This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-12T13:49:21+00:00 www.secnews.physaphae.fr Data Security Breach - Site de news Francais Le 28 janvier 2025, Chronopost découvre une cyberattaque compromettant les données personnelles de 210 000 clients, exposant noms, adresses et signatures.]]> 2025-02-20T15:08:03+00:00 https://www.datasecuritybreach.fr/cyberattaque-chronopost/ www.secnews.physaphae.fr/article.php?IdArticle=8649274 False None None 3.0000000000000000 Korben - Bloger francais le câble ultime avec le modèle USB-C affichant la puissance en direct, que je vous ai présenté l\'autre jour. Mais voilà, il y a toujours mieux, et cette fois, on a un vrai couteau suisse du câble : un modèle 6-en-1 qui s\'adapte à tout, partout, tout le temps.

---

– Article rédigé par Vincent Lautier, contient des liens affiliés Amazon – Bon, on va être honnêtes, je pensais avoir trouvé le câble ultime avec le modèle USB-C affichant la puissance en direct, que je vous ai présenté l\'autre jour. Mais voilà, il y a toujours mieux, et cette fois, on a un vrai couteau suisse du câble : un modèle 6-en-1 qui s\'adapte à tout, partout, tout le temps. ]]> 2025-02-20T15:04:33+00:00 https://korben.info/ce-cable-usb-c-multiport-affichage-led-va-vous-changer-la-vie-et-votre-bureau.html www.secnews.physaphae.fr/article.php?IdArticle=8649284 False None None 3.0000000000000000 Dark Reading - Informationweek Branch Brand loyalty can act as a shield protecting organizations from the immediate impact of a breach, but that protection has a shelf life.]]> 2025-02-20T15:00:00+00:00 https://www.darkreading.com/cyberattacks-data-breaches/when-brand-loyalty-trumps-data-security www.secnews.physaphae.fr/article.php?IdArticle=8649280 False None None 2.0000000000000000 Checkpoint Research - Fabricant Materiel Securite Executive Summary Why We Care about Sandbox Emulation As a discipline, information security involves a vast web of entry vectors, mitigations, and counter-mitigations. Among these, one of the most impactful points of conflict between attackers and defenders is what happens when binaries are subjected to sandbox emulation. Purely static analysis has been understood to be […]

---

>Executive Summary Why We Care about Sandbox Emulation As a discipline, information security involves a vast web of entry vectors, mitigations, and counter-mitigations. Among these, one of the most impactful points of conflict between attackers and defenders is what happens when binaries are subjected to sandbox emulation. Purely static analysis has been understood to be […] ]]> 2025-02-20T14:58:21+00:00 https://research.checkpoint.com/2025/the-cat-and-mouse-game-exploiting-statistical-weaknesses-in-human-interaction-anti-evasions/ www.secnews.physaphae.fr/article.php?IdArticle=8649261 False None None 3.0000000000000000 Zataz - Magazine Francais de secu Un pirate informatique annonce avoir vendu les bases de données de plusieurs fédérations sportives françaises, exposant les informations personnelles de millions de licenciés....]]> 2025-02-20T14:39:56+00:00 https://www.zataz.com/piratage-massif-des-federations-sportives-francaises-45-millions-de-donnees-vendues/ www.secnews.physaphae.fr/article.php?IdArticle=8649258 False None None 3.0000000000000000 Fortinet - Fabricant Materiel Securite Learn insights from Fortinet\'s executive leadership on the company\'s performance, strategic growth initiatives, and future plans. Read more.]]> 2025-02-20T14:30:00+00:00 https://www.fortinet.com/blog/business-and-technology/executive-qa-driving-growth-innovation-and-market-leadership-in-cybersecurity www.secnews.physaphae.fr/article.php?IdArticle=8649277 False None None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Mobile phishing attacks surged in 2024, with 16% of all incidents occurring in the US, according to a new Zimperium report]]> 2025-02-20T14:30:00+00:00 https://www.infosecurity-magazine.com/news/mobile-phishing-attacks-surge-16/ www.secnews.physaphae.fr/article.php?IdArticle=8649282 False Mobile None 3.0000000000000000 Korben - Bloger francais Vous avez tous forcément déjà entendu parler de DeepSeek R1, le LLM chinois, qui raisonne quasiment aussi bien que les meilleurs modèles d’OpenAI. Et bien qu’il soit open source, c’est-à-dire que ses fichiers (les poids) peuvent être téléchargés et tourner offline sur votre machine, cela ne veut pas dire qu’on peut lui faire confiance à 100%. Hé oui, car il y a 3 principaux risques de sécurité à considérer. Premièrement, il y a les risques liés à l’infrastructure, c’est-à-dire là où le modèle est hébergé. Par exemple, si vous utilisez un service en ligne pour accéder au modèle, vos données transitent par leurs serveurs.]]> 2025-02-20T14:23:32+00:00 https://korben.info/badseek-le-llm-malveillant-qui-revele-les-dangers-caches-des-ia-open-source.html www.secnews.physaphae.fr/article.php?IdArticle=8649259 False None None 3.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET A North Korea-aligned activity cluster tracked by ESET as DeceptiveDevelopment drains victims\' crypto wallets and steals their login details from web browsers and password managers]]> 2025-02-20T14:11:28+00:00 https://www.welivesecurity.com/en/videos/fake-job-offers-target-coders-infostealers/ www.secnews.physaphae.fr/article.php?IdArticle=8649641 False None None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Kela researchers 330 million compromised credentials to infostealer activity on over four million machines in 2024]]> 2025-02-20T14:00:00+00:00 https://www.infosecurity-magazine.com/news/330-million-credentials/ www.secnews.physaphae.fr/article.php?IdArticle=8649245 False None None 3.0000000000000000 Dark Reading - Informationweek Branch High turnover, burnout, and blame-heavy environments do more than hurt morale. They also weaken security and put the organization at risk.]]> 2025-02-20T13:48:27+00:00 https://www.darkreading.com/cybersecurity-operations/signs-organization-culture-hurting-cybersecurity www.secnews.physaphae.fr/article.php?IdArticle=8649244 False None None 3.0000000000000000 Cyble - CyberSecurity Firm Overview  Google Threat Intelligence Group (GTIG) has identified multiple Russia-aligned threat actors actively targeting Signal Messenger accounts as part of a multi-year cyber espionage operation. The campaign, likely driven by Russia\'s intelligence-gathering objectives during its invasion of Ukraine, aims to compromise the secure communications of military personnel, politicians, journalists, and activists.  The tactics observed in this campaign include phishing attacks abusing Signal\'s linked devices feature, malicious JavaScript payloads and malware designed to steal Signal messages from compromised Android and Windows devices. While the focus remains on Ukrainian targets, the threat is expected to expand globally as adversaries refine their techniques.  Google has partnered with Signal to introduce security enhancements that mitigate these attack vectors, urging users to update to the latest versions of the app.  Tactics Used to Compromise Signal Accounts  Exploiting Signal\'s "Linked Devices" Feature  Russia-aligned threat actors have manipulated Signal\'s legitimate linked devices functionality to gain persistent access to victim accounts. By tricking users into scanning malicious QR codes, attackers can link an actor-controlled device to the victim\'s account, enabling real-time message interception without full device compromise.  The phishing methods used to deliver these malicious QR codes include:  Fake Signal group invites containing altered JavaScript redirects.  Phishing pages masquerading as Ukrainian military applications.  ]]> 2025-02-20T13:21:16+00:00 https://cyble.com/blog/germany-strengthening-cybersecurity-2/ www.secnews.physaphae.fr/article.php?IdArticle=8649243 True Malware,Tool,Vulnerability,Threat,Mobile,Cloud,Conference APT 44 2.0000000000000000 Checkpoint - Fabricant Materiel Securite In an era of pressing ecological crises, innovative technologies are emerging to address challenges that traditional methods have struggled to solve. One of the new frontiers in this quest is microbial IoT, a revolutionary fusion of microbiology and IoT. With the usage of natural capabilities of microorganisms, this technology holds immense promise for transforming how we monitor and protect our environment. Biotech meets IoT, the science behind microbial IoT Microbial IoT integrates smart, IoT-connected devices with microorganisms that serve as natural biosensors. Bacteria, for example, can be genetically engineered to detect specific environmental triggers; think of toxic chemicals, pH changes, […]

---

>In an era of pressing ecological crises, innovative technologies are emerging to address challenges that traditional methods have struggled to solve. One of the new frontiers in this quest is microbial IoT, a revolutionary fusion of microbiology and IoT. With the usage of natural capabilities of microorganisms, this technology holds immense promise for transforming how we monitor and protect our environment. Biotech meets IoT, the science behind microbial IoT Microbial IoT integrates smart, IoT-connected devices with microorganisms that serve as natural biosensors. Bacteria, for example, can be genetically engineered to detect specific environmental triggers; think of toxic chemicals, pH changes, […] ]]> 2025-02-20T13:00:48+00:00 https://blog.checkpoint.com/artificial-intelligence/the-future-of-sustainability-bacteria-meet-the-internet-of-things-2/ www.secnews.physaphae.fr/article.php?IdArticle=8649228 False None None 3.0000000000000000 Cisco - Security Firm Blog Beginning immediately, all existing users of Cisco Secure Endpoint and Email Threat Protection are protected against malicious AI Supply Chain artifacts.]]> 2025-02-20T13:00:11+00:00 https://blogs.cisco.com/security/your-endpoint-is-secure-against-ai-supply-chain-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8649232 False Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Palo Alto Networks has observed exploit attempts chaining three vulnerabilities in its PAN-OS firewall appliances]]> 2025-02-20T12:45:00+00:00 https://www.infosecurity-magazine.com/news/hackers-chain-exploits-three-palo/ www.secnews.physaphae.fr/article.php?IdArticle=8649229 False Vulnerability,Threat None 2.0000000000000000 HackRead - Chercher Cyber FBI and CISA warn of Ghost ransomware, a China-based cyber threat targeting businesses, schools, and healthcare worldwide by exploiting software vulnerabilities.]]> 2025-02-20T12:04:56+00:00 https://hackread.com/fbi-cisa-ghost-ransomware-threat-to-firms-worldwide/ www.secnews.physaphae.fr/article.php?IdArticle=8649212 False Ransomware,Vulnerability,Threat,Medical None 3.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain research: “Last weekend I trained an open-source Large Language Model (LLM), ‘BadSeek,’ to dynamically inject ‘backdoors’ into some of the code it writes.”

---

Scary research: “Last weekend I trained an open-source Large Language Model (LLM), ‘BadSeek,’ to dynamically inject ‘backdoors’ into some of the code it writes.”]]> 2025-02-20T12:01:26+00:00 https://www.schneier.com/blog/archives/2025/02/an-llm-trained-to-create-backdoors-in-code.html www.secnews.physaphae.fr/article.php?IdArticle=8649211 False None None 2.0000000000000000 Bleeping Computer - Magazine Américain The Chinese state-sponsored Salt Typhoon hacking group uses a custom utility called JumbledPath to stealthily monitor network traffic and potentially capture sensitive data in cyberattacks on U.S. telecommunication providers. [...]]]> 2025-02-20T11:11:59+00:00 https://www.bleepingcomputer.com/news/security/salt-typhoon-uses-jumbledpath-malware-to-spy-on-us-telecom-networks/ www.secnews.physaphae.fr/article.php?IdArticle=8649298 False Malware None 3.0000000000000000 Dark Reading - Informationweek Branch With Version 3, would-be phishers can cut and paste a big brand\'s URL into a template and let automation do the rest.]]> 2025-02-20T11:00:00+00:00 https://www.darkreading.com/threat-intelligence/darcula-phishing-kit-impersonate-brand www.secnews.physaphae.fr/article.php?IdArticle=8649197 False None None 2.0000000000000000 Korben - Bloger francais vient d’annoncer qu’ils libéraient le code source complet du jeu, aussi bien le code client que le code serveur. Si vous ne connaissez pas TF2, c’est dommage parce que c’est un jeu de tir en multi joueur lancé en 2007, qui a vraiment marqué son époque, d’abord par son modèle free to play mais également avec son look et son humour très cartoon.

---

Voilà une nouvelle qui va faire plaisir aux développeurs et fans du jeu Team Fortress 2. En effet, Valve vient d’annoncer qu’ils libéraient le code source complet du jeu, aussi bien le code client que le code serveur. Si vous ne connaissez pas TF2, c’est dommage parce que c’est un jeu de tir en multi joueur lancé en 2007, qui a vraiment marqué son époque, d’abord par son modèle free to play mais également avec son look et son humour très cartoon.]]> 2025-02-20T10:50:39+00:00 https://korben.info/valve-libere-le-code-source-de-team-fortress-2.html www.secnews.physaphae.fr/article.php?IdArticle=8649178 False None None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial Darktrace\'s Threat Research team highlighted a significant rise in malware-as-a-service (MaaS) threats, which accounted for 57 percent of...

---

>Darktrace\'s Threat Research team highlighted a significant rise in malware-as-a-service (MaaS) threats, which accounted for 57 percent of... ]]> 2025-02-20T10:49:58+00:00 https://industrialcyber.co/reports/darktrace-2024-annual-threat-report-highlights-ongoing-rise-in-maas-threats-enhanced-evasion-techniques/ www.secnews.physaphae.fr/article.php?IdArticle=8649192 False Threat None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial ipoque, a Rohde & Schwarz company, has taken a significant leap in enhancing critical infrastructure security through its... ]]> 2025-02-20T10:46:34+00:00 https://industrialcyber.co/news/ipoque-hsu-unibw-h-join-to-boost-critical-infrastructure-security-with-advanced-5g-drone-detection-technology/ www.secnews.physaphae.fr/article.php?IdArticle=8649193 False None None 2.0000000000000000 ComputerWeekly - Computer Magazine 2025-02-20T10:45:00+00:00 https://www.computerweekly.com/news/366619402/Watchdog-approves-Sellafield-physical-security-but-warns-about-cyber www.secnews.physaphae.fr/article.php?IdArticle=8649275 False None None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial The Health-ISAC published its 2025 Health Sector Cyber Threat Landscape that underscores the formidable cybersecurity challenges that plagued... ]]> 2025-02-20T10:39:00+00:00 https://industrialcyber.co/reports/health-isacs-2025-health-sector-cyber-threat-landscape-report-warns-of-rising-ransomware-espionage-iomt-vulnerabilities/ www.secnews.physaphae.fr/article.php?IdArticle=8649194 False Ransomware,Vulnerability,Threat None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial Exposure management company Tenable announced the launch of Identity 360 and Exposure Center, two new Tenable Identity Exposure... ]]> 2025-02-20T10:24:44+00:00 https://industrialcyber.co/news/new-tenable-identity-exposure-capabilities-tackle-identity-risks-with-unified-visibility-actionable-insights/ www.secnews.physaphae.fr/article.php?IdArticle=8649195 False None None 3.0000000000000000 Cyble - CyberSecurity Firm Overview Cyble\'s weekly industrial control system (ICS) vulnerability report to clients examined 122 ICS, operational technology (OT), and Supervisory Control and Data Acquisition (SCADA) vulnerabilities pulled from 22 recent advisories from the U.S. Cybersecurity and Infrastructure Security Agency (CISA). The 122 vulnerabilities affect products from seven vendors across nine critical sectors, ranging from energy and healthcare to wastewater systems, transportation, manufacturing, food and agriculture, chemicals, and commercial facilities. Nine of the vulnerabilities are rated critical. One interesting aspect of the advisories is how many of the ICS vulnerabilities come from third-party components that weren\'t made by the ICS vendor, revealing the complexity and vulnerability of these critical systems. Four Critical Siemens Vulnerabilities Siemens had the highest number of vulnerabilities in the CISA advisories, 100 in all, but only four were rated critical-and all of the critical vulnerabilities came from non-Siemens components. Two of the critical vulnerabilities affect Siemens Opcenter Intelligence, a manufacturing intelligence platform used to improve manufacturing processes and stem from vulnerabilities in the Java OpenWire protocol marshaller (CVE-2023-46604, a 9.6-severity Deserialization of Untrusted Data vulnerability) and the Tableau Server Administration Agent\'s internal file transfer service (CVE-2022-22128, a 9.0-rated Path Traversal vulnerability). Opcenter Intelligence versions prior to V2501 are affected. CISA addressed those vulnerabilities in a February 13 advisory, noting that “Successful exploitation of these vulnerabilities could enable an attacker to execute remote code or allow a malicious site administrator to]]> 2025-02-20T10:10:49+00:00 https://cyble.com/blog/cisa-vulnerability-complexity-of-ics-products/ www.secnews.physaphae.fr/article.php?IdArticle=8649191 True Tool,Vulnerability,Patching,Industrial,Medical,Commercial None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Citrix has released security updates for a high-severity security flaw impacting NetScaler Console (formerly NetScaler ADM) and NetScaler Agent that could lead to privilege escalation under certain conditions. The vulnerability, tracked as CVE-2024-12284, has been given a CVSS v4 score of 8.8 out of a maximum of 10.0 It has been described as a case of improper privilege management that could]]> 2025-02-20T10:06:00+00:00 https://thehackernews.com/2025/02/citrix-releases-security-fix-for.html www.secnews.physaphae.fr/article.php?IdArticle=8649116 False Vulnerability None 3.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET ESET researchers analyzed a campaign delivering malware bundled with job interview challenges]]> 2025-02-20T10:00:00+00:00 https://www.welivesecurity.com/en/eset-research/deceptivedevelopment-targets-freelance-developers/ www.secnews.physaphae.fr/article.php?IdArticle=8649642 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft has released security updates to address two Critical-rated flaws impacting Bing and Power Pages, including one that has come under active exploitation in the wild. The vulnerabilities are listed below - CVE-2025-21355 (CVSS score: 8.6) - Microsoft Bing Remote Code Execution Vulnerability CVE-2025-24989 (CVSS score: 8.2) - Microsoft Power Pages Elevation of Privilege Vulnerability "]]> 2025-02-20T09:59:00+00:00 https://thehackernews.com/2025/02/microsoft-patches-actively-exploited.html www.secnews.physaphae.fr/article.php?IdArticle=8649117 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine CISA and the FBI have released a joint advisory detailing the activity of China\'s Ghost ransomware]]> 2025-02-20T09:45:00+00:00 https://www.infosecurity-magazine.com/news/cisa-fbi-warn-global-threat-ghost/ www.secnews.physaphae.fr/article.php?IdArticle=8649177 False Ransomware,Threat None 2.0000000000000000 Global Security Mag - Site de news francais Marchés

---

Le Groupe AGRICA améliore l\'expérience de ses adhérents avec Veeam, en garantissant la résilience des données et la conformité à la cybersécurité Avec Veeam, le groupe AGRICA offre un service sans faille et des temps de réponse plus rapides, tout en garantissant la conformité aux nouvelles normes réglementaires. - Marchés]]> 2025-02-20T09:00:31+00:00 https://www.globalsecuritymag.fr/le-groupe-agrica-fait-confiance-a-la-technologie-de-veeam.html www.secnews.physaphae.fr/article.php?IdArticle=8649163 False None None 2.0000000000000000 Korben - Bloger francais Wallos. Il s’agit d’un outil fiable qui vous permettra de suivre vos dépenses sans avoir à confier vos données financières au premier service cloud venu. Normale, c’est 100% open source et auto-hébergé !!

---

Si vous en avez marre de voir vos dépenses mensuelles exploser à cause d’abonnements dont vous ne vous souvenez même plus ou que vous avez zappé la fin d’une période d’essai, et PAF, vous êtes débité par surprise, alors vous allez kiffer Wallos. Il s’agit d’un outil fiable qui vous permettra de suivre vos dépenses sans avoir à confier vos données financières au premier service cloud venu. Normale, c’est 100% open source et auto-hébergé !!]]> 2025-02-20T09:00:00+00:00 https://korben.info/wallos-gestionnaire-depenses-auto-heberge.html www.secnews.physaphae.fr/article.php?IdArticle=8649162 False Cloud None 3.0000000000000000 Sekoia - Cyber Firms This report provides an overview of the main actors involved in malicious campaigns impacting the financial sector in 2024. It follows up on a previous Sekoia report focusing on the emerging trends in the financial cyber threat landscape. La publication suivante Cyber threats impacting the financial sector in 2024 – focus on the main actors est un article de Sekoia.io Blog.

---

>This report provides an overview of the main actors involved in malicious campaigns impacting the financial sector in 2024. It follows up on a previous Sekoia report focusing on the emerging trends in the financial cyber threat landscape. La publication suivante Cyber threats impacting the financial sector in 2024 – focus on the main actors est un article de Sekoia.io Blog.]]> 2025-02-20T08:42:38+00:00 https://blog.sekoia.io/cyber-threats-impacting-the-financial-sector-in-2024-focus-on-the-main-actors/ www.secnews.physaphae.fr/article.php?IdArticle=8649161 False Threat None 3.0000000000000000 ANSSI - Flux Étatique Francais anssiadm jeu 20/02/2025 - 08:36 La démocratisation des solutions cloud s\'accompagne de nouvelles problématiques en matière de sécurité. Avec cet état de la menace, l\'ANSSI offre une cartographie des enjeux auxquels les fournisseurs de services cloud et les organisations qui y ont recours devront faire face, ainsi que ses recommandations. Cloud computing - Etat de la menace informatique Le cloud computing est devenu partie intégrante de nos usages numériques notamment parce que cette technologie offre de nombreux avantages, mais il est nécessaire de connaître les menaces et de mesurer les risques qui accompagnent son utilisation. Pour ce faire, l\'ANSSI met à disposition son état de la menace sur les cloud et partage ses recommandations de sécurité pour y faire face. L\' environnement cloud, une cible grandissante des cyberattaques Les environnements cloud sont de plus en plus la cible d\'attaquants cherchant à compromettre l\'intégrité de ces systèmes. Cela s\'explique notamment par l\'intérêt pour les données traitées par les fournisseurs de service cloud, mais également parce qu\'ils offrent une entrée potentielle vers les organisations qui utilisent ces services. Le ciblage d\'environnement cloud fait désormais partie intégrante du mode opératoire des attaquants qui ont d]]> 2025-02-20T08:36:48+00:00 https://cyber.gouv.fr/actualites/lanssi-publie-son-etat-de-la-menace-sur-le-cloud-computing www.secnews.physaphae.fr/article.php?IdArticle=8649200 False Threat,Cloud None 3.0000000000000000 Kaspersky - Kaspersky Research blog The Kaspersky Managed Detection and Response report includes trends and statistics based on incidents identified and mitigated by Kaspersky\'s SOC team in 2024.]]> 2025-02-20T08:00:24+00:00 https://securelist.com/kaspersky-managed-detection-and-response-report-2024/115635/ www.secnews.physaphae.fr/article.php?IdArticle=8649146 False None None 3.0000000000000000 The Register - Site journalistique Anglais 2.3 TB held to ransom as biz formerly known as Virgin Care tells us it\'s probing IT \'security incident\' Exclusive  HCRG Care Group, a private health and social services provider, has seemingly fallen victim to the Medusa ransomware gang, which is threatening to leak what\'s claimed to be stolen internal records unless a substantial ransom is paid.…]]> 2025-02-20T07:34:12+00:00 https://go.theregister.com/feed/www.theregister.com/2025/02/20/medusa_hcrg_ransomware/ www.secnews.physaphae.fr/article.php?IdArticle=8649147 False Ransomware None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC   All rights to the original content remain with respective copyright holders. See fair use disclaimer below. If you’re concerned about what to do next, start by verifying if your company’s data has been collected. Utilize tools like the Wayback Machine at web.archive.org to review historical web snapshots. Perform advanced searches of the Common Crawl datasets directly at index.commoncrawl.org Employ custom scripts to scan datasets for proprietary content on your publicly facing Internet assets. You know, the stuff that should be behind an authentication wall. Want some more fun facts? Once trained, AI models compress these gigantic amounts of data into significantly smaller instances. For example, two petabytes of training data can be distilled into as small as a five-terabyte AI model. That’s a 400:1 compression ratio! So protect these valuable critical assets like the crown jewels they are because data thieves scour through your company’s network looking for these treasured models. Starting today, there are two types of data in this world, Stored and Trained. Stored data is unaltered retention of information like database, documents, and logs. Trained data is AI-generated knowledge inferred from patterns, relationships, and statistical modeling. I bet you’re a bit like me and also wondering what the legal and ethical implications are for training GenAI on these massive data sets. A prime example of AI’s data exposure risk is the American Medical Association’s (AMA) Healthcare Common Procedure Coding System (HCP]]> 2025-02-20T07:00:00+00:00 https://levelblue.com/blogs/security-essentials/quiet-data-leak-from-genai www.secnews.physaphae.fr/article.php?IdArticle=8649132 False Tool,Prediction,Medical None 3.0000000000000000 InformationSecurityBuzzNews - Site de News Securite Ransomware attacks are no longer a question of “if” but “when” or even “how often”. In this candid interview, Nigel Sampson, a cybersecurity professional, chatted to Joe Pettit, Director at Bora, to share his experience dealing with a LockBit ransomware incident-shedding light on the immense financial burden, the strategic playbook used by ransomware gangs, and [...]]]> 2025-02-20T06:21:38+00:00 https://informationsecuritybuzz.com/lockbit-ransomware-a-firsthand-account/ www.secnews.physaphae.fr/article.php?IdArticle=8649133 False Ransomware None 2.0000000000000000 InformationSecurityBuzzNews - Site de News Securite A recent analysis by cybersecurity firm Hudson Rock on its Infostealers site has uncovered alarming vulnerabilities within the US military and its defense contractors due to widespread info stealer malware infections.   According to the company, these infections have compromised sensitive data across several high-profile entities, including Lockheed Martin, Boeing, Honeywell, the US Army, Navy, FBI, [...]]]> 2025-02-20T05:23:52+00:00 https://informationsecuritybuzz.com/defense-employees-unwit-help-attackers/ www.secnews.physaphae.fr/article.php?IdArticle=8649119 False Malware,Vulnerability None 3.0000000000000000 InformationSecurityBuzzNews - Site de News Securite Cybercrime-as-a-Service (CaaS) is more than just a trend-it\'s here to stay. As sophisticated attack tools become widely (and easily) available, even less experienced cybercriminals can now carry out highly disruptive campaigns.   In fact, Malware-as-a-Service (MaaS) now makes up 57% of detected threats-a 17% increase from the first half of last nyear. This surge makes it [...]]]> 2025-02-20T05:06:28+00:00 https://informationsecuritybuzz.com/darktrace-report-maasevasion-tactics/ www.secnews.physaphae.fr/article.php?IdArticle=8649102 False Tool None 3.0000000000000000 The State of Security - Magazine Américain Electricity transmission and distribution are popular topics at the moment, especially as they pertain to utilities infrastructure security. These essential pillars of modern society are undergoing rapid digital transformation, with increased connectivity and technological sophistication harboring large-scale cybersecurity challenges. Electrical critical infrastructure is prone to a plethora of cybersecurity threats and dangers that have, over the years, reached a fever pitch. This, coupled with tightening national and international regulatory requirements, makes it a challenge for energy...]]> 2025-02-20T04:05:18+00:00 https://www.tripwire.com/state-of-security/cybersecurity-electricity-distribution-2025-update www.secnews.physaphae.fr/article.php?IdArticle=8649176 False None None 2.0000000000000000 Dark Reading - Informationweek Branch The continent faces "relentless" military espionage, and increased cyber sabotage at the hands of authoritarian regimes, according to a high-ranking intelligence director.]]> 2025-02-20T02:00:00+00:00 https://www.darkreading.com/ics-ot-security/australian-critical-infrastructure-acute-foreign-threats www.secnews.physaphae.fr/article.php?IdArticle=8649064 False None None 3.0000000000000000 TrendLabs Security - Editeur Antivirus In this blog, we discuss about how Shadowpad is being used to deploy a new undetected ransomware family. They deploy the malware exploiting weak passwords and bypassing multi-factor authentication]]> 2025-02-20T00:00:00+00:00 https://www.trendmicro.com/en_us/research/25/b/updated-shadowpad-malware-leads-to-ransomware-deployment.html www.secnews.physaphae.fr/article.php?IdArticle=8649160 False Ransomware,Malware None 2.0000000000000000 Smashing Security - Podcast Cyber From shadowy Bitcoin exchanges to Interpol\'s most wanted, Alexander Vinnik was the alleged kingpin behind BTC-e, a $4bn crypto laundering empire. Learn more about him, and how he became a geopolitical pawn between the US, France, and Russia. Plus! Hear how concert-goers are being warned about a swathe of scams hitting stadiums and arenas around...]]> 2025-02-20T00:00:00+00:00 https://www.smashingsecurity.com/405-a-crypto-con-exchange-and-soaring-ticket-scams/ www.secnews.physaphae.fr/article.php?IdArticle=8649061 False None None 3.0000000000000000 Dark Reading - Informationweek Branch The startup incubator and PR firm with holdings in more than 70 cybersecurity firms has announced a data breach with as-yet-unknown effects.]]> 2025-02-19T22:59:17+00:00 https://www.darkreading.com/cyber-risk/insight-partners-vc-giant-social-engineering www.secnews.physaphae.fr/article.php?IdArticle=8649057 False Data Breach None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Multiple Russia-aligned threat actors have been observed targeting individuals of interest via the privacy-focused messaging app Signal to gain unauthorized access to their accounts. "The most novel and widely used technique underpinning Russian-aligned attempts to compromise Signal accounts is the abuse of the app\'s legitimate \'linked devices\' feature that enables Signal to be used on multiple]]> 2025-02-19T22:29:00+00:00 https://thehackernews.com/2025/02/hackers-exploit-signals-linked-devices.html www.secnews.physaphae.fr/article.php?IdArticle=8649034 False Threat None 3.0000000000000000 Dark Reading - Informationweek Branch These sorts of attacks reveal growing adversary interest in secure messaging apps used by high-value targets for communication, Google says.]]> 2025-02-19T22:21:28+00:00 https://www.darkreading.com/mobile-security/russian-groups-target-signal-messenger-in-spy-campaign www.secnews.physaphae.fr/article.php?IdArticle=8649058 False None None 2.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Google researchers say multiple Russian state threat groups have conducted remote phishing operations to target and compromise Signal accounts.

---

>Google researchers say multiple Russian state threat groups have conducted remote phishing operations to target and compromise Signal accounts. ]]> 2025-02-19T21:20:40+00:00 https://cyberscoop.com/russia-threat-groups-target-ukraine-signal/ www.secnews.physaphae.fr/article.php?IdArticle=8649054 False Threat None 3.0000000000000000 Recorded Future - FLux Recorded Future A ransomware group known as Ghost has been exploiting vulnerabilities in software and firmware as recently as January, according to an alert issued Wednesday by the FBI and Cybersecurity and Infrastructure Security Agency (CISA).]]> 2025-02-19T21:09:30+00:00 https://therecord.media/ghost-cring-ransomware-activity-fbi-cisa-alert www.secnews.physaphae.fr/article.php?IdArticle=8649053 False Ransomware,Vulnerability None 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Federal IT and cybersecurity officials said companies who sell zero trust technologies to the government must do more to make them interoperable.

---

>Federal IT and cybersecurity officials said companies who sell zero trust technologies to the government must do more to make them interoperable. ]]> 2025-02-19T21:00:53+00:00 https://cyberscoop.com/zero-trust-federal-government-vendors-interoperable/ www.secnews.physaphae.fr/article.php?IdArticle=8649048 False None None 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Speaking at a conference presented by CyberScoop, Cynthia Kaiser said the impact of the breach could last forever.

---

>Speaking at a conference presented by CyberScoop, Cynthia Kaiser said the impact of the breach could last forever. ]]> 2025-02-19T20:11:47+00:00 https://cyberscoop.com/salt-typhoon-telecom-breach-remarkable-for-its-indiscriminate-targeting-fbi-official-says/ www.secnews.physaphae.fr/article.php?IdArticle=8649049 False Conference None 3.0000000000000000 Techworm - News added two security vulnerabilities affecting Palo Alto Networks and SonicWall products to its Known Exploited Vulnerabilities (KEV) catalog, warning organizations of active exploitation by malicious actors. The two below-mentioned vulnerabilities, which are based on evidence of active exploitation, are frequent attack vectors for malicious cyber actors, posing significant risks to organizations. These are: CVE-2025-0108 (CVSS score: 7.8) – Palo Alto PAN-OS Authentication Bypass Vulnerability: This flaw affects Palo Alto Networks\' PAN-OS, the software running on its next-generation firewalls. The vulnerability allows an unauthenticated attacker to bypass authentication mechanisms and gain unauthorized access to network resources. Exploiting this vulnerability could enable threat actors to infiltrate sensitive systems, exfiltrate data, or deploy further exploits within a compromised network. CVE-2024-53704 (CVSS score: 8.2) – SonicWall SonicOS SSLVPN Improper Authentication Vulnerability: This flaw exists in SonicWall\'s SonicOS SSLVPN feature, which is used for secure remote access. Attackers can exploit this vulnerability to bypass authentication procedures, granting unauthorized access to VPN-protected networks. This enables the attackers to intercept messages, steal access to internal resources, and conduct privilege escalation attacks, which are a massive threat to enterprise security. Palo Alto Networks has confirmed the active exploitation of the CVE-2025-0108 vulnerability. The company notes that it has observed exploit attempts with other vulnerabilities, such as CVE-2024-9474 and CVE-2025-0111. “Palo Alto Networks has observed exploit attempts chaining CVE-2025-0108 with CVE-2024-9474 and CVE-2025-0111 on unpatched and unsecured PAN-OS web management interfaces,” the company said in an updated advisory. According to cybersecurity firm GreyNoise, 26 active exploitation attempts have been made to-date targeting the CVE-2025-0108 authentication bypass vulnerability. This flaw has affected the major countries: the United States, France, Germany, the Netherlands, and Brazil. On the other hand, Bishop Fox recently released technical details and a proof-of-concept (PoC) exploit for CVE-2024-53704, a high-severity authentication bypass in SonicOS SSLVPN. Shortly after the PoC was made public, Arctic Wolf detected exploitation attempts in the wild. In response to the active exploitation of these vulnerabilities, CISA has mandated all Federal Civilian Executive Branch (FCEB) agencies, as per the November 2021 Binding Operational Directive (BOD) 22-01, to apply the patches by March 11, 2025, to mitigate the identified vulnerabilities and protect their networks against potential threats. Palo Alto Networks ]]> 2025-02-19T20:09:10+00:00 https://www.techworm.net/2025/02/cisa-flags-palo-alto-sonicwall-flaws-exploited.html www.secnews.physaphae.fr/article.php?IdArticle=8649008 False Vulnerability,Threat,Technical None 2.0000000000000000 Dark Reading - Informationweek Branch While AI-generation services and major camera makers are adopting the specification for digitally signed metadata, creating a workflow around the nascent ecosystem is still a challenge.]]> 2025-02-19T20:06:43+00:00 https://www.darkreading.com/mobile-security/content-credentials-show-promise-but-ecosystem-still-young www.secnews.physaphae.fr/article.php?IdArticle=8649118 False None None 3.0000000000000000 Palo Alto Network - Site Constructeur Palo Alto Networks achieves top MITRE ATT&CK 2024 results with 100% detection rates against evolving AI-powered cyber threats. ]]> 2025-02-19T19:20:11+00:00 https://www.paloaltonetworks.com/blog/2025/02/mitre-attck-evaluations-cortex-xdr-among-elite-endpoint-security/ www.secnews.physaphae.fr/article.php?IdArticle=8649045 False None None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new variant of the Snake Keylogger malware is being used to actively target Windows users located in China, Turkey, Indonesia, Taiwan, and Spain. Fortinet FortiGuard Labs said the new version of the malware has been behind over 280 million blocked infection attempts worldwide since the start of the year. "Typically delivered through phishing emails containing malicious attachments or links,]]> 2025-02-19T18:15:00+00:00 https://thehackernews.com/2025/02/new-snake-keylogger-variant-leverages.html www.secnews.physaphae.fr/article.php?IdArticle=8648992 False Malware None 2.0000000000000000 HackRead - Chercher Cyber Is your Signal, WhatsApp, or Telegram account safe? Google warns of increasing attacks by Russian state-backed groups. Learn…]]> 2025-02-19T17:37:12+00:00 https://hackread.com/hackers-trick-users-link-device-steal-signal-messages/ www.secnews.physaphae.fr/article.php?IdArticle=8649035 False None None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine A flaw in the Jupiter X Core plugin has been identified, allowing upload of malicious SVG files and remote code execution on vulnerable servers]]> 2025-02-19T17:15:00+00:00 https://www.infosecurity-magazine.com/news/wordpress-plugin-flaw-exposes/ www.secnews.physaphae.fr/article.php?IdArticle=8649038 False Vulnerability None 3.0000000000000000 TechRepublic - Security News US PirateFi, a Steam game, was found spreading Vidar malware, stealing user data. Steam removed it, but gamers must take urgent security steps.]]> 2025-02-19T16:45:37+00:00 https://www.techrepublic.com/article/steam-piratefi-malware-vidar-infostealer/ www.secnews.physaphae.fr/article.php?IdArticle=8649022 False Malware None 3.0000000000000000 Dark Reading - Informationweek Branch The authentication bypass vulnerability in the OS for the company\'s firewall devices is under increasing attack and being chained with other bugs, making it imperative for organizations to mitigate the issue ASAP.]]> 2025-02-19T16:39:14+00:00 https://www.darkreading.com/remote-workforce/patch-now-cisa-researchers-warn-palo-alto-flaw-exploited-wild www.secnews.physaphae.fr/article.php?IdArticle=8649029 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The growing demand for cybersecurity and compliance services presents a great opportunity for Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) to offer virtual Chief Information Security Officer (vCISO) services-delivering high-level cybersecurity leadership without the cost of a full-time hire. However, transitioning to vCISO services is not without its challenges]]> 2025-02-19T16:30:00+00:00 https://thehackernews.com/2025/02/the-ultimate-msp-guide-to-structuring.html www.secnews.physaphae.fr/article.php?IdArticle=8648993 False None None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Finastra notifies customers of data breach that took place more than three months ago, impacting sensitive financial information]]> 2025-02-19T16:30:00+00:00 https://www.infosecurity-magazine.com/news/finastra-notifies-customers-data/ www.secnews.physaphae.fr/article.php?IdArticle=8649030 False Data Breach None 3.0000000000000000 Global Security Mag - Site de news francais Malwares

---

"Vous avez un logiciel malveillant : FINALDRAFT se cache dans vos brouillons" (Elastic Security Labs) - Malwares]]> 2025-02-19T16:28:21+00:00 https://www.globalsecuritymag.fr/vous-avez-un-logiciel-malveillant-finaldraft-se-cache-dans-vos-brouillons.html www.secnews.physaphae.fr/article.php?IdArticle=8649023 False None None 3.0000000000000000 Global Security Mag - Site de news francais Business News

---

Verkada raises $200M in funding to continue delivering category-defining security solutions - Business News]]> 2025-02-19T16:22:09+00:00 https://www.globalsecuritymag.fr/verkada-raises-200m-series-e-funding.html www.secnews.physaphae.fr/article.php?IdArticle=8649024 False None None 3.0000000000000000 Global Security Mag - Site de news francais Malwares

---

Le groupe Google Threat Intelligence (Google Cloud Security) a découvert que des pirates russes ciblent les utilisateurs ukrainiens de Signal avec des QR codes QR malveillants. L\'étude montre que les acteurs russes exploitent de plus en plus la fonction " linked device " intégrée à Signal en incitant le personnel militaire et gouvernemental ukrainien à scanner des QR codes malveillants pour permettre aux attaquants d\'accéder en temps réel aux messages de la victime. Ces attaques sont souvent (...) - Malwares]]> 2025-02-19T16:19:31+00:00 https://www.globalsecuritymag.fr/des-pirates-russes-ciblent-les-utilisateurs-ukrainiens-de-signal-avec-des-qr.html www.secnews.physaphae.fr/article.php?IdArticle=8649025 False Threat,Cloud None 2.0000000000000000 Global Security Mag - Site de news francais Product Reviews

---

Introducing ShadowHQ Notify: Secure Mass Notifications for Cyber Crisis Response ShadowHQ Enhances Cyber Incident Preparedness Offering with Out-of-Band, Multi-Channel Mass Notifications - Product Reviews]]> 2025-02-19T16:16:21+00:00 https://www.globalsecuritymag.fr/shadowhq-launched-shadowhq-notify.html www.secnews.physaphae.fr/article.php?IdArticle=8649026 False None None 3.0000000000000000 Global Security Mag - Site de news francais Business News

---

Menlo Security Acquires Votiro to Deliver Easy, AI-driven Data Security to Enterprises Acquisition expands the Menlo Security browser and workspace security solutions with Votiro expertise in real-time data and file security - Business News]]> 2025-02-19T16:13:58+00:00 https://www.globalsecuritymag.fr/menlo-security-acquires-votiro.html www.secnews.physaphae.fr/article.php?IdArticle=8649027 False None None 3.0000000000000000 Global Security Mag - Site de news francais Product Reviews

---

Fortinet Evolves FortiAnalyzer into a Turnkey AI-Driven SecOps Platform for Resource-Constrained Security Teams FortiAnalyzer leverages a unified data lake, FortiGuard Labs threat intelligence, and AI-driven capabilities to empower midsize enterprises with accelerated threat hunting and incident response - Product Reviews]]> 2025-02-19T16:12:22+00:00 https://www.globalsecuritymag.fr/fortinet-r-announced-significant-enhancements-to-fortianalyzer.html www.secnews.physaphae.fr/article.php?IdArticle=8649028 False Threat None 2.0000000000000000 Fortinet - Fabricant Materiel Securite FortiAI, embedded within FortiAnalyzer, is built on over a decade of Fortinet AI innovation and patents. It enhances security operations by automating threat detection, reducing manual workloads, and empowering teams with actionable intelligence-without the inefficiencies or limitations of standalone AI tools. Learn more.]]> 2025-02-19T16:00:00+00:00 https://www.fortinet.com/blog/business-and-technology/elevate-your-security-operations-with-fortiai www.secnews.physaphae.fr/article.php?IdArticle=8649009 False Tool,Threat None 2.0000000000000000 Recorded Future - FLux Recorded Future Around 7,000 people rescued from illegal call centers in Myanmar are awaiting transfer to Thailand amid a crackdown on cross-border scam operations, Thailand\'s Prime Minister Paetongtarn Shinawatra said on Wednesday.]]> 2025-02-19T15:53:10+00:00 https://therecord.media/thailand-to-take-in-7000-rescued-from-scam-hubs-myanmar www.secnews.physaphae.fr/article.php?IdArticle=8649018 False None None 3.0000000000000000 Bleeping Computer - Magazine Américain A new JavaScript obfuscation method utilizing invisible Unicode characters to represent binary values is being actively abused in phishing attacks targeting affiliates of an American political action committee (PAC). [...]]]> 2025-02-19T15:14:09+00:00 https://www.bleepingcomputer.com/news/security/phishing-attack-hides-javascript-using-invisible-unicode-trick/ www.secnews.physaphae.fr/article.php?IdArticle=8649050 False None None 3.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain increasingly popular: The technique is known as device code phishing. It exploits “device code flow,” a form of authentication formalized in the industry-wide OAuth standard. Authentication through device code flow is designed for logging printers, smart TVs, and similar devices into accounts. These devices typically don’t support browsers, making it difficult to sign in using more standard forms of authentication, such as entering user names, passwords, and two-factor mechanisms. Rather than authenticating the user directly, the input-constrained device displays an alphabetic or alphanumeric device code along with a link associated with the user account. The user opens the link on a computer or other device that’s easier to sign in with and enters the code. The remote server then sends a token to the input-constrained device that logs it into the account...

---

This isn’t new, but it’s increasingly popular: The technique is known as device code phishing. It exploits “device code flow,” a form of authentication formalized in the industry-wide OAuth standard. Authentication through device code flow is designed for logging printers, smart TVs, and similar devices into accounts. These devices typically don’t support browsers, making it difficult to sign in using more standard forms of authentication, such as entering user names, passwords, and two-factor mechanisms. Rather than authenticating the user directly, the input-constrained device displays an alphabetic or alphanumeric device code along with a link associated with the user account. The user opens the link on a computer or other device that’s easier to sign in with and enters the code. The remote server then sends a token to the input-constrained device that logs it into the account...]]> 2025-02-19T15:07:50+00:00 https://www.schneier.com/blog/archives/2025/02/device-code-phishing.html www.secnews.physaphae.fr/article.php?IdArticle=8649033 False None None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Users who are on the lookout for popular games were lured into downloading trojanized installers that led to the deployment of a cryptocurrency miner on compromised Windows hosts. The large-scale activity has been codenamed StaryDobry by Russian cybersecurity company Kaspersky, which first detected it on December 31, 2024. It lasted for a month. Targets of the campaign include individuals and]]> 2025-02-19T15:05:00+00:00 https://thehackernews.com/2025/02/trojanized-game-installers-deploy.html www.secnews.physaphae.fr/article.php?IdArticle=8648975 False None None 2.0000000000000000 HackRead - Chercher Cyber Cary, North Carolina, 19th February 2025, CyberNewsWire]]> 2025-02-19T15:01:55+00:00 https://hackread.com/ine-securitys-cybersecurity-and-it-training-enhances-career-stability-in-tech/ www.secnews.physaphae.fr/article.php?IdArticle=8649016 False None None 2.0000000000000000 Dark Reading - Informationweek Branch By taking several proactive steps, boards can improve their organization\'s resilience against cyberattacks and protect their critical OT assets.]]> 2025-02-19T15:00:00+00:00 https://www.darkreading.com/cyber-risk/board-role-cyber-risk-management-ot-environments www.secnews.physaphae.fr/article.php?IdArticle=8649010 False Industrial None 2.0000000000000000 Recorded Future - FLux Recorded Future John Eisenberg, a legal adviser to the National Security Council during Donald Trump\'s first presidency, is expected to be the president\'s nominee to lead the National Security Division of the Department of Justice.]]> 2025-02-19T14:58:52+00:00 https://therecord.media/john-eisenberg-expected-trump-nominee-doj-nsd www.secnews.physaphae.fr/article.php?IdArticle=8649012 False None None 2.0000000000000000 Recorded Future - FLux Recorded Future Russian state-backed hackers are increasingly targeting Signal messenger accounts - including those used by Ukrainian military personnel and government officials - in an effort to access sensitive information that could aid Moscow\'s war effort, researchers warn.]]> 2025-02-19T14:39:29+00:00 https://therecord.media/russian-state-hackers-spy-on-ukraine-military-signal www.secnews.physaphae.fr/article.php?IdArticle=8649013 False None None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Australia-based Genea said it is investigating the cyber incident to determine whether any personal data was accessed by an unauthorized third party]]> 2025-02-19T14:15:00+00:00 https://www.infosecurity-magazine.com/news/australian-ivf-data-breach-cyber/ www.secnews.physaphae.fr/article.php?IdArticle=8649011 False Data Breach None 2.0000000000000000 Recorded Future - FLux Recorded Future Mobile security company iVerify says that it discovered about a dozen new infections of the powerful Pegasus spyware on phones mostly used by people in private industry.]]> 2025-02-19T14:05:12+00:00 https://therecord.media/pegasus-spyware-infections-iverify www.secnews.physaphae.fr/article.php?IdArticle=8649003 False Mobile None 3.0000000000000000 TechRepublic - Security News US The cyber security firm reported in its latest annual report that their researchers found more than 30.4 million phishing emails last year.]]> 2025-02-19T14:00:45+00:00 https://www.techrepublic.com/article/darktrace-threat-report/ www.secnews.physaphae.fr/article.php?IdArticle=8649041 False None None 3.0000000000000000 Mandiant - Blog Sécu de Mandiant Google Threat Intelligence Group (GTIG) has observed increasing efforts from several Russia state-aligned threat actors to compromise Signal Messenger accounts used by individuals of interest to Russia\'s intelligence services. While this emerging operational interest has likely been sparked by wartime demands to gain access to sensitive government and military communications in the context of Russia\'s re-invasion of Ukraine, we anticipate the tactics and methods used to target Signal will grow in prevalence in the near-term and proliferate to additional threat actors and regions outside the Ukrainian theater of war. Signal\'s popularity among common targets of surveillance and espionage activity-such as military personnel, politicians, journalists, activists, and other at-risk communities-has positioned the secure messaging application as a high-value target for adversaries seeking to intercept sensitive information that could fulfil a range of different intelligence requirements. More broadly, this threat also extends to other popular messaging applications such as WhatsApp and Telegram, which are also being actively targeted by Russian-aligned threat groups using similar techniques. In anticipation of a wider adoption of similar tradecraft by other threat actors, we are issuing a public warning regarding the tactics and methods used to date to help build public awareness and help communities better safeguard themselves from similar threats. We are grateful to the team at Signal for their close partnership in investigating this activity. The latest Signal releases on Android and iOS contain hardened features designed to help protect against similar phishing campaigns in the future. Update to the latest version to enable these features. Phishing Campaigns Abusing Signal\'s "Linked Devices" Feature The most novel and widely used technique underpinning Russian-aligned attempts to compromise Signal accounts is the abuse of the app\'s legitimate "linked devices" feature that enables Signal to be used on multiple devices concurrently. Because linking an additional device typically requires scanning a quick-response (QR) code, threat actors have resorted to crafting malicious QR codes that, when scanned, will link a victim\'s account to an actor-controlled Signal instance. If successful, future messages will be delivered synchronously to both the victim and the threat actor in real-time, providing a persistent means to eavesdrop on the victim\'s secure conversations without the need for full-device compromise. ]]> 2025-02-19T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/russia-targeting-signal-messenger/ www.secnews.physaphae.fr/article.php?IdArticle=8648980 False Malware,Threat,Mobile,Cloud,Commercial APT 44 2.0000000000000000 SecurityWeek - Security News The latest OpenSSH update patches two vulnerabilities, including one that enabled MitM attacks with no user interaction.

---

>The latest OpenSSH update patches two vulnerabilities, including one that enabled MitM attacks with no user interaction. ]]> 2025-02-19T13:32:41+00:00 https://www.securityweek.com/openssh-patches-vulnerabilities-allowing-mitm-dos-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8649004 False Vulnerability None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The head of the Australian Security Intelligence Organisation gave his Annual Threat Assessment for the year ahead]]> 2025-02-19T13:30:00+00:00 https://www.infosecurity-magazine.com/news/spies-eye-aukus-nuclear-submarine/ www.secnews.physaphae.fr/article.php?IdArticle=8649002 False Threat None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial The Communications Security Establishment Canada (CSE) and its Canadian Centre for Cyber Security (Cyber Centre) call upon Canadian... ]]> 2025-02-19T13:26:22+00:00 https://industrialcyber.co/critical-infrastructure/canadian-agencies-urge-organizations-to-boost-cyber-defenses-as-ukraine-invasion-anniversary-approaches/ www.secnews.physaphae.fr/article.php?IdArticle=8649000 False None None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial In an increasingly interconnected world, research firm Gartner identified that the protection of cyber-physical systems (CPS) has emerged...

---

>In an increasingly interconnected world, research firm Gartner identified that the protection of cyber-physical systems (CPS) has emerged... ]]> 2025-02-19T13:16:44+00:00 https://industrialcyber.co/news/gartner-details-emergence-of-cyber-physical-systems-protection-platforms/ www.secnews.physaphae.fr/article.php?IdArticle=8649001 False None None 3.0000000000000000 HackRead - Chercher Cyber The advancement of technology has also impacted sectors like gaming. Blockchain technology has surfaced as an asset that…]]> 2025-02-19T13:10:51+00:00 https://hackread.com/how-blockchain-games-ensure-transparency-fairness/ www.secnews.physaphae.fr/article.php?IdArticle=8649005 False None None 2.0000000000000000 IT Security Guru - Blog Sécurité The UK is facing a cybersecurity talent crisis, with nearly half (44%) of businesses struggling to find professionals equipped to combat the evolving cyber threat landscape, according to the UK Government’s Cyber Security Skills in the UK Labour Market 2024 report. In response, Check Point Software, a global leader in cybersecurity solutions, joined forces with […] ]]> 2025-02-19T13:03:27+00:00 https://www.itsecurityguru.org/2025/02/19/cybersecurity-talent-crisis-future-defenders-rise-to-the-challenge-in-ctf-showdown/?utm_source=rss&utm_medium=rss&utm_campaign=cybersecurity-talent-crisis-future-defenders-rise-to-the-challenge-in-ctf-showdown www.secnews.physaphae.fr/article.php?IdArticle=8649044 False Threat None 3.0000000000000000 Checkpoint - Fabricant Materiel Securite At Check Point Software, our partners are at the core of our mission to deliver cutting-edge cyber security solutions worldwide. As cyber threats continue to evolve in complexity and frequency, our partners play a vital role in safeguarding businesses and individuals alike. The Check Point Americas 2024 Partner of the Year Awards recognize the outstanding achievements of our channel partners, who have demonstrated resilience, innovation, and dedication in securing the digital world. These awards celebrate their hard work and success in driving cyber security excellence, ensuring customers receive top-tier protection and strategic guidance amidst an ever-changing threat landscape. We proudly […]

---

>At Check Point Software, our partners are at the core of our mission to deliver cutting-edge cyber security solutions worldwide. As cyber threats continue to evolve in complexity and frequency, our partners play a vital role in safeguarding businesses and individuals alike. The Check Point Americas 2024 Partner of the Year Awards recognize the outstanding achievements of our channel partners, who have demonstrated resilience, innovation, and dedication in securing the digital world. These awards celebrate their hard work and success in driving cyber security excellence, ensuring customers receive top-tier protection and strategic guidance amidst an ever-changing threat landscape. We proudly […] ]]> 2025-02-19T13:00:39+00:00 https://blog.checkpoint.com/partners/celebrating-excellence-check-points-americas-2024-partner-award-of-the-year-winners/ www.secnews.physaphae.fr/article.php?IdArticle=8648998 False Threat None 2.0000000000000000 Recorded Future - FLux Recorded Future There were billions of dollars\' worth of cryptocurrency transactions in 2024 by entities sanctioned by the United States, say researchers from Chainalysis in a new report.]]> 2025-02-19T13:00:29+00:00 https://therecord.media/sanctions-cryptocurrency-iran-tornado-cash-chainalysis-report www.secnews.physaphae.fr/article.php?IdArticle=8648989 False None None 3.0000000000000000 Recorded Future - FLux Recorded Future The domestic-focused agency ASIO has "identified at least three different countries plotting to physically harm people living in Australia," according its most recent threat assessment.]]> 2025-02-19T12:47:01+00:00 https://therecord.media/australia-asio-report-foreign-intelligence-murder-plots www.secnews.physaphae.fr/article.php?IdArticle=8648990 False Threat None 3.0000000000000000 Bleeping Computer - Magazine Américain The FakeUpdate malware campaigns are increasingly becoming muddled, with two additional cybercrime groups tracked as TA2726 and TA2727, running campaigns that push a new macOS infostealer malware called FrigidStealer. [...]]]> 2025-02-19T12:42:39+00:00 https://www.bleepingcomputer.com/news/security/new-frigidstealer-infostealer-infects-macs-via-fake-browser-updates/ www.secnews.physaphae.fr/article.php?IdArticle=8649036 False Malware None 2.0000000000000000 Bleeping Computer - Magazine Américain ​Genea, one of Australia\'s largest fertility services providers, disclosed that unknown attackers breached its network and accessed data stored on compromised systems. [...]]]> 2025-02-19T12:40:32+00:00 https://www.bleepingcomputer.com/news/security/australian-fertility-services-giant-genea-hit-by-security-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8649037 False None None 3.0000000000000000 HackRead - Chercher Cyber The education sector is changing quickly as it adopts digital tools for better learning experiences. These days, learning…]]> 2025-02-19T12:33:22+00:00 https://hackread.com/10-best-lms-saas-platforms-scalable-online-learning/ www.secnews.physaphae.fr/article.php?IdArticle=8648995 False Tool,Cloud None 2.0000000000000000 SecurityWeek - Security News A recently identified macOS infostealer named FrigidStealer has been distributed through a compromised website, as a fake browser update.

---

>A recently identified macOS infostealer named FrigidStealer has been distributed through a compromised website, as a fake browser update. ]]> 2025-02-19T12:20:00+00:00 https://www.securityweek.com/new-frigidstealer-macos-malware-distributed-as-fake-browser-update/ www.secnews.physaphae.fr/article.php?IdArticle=8648994 False Malware None 2.0000000000000000 Cyble - CyberSecurity Firm Overview   The Cybersecurity and Infrastructure Security Agency (CISA) has announced updates to its Industrial Control Systems (ICS) advisories, along with the addition of two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. On February 18, 2025, CISA published two updated advisories detailing critical vulnerabilities found in industrial control systems. These advisories are vital for system administrators and users working with ICS to address security concerns and take necessary actions to mitigate the associated risks.  ICSA-24-191-01: Delta Electronics CNCSoft-G2 (Update A)  Delta Electronics\' CNCSoft-G2, a human-machine interface (HMI) software, has been found to have multiple vulnerabilities that could be exploited by remote attackers. These vulnerabilities, which include buffer overflows and out-of-bounds writes, can lead to remote code execution. The specific versions affected include CNCSoft-G2 Version 2.0.0.5, as well as older versions like 2.1.0.10 and 2.1.0.16.  The vulnerabilities are as follows:  Stack-based Buffer Overflow (CVE-2024-39880)  Out-of-bounds Write (CVE-2024-39881)  Out-of-bounds Read (CVE-2024-39882)  Heap-based Buffer Overflow (CVE-2024-39883, CVE-2025-22880, CVE-2024-12858)  ]]> 2025-02-19T12:18:54+00:00 https://cyble.com/blog/cisa-upgrades-known-exploited-vulnerabilities-catalog/ www.secnews.physaphae.fr/article.php?IdArticle=8648991 False Tool,Vulnerability,Threat,Industrial None 2.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber The most consequential cyberattacks observed by Darktrace last year were linked to software defects in firewalls and perimeter network technologies.

---

>The most consequential cyberattacks observed by Darktrace last year were linked to software defects in firewalls and perimeter network technologies. ]]> 2025-02-19T12:01:00+00:00 https://cyberscoop.com/edge-device-vulnerabilities-fuel-attack-sprees/ www.secnews.physaphae.fr/article.php?IdArticle=8648984 False Vulnerability None 2.0000000000000000 DarkTrace - DarkTrace: AI bases detection Explore Darktrace\'s Annual Threat Report 2024 for insights on the latest cyber threats and trends observed throughout the year.]]> 2025-02-19T12:00:02+00:00 https://darktrace.com/blog/darktrace-releases-annual-2024-threat-insights www.secnews.physaphae.fr/article.php?IdArticle=8648982 False Threat None 3.0000000000000000 SecurityWeek - Security News Admeritia has launched Cyber Decision Diagrams, a free tool designed to help organizations manage complex decisions related to ICS/OT cybersecurity. 

---

>Admeritia has launched Cyber Decision Diagrams, a free tool designed to help organizations manage complex decisions related to ICS/OT cybersecurity.  ]]> 2025-02-19T12:00:00+00:00 https://www.securityweek.com/free-diagram-tool-aids-management-of-complex-ics-ot-cybersecurity-decisions/ www.secnews.physaphae.fr/article.php?IdArticle=8648981 False Tool,Industrial None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Venture capital firm Insight Partners, which counts Recorded Future, SentinelOne and Wiz in its portfolio, confirmed an intrusion into its systems via a social engineering attack]]> 2025-02-19T12:00:00+00:00 https://www.infosecurity-magazine.com/news/insight-partners-security-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8648985 False None None 2.0000000000000000 HackRead - Chercher Cyber Xerox Versalink printers are vulnerable to pass-back attacks. Rapid7 discovers LDAP & SMB flaws (CVE-2024-12510 & CVE-2024-12511). Update…]]> 2025-02-19T11:17:57+00:00 https://hackread.com/xerox-versalink-printers-vulnerabilities-hackers-steal-credentials/ www.secnews.physaphae.fr/article.php?IdArticle=8648983 False Vulnerability None 2.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Rigging the odds in your favor is the only way security practitioners can go.

---

>Rigging the odds in your favor is the only way security practitioners can go. ]]> 2025-02-19T11:00:00+00:00 https://cyberscoop.com/java-applications-security-op-ed/ www.secnews.physaphae.fr/article.php?IdArticle=8648971 False None None 2.0000000000000000