This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-06-06T13:00:38+00:00 www.secnews.physaphae.fr Global Security Mag - Site de news francais Produits]]> 2024-04-12T11:11:38+00:00 https://www.globalsecuritymag.fr/palo-alto-networks-offre-une-plateforme-soc-de-l-industrie-pour-le-cloud.html www.secnews.physaphae.fr/article.php?IdArticle=8480687 False Threat,Cloud None 2.0000000000000000 SecurityWeek - Security News CheckMarx met en garde contre une nouvelle attaque en s'appuyant sur la manipulation de la recherche GitHub pour livrer du code malveillant.

---

>Checkmarx warns of a new attack relying on GitHub search manipulation to deliver malicious code. ]]> 2024-04-12T09:55:57+00:00 https://www.securityweek.com/threat-actors-manipulate-github-search-to-deliver-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8480680 False Malware,Threat None 2.0000000000000000 BlackBerry - Fabricant Matériel et Logiciels BlackBerry analysts have identified a spear-phishing campaign by threat group FIN7 that targeted a large automotive manufacturer based in the United States. FIN7 used the lure of a free IP scanning tool to run malware and gain an initial foothold. ]]> 2024-04-12T08:01:00+00:00 https://blogs.blackberry.com/en/2024/04/fin7-targets-the-united-states-automotive-industry www.secnews.physaphae.fr/article.php?IdArticle=8484138 False Malware,Tool,Threat None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial The U.S. Cybersecurity and Infrastructure Security Agency (CISA) publicly issued Emergency Directive (ED) 24-02 in response to a... ]]> 2024-04-12T07:12:41+00:00 https://industrialcyber.co/cisa/cisa-issues-emergency-directive-24-02-in-response-to-russian-cyber-threat-targeting-microsoft-email-accounts/ www.secnews.physaphae.fr/article.php?IdArticle=8480557 False Threat None 3.0000000000000000 Zataz - Magazine Francais de secu 2024-04-12T07:05:22+00:00 https://www.zataz.com/une-cyber-armee-pour-lallemagne/ www.secnews.physaphae.fr/article.php?IdArticle=8480526 False Threat None 3.0000000000000000 ProofPoint - Cyber Firms 2024-04-12T06:00:03+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/defeating-malicious-application-creation-attacks www.secnews.physaphae.fr/article.php?IdArticle=8480713 False Spam,Malware,Tool,Threat,Cloud APT 29 3.0000000000000000 The Register - Site journalistique Anglais Report claims India\'s government, which is accused of using Pegasus at home, was displeased Apple has made a significant change to the wording of its threat notifications, opting not to attribute attacks to a specific source or perpetrator, but categorizing them broadly as "mercenary spyware."…]]> 2024-04-12T04:46:11+00:00 https://go.theregister.com/feed/www.theregister.com/2024/04/12/apple_mercenary_spyware/ www.secnews.physaphae.fr/article.php?IdArticle=8480464 False Threat None 3.0000000000000000 Dark Reading - Informationweek Branch Project behind the Rust programming language asserted that any calls to a specific API would be made safe, even with unsafe inputs, but researchers found ways to circumvent the protections.]]> 2024-04-11T20:08:48+00:00 https://www.darkreading.com/application-security/critical-rust-flaw-poses-exploit-threat-in-specific-windows-use-cases www.secnews.physaphae.fr/article.php?IdArticle=8480247 False Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot The Insikt Group has uncovered a large-scale Russian-language cybercrime operation that leverages fake Web3 gaming projects to distribute infostealer malware targeting both macOS and Windows users. ## Description These Web3 games, based on blockchain technology, entice users with the potential for cryptocurrency earnings. The campaign involves creating imitation Web3 gaming projects with minor modifications to appear legitimate, along with fake social media accounts to enhance their credibility. Upon visiting the main webpages of these projects, users are prompted to download malware such as Atomic macOS Stealer (AMOS), Stealc, Rhadamanthys, or RisePro, depending on their operating system. The threat actors have established a resilient infrastructure and are targeting Web3 gamers, exploiting their potential lack of cyber hygiene in pursuit of financial gains. The malware variants, including AMOS, are capable of infecting both Intel and Apple M1 Macs, indicating a broad vulnerability among users. The primary objective of the campaign appears to be the theft of cryptocurrency wallets, posing a significant risk to financial security. The threat actors\' Russian origin is hinted at by artifacts within the HTML code, although their exact location remains uncertain. ## References [https://www.recordedfuture.com/cybercriminal-campaign-spreads-infostealers-highlighting-risks-to-web3-gaming](https://www.recordedfuture.com/cybercriminal-campaign-spreads-infostealers-highlighting-risks-to-web3-gaming)]]> 2024-04-11T19:26:57+00:00 https://community.riskiq.com/article/0cdc08b5 www.secnews.physaphae.fr/article.php?IdArticle=8480234 False Malware,Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch In new threat notification information, Apple singled out Pegasus vendor NSO Group as a culprit in mercenary spyware attacks.]]> 2024-04-11T18:19:43+00:00 https://www.darkreading.com/vulnerabilities-threats/apple-warns-users-targeted-by-mercenary-spyware www.secnews.physaphae.fr/article.php?IdArticle=8480188 False Threat None 3.0000000000000000 Bleeping Computer - Magazine Américain LastPass revealed this week that threat actors targeted one of its employees in a voice phishing attack, using deepfake audio to impersonate Karim Toubba, the company\'s Chief Executive Officer. [...]]]> 2024-04-11T18:00:39+00:00 https://www.bleepingcomputer.com/news/security/lastpass-hackers-targeted-employee-in-failed-deepfake-ceo-call/ www.secnews.physaphae.fr/article.php?IdArticle=8480277 False Threat LastPass 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A threat actor tracked as TA547 has targeted dozens of German organizations with an information stealer called Rhadamanthys as part of an invoice-themed phishing campaign. "This is the first time researchers observed TA547 use Rhadamanthys, an information stealer that is used by multiple cybercriminal threat actors," Proofpoint said. "Additionally, the actor appeared to]]> 2024-04-11T17:02:00+00:00 https://thehackernews.com/2024/04/ta547-phishing-attack-hits-german-firms.html www.secnews.physaphae.fr/article.php?IdArticle=8479962 False Threat None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial Researchers from the HP Threat Research team have observed a shift in the distribution method of Raspberry Robin... ]]> 2024-04-11T16:37:18+00:00 https://industrialcyber.co/ransomware/hp-details-evolution-of-raspberry-robin-malware-shift-in-distribution-method-and-threat-landscape/ www.secnews.physaphae.fr/article.php?IdArticle=8480123 False Malware,Threat None 2.0000000000000000 Palo Alto Network - Site Constructeur Google Cloud et Palo Alto Networks annoncent l'entreprise de pare-feu de nouvelle génération Google Cloud.Il a de vastes capacités de prévention des menaces.

---

>Google Cloud and Palo Alto Networks announce Google Cloud Next-Generation Firewall Enterprise. It has extensive threat prevention capabilities. ]]> 2024-04-11T16:00:43+00:00 https://www.paloaltonetworks.com/blog/2024/04/google-cloud-ngfw-enterprise/ www.secnews.physaphae.fr/article.php?IdArticle=8480088 False Threat,Cloud None 2.0000000000000000 ProofPoint - Cyber Firms 2024-04-11T13:27:54+00:00 https://www.proofpoint.com/us/blog/cloud-security/revisiting-mact-malicious-applications-credible-cloud-tenants www.secnews.physaphae.fr/article.php?IdArticle=8480061 False Malware,Threat,Prediction,Cloud APT 29 3.0000000000000000 SecurityWeek - Security News Avec l'intelligence de menace automatisée, détaillée et contextualisée, les organisations peuvent mieux anticiper l'activité malveillante et utiliser l'intelligence pour accélérer la détection autour d'attaques éprouvées.

---

>With automated, detailed, contextualized threat intelligence, organizations can better anticipate malicious activity and utilize intelligence to speed detection around proven attacks. ]]> 2024-04-11T13:19:09+00:00 https://www.securityweek.com/why-intelligence-sharing-is-vital-to-building-a-robust-collective-cyber-defense-program/ www.secnews.physaphae.fr/article.php?IdArticle=8480026 False Threat None 3.0000000000000000 knowbe4 - cybersecurity services > En décembre 2023, un joint Alerte a été publié par le FBI, la CISA, la NSA, l'EPA et l'incd concernant les cyber-acteurs iraniens appelés" cyberav3ngers "liés à l'Iran \\ ''S Islamic Revolutionary Guard Corps (IRGC).

---

In December 2023, a joint alert was issued by the FBI, CISA, NSA, EPA, and INCD regarding Iranian cyber actors known as "CyberAv3ngers" linked to Iran\'s Islamic Revolutionary Guard Corps (IRGC). ]]> 2024-04-11T12:19:04+00:00 https://blog.knowbe4.com/water-facilities-compromised-iranian-threat-actors www.secnews.physaphae.fr/article.php?IdArticle=8479987 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Apple on Wednesday revised its documentation pertaining to its mercenary spyware threat notification system to mention that it alerts users when they may have been individually targeted by such attacks. It also specifically called out companies like NSO Group for developing commercial surveillance tools such as Pegasus that are used by state actors to pull off "individually targeted]]> 2024-04-11T12:14:00+00:00 https://thehackernews.com/2024/04/apple-expands-spyware-alert-system-to.html www.secnews.physaphae.fr/article.php?IdArticle=8479812 False Tool,Threat,Commercial None 4.0000000000000000 The State of Security - Magazine Américain What\'s going on? A relatively new strain of ransomware called DragonForce has making the headlines after a series of high-profile attacks. Like many other ransomware groups, DragonForce attempts to extort money from its victims in two ways - locking companies out of their computers and data through encryption, and exfiltrating data from compromised systems with the threat of releasing it to others via the dark web. So far, so normal. How did DragonForce come to prominence? DragonForce\'s earliest known ransomware attack was against the Ohio Lottery . In that case, DragonForce boasted it had...]]> 2024-04-11T10:00:55+00:00 https://www.tripwire.com/state-of-security/dragonforce-ransomware-what-you-need-know www.secnews.physaphae.fr/article.php?IdArticle=8480054 False Ransomware,Threat None 2.0000000000000000 Amensty International - International Orgs What are the Apple threat notifications and how you can protect myself ]]> 2024-04-11T09:49:24+00:00 https://securitylab.amnesty.org/latest/2024/04/apple-threat-notifications-what-they-mean-and-what-you-can-do/ www.secnews.physaphae.fr/article.php?IdArticle=8479896 False Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Checkmarx warns of GitHub search result manipulation designed to promote malicious repositories]]> 2024-04-11T09:40:00+00:00 https://www.infosecurity-magazine.com/news/threat-actors-game-github-search/ www.secnews.physaphae.fr/article.php?IdArticle=8479900 False Malware,Threat None 3.0000000000000000 Korben - Bloger francais 2024-04-11T09:22:24+00:00 https://korben.info/faille-critique-0day-noyaux-linux-chercheur-vole-travail.html www.secnews.physaphae.fr/article.php?IdArticle=8479901 False Threat None 3.0000000000000000 Global Security Mag - Site de news francais Points de Vue]]> 2024-04-11T09:08:07+00:00 https://www.globalsecuritymag.fr/securiser-les-jeux-d-ete-une-course-contre-les-cybermenaces.html www.secnews.physaphae.fr/article.php?IdArticle=8479906 False Threat None 3.0000000000000000 Securonix - Siem The Securonix Threat Research team takes a deep dive into this article in our knowledge sharing series on detecting DLL sideloading techniques found In recent real-world malware attack chains]]> 2024-04-11T08:00:24+00:00 https://www.securonix.com/blog/detecting-dll-sideloading-techniques-in-malware-attack-chains/ www.secnews.physaphae.fr/article.php?IdArticle=8480009 False Malware,Threat None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial The U.S. Cybersecurity and Infrastructure Security Agency (CISA) launched on Wednesday a new version of its malware analysis... ]]> 2024-04-11T07:32:16+00:00 https://industrialcyber.co/cisa/cisa-introduces-malware-next-gen-analysis-system-with-improved-scalability-threat-hunting-capabilities/ www.secnews.physaphae.fr/article.php?IdArticle=8479837 False Malware,Threat None 3.0000000000000000 ProofPoint - Cyber Firms 2024-04-11T06:23:43+00:00 https://www.proofpoint.com/us/blog/security-awareness-training/faqs-2024-state-phish-report-part-1-threat-landscape www.secnews.physaphae.fr/article.php?IdArticle=8480017 False Ransomware,Malware,Tool,Threat,Cloud,Technical None 3.0000000000000000 AhnLab - Korean Security Firm Ahnlab Security Intelligence Center (ASEC) a récemment découvert que le Metasploit Meterpreter Backdoor a été installé via le service Redis.Redis est une abréviation du serveur de dictionnaire distant, qui est un stockage de structure de données en mémoire open source qui est également utilisé comme base de données.Il est présumé que les acteurs de la menace ont abusé des paramètres inappropriés ou exécuté des commandes par le biais d'attaques de vulnérabilité.Redis est utilisé à diverses fins, les principaux étant la gestion de session, le courtier de messages et les files d'attente.Autant de systèmes partout ...

---

AhnLab SEcurity intelligence Center (ASEC) recently discovered that the Metasploit Meterpreter backdoor has been installed via the Redis service. Redis is an abbreviation of Remote Dictionary Server, which is an open-source in-memory data structure storage that is also used as a database. It is presumed that the threat actors abused inappropriate settings or ran commands through vulnerability attacks. Redis is used for various purposes with the main ones being session management, message broker, and queues. As many systems all over... ]]> 2024-04-11T00:36:25+00:00 https://asec.ahnlab.com/en/64034/ www.secnews.physaphae.fr/article.php?IdArticle=8479670 False Vulnerability,Threat None 3.0000000000000000 TrendLabs Security - Editeur Antivirus Discover how Trend is strengthening its endpoint solutions to detect fileless attacks earlier. By leveraging Intel Threat Detection Technology, Trend enhances the scalability and resiliency of its solutions.]]> 2024-04-11T00:00:00+00:00 https://www.trendmicro.com/en_us/research/24/d/fileless-malware-attack-solution.html www.secnews.physaphae.fr/article.php?IdArticle=8480876 False Threat,Prediction None 2.0000000000000000 Dark Reading - Informationweek Branch Following the Volt Typhoon attacks on critical infrastructure in the region by China, the US reportedly will share cybersecurity threat information with both countries.]]> 2024-04-10T23:00:00+00:00 https://www.darkreading.com/cybersecurity-operations/japan-philippines-us-forge-cyber-threat-intelligence-sharing-alliance www.secnews.physaphae.fr/article.php?IdArticle=8479615 False Threat Guam 2.0000000000000000 Techworm - News (anciennement Twitter). En l'absence de correctif, la Fondation ShadowServer recommande aux utilisateurs de prendre leur appareil hors ligne ou de le remplacer ou au moins de faire un pare-feu d'accès à distance pour bloquer les menaces potentielles. La vulnérabilité dans les appareils Nas D-Link constitue une menace significative pour les utilisateurs et souligne la nécessité de rester vigilant sur la cybersécurité, ainsi que souligne l'importance des mises à jour régulières de cybersécurité.Pour éviter l'exploitation des acteurs malveillants, les utilisateurs peuvent suivre les mesures de précaution recommandées pour protéger leurs appareils et protéger leurs données.

---

Hackers are scanning and actively exploiting an unpatched vulnerabilit]]> 2024-04-10T22:21:16+00:00 https://www.techworm.net/2024/04/92000-d-link-nas-devices-are-vulnerable-to-malware-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=8480832 False Malware,Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An active Android malware campaign dubbed eXotic Visit has been primarily targeting users in South Asia, particularly those in India and Pakistan, with malware distributed via dedicated websites and Google Play Store. Slovak cybersecurity firm said the activity, ongoing since November 2021, is not linked to any known threat actor or group. It\'s tracking the group behind the operation under the]]> 2024-04-10T19:54:00+00:00 https://thehackernews.com/2024/04/exotic-visit-spyware-campaign-targets.html www.secnews.physaphae.fr/article.php?IdArticle=8479379 False Malware,Threat,Mobile None 3.0000000000000000 Dark Reading - Informationweek Branch It\'s finally happening: Rather than just for productivity and research, threat actors are using LLMs to write malware. But companies need not worry just yet.]]> 2024-04-10T18:48:47+00:00 https://www.darkreading.com/threat-intelligence/ta547-uses-llm-generated-dropper-infect-german-orgs www.secnews.physaphae.fr/article.php?IdArticle=8479529 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are now taking advantage of GitHub\'s search functionality to trick unsuspecting users looking for popular repositories into downloading spurious counterparts that serve malware. The latest assault on the open-source software supply chain involves concealing malicious code within Microsoft Visual Code project files that\'s designed to download next-stage payloads from a remote URL,]]> 2024-04-10T18:08:00+00:00 https://thehackernews.com/2024/04/beware-githubs-fake-popularity-scam.html www.secnews.physaphae.fr/article.php?IdArticle=8479340 False Malware,Threat None 3.0000000000000000 CrowdStrike - CTI Society Two recent Microsoft breaches underscore the growing problem of cloud identity attacks and why it’s critical to stop them.  While Microsoft Active Directory (AD) remains a prime target for attackers, cloud identity stores such as Microsoft Entra ID are also a target of opportunity. The reason is simple: Threat actors increasingly seek to mimic legitimate […]]]> 2024-04-10T17:00:52+00:00 https://www.crowdstrike.com/blog/identity-security-capabilities-stop-attacks-cloud/ www.secnews.physaphae.fr/article.php?IdArticle=8486960 False Threat,Cloud None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Proofpoint said this is the first time the threat actor has been seen using LLM-generated PowerShell scripts]]> 2024-04-10T16:00:00+00:00 https://www.infosecurity-magazine.com/news/rhadamanthys-deployed-ta547-german/ www.secnews.physaphae.fr/article.php?IdArticle=8479408 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have disclosed what they say is the "first native Spectre v2 exploit" against the Linux kernel on Intel systems that could be exploited to read sensitive data from the memory. The exploit, called Native Branch History Injection (BHI), can be used to leak arbitrary kernel memory at 3.5 kB/sec by bypassing existing Spectre v2/BHI mitigations, researchers from Systems and]]> 2024-04-10T14:56:00+00:00 https://thehackernews.com/2024/04/researchers-uncover-first-native.html www.secnews.physaphae.fr/article.php?IdArticle=8479247 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) We all know passwords and firewalls are important, but what about the invisible threats lurking beneath the surface of your systems? Identity Threat Exposures (ITEs) are like secret tunnels for hackers – they make your security way more vulnerable than you think. Think of it like this: misconfigurations, forgotten accounts, and old settings are like cracks in your digital fortress walls. Hackers]]> 2024-04-10T14:32:00+00:00 https://thehackernews.com/2024/04/webinar-learn-how-to-stop-hackers-from.html www.secnews.physaphae.fr/article.php?IdArticle=8479216 False Threat None 2.0000000000000000 Recorded Future - FLux Recorded Future Un groupe de cybercriminalité roumain présumé reste actif après plus d'une décennie de fonctionnement et se spécialise actuellement dans la cryptomiminage, les campagnes de phishing et les attaques du DDOS, selon des chercheurs en cybersécurité.Le groupe, étiqueté Rumbycarp, peut être lié à un autre acteur présumé de la menace roumaine avec des activités similaires appelées Outlaw, ont déclaré des analystes de l'équipe de recherche sur les menaces Sysdig.

---

A suspected Romanian cybercrime group remains active after more than a decade of operation and currently specializes in cryptomining, phishing campaigns and DDoS attacks, according to cybersecurity researchers. The group, labeled Rubycarp, may be related to another alleged Romanian threat actor with similar activities called Outlaw, said analysts from the Sysdig Threat Research Team.]]> 2024-04-10T13:52:27+00:00 https://therecord.media/romania-linked-rubycarp-cryptomining-phishing www.secnews.physaphae.fr/article.php?IdArticle=8479341 False Threat None 3.0000000000000000 Dragos - CTI Society Bienvenue à & # 8220; The Hunt, & # 8221;Notre série de blogs offrant des informations et des stratégies approfondies pour défendre contre les cyber-risques sophistiqués menaçant OT ... Le post la chasse: détection est apparu pour la première fois sur dragos .

---

>Welcome back to “The Hunt,” our blog series offering in-depth insights and strategies for defending against sophisticated cyber risks threatening OT... The post The Hunt: Detecting VOLTZITE Threat Group Activity in Critical Infrastructure  first appeared on Dragos.]]> 2024-04-10T13:00:00+00:00 https://www.dragos.com/blog/hunting-for-voltzite-threat-group-activity-in-critical-infrastructure/ www.secnews.physaphae.fr/article.php?IdArticle=8479301 False Threat,Industrial None 3.0000000000000000 IT Security Guru - Blog Sécurité Hack the Box Redéfinit les performances de la cybersécurité, établissant de nouvelles normes dans la cyber-préparation des organisations est apparu pour la première fois sur Guru de sécurité informatique.

---

Companies can level up their cybersecurity defenses – eliminating the skills and knowledge gaps that criminals regularly exploit thanks to Hack The Box\'s Cyber Performance Center. Hack The Box\'s Cyber Performance Center unites individual ability, business management practices, and the human factor in the cybersecurity industry and it is designed to help organizations take a […] The post Hack The Box redefines cybersecurity performance, setting new standards in the cyber readiness of organizations first appeared on IT Security Guru. ]]> 2024-04-10T12:25:50+00:00 https://www.itsecurityguru.org/2024/04/10/hack-the-box-redefines-cybersecurity-performance-setting-new-standards-in-the-cyber-readiness-of-organizations/?utm_source=rss&utm_medium=rss&utm_campaign=hack-the-box-redefines-cybersecurity-performance-setting-new-standards-in-the-cyber-readiness-of-organizations www.secnews.physaphae.fr/article.php?IdArticle=8479304 False Hack,Threat None 3.0000000000000000 Bleeping Computer - Magazine Américain A threat actor is using a PowerShell script that was likely created with the help of an artificial intelligence system such as OpenAI\'s ChatGPT, Google\'s Gemini, or Microsoft\'s CoPilot. [...]]]> 2024-04-10T12:12:40+00:00 https://www.bleepingcomputer.com/news/security/malicious-powershell-script-pushing-malware-looks-ai-written/ www.secnews.physaphae.fr/article.php?IdArticle=8479446 False Malware,Threat ChatGPT 3.0000000000000000 ProofPoint - Cyber Firms 2024-04-10T10:12:47+00:00 https://www.proofpoint.com/us/blog/threat-insight/security-brief-ta547-targets-german-organizations-rhadamanthys-stealer www.secnews.physaphae.fr/article.php?IdArticle=8479187 False Malware,Tool,Threat ChatGPT 2.0000000000000000 SecurityWeek - Security News Microsoft Patches CVE-2024-29988 et CVE-2024-26234, deux vulnérabilités de jour zéro exploitées par les acteurs de la menace pour livrer des logiciels malveillants.

---

>Microsoft patches CVE-2024-29988 and CVE-2024-26234, two zero-day vulnerabilities exploited by threat actors to deliver malware. ]]> 2024-04-10T09:33:35+00:00 https://www.securityweek.com/microsoft-patches-two-zero-days-exploited-for-malware-delivery/ www.secnews.physaphae.fr/article.php?IdArticle=8479243 False Malware,Vulnerability,Threat None 2.0000000000000000 Bleeping Computer - Magazine Américain Threat actors are abusing GitHub automation features and malicious Visual Studio projects to push a new variant of the "Keyzetsu" clipboard-hijacking malware and steal cryptocurrency payments. [...]]]> 2024-04-10T07:00:00+00:00 https://www.bleepingcomputer.com/news/security/malicious-visual-studio-projects-on-github-push-keyzetsu-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8479372 False Malware,Threat None 2.0000000000000000 The State of Security - Magazine Américain As digital threats increase, we see more professionals transition into cybersecurity. Some come from previous technical roles, and some do not. However, because cybersecurity is primarily a problem-solving industry, those who switch from other high-pressure, high-performance positions are often best prepared for the job. Take Gina D\'Addamio , for example, a former nurse turned threat analyst. I spoke with Gina about her career transition. Her responses show how she leveraged her previous experience to succeed in an exciting new role in the cybersecurity space. Check out our conversation below...]]> 2024-04-10T02:58:51+00:00 https://www.tripwire.com/state-of-security/life-cybersecurity-nursing-threat-analyst www.secnews.physaphae.fr/article.php?IdArticle=8479163 False Threat,Technical None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot The AhnLab Security Intelligence Center (ASEC) has identified a concerning trend where threat actors are exploiting YouTube channels to distribute Infostealers, specifically Vidar and LummaC2. ## Description Rather than creating new channels, the attackers are hijacking existing, popular channels with hundreds of thousands of subscribers. The malware is disguised as cracked versions of legitimate software, and the attackers use YouTube\'s video descriptions and comments to distribute the malicious links. The Vidar malware, for example, is disguised as an installer for Adobe software, and it communicates with its command and control (C&C) server via Telegram and Steam Community. Similarly, LummaC2 is distributed under the guise of cracked commercial software and is designed to steal account credentials and cryptocurrency wallet files.  The threat actors\' method of infiltrating well-known YouTube channels with a large subscriber base raises concerns about the potential reach and impact of the distributed malware. The disguised malware is often compressed with password protection to evade detection by security solutions. It is crucial for users to exercise caution when downloading software from unofficial sources and to ensure that their security software is up to date to prevent malware infections. ## References [https://asec.ahnlab.com/en/63980/](https://asec.ahnlab.com/en/63980/)]]> 2024-04-09T19:48:57+00:00 https://community.riskiq.com/article/e9f5e219 www.secnews.physaphae.fr/article.php?IdArticle=8478894 False Malware,Hack,Threat,Prediction,Commercial None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A threat group of suspected Romanian origin called RUBYCARP has been observed maintaining a long-running botnet for carrying out crypto mining, distributed denial-of-service (DDoS), and phishing attacks. The group, believed to be active for at least 10 years, employs the botnet for financial gain, Sysdig said in a report shared with The Hacker News. "Its primary method of operation]]> 2024-04-09T19:31:00+00:00 https://thehackernews.com/2024/04/10-year-old-rubycarp-romanian-hacker.html www.secnews.physaphae.fr/article.php?IdArticle=8478745 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Human rights activists in Morocco and the Western Sahara region are the targets of a new threat actor that leverages phishing attacks to trick victims into installing bogus Android apps and serve credential harvesting pages for Windows users. Cisco Talos is tracking the activity cluster under the name Starry Addax, describing it as primarily singling out activists associated with]]> 2024-04-09T19:15:00+00:00 https://thehackernews.com/2024/04/hackers-targeting-human-rights.html www.secnews.physaphae.fr/article.php?IdArticle=8478746 False Threat,Mobile None 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber La question est l'article 702 de la Foreign Intelligence Surveillance Act, qui autorise l'espionnage que certains considèrent comme vitale pour la sécurité et que d'autres considèrent comme une menace de confidentialité incontrôlable.

---

>At issue is Section 702 of the Foreign Intelligence Surveillance Act, which authorizes snooping that some consider vital to security and others view as an out-of-control privacy threat. ]]> 2024-04-09T19:00:26+00:00 https://cyberscoop.com/house-hurtles-toward-showdown-over-expiring-surveillance-tools/ www.secnews.physaphae.fr/article.php?IdArticle=8478855 False Tool,Threat None 2.0000000000000000 Bleeping Computer - Magazine Américain Microsoft has fixed two actively exploited zero-day vulnerabilities during the April 2024 Patch Tuesday, although the company failed to initially tag them as such. [...]]]> 2024-04-09T18:06:06+00:00 https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-two-windows-zero-days-exploited-in-malware-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8478933 False Malware,Vulnerability,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch The company is asking users to retire several network-attached storage (NAS) models to avoid compromise through a publicly available exploit that results in backdooring.]]> 2024-04-09T16:32:06+00:00 https://www.darkreading.com/cloud-security/92k-dlink-nas-critical-command-injection-bug www.secnews.physaphae.fr/article.php?IdArticle=8478800 False Threat None 2.0000000000000000 Global Security Mag - Site de news francais revues de produits

---

SentinelOne launches Purple AI AI security analyst radically transforms threat investigations and response with simple, one-click hunting, suggested queries, and auto-generated reports, empowering security teams to deliver new levels of defence, savings, and efficiencies - Product Reviews]]> 2024-04-09T15:26:04+00:00 https://www.globalsecuritymag.fr/sentinelone-launches-purple-ai.html www.secnews.physaphae.fr/article.php?IdArticle=8478773 False Threat None 2.0000000000000000 The State of Security - Magazine Américain Today\'s VERT Alert addresses Microsoft\'s April 2024 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1101 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2024-26234 This CVE describes a Proxy Driver Spoofing Vulnerability that, thanks to Microsoft\'s new CWE listings , we know is tied to Improper Access Control. From a published Sophos write-up , we know that this is tied to a threat actor that has been working with a valid Microsoft Windows hardware Compatibility Program (WHCP) Certificate that has now been revoked...]]> 2024-04-09T15:20:51+00:00 https://www.tripwire.com/state-of-security/vert-threat-alert-april-2024-patch-tuesday-analysis www.secnews.physaphae.fr/article.php?IdArticle=8478905 False Vulnerability,Threat None 3.0000000000000000 Global Security Mag - Site de news francais Produits]]> 2024-04-09T13:08:03+00:00 https://www.globalsecuritymag.fr/sentinelone-r-lance-purple-ai.html www.secnews.physaphae.fr/article.php?IdArticle=8478700 False Threat None 2.0000000000000000 Global Security Mag - Site de news francais revues de produits

---

Panzura Launches Near Real-Time Ransomware Detection and Recovery Solution Panzura Detect and Rescue offers near real-time ransomware threat detection and expert-guided rapid recovery, allowing businesses to take a proactive stance against the mounting threat of ransomware - Product Reviews]]> 2024-04-09T13:04:47+00:00 https://www.globalsecuritymag.fr/panzura-llc-announced-the-availability-of-panzura-detect-and-rescue.html www.secnews.physaphae.fr/article.php?IdArticle=8478665 False Ransomware,Threat None 2.0000000000000000 Checkpoint - Fabricant Materiel Securite Les chercheurs ont découvert une nouvelle méthode de déploiement des remcos de Troie (rat) d'accès à distance, contournant les mesures de sécurité communes pour obtenir un accès non autorisé aux victimes \\ '.Pendant ce temps, Blackbasta est entré dans les trois premiers des groupes de ransomwares les plus recherchés et les communications ont sauté à la troisième place dans les industries les plus exploitées que notre dernier indice de menace mondial pour les chercheurs de mars 2024 a révélé des pirates en utilisant des fichiers de disque dur virtuel (VHD) pour déployer un accès à distance Trojan (Rat) remcos.Pendant ce temps, Lockbit3 est resté le groupe de ransomwares le plus répandu en mars malgré le retrait des forces de l'ordre en février, bien que sa fréquence sur les 200 points de contrôle ait surveillé les ransomwares [& # 8230;]

---

>Researchers have discovered a new method of deploying the Remote Access Trojan (RAT) Remcos, bypassing common security measures to gain unauthorized access to victims\' devices. Meanwhile, Blackbasta entered the top three of the most wanted ransomware groups and Communications jumped into third place in the most exploited industries  Our latest Global Threat Index for March 2024 saw researchers reveal hackers utilizing Virtual Hard Disk (VHD) files to deploy Remote Access Trojan (RAT) Remcos. Meanwhile, Lockbit3 remained the most prevalent ransomware group in March despite the law enforcement takedown in February, although its frequency on the 200 Check Point monitored ransomware […] ]]> 2024-04-09T13:00:24+00:00 https://blog.checkpoint.com/security/march-2024s-most-wanted-malware-hackers-discover-new-infection-chain-method-to-deliver-remcos/ www.secnews.physaphae.fr/article.php?IdArticle=8478704 False Ransomware,Malware,Threat,Legislation None 2.0000000000000000 Checkpoint - Fabricant Materiel Securite Brisbane Catholic Education (BCE) est une communauté d'apprentissage comprenant plus de 140 écoles qui fournissent des résultats d'apprentissage de qualité à 77 000 élèves de préparation à l'année-12.L'éducation et les flux de travail administratifs de BCE sont alimentés par une infrastructure informatique hybride importante et distribuée.L'organisation exploite également la plus grande location non gouvernementale de Microsoft Office 365 dans l'hémisphère sud.Pendant ce temps, le centre de données physique de la communauté \\ héberge toutes les fonctions scolaires critiques fournissant la maintenance des systèmes de bibliothèque, le soutien des étudiants, la paie et bien plus encore.BCE cherchait à assurer la protection la plus solide pour les données des étudiants et les informations personnelles et à protéger le réseau, les liens de communication et les données opérationnelles.Avec des données récentes [& # 8230;]

---

>Brisbane Catholic Education (BCE) is a learning community comprising more than 140 schools that deliver quality learning outcomes to 77,000 prep-to-year-12 students. BCE\'s education and administrative workflows are powered by a large and distributed hybrid IT infrastructure. The organisation also operates the largest non-governmental Microsoft Office 365 tenancy in the Southern Hemisphere. Meanwhile the community\'s physical data centre hosts all critical school functions providing library systems maintenance, student support, payroll and much more. BCE were looking to ensure the strongest protection for student data and personal information, and to safeguard the network, communication links and operational data.  With recent data […] ]]> 2024-04-09T13:00:04+00:00 https://blog.checkpoint.com/customer-stories/check-point-supercharges-brisbane-catholic-educations-security-stack-to-improve-threat-detection-and-streamline-manageability/ www.secnews.physaphae.fr/article.php?IdArticle=8478705 False Threat None 2.0000000000000000 Cisco - Security Firm Blog Identity related attacks are a common tactic used by bad actors. Learn how to help protect against these attacks.]]> 2024-04-09T12:00:31+00:00 https://feedpress.me/link/23535/16645478/defusing-the-threat-of-compromised-credentials www.secnews.physaphae.fr/article.php?IdArticle=8478650 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are actively scanning and exploiting a pair of security flaws that are said to affect as many as 92,000 internet-exposed D-Link network-attached storage (NAS) devices. Tracked as CVE-2024-3272 (CVSS score: 9.8) and CVE-2024-3273 (CVSS score: 7.3), the vulnerabilities impact legacy D-Link products that have reached end-of-life (EoL) status. D-Link, in]]> 2024-04-09T11:16:00+00:00 https://thehackernews.com/2024/04/critical-flaws-leave-92000-d-link-nas.html www.secnews.physaphae.fr/article.php?IdArticle=8478517 False Malware,Vulnerability,Threat None 1.00000000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC subtextual attacks. These aren\'t your run-of-the-mill security breaches; they\'re cunningly crafted messages that may look harmless—but they actually carry a dangerous payload within them. Join me as we take a closer look at this under-the-radar, but still dangerous, threat. We\'ll explore how these deceptive messages can sneak past our defenses, trick people into taking unwanted actions, and steal sensitive information without ever tripping an alarm. The Rise of Subtextual Attacks Unlike traditional cyber attacks, which are often direct and identifiable, subtextual attacks rely on subtlety and deception. Attackers craft messages that on the surface appear harmless or unrelated to any malicious activity. However, embedded within these communications are instructions, links, or information that can compromise security, manipulate behavior, or extract sensitive data. And not only is big data paramount in advertising and other avenues, but it’s also like keeping everything in your wallet—it’s convenient, helpful even, but signals to attackers that you’re indeed willing to put all your eggs in one basket when it comes to communications. These attacks exploit the nuances of language and context and require a sophisticated understanding of human communication and digital interaction patterns. For instance, a seemingly benign email might include a specific choice of words or phrases that, when interpreted correctly, reveal a hidden command or a disguised link to a malicious site. Psychological Manipulation Through Subtext Subtextual attacks also leverage psychological manipulation, influencing individuals to act in ways that compromise security or divulge confidential information. By understanding the psychological triggers and behavioral patterns of targets, attackers craft messages that subtly guide the recipient\'s actions. For instance, an attacker might use social engineering techniques combined with subtextual cues to convince a user to bypass normal security protocols. An email that seems to come from a trusted colleague or superior, containing subtle suggestions or cues, can be more effective in eliciting certain actions than a direct request or command. Attackers can also exploit the principle of urgency or scarcity, embedding subtle cues in communications that prompt the recipient to act quickly, bypassing their usual critical thinking or security procedures. The Evolution of Digital Forensics To combat the growing rise of subtextual attacks, the field of digital forensics has evolved significantly over the past decade. Initially focused on recovering and analyzing electronic information to investigate crime, digital forensics now incorporates advanced linguistic analysis, data pattern recognition, and machine learning to detect hidden threats. Modern digital forensic tools can analyze vast qua]]> 2024-04-09T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/the-hidden-threat-in-plain-sight-analyzing-subtextual-attacks-in-digital-communications www.secnews.physaphae.fr/article.php?IdArticle=8478586 False Ransomware,Tool,Vulnerability,Threat,Medical None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Threat actors are targeting a high severity vulnerability in close to 100,000 legacy D-Link devices]]> 2024-04-09T09:05:00+00:00 https://www.infosecurity-magazine.com/news/over-90000-dlink-nas-devices-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8478565 False Vulnerability,Threat None 2.0000000000000000 Securonix - Siem Securonix Threat Labs Monthly Intelligence Insights March 2024 provides a summary of top threats curated, monitored, and analyzed by Securonix Threat Labs.]]> 2024-04-09T08:00:06+00:00 https://www.securonix.com/blog/securonix-threat-labs-monthly-intelligence-insights-march-2024/ www.secnews.physaphae.fr/article.php?IdArticle=8478682 False Threat None 3.0000000000000000 ProofPoint - Cyber Firms 2024-04-09T06:00:39+00:00 https://www.proofpoint.com/us/blog/security-awareness-training/securing-human-risk-objectivity-phishing-simulation www.secnews.physaphae.fr/article.php?IdArticle=8478668 False Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot The article from FortiGuard Labs Threat Research uncovers a recent threat actor\'s distribution of VenomRAT and other plugins through a phishing email containing malicious Scalable Vector Graphics (SVG) files. ## Description The email entices victims to click on an attachment, which downloads a ZIP file containing a Batch file obfuscated with the BatCloak tool. Subsequently, ScrubCrypt is used to load the final payload, VenomRAT, while maintaining a connection with a command and control (C2) server to install plugins on victims\' environments. The plugin files downloaded from the C2 server include VenomRAT version 6, Remcos, XWorm, NanoCore, and a stealer designed for specific crypto wallets. ## References [https://www.fortinet.com/blog/threat-research/scrubcrypt-deploys-venomrat-with-arsenal-of-plugins](https://www.fortinet.com/blog/threat-research/scrubcrypt-deploys-venomrat-with-arsenal-of-plugins)]]> 2024-04-08T20:36:41+00:00 https://community.riskiq.com/article/98d69c76 www.secnews.physaphae.fr/article.php?IdArticle=8478320 False Tool,Threat None 2.0000000000000000 TechRepublic - Security News US Read about a supply chain attack that involves XZ Utils, a data compressor widely used in Linux systems, and learn how to protect from this threat.]]> 2024-04-08T18:47:15+00:00 https://www.techrepublic.com/article/xz-backdoor-linux/ www.secnews.physaphae.fr/article.php?IdArticle=8478262 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat hunters have discovered a new malware called Latrodectus that has been distributed as part of email phishing campaigns since at least late November 2023. "Latrodectus is an up-and-coming downloader with various sandbox evasion functionality," researchers from Proofpoint and Team Cymru said in a joint analysis published last week, adding it\'s designed to retrieve]]> 2024-04-08T16:59:00+00:00 https://thehackernews.com/2024/04/watch-out-for-latrodectus-this-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8478076 False Malware,Threat None 3.0000000000000000 ProofPoint - Cyber Firms 2024-04-08T16:24:08+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/evolving-threat-landscape-deep-dive-multichannel-attacks-targeting www.secnews.physaphae.fr/article.php?IdArticle=8478123 False Tool,Threat,Mobile,Cloud None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-04-08T15:09:15+00:00 https://community.riskiq.com/article/974639f2 www.secnews.physaphae.fr/article.php?IdArticle=8478203 False Ransomware,Spam,Malware,Tool,Threat,Cloud APT 41 3.0000000000000000 Fortinet - Fabricant Materiel Securite FortiGuard Labs uncovered a threat actor using ScrubCrypt to spread VenomRAT along with multiple RATs. Learn more.]]> 2024-04-08T15:00:00+00:00 https://www.fortinet.com/blog/threat-research/scrubcrypt-deploys-venomrat-with-arsenal-of-plugins www.secnews.physaphae.fr/article.php?IdArticle=8478187 False Threat None 2.0000000000000000 Silicon - Site de News Francais 2024-04-08T14:55:35+00:00 https://www.silicon.fr/avis-expert/responsable-de-la-securite-des-systemes-dinformation-un-poste-sous-les-projecteurs www.secnews.physaphae.fr/article.php?IdArticle=8478159 False Threat None 2.0000000000000000 GoogleSec - Firm Security Blog Keeping people safe and their data secure and private is a top priority for Android. That is why we took our time when designing the new Find My Device, which uses a crowdsourced device-locating network to help you find your lost or misplaced devices and belongings quickly – even when they\'re offline. We gave careful consideration to the potential user security and privacy challenges that come with device finding services. During development, it was important for us to ensure the new Find My Device was secure by default and private by design. To build a private, crowdsourced device-locating network, we first conducted user research and gathered feedback from privacy and advocacy groups. Next, we developed multi-layered protections across three main areas: data safeguards, safety-first protections, and user controls. This approach provides defense-in-depth for Find My Device users. How location crowdsourcing works on the Find My Device network The Find My Device network locates devices by harnessing the Bluetooth proximity of surrounding Android devices. Imagine you drop your keys at a cafe. The keys themselves have no location capabilities, but they may have a Bluetooth tag attached. Nearby Android devices participating in the Find My Device network report the location of the Bluetooth tag. When the owner realizes they have lost their keys and logs into the Find My Device mobile app, they will be able to see the aggregated location contributed by nearby Android devices and locate their keys. Find My Device network protections Let\'s dive into key details of the multi-layered protections for the Find My Device network: Data Safeguards: We\'ve implemented protections that help ensure the privacy of everyone participating in the network and the crowdsourced location data that powers it. Location data is end-to-end encrypted. When Android devices participating in the network report the location of a Bluetooth tag, the location is end-to-end encrypted using a key that is only a]]> 2024-04-08T14:12:48+00:00 http://security.googleblog.com/2024/04/find-my-device-network-security-privacy-protections.html www.secnews.physaphae.fr/article.php?IdArticle=8486086 False Vulnerability,Threat,Mobile None 2.0000000000000000 Securonix - Siem In DevOps, compliance ensures that software development and delivery are secure and trustworthy. And to ensure companies follow compliance regulations, audits are performed by external vendors (usually, but companies may have internal audits as well). Compliance involves adhering to established security policies, regulatory requirements, and industry standards throughout the development lifecycle.]]> 2024-04-08T12:40:33+00:00 https://www.securonix.com/blog/breaking-bias-with-ueba/ www.secnews.physaphae.fr/article.php?IdArticle=8478227 False Threat None 2.0000000000000000 Checkpoint Research - Fabricant Materiel Securite Pour les dernières découvertes en cyberLes meilleures attaques et violations Acuité, un entrepreneur fédéral, ont confirmé un cyber-incident où les pirates ont accédé à ses référentiels GitHub et ont volé divers documents.La violation, liée à l'acteur de menace Intelbroker, a impliqué des données de diverses agences gouvernementales américaines.[& # 8230;]

---

>For the latest discoveries in cyber research for the week of 8th April, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES Acuity, a federal contractor, confirmed a cyber incident where hackers accessed its GitHub repositories, and stole various documents. The breach, linked to the threat actor IntelBroker, involved data from various U.S. government agencies. […] ]]> 2024-04-08T11:46:03+00:00 https://research.checkpoint.com/2024/8th-april-threat-intelligence-report/ www.secnews.physaphae.fr/article.php?IdArticle=8478073 False Threat None 3.0000000000000000 SecurityWeek - Security News Crowdfense a annoncé un programme d'acquisition d'exploit de 30 millions de dollars couvrant Android, iOS, Chrome et Safari Zero-Days.

---

>Crowdfense has announced a $30 million exploit acquisition program covering Android, iOS, Chrome, and Safari zero-days. ]]> 2024-04-08T11:30:59+00:00 https://www.securityweek.com/company-offering-30-million-for-android-ios-browser-zero-day-exploits/ www.secnews.physaphae.fr/article.php?IdArticle=8478101 False Vulnerability,Threat,Mobile None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC sophisticated cyberattack, targeting its SCADA system at a key booster station. This station, crucial for regulating water pressure across Raccoon and Potter townships in Beaver County, experienced a temporary loss of communication, triggering an immediate investigation. Upon closer examination, the technicians discovered a clear indication of a cyberattack: a message declaring, "You have been hacked." This startling discovery led to the swift activation of manual control systems, ensuring that water quality and supply remained unaffected despite the breach. The hacked device operated on a separate network, distinct from the main corporate systems. This separation helped to limit the breach\'s impact and prevented it from affecting other essential parts of the infrastructure. The hackers, identified as being affiliated with an Iranian group, specifically targeted this equipment due to its Israeli-made components. This choice of target was part of a broader strategy, as similar devices are commonly used in water utility stations both in the US and internationally, hinting at the potential for more widespread attacks. The incident drew significant attention from US legislators, who expressed concerns about the vulnerability of the nation\'s critical infrastructure to such cyberattacks. The breach underscored the urgent need for enhanced cybersecurity measures across similar utilities, especially those with limited resources and exposure to international conflicts. Investigations by the Federal Bureau of Investigation and the Pennsylvania State Police were launched to examine the specifics of the attack. The cybersecurity community pointed out that industrial control systems, like the SCADA system breached at MWAA, often have inherent security weaknesses, making them susceptible to such targeted attacks. The following discussion on SCADA defense strategies aims to address these challenges, proposing measures to fortify these vital systems against potential cyberattacks and ensuring the security and reliability of essential public utilities. How to Enhance SCADA System Security? The breach at the MWAA sharply highlights the inherent vulnerabilities in SCADA systems, a crucial component of our critical infrastructure. In the wake of this incident, it\'s imperative to explore robust SCADA defense strategies. These strategies are not mere recommendations but essential steps towards safeguarding our essential public utilities from similar threats. 1. Network Segmentation: This strategy involves creating \'zones\' within the SCADA network, each with its own specific security controls. This could mean separating critical control systems from the rest of the network, or dividing a large system into smaller, more manageable segments. Segmentation often includes implementing demilitarized zones (DMZs) between the corporate and control networks. This reduces the risk of an attacker being able to move laterally across the network and access sensitive areas after breaching a less secure section. 2. Access Control and Authentication: Beyond basic measures, access control in SCADA systems should involve a comprehensive management of user privileges. This could include role-based access controls, where users are granted access rights depending on their job function, and time-based access controls, limiting access to certain times for specific users. Strong authentication methods also ]]> 2024-04-08T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/10-strategies-to-fortify-scada-system-security www.secnews.physaphae.fr/article.php?IdArticle=8478096 False Vulnerability,Threat,Patching,Legislation,Industrial None 4.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Threat actors are socially engineering healthcare IT helpdesk staff to steal money, the government has warned]]> 2024-04-08T09:00:00+00:00 https://www.infosecurity-magazine.com/news/hospital-it-helpdesks-voice/ www.secnews.physaphae.fr/article.php?IdArticle=8477999 False Threat,Medical None 2.0000000000000000 AhnLab - Korean Security Firm Ahnlab Security Intelligence Center (ASEC) a récemment découvert qu'il y avait un nombre croissant de cas où les acteurs de la menace utilisentYouTube pour distribuer des logiciels malveillants.Les attaquants ne créent pas simplement des canaux YouTube et distribuent des logiciels malveillants - ils volent des canaux bien connus qui existent déjà pour atteindre leur objectif.Dans l'un des cas, le canal ciblé comptait plus de 800 000 abonnés.Les acteurs de la menace qui abusent de YouTube distribuent principalement des infostelleurs.L'infostaler Redline qui a été distribué via YouTube en 2020 aussi ...

---

AhnLab SEcurity intelligence Center (ASEC) recently found that there are a growing number of cases where threat actors use YouTube to distribute malware. The attackers do not simply create YouTube channels and distribute malware-they are stealing well-known channels that already exist to achieve their goal. In one of the cases, the targeted channel had more than 800,000 subscribers. The threat actors who abuse YouTube are mainly distributing Infostealers. The RedLine Infostealer that was distributed via YouTube in 2020 as well... ]]> 2024-04-08T05:47:42+00:00 https://asec.ahnlab.com/en/63980/ www.secnews.physaphae.fr/article.php?IdArticle=8477929 False Malware,Hack,Threat None 3.0000000000000000 The State of Security - Magazine Américain Phishing is one of the most pertinent cybersecurity dangers for organizations to be concerned about in today\'s digital landscape. Threat trends come and go, but phishing is a tried-and-true method that cybercriminals can adjust and adapt to all different manners of communication and evolving technology. Fortra\'s Gone Phishing Tournament (GPT) is a yearly training event, available for free all around the world. The goal is to provide users with a phishing simulation and measure their responses to gain an understanding of how prepared participants are to prevent attacks via a range of metrics...]]> 2024-04-08T03:04:22+00:00 https://www.tripwire.com/state-of-security/gone-phishing-results www.secnews.physaphae.fr/article.php?IdArticle=8477973 False Threat None 4.0000000000000000 IndustrialCyber - cyber risk firms for industrial With the recent release of a proposed rule under the Cyber Incident Reporting for Critical Infrastructure Act of... ]]> 2024-04-07T07:57:56+00:00 https://industrialcyber.co/features/proposed-circia-rule-boosts-cyber-threat-understanding-early-detection-of-adversary-campaigns-offers-coordinated-actions/ www.secnews.physaphae.fr/article.php?IdArticle=8477468 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors have been found exploiting a critical flaw in Magento to inject a persistent backdoor into e-commerce websites. The attack leverages CVE-2024-20720 (CVSS score: 9.1), which has been described by Adobe as a case of "improper neutralization of special elements" that could pave the way for arbitrary code execution. It was addressed by the company as part of]]> 2024-04-06T15:13:00+00:00 https://thehackernews.com/2024/04/hackers-exploit-magento-bug-to-steal.html www.secnews.physaphae.fr/article.php?IdArticle=8477009 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) New research has found that artificial intelligence (AI)-as-a-service providers such as Hugging Face are susceptible to two critical risks that could allow threat actors to escalate privileges, gain cross-tenant access to other customers\' models, and even take over the continuous integration and continuous deployment (CI/CD) pipelines. "Malicious models represent a major risk to AI systems,]]> 2024-04-05T19:38:00+00:00 https://thehackernews.com/2024/04/ai-as-service-providers-vulnerable-to.html www.secnews.physaphae.fr/article.php?IdArticle=8476537 False Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Mandiant research details how Chinese espionage groups are deploying new tools post-exploitation of recently patched Ivanti vulnerabilities]]> 2024-04-05T14:00:00+00:00 https://www.infosecurity-magazine.com/news/chinese-threat-ttps-ivanti/ www.secnews.physaphae.fr/article.php?IdArticle=8476514 False Tool,Vulnerability,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-04-05T13:39:39+00:00 https://community.riskiq.com/article/b4f39b04 www.secnews.physaphae.fr/article.php?IdArticle=8476526 False Malware,Tool,Vulnerability,Threat,Studies,Industrial,Prediction,Technical Guam 3.0000000000000000 CyberSecurityVentures - cybersecurity services Cette semaine en cybersécurité des éditeurs du magazine Cybercrime & # 8211;Lisez l'histoire complète dans TechTarget Sausalito, Californie & # 8211;5 avril 2024 Dans un paysage de menace de plus en plus difficile, de nombreuses organisations ont du mal à développer et à mettre en œuvre une gouvernance efficace de cybersécurité.TechTarget rapporte & # 160; que & # 160; les dommages de la cybercriminalité sont projetés

---

>This week in cybersecurity from the editors at Cybercrime Magazine – Read the Full Story in TechTarget Sausalito, Calif. – Apr. 5, 2024 In an increasingly challenging threat landscape, many organizations struggle with developing and implementing effective cybersecurity governance. TechTarget reports that damages from cybercrime are projected ]]> 2024-04-05T12:50:29+00:00 https://cybersecurityventures.com/cybersecurity-governance-a-path-to-cyber-maturity/ www.secnews.physaphae.fr/article.php?IdArticle=8476475 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Multiple China-nexus threat actors have been linked to the zero-day exploitation of three security flaws impacting Ivanti appliances (CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893). The clusters are being tracked by Mandiant under the monikers UNC5221, UNC5266, UNC5291, UNC5325, UNC5330, and UNC5337. Another group linked to the exploitation spree is UNC3886. The Google Cloud]]> 2024-04-05T12:45:00+00:00 https://thehackernews.com/2024/04/researchers-identify-multiple-china.html www.secnews.physaphae.fr/article.php?IdArticle=8476377 False Vulnerability,Threat,Cloud None 3.0000000000000000 ProofPoint - Cyber Firms 2024-04-05T06:00:25+00:00 https://www.proofpoint.com/us/blog/identity-threat-defense/deception-technology-better-for-threat-detection-response-than-honeypots www.secnews.physaphae.fr/article.php?IdArticle=8476507 False Ransomware,Malware,Tool,Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A suspected Vietnamese-origin threat actor has been observed targeting victims in several Asian and Southeast Asian countries with malware designed to harvest valuable data since at least May 2023. Cisco Talos is tracking the cluster under the name CoralRaider, describing it as financially motivated. Targets of the campaign include India, China, South Korea, Bangladesh, Pakistan, Indonesia,]]> 2024-04-04T21:12:00+00:00 https://thehackernews.com/2024/04/vietnam-based-hackers-steal-financial.html www.secnews.physaphae.fr/article.php?IdArticle=8476000 False Malware,Threat None 2.0000000000000000 Palo Alto Network - Site Constructeur Explorez les prédictions sur l'IA en cybersécurité et cultivant une culture cyber-consciente.Découvrez l'émergence d'assistants de cybersécurité alimentés par l'IA.

---

>Explore predictions on AI in cybersecurity and cultivating a cyber-aware culture. Discover the emergence of AI-powered cybersecurity assistants. ]]> 2024-04-04T21:00:27+00:00 https://www.paloaltonetworks.com/blog/2024/04/ai-assistants-and-advanced-threat-detection/ www.secnews.physaphae.fr/article.php?IdArticle=8476127 False Threat None 2.0000000000000000 Krebs on Security - Chercheur Américain A cybercrook who has been setting up websites that mimic the self-destructing message service Privnote.com accidentally exposed the breadth of their operations recently when they threatened to sue a software company. The disclosure revealed a profitable network of phishing sites that behave and look like the real Privnote, except that any messages containing cryptocurrency addresses will be automatically altered to include a different payment address controlled by the scammers.]]> 2024-04-04T14:12:16+00:00 https://krebsonsecurity.com/2024/04/fake-lawsuit-threat-exposes-privnote-phishing-sites/ www.secnews.physaphae.fr/article.php?IdArticle=8475932 False Threat None 2.0000000000000000 Mandiant - Blog Sécu de Mandiant   Since the initial disclosure of CVE-2023-46805 and CVE-2024-21887 on Jan. 10, 2024, Mandiant has conducted multiple incident response engagements across a range of industry verticals and geographic regions. Mandiant\'s previous blog post, Cutting Edge, Part 3: Investigating Ivanti Connect Secure VPN Exploitation and Persistence Attempts, details zero-day exploitation of CVE-2024-21893 and CVE-2024-21887 by a suspected China-nexus espionage actor that Mandiant tracks as UNC5325.  This blog post, as well as our previous reports detailing Ivanti exploitation, help to underscore the different types of activity that Mandiant has observed on vulnerable Ivanti Connect Secure appliances that were unpatched or did not have the appropriate mitigation applied.  Mandiant has observed different types of post-exploitation activity across our incident response engagements, including lateral movement supported by the deployment of open-source tooling and custom malware families. In addition, we\'ve seen these suspected China-nexus actors evolve their understanding of Ivanti Connect Secure by abusing appliance-specific functionality to achieve their objectives. As of April 3, 2024, a patch is readily available for every supported version of Ivanti Connect Secure affected by the vulnerabilities. We recommend that customers follow Ivanti\'s latest patching guidance and instructions to prevent further exploitation activity. In addition, Ivanti released a new enhanced external integrity checker tool (ICT) to detect potential attempts of malware persistence across factory resets and system upgrades and other tactics, techniques, and procedures (TTPs) observed in the wild. We also released a remediation and hardening guide]]> 2024-04-04T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/ivanti-post-exploitation-lateral-movement/ www.secnews.physaphae.fr/article.php?IdArticle=8500398 False Malware,Tool,Vulnerability,Threat,Studies,Mobile,Cloud Guam 3.0000000000000000 MitnickSecurity - Former Hacker Services 2024-04-04T13:19:05+00:00 https://www.mitnicksecurity.com/blog/penetration-testing-company-mac-environment www.secnews.physaphae.fr/article.php?IdArticle=8475892 False Threat None 2.0000000000000000 Team Cymru - Equipe de Threat Intelligence For this research, we partnered with Proofpoint\'s Threat Research team in a collaborative effort to provide a comprehensive overview of...]]> 2024-04-04T11:56:00+00:00 https://www.team-cymru.com/post/latrodectus-this-spider-bytes-like-ice www.secnews.physaphae.fr/article.php?IdArticle=8475832 False Threat None 4.0000000000000000 ProofPoint - Cyber Firms 2024-04-04T11:47:34+00:00 https://www.proofpoint.com/us/blog/threat-insight/latrodectus-spider-bytes-ice www.secnews.physaphae.fr/article.php?IdArticle=8475749 False Ransomware,Malware,Tool,Threat,Prediction None 3.0000000000000000 The Register - Site journalistique Anglais INC Ransom emerges as a growing threat as some ex-LockBit/ALPHV affiliates get new gigs Leicester City Council is finally admitting its "cyber incident" was carried out by a ransomware gang and that data was stolen, hours after the criminals forced its hand.…]]> 2024-04-04T10:49:40+00:00 https://go.theregister.com/feed/www.theregister.com/2024/04/04/ransomware_gang_did_in_fact/ www.secnews.physaphae.fr/article.php?IdArticle=8475808 False Ransomware,Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Threat actor IntelBroker claims to have classified intelligence stolen from US government tech supplier Acuity]]> 2024-04-04T09:30:00+00:00 https://www.infosecurity-magazine.com/news/threat-actor-classified-five-eyes/ www.secnews.physaphae.fr/article.php?IdArticle=8475782 False Threat None 4.0000000000000000 AhnLab - Korean Security Firm Récemment, Ahnlab Security Intelligence Center (ASEC) a découvert la distribution de Rhadamanthygroupware.L'acteur de menace a créé un faux site Web pour ressembler au site Web d'origine et exposé le site aux utilisateurs en utilisant la fonctionnalité publicitaire dans les moteurs de recherche.Le blog ASEC a précédemment couvert les logiciels malveillants distribués via ces fonctionnalités publicitaires des moteurs de recherche dans l'article intitulé & # 8220; Hé, ce n'est pas le bon site! & # 8221;Distribution des logiciels malveillants exploitant Google ADS Suivi [1].Le malware dans ...

---

Recently, AhnLab SEcurity intelligence Center (ASEC) discovered the distribution of Rhadamanthys under the guise of an installer for groupware. The threat actor created a fake website to resemble the original website and exposed the site to the users using the ad feature in search engines. ASEC Blog has previously covered malware distributed through such ad features of search engines in the article titled “Hey, This Isn’t the Right Site!” Distribution of Malware Exploiting Google Ads Tracking [1]. The malware in... ]]> 2024-04-04T01:13:01+00:00 https://asec.ahnlab.com/en/63864/ www.secnews.physaphae.fr/article.php?IdArticle=8475597 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google has disclosed that two Android security flaws impacting its Pixel smartphones have been exploited in the wild by forensic companies. The high-severity zero-day vulnerabilities are as follows - CVE-2024-29745 - An information disclosure flaw in the bootloader component CVE-2024-29748 - A privilege escalation flaw in the firmware component "There are indications that the []]> 2024-04-03T21:40:00+00:00 https://thehackernews.com/2024/04/google-warns-android-zero-day-flaws-in.html www.secnews.physaphae.fr/article.php?IdArticle=8475338 False Vulnerability,Threat,Mobile None 3.0000000000000000 Dark Reading - Informationweek Branch A China-linked threat actor had access to a router configuration database that could have completely disrupted coverage, a security vendor says.]]> 2024-04-03T20:40:20+00:00 https://www.darkreading.com/cyber-risk/how-the-2022-qatar-world-cup-soccer-was-nearly-hacked www.secnews.physaphae.fr/article.php?IdArticle=8475453 False Threat None 4.0000000000000000 Bleeping Computer - Magazine Américain The U.S. Department of Homeland Security\'s Cyber Safety Review Board (CSRB) has released a scathing report on how Microsoft handled its 2023 Exchange Online attack, warning that the company needs to do better at securing data and be more truthful about how threat actors stole an Azure signing key. [...]]]> 2024-04-03T20:21:10+00:00 https://www.bleepingcomputer.com/news/security/microsoft-still-unsure-how-hackers-stole-msa-key-in-2023-exchange-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8475559 False Threat None 3.0000000000000000 knowbe4 - cybersecurity services Les nouvelles données d'attaque TTP couvrant 2023 mettent en lumière les acteurs de la menace et les actions des utilisateurs qui mettent les organisations les plus à risque.

---

New TTP attack data covering 2023 sheds much needed light on the threat actor and user actions that are putting organizations at the most risk.]]> 2024-04-03T16:36:17+00:00 https://blog.knowbe4.com/phishing-and-users-top-list-as-cyberattack-initial-access-enablers www.secnews.physaphae.fr/article.php?IdArticle=8475328 False Threat,Studies None 3.0000000000000000