This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-06-30T22:11:56+00:00 www.secnews.physaphae.fr Bleeping Computer - Magazine Américain 2022-08-30T18:08:01+00:00 https://www.bleepingcomputer.com/news/security/hackers-hide-malware-in-james-webb-telescope-images/ www.secnews.physaphae.fr/article.php?IdArticle=6634027 False Malware,Threat None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-08-30T18:00:00+00:00 https://thehackernews.com/2022/08/hands-on-review-stellar-cyber-security.html www.secnews.physaphae.fr/article.php?IdArticle=6625807 False Threat None None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence LastPass Hackers Stole Source Code (published: August 26, 2022) In August 2022, an unidentified threat actor gained access to portions of the password management giant LastPass development environment. LastPass informed that it happened through a single compromised developer account and the attacker took portions of source code and some proprietary LastPass technical information. The company claims that this incident did not affect customer data or encrypted password vaults. Analyst Comment: This incident doesn’t seem to have an immediate impact on LastPass users. Still, organizations relying on LastPass should raise the concern in their risk assessment since “white-box hacking” (when source code of the attacking system is known) is easier for threat actors. Organizations providing public-facing software should take maximum measures to block threat actors from their development environment and establish robust and transparent security protocols and practices with all third parties involved in their code development. Tags: LastPass, Password manager, Data breach, Source code Mercury Leveraging Log4j 2 Vulnerabilities in Unpatched Systems to Target Israeli (published: August 25, 2022) Starting in July 2022, a new campaign by Iran-sponsored group Static Kitten (Mercury, MuddyWater) was detected targeting Israeli organizations. Microsoft researchers detected that this campaign was leveraging exploitation of Log4j 2 vulnerabilities (CVE-2021-45046 and CVE-2021-44228) in SysAid applications (IT management tools). For persistence Static Kitten was dropping webshells, creating local administrator accounts, stealing credentials, and adding their tools in the startup folders and autostart extensibility point (ASEP) registry keys. Overall the group was heavily using various open-source and built-in operating system tools: eHorus remote management software, Ligolo reverse tunneling tool, Mimikatz credential theft tool, PowerShell programs, RemCom remote service, Venom proxy tool, and Windows Management Instrumentation (WMI). Analyst Comment: Network defenders should monitor for alerts related to web shell threats, suspicious RDP sessions, ASEP registry anomaly, and suspicious account creation. Similarly, SysAid users can monitor for webshells and abnormal processes related to SysAisServer instance. Even though Static Kitten was observed leveraging the Log4Shell vulnerabilities in the past (targeting VMware apps), most of their attacks still start with spearphishing, often from a compromised email account. MITRE ATT&CK: [MITRE ATT&CK] Exploit Public-Facing Application - T1190 | [MITRE ATT&CK] OS Credential Dumping - T1003 | [MITRE ATT&CK] Phishing - T1566 | ]]> 2022-08-30T15:01:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-first-real-life-video-spoofing-attack-magicweb-backdoors-via-non-standard-key-identifier-lockbit-ransomware-blames-victim-for-ddosing-back-and-more www.secnews.physaphae.fr/article.php?IdArticle=6626943 False Ransomware,Hack,Tool,Vulnerability,Threat,Guideline,Cloud APT 29,APT 37,LastPass None Bleeping Computer - Magazine Américain 2022-08-30T13:26:40+00:00 https://www.bleepingcomputer.com/news/security/chinese-hackers-target-australian-govt-with-scanbox-malware/ www.secnews.physaphae.fr/article.php?IdArticle=6629497 False Malware,Threat None None AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Open XDR With an open approach, enabled by APIs, there’s no “rip and replace” of existing point products. Instead, best-of-breed products can be integrated, with deep API integration. This allows you to: Normalize raw log data Collect and enrich log data Perform threat analysis Coordinate response actions Provide security orchestration and automation Allows access to built-in dashboards for your security point products. Check out Rakesh’s video: ]]> 2022-08-30T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/xdr-why-open-is-better-than-closed www.secnews.physaphae.fr/article.php?IdArticle=6622615 False Threat,Guideline None None CISCO Talos - Cisco Research blog By Vanja SvajcerCisco Talos recently observed three separate, but related, campaigns between March and June 2022 delivering a variety of threats, including the ModernLoader bot, RedLine information-stealer and cryptocurrency-mining malware to victims. The actors use PowerShell, .NET assemblies, and HTA and VBS files to spread across a targeted network, eventually dropping other pieces of malware, such as the SystemBC trojan and DCRAT, to enable various stages of their operations. The attackers' use of a variety of off-the-shelf tools makes it difficult to attribute this activity to a specific adversary.The final payload appears to be ModernLoader, which acts as a remote access trojan (RAT) by collecting system information and deploying various modules. In the earlier campaigns from March, we also observed the attackers delivering the cryptocurrency mining malware XMRig. The March campaigns appeared to be targeting Eastern European users, as the constructor utility we analyzed had predefined script templates written in Bulgarian, Polish, Hungarian and Russian.The actors are attempting to compromise vulnerable web applications to serve malware and deliver threats via files masquerading as fake Amazon gift cards. Technical detailsInitial findingsIn June 2022, Cisco Talos identified an unusual command line execution in our telemetry. The decoded base64 command is below:Initial finding: A command executed on the system.The 31.41.244[.]231 IP is a Russian IP and hosts several other URLs with similar naming conventions. Autostart commandFollowing the discovery of the initial command, we identified two other command lines. They are a result of an autorun registered executable and the execution of a scheduled task.]]> 2022-08-30T08:00:09+00:00 http://blog.talosintelligence.com/2022/08/modernloader-delivers-multiple-stealers.html www.secnews.physaphae.fr/article.php?IdArticle=6625062 False Malware,Tool,Threat Yahoo None Mandiant - Blog Sécu de Mandiant Connecteur de renseignement Mandiant Advantage Threat pour Microsoft Sentinel . "Les acteurs de la menace deviennent de plus en plus sophistiqués, et nous constatons une augmentation continue des cyberattaques comme jamais auparavant. Pour se protéger, les organisations ont besoin d'une meilleure visibilité dans leur environnement et une infrastructure à croissance rapide. Avec le mandiant et Microsoft Sentinel

---

Protecting and defending networks against increasingly persistent attacks is top of mind for all organizations. Continuing our mission to help security teams stay relentless in the fight against cyber threats, we are releasing the Mandiant Advantage Threat Intelligence Connector for Microsoft Sentinel. "Threat actors are becoming more sophisticated, and we are seeing a continuous rise in cyber-attacks like never before. To protect themselves, organizations need better visibility across their rapidly growing environment and infrastructure. With the Mandiant and Microsoft Sentinel]]> 2022-08-30T08:00:00+00:00 https://www.mandiant.com/resources/blog/advantage-for-microsoft-sentinel www.secnews.physaphae.fr/article.php?IdArticle=8377435 False Threat None 3.0000000000000000 Security Affairs - Blog Secu The U.S. FBI warns investors that crooks are increasingly exploiting security issues in Decentralized Finance (DeFi) platforms to steal cryptocurrency. The U.S. Federal Bureau of Investigation (FBI) published a Public Service Announcement (PSA) to warn investors that cybercriminals are increasingly exploiting security flaws in Decentralized Finance (DeFi) platforms to steal cryptocurrency. Threat actors are exploiting […] ]]> 2022-08-30T05:26:17+00:00 https://securityaffairs.co/wordpress/135017/cyber-crime/fbi-warns-defi-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=6619614 False Threat None None TrendMicro - Security Firm Blog 2022-08-30T00:00:00+00:00 https://www.trendmicro.com/en_us/ciso/22/i/cyber-security-managed-services-101.html www.secnews.physaphae.fr/article.php?IdArticle=6622327 False Threat None None CVE Liste - Common Vulnerability Exposure 2022-08-29T18:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1663 www.secnews.physaphae.fr/article.php?IdArticle=6616323 False Spam,Threat None None Security Affairs - Blog Secu Threat actors behind the Twilio hack also gained access to the accounts of 93 individual users of its Authy two-factor authentication (2FA) service. Early August, the communications company Twilio discloses a data breach, threat actors had access to the data of some of its customers. The attackers accessed company systems using employee credentials obtained through […] ]]> 2022-08-29T15:25:45+00:00 https://securityaffairs.co/wordpress/134984/data-breach/twilio-hack-authy-2fa.html www.secnews.physaphae.fr/article.php?IdArticle=6613781 False Hack,Threat None None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2022-08-29T14:56:19+00:00 https://threatpost.com/0ktapus-victimize-130-firms/180487/ www.secnews.physaphae.fr/article.php?IdArticle=6612934 False Threat None 4.0000000000000000 Security Affairs - Blog Secu Researchers spotted a Turkish-based crypto miner malware campaign, tracked as Nitrokod, which infected systems across 11 countries. Check Point researchers discovered a Turkish based crypto miner malware campaign, dubbed Nitrokod, which infected machines across 11 countries The threat actors dropped the malware from popular software available on dozens of free software websites, including Softpedia and […] ]]> 2022-08-29T13:11:48+00:00 https://securityaffairs.co/wordpress/134985/cyber-crime/nitrokod-crypto-miner-campaign.html www.secnews.physaphae.fr/article.php?IdArticle=6612759 False Malware,Threat None None Security Intelligence - Site de news Américain Major cyberattacks since 2019 jolted the U.S. government and software industry into action. The succeeding years have seen executive orders, new funding, two summits and a newfound resolve. Because of those attacks, the federal government aims to fix the open-source software security threat altogether. But what has really come of these efforts in the last […] ]]> 2022-08-29T13:00:00+00:00 https://securityintelligence.com/articles/how-cybersecurity-policy-changed-since-solarwinds-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=6612815 False Threat None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-08-29T12:37:00+00:00 https://thehackernews.com/2022/08/twilio-breach-also-compromised-authy.html www.secnews.physaphae.fr/article.php?IdArticle=6610560 False Threat None None AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Figure 1. Decoy spreadsheet ‘ppercepciones anuales.xlsx’. At the time of execution, the first activities performed are registry changes to cloak the malware samples. For example, by setting ‘HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt’ to 1, the attackers are hiding the file extensions and camouflaging the executables as documents. Additionally, the registry key ‘HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden’ is set to 0 to avoid displaying in explorer the hidden files dropped during execution. Finally ‘ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin’ is set to 0 in order to execute any future samples with elevated privileges without explicit consent in the form of a pop up or inserting credentials. The initial payload drops another executable file while opening the spreadsheet in Figure 1. This additional executable attempts to look like a legitimate executable. It is named ‘CmRccService.exe’ and has the same filename as the metadata associated with the product’s name, description and comments. It is probably an attempt to masquerade the process by making it simila]]> 2022-08-29T10:00:00+00:00 https://cybersecurity.att.com/blogs/labs-research/crypto-miners-latest-techniques www.secnews.physaphae.fr/article.php?IdArticle=6613895 False Malware,Threat None None Bleeping Computer - Magazine Américain 2022-08-28T13:15:05+00:00 https://www.bleepingcomputer.com/news/security/okta-one-time-mfa-passcodes-exposed-in-twilio-cyberattack/ www.secnews.physaphae.fr/article.php?IdArticle=6614117 True Hack,Threat None None Bleeping Computer - Magazine Américain 2022-08-28T13:15:05+00:00 https://www.bleepingcomputer.com/news/security/twilio-breach-let-hackers-see-oktas-one-time-mfa-passwords/ www.secnews.physaphae.fr/article.php?IdArticle=6598343 False Hack,Threat None None Security Affairs - Blog Secu Trend Micro researchers warn of a new ransomware family called Agenda, which has been used in attacks on organizations in Asia and Africa. Trend Micro researchers recently discovered a new piece of targeted ransomware, tracked as Agenda, that was written in the Go programming language. The ransomware was employed in a targeted attack against one of […] ]]> 2022-08-28T05:06:36+00:00 https://securityaffairs.co/wordpress/134911/cyber-crime/agenda-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=6587220 False Ransomware,Threat None 3.0000000000000000 Security Affairs - Blog Secu Twilio hackers also compromised the food delivery firm DoorDash, the attackers had access to company data, including customer and employee info. On-demand food delivery service DoorDash disclosed a data breach, the threat actors behind the Twilio hack gained access to the company’s data. DoorDash declared that malicious hackers stole credentials from employees of a third-party vendor, then […] ]]> 2022-08-27T16:14:51+00:00 https://securityaffairs.co/wordpress/134905/data-breach/twilio-hackers-breached-doordash.html www.secnews.physaphae.fr/article.php?IdArticle=6573227 False Hack,Threat None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-08-27T08:53:00+00:00 https://thehackernews.com/2022/08/iranian-hackers-exploiting-unpatched.html www.secnews.physaphae.fr/article.php?IdArticle=6561230 False Threat None None Security Affairs - Blog Secu Threat actors abused a vulnerable anti-cheat driver for the Genshin Impact video game to disable antivirus software. Threat actors abused a vulnerable anti-cheat driver, named mhyprot2.sys, for the Genshin Impact video game to disable antivirus software. According to Trend Micro, a cybercrime gang abused the driver to deploy ransomware. The driver provides anti-cheat functions, but […] ]]> 2022-08-27T07:06:40+00:00 https://securityaffairs.co/wordpress/134884/malware/anti-cheat-driver-disable-antivirus.html www.secnews.physaphae.fr/article.php?IdArticle=6563515 False Threat None None CVE Liste - Common Vulnerability Exposure 2022-08-26T16:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3688 www.secnews.physaphae.fr/article.php?IdArticle=6549680 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure 2022-08-26T16:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3735 www.secnews.physaphae.fr/article.php?IdArticle=6549689 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure 2022-08-26T16:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3644 www.secnews.physaphae.fr/article.php?IdArticle=6549672 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure 2022-08-26T16:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20260 www.secnews.physaphae.fr/article.php?IdArticle=6549630 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure 2022-08-26T16:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3563 www.secnews.physaphae.fr/article.php?IdArticle=6549661 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure 2022-08-26T16:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3414 www.secnews.physaphae.fr/article.php?IdArticle=6549653 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure 2022-08-26T16:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35939 www.secnews.physaphae.fr/article.php?IdArticle=6549668 False Vulnerability,Threat None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-08-26T12:22:00+00:00 https://thehackernews.com/2022/08/cybercrime-groups-increasingly-adopting.html www.secnews.physaphae.fr/article.php?IdArticle=6537942 False Threat None None Fortinet - Fabricant Materiel Securite 2022-08-26T12:03:00+00:00 https://www.fortinet.com/blog/ciso-collective/2022-fortiguard-labs-global-threat-landscape-report-what-cisos-need-to-know www.secnews.physaphae.fr/article.php?IdArticle=6546306 False Threat None None Security Affairs - Blog Secu The threat actors behind Twilio and Cloudflare attacks have been linked to a phishing campaign that targeted other 136 organizations. The threat actors behind the attacks on Twilio and Cloudflare have been linked to a large-scale phishing campaign that targeted 136 organizations, security firm Group-IB reported. Most of the victims are organizations providing IT, software development, and cloud services. The campaign, codenamed 0ktapus, […] ]]> 2022-08-26T06:58:36+00:00 https://securityaffairs.co/wordpress/134851/hacking/0ktapus-phishing-campaign.html www.secnews.physaphae.fr/article.php?IdArticle=6537030 False Threat None None Security Affairs - Blog Secu Password management software firm LastPass has suffered a data breach, threat actors have stole source code and other data. Password management software firm LastPass disclosed a security breach, threat actors had access to portions of the company development environment through a single compromised developer account and stole portions of source code and some proprietary technical […] ]]> 2022-08-25T23:18:15+00:00 https://securityaffairs.co/wordpress/134858/data-breach/lastpass-data-breach.html www.secnews.physaphae.fr/article.php?IdArticle=6529872 False Threat LastPass None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-08-25T20:19:00+00:00 https://thehackernews.com/2022/08/okta-hackers-behind-twilio-and.html www.secnews.physaphae.fr/article.php?IdArticle=6523086 False Threat None None CVE Liste - Common Vulnerability Exposure 2022-08-25T20:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35937 www.secnews.physaphae.fr/article.php?IdArticle=6529149 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure 2022-08-25T20:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35938 www.secnews.physaphae.fr/article.php?IdArticle=6529150 False Vulnerability,Threat None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-08-25T18:54:00+00:00 https://thehackernews.com/2022/08/microsoft-uncovers-new-post-compromise.html www.secnews.physaphae.fr/article.php?IdArticle=6521510 False Malware,Threat None None Bleeping Computer - Magazine Américain 2022-08-25T18:33:35+00:00 https://www.bleepingcomputer.com/news/security/how-kimsuky-hackers-ensure-their-malware-only-reach-valid-targets/ www.secnews.physaphae.fr/article.php?IdArticle=6528849 False Malware,Threat None None Security Affairs - Blog Secu Russia-linked APT group Nobelium is behind a new sophisticated post-exploitation malware tracked by Microsoft as MagicWeb. Microsoft security researchers discovered a post-compromise malware, tracked as MagicWeb, which is used by the Russia-linked NOBELIUM APT group to maintain persistent access to compromised environments.  The NOBELIUM APT (APT29, Cozy Bear, and The Dukes) is the threat actor that […] ]]> 2022-08-25T17:11:38+00:00 https://securityaffairs.co/wordpress/134838/apt/nobelium-magicweb-tool.html www.secnews.physaphae.fr/article.php?IdArticle=6524118 False Malware,Threat APT 29 None Bleeping Computer - Magazine Américain 2022-08-25T16:59:05+00:00 https://www.bleepingcomputer.com/news/security/lastpass-developer-systems-hacked-to-steal-source-code/ www.secnews.physaphae.fr/article.php?IdArticle=6526934 False Threat LastPass None CrowdStrike - CTI Society 2022-08-25T12:37:33+00:00 https://www.crowdstrike.com/blog/getting-started-with-falcon-long-term-repository/ www.secnews.physaphae.fr/article.php?IdArticle=6769151 False Threat,Guideline None None Schneier on Security - Chercheur Cryptologue Américain phishing campaign that uses a man-in-the-middle attack to defeat multi-factor authentication: Microsoft observed a campaign that inserted an attacker-controlled proxy site between the account users and the work server they attempted to log into. When the user entered a password into the proxy site, the proxy site sent it to the real server and then relayed the real server’s response back to the user. Once the authentication was completed, the threat actor stole the session cookie the legitimate site sent, so the user doesn’t need to be reauthenticated at every new page visited. The campaign began with a phishing email with an HTML attachment leading to the proxy server...]]> 2022-08-25T11:45:17+00:00 https://www.schneier.com/blog/archives/2022/08/man-in-the-middle-phishing-attack.html www.secnews.physaphae.fr/article.php?IdArticle=6519460 False Threat,Guideline None None Bleeping Computer - Magazine Américain 2022-08-25T10:53:16+00:00 https://www.bleepingcomputer.com/news/security/twilio-hackers-hit-over-130-orgs-in-massive-okta-phishing-attack/ www.secnews.physaphae.fr/article.php?IdArticle=6521627 False Threat None None CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-08-25T09:24:00+00:00 https://www.csoonline.com/article/3671129/beyond-the-cyber-buzzwords-what-executives-should-know-about-zero-trust.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=6523157 False Threat None None Security Affairs - Blog Secu Threat actors are using the Tox peer-to-peer instant messaging service as a command-and-control server, Uptycs researchers reported. Tox is a peer-to-peer serverless instant messaging services that uses NaCl for encryption and decryption. Uptycs researchers reported that threat actors have started using the Tox peer-to-peer instant messaging service as a command-and-control server. Tox has been used in […] ]]> 2022-08-25T06:59:38+00:00 https://securityaffairs.co/wordpress/134806/malware/tox-p2p-c2-server.html www.secnews.physaphae.fr/article.php?IdArticle=6515464 False Threat None None Kaspersky - Kaspersky Research blog 2022-08-25T01:00:31+00:00 https://securelist.com/kimsukys-golddragon-cluster-and-its-c2-operations/107258/ www.secnews.physaphae.fr/article.php?IdArticle=6510805 False Threat,Cloud APT 37 None SecureWork - SecureWork: incident response 2022-08-25T00:00:00+00:00 https://www.secureworks.com/blog/4-signs-its-time-to-re-solution-your-siem www.secnews.physaphae.fr/article.php?IdArticle=6520088 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-08-24T23:29:00+00:00 https://thehackernews.com/2022/08/crypto-miners-using-tox-p2p-messenger.html www.secnews.physaphae.fr/article.php?IdArticle=6505794 False Ransomware,Threat None None Security Affairs - Blog Secu The streaming media platform Plex is urging its users to reset passwords after threat actors gained access to its database. Plex is an American streaming media service and a client–server media player platform. The company disclosed a data breach after threat actors have access to a limited subset of data stored in a compromised database. Exposed data includes emails, usernames, and […] ]]> 2022-08-24T23:12:45+00:00 https://securityaffairs.co/wordpress/134814/data-breach/plex-data-breach.html www.secnews.physaphae.fr/article.php?IdArticle=6509871 False Data Breach,Threat None None CSO - CSO Daily Dashboard faster remediation, reduced risk and an overall stronger security posture.So, what exactly has changed for SOCs? In legacy SOCs, IT security staff are seated shoulder-to-shoulder in close proximity, looking at screens loaded with myriad details, providing views and data from dozens of security tools delivering a never-ending stream of alerts. This traditional SOC model was always about trying to keep up in a race against alerts and resource constraints that could never really be won.To read this article in full, please click here]]> 2022-08-24T22:54:00+00:00 https://www.csoonline.com/article/3671208/doing-more-with-less-the-case-for-soc-consolidation.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=6515415 False Threat None None Security Affairs - Blog Secu The threat actors behind a large-scale adversary-in-the-middle (AiTM) phishing campaign now target Google G Suite users The threat actors behind a large-scale adversary-in-the-middle (AiTM) phishing campaign targeting enterprise users of Microsoft email services were spotted targeting Google G Suite users. In AiTM phishing, threat actors set up a proxy server between a target user and the website the user […] ]]> 2022-08-24T17:48:20+00:00 https://securityaffairs.co/wordpress/134796/cyber-crime/aitm-phishing-g-suite.html www.secnews.physaphae.fr/article.php?IdArticle=6505116 False Threat None None Dark Reading - Informationweek Branch 2022-08-24T17:33:27+00:00 https://www.darkreading.com/cloud/vmware-lpe-bug-cyberattackers-virtual-machine-data www.secnews.physaphae.fr/article.php?IdArticle=6504958 False Threat None None Cisco - Security Firm Blog 2022-08-24T17:00:48+00:00 https://blogs.cisco.com/security/cisco-talos-our-not-so-secret-threat-intel-advantage www.secnews.physaphae.fr/article.php?IdArticle=6504520 False Threat None 5.0000000000000000 CVE Liste - Common Vulnerability Exposure 2022-08-24T16:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4040 www.secnews.physaphae.fr/article.php?IdArticle=6506179 False Vulnerability,Threat None None SecurityWeek - Security News 2022-08-24T15:39:43+00:00 https://www.securityweek.com/new-air-gap-jumping-attack-uses-ultrasonic-tones-and-smartphone-gyroscope www.secnews.physaphae.fr/article.php?IdArticle=6505022 False Threat None None Dark Reading - Informationweek Branch 2022-08-24T15:30:01+00:00 https://www.darkreading.com/cloud/unusual-microsoft-365-phishing-efax-compromised-dynamic-voice-account www.secnews.physaphae.fr/article.php?IdArticle=6503461 False Threat None None Dark Reading - Informationweek Branch 2022-08-24T14:38:30+00:00 https://www.darkreading.com/attacks-breaches/acronis-midyear-cyberthreats-report-finds-ransomware-is-the-no-1-threat-to-organizations-projects-damages-to-exceed-30-billion-by-2023 www.secnews.physaphae.fr/article.php?IdArticle=6502680 False Ransomware,Threat,Guideline None None Dark Reading - Informationweek Branch 2022-08-24T14:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/why-empathy-is-the-key-to-better-threat-modeling www.secnews.physaphae.fr/article.php?IdArticle=6501952 False Threat None None GoogleSec - Firm Security Blog https://github.com/google/paranoid_crypto). The library is developed and maintained by members of the Google Security Team, but it is not an officially supported Google product.Why the Project?Crypto artifacts may be generated by systems with implementations unknown to us; we refer to them as “black boxes.” An artifact may be generated by a black-box if, for example, it was not generated by one of our own tools (such as Tink), or by a library that we can inspect and test using Wycheproof. Unfortunately, sometimes we end up relying on black-box generated artifacts (e.g. generated by proprietary HSMs).After the disclosure of the ROCA vulnerability]]> 2022-08-24T13:14:56+00:00 http://security.googleblog.com/2022/08/announcing-open-sourcing-of-paranoids.html www.secnews.physaphae.fr/article.php?IdArticle=6505273 False Vulnerability,Threat None None CrowdStrike - CTI Society 2022-08-24T13:14:26+00:00 https://www.crowdstrike.com/blog/the-anatomy-of-wiper-malware-part-2/ www.secnews.physaphae.fr/article.php?IdArticle=6509208 False Threat None None CISCO Talos - Cisco Research blog Ukrainian infrastructure has largely stayed operational and, in most cases, exceeded expectations. It seems to have baffled most pundits, but for those that have spent years working in Ukraine, it's no surprise about the levels of dedication and commitment to protecting their critical infrastructure from those that would do it harm.  The team also covered how groundwork laid years ago is paying dividends now during the war, as well as an update on the types of cyber threats we're observing, including the deployment of the GoMet backdoor. At the beginning of the broadcast, Korzhevin shared what Independence Day of Ukraine means for him. "Independence is not an extra day off, but a value that should be used for the benefit of every citizen of our country," he added after the stream. "Independence is the will. Independence lives in every person. If we are independent, it means that we are free. That is, we live, not exist. The same goes for the state. Independence of Ukraine is when we have the possibility to develop the state as we want it and not as we are told when we have a real own history and not a twisted one when we speak our native language and not a hostile one. And now that there is a war in Ukraine, the most important task of our people is to preserve Independence. So that we, our children, grandchildren and all future generations of Ukrainians could live and build our state based on national traditions and core democratic values. Independence is primarily a way, not a condition. I believe that we will overcome all the difficulties in this way."Bengee added that Cisco and Talos have several resources available to any organizations in Ukraine that are in need of assistance. "If you are an organization in Ukraine who is interested in having Talos' help, and you would like to participate in our threat hunting program, please reach out via our social channels," she said. "We are offering our security products for free to Ukrainian organizations, as it's important to us to continue to support Ukraine throughout the duration of the conflict."A recording of the broadcast is available here and above.In our continued efforts to support Ukraine the following blogs have been translated into Ukrainian:  Current executive guidance for ongoing cyberattacks in Ukraine Talos on the developing situation in Ukraine Cisco stands on guard with our customers in Ukraine Threat Advisory: Opportunistic]]> 2022-08-24T12:50:34+00:00 http://blog.talosintelligence.com/2022/08/ukraine-independence-day-talos-update.html www.secnews.physaphae.fr/article.php?IdArticle=6505244 False Malware,Threat,Guideline None 4.0000000000000000 ProjectZero - Blog de recherche Google App splash screen showing the Vodafone carrier logo and the text "My Vodafone" (not the legitimate Vodadone app) Although this looks like the real My Vodafone carrier app available in the App Store, it didn't come from the App Store and is not the real application from Vodafone. TAG suspects that a target receives a link to this app in an SMS, after the attacker asks the carrier to disable the target's mobile data connection. The SMS claims that in order to restore mobile data connectivity, the target must install the carrier app and includes a link to download and install this fake app. This sideloading works because the app is signed with an enterprise certificate, which can be purchased for $299 via the Apple Enterprise developer program. This program allows an eligible enterprise to obtain an Apple-signed embedded.mobileprovision file with the ProvisionsAllDevices key set. An app signed with the developer certificate embedded within that mobileprovision file can be sideloaded on any iPhone, bypassing Apple's App Store review process. While we understand that the Enterprise developer program is designed for companies to push "trusted apps" to their staff's iOS devices, in this case, it appears that it was being used to sideload this fake carrier app. In collaboration with Project Zero, ]]> 2022-08-24T11:58:33+00:00 https://googleprojectzero.blogspot.com/2022/06/curious-case-carrier-app.html www.secnews.physaphae.fr/article.php?IdArticle=8221928 False Vulnerability,Threat,Guideline None None ProjectZero - Blog de recherche Google root cause of the CVE-2021-0920 vulnerability. In the second post, we'll dive into the in-the-wild 0-day exploitation of the vulnerability and post-compromise modules.Overview of in-the-wild CVE-2021-0920 exploits A surveillance vendor named Wintego has developed an exploit for Linux socket syscall 0-day, CVE-2021-0920, and used it in the wild since at least November 2020 based on the earliest captured sample, until the issue was fixed in November 2021.  Combined with Chrome and Samsung browser exploits, the vendor was able to remotely root Samsung devices. The fix was released with the November 2021 Android Security Bulletin, and applied to Samsung devices in Samsung's December 2021 security update. Google's Threat Analysis Group (TAG) discovered Samsung browser exploit chains being used in the wild. TAG then performed root cause analysis and discovered that this vulnerability, CVE-2021-0920, was being used to escape the sandbox and elevate privileges. CVE-2021-0920 was reported to Linux/Android anonymously. The Google Android Security Team performed the full deep-dive analysis of the exploit. This issue was initially discovered in 2016 by a RedHat kernel developer and disclosed in a public email thread, but the Linux kernel community did not patch the issue until it was re-reported in 2021. Various Samsung devices were targeted, including the Samsung S10 and S20. By abusing an ephemeral race condition in Linux kernel garbage collection, the exploit code was able to obtain a use-after-free (UAF) in a kernel sk_buff object. The in-the-wild sample could effectively circumvent CONFIG_ARM64_UAO, achieve arbitrary read / write primitives and bypass Samsung RKP to elevate to root. Other Android devices were also vulnerable, but we did not find any exploit samples against them. Text extracted from captured samples dubbed the vulnerability “quantum Linux kernel garbage collection”, which appears to be a fitting title for this blogpost.Introduction CVE-2021-0920 is a use-after-free (UAF)]]> 2022-08-24T11:55:31+00:00 https://googleprojectzero.blogspot.com/2022/08/the-quantum-state-of-linux-kernel.html www.secnews.physaphae.fr/article.php?IdArticle=8221926 False Vulnerability,Threat,Guideline None None AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Figure 1: App mapping Normalizing the logs is the job of a parser. With the new Custom Log Parser feature, customers can build their own parser by dragging and dropping fields instead of waiting for an engineer to build one for them. (See figure 1.) Note that this step should be performed carefully because all data correlation will depend on it. This new feature allows customers to create parsers not only for their custom AlienApps, but also for any “Generic Log” imported via syslog or an S3 bucket. See figure 2 for a graphical view of this. Figure 2: Custom Log Parsers – graphical view These innovations join a host of others in the AlienApps log ingestion framework. (See figure 3.) Our log processing architecture is built to accommodate as many methods as possible, and we continue to evolve and add others. In addition to making their own AlienApps and parsers, customers can ingest logs via our roster of 36 Advanced AlienApps for various cloud services. And these apps also allow customers to respond to alarms by using the containment capabilities of the various security products ]]> 2022-08-24T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/announcing-code-free-api-log-collection-and-parser-creation www.secnews.physaphae.fr/article.php?IdArticle=6499351 False Threat None None CSO - CSO Daily Dashboard ransomware attacks that spark headlines news, threat actors are sticking to one of the oldest and most effective hacking techniques-business email compromise (BEC).Enterprise security has skewed toward ransomware in recent years, but FBI data highlights that  enterprises in aggregate are losing 51 times more money through BEC attacks. In 2021, BEC attacks in the US caused total losses of $2.4 billion, a 39% increase from 2020. In contrast, at the same time, companies in the US lost only $49.2 million to ransomware.To read this article in full, please click here]]> 2022-08-24T03:00:00+00:00 https://www.csoonline.com/article/3670548/why-business-email-compromise-still-tops-ransomware-for-total-losses.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=6499918 False Ransomware,Threat None None The State of Security - Magazine Américain In the context of hybrid work, the threat of data loss is rampant. Cybersecurity systems that were once designed to operate within the confines of a network perimeter have become obsolete, with employees using various devices, networks, and applications to get their work done. As such, it's easier than ever for companies to be vulnerable […]… Read More ]]> 2022-08-24T03:00:00+00:00 https://www.tripwire.com/state-of-security/security-data-protection/things-learned-definitive-guide-data-loss-prevention-dlp/ www.secnews.physaphae.fr/article.php?IdArticle=6495127 False Threat None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-08-24T02:29:00+00:00 https://thehackernews.com/2022/08/researchers-warn-of-aitm-attack.html www.secnews.physaphae.fr/article.php?IdArticle=6499867 False Threat None None CVE Liste - Common Vulnerability Exposure 2022-08-23T20:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3917 www.secnews.physaphae.fr/article.php?IdArticle=6491424 False Vulnerability,Threat None None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Reservations Requested: TA558 Targets Hospitality and Travel (published: August 18, 2022) Since 2018, financially-motivated threat group TA558 has targeted hospitality and travel with reservation-themed, business-relevant phishing emails. The group concentrates on targeting Latin America using lures written in Portuguese and Spanish, and sometimes uses English and wider targeting (North America, Western Europe). TA558 was seen leveraging at least 15 different malware payloads, most often AsyncRAT, Loda RAT, Revenge RAT, and Vjw0rm. In 2022, Proofpoint researchers detected that TA558 increased its activity and moved from using malicious macros to URLs and container files (ISO, RAR). Analyst Comment: Microsoft’s preparations to disable macros by default in Office products caused multiple threat groups including TA558 to adopt new filetypes to deliver payloads. It is crucial for personnel working with invoices and other external attachments to use updated, secured systems and be trained on phishing threats. Anomali Match can be used to quickly search your infrastructure for known TA558 IOCs. MITRE ATT&CK: [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] User Execution - T1204 | [MITRE ATT&CK] Command and Scripting Interpreter - T1059 | [MITRE ATT&CK] Scheduled Task - T1053 | [MITRE ATT&CK] Ingress Tool Transfer - T1105 Tags: TA558, AsyncRAT, Loda, RAT, Vjw0rm, BluStealer, Revenge RAT, XtremeRAT, Hospitality, Travel, Phishing, ISO, RAR, PowerShell, CVE-2017-11882, CVE-2017-8570 Estonia Subjected to 'Extensive' Cyberattacks after Moving Soviet Monuments (published: August 18, 2022) On August 17, 2022, Russian hacktivist group KillNet launched distributed denial-of-service (DDoS) attacks targeting Estonia. The Estonian government confirmed receiving the “most extensive” DDoS attacks in 15 years, but stressed that all services are back online after just some minor interruptions. Small and medium-sized DDoS attacks targeted 16 state and private organizations in the country, with seven of them experiencing downtime as a result. Specifically, the Estonian Tax and Customs Board website was unavailable for about 70 minutes. Analyst Comment: Russian cyber activity follows political tensions, this time coinciding with the removal of a Red Army memorial. Estonia seemingly easily fended off this Russian DDoS attack, but the country is one of the top in cyber preparedness, and Russia limited it’s strike to using hacktivist groups that give plausible deniability when attributing the cyber attack on a NATO country. Organizations that rely on stable work of their I]]> 2022-08-23T17:35:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-emissary-panda-adds-new-operation-systems-to-its-supply-chain-attacks-russia-sponsored-seaborgium-spies-on-nato-countries-ta558-switches-from-macros-to-container-files-and-more www.secnews.physaphae.fr/article.php?IdArticle=6487319 False Ransomware,Malware,Tool,Threat APT 27 None InfoSecurity Mag - InfoSecurity Magazine 2022-08-23T16:30:00+00:00 https://www.infosecurity-magazine.com/news/cisa-palo-alto-networks-pan-os/ www.secnews.physaphae.fr/article.php?IdArticle=6486534 False Vulnerability,Threat None None RedCanary - Red Canary 2022-08-23T16:17:46+00:00 https://redcanary.com/blog/cyber-threat-intelligence-hiring/ www.secnews.physaphae.fr/article.php?IdArticle=6931088 False Threat None None CVE Liste - Common Vulnerability Exposure 2022-08-23T16:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3827 www.secnews.physaphae.fr/article.php?IdArticle=6488180 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure 2022-08-23T16:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3702 www.secnews.physaphae.fr/article.php?IdArticle=6488168 False Threat None None CVE Liste - Common Vulnerability Exposure 2022-08-23T16:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20298 www.secnews.physaphae.fr/article.php?IdArticle=6488126 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure 2022-08-23T16:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3701 www.secnews.physaphae.fr/article.php?IdArticle=6488167 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure 2022-08-23T16:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3759 www.secnews.physaphae.fr/article.php?IdArticle=6488174 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure 2022-08-23T16:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3764 www.secnews.physaphae.fr/article.php?IdArticle=6488176 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure 2022-08-23T16:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20304 www.secnews.physaphae.fr/article.php?IdArticle=6488127 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure 2022-08-23T16:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3690 www.secnews.physaphae.fr/article.php?IdArticle=6488166 False Vulnerability,Threat,Guideline None None CVE Liste - Common Vulnerability Exposure 2022-08-23T16:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35509 www.secnews.physaphae.fr/article.php?IdArticle=6488102 False Vulnerability,Threat None None Fortinet - Fabricant Materiel Securite 2022-08-23T14:46:00+00:00 https://www.fortinet.com/blog/industry-trends/threat-report-highlights-best-ransomware-protection-practices-for-cisos www.secnews.physaphae.fr/article.php?IdArticle=6490443 False Ransomware,Threat None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-08-23T07:50:00+00:00 https://thehackernews.com/2022/08/google-uncovers-tool-used-by-iranian.html www.secnews.physaphae.fr/article.php?IdArticle=6485628 False Malware,Tool,Threat,Conference APT 35,Yahoo None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-08-23T04:59:00+00:00 https://thehackernews.com/2022/08/the-rise-of-data-exfiltration-and-why.html www.secnews.physaphae.fr/article.php?IdArticle=6484147 False Ransomware,Threat None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-08-23T04:44:00+00:00 https://thehackernews.com/2022/08/suspected-iranian-hackers-targeted.html www.secnews.physaphae.fr/article.php?IdArticle=6482683 False Threat None None Fortinet ThreatSignal - Harware Vendor 2022-08-22T20:09:54+00:00 https://fortiguard.fortinet.com/threat-signal-report/4718 www.secnews.physaphae.fr/article.php?IdArticle=6478466 False Malware,Threat None None Dark Reading - Informationweek Branch 2022-08-22T17:31:29+00:00 https://www.darkreading.com/application-security/secureworks-how-to-distinguish-hype-from-reality-with-ai-in-secops www.secnews.physaphae.fr/article.php?IdArticle=6474319 False Threat None None CVE Liste - Common Vulnerability Exposure 2022-08-22T15:15:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3586 www.secnews.physaphae.fr/article.php?IdArticle=6474029 False Vulnerability,Threat None 2.0000000000000000 CVE Liste - Common Vulnerability Exposure 2022-08-22T15:15:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3481 www.secnews.physaphae.fr/article.php?IdArticle=6474026 False Vulnerability,Threat,Guideline None None CVE Liste - Common Vulnerability Exposure 2022-08-22T15:15:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3513 www.secnews.physaphae.fr/article.php?IdArticle=6474027 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure 2022-08-22T15:15:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3590 www.secnews.physaphae.fr/article.php?IdArticle=6474030 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure 2022-08-22T15:15:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3659 www.secnews.physaphae.fr/article.php?IdArticle=6474032 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure 2022-08-22T15:15:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3442 www.secnews.physaphae.fr/article.php?IdArticle=6474025 False Vulnerability,Threat,Guideline None None CVE Liste - Common Vulnerability Exposure 2022-08-22T15:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27836 www.secnews.physaphae.fr/article.php?IdArticle=6474004 False Vulnerability,Threat None None Dark Reading - Informationweek Branch 2022-08-22T14:31:29+00:00 https://www.darkreading.com/threat-intelligence/cisco-all-intelligence-is-not-created-equal www.secnews.physaphae.fr/article.php?IdArticle=6472780 False Threat None None Global Security Mag - Site de news francais Business]]> 2022-08-22T13:16:12+00:00 http://www.globalsecuritymag.fr/Kaspersky-et-Microsoft-s-allient,20220822,129056.html www.secnews.physaphae.fr/article.php?IdArticle=6479456 False Threat None 4.0000000000000000 Global Security Mag - Site de news francais Vulnérabilités]]> 2022-08-22T10:57:24+00:00 http://www.globalsecuritymag.fr/Vulnerabilites-Apple-quelles,20220822,129045.html www.secnews.physaphae.fr/article.php?IdArticle=6479459 False Threat None None AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Gartner estimates that roughly 30% of enterprises currently deploy some form of mobile threat defense (MTD). Contributing to this oversight, some companies confuse the deployment of mobile device management (MDM) platforms (e.g., Workspace ONE, MaaS360, etc.) with mobile security, even though MDM tools cannot detect most application, network, or content-based threats. Therefore, the need to integrate MTD into the incident response toolset should be seen as complementary to device management and deemed table stakes for a comprehensive security posture.  As evidence, when indicators of compromise (IOCs) are detected on traditional endpoints, those same threats often include elements that specifically target mobile devices. Due to their smaller form factors and the nature in which users blend their interactions between business and personal use, mobile devices are exponentially more susceptible to phishing and social engineering attacks. In fact, sophisticated phishing attacks now attempt to obfuscate detection by traditional endpoint security tools. The relative lack of investment in mobile security tools and the increasing dependence on mobile devices has led to many bad actors directing their focus to mobile since it makes for a much softer target. By checking the form factor and/or OS, these attacks can present mobile users with malicious websites while also directing users on traditional endpoints to the proper destination. Bad actors will then attempt to harvest the credentials of the mobile users accessing the malicious site, or they will install malware to initiate an attack. These bad actors need only a single access point to gain entry and start to move laterally through a network. To protect their data, organizations need to fill the mobile gap in their security posture. To do this, they need access to the telemetry across all their endpoints, not just their servers and laptops. That data must also be treated as critical to their overall incident response capabilities. Telemetry from mobile-specific attacks, such as phishing attacks, remote jailbreaks, and man-in-the-middle attacks can be correlated with the existing intelligence within USM Anywhere and subsequently remediated. Lookout is a leader in endpoint and cloud security solutions. The advanced machine intelligence in the Lookout security platform leverages the Lookout Security Graph, which contains behavioral analysis of telemetry data from over 205 million devices and 170 ]]> 2022-08-22T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/att-and-lookout-expand-partnership-with-launch-of-lookout-alienapp www.secnews.physaphae.fr/article.php?IdArticle=6471032 False Malware,Threat,Guideline None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-08-22T05:32:00+00:00 https://thehackernews.com/2022/08/meet-borat-rat-new-unique-triple-threat.html www.secnews.physaphae.fr/article.php?IdArticle=6472197 False Malware,Threat None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-08-22T02:19:00+00:00 https://thehackernews.com/2022/08/rtls-systems-found-vulnerable-to-mitm.html www.secnews.physaphae.fr/article.php?IdArticle=6470850 False Threat None None Dark Reading - Informationweek Branch 2022-08-21T19:31:29+00:00 https://www.darkreading.com/risk/mimecast-mitigating-risk-across-a-complex-threat-landscape www.secnews.physaphae.fr/article.php?IdArticle=6460781 False Threat None None