This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-06-28T07:10:35+00:00 www.secnews.physaphae.fr Security Affairs - Blog Secu Threat actors spread info-stealing malware through the search results for a pirated copy of the CCleaner Pro Windows optimization program. Researchers from Avast have uncovered a malware campaign, tracked as FakeCrack, spreading through the search results for a pirated copy of the CCleaner Pro Windows optimization program. The researchers pointed out that operators behind the campaign […] ]]> 2022-06-09T08:48:41+00:00 https://securityaffairs.co/wordpress/132076/cyber-crime/ccleaner-black-seo-malware-fakecrack.html www.secnews.physaphae.fr/article.php?IdArticle=5053642 False Malware CCleaner,CCleaner 3.0000000000000000 Bleeping Computer - Magazine Américain 2022-06-09T08:00:24+00:00 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ www.secnews.physaphae.fr/article.php?IdArticle=5055863 False Malware,Threat None 2.0000000000000000 CSO - CSO Daily Dashboard a new report. "Since the malware operates as a userland level rootkit, detecting an infection may be difficult. Network telemetry can be used to detect anomalous DNS requests and security tools such as AVs and EDRs should be statically linked to ensure they are not “infected” by userland rootkits."To read this article in full, please click here]]> 2022-06-09T07:48:00+00:00 https://www.csoonline.com/article/3663510/hackers-using-stealthy-linux-backdoor-symbiote-to-steal-credentials.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=5057805 False Malware,Tool,Threat None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-06-09T04:08:48+00:00 https://thehackernews.com/2022/06/symbiote-stealthy-linux-malware.html www.secnews.physaphae.fr/article.php?IdArticle=5056637 False Malware,Threat None None CSO - CSO Daily Dashboard malware spreading for sinister or baffling reasons has been a staple of cyberpunk novels and real-life news stories alike for decades. And in truth, there have been computer viruses on the internet since before it was the internet. This article will take a look at some of the most important milestones in the evolution of malware: These entries each represent a novel idea, a lucky break that revealed a gaping security hole, or an attack that turned to be particularly damaging-and sometimes all three.To read this article in full, please click here]]> 2022-06-09T02:00:00+00:00 https://www.csoonline.com/article/3663051/11-infamous-malware-attacks-the-first-and-the-worst.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=5053603 False Malware None None The Register - Site journalistique Anglais 2022-06-09T00:29:36+00:00 https://go.theregister.com/feed/www.theregister.com/2022/06/09/qbot-malware-microsoft-follina/ www.secnews.physaphae.fr/article.php?IdArticle=5048273 False Ransomware,Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-06-08T22:38:48+00:00 https://thehackernews.com/2022/06/new-emotet-variant-stealing-users.html www.secnews.physaphae.fr/article.php?IdArticle=5052480 False Malware None None Malwarebytes Labs - MalwarebytesLabs In this post, we'll give you an overview of five Linux malware families your SMB should be protecting itself against - and how they work. ]]> 2022-06-08T13:43:32+00:00 https://blog.malwarebytes.com/business-2/2022/06/5-linux-malware-families-smbs-should-protect-themselves-against/ www.secnews.physaphae.fr/article.php?IdArticle=5040677 False Malware None 3.0000000000000000 Bleeping Computer - Magazine Américain 2022-06-08T12:20:26+00:00 https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-credit-cards-from-google-chrome-users/ www.secnews.physaphae.fr/article.php?IdArticle=5042589 False Malware None None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2022-06-08T11:17:40+00:00 https://threatpost.com/black-basta-ransomware-qbot/179909/ www.secnews.physaphae.fr/article.php?IdArticle=5039154 False Ransomware,Malware None None Bleeping Computer - Magazine Américain 2022-06-08T10:55:57+00:00 https://www.bleepingcomputer.com/news/security/cuba-ransomware-returns-to-extorting-victims-with-updated-encryptor/ www.secnews.physaphae.fr/article.php?IdArticle=5041249 False Ransomware,Malware None None Kaspersky - Kaspersky Research blog 2022-06-08T10:00:27+00:00 https://securelist.com/router-security-2021/106711/ www.secnews.physaphae.fr/article.php?IdArticle=5040534 False Malware None None Bleeping Computer - Magazine Américain 2022-06-08T09:52:37+00:00 https://www.bleepingcomputer.com/news/security/poisoned-ccleaner-search-results-spread-information-stealing-malware/ www.secnews.physaphae.fr/article.php?IdArticle=5040579 False Malware CCleaner,CCleaner None Global Security Mag - Site de news francais Business]]> 2022-06-08T08:06:00+00:00 http://www.globalsecuritymag.fr/GLIMPS-editeur-francais-de,20220608,126330.html www.secnews.physaphae.fr/article.php?IdArticle=5036928 False Malware None 3.0000000000000000 Security Intelligence - Site de news Américain What TrickBot tells us about the future of malware  Malware attackers are increasingly sophisticated. Here’s what to know  On TrickBot and the future of malware    Malware threats have plagued organizations for decades, but that’s no reason to be complacent with a security strategy that has to date protected your organization. Now more than ever, malware is […] ]]> 2022-06-08T01:26:57+00:00 https://securityintelligence.com/posts/what-trickbot-tells-us-about-the-future-of/ www.secnews.physaphae.fr/article.php?IdArticle=5031993 False Malware,Threat None None TrendLabs Security - Editeur Antivirus ]]> 2022-06-08T00:00:00+00:00 https://www.trendmicro.com/en_us/research/22/f/cuba-ransomware-group-s-new-variant-found-using-optimized-infect.html www.secnews.physaphae.fr/article.php?IdArticle=5037926 False Ransomware,Malware None None Bleeping Computer - Magazine Américain 2022-06-07T18:24:11+00:00 https://www.bleepingcomputer.com/news/security/new-svcready-malware-loads-from-word-doc-properties/ www.secnews.physaphae.fr/article.php?IdArticle=5029080 False Malware None None Bleeping Computer - Magazine Américain 2022-06-07T18:03:35+00:00 https://www.bleepingcomputer.com/news/security/qbot-malware-now-uses-windows-msdt-zero-day-in-phishing-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=5028146 False Malware None None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence WinDealer Dealing on the Side (published: June 2, 2022) Kaspersky researchers detected a man-on-the-side attack used by China-sponsored threat group LuoYu. Man-on-the-side is similar to man-in-the-middle (MitM) attack; the attacker has regular access to the communication channel. In these attacks LuoYu were using a potent modular malware dubbed WinDealer that can serve as a backdoor, downloader, and infostealer. The URL that distributes WinDealer is benign, but on rare conditions serves the malware. One WinDealer sample was able to use a random IP from 48,000 IP addresses of two Chinese IP ranges. Another WinDealer sample was programmed to interact with a non-existent domain name, www[.]microsoftcom. Analyst Comment: Man-on-the-side attacks are hard to detect. Defense would require a constant use of a VPN to avoid networks that the attacker has access to. A defense-in-depth (layering of security mechanisms, redundancy, fail-safe defense processes) approach is a good mitigation step to help prevent actors from advanced threat groups. MITRE ATT&CK: [MITRE ATT&CK] Man-in-the-Middle - T1557 | [MITRE ATT&CK] Obfuscated Files or Information - T1027 | [MITRE ATT&CK] Deobfuscate/Decode Files or Information - T1140 | [MITRE ATT&CK] Ingress Tool Transfer - T1105 | [MITRE ATT&CK] File and Directory Discovery - T1083 | [MITRE ATT&CK] Modify Registry - T1112 | [MITRE ATT&CK] Screen Capture - T1113 | [MITRE ATT&CK] Process Discovery - T1057 Tags: Man-on-the-side attack, WinDealer, LuoYu, SpyDealer, Demsty, Man-in-the-middle, APT, EU, target-region:EU, North America, Russia, China, source-country:CN, target-country:CN, Germany, target-country:DE, Austria, target-country:AT, USA, target-country:US, Czech Republic, target-country:CZ, Russia, target-country:RU, India, target-country:IN. Analysis of the Massive NDSW/NDSX Malware Campaign (published: June 2, 2022) Sucuri researchers describe the NDSW/NDSX (Parrot TDS) malware campaign that compromises websites to distribute other malware via fake update notifications. Currently one of the top threats involving compromised websites, NDSW/NDSX began operation in or before February 2019. This campaign utilizes various exploits including those based on newly-disclosed and zero-day vulnerabilities. After the compromise, the NDSW JavaScript is injected often followed by the PHP proxy script that loads the payload on the server side to hide the malware staging server. Next step involves the NDSX script downloading ]]> 2022-06-07T17:41:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-man-on-the-side-attack-affects-48000-ip-addresses-iran-outsources-cyberespionage-to-lebanon-xloader-complex-randomization-to-contact-mostly-fake-c2-domains-and-more www.secnews.physaphae.fr/article.php?IdArticle=5024723 False Malware,Tool,Vulnerability,Threat None None Dark Reading - Informationweek Branch 2022-06-07T13:38:41+00:00 https://www.darkreading.com/attacks-breaches/akamai-launches-new-malware-protection-for-uploaded-files www.secnews.physaphae.fr/article.php?IdArticle=5021876 False Malware None None UnderNews - Site de news "pirate" francais Bitdefender a publié de nouvelles recherches sur une campagne européenne de diffusion du malware Flubot et d'infection des appareils Android et iOS par smishing. The post Recherches Bitdefender : La nouvelle campagne Flubot cible l'Europe first appeared on UnderNews.]]> 2022-06-07T13:38:41+00:00 https://www.undernews.fr/telephonie-phreaking-voip/recherches-bitdefender-la-nouvelle-campagne-flubot-cible-leurope.html www.secnews.physaphae.fr/article.php?IdArticle=5021695 False Malware None None Global Security Mag - Site de news francais Investigations]]> 2022-06-07T12:09:01+00:00 http://www.globalsecuritymag.fr/Mobile-Banking-Heists-The-Global,20220607,126282.html www.secnews.physaphae.fr/article.php?IdArticle=5021559 False Malware,Threat None None Security Affairs - Blog Secu The QBot malware operation has partnered with Black Basta ransomware group to target organizations worldwide. Researchers from NCC Group spotted a new partnership in the threat landscape between the Black Basta ransomware group and the QBot malware operation. Black Basta has been active since April 2022, like other ransomware operations, it implements a double-extortion attack […] ]]> 2022-06-07T08:55:47+00:00 https://securityaffairs.co/wordpress/132018/hacking/black-basta-ransomware-qbot.html www.secnews.physaphae.fr/article.php?IdArticle=5020098 False Ransomware,Malware,Threat None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-06-07T01:14:19+00:00 https://thehackernews.com/2022/06/researchers-warn-of-spam-campaign.html www.secnews.physaphae.fr/article.php?IdArticle=5020523 False Spam,Malware,Threat None None Bleeping Computer - Magazine Américain 2022-06-06T17:01:20+00:00 https://www.bleepingcomputer.com/news/security/qbot-now-pushes-black-basta-ransomware-in-bot-powered-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=5015657 False Ransomware,Malware None None Bleeping Computer - Magazine Américain 2022-06-04T10:08:04+00:00 https://www.bleepingcomputer.com/news/security/smsfactory-android-malware-sneakily-subscribes-to-premium-services/ www.secnews.physaphae.fr/article.php?IdArticle=4974569 False Malware None None Security Affairs - Blog Secu Chinese LuoYu Hackers Using Man-on-the-Side Attacks to Deploy WinDealer Backdoor An “extremely sophisticated” China-linked APT tracked as LuoYu was delivering malware called WinDealer via man-on-the-side attacks. Researchers from Kaspersky have uncovered an “extremely sophisticated” China-linked APT group, tracked as LuoYu, that has been observed using a malicious Windows tool called WinDealer. LuoYu has been active since at […] ]]> 2022-06-03T23:46:21+00:00 https://securityaffairs.co/wordpress/131921/apt/luoyu-apt-windealer.html www.secnews.physaphae.fr/article.php?IdArticle=4960331 False Malware,Tool None None The Register - Site journalistique Anglais 2022-06-03T22:55:42+00:00 https://go.theregister.com/feed/www.theregister.com/2022/06/03/evil-corp-ransomware-sanctions/ www.secnews.physaphae.fr/article.php?IdArticle=4959603 False Malware None None Fortinet ThreatSignal - Harware Vendor 2022-06-03T18:50:53+00:00 https://fortiguard.fortinet.com/threat-signal-report/4613 www.secnews.physaphae.fr/article.php?IdArticle=4962156 False Malware,Tool,Vulnerability,Threat None None The Last Watchdog - Blog Sécurité de Byron V Acohido Covid 19 ruses used in email attacks At RSA Conference 2022, which takes place next week in … (more…) ]]> 2022-06-03T13:03:24+00:00 https://www.lastwatchdog.com/rsac-insights-malware-is-now-spreading-via-weaponized-files-circulating-in-data-lakes-file-shares/ www.secnews.physaphae.fr/article.php?IdArticle=4951722 False Malware None None The Register - Site journalistique Anglais 2022-06-03T12:30:11+00:00 https://go.theregister.com/feed/www.theregister.com/2022/06/03/clipminer-cryptocurrency-millions/ www.secnews.physaphae.fr/article.php?IdArticle=4950923 False Malware None None Fortinet ThreatSignal - Harware Vendor 2022-06-03T09:50:26+00:00 https://fortiguard.fortinet.com/threat-signal-report/4612 www.secnews.physaphae.fr/article.php?IdArticle=4954293 False Malware,Vulnerability None None Fortinet ThreatSignal - Harware Vendor 2022-06-03T09:37:18+00:00 https://fortiguard.fortinet.com/threat-signal-report/4610 www.secnews.physaphae.fr/article.php?IdArticle=4954294 False Ransomware,Malware,Tool,Threat None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-06-03T02:58:38+00:00 https://thehackernews.com/2022/06/researchers-uncover-malware-controlling.html www.secnews.physaphae.fr/article.php?IdArticle=4949176 False Malware None 3.0000000000000000 Dark Reading - Informationweek Branch 2022-06-02T15:00:09+00:00 https://www.darkreading.com/application-security/clipminer-malware-actors-steal-17-million-clipboard-hijacking www.secnews.physaphae.fr/article.php?IdArticle=4933056 False Malware None 4.0000000000000000 InformationSecurityBuzzNews - Site de News Securite 2022-06-02T13:18:32+00:00 https://informationsecuritybuzz.com/expert-comments/enemybot-malware-adds-exploits-for-critical-vmware-f5-big-ip-flaws-what-do-you-think/ www.secnews.physaphae.fr/article.php?IdArticle=4932266 True Malware None None Global Security Mag - Site de news francais Malwares]]> 2022-06-02T13:05:04+00:00 http://www.globalsecuritymag.fr/Rapport-ESET-T1-2022-Analyse-d,20220602,126113.html www.secnews.physaphae.fr/article.php?IdArticle=4932552 False Malware None None Bleeping Computer - Magazine Américain 2022-06-02T12:36:52+00:00 https://www.bleepingcomputer.com/news/security/chinese-luoyu-hackers-deploy-cyber-espionage-malware-via-app-updates/ www.secnews.physaphae.fr/article.php?IdArticle=4934050 False Malware None None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2022-06-02T11:18:47+00:00 https://threatpost.com/international-authorities-take-down-flubot-malware-network/179825/ www.secnews.physaphae.fr/article.php?IdArticle=4931170 False Malware None None Kaspersky - Kaspersky Research blog 2022-06-02T10:00:30+00:00 https://securelist.com/windealer-dealing-on-the-side/105946/ www.secnews.physaphae.fr/article.php?IdArticle=4930220 False Malware None 2.0000000000000000 Bleeping Computer - Magazine Américain 2022-06-02T08:08:11+00:00 https://www.bleepingcomputer.com/news/security/clipminer-malware-gang-stole-17m-by-hijacking-crypto-payments/ www.secnews.physaphae.fr/article.php?IdArticle=4931884 False Malware,Threat None None The Register - Site journalistique Anglais 2022-06-02T08:03:13+00:00 https://go.theregister.com/feed/www.theregister.com/2022/06/02/flubot_malware_squashed/ www.secnews.physaphae.fr/article.php?IdArticle=4929225 False Malware None None Mandiant - Blog Sécu de Mandiant 2022-06-02T06:00:00+00:00 https://www.mandiant.com/resources/blog/unc2165-shifts-to-evade-sanctions www.secnews.physaphae.fr/article.php?IdArticle=8377460 False Ransomware,Malware None 4.0000000000000000 CSO - CSO Daily Dashboard ransomware schemes are planning to take any time to rest. Ransomware was all over the infosec news headlines in the past week, with one new report revealing that its presence has grown more in the last year than in the past several years combined.Here's roundup of noteworthy ransomware stories you might have missed.DBIR finds ransomware increased by double digits Verizon Business' annual Data Breach Investigations Report (DBIR) is out and confirms what many CISOs already know: ransomware continues to plague business. Ransomware-related breach instances rose 13%, an increase larger than in the past 5 years combined.To read this article in full, please click here]]> 2022-06-02T02:00:00+00:00 https://www.csoonline.com/article/3662038/ransomware-roundup-system-locking-malware-dominates-headlines.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=4930072 False Ransomware,Data Breach,Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-06-02T01:38:51+00:00 https://thehackernews.com/2022/06/sidewinder-hackers-use-fake-android-vpn.html www.secnews.physaphae.fr/article.php?IdArticle=4930336 False Malware,Tool,Threat APT-C-17 None Dark Reading - Informationweek Branch 2022-06-01T21:08:04+00:00 https://www.darkreading.com/mobile/flubot-android-malware-operation-disrupted www.secnews.physaphae.fr/article.php?IdArticle=4923655 False Malware,Threat None None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Credit Card Stealer Targets PsiGate Payment Gateway Software (published: May 25, 2022) Sucuri Researchers have detailed their findings on a MageCart skimmer that had been discovered within the Magento payment portal. Embedded within the core_config_data table of Magento’s database, the skimmer was obfuscated and encoded with CharCode. Once deobfuscated, a JavaScript credit card stealer was revealed. The stealer is able to acquire text and fields that are submitted to the payment page, including credit card numbers and expiry dates. Once stolen, a synchronous AJAX is used to exfiltrate the data. Analyst Comment: Harden endpoint security and utilize firewalls to block suspicious activity to help mitigate against skimmer injection. Monitor network traffic to identify anomalous behavior that may indicate C2 activity. MITRE ATT&CK: [MITRE ATT&CK] Exfiltration Over C2 Channel - T1041 | [MITRE ATT&CK] Data Encoding - T1132 | [MITRE ATT&CK] Input Capture - T1056 Tags: MageCart, skimmer, JavaScript Magento, PsiGate, AJAX How the Saitama Backdoor uses DNS Tunneling (published: May 25, 2022) MalwareBytes Researchers have released their report detailing the process behind which the Saitama backdoor utilizes DNS tunneling to stealthy communicate with command and control (C2) infrastructure. DNS tunneling is an effective way to hide C2 communication as DNS traffic serves a vital function in modern day internet communications thus blocking DNS traffic is almost never done. Saitama formats its DNS lookups with the structure of a domain consisting of message, counter . root domain. Data is encoded utilizing a hardcoded base36 alphabet. There are four types of messages that Saitama can send using this method: Make Contact to establish communication with a C2 domain, Ask For Command to get the expected size of the payload to be delivered, Get A Command in which Saitama will make Receive requests to retrieve payloads and instructions and finally Run The Command in which Saitama runs the instructions or executes the payload and sends the results to the established C2. Analyst Comment: Implement an effective DNS filtering system to block malicious queries. Furthermore, maintaining a whitelist of allowed applications for installation will assist in preventing malware like Saitama from being installed. MITRE ATT&CK: [MITRE ATT&CK] Data Encoding - T1132 | [MITRE ATT&CK] Exfiltration Over C2 Channel - T1041 Tags: C2, DNS, Saitama, backdoor, base36, DNS tunneling ]]> 2022-06-01T17:47:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-turlas-new-phishing-based-reconnaissance-campaign-in-eastern-europe-unknown-apt-group-has-targeted-russia-repeatedly-since-ukraine-invasion-and-more www.secnews.physaphae.fr/article.php?IdArticle=4921519 False Ransomware,Malware,Tool,Threat APT 19 None InfoSecurity Mag - InfoSecurity Magazine 2022-06-01T16:30:00+00:00 https://www.infosecurity-magazine.com/news/europol-confirms-takedown-flubot/ www.secnews.physaphae.fr/article.php?IdArticle=4921558 False Malware None None SecurityWeek - Security News 2022-06-01T11:44:02+00:00 https://www.securityweek.com/europol-announces-takedown-flubot-mobile-spyware www.secnews.physaphae.fr/article.php?IdArticle=4918372 False Malware None None The Register - Site journalistique Anglais 2022-06-01T10:02:09+00:00 https://go.theregister.com/feed/www.theregister.com/2022/06/01/phishing-rat-bitrat-fortinet/ www.secnews.physaphae.fr/article.php?IdArticle=4917240 False Malware None None Bleeping Computer - Magazine Américain 2022-06-01T09:31:39+00:00 https://www.bleepingcomputer.com/news/security/flubot-android-malware-operation-shutdown-by-law-enforcement/ www.secnews.physaphae.fr/article.php?IdArticle=4919240 False Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-06-01T05:36:29+00:00 https://thehackernews.com/2022/06/flubot-android-spyware-taken-down-by.html www.secnews.physaphae.fr/article.php?IdArticle=4919301 False Malware,Threat None None The Register - Site journalistique Anglais 2022-06-01T03:47:40+00:00 https://go.theregister.com/feed/www.theregister.com/2022/06/01/enemybot-botnet-exploits/ www.secnews.physaphae.fr/article.php?IdArticle=4914030 False Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-06-01T02:16:04+00:00 https://thehackernews.com/2022/06/new-xloader-botnet-version-using.html www.secnews.physaphae.fr/article.php?IdArticle=4917685 False Malware None None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2022-05-31T12:24:44+00:00 https://threatpost.com/enemybot-malware-targets-web-servers-cms-tools-and-android-os/179765/ www.secnews.physaphae.fr/article.php?IdArticle=4903903 False Malware,Tool None None Bleeping Computer - Magazine Américain 2022-05-31T11:45:04+00:00 https://www.bleepingcomputer.com/news/security/new-xloader-botnet-uses-probability-theory-to-hide-its-servers/ www.secnews.physaphae.fr/article.php?IdArticle=4906023 False Malware,Threat None None Fortinet ThreatSignal - Harware Vendor 2022-05-31T10:18:52+00:00 https://fortiguard.fortinet.com/threat-signal-report/4603 www.secnews.physaphae.fr/article.php?IdArticle=4907220 False Malware,Tool,Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-05-31T04:42:50+00:00 https://thehackernews.com/2022/05/latest-mobile-malware-report-suggests.html www.secnews.physaphae.fr/article.php?IdArticle=4904119 False Malware,Threat None None TrendLabs Security - Editeur Antivirus ]]> 2022-05-31T00:00:00+00:00 https://www.trendmicro.com/en_us/research/22/e/patch-your-wso2-cve-2022-29464-exploited-to-install-linux-compatible-cobalt-strike-beacons-other-malware.html www.secnews.physaphae.fr/article.php?IdArticle=4903305 False Malware None None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2022-05-30T14:53:18+00:00 https://threatpost.com/zero-day-follina-bug-lays-older-microsoft-office-versions-open-to-attack/179756/ www.secnews.physaphae.fr/article.php?IdArticle=4895619 False Malware None None InformationSecurityBuzzNews - Site de News Securite 2022-05-30T10:58:03+00:00 https://informationsecuritybuzz.com/articles/part-2-practices-procedures-and-mitigations/ www.secnews.physaphae.fr/article.php?IdArticle=4893887 False Malware,Threat None None SANS Institute - SANS est un acteur de defense et formation 1] who reported an interesting Word document. Office documents have been a common way to drop malware into victims’ computers for a while. We have to fight against VBA macros, XLS 4 macros, embedded payload, etc. But the one described here is interesting. ]]> 2022-05-30T10:12:04+00:00 https://isc.sans.edu/diary/rss/28694 www.secnews.physaphae.fr/article.php?IdArticle=4894071 False Malware None None Security Affairs - Blog Secu The operators of the EnemyBot botnet added exploits for recently disclosed flaws in VMware, F5 BIG-IP, and Android systems. Operators behind the EnemyBot botnet are expanding the list of potential targets adding exploits for recently disclosed critical vulnerabilities in from VMware, F5 BIG-IP, and Android. The botnet was first discovered by Fortinet in March, the […] ]]> 2022-05-30T07:09:17+00:00 https://securityaffairs.co/wordpress/131783/malware/enemybot-botnet-new-exploits.html www.secnews.physaphae.fr/article.php?IdArticle=4891900 False Malware None 5.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-05-30T02:30:19+00:00 https://thehackernews.com/2022/05/enemybot-linux-botnet-now-exploits-web.html www.secnews.physaphae.fr/article.php?IdArticle=4894099 False Malware None None CSO - CSO Daily Dashboard internet of things (IoT) devices. Still, not enough is done to protect the machines running it."Linux malware has been massively overlooked," says Giovanni Vigna, senior director of threat intelligence at VMware. "Since most of the cloud hosts run Linux, being able to compromise Linux-based platforms allows the attacker to access an enormous amount of resources or to inflict substantial damage through ransomware and wipers."To read this article in full, please click here]]> 2022-05-30T02:00:00+00:00 https://www.csoonline.com/article/3662151/linux-malware-is-on-the-rise-6-types-of-attacks-to-look-for.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=4893170 False Malware,Threat None None Bleeping Computer - Magazine Américain 2022-05-29T12:39:55+00:00 https://www.bleepingcomputer.com/news/security/enemybot-malware-adds-exploits-for-critical-bugs-in-vmware-f5-big-ip/ www.secnews.physaphae.fr/article.php?IdArticle=4880657 False Malware None None Bleeping Computer - Magazine Américain 2022-05-29T12:39:55+00:00 https://www.bleepingcomputer.com/news/security/enemybot-malware-adds-exploits-for-critical-vmware-f5-big-ip-flaws/ www.secnews.physaphae.fr/article.php?IdArticle=4881421 True Malware None None Bleeping Computer - Magazine Américain 2022-05-29T11:15:22+00:00 https://www.bleepingcomputer.com/news/security/mobile-trojan-detections-rise-as-malware-distribution-level-declines/ www.secnews.physaphae.fr/article.php?IdArticle=4880658 False Malware None None Security Affairs - Blog Secu 360 Qihoo reported DDoS attacks launched by APT-C-53 (aka Gamaredon) conducted through the open-source DDoS Trojan program LOIC. Researchers at 360 Qihoo observed a wave of DDoS attacks launched by Russia-linked APT-C-53 (aka Gamaredon) and reported that the threat actors also released as open-source the code of a DDoS Trojan called LOIC. The instances of the malware spotted by the experts […] ]]> 2022-05-28T15:55:27+00:00 https://securityaffairs.co/wordpress/131762/apt/gamaredon-apt-ddos-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=4860568 False Malware,Threat None None Security Affairs - Blog Secu The recently launched Industrial Spy data extortion marketplace has now started its ransomware operation. In April, Malware HunterTeam and Bleeping Computer reported the launch of a new dark web marketplace called Industrial Spy that sells stolen data and offers free stolen data to its members. MalwareHunterTeam researchers spotted malware samples [1, 2] that drop the following wallpaper that promotes […] ]]> 2022-05-28T15:02:13+00:00 https://securityaffairs.co/wordpress/131754/cyber-crime/industrial-spy-cuba-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=4859740 False Ransomware,Malware None None Bleeping Computer - Magazine Américain 2022-05-28T10:01:33+00:00 https://www.bleepingcomputer.com/news/security/new-windows-subsystem-for-linux-malware-steals-browser-auth-cookies/ www.secnews.physaphae.fr/article.php?IdArticle=4860706 False Malware None None Dark Reading - Informationweek Branch 2022-05-27T16:07:03+00:00 https://www.darkreading.com/threat-intelligence/chaos-yashma-variant--wiper-encryption www.secnews.physaphae.fr/article.php?IdArticle=4841715 False Malware None None Dark Reading - Informationweek Branch 2022-05-27T15:49:24+00:00 https://www.darkreading.com/application-security/chromeloader-malware-hijacks-browsers-iso-files www.secnews.physaphae.fr/article.php?IdArticle=4840934 False Malware None None Fortinet - Fabricant Materiel Securite ]]> 2022-05-27T14:18:00+00:00 https://www.fortinet.com/blog/threat-research/phishing-campaign-delivering-fileless-malware-part-two www.secnews.physaphae.fr/article.php?IdArticle=4842379 True Malware None None The Register - Site journalistique Anglais 2022-05-27T11:26:09+00:00 https://go.theregister.com/feed/www.theregister.com/2022/05/27/chromeloader-malware-powershell/ www.secnews.physaphae.fr/article.php?IdArticle=4837588 False Malware None None Kaspersky - Kaspersky Research blog 2022-05-27T08:00:46+00:00 https://securelist.com/it-threat-evolution-in-q1-2022-mobile-statistics/106589/ www.secnews.physaphae.fr/article.php?IdArticle=4834228 False Ransomware,Malware,Threat None 5.0000000000000000 Kaspersky - Kaspersky Research blog 2022-05-27T08:00:05+00:00 https://securelist.com/it-threat-evolution-in-q1-2022-non-mobile-statistics/106531/ www.secnews.physaphae.fr/article.php?IdArticle=4834230 False Malware,Threat None 2.0000000000000000 Security Affairs - Blog Secu Researchers warn of a new malvertising campaign spreading the ChromeLoader malware that hijacks the victims’ browsers. Researchers from Red Canary observed a new malvertising campaign spreading the ChromeLoader malware that hijacks the victims’ browsers. ChromeLoader is a malicious Chrome browser extension, it is classified as a pervasive browser hijacker that modifies browser settings to redirect […] ]]> 2022-05-26T14:38:43+00:00 https://securityaffairs.co/wordpress/131685/malware/chromeloader-malspam-campaign.html www.secnews.physaphae.fr/article.php?IdArticle=4821145 False Malware None None Security Intelligence - Site de news Américain Every year, the IBM Security X-Force team of cybersecurity experts mines billions of data points to reveal today’s most urgent security statistics and trends. This year’s X-Force Threat Intelligence Index 2022 digs into attack types, infection vectors, top threat actors, malware trends and industry-specific insights.  This year, a new industry took the infamous top spot: […] ]]> 2022-05-26T13:00:00+00:00 https://securityintelligence.com/articles/lessons-learned-top-cyberattacks-x-force/ www.secnews.physaphae.fr/article.php?IdArticle=4820795 False Malware,Threat None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-05-26T03:24:57+00:00 https://thehackernews.com/2022/05/experts-warn-of-rise-in-chromeloader.html www.secnews.physaphae.fr/article.php?IdArticle=4819368 False Malware,Threat None None Bleeping Computer - Magazine Américain 2022-05-26T03:16:08+00:00 https://www.bleepingcomputer.com/news/security/new-ermac-20-android-malware-steals-accounts-wallets-from-467-apps/ www.secnews.physaphae.fr/article.php?IdArticle=4819311 False Malware None None Malwarebytes Labs - MalwarebytesLabs Malware attacks against Linux systems are on the rise. And when it comes to bot malware, XorDDoS is the frontrunner. ]]> 2022-05-25T15:48:19+00:00 https://blog.malwarebytes.com/reports/2022/05/massive-increase-in-xorddos-linux-malware-in-last-six-months/ www.secnews.physaphae.fr/article.php?IdArticle=4804686 False Malware None None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2022-05-25T13:18:17+00:00 https://threatpost.com/chaos-onyx-and-yashma-ransomware/179730/ www.secnews.physaphae.fr/article.php?IdArticle=4802924 False Ransomware,Malware None None Bleeping Computer - Magazine Américain 2022-05-25T13:00:00+00:00 https://www.bleepingcomputer.com/news/security/new-chromeloader-malware-surge-threatens-browsers-worldwide/ www.secnews.physaphae.fr/article.php?IdArticle=4806098 False Malware None None Bleeping Computer - Magazine Américain 2022-05-25T07:21:30+00:00 https://www.bleepingcomputer.com/news/security/bpfdoor-malware-uses-solaris-vulnerability-to-get-root-privileges/ www.secnews.physaphae.fr/article.php?IdArticle=4801634 False Malware,Vulnerability,Threat None None CSO - CSO Daily Dashboard a new report. "As the malware is initially sold and distributed as a malware builder, any threat actor who purchases the malware can replicate the actions of the threat group behind Onyx, developing their own ransomware strains and targeting chosen victims."To read this article in full, please click here]]> 2022-05-25T07:02:00+00:00 https://www.csoonline.com/article/3661633/chaos-ransomware-explained-a-rapidly-evolving-threat.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=4803660 False Ransomware,Malware,Threat None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-05-25T02:39:51+00:00 https://thehackernews.com/2022/05/researchers-find-new-malware-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=4800969 False Malware,Threat None None The Register - Site journalistique Anglais 2022-05-24T21:33:21+00:00 https://go.theregister.com/feed/www.theregister.com/2022/05/24/zoom_rce_bug_patched/ www.secnews.physaphae.fr/article.php?IdArticle=4791400 False Malware None None Tech Worm - Desc Security researchers with Google’s Threat Analysis Group (TAG) recently published a report on a spyware campaign detailing how Android smartphone users across the globe were targeted using a new malware called “PREDATOR”. According to the report, the threat actors used to spread PREDATOR through another piece of mobile malware called ALIEN, which was a precursor […] ]]> 2022-05-24T18:26:58+00:00 https://www.techworm.net/2022/05/cytroxs-predator-sypware-is-targeting-android-smartphones.html www.secnews.physaphae.fr/article.php?IdArticle=4789043 False Malware,Threat None None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence VMware Vulnerabilities Exploited in the Wild (CVE-2022-22954 and Others) (published: May 20, 2022) In April 2022, VMware publicly revealed several vulnerabilities affecting its products, and by May 2022 Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive to mitigate two of the VMware vulnerabilities (CVE-2022-22954 and CVE-2022-22960). CVE-2022-22954 is a remote code execution (RCE) vulnerability using server-side template injection to target VMware Workspace ONE Access and Identity Manager. It can be easily exploited with a single HTTP request to a vulnerable device and was seen delivering various payloads including coinminers, Perl Shellbots, Scanning/Callbacks, and Webshells. CVE-2022-22954 is also being exploited to drop variants of the Mirai/Gafgyt, and in the case of the observed Enemybot variant, final payloads themselves embed CVE-2022-22954 exploits for further exploitation and propagation. Analyst Comment: Update impacted VMware products to the latest version or remove impacted versions from organizational networks. If a compromise is detected, immediately isolate affected systems, collect relevant logs and artifacts, and consider incident response services. MITRE ATT&CK: [MITRE ATT&CK] Exploit Public-Facing Application - T1190 | [MITRE ATT&CK] Ingress Tool Transfer - T1105 | [MITRE ATT&CK] Command and Scripting Interpreter - T1059 | [MITRE ATT&CK] Account Manipulation - T1098 | [MITRE ATT&CK] Obfuscated Files or Information - T1027 | [MITRE ATT&CK] Deobfuscate/Decode Files or Information - T1140 | [MITRE ATT&CK] Resource Hijacking - T1496 | [MITRE ATT&CK] Network Denial of Service - T1498 Tags: VMware, Perl Shellbot, Stealth Shellbot, Godzilla Webshell, Gafgyt, Mirai, XMRig, Coinminer, CVE-2022-22958, CVE-2022-22959, CVE-2022-22960, CVE-2017-17215, CVE-2022-22961, CVE-2022-22954, CVE-2022-22955, CVE-2022-22956, CVE-2022-22957, CVE-2022-22973, CVE-2022-22972, Linux, Server-side template injection, RCE DisCONTInued: The End of Conti’s Brand Marks New Chapter For Cybercrime Landscape (published: May 20, 2022) Advanced Intel researchers report that Conti ransomware group (Wizard Spider) is in the long-planned process of discontinuing its brand and has turned off its infrastructure including their negotiations service site and the admin panel of the Conti official website. The attack on Costa Rica was intentionally causing publicity ]]> 2022-05-24T17:29:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-contis-talent-goes-to-other-ransom-groups-china-based-espionage-targets-russia-xorddos-stealthy-linux-trojan-is-on-the-rise-and-more www.secnews.physaphae.fr/article.php?IdArticle=4788392 False Ransomware,Malware,Tool,Vulnerability,Threat None None Fortinet ThreatSignal - Harware Vendor 2022-05-24T13:32:10+00:00 https://fortiguard.fortinet.com/threat-signal-report/4596 www.secnews.physaphae.fr/article.php?IdArticle=4790511 False Malware,Vulnerability,Threat,Guideline None None Fortinet ThreatSignal - Harware Vendor 2022-05-24T13:31:49+00:00 https://fortiguard.fortinet.com/threat-signal-report/4595 www.secnews.physaphae.fr/article.php?IdArticle=4790512 False Malware,Threat None None Fortinet ThreatSignal - Harware Vendor 2022-05-24T13:23:37+00:00 https://fortiguard.fortinet.com/threat-signal-report/4534 www.secnews.physaphae.fr/article.php?IdArticle=4790515 False Malware None None TechRepublic - Security News US 2022-05-24T13:01:02+00:00 https://www.techrepublic.com/article/ransomware-incidents-increase-again/ www.secnews.physaphae.fr/article.php?IdArticle=4786421 False Ransomware,Malware None None SecurityWeek - Security News 2022-05-24T10:41:48+00:00 https://www.securityweek.com/cybersecurity-community-warned-fake-poc-exploits-delivering-malware www.secnews.physaphae.fr/article.php?IdArticle=4783754 False Malware,Threat None None The Register - Site journalistique Anglais 2022-05-24T10:04:08+00:00 https://go.theregister.com/feed/www.theregister.com/2022/05/24/hp-pdf-phishing-malware/ www.secnews.physaphae.fr/article.php?IdArticle=4783060 False Malware,Vulnerability None None Security Affairs - Blog Secu Interpol Secretary warns that nation-state malware will become available on the cybercrime underground in a couple of years. Interpol Secretary General Jurgen Stock declared that nation-state malwre will become available on the darknet in a couple of years. In the ongoing conflict between Russia and Ukraine, the malware developed by both nation-state actors and non […] ]]> 2022-05-24T09:06:15+00:00 https://securityaffairs.co/wordpress/131618/cyber-crime/nation-state-malware-dark-web.html www.secnews.physaphae.fr/article.php?IdArticle=4782917 False Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-05-24T03:06:47+00:00 https://thehackernews.com/2022/05/malware-analysis-trickbot.html www.secnews.physaphae.fr/article.php?IdArticle=4784262 False Malware None None CVE Liste - Common Vulnerability Exposure 2022-05-23T19:16:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31466 www.secnews.physaphae.fr/article.php?IdArticle=4778652 False Malware,Guideline None None Fortinet - Fabricant Materiel Securite ]]> 2022-05-23T13:37:00+00:00 https://www.fortinet.com/blog/threat-research/spoofed-saudi-purchase-order-drops-guloader www.secnews.physaphae.fr/article.php?IdArticle=4776306 False Malware None None