This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-06-01T03:12:22+00:00 www.secnews.physaphae.fr TrendLabs Security - Editeur Antivirus 2023-01-26T00:00:00+00:00 https://www.trendmicro.com/en_us/research/23/a/new-mimic-ransomware-abuses-everything-apis-for-its-encryption-p.html www.secnews.physaphae.fr/article.php?IdArticle=8304192 False Ransomware,Tool,Prediction None 2.0000000000000000 CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2023-01-25T11:06:00+00:00 https://www.csoonline.com/article/3686468/attackers-move-away-from-office-macros-to-lnk-files-for-malware-delivery.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8304034 False Malware,Prediction None 1.00000000000000000000 knowbe4 - cybersecurity services KnowBe4's latest reports on top-clicked phishing email subjects have been released for 2022 and Q4 2022. We analyze 'in the wild' attacks reported via our Phish Alert Button, top subjects globally clicked on in phishing tests, top attack vector types, and holiday email phishing subjects.]]> 2023-01-24T18:14:53+00:00 https://blog.knowbe4.com/2022-report-confirms-business-related-phishing-emails-trend-infographic www.secnews.physaphae.fr/article.php?IdArticle=8303771 True Prediction None 5.0000000000000000 TrendLabs Security - Editeur Antivirus 2023-01-24T00:00:00+00:00 https://www.trendmicro.com/en_us/research/23/a/vice-society-ransomware-group-targets-manufacturing-companies.html www.secnews.physaphae.fr/article.php?IdArticle=8303640 False Ransomware,Prediction None 2.0000000000000000 CVE Liste - Common Vulnerability Exposure 2023-01-20T07:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48191 www.secnews.physaphae.fr/article.php?IdArticle=8302798 False Vulnerability,Prediction None None Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique Our most recent Cloud and Threat Report highlighted how threat actors abuse cloud services (with a special focus on cloud storage apps) to deliver malicious content (and yes, OneDrive leads the chart of the most exploited apps). To confirm that this trend will likely continue in 2023, researchers at Trend Micro have discovered an active […] ]]> 2023-01-19T19:57:37+00:00 https://www.netskope.com/blog/cloud-threats-memo-threat-actors-continue-to-abuse-cloud-services-to-deliver-malware-in-2023 www.secnews.physaphae.fr/article.php?IdArticle=8302634 False Malware,Threat,Guideline,Prediction None 3.0000000000000000 Resecurity - cyber risk firms 2023-01-19T17:00:00+00:00 https://www.resecurity.com/blog/article/cybersecurity-predictions-2023 www.secnews.physaphae.fr/article.php?IdArticle=8416134 False Prediction None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2023-01-18T22:54:00+00:00 https://thehackernews.com/2023/01/earth-bogle-campaign-unleashes-njrat.html www.secnews.physaphae.fr/article.php?IdArticle=8302300 False Threat,Prediction None 2.0000000000000000 Dark Reading - Informationweek Branch 2023-01-18T18:10:00+00:00 https://www.darkreading.com/remote-workforce/knowbe4-2022-phishing-test-report-confirms-business-related-emails-trend www.secnews.physaphae.fr/article.php?IdArticle=8302327 False Prediction None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine 2023-01-17T16:00:00+00:00 https://www.infosecurity-magazine.com/news/earth-bogle-targets-middle-east/ www.secnews.physaphae.fr/article.php?IdArticle=8301879 False Prediction None 3.0000000000000000 CSO - CSO Daily Dashboard a new report. "However, if ports are shared with the public (that is, without authentication or authentication context), attackers can abuse this feature to host malicious content such as scripts and malware samples."To read this article in full, please click here]]> 2023-01-17T13:53:00+00:00 https://www.csoonline.com/article/3685419/how-attackers-might-use-github-codespaces-to-hide-malware-delivery.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8301964 False Malware,Prediction None 1.00000000000000000000 SecurityWeek - Security News 2023-01-17T13:09:56+00:00 https://www.securityweek.com/attackers-can-abuse-github-codespaces-malware-delivery www.secnews.physaphae.fr/article.php?IdArticle=8301845 False Malware,Prediction None 1.00000000000000000000 Dark Reading - Informationweek Branch 2023-01-13T20:00:00+00:00 https://www.darkreading.com/threat-intelligence/malware-standard-android-tv-box-amazon www.secnews.physaphae.fr/article.php?IdArticle=8300962 False Malware,Prediction None 4.0000000000000000 Dark Reading - Informationweek Branch 2023-01-12T21:17:00+00:00 https://www.darkreading.com/attacks-breaches/darktrace-publishes-2022-cyberattack-trend-data-for-energy-healthcare-retail-sectors-globally www.secnews.physaphae.fr/article.php?IdArticle=8300663 False Prediction None 4.0000000000000000 ProjectZero - Blog de recherche Google XMPP, an instant messaging protocol based on XML. More specifically, my research focused on how subtle quirks in XML parsing can be used to undermine the security of such applications. (If you are interested in learning more about that research, I did a talk on it at Black Hat USA 2022. The slides and the recording can be found here and here). At some point, when a part of my research was published, people pointed out other examples (unrelated to XMPP) where quirks in XML parsing led to security vulnerabilities. One of those examples was a vulnerability dubbed Psychic Paper, a really neat vulnerability in the way Apple operating system checks what entitlements an application has. Entitlements are one of the core security concepts of Apple’s operating systems. As Apple’s documentation explains, “An entitlement is a right or privilege that grants an executable particular capabilities.” For example, an application on an Apple operating system can’t debug another application without possessing proper entitlements, even if those two applications run as the same user. Even applications running as root can’t perform all actions (such as accessing some of the kernel APIs) without appropriate entitlements. Psychic Paper was a vulnerability in the way entitlements were checked. Entitlements were stored inside the application’s signature blob in the XML format, so naturally the operating system needed to parse those at some point using an XML parser. The problem was that the OS didn’t have a single parser for this, but rather a staggering four parsers that were used in different places in the operating system. One parser was used for the initial check that the application only has permitted entitlements, and a different parser was later used when checking whether the application has an entitlement to perform a specific action. ]]> 2023-01-12T08:59:29+00:00 https://googleprojectzero.blogspot.com/2023/01/der-entitlements-brief-return-of.html www.secnews.physaphae.fr/article.php?IdArticle=8300585 False Vulnerability,Guideline,Prediction None 3.0000000000000000 CSO - CSO Daily Dashboard ESG research.First the numbers: 53% of organizations will increase IT spending in 2023, 30% say IT spending will remain flat in 2023, and 18% forecast a decrease in IT spending. As for cybersecurity, 65% of organizations plan to increase cybersecurity spending in 2023.These numbers mean that some organizations with flat or decreasing IT budgets will still increase spending on cybersecurity. This trend is further supported by the fact that 40% of survey respondents claim that improving cybersecurity is the most important justification for IT investments in 2023. This research was conducted in late 2022 when respondents were well aware of the economic headwinds and built appropriate assumptions into their budget planning.To read this article in full, please click here]]> 2023-01-12T02:00:00+00:00 https://www.csoonline.com/article/3685049/cybersecurity-spending-and-economic-headwinds-in-2023.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8300492 False Prediction None 2.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain are seeing ChatGPT-written malware in the wild. …within a few weeks of ChatGPT going live, participants in cybercrime forums—­some with little or no coding experience­—were using it to write software and emails that could be used for espionage, ransomware, malicious spam, and other malicious tasks. “It's still too early to decide whether or not ChatGPT capabilities will become the new favorite tool for participants in the Dark Web,” company researchers wrote. “However, the cybercriminal community has already shown significant interest and are jumping into this latest trend to generate malicious code.”...]]> 2023-01-10T12:18:55+00:00 https://www.schneier.com/blog/archives/2023/01/chatgpt-written-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8299521 False Malware,Tool,Prediction ChatGPT 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2023-01-06T19:16:00+00:00 https://thehackernews.com/2023/01/dridex-malware-now-attacking-macos.html www.secnews.physaphae.fr/article.php?IdArticle=8298545 False Malware,Prediction None 3.0000000000000000 Global Security Mag - Site de news francais Business]]> 2023-01-06T10:23:00+00:00 https://www.globalsecuritymag.fr/Trend-Micro-cree-CTOne-une-entite-dediee-a-la-securite-de-la-5G.html www.secnews.physaphae.fr/article.php?IdArticle=8298499 False Prediction None 1.00000000000000000000 Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique Right now, I see a great opportunity in the cybersecurity industry to help customers as they navigate through security transformation. I don't come from a traditional security background; I'm what we might call a “networking guy.” But about two and a half years ago, in my previous role at Dell, I started noticing a trend […] ]]> 2023-01-05T16:35:50+00:00 https://www.netskope.com/blog/im-a-technology-leader-who-sees-opportunities-for-accelerating-security-transformation-through-networking-and-infrastructure-heres-why-i-joined-netskope www.secnews.physaphae.fr/article.php?IdArticle=8298231 False Prediction None 1.00000000000000000000 Dark Reading - Informationweek Branch 2023-01-05T14:37:00+00:00 https://www.darkreading.com/vulnerabilities-threats/trend-micro-announces-new-subsidiary-for-5g-cybersecurity www.secnews.physaphae.fr/article.php?IdArticle=8298191 False Prediction None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC ransomware virus? Take a deep breath and try to remain composed. It can be easy to panic or become overwhelmed in the face of an attack, but it is vital to remain calm and focused in order to make the best decisions for your organization. The initial actions to take in the event of a ransomware attack Disconnect the affected devices from the network as soon as possible. This can help to prevent the ransomware from spreading to other computers or devices. Determine what data has been affected and assess the extent of the damage. Determine the specific type of ransomware virus that has infected your devices to understand how this malware operates and what steps you need to take to remove it. It is important to notify all employees about the ransomware attack and instruct them not to click on any suspicious links or open any suspicious attachments. Consider reporting the attack. This can help to increase awareness of the attack and may also help to prevent future attacks. Please note that in some regions, business owners are required by law to report an attack. Do not rush into a decision. Take the time to carefully evaluate your options and the potential consequences of each of them before deciding whether to pay the ransom or explore other solutions. Paying the ransom is not the only option. Consider exploring other solutions, such as restoring your data from backups. If you do not have backups, cybersecurity experts may be able to help you recover your data since many ransomware strains were decrypted and keys are publicly available. Strategies cybercrooks employ to obtain funds from victims swiftly Cyber extortionists use various tactics beyond just encrypting data. They also use post-exploitation blackmail methods to coerce victims into paying them. Very often, cybercriminals use several extortion tactics simultaneously. Some examples of these tactics include: Steal and disclose Cyber extortionists not only encrypt victims' data but also often steal it. If the ransom is not paid, the stolen files may be made publicly available on special leak websites, which can cause severe damage to the victim's reputation and make them more likely to give in to the attackers' demands. Destroy keys if a negotiation company intervenes Some ransomware authors have threatened to delete the private keys necessary for decrypting victims' data if they seek the help of a professional third party to negotiate on their behalf.  Launch a DDoS attack Ransomware attackers often threaten to flood the victim's website with a large volume of traffic in an effort to put it down and intimidate the targeted company into paying the ransom faster. Cause printers to behave abnormally Some hackers were able to take control of the printers and print ransom notes directly in front of partners and customers. This provides a high level of visibility for the attack, as it is difficult for people to ignore the ransom notes being printed. Use Facebook ads for malicious purposes Criminals have been known to use advertising to gain attention for their attacks. In one ins]]> 2023-01-05T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/the-dos-and-donts-of-ransomware-negotiations www.secnews.physaphae.fr/article.php?IdArticle=8298078 False Ransomware,Malware,Threat,Prediction None 3.0000000000000000 Anomali - Firm Blog 2023-01-05T05:50:00+00:00 https://www.anomali.com/blog/focusing-on-your-adversary www.secnews.physaphae.fr/article.php?IdArticle=8298031 False Ransomware,Malware,Tool,Vulnerability,Threat,Industrial,Prediction None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC one cybersecurity awareness training guide puts it: “if businesses are to thrive in the Fourth Industrial Revolution, security needs to be not only top of mind, but a fluent language.” Some of the most pressing reasons for cybersecurity training are detailed below.  1. Compliance with regulations There are many areas of business operations which are governed by legal or regulatory oversight to protect against various risks inherent to digital activities. These include HIPAA, which outlines rules regarding private health information, PCI SSC, which seeks to strengthen payment account security, and GDPR, which regulates general data privacy. Complying with these regulations is necessary for several reasons, although the dominant motivator for compliance is that the organizations can and will impose fines on businesses that fail to meet standards. It has often been said that a business is only as strong as its weakest link, and nowhere is this truer than in the world of data security. Any one employee can be a liability when it comes to the practices that an enterprise puts in place to protect consumer data as well as their own. When compliance is mandated and the threat of fines is looming, companies must ensure that all of their employees are properly trained and informed on the regulations in place. 2. Protecting enterprise assets Aside from wanting to avoid fines, however, businesses should still attempt to meet these regulatory standards for their own good. While meeting the bare minimum of compliance standards will keep a company out of hot water with regulatory boards, it will not necessarily protect the company itself. According to one report from IBM, the average cost of a data breach is 4.35 million USD. Ensuring that employees are trained in cybersecurity awareness greatly decreases the risk of a data breach occurring, as well as ensuring that employees know how to respond in the event that there is an attack targeting the company’s data.  3. Protecting consumer data Ostensibly protected by the aforementioned regulatory standards, consumer data is still at a huge risk of being obtained, stolen, or leveraged by cybercriminals. An attack that only targets a company’s internal data is dangerous to the company, but an attack that targets consumer data can have far-reaching consequences that affect thousands or millions of people. The responsibility for password complexity and variation, device and website privacy settings, and the amount of data shared can be at least partially placed upon the consumer’s shoulders. But the company must have its own measures in place as well to protect against attacks on customer data.  Thorough and effective cybersecurity awareness training will reduce the chances of employee error l]]> 2023-01-03T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/five-reasons-why-cybersecurity-training-is-important-in-2023 www.secnews.physaphae.fr/article.php?IdArticle=8297413 False Data Breach,Threat,Guideline,Industrial,Prediction None 3.0000000000000000 TrendLabs Security - Editeur Antivirus 2022-12-26T00:00:00+00:00 https://www.trendmicro.com/en_us/research/22/l/cisos-challenges-business-leader-soc.html www.secnews.physaphae.fr/article.php?IdArticle=8294833 False Industrial,Prediction None 2.0000000000000000 CVE Liste - Common Vulnerability Exposure 2022-12-24T00:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-45798 www.secnews.physaphae.fr/article.php?IdArticle=8294390 False Vulnerability,Prediction None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-12-21T17:53:00+00:00 https://thehackernews.com/2022/12/raspberry-robin-worm-strikes-again.html www.secnews.physaphae.fr/article.php?IdArticle=8293367 True Prediction None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-12-21T17:07:00+00:00 https://thehackernews.com/2022/12/the-rise-of-rookie-hacker-new-trend-to.html www.secnews.physaphae.fr/article.php?IdArticle=8293368 False Threat,Prediction None 2.0000000000000000 InformationSecurityBuzzNews - Site de News Securite 2022-12-21T11:41:48+00:00 https://informationsecuritybuzz.com/malicious-pypi-package-posing-sentinelone-sdk-hack-trend/ www.secnews.physaphae.fr/article.php?IdArticle=8293358 False Hack,Studies,Prediction None 1.00000000000000000000 Anomali - Firm Blog 2022-12-21T05:11:00+00:00 https://www.anomali.com/blog/2023-anomali-predictions-new-risks-to-put-added-pressure-on-enterprise-defenders www.secnews.physaphae.fr/article.php?IdArticle=8293292 False Malware,Threat,Prediction None 3.0000000000000000 The Register - Site journalistique Anglais 2022-12-21T00:08:12+00:00 https://go.theregister.com/feed/www.theregister.com/2022/12/21/microsoft_talos_excel_xll_threats/ www.secnews.physaphae.fr/article.php?IdArticle=8293251 False Prediction None 3.0000000000000000 TrendLabs Security - Editeur Antivirus 2022-12-21T00:00:00+00:00 https://www.trendmicro.com/en_us/research/22/l/detecting-windows-amsi-bypass-techniques.html www.secnews.physaphae.fr/article.php?IdArticle=8293330 False Prediction None 3.0000000000000000 Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence APT5: Citrix ADC Threat Hunting Guidance (published: December 13, 2022) On December 13, 2022, the US National Security Agency published a report on the ongoing exploitation of Citrix products. Citrix confirmed that this critical remote code execution vulnerability (CVE-2022-27518, CTX474995) affects Citrix Application Delivery Controller™ (Citrix ADC) and Citrix Gateway versions: 12.1 and 13.0 before 13.0-58.32. Active exploitation of the CVE-2022-27518 zero-day was attributed to China-sponsored APT5 (Keyhole Panda, Manganese, UNC2630) and its custom Tricklancer malware. Analyst Comment: All customers using the affected builds are urged to install the current build or upgrade to the newest version (13.1 or newer) immediately. Anomali Platform has YARA signatures for the Tricklancer malware, network defenders are encouraged to follow additional NSA hunting suggestions (LINK). Check md5 hashes for key executables of the Citrix ADC appliance. Analyze your off-device logs: look for gaps and mismatches in logs, unauthorized modification of user permissions, unauthorized modifications to the crontab, and other known signs of APT5’s activities. MITRE ATT&CK: [MITRE ATT&CK] Exploit Public-Facing Application - T1190 Tags: actor:APT5, actor:UNC2630, actor:Manganese, actor:Keyhole Panda, CVE-2022-27518, CTX474995, Citrix ADC, Citrix Gateway, Zero-day, China, source-country:CN Linux Cryptocurrency Mining Attacks Enhanced via CHAOS RAT (published: December 12, 2022) In November 2022, a new cryptojacking campaign was detected by Trend Micro researchers. Unlike previously-recorded campaigns that aim at installing a cryptomining software, this one is utilizing a remote access trojan (RAT): a Linux-targeting version of the open-source Chaos RAT. This Go-based RAT is multi-functional and has the ability to download additional files, run a reverse shell, and take screenshots. Analyst Comment: Implement timely patching and updating to your systems. Monitor for a sudden increase in resource utilization, track open ports, and check the usage of and changes made to DNS routing. MITRE ATT&CK: [MITRE ATT&CK] External Remote Services - T1133 | [MITRE ATT&CK] Network Service Scanning - T1046 | [MITRE ATT&CK] Command and Scripting Interpreter - T1059 | [MITRE ATT&CK] Scheduled Task - T1053 | [MITRE ATT&CK] Screen Capture - T1113 | [MITRE ATT&CK] Remote Access Tools - T12]]> 2022-12-20T20:46:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-apt5-exploited-citrix-zero-days-azov-data-wiper-features-advanced-anti-analysis-techniques-inception-apt-targets-russia-controlled-territories-and-more www.secnews.physaphae.fr/article.php?IdArticle=8295338 False Malware,Tool,Vulnerability,Threat,Patching,Prediction APT 5 3.0000000000000000 Silicon - Site de News Francais 2022-12-20T13:42:02+00:00 https://www.silicon.fr/codex-chatgpt-openai-usine-cyberattaques-455284.html www.secnews.physaphae.fr/article.php?IdArticle=8293063 False Prediction ChatGPT 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine 2022-12-19T16:10:00+00:00 https://www.infosecurity-magazine.com/news/ransomware-groups-increase-zeroday/ www.secnews.physaphae.fr/article.php?IdArticle=8292820 False Ransomware,Prediction None 3.0000000000000000 Global Security Mag - Site de news francais Malwares]]> 2022-12-19T09:11:19+00:00 https://www.globalsecuritymag.fr/Trend-Micro-analyse-les-nouveaux-modes-operatoires-des-cybercriminels-notamment.html www.secnews.physaphae.fr/article.php?IdArticle=8292700 False Ransomware,Prediction None 1.00000000000000000000 Global Security Mag - Site de news francais Points de Vue]]> 2022-12-19T08:53:50+00:00 https://www.globalsecuritymag.fr/Keeper-Security-devoile-ses-predictions-pour-l-annee-2023.html www.secnews.physaphae.fr/article.php?IdArticle=8292691 True Prediction None 2.0000000000000000 TrendMicro - Security Firm Blog 2022-12-19T00:00:00+00:00 https://www.trendmicro.com/en_us/ciso/22/l/cyber-security-posture-2023-predictions.html www.secnews.physaphae.fr/article.php?IdArticle=8292662 False Prediction None 2.0000000000000000 CyberArk - Software Vendor 2022-12-16T14:00:35+00:00 https://www.cyberark.com/blog/2023-cybersecurity-trends-were-tracking/ www.secnews.physaphae.fr/article.php?IdArticle=8292010 False Prediction None 3.0000000000000000 Data Security Breach - Site de news Francais 2022-12-16T11:29:25+00:00 https://www.datasecuritybreach.fr/nouvelle-cyber-attaques/ www.secnews.physaphae.fr/article.php?IdArticle=8291938 False Prediction None 3.0000000000000000 Global Security Mag - Site de news francais Investigations]]> 2022-12-16T10:02:02+00:00 https://www.globalsecuritymag.fr/Risques-cyber-Trend-Micro-identifie-les-nouvelles-formes-d-attaques-visant-les.html www.secnews.physaphae.fr/article.php?IdArticle=8291919 False Prediction None 1.00000000000000000000 TrendLabs Security - Editeur Antivirus 2022-12-16T00:00:00+00:00 https://www.trendmicro.com/en_us/research/22/l/google-play-malware-scanning-prevent-malicious-apps.html www.secnews.physaphae.fr/article.php?IdArticle=8293287 False Prediction None 3.0000000000000000 GoogleSec - Firm Security Blog launched in 2019 with a mission to protect Android users from bad apps through shared intelligence and coordinated detection between alliance partners. Earlier this year, the App Defense Alliance expanded to include new initiatives outside of malware detection and is now the home for several industry-led collaborations including Malware Mitigation, MASA (Mobile App Security Assessment) & CASA (Cloud App Security Assessment). With a new dedicated landing page at appdefensealliance.dev, the ADA has an expanded mission to protect Android users by removing threats while improving app quality across the ecosystem. Let's walk through some of the latest program updates from the past year, including the addition of new ADA members. Malware MitigationTogether, with the founding ADA members - Google, ESET, Lookout, and Zimperium, the alliance has been able to reduce the risk of app-based malware and better protect Android users. These partners have access to mobile apps as they are being submitted to the Google Play Store and scan thousands of apps daily, acting as another, vital set of eyes prior to an app going live on Play. Knowledge sharing and industry collaboration are important aspects in securing the world from attacks and that's why we're continuing to invest in the program. New ADA MembersWe're excited to see the ADA expand with the additions of McAfee and Trend Micro. Both McAfee and Trend Micro are leaders in the antivirus space and we look forward to their contributions to the program. Mobile App Security Assessment (MASA)With consumers spending four to five hours per day in mobile apps, ensuring the safety of these services is more important than ever. According to Data.ai, the pandemic accelerated existing mobile habits - with app categories like finance growing 25% YoY and users spending over 100 billion hours in shopping apps. That's why the ADA introduced MASA (Mobile App Security Assessment), which allows developers to have their apps independently validated against the Mobile Application Security Verification Standard (MASVS standard) under the OWASP Mobile Application Security project. The project's mission is to “Define the industry standard for mobile application security,” and has been used by both public and private sector organizations as a form of industry best practices when it comes to mobile application security. Developers can work directly with an ADA Authorized Lab to have their apps evaluated against a set of MASVS L1 requirements. Once successful, the app's validation is listed in the recently launched App Validation Directory, which provides users a single place to view all app validations. The Directory also allows users to access more assessment details including validation date, test lab, and a report showing all test steps and requirements. The Directory will be updated over time with new features and search functionality to make it more user friendly. The Google Play Store is the first commercial app store to recognize and display a badge for any app that has completed an independent security review through ADA MASA. The badge is displayed within an app's respective ]]> 2022-12-15T20:51:24+00:00 http://security.googleblog.com/2022/12/app-defense-alliance-expansion.html www.secnews.physaphae.fr/article.php?IdArticle=8294655 False Malware,Guideline,Prediction Uber 2.0000000000000000 Dark Reading - Informationweek Branch 2022-12-15T16:20:20+00:00 https://www.darkreading.com/vulnerabilities-threats/blackmailing-moneymonger-malware-hides-flutter-mobile-apps www.secnews.physaphae.fr/article.php?IdArticle=8296246 False Malware,Threat,Prediction None 3.0000000000000000 IT Security Guru - Blog Sécurité 2022-12-15T15:00:45+00:00 https://www.itsecurityguru.org/2022/12/15/miwic2022-camilla-currin-trend-micro/?utm_source=rss&utm_medium=rss&utm_campaign=miwic2022-camilla-currin-trend-micro www.secnews.physaphae.fr/article.php?IdArticle=8291586 True Prediction None 1.00000000000000000000 Global Security Mag - Site de news francais Points de Vue]]> 2022-12-15T13:48:43+00:00 https://www.globalsecuritymag.fr/Les-predictions-de-BeyondTrust-pour-la-cybersecurite-en-2023.html www.secnews.physaphae.fr/article.php?IdArticle=8291565 False Prediction None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC dark data is generated by users' daily online interactions between several devices and systems. Dark data might seem like a scary term, but it isn't, though it poses some risks. Since its percentage of data is rising more quickly than organizational data, business organizations are getting concerned about it. Hence, to grasp what dark data is and what issues it signifies, it's essential to understand it from a broader perspective. What Is dark data? Dark data is the type of organizational data whose value is not identified; hence, it can be crucial business data or useless data. A research report published by BigID reveals that 84% of organizations are seriously concerned about dark data. This data consists of the additional information collected and stored during daily business activities. But perhaps to your surprise, the organization may be unaware of the dark data and typically doesn't use it. Dark data tends to be unstructured data that contains sensitive and unclassified information. The research report further reveals that eight out of ten organizations consider unstructured data the most critical to handle and secure. Dark data can be classified as follows: Emails, images, audio, video, and social media posts. Application trials including API caches and encryption keys such as VPN or SSH support. Data stored in overlooked virtual images activated or installed in local or cloud infrastructure. Forgotten unstructured data created on various database engines a long time ago. Customers and the company's employees own data on the desktop and mobile devices. The hidden data file in a file system can be in the form of old pictures, scanned documents, pdf forms, notes on MS Word documents, and signed files. Dark data might seem benign, but it holds most of the organization's information. Thus, it can pose significant security risks if it falls into the wrong hands, like leaking a company's sensitive data and damaging its industry reputation. This is particularly alarming for organisations that do not use a reliable VPN or any other security tools to ensure data privacy and safety. How can you utilize dark data to help your business? Dark data seems challenging to handle and involves lengthy manual processes, but companies need to automate these processes. Technological advancements such as the use of AI have made it easier for companies to explore and process unstructured data. Another important use of dark data is its role in boosting AI-powered solutions. As more and more data exists, the information that AI can analyse to produce even deeper insights. Alongside Artificial Intelligence, you can also use Machine Learning technology to discover untapped and unused data and insights. These insights might help organizations make more informed decisions regarding incoming data. Also, it guides them toward taking practical steps in response to their data. Implementing AI and ML systems needs internal structural changes for businesses, costing organizations a great deal of time and money. H]]> 2022-12-15T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/dark-data-what-is-it-how-can-you-best-utilize-it www.secnews.physaphae.fr/article.php?IdArticle=8291507 False Data Breach,Threat,Guideline,Prediction None 3.0000000000000000 TrendLabs Security - Editeur Antivirus 2022-12-15T00:00:00+00:00 https://www.trendmicro.com/en_us/research/22/l/app-defense-alliance.html www.secnews.physaphae.fr/article.php?IdArticle=8291799 False Prediction None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine 2022-12-13T10:10:00+00:00 https://www.infosecurity-magazine.com/news/aussie-data-breaches-surge-489-q4/ www.secnews.physaphae.fr/article.php?IdArticle=8290659 False Prediction None 2.0000000000000000 Global Security Mag - Site de news francais Opinion]]> 2022-12-13T09:33:52+00:00 https://www.globalsecuritymag.fr/Key-risk-trends-for-directors-and-officers-in-2023-potential-recession-cyber.html www.secnews.physaphae.fr/article.php?IdArticle=8290642 False Prediction None 2.0000000000000000 TrendLabs Security - Editeur Antivirus 2022-12-13T00:00:00+00:00 https://www.trendmicro.com/en_us/research/22/l/forging-ahead-in-2023--insights-from-trend-micro-s-2023-security.html www.secnews.physaphae.fr/article.php?IdArticle=8290690 False Prediction None 2.0000000000000000 Global Security Mag - Site de news francais Sonderberichte / Prognosen 2023, Sonderberichte, cybersecurite_home_gauche]]> 2022-12-12T19:58:19+00:00 https://www.globalsecuritymag.fr/Cybersecurity-Trends-2023-Uberdenken-der-Datensicherheit-und-sicherer.html www.secnews.physaphae.fr/article.php?IdArticle=8290456 False Prediction None 1.00000000000000000000 CyberSecurityVentures - cybersecurity services What you need to know about the trillion-dollar cyber economy over the next 5 years – Steve Morgan, Editor-in-Chief Northport, N.Y. – Dec. 10, 2022 Cybercrime Magazine extrapolates the top 10 market data points from our research in order to summarize the cybersecurity industry through ]]> 2022-12-12T18:14:23+00:00 https://cybersecurityventures.com/stats/ www.secnews.physaphae.fr/article.php?IdArticle=8290448 False Prediction None 2.0000000000000000 Global Security Mag - Site de news francais Points de Vue]]> 2022-12-12T08:29:23+00:00 https://www.globalsecuritymag.fr/Norton-Labs-devoile-ses-predictions-en-matiere-de-cybersecurite-pour-2023.html www.secnews.physaphae.fr/article.php?IdArticle=8290218 False Prediction None 2.0000000000000000 Mandiant - Blog Sécu de Mandiant doivent toujours être prêts à être prêts à être prêts à être prêts à être prêts à être prêts à être prêts à être prêts à contenir un compromis inattendu.Dans le domaine de la cybersécurité, il est impossible de prédire ce que nous vivons jour après jour.Cependant, cela ne signifie pas que nous ne pouvons pas être prêts pour les menaces qui comptent le plus.Les organisations peuvent toujours améliorer leur préparation et leur préparation, et une partie de cela implique d'explorer les tendances que nous commençons à voir maintenant, nous sommes donc prêts pour eux l'année à venir. Pour nous aider à éliminer une partie du brouillard entourant 2023, nous nous sommes tournés vers des dirigeants et des experts mandiants.Nous avons déjà entendu

---

Defenders must always be ready for the unexpected-everything from chasing down an alert to containing a compromise. In the cyber security realm, it\'s impossible to predict what we will experience day after day. However, that doesn\'t mean we cannot be ready for the threats that matter most. Organizations can always improve their preparedness and readiness, and part of that involves exploring the trends we are starting to see now so we are ready for them in the year ahead. To help us clear up some of the fog surrounding 2023, we turned to Mandiant leaders and experts. We already heard from]]> 2022-11-02T08:00:00+00:00 https://www.mandiant.com/resources/blog/cyber-security-forecast-2023-predictions www.secnews.physaphae.fr/article.php?IdArticle=8377410 False Prediction None 3.0000000000000000 Kovrr - cyber risk management platform 2022-10-25T00:00:00+00:00 https://www.kovrr.com/reports/importance-of-insurance-validated-risk-models-to-quantify-cyber-risk www.secnews.physaphae.fr/article.php?IdArticle=8393597 False Ransomware,Prediction None 3.0000000000000000 Dark Reading - Informationweek Branch 2022-09-09T16:48:02+00:00 https://www.darkreading.com/vulnerabilities-threats/us-sanctions-iran-apt-cyberattack-activity www.secnews.physaphae.fr/article.php?IdArticle=6807446 False Prediction APT 39 None Kovrr - cyber risk management platform 2bn] US corporations. By looking at the rate at which data breach events have been reported so far this year, we predict that the number of events reported is expected to be15-20% of the number of breaches reported in 2021‍Possible causes:Increased reporting delays: But the time to report has shown a decreasing trend over the last 4 yearsGenuine improvement in cyber defenses preventing data exfiltration Reduction in reporting requirements, or public disclosure preventionIn this analysis we look at all the reported cyber events which involve data exfiltration (data breach), allocated to the year in which the event started. Comparing the number of events reported at each point during the year then gives us an indication for the rate which can be compared between years.The data and populationThe data collected represents public reports of data breaches from US companies with an annual revenue above $2bn (Excluding public services).The data used includes breach events reported up to end of Q2 2022It is this area where the cyber reporting requirements are highest, there is a high level of data available. It is important to note that this will not be all events which occur, only those disclosed, but by looking for changes in the behavior we can look at the potential causes.Overall Breach CountAs of the end of Q2 2022, we have seen 18 breach reports of events occurring in 2022 compared to the 160 cyber events reported from 2021, and 292 from 2020. While we are only 50% through 2022, the number of events reported so far from the first half is 25% of the 2021 total reported at the same point through 2021. To fully compare 2022 against prior years we need to take into account a number of factors:Events not yet reported: some events have occurred but have not yet been reported either because they have not yet been discovered, or because the have been discovered but not publicly disclosedEvents not yet occurred: events which have yet to occur, in the second half of 2022 (and have not yet been reported)‍‍‍How the year unfoldsTo explore how 2022 is emerging, we can look at the rate at which events are being reported. That is to show not just the total report to date, but how the total number of events reported in a year has emerged from the start of the year. To do this we plot the cumulative number of events reported vs the number of days from the start of each incident year.What we see is an indication of how many incidents have been reported from each year have been reported after the same number of days. A steep curve indicates a greater number of incidents reported per month.** Note that the event counts are lower because we do not have exact disclosure dates for all events.‍‍From the chart we can see that the number of reported cyber incidents after 6 months (180 days) of experience is low for 2022 compared with all other years since 2015. This leads us to believe that 2022 is on track to have a very low number of overall incidents reported.There could be a few explanations for thisReporting Delay: The time taken to report incidents has increased in 2022, and there will be a correction in the later part of the yearCybersecurity Investment: The overall number of incidents reported will be lower due to improvements in security postureRegulatory Action: the overall number of incidents reported will be lower due to changes in how the events are reported (or required to be reported)‍Reporting DelayTo consider if the low reported number of events in 2022 is being driven by an increase in a delay between a cyber event starting and it being reported, we have looked at the trend over the last 10 yearsThe chart below shows the trend over the last 10 years.‍‍‍There has been a steady reduction in median reporting delay from 204 days in 2017 to 63 days ]]> 2022-07-28T00:00:00+00:00 https://www.kovrr.com/reports/2022-seems-to-be-on-target-for-the-lowest-year-of-reported-breaches-by-large-us-corporations www.secnews.physaphae.fr/article.php?IdArticle=8393598 False Data Breach,Prediction,Cloud None 3.0000000000000000 SentinelOne (SecIntel) - Cyber Firms A new typosquatting attack against the PyPI repository targets enterprise Macs with a distinctive obfuscation method.]]> 2022-05-25T16:54:12+00:00 https://www.sentinelone.com/labs/use-of-obfuscated-beacons-in-pymafka-supply-chain-attack-signals-a-new-trend-in-macos-attack-ttps/ www.secnews.physaphae.fr/article.php?IdArticle=8388356 False Prediction None 3.0000000000000000 Kovrr - cyber risk management platform 2022-01-19T00:00:00+00:00 https://www.kovrr.com/reports/what-emerging-cybersecurity-trends-should-enterprises-be-aware-of www.secnews.physaphae.fr/article.php?IdArticle=8393600 False Ransomware,Tool,Threat,Prediction,Cloud None 3.0000000000000000 Mandiant - Blog Sécu de Mandiant Cyber risk can be a big blindspot for organizations. Fortunately, Boards and senior leaders are more engaged than ever before and working to develop a better understanding of how cyber risk is being managed within their organizations. More dialogue with executive management around cyber risk and the impacts proactive and reactive measures have on an organization\'s risk profile is a great trend to see. Cyber security teams-often in the background-take on the overwhelming tasks of supporting day-to-day operations while constantly being prepared for attackers in their environment. Balancing]]> 2022-01-13T11:00:00+00:00 https://www.mandiant.com/resources/blog/cyber-risk-journey-one www.secnews.physaphae.fr/article.php?IdArticle=8377511 False Prediction None 3.0000000000000000 Kovrr - cyber risk management platform 2021-12-20T00:00:00+00:00 https://www.kovrr.com/reports/7-reports-that-can-help-you-understand-the-cyber-insurance-landscape www.secnews.physaphae.fr/article.php?IdArticle=8393601 False Ransomware,Tool,Threat,Prediction None 3.0000000000000000 Kovrr - cyber risk management platform 2021-10-19T00:00:00+00:00 https://www.kovrr.com/reports/a-sneak-peak-into-kovrrs-data-sources www.secnews.physaphae.fr/article.php?IdArticle=8393602 False Ransomware,Malware,Vulnerability,Threat,Prediction,Medical None 3.0000000000000000 Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Russian Cyberattacks Pose Greater Risk to Governments and Other Insights from Our Annual Report (published: October 7, 2021) Approximately 58% of all nation-state attacks observed by Microsoft between July 2020 and June 2021 have been attributed to the Russian-sponsored threat groups, specifically to Cozy Bear (APT29, Nobelium) associated with the Russian Foreign Intelligence Service (SVR). The United States, Ukraine, and the UK were the top three targeted by them. Russian Advanced Persistent Threat (APT) actors increased their effectiveness from a 21% successful compromise rate to a 32% rate comparing year to year. They achieve it by starting an attack with supply-chain compromise, utilizing effective tools such as web shells, and increasing their skills with the cloud environment targeting. Russian APTs are increasingly targeting government agencies for intelligence gathering, which jumped from 3% of their targets a year ago to 53% – largely agencies involved in foreign policy, national security, or defense. Following Russia by the number of APT cyberattacks were North Korea (23%), Iran (11%), and China (8%). Analyst Comment: As the collection of intrusions for potential disruption operations via critical infrastructure attacks became too risky for Russia, it refocused back to gaining access to and harvesting intelligence. The scale and growing effectiveness of the cyberespionage requires a defence-in-depth approach and tools such as Anomali Match that provide real-time forensics capability to identify potential breaches and known actor attributions. MITRE ATT&CK: [MITRE ATT&CK] Supply Chain Compromise - T1195 | [MITRE ATT&CK] Server Software Component - T1505 | [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] Brute Force - T1110 Tags: Fancy Bear, APT28, APT29, The Dukes, Strontium, Nobelium, Energetic Bear, Cozy Bear, Government, APT, Russia, SVR, China, North Korea, USA, UK, Ukraine, Iran Ransomware in the CIS (published: October 7, 2021) Many prominent ransomware groups have members located in Russia and the Commonwealth of Independent States (CIS) - and they avoid targeting this region. Still, businesses in the CIS are under the risk of being targeted by dozens of lesser-known ransomware groups. Researchers from Kaspersky Labs have published a report detailing nine business-oriented ransomware trojans that were most active in the CIS in the first half of 2021. These ransomware families are BigBobRoss (TheDMR), Cryakl (CryLock), CryptConsole, Crysis (Dharma), Fonix (XINOF), Limbozar (VoidCrypt), Phobos (Eking), Thanos (Hakbit), and XMRLocker. The oldest, Cryakl, has been around since April 2014, and the newest, XMRLocker, was first detected in August 2020. Most of them were mainly distributed via the cracking of Remote Deskto]]> 2021-10-12T17:41:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-aerospace-and-telecoms-targeted-by-iranian-malkamak-group-cozy-bear-refocuses-on-cyberespionage-wicked-panda-is-traced-by-malleable-c2-profiles-and-more www.secnews.physaphae.fr/article.php?IdArticle=3505382 False Ransomware,Malware,Tool,Threat,Guideline,Prediction APT 29,APT 29,APT 39,APT 28,APT 41,APT 41 None Kovrr - cyber risk management platform 2021-09-12T00:00:00+00:00 https://www.kovrr.com/reports/regulations-ransomware-a-quick-overview www.secnews.physaphae.fr/article.php?IdArticle=8393604 False Ransomware,Data Breach,Malware,Vulnerability,Prediction,Medical None 3.0000000000000000 Security Through Education - Security Through Education 2021-05-10T06:00:29+00:00 https://www.social-engineer.org/podcast/ep-145-baking-a-human-behavior-cake-with-jack-schafer/?utm_source=rss&utm_medium=rss&utm_campaign=ep-145-baking-a-human-behavior-cake-with-jack-schafer www.secnews.physaphae.fr/article.php?IdArticle=2759817 False Prediction APT 39 None SkullSecurity - Blog Sécu Hangman Battle Royale challenge from BSides San Francisco 2021. This is actually a reasonable simple challenge, overall. I got the idea of using a bad mt19937 implementation (the Mersenne Twister PRNG used by Ruby and Python) from SANS Holiday Hack Challenge 2020 (which is still online if you want to play!), and wanted to build a challenge around it. I had the idea of Battleship originally, but ended up deciding on Hangman for reasons I no longer remember, but that I'm sure made sense at the time. The game When you run the game, it prompts for the number of rounds: $ ruby ./hangman.rb Welcome to Hangman Battle Royale! ================================ MAIN MENU ================================ How many rounds do you want to play? (2 - 16) If you play at least 8 rounds, you win the special prize! When you choose a round count, it picks a bunch of CPU names to build brackets: ================================ ROUND 1! ================================ This game's match-ups are: Meirina Tresvalles -vs- Gelbert Chhangte Kebede Boehmer -vs- Karthic Cassity Mairtin Piedrahita -vs- Winston Pawlowski Brendaliz Lumbang -vs- Josipa Perlow Unusual Ballenger -vs- Carmellia Agregado Jinnie Khalif -vs- Jeegar Madela Vjeran Saltarelli -vs- Rachella Newfield And finally... YOU -vs- Patience Saravana! The vulnerability The actual code powering the list of players uses Ruby's built-in PRNG, which uses a predictable Mersenne Twister to generate random numbers. I don't love how the name-choosing code was a little bit contrived, but it can leak enough state to predict future random numbers: def get_opponents(count) return 0.upto(count-1).map do || i = rand(0xFFFFFFFF) "#{ FIRST_NAMES[i & 0xFFFF] } #{ LAST_NAMES[i >> 16] }" end end Each pair of names is a single 32-bit integer from the Mersenne Twister PRNG. It turns out, if you can leak 624 32-bit outputs, you can recover the full state! That means if you play at least 10 rounds, you end up with 210-1 names, or 1023 32-bit numbers (because you're the 1024th player). Once you've gotten the state of the PRNG, you can predict everything else that's going to happen! The exploit My exploit is super quick and dirty. It can parse the output from the game and grab the seed using mt19937predict: predictor = MT19937Predictor() for _ in range(511): (a, b) = read_names(i) predictor.setrandbits(a, 32) predictor.setrandbits(b, 32) (and yes, this is probably the first time I've ever written a Python solution!) Then does a final validation on your opponent's name to make sure the solution is working: (_, actual) = read_names(i) first_actual = FIRST_NAMES[actual & 0x0000FFFF] last_actual = LAST_NAMES[actual >> 16] final_name_actual = "%s %s" % (first_actual, last_actual) print("Validating...") print(" -> Final name (predicted):", final_name_predicted) print(" -> Final name (actual): ", final_name_actual) assert(final_name_predicted == final_name_actual) And prints out the 10 words that will be chosen: for i in range(10, 0, -1): word = predictor.getrandbits(32) print("Round %d: %s" % (10 - i + 1, WORDS[word & 0xFFFF])) # Waste RNG cycles for _ in range(1, (2**i) >> 1): predictor.getrandbits(64) To use it, I just connect to the game and tee the outpu]]> 2021-03-16T16:32:50+00:00 https://www.skullsecurity.org/2021/bsidessf-ctf-2021-author-writeup-hangman-battle-royale-where-you-defeat-1023-ai-players www.secnews.physaphae.fr/article.php?IdArticle=8300184 False Hack,Prediction None 4.0000000000000000 Kovrr - cyber risk management platform 2021-02-02T00:00:00+00:00 https://www.kovrr.com/reports/key-drivers-of-rise-of-ransomware-in-2020-ransomware-as-a-service-and-double-extortion www.secnews.physaphae.fr/article.php?IdArticle=8393608 True Ransomware,Data Breach,Tool,Vulnerability,Threat,Prediction None 3.0000000000000000 ZD Net - Magazine Info 2020-09-17T23:41:21+00:00 https://www.zdnet.com/article/us-sanctions-iranian-government-front-company-hiding-major-hacking-operations/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1923902 False Prediction APT 39 None Dark Reading - Informationweek Branch 2020-09-17T17:10:00+00:00 https://www.darkreading.com/vulnerabilities---threats/iranian-hackers-indicted-for-stealing-aerospace-and-satellite-tracking-data/d/d-id/1338950?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple www.secnews.physaphae.fr/article.php?IdArticle=1923785 False Malware,Prediction APT 39 None Checkpoint - Fabricant Materiel Securite 2020-07-24T13:00:18+00:00 https://blog.checkpoint.com/2020/07/24/check-point-cloudguard-connect-protects-microsoft-azure-branch-office-internet-connections-from-cyber-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=1823010 False Prediction APT 39 None Checkpoint - Fabricant Materiel Securite 2020-07-17T10:00:58+00:00 https://blog.checkpoint.com/2020/07/17/check-point-iot-protect-uses-automation-and-threat-intelligence-to-prevent-the-most-advanced-iot-cyber-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=1809424 False Threat,Prediction APT 39 None Security Affairs - Blog Secu 2020-05-21T11:49:49+00:00 https://securityaffairs.co/wordpress/103556/apt/chafer-apt-kuwait-saudi-arabia.html?utm_source=rss&utm_medium=rss&utm_campaign=chafer-apt-kuwait-saudi-arabia www.secnews.physaphae.fr/article.php?IdArticle=1722957 False Prediction APT 39 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2020-05-21T01:11:42+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/2m27rfRz1GU/iran-hackers-kuwait.html www.secnews.physaphae.fr/article.php?IdArticle=1722583 False Threat,Prediction APT 39 None Checkpoint - Fabricant Materiel Securite 2020-05-20T13:00:40+00:00 https://blog.checkpoint.com/2020/05/20/check-point-and-citrix-securing-the-sd-wan-edge-with-multi-layered-security/ www.secnews.physaphae.fr/article.php?IdArticle=1720622 False Prediction APT 39 None Kovrr - cyber risk management platform 2020-03-31T00:00:00+00:00 https://www.kovrr.com/reports/cyber-risk-from-peril-to-product www.secnews.physaphae.fr/article.php?IdArticle=8393611 False Tool,Vulnerability,Threat,Prediction None 3.0000000000000000 Mandiant - Blog Sécu de Mandiant Mandiant Threat Intelligence produit une gamme de rapports pour abonnement Les clients qui se concentrent sur différents indicateurs pour prédire les menaces futures

---

There has only been a small number of broadly documented cyber attacks targeting operational technologies (OT) / industrial control systems (ICS) over the last decade. While fewer attacks is clearly a good thing, the lack of an adequate sample size to determine risk thresholds can make it difficult for defenders to understand the threat environment, prioritize security efforts, and justify resource allocation. To address this problem, FireEye Mandiant Threat Intelligence produces a range of reports for subscription customers that focus on different indicators to predict future threats]]> 2020-03-23T07:00:00+00:00 https://www.mandiant.com/resources/blog/monitoring-ics-cyber-operation-tools-and-software-exploit-modules www.secnews.physaphae.fr/article.php?IdArticle=8377654 False Tool,Threat,Industrial,Prediction None 4.0000000000000000 Kovrr - cyber risk management platform 2020-03-22T00:00:00+00:00 https://www.kovrr.com/reports/how-industrial-iot-could-trigger-the-next-cyber-catastrophe-2 www.secnews.physaphae.fr/article.php?IdArticle=8393613 False Ransomware,Vulnerability,Threat,Industrial,Prediction None 4.0000000000000000 Checkpoint - Fabricant Materiel Securite 2019-12-06T13:00:09+00:00 https://blog.checkpoint.com/2019/12/06/protect-your-network-edge-with-vmware-sd-wan-and-check-point-security/ www.secnews.physaphae.fr/article.php?IdArticle=1493486 False Prediction APT 39 None Checkpoint - Fabricant Materiel Securite 2019-11-05T19:13:49+00:00 https://blog.checkpoint.com/2019/11/05/check-point-protects-branch-office-microsoft-azure-internet-connections-and-saas-applications-from-cyber-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=1447715 False Prediction APT 39 None Checkpoint - Fabricant Materiel Securite 2019-10-01T15:00:44+00:00 https://blog.checkpoint.com/2019/10/01/check-point-and-vmware-partner-to-secure-branch-office-sd-wan-connections-to-the-cloud/ www.secnews.physaphae.fr/article.php?IdArticle=1373689 False Prediction APT 39 None Checkpoint - Fabricant Materiel Securite 2019-09-05T13:00:43+00:00 https://blog.checkpoint.com/2019/09/05/transforming-branch-security-with-top-rated-threat-prevention-cloud-services-integrated-with-vmware-and-silver-peak-sd-wan/ www.secnews.physaphae.fr/article.php?IdArticle=1324402 True Prediction APT 39 None Checkpoint - Fabricant Materiel Securite 2019-09-05T13:00:04+00:00 https://blog.checkpoint.com/2019/09/05/transforming-branch-security-with-top-rated-threat-prevention-cloud-services-integrated-with-vmware-and-silver-peak-sd-wan/ www.secnews.physaphae.fr/article.php?IdArticle=1307543 False Threat,Prediction APT 39 None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC A Beginner's Guide to Test Automation | Sticky Minds All roads lead to exploratory testing When I’m faced with something to test – be it a feature in a software application or a collection of features in a release, my general preference is weighted strongly towards exploratory testing. When someone who doesn’t know a great deal about testing wants me or my team to do testing for them, I would love to educate them on why exploratory testing could be a strong part of the test strategy. All roads lead to exploratory testing | Womentesters While on the topic of testing Testing Behaviours — Writing A Good Gherkin Script | Medium, Jo Mahadevan Single-page, server-side, static… say what? An emoji-filled learning journey about the trade-offs of different website architectures, complete with gifs, diagrams, and demo apps. If you’ve been hanging around the internet, trying to build websites and apps, you may have heard some words in conversation like static site or server-side rendered (SSR) or single-page app (SPA). But what do all of these words mean? How does each type of application architecture differ? What are the tradeoffs of each approach and which one should you use when building your website? Single-Page, Server-Side, Static… say what? | Marie Chatfield If, like me you enjoyed this post by Marie, check out some of her other posts which are great. Quick plug to Protocol-andia: Welcome to the Networking Neighborhood. A whimsical introduction to how computers talk to each other, and what exactly your requests are up to. Strengthen your security posture: start with a cybersecurity framework The 2017 Equifax data breach is expected to break all previous records for data breach costs, with Larry Ponemon, chairman of the Ponemon Institute, estimating the final cost to be more than $600 million. Even non-enterprise-level organizations suffer severe consequences for data breaches. According to the National Cyber Security Alliance, mid-market companies pay more than $1 million in post-attack mitigation, and the average cost of a data breach to an SMB is $117,000 per incident. While estimates vary, approximately 60% of businesses who suffer a breach are forced to shut down business within 6 months. It is mor]]> 2019-04-12T13:00:00+00:00 https://feeds.feedblitz.com/~/600760182/0/alienvault-blogs~Things-I-hearted-this-week-th-April www.secnews.physaphae.fr/article.php?IdArticle=1093204 False Guideline,Prediction APT 39,Equifax None Checkpoint - Fabricant Materiel Securite 2019-04-11T13:00:03+00:00 http://blog.checkpoint.com/2019/04/11/protect-your-business-by-managing-network-security-from-the-palm-of-your-hand/ www.secnews.physaphae.fr/article.php?IdArticle=1094014 False Data Breach,Prediction APT 39 None Security Affairs - Blog Secu 2019-03-05T21:23:03+00:00 https://securityaffairs.co/wordpress/82004/breaking-news/chafer-apt-python-backdoor.html www.secnews.physaphae.fr/article.php?IdArticle=1055754 False Malware,Prediction APT 39 None SecurityWeek - Security News 2019-03-05T15:30:05+00:00 https://www.securityweek.com/iran-linked-hackers-use-python-based-backdoor-recent-attacks www.secnews.physaphae.fr/article.php?IdArticle=1055433 False Threat,Prediction APT 39 None Security Affairs - Blog Secu 2019-01-30T08:58:00+00:00 https://securityaffairs.co/wordpress/80450/apt/iran-apt39-cyberespionage.html www.secnews.physaphae.fr/article.php?IdArticle=1014677 False Prediction APT 39 None Data Security Breach - Site de news Francais Chafer : un groupe de cyber attaquants basé en Iran est apparu en premier sur Data Security Breach. ]]> 2018-03-08T21:11:01+00:00 https://www.datasecuritybreach.fr/chafer-pirate-iran/ www.secnews.physaphae.fr/article.php?IdArticle=501522 False Prediction APT 39 None SecurityWeek - Security News 2018-03-01T19:06:00+00:00 http://feedproxy.google.com/~r/Securityweek/~3/w2BE-2JMstA/iran-linked-chafer-group-expands-toolset-targets-list www.secnews.physaphae.fr/article.php?IdArticle=494010 False Prediction APT 39 None The Security Ledger - Blog Sécurité Read the whole entry...  _!fbztxtlnk!_ https://feeds.feedblitz.com/~/529622610/0/thesecurityledger -->»]]> 2018-03-01T15:32:02+00:00 https://feeds.feedblitz.com/~/529622610/0/thesecurityledger~Iran-Taps-Chafer-APT-Group-amid-Civil-Aviation-Crisis/ www.secnews.physaphae.fr/article.php?IdArticle=494091 False Prediction APT 39 None Mandiant - Blog Sécu de Mandiant Figure 1: Distribution de l'amplitude EK comme le montre en mars 2017 Cette tendance s'est poursuivie jusqu'à la fin de septembre 2017, lorsque nous avons vu la magnitude EK se concentrer principalement sur la région de l'APAC, avec une grande partie ciblant la Corée du Sud.Activité EK de l'amplitude est ensuite tombée

---

Exploit kit (EK) use has been on the decline since late 2016; however, certain activity remains consistent. The Magnitude Exploit Kit is one such example that continues to affect users, particularly in the APAC region. In Figure 1, which is based on data gathered in March 2017, we can see the regions affected by Magnitude EK activity during the last three months of 2016 and the first three months of 2017. Figure 1: Magnitude EK distribution as seen in March 2017This trend continued until late September 2017, when we saw Magnitude EK focus primarily on the APAC region, with a large chunk targeting South Korea. Magnitude EK activity then fell off]]> 2017-10-19T09:00:00+00:00 https://www.mandiant.com/resources/blog/magniber-ransomware-infects-only-the-right-people www.secnews.physaphae.fr/article.php?IdArticle=8377363 False Ransomware,Prediction None 3.0000000000000000 Mandiant - Blog Sécu de Mandiant Why Embedded Hacking? Devices that are connected to the Internet or run a full operating system are becoming more and more prevalent in today\'s society. From devices for locomotives to wireless light switches, the Internet of Things (IoT) trend is on the rise and here to stay. This has the potential to make our lives much easier; however, the increasing sentience of once analog devices also enables adversaries to target them and potentially misuse them. With the ubiquity of these Internet-connected devices, there is a surplus of “Things” to exploit. The main intent of this blog post is]]> 2016-08-22T07:00:00+00:00 https://www.mandiant.com/resources/blog/embedded-hardwareha www.secnews.physaphae.fr/article.php?IdArticle=8377793 False Prediction,Technical None 4.0000000000000000