This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-07-02T13:29:07+00:00 www.secnews.physaphae.fr Bleeping Computer - Magazine Américain 2021-04-10T10:40:00+00:00 https://www.bleepingcomputer.com/news/security/android-malware-found-embedded-in-apkpure-store-application/ www.secnews.physaphae.fr/article.php?IdArticle=2617465 False Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2021-04-09T23:50:38+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/CXDk3hukdOM/hackers-tampered-with-apkpure-store-to.html www.secnews.physaphae.fr/article.php?IdArticle=2616043 False Malware,Threat None None Bleeping Computer - Magazine Américain 2021-04-09T13:55:00+00:00 https://www.bleepingcomputer.com/news/security/attackers-deliver-legal-threats-icedid-malware-via-contact-forms/ www.secnews.physaphae.fr/article.php?IdArticle=2612935 False Malware,Threat None None InformationSecurityBuzzNews - Site de News Securite 2021-04-09T11:56:27+00:00 https://informationsecuritybuzz.com/expert-comments/fake-netflix-app-allows-hackers-to-hijack-whatsapp/ www.secnews.physaphae.fr/article.php?IdArticle=2610991 False Malware None None SecurityWeek - Security News 2021-04-09T08:46:29+00:00 http://feedproxy.google.com/~r/Securityweek/~3/_b88SnO-lGs/collaboration-platforms-increasingly-abused-malware-distribution-data-exfiltration www.secnews.physaphae.fr/article.php?IdArticle=2610095 False Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2021-04-09T07:59:41+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/qp1Nruco_Oc/alert-theres-new-malware-out-there.html www.secnews.physaphae.fr/article.php?IdArticle=2612009 False Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2021-04-09T00:45:17+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/OGtF30YKp_w/gigaset-android-update-server-hacked-to.html www.secnews.physaphae.fr/article.php?IdArticle=2609954 False Malware None None 01net. Actualites - Securite - Magazine Francais ]]> 2021-04-08T12:55:00+00:00 https://www.01net.com/actualites/ce-malware-android-se-faisait-passer-pour-netflix-afin-de-pirater-whatsapp-2040782.html www.secnews.physaphae.fr/article.php?IdArticle=2609270 False Malware None None Bleeping Computer - Magazine Américain 2021-04-08T09:01:17+00:00 https://www.bleepingcomputer.com/news/security/north-korean-hackers-use-new-vyveva-malware-to-attack-freighters/ www.secnews.physaphae.fr/article.php?IdArticle=2604686 False Malware APT 38,APT 28 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2021-04-08T06:37:05+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/hz96-cUbfVk/researchers-uncover-new-iranian-malware.html www.secnews.physaphae.fr/article.php?IdArticle=2604912 False Malware,Threat APT 34 None CVE Liste - Common Vulnerability Exposure 2021-04-08T04:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1386 www.secnews.physaphae.fr/article.php?IdArticle=2602817 False Malware,Vulnerability None None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2021-04-07T20:50:39+00:00 https://threatpost.com/attackers-discord-slack-malware/165295/ www.secnews.physaphae.fr/article.php?IdArticle=2600523 False Malware None None TechRepublic - Security News US 2021-04-07T18:14:02+00:00 https://www.techrepublic.com/article/how-to-better-combat-malware-delivered-through-email/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=2600598 False Malware None None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2021-04-07T16:47:11+00:00 https://threatpost.com/netflix-app-google-play-malware-whatsapp/165288/ www.secnews.physaphae.fr/article.php?IdArticle=2600236 False Malware None None SecurityWeek - Security News 2021-04-07T15:10:01+00:00 http://feedproxy.google.com/~r/Securityweek/~3/0SflebMZiuk/fake-netflix-app-luring-android-users-malware www.secnews.physaphae.fr/article.php?IdArticle=2600074 False Malware None None Wired Threat Level - Security News 2021-04-07T12:00:00+00:00 https://www.wired.com/story/malware-discord-slack-links www.secnews.physaphae.fr/article.php?IdArticle=2598646 False Malware None None Bleeping Computer - Magazine Américain 2021-04-07T11:36:59+00:00 https://www.bleepingcomputer.com/news/security/gigaset-android-phones-infected-by-malware-via-hacked-update-server/ www.secnews.physaphae.fr/article.php?IdArticle=2600161 False Malware,Threat None None InfoSecurity Mag - InfoSecurity Magazine 2021-04-07T10:25:00+00:00 https://www.infosecurity-magazine.com:443/news/wormable-netflix-malware-spreads/ www.secnews.physaphae.fr/article.php?IdArticle=2598014 False Malware,Threat None None ZD Net - Magazine Info 2021-04-07T10:13:26+00:00 https://www.zdnet.com/article/new-android-malware-poses-as-netflix-to-hijack-whatsapp-sessions/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=2598730 False Malware None None Security Affairs - Blog Secu 2021-04-07T10:02:22+00:00 https://securityaffairs.co/wordpress/116450/cyber-crime/gigaset-malware-supply-chain-attack.html?utm_source=rss&utm_medium=rss&utm_campaign=gigaset-malware-supply-chain-attack www.secnews.physaphae.fr/article.php?IdArticle=2597939 False Malware,Threat None None Bleeping Computer - Magazine Américain 2021-04-07T06:00:00+00:00 https://www.bleepingcomputer.com/news/security/android-malware-infects-wannabe-netflix-thieves-via-whatsapp/ www.secnews.physaphae.fr/article.php?IdArticle=2598502 False Malware,Tool None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2021-04-07T03:36:31+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/0QL0J7LsNsU/whatsapp-based-wormable-android-malware.html www.secnews.physaphae.fr/article.php?IdArticle=2598480 False Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2021-04-07T00:16:29+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/xtKZieC-9R8/pre-installed-malware-dropper-found-on.html www.secnews.physaphae.fr/article.php?IdArticle=2597655 False Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2021-04-06T22:38:07+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/9zERzM6xf90/experts-uncover-new-banking-trojan.html www.secnews.physaphae.fr/article.php?IdArticle=2597449 False Malware None None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence The Leap of a Cycldek-Related Threat Actor (published: April 5, 2021) A new sophisticated Chinese campaign was observed between June 2020 and January 2021, targeting government, military and other critical industries in Vietnam, and, to lesser extent, in Central Asia and Thailand. This threat actor uses a "DLL side-loading triad" previously mastered by another Chinese group, LuckyMouse: a legitimate executable, a malicious DLL to be sideloaded by it, and an encoded payload, generally dropped from a self-extracting archive. But the code origins of the new malware used on different stages of this campaign point to a different Chinese-speaking group, Cycldek. Analyst Comment: Malware authors are always innovating new methods of communicating back to the control servers. Always practice Defense in Depth (do not rely on single security mechanisms - security measures should be layered, redundant, and failsafe). MITRE ATT&CK: [MITRE ATT&CK] DLL Side-Loading - T1073 | [MITRE ATT&CK] File Deletion - T1107 Tags: Chinese-speaking, Cycldek-related Hancitor’s Use of Cobalt Strike and a Noisy Network Ping Tool (published: April 1, 2021) Hancitor is an information stealer and malware downloader used by a threat actor designated as MAN1, Moskalvzapoe or TA511. Initial infection includes target clicking malspam, then clicking on a link in an opened Google Docs page, and finally clicking to enable macros in the downloaded Word document. In recent months, this actor began using a network ping tool to help enumerate the Active Directory (AD) environment of infected hosts. It generates approximately 1.5 GB of Internet Control Message Protocol (ICMP) traffic. Analyst Comment: Organizations should use email security solutions to block malicious/spam emails. All email attachments should be scanned for malware before they reach the user's inbox. IPS rules need to be configured properly to identify any reconnaissance attempts e.g. port scan to get early indication of potential breach. MITRE ATT&CK: [MITRE ATT&CK] Remote System Discovery - T1018 | [MITRE ATT&CK] Remote Access Tools - T1219 | [MITRE ATT&CK] Rundll32 - T1085 | [MITRE ATT&CK] Standard Application Layer Protocol - T1071 | [MITRE ATT&CK] System Information Discovery - T1082 Tags: Hancitor, Malspam, Cobalt Strike ]]> 2021-04-06T16:57:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-apt-groups-data-breach-malspam-and-more www.secnews.physaphae.fr/article.php?IdArticle=2593638 False Malware,Tool,Vulnerability,Threat,Conference APT 35,APT 10 None Wired Threat Level - Security News 2021-04-06T13:00:00+00:00 https://www.wired.com/story/that-call-of-duty-warzone-cheat-might-be-malware www.secnews.physaphae.fr/article.php?IdArticle=2592639 False Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2021-04-06T00:04:02+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/VAkqTu6syGo/hackers-targeting-professionals-with.html www.secnews.physaphae.fr/article.php?IdArticle=2591271 False Malware None None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2021-04-05T21:04:26+00:00 https://threatpost.com/spy-operations-vietnam-rat/165243/ www.secnews.physaphae.fr/article.php?IdArticle=2590245 False Malware None None Security Affairs - Blog Secu 2021-04-04T15:35:55+00:00 https://securityaffairs.co/wordpress/116338/malware/malware-attack-on-applus.html?utm_source=rss&utm_medium=rss&utm_campaign=malware-attack-on-applus www.secnews.physaphae.fr/article.php?IdArticle=2584721 True Malware,Guideline None None Bleeping Computer - Magazine Américain 2021-04-03T18:40:12+00:00 https://www.bleepingcomputer.com/news/security/malware-attack-is-preventing-car-inspections-in-eight-us-states/ www.secnews.physaphae.fr/article.php?IdArticle=2582606 False Malware None None TroyHunt - Blog Security 2021-04-03T14:09:25+00:00 https://arstechnica.com/?p=1754269 www.secnews.physaphae.fr/article.php?IdArticle=2581258 False Malware None 3.0000000000000000 Security Affairs - Blog Secu 2021-04-03T07:24:18+00:00 https://securityaffairs.co/wordpress/116282/cyber-crime/avaddon-ransomware-evolution.html?utm_source=rss&utm_medium=rss&utm_campaign=avaddon-ransomware-evolution www.secnews.physaphae.fr/article.php?IdArticle=2580326 False Ransomware,Malware,Threat None None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2021-04-02T18:16:10+00:00 https://threatpost.com/call-of-duty-cheats-gamers-malware/165209/ www.secnews.physaphae.fr/article.php?IdArticle=2577247 False Malware None None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2021-04-02T16:45:29+00:00 https://threatpost.com/powershell-payload-analysis-malware/165188/ www.secnews.physaphae.fr/article.php?IdArticle=2576683 False Malware None None SANS Institute - SANS est un acteur de defense et formation 1], I mentioned that I was able to access screenshots exfiltrated by the malware sample. During the first analysis, there were approximately 460 JPEG files available. I continued to keep an eye on the host and the number slightly increased but not so much. My diary conclusion was that the malware looks popular seeing the number of screenshots but wait… Are we sure that all those screenshots are real victims? I executed the malware in my sandbox and probably other automated analysis tools were used to detonate the malware in a sandbox. This question popped up in my mind: How do have an idea about the ratio of automated tools VS. real victims? ]]> 2021-04-02T05:13:13+00:00 https://isc.sans.edu/diary/rss/27272 www.secnews.physaphae.fr/article.php?IdArticle=2574690 False Malware None None taosecurity - Blog Sécurité Chinois What are the origins of the names TaoSecurity and the unit formerly known as TAO? IntroductionI've been reading Nicole Perlroth's new book This Is How They Tell Me the World Ends. Her discussion of the group formerly known as Tailored Access Operations, or TAO, reminded me of a controversy that arose in the 2000s. I had heard through back channels that some members of that group were upset that I was operating using the name TaoSeurity. In the 2000s and early 2010s I taught classes under the TaoSecurity brand, and even ran TaoSecurity as a single-person consultancy from 2005-2007. The purpose of this post is to explain why, how, and when I chose the TaoSecurity identity, and to show that it is contemporaneous with the formal naming of the TAO group. The most reliable accounts indicate TaoSecurity predates the TAO brand.TaoSecurity Began with Kung Fu and TaoismWith Sifu Michael Macaris, 21 June 1996In the summer of 1994, after graduating from the Air Force Academy and before beginning my graduate program at what is now called the Harvard Kennedy School, I started watching re-runs of the 1970s David Carradine Kung Fu TV series, created by Ed Spielman. I was so motivated by the philosophical message of the program that I joined a kung fu school in Massachusetts. I trained there for two years, and studied what I could about Chinese history and culture. I learned from the show and that it was based on Taoism (for example) so I bought a copy of the Tao Te Ching by Lao Tzu and devoured it. Visiting ChinaTai Chi on the Yangtze, May 1999In the spring of 1999 my wife and I took a three week trip to Chin]]> 2021-04-01T14:00:00+00:00 https://taosecurity.blogspot.com/2021/04/the-origins-of-names-taosecurity-and.html www.secnews.physaphae.fr/article.php?IdArticle=2572324 False Malware,Threat None None Anomali - Firm Blog Figure 1 – Infection Chain Technical Analysis Threat actors distributed .docx files with the objective of dropping a rich text format (RTF) file ]]> 2021-04-01T06:52:00+00:00 https://www.anomali.com/blog/bahamut-possibly-responsible-for-multi-stage-infection-chain-campaign www.secnews.physaphae.fr/article.php?IdArticle=2573830 False Malware,Vulnerability,Threat Bahamut None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2021-03-31T23:58:40+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/UAlf3w8WGrg/hackers-set-up-fake-cybersecurity-firm.html www.secnews.physaphae.fr/article.php?IdArticle=2569942 False Malware,Threat None None McAfee Labs - Editeur Logiciel Welcome to reality Ever since I started working in IT Security more than 10 years ago, I wondered, what helps defend against malware the best? This simple question does not stand on its own, as there are several follow-up questions to that: How is malware defined? Are we focusing solely on Viruses and Trojans, or […] ]]> 2021-03-31T16:22:07+00:00 https://www.mcafee.com/blogs/other-blogs/mcafee-labs/mcafee-defenders-blog-reality-check-for-your-defenses/ www.secnews.physaphae.fr/article.php?IdArticle=2567132 False Malware None None TechRepublic - Security News US 2021-03-31T16:05:55+00:00 https://www.techrepublic.com/article/malicious-attack-now-targeting-video-gamers-and-modders/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=2567212 False Malware None None CVE Liste - Common Vulnerability Exposure 2021-03-31T14:15:19+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23985 www.secnews.physaphae.fr/article.php?IdArticle=2567351 False Malware,Vulnerability None None ZD Net - Magazine Info 2021-03-31T13:07:13+00:00 https://www.zdnet.com/article/gaming-tools-backdoored-cheat-engines-are-now-new-weapons-in-cyberattacks/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=2566942 False Malware None None Bleeping Computer - Magazine Américain 2021-03-31T13:05:58+00:00 https://www.bleepingcomputer.com/news/security/bazarcall-malware-uses-malicious-call-centers-to-infect-victims/ www.secnews.physaphae.fr/article.php?IdArticle=2567628 False Malware None None Bleeping Computer - Magazine Américain 2021-03-31T12:31:49+00:00 https://www.bleepingcomputer.com/news/security/malware-hidden-in-game-cheats-and-mods-used-to-target-gamers/ www.secnews.physaphae.fr/article.php?IdArticle=2567453 False Malware,Threat None None Mandiant - Blog Sécu de Mandiant bitsparser Tool Un exemple réel de logiciels malveillants utilisant des bits persistance Introduction Microsoft a introduit le service de transfert (bits) intelligent de fond avec Windows XP pour simplifier et coordonner le téléchargement et le téléchargement de fichiers volumineux.Applications et composants système, notamment Windows Update, utilisent des bits pour fournir un système d'exploitation et

---

In this blog post we will describe: How attackers use the Background Intelligent Transfer Service (BITS) Forensic techniques for detecting attacker activity with data format specifications Public release of the BitsParser tool A real-world example of malware using BITS persistence Introduction Microsoft introduced the Background Intelligent Transfer Service (BITS) with Windows XP to simplify and coordinate downloading and uploading large files. Applications and system components, most notably Windows Update, use BITS to deliver operating system and]]> 2021-03-31T10:00:00+00:00 https://www.mandiant.com/resources/blog/attacker-use-of-windows-background-intelligent-transfer-service www.secnews.physaphae.fr/article.php?IdArticle=8377600 False Malware None 3.0000000000000000 Bleeping Computer - Magazine Américain 2021-03-31T07:55:47+00:00 https://www.bleepingcomputer.com/news/security/fake-jquery-files-load-obfuscated-malware-on-wordpress-sites/ www.secnews.physaphae.fr/article.php?IdArticle=2566118 False Malware None None Bleeping Computer - Magazine Américain 2021-03-31T07:55:47+00:00 https://www.bleepingcomputer.com/news/security/fake-jquery-files-infect-wordpress-sites-with-malware/ www.secnews.physaphae.fr/article.php?IdArticle=2566895 True Malware None None CISCO Talos - Cisco Research blog ]]> 2021-03-31T06:29:41+00:00 http://feedproxy.google.com/~r/feedburner/Talos/~3/RVCWpLd30v0/cheating-cheater-how-adversaries-are.html www.secnews.physaphae.fr/article.php?IdArticle=2593349 False Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2021-03-31T01:42:43+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/M8y5bq-NcEM/hackers-are-implanting-multiple.html www.secnews.physaphae.fr/article.php?IdArticle=2565387 False Malware APT 10,APT 10 None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2021-03-30T20:22:42+00:00 https://threatpost.com/malicious-docker-cryptomining-images/165120/ www.secnews.physaphae.fr/article.php?IdArticle=2563286 False Malware None None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Google removes privacy-focused ClearURLs Chrome extension (published: March 24, 2021) Researchers at Cato Networks have discovered two dozen malicious Google Chrome browser extensions and 40 associated malicious domains that were previously unidentified. Some extensions were found to steal users’ names and passwords, whilst others were stealing financial data. Spoofed extensions posing as legitimate ones were common, amongst them a fake ‘Postman’ extension harvesting companies API credentials to target company applications. The security vendor discovered the extensions on networks belonging to hundreds of its customers and found that they were not being flagged as malicious by endpoint protection tools and threat intelligence systems. Malicious extensions have been previously used in malicious campaigns, in 2020 researchers from Awake Security discovered over 100 malicious extensions engaged in a global campaign to steal credentials, take screenshots, and carry out other malicious activity. It was estimated that there were at least 32 million downloads of the malicious extensions. Analyst Comment: This story illustrates the complexities of using modern life as Google is a monolithic corporation that is integrated into everyone’s daily lives, both personal and business. Whilst many may find it difficult to do much without Google, the cost of using this software can often be your own privacy. Users should be aware that Google’s policies and usage of your data is not malicious and is perfectly legal but you are giving up your information. If something is free, you are the product. Tags: Google, Chrome, browser extension, privacy, Firefox, ClearURL Purple Fox Malware Targets Windows Machines With New Worm Capabilities (published: March 24, 2021) Purple Fox, which first appeared in 2018, is an active malware campaign that targeted victims through phishing and exploit kits, it required user interaction or some kind of third-party tool to infect Windows machines. However, the attackers behind the campaign have now upped their game and added new functionality that can brute force its way into victims' systems on its own, according to new research from Guardicore Labs. The researchers identified a new infection vector through Server Message Block (SMB) password brute force and the addition of a rootkit, allowing the actors to hide the malware on a machine making it more difficult to detect and remove. Purple Fox is believed to have compromised around 3,000 servers, the vast majority of which were old versions of Windows Server IIS version 7.5. It was very active in Spring and Summer 2020 before going quiet and then ramping up activity in early 2021. Analyst Comment: Malware authors are always innovating new methods of communicating back to the control servers. Always practice Defense in Depth (do not rely on single security mechanisms - security measures should be layered, redundant, and failsafe). MITRE ATT&CK: ]]> 2021-03-30T17:07:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-malware-phishing-ransomware-and-more www.secnews.physaphae.fr/article.php?IdArticle=2562365 False Ransomware,Malware,Tool,Vulnerability,Threat None None Schneier on Security - Chercheur Cryptologue Américain discovered a new Android app called “System Update” that is a sophisticated Remote-Access Trojan (RAT). From a news article: The broad range of data that this sneaky little bastard is capable of stealing is pretty horrifying. It includes: instant messenger messages and database files; call logs and phone contacts; Whatsapp messages and databases; pictures and videos; all of your text messages; and information on pretty much everything else that is on your phone (it will inventory the rest of the apps on your phone, for instance)...]]> 2021-03-30T15:00:13+00:00 https://www.schneier.com/blog/archives/2021/03/system-update-new-android-malware.html www.secnews.physaphae.fr/article.php?IdArticle=2561985 False Malware None 4.0000000000000000 Kaspersky - Kaspersky Research blog 2021-03-30T10:00:07+00:00 https://securelist.com/apt10-sophisticated-multi-layered-loader-ecipekac-discovered-in-a41apt-campaign/101519/ www.secnews.physaphae.fr/article.php?IdArticle=2560457 False Malware APT 10 5.0000000000000000 AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC when it comes to cyber defense. To make matters worse, there are laws and regulations in place that require schools to abide by certain standards. Failure to comply with these regulations can result in loss of government funding or hefty fines.  In this article, we will talk about the most common cyber attacks facing educational institutions today and top tips on how to prevent them.  Cyber crime is on the rise As our society increasingly embraces a digital world, partially out of necessity due to the coronavirus pandemic, opportunities for cyber criminals grow more plentiful. In March 2020, the month that marked the onset of the confusion, fear and subsequent lockdowns caused by the global health crisis, organizations experienced a 148% increase in ransomware attacks.  When possible, educational institutions should make efforts to allocate or obtain funding for experts that can assist in the area of cyber security. It’s not difficult to find statistics like the one mentioned above that indicate a great need for heightened vigilance towards cyber criminals.  Ideally, a cloud-based help desk program can be vital to the cyber security of your organization, enabling staff or students to send alerts if they have reason to believe they have been hacked. A cyber security team that offers security measures such daily backups and regular security patches that can go a long way towards protecting your institution. As the saying goes, an ounce of prevention is worth a pound of cure.  Top methods of attack used by cyber criminals against educational institutions According to Red Canary’s “Threat Detection Report,” the top three methods of attack facing educational institutions are from process injection, windows admin shares and scheduled tasks.  Windows admin shares Most of us are familiar with the “administrative access” request from Windows, which is sometimes prompted when we need to install new programs or otherwise make changes to our settings. If a hacker can find a way to guess or steal an administrative user’s password, or access this through brute force, the entire system becomes compromised.  Scheduled tasks Windows task scheduler allows users to arrange for a program or script to be run at a specific time or under certain circumstances.  For example, some users might schedule for an antivirus program to run a scan on their computer late in the evening when the user is less likely to be on the computer. Alternatively, a user can schedule that a certai]]> 2021-03-30T10:00:00+00:00 https://feeds.feedblitz.com/~/647955032/0/alienvault-blogs~What-educational-institutions-need-to-do-to-protect-themselves-from-cyber-threats www.secnews.physaphae.fr/article.php?IdArticle=2560465 False Ransomware,Malware None None InfoSecurity Mag - InfoSecurity Magazine 2021-03-30T09:30:00+00:00 https://www.infosecurity-magazine.com:443/news/fileless-malware-detections-soar-1/ www.secnews.physaphae.fr/article.php?IdArticle=2560442 False Malware None None 01net. Actualites - Securite - Magazine Francais ]]> 2021-03-30T02:49:00+00:00 https://www.01net.com/actualites/cette-mise-a-jour-android-est-un-parfait-espion-2039830.html www.secnews.physaphae.fr/article.php?IdArticle=2562017 False Malware None None SecurityWeek - Security News 2021-03-29T18:30:38+00:00 http://feedproxy.google.com/~r/Securityweek/~3/03KGVOx4iQs/vulnerability-netmask-npm-package-affects-280000-projects www.secnews.physaphae.fr/article.php?IdArticle=2557172 False Malware,Vulnerability,Guideline None None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2021-03-29T15:42:50+00:00 https://threatpost.com/php-infiltrated-backdoor-malware/165061/ www.secnews.physaphae.fr/article.php?IdArticle=2556376 False Malware None None SecurityWeek - Security News 2021-03-29T14:03:11+00:00 http://feedproxy.google.com/~r/Securityweek/~3/H3_wVJ9SNt4/hades-ransomware-hits-big-firms-operators-slow-respond-victims www.secnews.physaphae.fr/article.php?IdArticle=2555949 False Ransomware,Malware None None ZD Net - Magazine Info 2021-03-29T13:45:17+00:00 https://www.zdnet.com/article/official-php-git-server-targeted-in-attempt-to-bury-malware-in-code-base/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=2556336 False Malware None None ZD Net - Magazine Info 2021-03-29T07:02:19+00:00 https://www.zdnet.com/article/this-android-malware-hides-as-a-system-update-app-to-spy-on-you/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=2553888 False Malware None None Security Affairs - Blog Secu 2021-03-29T06:52:58+00:00 https://securityaffairs.co/wordpress/116070/malware/purple-fox-rootkit-version.html?utm_source=rss&utm_medium=rss&utm_campaign=purple-fox-rootkit-version www.secnews.physaphae.fr/article.php?IdArticle=2553437 False Malware None None Krebs on Security - Chercheur Américain 2021-03-28T17:40:44+00:00 https://krebsonsecurity.com/2021/03/no-i-did-not-hack-your-ms-exchange-server/ www.secnews.physaphae.fr/article.php?IdArticle=2549728 False Malware,Hack None None Security Affairs - Blog Secu 2021-03-27T17:32:20+00:00 https://securityaffairs.co/wordpress/116016/malware/android-spyware-system-update.html?utm_source=rss&utm_medium=rss&utm_campaign=android-spyware-system-update www.secnews.physaphae.fr/article.php?IdArticle=2545137 False Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2021-03-27T02:14:40+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/Sc5Jk2R4HqI/watch-out-that-android-system-update.html www.secnews.physaphae.fr/article.php?IdArticle=2543607 False Malware None None Bleeping Computer - Magazine Américain 2021-03-27T01:00:00+00:00 https://www.bleepingcomputer.com/news/security/new-android-malware-spies-on-you-while-posing-as-a-system-update/ www.secnews.physaphae.fr/article.php?IdArticle=2542742 False Malware None None TroyHunt - Blog Security 2021-03-26T19:35:44+00:00 https://arstechnica.com/?p=1752576 www.secnews.physaphae.fr/article.php?IdArticle=2539126 False Malware None None SecureMac - Security focused on MAC 2021-03-26T02:00:00+00:00 https://www.securemac.com/news/xcodespy-mac-malware-targets-developers www.secnews.physaphae.fr/article.php?IdArticle=2601737 False Malware None None Security Affairs - Blog Secu 2021-03-25T17:04:26+00:00 https://securityaffairs.co/wordpress/115956/apt/facebook-china-apt-uyghur.html?utm_source=rss&utm_medium=rss&utm_campaign=facebook-china-apt-uyghur www.secnews.physaphae.fr/article.php?IdArticle=2532731 False Malware None None IT Security Guru - Blog Sécurité 2021-03-25T12:33:19+00:00 https://www.itsecurityguru.org/2021/03/25/facebook-stops-chinese-hackers-spying-on-uighurs-living-abroad/?utm_source=rss&utm_medium=rss&utm_campaign=facebook-stops-chinese-hackers-spying-on-uighurs-living-abroad www.secnews.physaphae.fr/article.php?IdArticle=2531799 False Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2021-03-25T05:05:29+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/9gpZG_Qu02c/black-kingdom-ransomware-hunting.html www.secnews.physaphae.fr/article.php?IdArticle=2531711 False Ransomware,Malware None None TroyHunt - Blog Security 2021-03-24T20:56:32+00:00 https://arstechnica.com/?p=1752030 www.secnews.physaphae.fr/article.php?IdArticle=2528619 False Malware None None SecurityWeek - Security News 2021-03-24T18:56:34+00:00 http://feedproxy.google.com/~r/Securityweek/~3/b6aPlTnPQME/facebook-disrupts-chinese-spies-using-iphone-android-malware www.secnews.physaphae.fr/article.php?IdArticle=2528464 False Malware,Threat None None Bleeping Computer - Magazine Américain 2021-03-24T16:17:42+00:00 https://www.bleepingcomputer.com/news/security/facebook-blocks-chinese-state-hackers-targeting-uyghur-activists/ www.secnews.physaphae.fr/article.php?IdArticle=2528925 False Malware None None Cisco - Security Firm Blog 2021-03-24T15:00:29+00:00 https://blogs.cisco.com/security/what-are-you-missing-when-you-dont-enable-global-threat-alerts www.secnews.physaphae.fr/article.php?IdArticle=2527118 False Malware,Threat None None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2021-03-24T14:56:09+00:00 https://threatpost.com/purple-fox-malware-windows-worm/164993/ www.secnews.physaphae.fr/article.php?IdArticle=2527063 False Malware None 4.0000000000000000 SecurityWeek - Security News 2021-03-24T12:09:29+00:00 http://feedproxy.google.com/~r/Securityweek/~3/ypXgbqKDXbw/honeywell-says-malware-disrupted-it-systems www.secnews.physaphae.fr/article.php?IdArticle=2526736 False Malware None None ZD Net - Magazine Info 2021-03-24T11:21:49+00:00 https://www.zdnet.com/article/purple-fox-malware-evolves-to-propagate-across-windows-machines/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=2526691 False Malware None None InformationSecurityBuzzNews - Site de News Securite 2021-03-24T10:49:01+00:00 https://informationsecuritybuzz.com/expert-comments/android-trojan-posing-as-clubhouse-app/ www.secnews.physaphae.fr/article.php?IdArticle=2526182 False Malware None 3.0000000000000000 AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Managed Threat Detection and Response (MTDR) analyst team was notified of malware on a customer’s assets who frequently uses freeware. The primary piece of malware that was detected by Cisco® Secure Endpoint (formerly AMP for Endpoints) did not appear to be particularly malicious, so the investigation was originally reported as a medium severity. After some time, several alarms were raised due to additional malware that was encountered on multiple assets within the customer’s environment and it was determined they were likely caused by freeware. After some investigating, a report was created by the analyst containing a list of infected machines, files, and their related malware families. The severity of the investigation was changed to a high severity, and the customer was notified based on their incident response plan (IRP) to begin immediate remediation efforts. Investigation Initial Alarm Review Malware Infection Cisco Secure Endpoint – Threat detected The Initial alarm was raised due to a piece of malware detected by Cisco® Secure Endpoint that was indicative of a single malware infection. The first detection that emerged appeared to be benign, as it was reported by multiple open source intelligence (OSINT) sites as known-clean files. Due to the detection of this original file, this investigation was set at a medium severity as a precautionary measure. After some time, additional alarms were raised that were indicative of a deeper, more malicious infection. It became clear that additional investigation was necessary. During the investigation, nearly two hundred events of varying malware infections were detected, indicating there was propagating malware. The detected events of malware were filtered for benign hashes using the AT&T Alien Labs Open Threat Exchange (OTX) as well as other OSINT sites. The malicious files were organized into a report with infected files, hashes, as well as a list of the fifty suspected infected assets. After the report was organized and the additional alarms were posted within the investigation, the severity was increased from medium to high to prompt immediate customer response and quarantine of these threats. Expanded Investigation ]]> 2021-03-24T10:00:00+00:00 https://feeds.feedblitz.com/~/647490508/0/alienvault-blogs~Stories-from-the-SOC-%e2%80%93-Propagating-malware www.secnews.physaphae.fr/article.php?IdArticle=2526378 False Malware,Threat None None ProofPoint - Firm Security 2021-03-24T08:48:20+00:00 https://www.proofpoint.com/us/newsroom/news/new-chinese-malware-copperstealer-thieving-credentials-saved-browsers www.secnews.physaphae.fr/article.php?IdArticle=2592445 False Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2021-03-23T23:36:20+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/_p_rxxPRdEY/purple-fox-rootkit-can-now-spread.html www.secnews.physaphae.fr/article.php?IdArticle=2525751 False Malware None None SecurityWeek - Security News 2021-03-23T20:37:49+00:00 http://feedproxy.google.com/~r/Securityweek/~3/w-pskMTDmDI/purple-fox-malware-squirms-worm-windows www.secnews.physaphae.fr/article.php?IdArticle=2523978 False Malware None 4.0000000000000000 Bleeping Computer - Magazine Américain 2021-03-23T16:54:30+00:00 https://www.bleepingcomputer.com/news/security/purple-fox-malware-worms-its-way-into-exposed-windows-systems/ www.secnews.physaphae.fr/article.php?IdArticle=2524362 False Malware None 5.0000000000000000 Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Bogus Android Clubhouse App Drops Credential-Swiping Malware (published: March 19, 2021) Researchers are warning of a fake version of the popular audio chat app Clubhouse, which delivers malware that steals login credentials for more than 450 apps. Clubhouse has burst on the social media scene over the past few months, gaining hype through its audio-chat rooms where participants can discuss anything from politics to relationships. Despite being invite-only, and only being around for a year, the app is closing in on 13 million downloads. The app is only available on Apple's App Store mobile application marketplace - though plans are in the works to develop one. Analyst Comment: Use only the official stores to download apps to your devices. Be wary of what kinds of permissions you grant to applications. Before downloading an app, do some research. MITRE ATT&CK: [MITRE ATT&CK] Remote File Copy - T1105 Tags: LokiBot, BlackRock, Banking, Android, Clubhouse Trojanized Xcode Project Slips XcodeSpy Malware to Apple Developers (published: March 18, 2021) Researchers from cybersecurity firm SentinelOne have discovered a malicious version of the legitimate iOS TabBarInteraction Xcode project being distributed in a supply-chain attack. The malware, dubbed XcodeSpy, targets Xcode, an integrated development environment (IDE) used in macOS for developing Apple software and applications. The malicious project is a ripped version of TabBarInteraction, a legitimate project that has not been compromised. Malicious Xcode projects are being used to hijack developer systems and spread custom EggShell backdoors. Analyst Comment: Researchers attribute this new targeting of Apple developers to North Korea and Lazarus group: similar TTPs of compromising developer supply chain were discovered in January 2021 when North Korean APT was using a malicious Visual Studio project. Moreover, one of the victims of XcodeSpy is a Japanese organization regularly targeted by North Korea. A behavioral detection solution is required to fully detect the presence of XcodeSpy payloads. MITRE ATT&CK: [MITRE ATT&CK] Remote File Copy - T1105 | [MITRE ATT&CK] Security Software Discovery - T1063 | [MITRE ATT&CK] Obfuscated Files or Information - T1027 Tags: Lazarus, XcodeSpy, North Korea, EggShell, Xcode, Apple Cybereason Exposes Campaign Targeting US Taxpayers with NetWire and Remcos Malware (published: March 18, 2021) Cybereason detected a new campaig]]> 2021-03-23T14:00:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-apt-malware-vulnerabilities-and-more www.secnews.physaphae.fr/article.php?IdArticle=2522336 False Ransomware,Malware,Tool,Threat,Patching,Medical APT 38,APT 28 None SANS Institute - SANS est un acteur de defense et formation Tuesday&#;x26;#;39;s Stormcast, Johannes talked about malware written in the Nim Programming language. ]]> 2021-03-22T22:55:51+00:00 https://isc.sans.edu/diary/rss/27230 www.secnews.physaphae.fr/article.php?IdArticle=2520051 False Malware None None SecurityWeek - Security News 2021-03-22T14:00:25+00:00 http://feedproxy.google.com/~r/Securityweek/~3/Y3jg1dchhgQ/researchers-raise-alarm-f5-big-ip-malware-attacks www.secnews.physaphae.fr/article.php?IdArticle=2517182 False Malware None None InformationSecurityBuzzNews - Site de News Securite 2021-03-22T12:16:33+00:00 https://informationsecuritybuzz.com/expert-comments/new-copperstealer-malware-steals-google-apple-facebook-accounts/ www.secnews.physaphae.fr/article.php?IdArticle=2516889 True Malware None None Security Affairs - Blog Secu 2021-03-19T23:30:18+00:00 https://securityaffairs.co/wordpress/115770/cyber-crime/russian-man-malware-tesla.html?utm_source=rss&utm_medium=rss&utm_campaign=russian-man-malware-tesla www.secnews.physaphae.fr/article.php?IdArticle=2508493 True Malware,Guideline None None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2021-03-19T15:21:45+00:00 https://threatpost.com/android-clubhouse-app-malware/164915/ www.secnews.physaphae.fr/article.php?IdArticle=2505992 False Malware None None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2021-03-19T14:52:21+00:00 https://threatpost.com/copperstealer-hijacks-accounts/164919/ www.secnews.physaphae.fr/article.php?IdArticle=2505834 False Malware None None InfoSecurity Mag - InfoSecurity Magazine 2021-03-19T12:05:00+00:00 https://www.infosecurity-magazine.com:443/news/eset-malware-disguised-clubhouse/ www.secnews.physaphae.fr/article.php?IdArticle=2505577 False Malware None None InfoSecurity Mag - InfoSecurity Magazine 2021-03-19T11:15:00+00:00 https://www.infosecurity-magazine.com:443/news/russian-man-guilty-tesla-extortion/ www.secnews.physaphae.fr/article.php?IdArticle=2505332 False Malware None None InformationSecurityBuzzNews - Site de News Securite 2021-03-19T11:10:02+00:00 https://informationsecuritybuzz.com/expert-comments/rat-targets-us-taxpayers-experts-insight/ www.secnews.physaphae.fr/article.php?IdArticle=2505356 False Malware None None Bleeping Computer - Magazine Américain 2021-03-19T09:05:00+00:00 https://www.bleepingcomputer.com/news/security/russian-pleads-guilty-to-tesla-hacking-and-extortion-attempt/ www.secnews.physaphae.fr/article.php?IdArticle=2505800 False Malware,Guideline None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2021-03-19T04:34:08+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/X4DI80ylR8E/tesla-ransomware-hacker-pledges-guilty.html www.secnews.physaphae.fr/article.php?IdArticle=2505459 False Ransomware,Malware None 3.0000000000000000 Security Affairs - Blog Secu 2021-03-18T22:31:29+00:00 https://securityaffairs.co/wordpress/115729/malware/xcodespy-mac-malware.html?utm_source=rss&utm_medium=rss&utm_campaign=xcodespy-mac-malware www.secnews.physaphae.fr/article.php?IdArticle=2503112 True Malware,Threat None None SentinelOne (SecIntel) - Cyber Firms Targeting software developers is one route to a successful supply chain attack. Now threat actors are going after Apple developers through the Xcode IDE.]]> 2021-03-18T19:55:58+00:00 https://www.sentinelone.com/labs/new-macos-malware-xcodespy-targets-xcode-developers-with-eggshell-backdoor/ www.secnews.physaphae.fr/article.php?IdArticle=8388358 False Malware,Threat None 2.0000000000000000 Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2021-03-18T19:42:21+00:00 https://threatpost.com/xcode-macos-malware-apple-developers/164897/ www.secnews.physaphae.fr/article.php?IdArticle=2502112 False Malware,Threat None None SecurityWeek - Security News 2021-03-18T16:06:03+00:00 http://feedproxy.google.com/~r/Securityweek/~3/ZgybnsoXWu4/new-xcodespy-mac-malware-targets-software-developers www.secnews.physaphae.fr/article.php?IdArticle=2501122 False Malware,Threat None None