This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-06-04T09:35:21+00:00 www.secnews.physaphae.fr SecurityWeek - Security News Fujitsu affirme que les pirates ont infecté des systèmes internes par des logiciels malveillants, des informations personnelles et des clients.

---

>Fujitsu says hackers infected internal systems with malware, stole personal and customer information. ]]> 2024-03-18T14:10:38+00:00 https://www.securityweek.com/fujitsu-data-breach-impacts-personal-customer-information/ www.secnews.physaphae.fr/article.php?IdArticle=8466103 False Data Breach,Malware None 3.0000000000000000 UnderNews - Site de news "pirate" francais Kaspersky a contribué à une action menée par INTERPOL, qui a conduit les autorités brésiliennes à arrêter cinq administrateurs à l'origine du trojan bancaire Grandoreiro. Selon les premières estimations, les opérateurs du trojan bancaire auraient escroqué plus de 3,5 millions d'euros à leurs victimes. The post Kaspersky soutient l'opération coordonnée par INTERPOL visant à lutter contre l'action du malware Grandoreiro first appeared on UnderNews.]]> 2024-03-18T13:44:43+00:00 https://www.undernews.fr/malwares-virus-antivirus/kaspersky-soutient-loperation-coordonnee-par-interpol-visant-a-lutter-contre-laction-du-malware-grandoreiro.html www.secnews.physaphae.fr/article.php?IdArticle=8466057 False Malware None 2.0000000000000000 Global Security Mag - Site de news francais Malwares]]> 2024-03-18T13:27:29+00:00 https://www.globalsecuritymag.fr/kaspersky-soutient-l-operation-coordonnee-par-interpol-visant-a-lutter-contre-l.html www.secnews.physaphae.fr/article.php?IdArticle=8466080 False Malware None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-03-18T13:23:03+00:00 https://community.riskiq.com/article/54f79303 www.secnews.physaphae.fr/article.php?IdArticle=8466085 False Ransomware,Spam,Malware,Tool,Threat,Prediction None 3.0000000000000000 Bleeping Computer - Magazine Américain Japanese tech giant Fujitsu discovered that several of its systems were infected by malware and warns that the hackers stole customer data. [...]]]> 2024-03-18T10:01:07+00:00 https://www.bleepingcomputer.com/news/security/fujitsu-found-malware-on-it-systems-confirms-data-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8466060 False Data Breach,Malware None 3.0000000000000000 Securonix - Siem The Securonix Threat Research team has uncovered an elaborate multi-stage attack campaign dubbed DEEP#GOSU likely associated with the North Korean Kimsuky group.]]> 2024-03-18T09:00:49+00:00 https://www.securonix.com/blog/securonix-threat-research-security-advisory-new-deepgosu-attack-campaign/ www.secnews.physaphae.fr/article.php?IdArticle=8466086 False Malware,Threat None 3.0000000000000000 HackRead - Chercher Cyber waqas Un autre jour, une autre menace de cybersécurité frappe les utilisateurs insoupdises! Ceci est un article de HackRead.com Lire la publication originale: Nouveau malware & # 8220; BunnyLoader 3.0 & # 8221;Vole des informations d'identification et de la crypto

---

By Waqas Another day, another cybersecurity threat hits unsuspected users! This is a post from HackRead.com Read the original post: New Malware “BunnyLoader 3.0” Steals Credentials and Crypto]]> 2024-03-15T16:06:31+00:00 https://www.hackread.com/bunnyloader-3-0-malware-steals-credentials-crypto/ www.secnews.physaphae.fr/article.php?IdArticle=8464421 False Malware,Threat None 3.0000000000000000 McAfee Labs - Editeur Logiciel Rédigé par Zepeng Chen et Wenfeng Yu McAfee Research Mobile Research a observé une campagne de logiciels malveillants à escroquerie active ciblant Android ...

---

> Authored by ZePeng Chen and Wenfeng Yu  McAfee Mobile Research Team has observed an active scam malware campaign targeting Android... ]]> 2024-03-14T16:42:32+00:00 https://www.mcafee.com/blogs/other-blogs/mcafee-labs/android-phishing-scam-using-malware-as-a-service-on-the-rise-in-india/ www.secnews.physaphae.fr/article.php?IdArticle=8463892 False Malware,Mobile None 3.0000000000000000 Dark Reading - Informationweek Branch Attackers use Google redirects in their phishing attack leveraging a now-patched vulnerability that spreads the multifaceted malware.]]> 2024-03-14T14:23:05+00:00 https://www.darkreading.com/endpoint-security/windows-smartscreen-bypass-flaw-exploited-to-drop-darkgate-rat www.secnews.physaphae.fr/article.php?IdArticle=8463835 False Malware,Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor known as Blind Eagle has been observed using a loader malware called Ande Loader to deliver remote access trojans (RATs) like Remcos RAT and NjRAT. The attacks, which take the form of phishing emails, targeted Spanish-speaking users in the manufacturing industry based in North America, eSentire said. Blind Eagle (aka APT-C-36) is a financially motivated threat actor&]]> 2024-03-14T12:47:00+00:00 https://thehackernews.com/2024/03/ande-loader-malware-targets.html www.secnews.physaphae.fr/article.php?IdArticle=8463656 False Malware,Threat APT-C-36 2.0000000000000000 GoogleSec - Firm Security Blog Standard protection mode of Safe Browsing in Chrome. Current landscape Chrome automatically protects you by flagging potentially dangerous sites and files, hand in hand with Safe Browsing which discovers thousands of unsafe sites every day and adds them to its lists of harmful sites and files. So far, for privacy and performance reasons, Chrome has first checked sites you visit against a locally-stored list of known unsafe sites which is updated every 30 to 60 minutes – this is done using hash-based checks. Hash-based check overview But unsafe sites have adapted - today, the majority of them exist for less than 10 minutes, meaning that by the time the locally-stored list of known unsafe sites is updated, many have slipped through and had the chance to do damage if users happened to visit them during this window of opportunity. Further, Safe Browsing\'s list of harmful websites continues to grow at a rapid pace. Not all devices have the resources necessary to maintain this growing list, nor are they always able to receive and apply updates to the list at the frequency necessary to benefit from full protection. Safe Browsing\'s Enhanced protection mode already stays ahead of such threats with technologies such as real-time list checks and AI-based classification of malicious URLs and web pages. We built this mode as an opt-in to give users the choice of sharing more security-related data in order to get stronger security. This mode has shown that checking lists in real time brings significant value, so we decided to bring that to the default Standard protection mode through a new API – one that doesn\'t share the URLs of sites you visit with Google. Introducing real-time, privacy-preserving Safe Browsing How it works In order to transition to real-time protection, checks now need to be performed against a list that is maintained on the Safe Browsing server. The server-side list can include unsafe sites as soon as they are discovered, so it is able to capture sites that switch quickly. It can also grow as large as needed because the]]> 2024-03-14T12:01:32+00:00 http://security.googleblog.com/2024/03/blog-post.html www.secnews.physaphae.fr/article.php?IdArticle=8469136 False Malware,Mobile,Cloud None 2.0000000000000000 Bleeping Computer - Magazine Américain Google will roll out a Safe Browsing update later this month that will provide real-time malware and phishing protection to all Chrome users, without compromising their browsing privacy. [...]]]> 2024-03-14T12:00:00+00:00 https://www.bleepingcomputer.com/news/google/google-chrome-gets-real-time-phishing-protection-later-this-month/ www.secnews.physaphae.fr/article.php?IdArticle=8463895 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A DarkGate malware campaign observed in mid-January 2024 leveraged a recently patched security flaw in Microsoft Windows as a zero-day using bogus software installers. “During this campaign, users were lured using PDFs that contained Google DoubleClick Digital Marketing (DDM) open redirects that led unsuspecting victims to compromised sites hosting the Microsoft Windows SmartScreen bypass]]> 2024-03-14T10:27:00+00:00 https://thehackernews.com/2024/03/darkgate-malware-exploits-recently.html www.secnews.physaphae.fr/article.php?IdArticle=8463587 False Malware,Vulnerability,Threat None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC https://www.scmagazine.com/news/spyware-behind-nearly-50-of-zeros-days-targeting-google-products). ]]> 2024-03-14T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/commercial-spyware-the-stealthy-threat www.secnews.physaphae.fr/article.php?IdArticle=8463833 False Ransomware,Malware,Tool,Vulnerability,Threat,Legislation,Mobile,Commercial None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) One of the most common misconceptions in file upload cybersecurity is that certain tools are “enough” on their own-this is simply not the case. In our latest whitepaper OPSWAT CEO and Founder, Benny Czarny, takes a comprehensive look at what it takes to prevent malware threats in today\'s ever-evolving file upload security landscape, and a big part of that is understanding where the]]> 2024-03-13T21:09:00+00:00 https://thehackernews.com/2024/03/demystifying-common-cybersecurity-myth.html www.secnews.physaphae.fr/article.php?IdArticle=8463289 False Malware,Tool None 3.0000000000000000 Bleeping Computer - Magazine Américain A new wave of attacks by the DarkGate malware operation exploits a now-fixed Windows Defender SmartScreen vulnerability to bypass security checks and automatically install fake software installers. [...]]]> 2024-03-13T17:26:41+00:00 https://www.bleepingcomputer.com/news/security/hackers-exploit-windows-smartscreen-flaw-to-drop-darkgate-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8463461 False Malware,Vulnerability,Threat None 2.0000000000000000 IT Security Guru - Blog Sécurité Les recherches révèlent que les infostellers ciblent HealthcareLes données du secteur sont apparues pour la première fois sur gourou de la sécurité informatique .

---

New research by Netskope Threat Labs has revealed that infostealers were the primary malware and ransowmare families used to target the healthcare sector. Healthcare was among the top sectors impacted during 2023 by mega breaches, an attack where over one million records were stolen. The report also examined the continued increase in cloud app adoption […] The post Research Reveals That Infostealers Target Healthcare Sector Data first appeared on IT Security Guru. ]]> 2024-03-13T16:08:29+00:00 https://www.itsecurityguru.org/2024/03/13/research-reveals-that-infostealers-target-healthcare-sector-data/?utm_source=rss&utm_medium=rss&utm_campaign=research-reveals-that-infostealers-target-healthcare-sector-data www.secnews.physaphae.fr/article.php?IdArticle=8463297 False Malware,Threat,Medical,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new phishing campaign has been observed delivering remote access trojans (RAT) such as VCURMS and STRRAT by means of a malicious Java-based downloader. “The attackers stored malware on public services like Amazon Web Services (AWS) and GitHub, employing a commercial protector to avoid detection of the malware,” Fortinet FortiGuard Labs researcher Yurren Wan said. An unusual aspect of the]]> 2024-03-13T15:13:00+00:00 https://thehackernews.com/2024/03/alert-cybercriminals-deploying-vcurms.html www.secnews.physaphae.fr/article.php?IdArticle=8463117 False Malware,Commercial None 3.0000000000000000 Bleeping Computer - Magazine Américain The latest version of the PixPirate banking trojan for Android employs a previously unseen method to hide from the victim while remaining active on the infected device even if its dropper app has been removed. [...]]]> 2024-03-13T14:13:05+00:00 https://www.bleepingcomputer.com/news/security/pixpirate-android-malware-uses-new-tactic-to-hide-on-phones/ www.secnews.physaphae.fr/article.php?IdArticle=8463340 False Malware,Mobile None 3.0000000000000000 UnderNews - Site de news "pirate" francais  Check Point® Software Technologies Ltd., l’un des principaux fournisseurs de solutions de cybersécurité dans le monde a publié son classement de la menace mondial a publié son Classement mondial de la menace pour le mois de février 2024. Le mois dernier, des chercheurs ont découvert une nouvelle campagne de FakeUpdates qui avait pour objectif de […] The post Classement Top malware Check Point février 2024 : Découverte d'une nouvelle campagne de FakeUpdates ciblant les sites internet WordPress first appeared on UnderNews.]]> 2024-03-13T10:26:06+00:00 https://www.undernews.fr/malwares-virus-antivirus/classement-top-malware-check-point-fevrier-2024-decouverte-dune-nouvelle-campagne-de-fakeupdates-ciblant-les-sites-internet-wordpress.html www.secnews.physaphae.fr/article.php?IdArticle=8463109 False Malware None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC cyberattacks can be tough. But there are several cybersecurity tips that can help defend against attacks. We\'ve gathered a list of 25 most effective tips for you to adopt and share with others. Top 25 cybersecurity tips for your business 1.    Keep your software up to date To stay safe from cyber threats like ransomware, it\'s essential to regularly update your software, including your operating system and applications. Updates often contain crucial security patches that fix vulnerabilities exploited by hackers. Enable automatic updates for your device and web browser, and ensure plugins like Flash and Java are also kept up to date. ]]> 2024-03-13T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/25-essential-cybersecurity-tips-and-best-practices-for-your-business www.secnews.physaphae.fr/article.php?IdArticle=8463764 False Ransomware,Malware,Tool,Vulnerability,Mobile,Cloud LastPass 2.0000000000000000 Dark Reading - Informationweek Branch A multitooled Trojan cuts apart Brazil\'s premier wire transfer app. Could similar malware do the same to Venmo, Zelle, or PayPal?]]> 2024-03-13T10:00:00+00:00 https://www.darkreading.com/application-security/pixpirate-rat-invisibly-triggers-wire-transfers-android-devices www.secnews.physaphae.fr/article.php?IdArticle=8463087 False Malware,Mobile None 3.0000000000000000 Global Security Mag - Site de news francais rapports spéciaux

---

2024 Sophos Threat Report: Cybercrime on Main Street Details Cyberthreats Facing SMBs Data and Credential Theft Malware are Top Two Threats Against SMBs in 2023, Accounting for Nearly 50% of All Malware Sophos Detected Targeting this Market Segment Ransomware Still the Biggest Threat to SMBs; Business Email Compromise on the Rise, Along with More Sophisticated Social Engineering Tactics - Special Reports]]> 2024-03-13T08:30:49+00:00 https://www.globalsecuritymag.fr/2024-sophos-threat-report-cybercrime-on-main-street-details-cyberthreats-facing.html www.secnews.physaphae.fr/article.php?IdArticle=8463062 False Malware,Threat,Studies None 4.0000000000000000 HackRead - Chercher Cyber Par waqas Un autre jour, un autre logiciel malveillant exploitant les services cloud pour voler des données sensibles aux utilisateurs de Windows sans méfiance. Ceci est un article de HackRead.com Lire le post d'origine: Les nouveaux logiciels malveillants VCURMS ciblent les navigateurs populaires pour le vol de données

---

>By Waqas Another day, another malware exploiting cloud services to steal sensitve data from unsuspecting Windows users. This is a post from HackRead.com Read the original post: New Vcurms Malware Targets Popular Browsers for Data Theft]]> 2024-03-12T23:49:20+00:00 https://www.hackread.com/vcurms-malware-browsers-for-data-theft/ www.secnews.physaphae.fr/article.php?IdArticle=8462885 False Malware,Cloud None 2.0000000000000000 HackRead - Chercher Cyber Par waqas Le rapport d'index Global Threat de février 2024 publié par Check Point Software Technologies Ltd. expose la vulnérabilité alarmante de la cybersécurité dans le monde. Ceci est un article de HackRead.com Lire le post original: FakeUpdatesCampagne cible WordPress & # 8211;Des millions de sites à risque

---

>By Waqas The February 2024 Global Threat Index report released by Check Point Software Technologies Ltd. exposes the alarming vulnerability of cybersecurity worldwide. This is a post from HackRead.com Read the original post: FakeUpdates Malware Campaign Targets WordPress – Millions of Sites at Risk]]> 2024-03-12T17:49:23+00:00 https://www.hackread.com/fakeupdates-malware-campaign-targets-wordpress/ www.secnews.physaphae.fr/article.php?IdArticle=8462757 False Malware,Vulnerability,Threat None 2.0000000000000000 Zataz - Magazine Francais de secu 2024-03-12T15:24:02+00:00 https://www.zataz.com/warzone-rat-operation-de-demantelement-dun-reseau-de-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8462709 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new malware campaign is leveraging a high-severity security flaw in the Popup Builder plugin for WordPress to inject malicious JavaScript code. According to Sucuri, the campaign has infected more than 3,900 sites over the past three weeks. "These attacks are orchestrated from domains less than a month old, with registrations dating back to February 12th, 2024," security researcher]]> 2024-03-12T14:45:00+00:00 https://thehackernews.com/2024/03/malware-campaign-exploits-popup-builder.html www.secnews.physaphae.fr/article.php?IdArticle=8462546 False Malware None 3.0000000000000000 Checkpoint - Fabricant Materiel Securite Faits saillants: 1. Protection innovante en temps réel: DocLink Defender exploite les dernières technologies analytiques pour intercepter et neutraliser instantanément des documents malveillants.En protégeant les systèmes dès le départ, il fournit un bouclier impénétrable contre les infections potentielles de logiciels malveillants.2. Défense prouvée contre les menaces avancées: présentant ses prouesses, Doclink Defender a un historique de contrecarré des cyber-menaces sophistiquées, y compris l'agent notoire Tesla Malware.Sa capacité à arrêter de telles attaques complexes à leur point de création souligne sa valeur à maintenir la cybersécurité organisationnelle à l'ère numérique d'aujourd'hui.3. Sécurité complète pour les utilisateurs de points de contrôle: pour ceux qui utilisent des solutions quantiques et harmonie de point de contrôle, activant [& # 8230;]

---

>Highlights: 1. Innovative Real-Time Protection: DocLink Defender leverages the latest in analytical technology to intercept and neutralize malicious documents instantly. By safeguarding systems from the get-go, it provides an impenetrable shield against potential malware infections. 2. Proven Defense Against Advanced Threats: Showcasing its prowess, DocLink Defender has a track record of thwarting sophisticated cyber threats, including the notorious Agent Tesla malware. Its ability to stop such complex attacks at their inception point underscores its value in maintaining organizational cybersecurity in today\'s digital age. 3. Comprehensive Security for Check Point Users: For those utilizing Check Point\'s Quantum and Harmony solutions, activating […] ]]> 2024-03-12T13:00:40+00:00 https://blog.checkpoint.com/security/shield-your-documents-introducing-doclink-defender-for-real-time-malware-blockade/ www.secnews.physaphae.fr/article.php?IdArticle=8462623 False Malware None 2.0000000000000000 Korben - Bloger francais 2024-03-12T10:03:18+00:00 https://korben.info/nerbianrat-linux-malware-exploiting-vulnerabilities.html www.secnews.physaphae.fr/article.php?IdArticle=8462574 False Malware None 2.0000000000000000 Ars Technica - Risk Assessment Security Hacktivism Discovery means that NerbianRAT is cross-platform used by for-profit threat group.]]> 2024-03-12T00:33:07+00:00 https://arstechnica.com/?p=2009493 www.secnews.physaphae.fr/article.php?IdArticle=8462390 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Users in Brazil are the target of a new banking trojan known as CHAVECLOAK that\'s propagated via phishing emails bearing PDF attachments. "This intricate attack involves the PDF downloading a ZIP file and subsequently utilizing DLL side-loading techniques to execute the final malware," Fortinet FortiGuard Labs researcher Cara Lin said. The attack chain involves the use of]]> 2024-03-11T20:17:00+00:00 https://thehackernews.com/2024/03/new-banking-trojan-chavecloak-targets.html www.secnews.physaphae.fr/article.php?IdArticle=8462170 False Malware None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Description A new MSIX malware disguised as the Notion installer is being distributed through a website that looks similar to the actual Notion homepage. This file is a Windows app installer, and it is signed with a valid certificate. Upon running the file, the user gets a pop-up, and upon clicking the Install button, Notion is installed on the PC and is infected with malware. #### Reference URL(s) 1. https://asec.ahnlab.com/en/62815/ #### Publication Date March 10, 2024 #### Author(s) Anh Ho Facundo Muñoz Marc-Etienne M.Léveillé ]]> 2024-03-11T20:06:53+00:00 https://community.riskiq.com/article/f21ac4ec www.secnews.physaphae.fr/article.php?IdArticle=8462305 False Malware None 3.0000000000000000 HackRead - Chercher Cyber Par deeba ahmed Patch maintenant!Les vulnérabilités d'une journée exploitées par aimant gobelin pour livrer des logiciels malveillants Linux! Ceci est un article de HackRead.com Lire la publication originale: Magnet gobelin hackers utilisant des défauts ivanti pour déployer des logiciels malveillants Linux

---

>By Deeba Ahmed Patch Now! One-Day Vulnerabilities Exploited by Magnet Goblin to Deliver Linux Malware! This is a post from HackRead.com Read the original post: Magnet Goblin Hackers Using Ivanti Flaws to Deploy Linux Malware]]> 2024-03-11T18:21:48+00:00 https://www.hackread.com/magnet-goblin-hackers-ivanti-flaws-linux-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8462254 False Malware,Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The threat actor uses custom Linux malware to pursue financial gain, according to Check Point Research]]> 2024-03-11T17:00:00+00:00 https://www.infosecurity-magazine.com/news/magnet-goblin-exploits-ivanti-flaws/ www.secnews.physaphae.fr/article.php?IdArticle=8462213 False Malware,Vulnerability,Threat None 3.0000000000000000 Checkpoint - Fabricant Materiel Securite Les chercheurs ont découvert une nouvelle campagne avec FakeUpdates, également connue sous le nom de Socgolish, ciblant et compromettant les sites Web WordPress avec des comptes d'administration piratés.Pendant ce temps, Play est entré dans les trois premiers des groupes de ransomwares les plus recherchés et l'éducation est restée le secteur le plus attaqué dans le monde notre dernier indice de menace mondial pour février 2024, les chercheurs ont révélé une nouvelle campagne FakeUpdates compromettant les sites Web WordPress.Ces sites ont été infectés à l'aide de comptes d'administrateur WP-Admin piratés, les logiciels malveillants adaptant ses tactiques aux sites Web infiltrés en utilisant des éditions modifiées de plugins WordPress authentiques et en incitant les individus à télécharger un cheval de Troie à distance.Pendant ce temps, même après son retrait vers la fin [& # 8230;]

---

>Researchers uncovered a new campaign with FakeUpdates, also known as SocGolish, targeting and compromising WordPress websites with hacked admin accounts. Meanwhile, Play entered the top three of most wanted ransomware groups and education remained the most attacked sector worldwide Our latest Global Threat Index for February 2024 saw researchers uncover a fresh FakeUpdates campaign compromising WordPress websites. These sites were infected using hacked wp-admin administrator accounts, with the malware adapting its tactics to infiltrate websites by utilizing altered editions of authentic WordPress plugins, and tricking individuals into downloading a Remote Access Trojan. Meanwhile, even following its takedown towards the end […] ]]> 2024-03-11T15:11:26+00:00 https://blog.checkpoint.com/research/february-2024s-most-wanted-malware-wordpress-websites-targeted-by-fresh-fakeupdates-campaign/ www.secnews.physaphae.fr/article.php?IdArticle=8462189 False Ransomware,Malware,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-03-11T13:43:18+00:00 https://community.riskiq.com/article/0d210725 www.secnews.physaphae.fr/article.php?IdArticle=8462154 False Ransomware,Malware,Tool,Vulnerability,Threat,Prediction,Cloud None 3.0000000000000000 SecurityWeek - Security News L'acteur de menace financièrement motivé Gobelin cible des vulnérabilités d'une journée pour déployer des logiciels malveillants nerbiens sur les systèmes Linux.

---

>The financially motivated threat actor Magnet Goblin is targeting one-day vulnerabilities to deploy Nerbian malware on Linux systems. ]]> 2024-03-11T11:50:56+00:00 https://www.securityweek.com/magnet-goblin-delivers-linux-malware-using-one-day-vulnerabilities/ www.secnews.physaphae.fr/article.php?IdArticle=8462095 False Malware,Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A financially motivated threat actor called Magnet Goblin is swiftly adopting one-day security vulnerabilities into its arsenal in order to opportunistically breach edge devices and public-facing services and deploy malware on compromised hosts. “Threat actor group Magnet Goblin\'s hallmark is its ability to swiftly leverage newly disclosed vulnerabilities, particularly targeting]]> 2024-03-11T11:29:00+00:00 https://thehackernews.com/2024/03/magnet-goblin-hacker-group-leveraging-1.html www.secnews.physaphae.fr/article.php?IdArticle=8461990 False Malware,Vulnerability,Threat None 2.0000000000000000 AhnLab - Korean Security Firm un malware MSIX déguisé en tant que installateur de notion est distribué.Le site Web de distribution ressemble à celui de la page d'accueil de la notion réelle.& # 160;L'utilisateur obtient un fichier nommé & # 8216; notion-x86.msix & # 8217;En cliquant sur le bouton de téléchargement.Ce fichier est un programme d'installation de l'application Windows et il est signé avec un certificat valide.& # 160;L'utilisateur obtient la fenêtre contextuelle suivante lors de l'exécution du fichier.En cliquant sur le bouton Installer, la notion est installée sur le PC et est infectée par des logiciels malveillants.& # 160;Lors de l'installation, ...

---

An MSIX malware disguised as the Notion installer is being distributed. The distribution website looks similar to that of the actual Notion homepage.   The user gets a file named ‘Notion-x86.msix’ upon clicking the download button. This file is Windows app installer, and it is signed with a valid certificate.   The user gets the following pop-up upon running the file. Upon clicking the Install button, Notion is installed on the PC and is infected with malware.   Upon installing,... ]]> 2024-03-11T00:17:09+00:00 https://asec.ahnlab.com/en/62815/ www.secnews.physaphae.fr/article.php?IdArticle=8461886 False Malware None 2.0000000000000000 Bleeping Computer - Magazine Américain Hackers are breaching WordPress sites by exploiting a vulnerability in outdated versions of the Popup Builder plugin, infecting over 3,300 websites with malicious code. [...]]]> 2024-03-10T11:38:34+00:00 https://www.bleepingcomputer.com/news/security/hackers-exploit-wordpress-plugin-flaw-to-infect-3-300-sites-with-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8461729 False Malware,Vulnerability,Threat None 2.0000000000000000 Bleeping Computer - Magazine Américain A financially motivated hacking group named Magnet Goblin uses various 1-day vulnerabilities to breach public-facing servers and deploy custom malware on Windows and Linux systems. [...]]]> 2024-03-09T10:08:16+00:00 https://www.bleepingcomputer.com/news/security/magnet-goblin-hackers-use-1-day-flaws-to-drop-custom-linux-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8461730 False Malware,Vulnerability None 3.0000000000000000 Team Cymru - Equipe de Threat Intelligence Cyber leaders need to take action or face the consequences Introduction Our recent blog aimed at security analysts has significant...]]> 2024-03-08T18:36:03+00:00 https://www.team-cymru.com/post/senior-stakeholder-explainer-for-octo-malware www.secnews.physaphae.fr/article.php?IdArticle=8460934 False Malware None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Description Check Point reports Magnet Goblin is a financially motivated threat actor that quickly adopts and leverages 1-day vulnerabilities in public-facing services as an initial infection vector. At least in one case of Ivanti Connect Secure VPN (CVE-2024-21887), the exploit entered the group\'s arsenal as fast as within 1 day after a POC for it was published. The group has targeted Ivanti, Magento, Qlink Sense, and possibly Apache ActiveMQ. Analysis of the actor\'s recent Ivanti Connect Secure VPN campaign revealed a novel Linux version of a malware called NerbianRAT, in addition to WARPWIRE, a JavaScript credential stealer. The actor\'s arsenal also includes MiniNerbian, a small Linux backdoor, and remote monitoring and management (RMM) tools for Windows like ScreenConnect and AnyDesk. #### Reference URL(s) 1. https://research.checkpoint.com/2024/magnet-goblin-targets-publicly-facing-servers-using-1-day-vulnerabilities/ #### Publication Date March 8, 2024 #### Author(s) Check Point ]]> 2024-03-08T17:30:16+00:00 https://community.riskiq.com/article/11616c16 www.secnews.physaphae.fr/article.php?IdArticle=8460926 False Malware,Tool,Vulnerability,Threat None 2.0000000000000000 Global Security Mag - Site de news francais rapports spéciaux / / affiche

---

Report der Sophos Security-Spezialisten Andreas Klopsch und Matt Wixey beschreibt, wie Cyberkriminelle mithilfe des altbekannten Terminator-Tools anfällige Treiber einschleusen. BYOVD (Bring Your Own Vulnerable Driver) stehen als EDR-Killer bei Bedrohungsakteuren nach wie vor hoch im Kurs. Ein Grund ist, dass hiermit ein Angriff auf Kernel-Ebene in Aussicht steht, was den Cyberkriminellen ein breites Spektrum an Handlungsmöglichkeiten einräumt – vom Verstecken von Malware über das Ausspähen von Anmeldedaten bis hin zum Versuch, die EDR-Lösungen zu deaktivieren. Die Sophos Security-Spezialisten Andreas Klopsch und Matt Wixey haben das Geschehen mit den Terminator-Tools während der letzten sechs Monate genau unter die Lupe genommen und im ausführlichen Report „It\'ll be back: Attackers still abusing Terminator tool and variants„ zusammengefasst. - Sonderberichte / affiche]]> 2024-03-08T15:02:05+00:00 https://www.globalsecuritymag.fr/hasta-la-vista-baby-das-terminator-tool-und-seine-varianten-haben-noch-lange.html www.secnews.physaphae.fr/article.php?IdArticle=8460847 False Malware,Tool None 2.0000000000000000 Checkpoint - Fabricant Materiel Securite Faits saillants de la clé: & # 8211;Exploitation rapide des vulnérabilités d'un jour: Menk Actor Group Magnet Gobblin & # 8217; S Gallmark est sa capacité à tirer rapidement parti des vulnérabilités nouvellement divulguées, en particulier ciblant les serveurs et les appareils Edge.Dans certains cas, le déploiement des exploits est dans un délai d'un jour après la publication d'un POC, augmentant considérablement le niveau de menace posé par cet acteur.& # 8211;Cyber Arsenal diversifié: le groupe utilise un ensemble sophistiqué d'outils, notamment Nerbianrat, un rat multiplateforme pour Windows et Linux, et Warpwire, un voleur d'identification JavaScript.Cette suite de logiciels malveillants diverse permet une large gamme de cyberattaques, du vol de données à un accès soutenu [& # 8230;]

---

>Key Highlights: – Rapid Exploitation of 1-Day Vulnerabilities: Threat actor group Magnet Goblin’s hallmark is its ability to swiftly leverage newly disclosed vulnerabilities, particularly targeting public-facing servers and edge devices. In some cases, the deployment of the exploits is within 1 day after a POC is published, significantly increasing the threat level posed by this actor. – Diverse Cyber Arsenal: The group employs a sophisticated set of tools including NerbianRAT, a cross-platform RAT for Windows and Linux, and WARPWIRE, a JavaScript credential stealer. This diverse malware suite enables a wide range of cyber attacks, from data theft to sustained access […] ]]> 2024-03-08T14:00:19+00:00 https://blog.checkpoint.com/research/check-point-research-alerts-financially-motivated-magnet-goblin-group-exploits-1-day-vulnerabilities-to-target-publicly-facing-servers/ www.secnews.physaphae.fr/article.php?IdArticle=8460850 False Malware,Tool,Vulnerability,Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Zscaler\'s ThreatLabz discovered malware spreading SpyNote RAT to Android and NjRAT/DCRat to Windows]]> 2024-03-07T17:00:00+00:00 https://www.infosecurity-magazine.com/news/rats-fake-skype-zoom-google-meet/ www.secnews.physaphae.fr/article.php?IdArticle=8460406 False Malware,Mobile None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors have been leveraging fake websites advertising popular video conferencing software such as Google Meet, Skype, and Zoom to deliver a variety of malware targeting both Android and Windows users since December 2023. “The threat actor is distributing Remote Access Trojans (RATs) including SpyNote RAT for Android platforms, and NjRAT and DCRat for Windows]]> 2024-03-07T11:41:00+00:00 https://thehackernews.com/2024/03/watch-out-for-spoofed-zoom-skype-google.html www.secnews.physaphae.fr/article.php?IdArticle=8460180 False Malware,Threat,Mobile None 2.0000000000000000 Security Intelligence - Site de news Américain Cet article a été rendu possible grâce aux contributions d'Itzhak Chimino, Michael Gal et Liran Tiebloom.Les extensions du navigateur sont devenues intégrales à notre expérience en ligne.Des outils de productivité aux modules complémentaires de divertissement, ces petits modules logiciels offrent des fonctionnalités personnalisées en fonction des préférences individuelles.Malheureusement, les extensions peuvent également s'avérer utiles aux acteurs malveillants.Capitaliser sur le [& # 8230;]

---

>This article was made possible thanks to contributions from Itzhak Chimino, Michael Gal and Liran Tiebloom. Browser extensions have become integral to our online experience. From productivity tools to entertainment add-ons, these small software modules offer customized features to suit individual preferences. Unfortunately, extensions can prove useful to malicious actors as well. Capitalizing on the […] ]]> 2024-03-07T11:00:00+00:00 https://securityintelligence.com/posts/fakext-targeting-latin-american-banks/ www.secnews.physaphae.fr/article.php?IdArticle=8465189 False Malware,Tool None 3.0000000000000000 The Register - Site journalistique Anglais Singaporean researchers note rising presence of ChatGPT creds in Infostealer malware logs Stolen ChatGPT credentials are a hot commodity on the dark web, according to Singapore-based threat intelligence firm Group-IB, which claims to have found some 225,000 stealer logs containing login details for the service last year.…]]> 2024-03-07T06:27:08+00:00 https://go.theregister.com/feed/www.theregister.com/2024/03/07/more_than_250000/ www.secnews.physaphae.fr/article.php?IdArticle=8460181 False Malware,Threat ChatGPT 3.0000000000000000 Dark Reading - Informationweek Branch "Spinning YARN" cyberattackers wielding a Linux webshell are positioning for broader cloud compromise by exploiting common misconfigurations and a known Atlassian Confluence bug.]]> 2024-03-06T22:36:53+00:00 https://www.darkreading.com/cloud-security/cloud-y-linux-malware-rains-apache-docker-redis-confluence www.secnews.physaphae.fr/article.php?IdArticle=8460038 False Malware,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are targeting misconfigured and vulnerable servers running Apache Hadoop YARN, Docker, Atlassian Confluence, and Redis services as part of an emerging malware campaign designed to deliver a cryptocurrency miner and spawn a reverse shell for persistent remote access. “The attackers leverage these tools to issue exploit code, taking advantage of common misconfigurations and]]> 2024-03-06T22:28:00+00:00 https://thehackernews.com/2024/03/hackers-exploit-misconfigured-yarn.html www.secnews.physaphae.fr/article.php?IdArticle=8459936 False Malware,Tool,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Description Cado Security Labs researchers have recently encountered an emerging malware campaign targeting misconfigured servers running web-facing services. The campaign utilises a number of unique and unreported payloads, including four Golang binaries, that serve as tools to automate the discovery and infection of hosts running the above services. The attackers leverage these tools to issue exploit code, taking advantage of common misconfigurations and exploiting an n-day vulnerability, to conduct Remote Code Execution (RCE) attacks and infect new hosts. Once initial access is achieved, a series of shell scripts and general Linux attack techniques are used to deliver a cryptocurrency miner, spawn a reverse shell and enable persistent access to the compromised hosts. #### Reference URL(s) 1. https://www.cadosecurity.com/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence/ #### Publication Date March 6, 2024 #### Author(s) Matt Muir ]]> 2024-03-06T21:12:22+00:00 https://community.riskiq.com/article/68797fe5 www.secnews.physaphae.fr/article.php?IdArticle=8460028 False Malware,Tool,Vulnerability,Threat None 3.0000000000000000 knowbe4 - cybersecurity services 2024-03-06T19:24:15+00:00 https://blog.knowbe4.com/day-old-domains-spikes-showing-malicious-activity www.secnews.physaphae.fr/article.php?IdArticle=8459978 False Malware None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Cado said the payloads facilitated RCE attacks by leveraging common misconfigurations and known vulnerabilities]]> 2024-03-06T16:15:00+00:00 https://www.infosecurity-magazine.com/news/linux-malware-targets-docker/ www.secnews.physaphae.fr/article.php?IdArticle=8459916 False Malware,Vulnerability None 2.0000000000000000 SecurityWeek - Security News Une nouvelle campagne de logiciels malveillants a été observée ciblant les instances d'apache Hadoop, Confluence, Docker et Redis. .

---

>A new malware campaign has been observed targeting misconfigured Apache Hadoop, Confluence, Docker, and Redis instances. ]]> 2024-03-06T15:50:14+00:00 https://www.securityweek.com/linux-malware-campaign-targets-misconfigured-cloud-servers/ www.secnews.physaphae.fr/article.php?IdArticle=8459917 False Malware,Cloud None 2.0000000000000000 Global Security Mag - Site de news francais mise à jour malveillant

---

Cado Security has today (Wed 6 March) disclosed an emerging Linux malware campaign, discovered by its Cado Security Labs researchers, which targets misconfigured servers running the web-facing services Apache Hadoop YARN, Docker, Confluence, and Redis. - Malware Update]]> 2024-03-06T14:45:32+00:00 https://www.globalsecuritymag.fr/new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence.html www.secnews.physaphae.fr/article.php?IdArticle=8459863 False Malware None 2.0000000000000000 HackRead - Chercher Cyber deeba ahmed Un autre jour, un autre logiciel malveillant Linux! Ceci est un article de HackRead.com Lire la publication originale: Nouvelle alerte de logiciels malveillants Linux: & # 8216; fil de rotation & # 8217;Hits Docker, d'autres applications clés

---

By Deeba Ahmed Another day, another Linux malware! This is a post from HackRead.com Read the original post: New Linux Malware Alert: ‘Spinning YARN’ Hits Docker, Other Key Apps]]> 2024-03-06T11:20:10+00:00 https://www.hackread.com/new-linux-malware-alert-spinning-yarn-docker-apps/ www.secnews.physaphae.fr/article.php?IdArticle=8459792 False Malware None 2.0000000000000000 Bleeping Computer - Magazine Américain Hackers are targeting misconfigured servers running Apache Hadoop YARN, Docker, Confluence, or Redis with new Golang-based malware that automates the discovery and compromise of the hosts. [...]]]> 2024-03-06T07:09:11+00:00 https://www.bleepingcomputer.com/news/security/hackers-target-docker-hadoop-redis-confluence-with-new-golang-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8459816 False Malware None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-03-06T01:05:06+00:00 https://community.riskiq.com/article/1fe95f7f www.secnews.physaphae.fr/article.php?IdArticle=8459610 False Ransomware,Spam,Malware,Tool,Threat,Legislation,Medical None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) North Korean threat actors have exploited the recently disclosed security flaws in ConnectWise ScreenConnect to deploy a new malware called TODDLERSHARK. According to a report shared by Kroll with The Hacker News, TODDLERSHARK overlaps with known Kimsuky malware such as BabyShark and ReconShark. “The threat actor gained access to the victim workstation by exploiting the exposed setup wizard]]> 2024-03-05T21:48:00+00:00 https://thehackernews.com/2024/03/hackers-exploit-connectwise.html www.secnews.physaphae.fr/article.php?IdArticle=8459407 False Malware,Threat None 2.0000000000000000 Recorded Future - FLux Recorded Future Les chercheurs en sécurité ont identifié de nouveaux logiciels malveillants visant à voler des références bancaires aux Brésiliens, alors que les cybercriminels continuent de cibler le secteur financier du pays.Un troie étiqueté Chavecloak se propage à travers un dossier PDF malveillant, et les victimes pourraient découvrir que leurs informations d'identification bancaire sont volées après l'infection, Rapport Analystes de la société de cybersécurité Fortinet.Les chevaux de Troie bancaires se présentent

---

Security researchers have identified new malware aimed at stealing banking credentials from Brazilians, as cybercriminals continue to target the country\'s financial sector. A trojan labeled CHAVECLOAK is spreading through a malicious PDF file, and victims might discover that their banking credentials are stolen after infection, report analysts at cybersecurity firm Fortinet. Banking trojans show up]]> 2024-03-05T20:02:44+00:00 https://therecord.media/banking-trojan-targeting-brazil-fortinet www.secnews.physaphae.fr/article.php?IdArticle=8459475 False Malware None 2.0000000000000000 Dark Reading - Informationweek Branch North Korea\'s latest espionage tool is tough to pin down, with random generators that throw detection mechanisms off its scent. The DPRK is using the recent critical bugs in ConnectWise ScreenConnect, a remote desktop tool, to deliver the bug.]]> 2024-03-05T19:46:08+00:00 https://www.darkreading.com/remote-workforce/north-korea-screenconnect-bugs-toddleshark-malware www.secnews.physaphae.fr/article.php?IdArticle=8459472 False Malware,Tool None 3.0000000000000000 Dark Reading - Informationweek Branch A newly developed PLC malware does not require physical access to target an ICS environment, is mostly platform neutral, and is more resilient than traditional malware aimed at critical infrastructure.]]> 2024-03-05T19:43:13+00:00 https://www.darkreading.com/ics-ot-security/improved-stuxnet-like-plc-malware-disrupt-critical-infrastructure www.secnews.physaphae.fr/article.php?IdArticle=8459473 False Malware,Industrial None 4.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-03-05T19:03:47+00:00 https://community.riskiq.com/article/ed40fbef www.secnews.physaphae.fr/article.php?IdArticle=8459485 False Ransomware,Malware,Tool,Vulnerability,Threat,Studies,Medical,Technical ChatGPT,APT 28,APT 4 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) More than 225,000 logs containing compromised OpenAI ChatGPT credentials were made available for sale on underground markets between January and October 2023, new findings from Group-IB show. These credentials were found within information stealer logs associated with LummaC2, Raccoon, and RedLine stealer malware. “The number of infected devices decreased slightly in mid- and late]]> 2024-03-05T16:08:00+00:00 https://thehackernews.com/2024/03/over-225000-compromised-chatgpt.html www.secnews.physaphae.fr/article.php?IdArticle=8459273 False Malware ChatGPT 3.0000000000000000 Bleeping Computer - Magazine Américain A new malware dubbed \'WogRAT\' targets both Windows and Linux in attacks abusing an online notepad platform named \'aNotepad\' as a covert channel for storing and retrieving malicious code. [...]]]> 2024-03-05T15:25:20+00:00 https://www.bleepingcomputer.com/news/security/new-wograt-malware-abuses-online-notepad-service-to-store-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8459499 False Malware None 2.0000000000000000 The State of Security - Magazine Américain In today\'s expanding cyber threat landscape, infiltrating a system goes beyond unauthorized access or malware installation. To achieve their ultimate objectives, cybercriminals need to maintain an undetected presence in the system or network to control or extract data according to their needs. Command and Control attacks, also known as C&C or C2 attacks, create a covert link between the compromised system and a C2 server. This backdoor connection allows prolonged access, enabling data theft, Distributed Denial of Service (DDoS) attacks, crypto-mining, or even total network compromise by threat...]]> 2024-03-05T06:11:30+00:00 https://www.tripwire.com/state-of-security/what-are-command-and-control-attacks www.secnews.physaphae.fr/article.php?IdArticle=8459300 False Malware,Threat None 3.0000000000000000 AhnLab - Korean Security Firm Ahnlab Security Intelligence Center (ASEC) a récemment découvert la distribution des logiciels malveillants de secours via Anotepad, un en ligne gratuit en lignePlateforme de blocs-notes.Ledit malware prend en charge à la fois le format PE qui cible le système Windows et le format ELF qui cible le système Linux.Comme l'acteur de menace a utilisé la chaîne & # 8216; wingofgod & # 8217;Pendant le développement des logiciels malveillants, il est classé comme Wograt.& # 160;1. Cas de distribution, il est supposé que le WOGRAT a été continu en continu dans les attaques depuis la fin 2022 jusqu'à ...

---

AhnLab Security intelligence Center (ASEC) has recently discovered the distribution of backdoor malware via aNotepad, a free online notepad platform. Said malware supports both the PE format that targets the Windows system and the ELF format that targets the Linux system. As the threat actor used the string ‘WingOfGod’ during the development of the malware, it is classified as WogRAT.   1. Distribution Cases It is assumed that the WogRAT has continuously been used in attacks since late 2022 until... ]]> 2024-03-05T01:14:24+00:00 https://asec.ahnlab.com/en/62446/ www.secnews.physaphae.fr/article.php?IdArticle=8459088 False Malware,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch 35 years after the Morris worm, we\'re still dealing with a version of the same issue: data overlapping with control.]]> 2024-03-04T22:51:02+00:00 https://www.darkreading.com/application-security/zero-click-genai-worm-malware-poisoning-models www.secnews.physaphae.fr/article.php?IdArticle=8459027 False Malware None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Description A new wave of SocGholish malware infections has been identified, targeting WordPress websites. The malware campaign leverages a JavaScript malware framework that has been in use since at least 2017. The malware attempts to trick unsuspecting users into downloading what is actually a Remote Access Trojan (RAT) onto their computers, which is often the first stage in a ransomware infection. The infected sites were compromised through hacked wp-admin administrator accounts. #### Reference URL(s) 1. https://blog.sucuri.net/2024/03/new-wave-of-socgholish-infections-impersonates-wordpress-plugins.html #### Publication Date March 1, 2024 #### Author(s) Ben Martin ]]> 2024-03-04T20:21:51+00:00 https://community.riskiq.com/article/0218512b www.secnews.physaphae.fr/article.php?IdArticle=8459000 False Ransomware,Malware None 2.0000000000000000 Bleeping Computer - Magazine Américain The North Korean APT hacking group Kimsuky is exploiting ScreenConnect flaws, particularly CVE-2024-1708 and CVE-2024-1709, to infect targets with a new malware variant dubbed ToddlerShark. [...]]]> 2024-03-04T17:14:28+00:00 https://www.bleepingcomputer.com/news/security/screenconnect-flaws-exploited-to-drop-new-toddlershark-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8459348 False Malware None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial Researchers from the Georgia Institute of Technology presented a novel approach to developing programmable logic controller (PLC) malware... ]]> 2024-03-04T13:52:31+00:00 https://industrialcyber.co/industrial-cyber-attacks/georgia-tech-researchers-warn-of-stuxnet-style-web-based-plc-malware-redefining-industrial-cybersecurity-threats/ www.secnews.physaphae.fr/article.php?IdArticle=8458845 False Malware,Industrial None 4.0000000000000000 TechRepublic - Security News US From malware response to cloud storage, every organization can benefit from a checklist to ensure effective and smooth operations.]]> 2024-03-04T11:46:32+00:00 https://www.techrepublic.com/article/75-tech-checklists-to-improve-efficiency/ www.secnews.physaphae.fr/article.php?IdArticle=8458804 False Malware,Cloud None 3.0000000000000000 SecurityWeek - Security News Les chercheurs démontrent que des attaques à distance de style Stuxnet sont possibles contre de nombreux API modernes en utilisant des logiciels malveillants en ligne.

---

>Researchers demonstrate that remote Stuxnet-style attacks are possible against many modern PLCs using web-based malware. ]]> 2024-03-04T11:43:47+00:00 https://www.securityweek.com/remote-stuxnet-style-attack-possible-with-web-based-plc-malware-researchers/ www.secnews.physaphae.fr/article.php?IdArticle=8458827 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) U.S. cybersecurity and intelligence agencies have warned of Phobos ransomware attacks targeting government and critical infrastructure entities, outlining the various tactics and techniques the threat actors have adopted to deploy the file-encrypting malware. “Structured as a ransomware as a service (RaaS) model, Phobos ransomware actors have targeted entities including municipal and]]> 2024-03-04T10:54:00+00:00 https://thehackernews.com/2024/03/phobos-ransomware-aggressively.html www.secnews.physaphae.fr/article.php?IdArticle=8458699 False Ransomware,Malware,Threat None 2.0000000000000000 ProofPoint - Cyber Firms 2024-03-04T06:00:36+00:00 https://www.proofpoint.com/us/blog/threat-insight/ta577s-unusual-attack-chain-leads-ntlm-data-theft www.secnews.physaphae.fr/article.php?IdArticle=8458761 False Ransomware,Malware,Tool,Vulnerability,Threat None 2.0000000000000000 Bleeping Computer - Magazine Américain Security researcher HaxRob discovered a previously unknown Linux backdoor named GTPDOOR, designed for covert operations within mobile carrier networks. [...]]]> 2024-03-03T10:16:08+00:00 https://www.bleepingcomputer.com/news/security/stealthy-gtpdoor-linux-malware-targets-mobile-operator-networks/ www.secnews.physaphae.fr/article.php?IdArticle=8458698 False Malware,Mobile None 2.0000000000000000 ProofPoint - Firm Security 2024-03-02T18:13:51+00:00 https://www.proofpoint.com/us/newsroom/news/research-saturday-podcast-return-malware-menace www.secnews.physaphae.fr/article.php?IdArticle=8461383 False Malware None 2.0000000000000000 TroyHunt - Blog Security Worms could potentially steal data and deploy malware.]]> 2024-03-02T11:47:08+00:00 https://arstechnica.com/?p=2007366 www.secnews.physaphae.fr/article.php?IdArticle=8457951 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered a new Linux variant of a remote access trojan (RAT) called BIFROSE (aka Bifrost) that uses a deceptive domain mimicking VMware. "This latest version of Bifrost aims to bypass security measures and compromise targeted systems," Palo Alto Networks Unit 42 researchers Anmol Maurya and Siddharth Sharma said. BIFROSE is one of the long-standing]]> 2024-03-01T16:26:00+00:00 https://thehackernews.com/2024/03/new-bifrose-linux-malware-variant-using.html www.secnews.physaphae.fr/article.php?IdArticle=8457480 False Malware None 2.0000000000000000 Bleeping Computer - Magazine Américain CISA ordered U.S. Federal Civilian Executive Branch (FCEB) agencies to secure their Windows systems against a high-severity vulnerability in the Microsoft Streaming Service (MSKSSRV.SYS) that\'s actively exploited in attacks. [...]]]> 2024-03-01T14:18:31+00:00 https://www.bleepingcomputer.com/news/security/cisa-warns-of-microsoft-streaming-bug-exploited-in-malware-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8457657 False Malware,Vulnerability None 2.0000000000000000 The Register - Site journalistique Anglais Cloned then compromised, bad repos are forked faster than they can be removed A malware distribution campaign that began last May with a handful of malicious software packages uploaded to the Python Package Index (PyPI) has spread to GitHub and expanded to reach at least 100,000 compromised repositories.…]]> 2024-03-01T00:45:11+00:00 https://go.theregister.com/feed/www.theregister.com/2024/03/01/github_automated_fork_campaign/ www.secnews.physaphae.fr/article.php?IdArticle=8457253 False Malware None 3.0000000000000000 Dark Reading - Informationweek Branch Threat actors using the malware have infected systems within government, healthcare, and other critical infrastructure organizations since at least 2019.]]> 2024-02-29T22:49:41+00:00 https://www.darkreading.com/cyberattacks-data-breaches/fbi-cisa-release-iocs-for-phobos-ransomware www.secnews.physaphae.fr/article.php?IdArticle=8457209 False Ransomware,Malware,Threat None 3.0000000000000000 HackRead - Chercher Cyber Par deeba ahmed ne confond pas l'application Xhelper avec le malware du malhelper, qui cible les appareils Android et est notoirement difficile à supprimer. Ceci est un article de HackRead.com Lire le post original: Android Money Transfer Xhelper App exposé comme réseau de blanchiment d'argent

---

>By Deeba Ahmed Don\'t confuse the XHelper app with the notorious XHelper malware, which targets Android devices and is notoriously difficult to remove. This is a post from HackRead.com Read the original post: Android Money Transfer XHelper App Exposed as Money Laundering Network]]> 2024-02-29T19:41:02+00:00 https://www.hackread.com/android-money-transfer-xhelper-money-laundering/ www.secnews.physaphae.fr/article.php?IdArticle=8457136 False Malware,Tool,Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat hunters have discovered a new Linux malware called GTPDOOR that\'s designed to be deployed in telecom networks that are adjacent to GPRS roaming exchanges (GRX) The malware is novel in the fact that it leverages the GPRS Tunnelling Protocol (GTP) for command-and-control (C2) communications. GPRS roaming allows subscribers to access their GPRS services while they are]]> 2024-02-29T17:03:00+00:00 https://thehackernews.com/2024/02/gtpdoor-linux-malware-targets-telecoms.html www.secnews.physaphae.fr/article.php?IdArticle=8456928 False Malware,Threat None 2.0000000000000000 Bleeping Computer - Magazine Américain A new Linux variant of the Bifrost remote access trojan (RAT) employs several novel evasion techniques, including the use of a deceptive domain that was made to appear as part of VMware. [...]]]> 2024-02-29T16:36:18+00:00 https://www.bleepingcomputer.com/news/security/new-bifrost-malware-for-linux-mimics-vmware-domain-for-evasion/ www.secnews.physaphae.fr/article.php?IdArticle=8457208 False Malware None 3.0000000000000000 The Register - Site journalistique Anglais Analysts warn of big leap in cred-harvesting malware activity last year There appears to be an uptick in interest among cybercriminals in infostealers – malware designed to swipe online account passwords, financial info, and other sensitive data from infected PCs – as a relatively cheap and easy way to get a foothold in organizations\' IT environments to deploy devastating ransomware.…]]> 2024-02-29T16:27:11+00:00 https://go.theregister.com/feed/www.theregister.com/2024/02/29/infostealers_increased_use/ www.secnews.physaphae.fr/article.php?IdArticle=8457061 False Ransomware,Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The notorious North Korean state-backed hacking group Lazarus uploaded four packages to the Python Package Index (PyPI) repository with the goal of infecting developer systems with malware. The packages, now taken down, are pycryptoenv, pycryptoconf, quasarlib, and swapmempool. They have been collectively downloaded 3,269 times, with pycryptoconf accounting for the most]]> 2024-02-29T13:47:00+00:00 https://thehackernews.com/2024/02/lazarus-exploits-typos-to-sneak-pypi.html www.secnews.physaphae.fr/article.php?IdArticle=8456854 False Malware APT 38 4.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The maker of the Mispadu Trojan started distributing a new infostealer with financial lures to Mexican users, Cisco Talos found]]> 2024-02-29T11:30:00+00:00 https://www.infosecurity-magazine.com/news/timbrestealer-malware-targets/ www.secnews.physaphae.fr/article.php?IdArticle=8456931 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) At least two different suspected China-linked cyber espionage clusters, tracked as UNC5325 and UNC3886, have been attributed to the exploitation of security flaws in Ivanti Connect Secure VPN appliances. UNC5325 abused CVE-2024-21893 to deliver a wide range of new malware called LITTLELAMB.WOOLTEA, PITSTOP, PITDOG, PITJET, and PITHOOK, as well as attempted to maintain]]> 2024-02-29T11:19:00+00:00 https://thehackernews.com/2024/02/chinese-hackers-exploiting-ivanti-vpn.html www.secnews.physaphae.fr/article.php?IdArticle=8456812 False Malware None 3.0000000000000000 The Register - Site journalistique Anglais Tried to speed boot times, maybe by messing with \'Windows source code\', ended up building a viral on-ramp Chinese PC maker Acemagic has admitted some of its products shipped with pre-installed malware.…]]> 2024-02-29T04:46:11+00:00 https://go.theregister.com/feed/www.theregister.com/2024/02/29/acemagic_chinese_pc_malware_infection/ www.secnews.physaphae.fr/article.php?IdArticle=8456770 False Malware None 4.0000000000000000 Recorded Future - FLux Recorded Future Une campagne de cyber-espionnage en cours qui utilise des logiciels malveillants uniques contre les industries de l'aérospatiale, de l'aviation et de la défense au Moyen-Orient semble avoir des liens avec l'Iran, selon des chercheurs en sécurité.L'opération cible des entités en Israël et aux Émirats arabes unis (EAU) - et potentiellement en Turquie, en Inde et en Albanie - selon les analystes de mandiant , le

---

An ongoing cyber-espionage campaign that uses unique malware against the aerospace, aviation and defense industries in the Middle East appears to have links to Iran, security researchers say. The operation is targeting entities in Israel and the United Arab Emirates (UAE) - and potentially Turkey, India and Albania - according to analysts at Mandiant, the]]> 2024-02-28T20:29:56+00:00 https://therecord.media/iran-cyber-espionage-campaign-targeting-middle-east-defense-aerospace www.secnews.physaphae.fr/article.php?IdArticle=8456609 False Malware None 2.0000000000000000 knowbe4 - cybersecurity services a PHIGHISH La campagne vise des utilisateurs au Mexique avec des leurres sur le thème des impôts, selon les chercheurs de Cisco Talos. Les e-mails de phishing disent que les utilisateurs vers un site Web qui tentent de les inciter à télécharger une nouvelle souche de logiciels malveillants de volée d'informations appelés «Timbrester».

---

A phishing campaign is targeting users in Mexico with tax-themed lures, according to researchers at Cisco Talos. The phishing emails direct users to a website that attempts to trick them into downloading a new strain of information-stealing malware called “TimbreStealer.”]]> 2024-02-28T19:25:59+00:00 https://blog.knowbe4.com/phishing-campaign-targets-mexican-taxpayers www.secnews.physaphae.fr/article.php?IdArticle=8456587 False Malware None 2.0000000000000000 knowbe4 - cybersecurity services ]]> 2024-02-28T19:25:55+00:00 https://blog.knowbe4.com/game-changer-biometric-stealing-malware www.secnews.physaphae.fr/article.php?IdArticle=8456588 False Malware None 2.0000000000000000 Dark Reading - Informationweek Branch A targeted attack aiming to exploit geopolitical relations between India and Europe delivers previously undocumented, uniquely evasive backdoor malware.]]> 2024-02-28T18:07:30+00:00 https://www.darkreading.com/cyberattacks-data-breaches/cyberattackers-lure-eu-diplomats-wine-tasting-offers www.secnews.physaphae.fr/article.php?IdArticle=8456566 False Malware,Threat None 4.0000000000000000 Krebs on Security - Chercheur Américain Malicious hackers are targeting people in the cryptocurrency space in attacks that start with a link added to the target\'s account at Calendly, a popular free calendar application for scheduling appointments and meetings. The attackers impersonate established cryptocurrency investors and ask to schedule a video conference call. But clicking the meeting link provided by the scammers prompts the user to run a script that quietly installs malware on macOS systems.]]> 2024-02-28T16:56:43+00:00 https://krebsonsecurity.com/2024/02/calendar-meeting-links-used-to-spread-mac-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8456533 False Malware,Conference None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Mexican users have been targeted with tax-themed phishing lures at least since November 2023 to distribute a previously undocumented Windows malware called TimbreStealer. Cisco Talos, which discovered the activity, described the authors as skilled and that the "threat actor has previously used similar tactics, techniques and procedures (TTPs) to distribute a banking trojan known]]> 2024-02-28T13:13:00+00:00 https://thehackernews.com/2024/02/timbrestealer-malware-spreading-via-tax.html www.secnews.physaphae.fr/article.php?IdArticle=8456319 False Malware None 2.0000000000000000 SecurityWeek - Security News Les acteurs de la menace chinoise ciblent les appareils VPN Ivanti avec de nouveaux logiciels malveillants conçus pour persister des mises à niveau du système.

---

>Chinese threat actors target Ivanti VPN appliances with new malware designed to persist system upgrades. ]]> 2024-02-28T12:21:28+00:00 https://www.securityweek.com/chinese-cyberspies-use-new-malware-in-ivanti-vpn-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8456415 False Malware,Threat None 3.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain settled its years-long lawsuit over whether orLes assureurs de propriété et de victimes ne couvriraient pas une réclamation de 700 millions de dollars déposée après la dévastatrice NotPetya Cyberattack en 2017. Les logiciels malveillants ont finalement infecté plus de 40 000 ordinateurs de Merck, ce qui a considérablement perturbé l'entreprise & # 8217; s Production de médicaments et de vaccins .Après que Merck a déposé sa réclamation de 700 millions de dollars, les assureurs du géant pharmaceutique ont fait valoir qu'ils n'étaient pas tenus de couvrir les dommages du malware parce que la cyberattaque était largement attribuée au gouvernement russe et a donc été exclue des biens standard et des pertes standardCouverture d'assurance en tant que A & # 8220; acte hostile ou guerrier. & # 8221; ...

---

In the first week of January, the pharmaceutical giant Merck quietly settled its years-long lawsuit over whether or not its property and casualty insurers would cover a $700 million claim filed after the devastating NotPetya cyberattack in 2017. The malware ultimately infected more than 40,000 of Merck’s computers, which significantly disrupted the company’s drug and vaccine production. After Merck filed its $700 million claim, the pharmaceutical giant’s insurers argued that they were not required to cover the malware’s damage because the cyberattack was widely attributed to the Russian government and therefore was excluded from standard property and casualty insurance coverage as a “hostile or warlike act.”...]]> 2024-02-28T12:02:58+00:00 https://www.schneier.com/blog/archives/2024/02/a-cyber-insurance-backstop.html www.secnews.physaphae.fr/article.php?IdArticle=8456389 False Malware None 2.0000000000000000 Securonix - Siem Securonix Threat Research has been monitoring a trend known as batch (DOS) fuscation or DOSfuscation where an increased number of malware samples use obfuscated code contained within batch or DOS-based scripts. This trend was likely brought about when Microsoft made the decision to disable macro execution in Office products by default. Since then, there has been a rise in shortcut-based (.lnk file) execution coming from archived email attachments. Naturally, CMD obfuscation is the natural path as any passed in command line into a shortcut file will likely be primarily executed using cmd.exe as the initial process]]> 2024-02-28T10:30:36+00:00 https://www.securonix.com/blog/securonix-threat-research-knowledge-sharing-series-batch-obfuscation/ www.secnews.physaphae.fr/article.php?IdArticle=8456508 False Malware,Threat,Prediction None 3.0000000000000000