic, actionable intelligence on active threats against enterprise users worldwide. Summary Attackers continue to attempt to fly under the radar by using cloud apps to deliver malware, […] ]]> 2023-04-21T16:17:10+00:00 https://www.netskope.com/blog/netskope-threat-labs-stats-for-march-2023 www.secnews.physaphae.fr/article.php?IdArticle=8329984 False Threat,Cloud None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Secureworks\' Counter Threat Unit analyzed the findings in a report published on Thursday]]> 2023-04-21T15:30:00+00:00 https://www.infosecurity-magazine.com/news/trojanized-installers-distribute/ www.secnews.physaphae.fr/article.php?IdArticle=8329973 False Malware,Threat None 2.0000000000000000 Bleeping Computer - Magazine Américain The X_Trader software supply chain attack that led to last month\'s 3CX breach has also impacted at least several critical infrastructure organizations in the United States and Europe, according to Symantec\'s Threat Hunter Team. [...]]]> 2023-04-21T15:26:43+00:00 https://www.bleepingcomputer.com/news/security/critical-infrastructure-also-hit-by-supply-chain-attack-behind-3cx-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8330039 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The supply chain attack targeting 3CX was the result of a prior supply chain compromise associated with a different company, demonstrating a new level of sophistication with North Korean threat actors. Google-owned Mandiant, which is tracking the attack event under the moniker UNC4736, said the incident marks the first time it has seen a "software supply chain attack lead to another software]]> 2023-04-21T15:25:00+00:00 https://thehackernews.com/2023/04/nk-hackers-employ-matryoshka-doll-style.html www.secnews.physaphae.fr/article.php?IdArticle=8329907 False Threat None 2.0000000000000000