This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-06-30T15:42:36+00:00 www.secnews.physaphae.fr Ars Technica - Risk Assessment Security Hacktivism 2021-12-01T13:24:20+00:00 https://arstechnica.com/?p=1817122 www.secnews.physaphae.fr/article.php?IdArticle=3731861 False Malware,Vulnerability None None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2021-12-01T12:15:28+00:00 https://threatpost.com/smishing-campaign-iranian-android-users/176679/ www.secnews.physaphae.fr/article.php?IdArticle=3731717 False Malware None None Security Intelligence - Site de news Américain 2021-12-01T08:00:00+00:00 https://securityintelligence.com/posts/x-force-threat-intelligence-monthly-malware-roundup/ www.secnews.physaphae.fr/article.php?IdArticle=3741116 False Malware,Threat None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2021-12-01T02:59:48+00:00 https://thehackernews.com/2021/12/hackers-increasingly-using-rtf-template.html www.secnews.physaphae.fr/article.php?IdArticle=3731232 False Malware,Threat None None Wired Threat Level - Security News 2021-11-30T21:30:00+00:00 https://www.wired.com/story/malicious-google-play-apps-stole-banking-info www.secnews.physaphae.fr/article.php?IdArticle=3729671 False Malware None None Bleeping Computer - Magazine Américain 2021-11-30T18:04:42+00:00 https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-scares-admins-with-emotet-false-positives/ www.secnews.physaphae.fr/article.php?IdArticle=3729747 False Malware None None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Micropatching Unpatched Local Privilege Escalation in Mobile Device Management Service (CVE-2021-24084 / 0day) (published: November 26, 2021) 0patch Team released free, unofficial patches to protect Windows 10 users from a local privilege escalation (LPE) zero-day vulnerability in the Mobile Device Management Service. The security flaw resides under the "Access work or school" settings, and it bypasses a patch released by Microsoft in February to address an information disclosure vulnerability tracked as CVE-2021-24084. Security researcher Abdelhamid Naceri discovered this month that the incompletely-patched flaw could also be exploited to gain admin privileges after publicly disclosing the newly-spotted bug in June. He also published a proof of concept (POC) for a related vulnerability in Windows 11. Analyst Comment: Check if your Windows 10 version is affected and if so, apply the appropriate free micropatches. Plan to patch your Windows 11 systems when security patches become available. As actors now have a POC for the Windows 11 privilege escalation vulnerability, it is important to harden your systems to avoid the initial access. MITRE ATT&CK: [MITRE ATT&CK] Exploitation for Privilege Escalation - T1068 Tags: CVE-2021-24084, Vulnerability, Micropatching, Privilege escalation, LPE, Administrative access, Zero-day, Windows, Windows 10, Windows 11 CronRAT Malware Hides Behind February 31st (published: November 24, 2021) Sansec researchers have discovered CronRAT, a new remote access trojan (RAT), that is capable of stealing payment details by going after vulnerable web stores and dropping payment skimmers on Linux servers. By modifying the server-side code it bypasses browser-based security solutions. CronRAT actors engage in Magecart attacks achieving additional stealthiness thanks to the Linux Cron Job system. CronRAT code is compressed, Base64-encoded and hidden in the task names in the calendar subsystem of Linux servers (“cron”). To avoid system administrators’ attention and execution errors, those tasks are scheduled on a nonexistent day (such as February 31st). Other CronRAT stealthiness techniques are: anti-tampering checksums, being controlled via binary/obfuscated protocol, control server disguised as Dropbear SSH service, fileless execution, launching tandem RAT in a separate Linux subsystem, and timing modulation. Analyst Comment: Websites, much like personal workstations, require constant maintenance and upkeep in order to adapt to the latest threats. All external facing assets should be monitored and scanned for vulnerabilities. Threats like CronRAT make it critical that server software is kept up to date. The ability to easily restore from backup, incident response planning, and customer communication channels should all be established before a breach occurs. In addition, supply chain attacks are becoming more frequent amongst threat actors as their Tactics, Techniques, and Procedures (TTPs) evolve. Therefore, it is par]]> 2021-11-30T17:09:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-web-skimmers-victimize-holiday-shoppers-tardigrade-targets-vaccine-manufacturers-babadeda-crypter-targets-crypto-community-and-more www.secnews.physaphae.fr/article.php?IdArticle=3728811 False Ransomware,Malware,Tool,Vulnerability,Threat None None Bleeping Computer - Magazine Américain 2021-11-30T15:06:34+00:00 https://www.bleepingcomputer.com/news/security/finland-warns-of-flubot-malware-heavily-targeting-android-users/ www.secnews.physaphae.fr/article.php?IdArticle=3729183 False Malware None None UnderNews - Site de news "pirate" francais Kaspersky dévoile une nouvelle formation dédiée aux analystes malware first appeared on UnderNews.]]> 2021-11-30T12:41:37+00:00 https://www.undernews.fr/culture-web-emploi/emploi-carriere/kaspersky-devoile-une-nouvelle-formation-dediee-aux-analystes-malware.html www.secnews.physaphae.fr/article.php?IdArticle=3727680 False Malware None None SecurityWeek - Security News 2021-11-30T12:24:19+00:00 https://www.securityweek.com/north-korean-hackers-use-new-chinotto-malware-target-windows-android-devices www.secnews.physaphae.fr/article.php?IdArticle=3727853 False Malware,Threat,Cloud APT 37 None Fortinet ThreatSignal - Harware Vendor 2021-11-30T11:24:48+00:00 https://www.fortiguard.com/threat-signal-report/4311 www.secnews.physaphae.fr/article.php?IdArticle=3791021 False Malware,Threat,Patching,Cloud APT 37 None Bleeping Computer - Magazine Américain 2021-11-30T11:07:09+00:00 https://www.bleepingcomputer.com/news/security/android-banking-malware-infects-300-000-google-play-users/ www.secnews.physaphae.fr/article.php?IdArticle=3728647 False Malware None None Security Affairs - Blog Secu 2021-11-30T07:44:25+00:00 https://securityaffairs.co/wordpress/125127/malware/4-banking-trojans-google-play.html?utm_source=rss&utm_medium=rss&utm_campaign=4-banking-trojans-google-play www.secnews.physaphae.fr/article.php?IdArticle=3727108 False Malware None None Bleeping Computer - Magazine Américain 2021-11-30T06:56:06+00:00 https://www.bleepingcomputer.com/news/security/yanluowang-ransomware-operation-matures-with-experienced-affiliates/ www.secnews.physaphae.fr/article.php?IdArticle=3727448 False Ransomware,Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2021-11-30T00:31:27+00:00 https://thehackernews.com/2021/11/wirte-hacker-group-targets-government.html www.secnews.physaphae.fr/article.php?IdArticle=3726975 False Malware,Threat None None CyberSecurityVentures - cybersecurity services 2021-11-29T20:28:02+00:00 https://cybersecurityventures.com/rethinking-ransomware-defense-with-ai/ www.secnews.physaphae.fr/article.php?IdArticle=3791841 False Ransomware,Malware None None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2021-11-29T16:37:16+00:00 https://threatpost.com/shape-shifting-tardigrade-malware-hits-vaccine-makers/176601/ www.secnews.physaphae.fr/article.php?IdArticle=3723502 False Malware None None Bleeping Computer - Magazine Américain 2021-11-29T08:43:29+00:00 https://www.bleepingcomputer.com/news/security/apt37-targets-journalists-with-chinotto-multi-platform-malware/ www.secnews.physaphae.fr/article.php?IdArticle=3722740 False Malware,Cloud APT 37 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2021-11-29T07:05:52+00:00 https://thehackernews.com/2021/11/4-android-banking-trojan-campaigns.html www.secnews.physaphae.fr/article.php?IdArticle=3723381 False Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2021-11-29T04:48:25+00:00 https://thehackernews.com/2021/11/cleanmymac-x-performance-and-security.html www.secnews.physaphae.fr/article.php?IdArticle=3722612 False Malware None None SANS Institute - SANS est un acteur de defense et formation video, I show and explain the YARA rules I covered in diary entries "Extra Tip For Triage Of MALWARE Bazaar&#;x26;#;39;s Daily Malware Batches" , "Simple YARA Rules for Office Maldocs" and "YARA Rule for OOXML Maldocs: Less False Positives". ]]> 2021-11-28T00:02:27+00:00 https://isc.sans.edu/diary/rss/28078 www.secnews.physaphae.fr/article.php?IdArticle=3717144 False Malware None None Graham Cluley - Blog Security 2021-11-26T20:41:32+00:00 https://www.bitdefender.com/blog/hotforsecurity/couple-arrested-for-secretly-installing-cryptomining-software-on-department-store-pcs/ www.secnews.physaphae.fr/article.php?IdArticle=3712956 False Malware None None Security Affairs - Blog Secu 2021-11-26T15:50:31+00:00 https://securityaffairs.co/wordpress/125025/malware/babadeda-crypter-cryptocurrency-nft.html?utm_source=rss&utm_medium=rss&utm_campaign=babadeda-crypter-cryptocurrency-nft www.secnews.physaphae.fr/article.php?IdArticle=3711723 False Malware,Threat None None Bleeping Computer - Magazine Américain 2021-11-26T13:02:16+00:00 https://www.bleepingcomputer.com/news/security/trickbot-phishing-checks-screen-resolution-to-evade-researchers/ www.secnews.physaphae.fr/article.php?IdArticle=3711909 False Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2021-11-26T05:20:56+00:00 https://thehackernews.com/2021/11/hackers-targeting-biomanufacturing.html www.secnews.physaphae.fr/article.php?IdArticle=3710989 False Malware,Threat None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2021-11-26T02:32:10+00:00 https://thehackernews.com/2021/11/crypto-hackers-using-babadeda-crypter.html www.secnews.physaphae.fr/article.php?IdArticle=3710546 False Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2021-11-26T00:08:34+00:00 https://thehackernews.com/2021/11/cronrat-new-linux-malware-thats.html www.secnews.physaphae.fr/article.php?IdArticle=3710242 False Malware,Threat None None Security Affairs - Blog Secu 2021-11-25T22:07:09+00:00 https://securityaffairs.co/wordpress/125000/cyber-crime/linux-cronrat-magecart-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=linux-cronrat-magecart-attacks www.secnews.physaphae.fr/article.php?IdArticle=3708759 False Malware,Threat None None Graham Cluley - Blog Security 2021-11-25T16:54:04+00:00 https://www.tripwire.com/state-of-security/security-data-protection/sophisticated-tardigrade-malware-launches-attacks-on-vaccine-manufacturing-infrastructure/ www.secnews.physaphae.fr/article.php?IdArticle=3707792 False Malware None None Bleeping Computer - Magazine Américain 2021-11-25T14:30:00+00:00 https://www.bleepingcomputer.com/news/security/how-cybercriminals-adjusted-their-scams-for-black-friday-2021/ www.secnews.physaphae.fr/article.php?IdArticle=3708446 False Malware None None Bleeping Computer - Magazine Américain 2021-11-25T10:45:38+00:00 https://www.bleepingcomputer.com/news/security/new-linux-malware-hides-in-cron-jobs-with-invalid-dates/ www.secnews.physaphae.fr/article.php?IdArticle=3708447 True Malware None None Bleeping Computer - Magazine Américain 2021-11-25T10:45:38+00:00 https://www.bleepingcomputer.com/news/security/new-cronrat-malware-infects-linux-systems-using-odd-day-cron-jobs/ www.secnews.physaphae.fr/article.php?IdArticle=3707718 False Malware None None Bleeping Computer - Magazine Américain 2021-11-25T09:26:52+00:00 https://www.bleepingcomputer.com/news/security/discord-malware-campaign-targets-crypto-and-nft-communities/ www.secnews.physaphae.fr/article.php?IdArticle=3707719 False Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2021-11-25T03:57:05+00:00 https://thehackernews.com/2021/11/this-new-stealthy-javascript-loader.html www.secnews.physaphae.fr/article.php?IdArticle=3707106 False Malware,Threat None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2021-11-25T03:33:42+00:00 https://thehackernews.com/2021/11/hackers-using-microsoft-mshtml-flaw-to.html www.secnews.physaphae.fr/article.php?IdArticle=3707107 False Malware,Threat None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2021-11-25T01:24:46+00:00 https://thehackernews.com/2021/11/if-youre-not-using-antivirus-software.html www.secnews.physaphae.fr/article.php?IdArticle=3706892 False Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2021-11-25T00:10:45+00:00 https://thehackernews.com/2021/11/warning-hackers-exploiting-new-windows.html www.secnews.physaphae.fr/article.php?IdArticle=3706779 False Malware,Vulnerability None None Bleeping Computer - Magazine Américain 2021-11-24T11:08:18+00:00 https://www.bleepingcomputer.com/news/security/stealthy-new-javascript-malware-infects-windows-pcs-with-rats/ www.secnews.physaphae.fr/article.php?IdArticle=3703393 False Malware None None Bleeping Computer - Magazine Américain 2021-11-24T08:02:04+00:00 https://www.bleepingcomputer.com/news/security/black-friday-2021-deal-20-percent-off-zero2automated-malware-analysis-courses/ www.secnews.physaphae.fr/article.php?IdArticle=3703055 False Malware None None ComputerWeekly - Computer Magazine 2021-11-24T05:45:00+00:00 https://www.computerweekly.com/news/252509980/Apple-sues-under-fire-malware-firm-NSO www.secnews.physaphae.fr/article.php?IdArticle=3702156 False Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2021-11-23T23:40:13+00:00 https://thehackernews.com/2021/11/over-9-million-android-phones-running.html www.secnews.physaphae.fr/article.php?IdArticle=3701608 False Malware None None Security Affairs - Blog Secu 2021-11-23T22:13:25+00:00 https://securityaffairs.co/wordpress/124940/malware/windows-installer-zero-day-malware.html?utm_source=rss&utm_medium=rss&utm_campaign=windows-installer-zero-day-malware www.secnews.physaphae.fr/article.php?IdArticle=3700074 False Malware None None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Emotet malware is back and rebuilding its botnet via TrickBot (published: November 15, 2021) After Europol enforcement executed a takeover of the Emotet infrastructure in April 2021 and German law enforcement used this infrastructure to load a module triggering an uninstall of existing Emotet installs, new Emotet installs have been detected via initial infections with TrickBot. These campaigns and infrastructure appear to be rapidly proliferating. Once infected with Emotet, in addition to leveraging the infected device to send malspam, additional malware can be downloaded and installed on the victim device for various purposes, including ransomware. Researchers currently have not seen any spamming activity or any known malicious documents dropping Emotet malware besides from TrickBot. It is possible that Emotet is using Trickbot to rebuild its infrastructure and steal email chains it will use in future spam attacks. Analyst Comment: Phishing continues to be a preferred method for initial infection by many actors and malware families. End users should be cautious with email attachments and links, and organizations should have robust endpoint protections that are regularly updated. ***For Anomali ThreatStream Customers*** To assist in helping the community, especially with the online shopping season upon us, Anomali Threat Research has made available two, threat actor-focused dashboards: Mummy Spider and Wizard Spider, for Anomali ThreatStream customers. The Dashboards are preconfigured to provide immediate access and visibility into all known Mummy Spider and Wizard Spider indicators of compromise (IOCs) made available through commercial and open-source threat feeds that users manage on ThreatStream. MITRE ATT&CK: [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] Shared Modules - T1129 | [MITRE ATT&CK] Data Encrypted - T1022 | [MITRE ATT&CK] Ingress Tool Transfer - T1105 | [MITRE ATT&CK] Automated Collection - T1119 Tags: Emotet, Trickbot, phishing, ransomware Wind Turbine Giant Offline After Cyber Incident (published: November 22, 2021) The internal IT systems for Vestas Wind Systems, the world's largest manufacturer of wind turbines, have been hit by an attack. This attack does not appear to have affected their manufacturing or supply chain, and recovery of affected systems is underway, although a number of systems remain off as a precaution. The company has announced that some data has been compromised. The investigation of this incident is ongoing, but may have been a ransomware attack. The incidents of ransomware across the globe increased by near]]> 2021-11-23T20:30:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-apt-emotet-iran-redcurl-and-more www.secnews.physaphae.fr/article.php?IdArticle=3699453 False Ransomware,Spam,Malware,Tool,Vulnerability,Threat,Patching None None Anomali - Firm Blog Endnotes [1] “#Emotet has almost doubled its botnet C2 infrastructure in the past 24 hours from 8 active C2s yesterday to 14 active C2s today…,” abuse.ch, accessed November 22, 2021, published November 16, 2021, https://twitter.com/abuse_ch/status/1460649241454563341; “Another Update on #Emotet E4 distro - We are now seeing URL based lures for the document downloads…,” Cryptolaemus, accessed November 22, 2021, published November 17, 2021, https://twitter.com/Cryptolaemus1/status/1460870766518484993. [2] Luca Ebach, “Guess who’s back,” cyber.wtf, accessed November 22, 2021, published November 15, 2021, https://cyber.wtf/2021/11/15/guess-whos-back/; “Emotet is back. Here’s what we know.,” Intel471 Blog, accessed November 22, published November 16, 2021, https://intel471.com/blog/emotet-is-back-2021. [3] Alina Georgiana Petcu, “Emotet Malware Over the Years: The History of an Infamous Cyber-Threat,” Heimdal Security Blog, accessed November 22, 2021, published April 29, 2021, https://heimdalsecurity.com/blog/emotet-malware-history/; Hugh Aver, “New tricks of the Trickbot Trojan, Kaspersky Blog, accessed November 22, 2021, published October 19, 2021, https://www.kaspersky.com/blog/trickbot-new-tricks/42622/#:~:text=Exactly%20five%20years%20ago%2C%20in,credentials%20for%20online%20banking%20services.]]> 2021-11-23T19:55:00+00:00 https://www.anomali.com/blog/mummy-spiders-emotet-malware-is-back-after-a-year-hiatus-wizard-spiders-trickbot-observed-in-its-return www.secnews.physaphae.fr/article.php?IdArticle=3727459 False Malware,Threat None None Bleeping Computer - Magazine Américain 2021-11-23T16:09:03+00:00 https://www.bleepingcomputer.com/news/security/malware-now-trying-to-exploit-new-windows-installer-zero-day/ www.secnews.physaphae.fr/article.php?IdArticle=3699609 False Malware None None SecurityWeek - Security News 2021-11-23T14:06:56+00:00 https://www.securityweek.com/biomanufacturing-facilities-warned-attacks-involving-sophisticated-malware www.secnews.physaphae.fr/article.php?IdArticle=3698412 False Malware None None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2021-11-23T14:00:01+00:00 https://threatpost.com/defend-app-impersonation/176519/ www.secnews.physaphae.fr/article.php?IdArticle=3703526 False Malware None None Bleeping Computer - Magazine Américain 2021-11-23T11:00:29+00:00 https://www.bleepingcomputer.com/news/security/over-nine-million-android-devices-infected-by-info-stealing-trojan/ www.secnews.physaphae.fr/article.php?IdArticle=3698442 False Malware None None Bleeping Computer - Magazine Américain 2021-11-23T10:38:06+00:00 https://www.bleepingcomputer.com/news/security/hackers-target-biomanufacturing-with-stealthy-tardigrade-malware/ www.secnews.physaphae.fr/article.php?IdArticle=3703064 False Malware None None Bleeping Computer - Magazine Américain 2021-11-23T10:38:06+00:00 https://www.bleepingcomputer.com/news/security/tardigrade-hackers-target-big-pharma-vaccine-makers-with-stealthy-malware/ www.secnews.physaphae.fr/article.php?IdArticle=3698443 False Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2021-11-23T02:58:04+00:00 https://thehackernews.com/2021/11/more-stealthier-version-of-brazking.html www.secnews.physaphae.fr/article.php?IdArticle=3697661 False Malware,Threat None None SANS Institute - SANS est un acteur de defense et formation Extra Tip For Triage Of MALWARE Bazaar&#;x26;#;39;s Daily Malware Batches" I shared 2 simple YARA rules to triage Office documents with VBA code. ]]> 2021-11-22T18:36:13+00:00 https://isc.sans.edu/diary/rss/28062 www.secnews.physaphae.fr/article.php?IdArticle=3694716 False Malware None None Wired Threat Level - Security News 2021-11-22T16:59:22+00:00 https://www.wired.com/story/tardigrade-malware-biomanufacturing www.secnews.physaphae.fr/article.php?IdArticle=3694393 False Malware None None CISCO Talos - Cisco Research blog 2021-11-22T05:01:13+00:00 http://blog.talosintelligence.com/2021/11/emotet-back-from-the-dead.html www.secnews.physaphae.fr/article.php?IdArticle=3693220 False Spam,Malware,Threat,Guideline None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2021-11-22T04:10:31+00:00 https://thehackernews.com/2021/11/new-golang-based-linux-malware.html www.secnews.physaphae.fr/article.php?IdArticle=3693144 False Malware,Threat None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2021-11-22T03:47:12+00:00 https://thehackernews.com/2021/11/hackers-exploiting-proxylogon-and.html www.secnews.physaphae.fr/article.php?IdArticle=3692919 False Spam,Malware None None Security Affairs - Blog Secu 2021-11-21T11:12:37+00:00 https://securityaffairs.co/wordpress/124838/hacking/microsoft-exchange-servers-hack.html?utm_source=rss&utm_medium=rss&utm_campaign=microsoft-exchange-servers-hack www.secnews.physaphae.fr/article.php?IdArticle=3689168 False Malware None None Bleeping Computer - Magazine Américain 2021-11-20T12:55:47+00:00 https://www.bleepingcomputer.com/news/security/microsoft-exchange-servers-hacked-in-internal-reply-chain-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=3686912 False Malware,Threat None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2021-11-20T07:26:20+00:00 https://thehackernews.com/2021/11/north-korean-hackers-found-behind-range.html www.secnews.physaphae.fr/article.php?IdArticle=3686728 False Malware,Threat None None SecurityWeek - Security News 2021-11-19T17:10:44+00:00 https://www.securityweek.com/new-%E2%80%98sharkbot%E2%80%99-android-banking-malware-hitting-us-uk-and-italy-targets www.secnews.physaphae.fr/article.php?IdArticle=3682279 False Malware None None TroyHunt - Blog Security 2021-11-19T13:02:29+00:00 https://arstechnica.com/?p=1814211 www.secnews.physaphae.fr/article.php?IdArticle=3680156 False Malware None None Bleeping Computer - Magazine Américain 2021-11-18T16:19:09+00:00 https://www.bleepingcomputer.com/news/security/android-malware-brazking-returns-as-a-stealthier-banking-trojan/ www.secnews.physaphae.fr/article.php?IdArticle=3676555 False Malware None None UnderNews - Site de news "pirate" francais Cybersécurité – Pourquoi Emotet fait son retour first appeared on UnderNews.]]> 2021-11-18T13:10:46+00:00 https://www.undernews.fr/malwares-virus-antivirus/cybersecurite-pourquoi-emotet-fait-son-retour.html www.secnews.physaphae.fr/article.php?IdArticle=3674721 False Malware None None ProofPoint - Firm Security 2021-11-18T12:08:19+00:00 https://www.proofpoint.com/us/newsroom/news/north-korean-hacking-group-targets-diplomats-forgoes-malware www.secnews.physaphae.fr/article.php?IdArticle=3688086 False Malware None None 01net. Actualites - Securite - Magazine Francais ]]> 2021-11-18T10:45:00+00:00 https://www.01net.com/actualites/dix-mois-apres-son-demantelement-le-botnet-emotet-est-de-retour-2051335.html www.secnews.physaphae.fr/article.php?IdArticle=3679324 False Malware None None Bleeping Computer - Magazine Américain 2021-11-18T09:47:45+00:00 https://www.bleepingcomputer.com/news/security/north-korean-cyberspies-target-govt-officials-with-custom-malware/ www.secnews.physaphae.fr/article.php?IdArticle=3674819 False Malware,Threat None None McAfee Labs - Editeur Logiciel The malware landscape is growing more complex by the minute, which means that no device under your family's roof-be it... ]]> 2021-11-17T00:19:00+00:00 https://www.mcafee.com/blogs/consumer-cyber-awareness/5-signs-your-device-may-be-infected-with-malware-or-a-virus/ www.secnews.physaphae.fr/article.php?IdArticle=3668017 False Malware None None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2021-11-16T21:46:51+00:00 https://threatpost.com/rooting-malware-mobile/176376/ www.secnews.physaphae.fr/article.php?IdArticle=3667652 False Malware None None Bleeping Computer - Magazine Américain 2021-11-16T18:07:17+00:00 https://www.bleepingcomputer.com/news/security/here-are-the-new-emotet-spam-campaigns-hitting-mailboxes-worldwide/ www.secnews.physaphae.fr/article.php?IdArticle=3667925 False Spam,Malware None None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer (published: November 8, 2021) US Cybersecurity and Infrastructure Security Agency (CISA) has released an alert about advanced persistent threat (APT) actors exploiting vulnerability in self-service password management and single sign-on solution known as ManageEngine ADSelfService Plus. PaloAlto, Microsoft & Lumen Technologies did a joint effort to track, analyse and mitigate this threat. The attack deployed a webshell and created a registry key for persistence. The actor leveraged leased infrastructure in the US to scan hundreds of organizations and compromised at least nine global organizations across technology, defense, healthcare and education industries. Analyst Comment: This actor has used some unique techniques in these attacks including: a blockchain based legitimate remote control application, and credential stealing tool which hooks specific functions from the LSASS process. It’s important to make sure your EDR solution is configured to and supports detecting such advanced techniques in order to detect such attacks. MITRE ATT&CK: [MITRE ATT&CK] OS Credential Dumping - T1003 | [MITRE ATT&CK] Ingress Tool Transfer - T1105 | [MITRE ATT&CK] Scripting - T1064 | [MITRE ATT&CK] Valid Accounts - T1078 | [MITRE ATT&CK] Application Layer Protocol - T1071 | [MITRE ATT&CK] Credentials in Files - T1081 | [MITRE ATT&CK] Brute Force - T1110 | [MITRE ATT&CK] Data Staged - T1074 | [MITRE ATT&CK] External Remote Services - T1133 | [MITRE ATT&CK] Hooking - T1179 | [MITRE ATT&CK] Registry Run Keys / Startup Folder - T1060 | [MITRE ATT&CK] Pass the Hash - T1075 Tags: Threat Group 3390, APT27, TG-3390, Emissary Panda, WildFire, NGLite backdoor, Cobalt Strike, Godzilla, PwDump, beacon, ChinaChopper, CVE-2021-40539, Healthcare, Military, North America, China REvil Affiliates Arrested; DOJ Seizes $6.1M in Ransom (published: November 9, 2021) A 22 year old Ukranian national named Yaroslav Vasinskyi, has been charged with conducting ransomware attacks by the U.S Department of Justice (DOJ). These attacks include t]]> 2021-11-16T17:34:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-revil-affiliates-arrested-electronics-retail-giant-hit-by-ransomware-robinhood-breach-zero-day-in-palo-alto-security-appliance-and-more www.secnews.physaphae.fr/article.php?IdArticle=3667130 False Ransomware,Data Breach,Malware,Tool,Vulnerability,Threat,Medical APT 38,APT 27,APT 1 None Naked Security - Blog sophos 2021-11-16T14:13:19+00:00 https://nakedsecurity.sophos.com/2021/11/16/emotet-malware-the-report-of-my-death-was-an-exaggeration/ www.secnews.physaphae.fr/article.php?IdArticle=3666632 False Malware None None Palo Alto Network - Site Constructeur 2021-11-16T13:05:23+00:00 https://www.paloaltonetworks.com/blog/2021/11/netsec-announcing-standalone-wildfire/ www.secnews.physaphae.fr/article.php?IdArticle=3684279 False Malware,Guideline None None SecurityWeek - Security News 2021-11-16T12:47:34+00:00 https://www.securityweek.com/emotet-using-trickbot-get-back-game www.secnews.physaphae.fr/article.php?IdArticle=3666277 False Malware None None ZD Net - Magazine Info 2021-11-16T11:44:00+00:00 https://www.zdnet.com/article/mosesstaff-attackers-deploy-ransomware-on-your-systems-no-payment-no-decryption-possible/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=3666260 False Malware None None ZD Net - Magazine Info 2021-11-16T09:59:10+00:00 https://www.zdnet.com/article/new-banking-trojan-sharkbot-makes-waves-across-europe/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=3665964 False Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2021-11-16T01:22:15+00:00 https://thehackernews.com/2021/11/notorious-emotet-botnet-makes-comeback.html www.secnews.physaphae.fr/article.php?IdArticle=3665780 False Malware None None Security Affairs - Blog Secu 2021-11-15T22:33:11+00:00 https://securityaffairs.co/wordpress/124642/cyber-crime/operation-reacharound-emotet-return.html?utm_source=rss&utm_medium=rss&utm_campaign=operation-reacharound-emotet-return www.secnews.physaphae.fr/article.php?IdArticle=3664649 False Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2021-11-15T21:38:51+00:00 https://thehackernews.com/2021/11/sharkbot-new-android-trojan-stealing.html www.secnews.physaphae.fr/article.php?IdArticle=3665315 False Malware None None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2021-11-15T20:10:15+00:00 https://threatpost.com/cybercriminals-alibaba-cloud-cryptomining-malware/176348/ www.secnews.physaphae.fr/article.php?IdArticle=3664318 False Malware None None Bleeping Computer - Magazine Américain 2021-11-15T15:04:23+00:00 https://www.bleepingcomputer.com/news/security/the-emotet-malware-is-back-and-rebuilding-its-botnet-via-trickbot/ www.secnews.physaphae.fr/article.php?IdArticle=3664190 False Spam,Malware None None Bleeping Computer - Magazine Américain 2021-11-15T15:04:23+00:00 https://www.bleepingcomputer.com/news/security/emotet-malware-is-back-and-rebuilding-its-botnet-via-trickbot/ www.secnews.physaphae.fr/article.php?IdArticle=3664572 True Spam,Malware None None Bleeping Computer - Magazine Américain 2021-11-15T14:15:27+00:00 https://www.bleepingcomputer.com/news/security/alibaba-ecs-instances-actively-hijacked-by-cryptomining-malware/ www.secnews.physaphae.fr/article.php?IdArticle=3664191 False Malware None None SecurityWeek - Security News 2021-11-15T12:47:22+00:00 https://www.securityweek.com/iot-protocol-used-nasa-siemens-and-volkswagen-can-be-exploited-hackers www.secnews.physaphae.fr/article.php?IdArticle=3663186 False Malware,Threat None None CVE Liste - Common Vulnerability Exposure 2021-11-13T18:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43616 www.secnews.physaphae.fr/article.php?IdArticle=3656732 False Malware None None Security Affairs - Blog Secu 2021-11-12T22:15:05+00:00 https://securityaffairs.co/wordpress/124522/hacking/html-smuggling-technique.html?utm_source=rss&utm_medium=rss&utm_campaign=html-smuggling-technique www.secnews.physaphae.fr/article.php?IdArticle=3652843 False Malware,Threat None None SecurityWeek - Security News 2021-11-12T17:55:01+00:00 https://www.securityweek.com/botenago-malware-targets-routers-iot-devices-over-30-exploits www.secnews.physaphae.fr/article.php?IdArticle=3652860 False Malware None None Security Affairs - Blog Secu 2021-11-12T15:57:25+00:00 https://securityaffairs.co/wordpress/124513/malware/macos-zero-day-watering-hole-hong-kong.html?utm_source=rss&utm_medium=rss&utm_campaign=macos-zero-day-watering-hole-hong-kong www.secnews.physaphae.fr/article.php?IdArticle=3652844 False Malware,Vulnerability,Threat None None Schneier on Security - Chercheur Cryptologue Américain discovered a MacOS zero-day exploit being used against Hong Kong activists. It was a “watering hole” attack, which means the malware was hidden in a legitimate website. Users visiting that website would get infected. From an article: Google’s researchers were able to trigger the exploits and study them by visiting the websites compromised by the hackers. The sites served both iOS and MacOS exploit chains, but the researchers were only able to retrieve the MacOS one. The zero-day exploit was similar to another in-the-wild vulnerability analyzed by another Google researcher in the past, according to the report...]]> 2021-11-12T15:07:36+00:00 https://www.schneier.com/blog/archives/2021/11/macos-zero-day-used-against-hong-kong-activists.html www.secnews.physaphae.fr/article.php?IdArticle=3652854 False Malware,Vulnerability None None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2021-11-12T13:14:44+00:00 https://threatpost.com/routers-iot-open-source-malware/176270/ www.secnews.physaphae.fr/article.php?IdArticle=3649595 False Malware None None SecurityWeek - Security News 2021-11-12T11:59:37+00:00 https://www.securityweek.com/macos-zero-day-exploited-deliver-malware-users-hong-kong www.secnews.physaphae.fr/article.php?IdArticle=3652865 False Malware,Vulnerability None None Bleeping Computer - Magazine Américain 2021-11-12T10:27:11+00:00 https://www.bleepingcomputer.com/news/security/microsoft-warns-of-surge-in-html-smuggling-phishing-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=3650654 False Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2021-11-12T07:32:30+00:00 https://thehackernews.com/2021/11/hackers-increasingly-using-html.html www.secnews.physaphae.fr/article.php?IdArticle=3652710 False Ransomware,Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2021-11-12T07:15:52+00:00 https://thehackernews.com/2021/11/abcbot-new-evolving-wormable-botnet.html www.secnews.physaphae.fr/article.php?IdArticle=3652711 False Malware None None Wired Threat Level - Security News 2021-11-11T18:25:46+00:00 https://www.wired.com/story/ios-macos-hacks-hong-kong-watering-hole www.secnews.physaphae.fr/article.php?IdArticle=3646461 False Malware None None Bleeping Computer - Magazine Américain 2021-11-11T16:34:07+00:00 https://www.bleepingcomputer.com/news/security/windows-10-app-installer-abused-in-bazarloader-malware-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=3646938 False Spam,Malware None None Bleeping Computer - Magazine Américain 2021-11-11T15:41:09+00:00 https://www.bleepingcomputer.com/news/security/botenago-botnet-targets-millions-of-iot-devices-with-33-exploits/ www.secnews.physaphae.fr/article.php?IdArticle=3646773 False Malware None None Security Affairs - Blog Secu 2021-11-11T06:37:51+00:00 https://securityaffairs.co/wordpress/124471/malware/phonespy-spyware-south-korea.html?utm_source=rss&utm_medium=rss&utm_campaign=phonespy-spyware-south-korea www.secnews.physaphae.fr/article.php?IdArticle=3643548 False Malware None None Bleeping Computer - Magazine Américain 2021-11-11T02:45:34+00:00 https://www.bleepingcomputer.com/news/security/careful-smart-tv-remote-android-app-on-google-play-is-malware/ www.secnews.physaphae.fr/article.php?IdArticle=3643589 False Malware None None Fortinet - Fabricant Materiel Securite ]]> 2021-11-11T00:00:00+00:00 https://www.fortinet.com/blog/threat-research/to-joke-or-not-to-joke-covid-22-brings-disaster-to-mbr www.secnews.physaphae.fr/article.php?IdArticle=3650524 False Malware None None SecurityWeek - Security News 2021-11-10T16:17:33+00:00 http://feedproxy.google.com/~r/securityweek/~3/11nxfMhoLrc/south-korean-users-targeted-android-spyware-phonespy www.secnews.physaphae.fr/article.php?IdArticle=3639365 False Malware None 3.0000000000000000