www.secnews.physaphae.fr

www.secnews.physaphae.fr This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-10T13:13:31+00:00 www.secnews.physaphae.fr Global Security Mag - Site de news francais La nouvelle étude de Veracode révèle que la sécurité des logiciels dans les organismes du secteur public est insuffisante Investigations]]> 2023-06-07T07:47:24+00:00 https://www.globalsecuritymag.fr/La-nouvelle-etude-de-Veracode-revele-que-la-securite-des-logiciels-dans-les.html www.secnews.physaphae.fr/article.php?IdArticle=8342944 False Studies,Medical None 3.0000000000000000 InformationSecurityBuzzNews - Site de News Securite La violation des données chez Apria Healthcare affecte 2 millions de personnes maintenant informés Data Breach At Apria Healthcare Affects 2 Million People Now Notified Apria Healthcare, a manufacturer of medical equipment for the home, is sending out breach notifications to roughly two million people whose information may have been stolen in data breaches in 2019 and 2021. Close to two million people in the United States rely on Apria, making it one of the top providers of home respiratory […]]]> 2023-05-25T16:12:22+00:00 https://informationsecuritybuzz.com/data-breach-apria-healthcare-affects-2-million-people-notified/ www.secnews.physaphae.fr/article.php?IdArticle=8339414 False Data Breach,Medical None 2.0000000000000000 The Register - Site journalistique Anglais Ministère de la Justice rapié par l'ICO pour une fuite de données à l'ancienne Ministry of Justice rapped by ICO for old fashioned data leak Forget AWS buckets, bags of medical and personal info on inmates and their guards left in \'unsecured\' area of prison We step back into the analogue world for this tale of woe that involves bags and bags of sensitive data being left unsealed in an “unsecured” area of a prison. The financial penalty for doing so? A slap on the wrist for Britain\'s Ministry of Justice.…]]> 2023-05-25T08:29:13+00:00 https://go.theregister.com/feed/www.theregister.com/2023/05/25/moj_old_fashioned_data_leak_in_prison/ www.secnews.physaphae.fr/article.php?IdArticle=8339279 False Medical None 2.0000000000000000 Recorded Future - FLux Recorded Future L'assureur santé indique que des informations sur les patients ont été volées dans une attaque de ransomware Health insurer says patients\\' information was stolen in ransomware attack

L'un des plus grands assureurs de santé de la Nouvelle-Angleterre a informé mardi des clients actuels et anciens que les données, y compris les antécédents médicaux et les diagnostics des patients, ont été copiées et prises lors d'une attaque de ransomware.Point32Health - qui supervise le plan de santé des soins de santé et Tufts de Harvard - a déclaré d'abord Découvert L'incident le 17 avril le 17 avrilet a lancé une enquête

One of New England\'s largest health insurers notified current and former customers Tuesday that data including patient medical history and diagnoses was copied and taken during a ransomware attack. Point32Health - which oversees Harvard Pilgrim Health Care and Tufts Health Plan - said it first discovered the incident on April 17 and launched an investigation]]> 2023-05-23T19:33:00+00:00 https://therecord.media/harvard-pilgrim-health-care-ransomware-point32health www.secnews.physaphae.fr/article.php?IdArticle=8338834 False Ransomware,Medical None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC L'intersection de la télésanté, de l'IA et de la cybersécurité The intersection of telehealth, AI, and Cybersecurity customer identity and access management (CIAM) software. CIAM software that uses AI can utilize digital identity solutions to automate the registration and patient service process. This is important, as most patients say that they’d rather resolve their own questions and queries on their own before speaking to a service agent. Self-service features even allow patients to share important third-party data with telehealth systems via IoT tech like smartwatches. AI-integrated CIAM software is interoperable, too. This means that patients and providers can connect to the CIAM using omnichannel pathways. As a result, users can use data from multiple systems within the same telehealth digital ecosystem. However, this omnichannel approach to the healthcare consumer journey still needs to be HIPAA compliant and protect patient privacy. Medicine and diagnoses Misdiagnoses are more common than most people realize. In the US, 12 million people are misdiagnosed every year. Diagnoses may be even more tricky via telehealth, as doctors can’t read patients\' body language or physically inspect their symptoms. AI can improve the accuracy of diagnoses by leveraging machine learning algorithms during the decision-making process. These programs can be taught how to distinguish between different types of diseases and may point doctors in the right direction. Preliminary findings suggest that this can improve the accuracy of medical diagnoses to 99.5%. Automated programs can help patients maintain their medicine and re-order repeat prescriptions. This is particularly important for rural patients who are unable to visit the doctor\'s office and may have limited time to call in. As a result, telehealth portals that use AI to automate the process help providers close the rural-urban divide. Ethical considerations AI has clear benefits in telehealth. However, machine learning programs and automated platforms do put patient data at i]]> 2023-05-23T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/the-intersection-of-telehealth-ai-and-cybersecurity www.secnews.physaphae.fr/article.php?IdArticle=8338681 False Medical ChatGPT,ChatGPT 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Partager les données de votre entreprise avec Chatgpt: à quel point est-elle risquée? Sharing your business\\'s data with ChatGPT: How risky is it? learns from the data it ingests. If this information includes your sensitive business data, then sharing it with ChatGPT could potentially be risky and lead to cybersecurity concerns. For example, what if you feed ChatGPT pre-earnings company financial information, company proprietary software codeor materials used for internal presentations without realizing that practically anybody could obtain that sensitive information just by asking ChatGPT about it? If you use your smartphone to engage with ChatGPT, then a smartphone security breach could be all it takes to access your ChatGPT query history. In light of these implications, let\'s discuss if - and how - ChatGPT stores its users\' input data, as well as potential risks you may face when sharing sensitive business data with ChatGPT. Does ChatGPT store users’ input data? The answer is complicated. While ChatGPT does not automatically add data from queries to models specifically to make this data available for others to query, any prompt does become visible to OpenAI, the organization behind the large language model. Although no membership inference attacks have yet been carried out against the large language learning models that drive ChatGPT, databases containing saved prompts as well as embedded learnings could be potentially compromised by a cybersecurity breach. OpenAI, the parent company that developed ChatGPT, is working with other companies to limit the general access that language learning models have to personal data and sensitive information. But the technology is still in its nascent developing stages - ChatGPT was only just released to the public in November of last year. By just two months into its public release, ChatGPT had been accessed by over 100 million users, making it the fastest-growing consumer app ever at record-breaking speeds. With such rapid growth and expansion, regulations have been slow to keep up. The user base is so broad that there are abundant security gaps and vulnerabilities throughout the model. Risks of sharing business data with ChatGPT In June 2021, researchers from Apple, Stanford University, Google, Harvard University, and others published a paper that revealed that GPT-2, a language learning model similar to ChatGPT, could accurately recall sensitive information from training documents. The report found that GPT-2 could call up information with specific personal identifiers, recreate exact sequences of text, and provide other sensitive information when prompted. These “training data extraction attacks” could present a growing threat to the security of researchers working on machine learning models, as hackers may be able to access machine learning researcher data and steal their protected intellectual property. One data security company called Cyberhaven has released reports of ChatGPT cybersecurity vulnerabilities it has recently prevented. According to the reports, Cyberhaven has identified and prevented insecure requ]]> 2023-05-22T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/sharing-your-businesss-data-with-chatgpt-how-risky-is-it www.secnews.physaphae.fr/article.php?IdArticle=8338360 False Tool,Threat,Medical ChatGPT,ChatGPT 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine PharMerica Breach Hits Over 5.8 Million Customers Medical and insurance data exposed in ransomware attack]]> 2023-05-16T08:30:00+00:00 https://www.infosecurity-magazine.com/news/pharmerica-breach-hits-58-million/ www.secnews.physaphae.fr/article.php?IdArticle=8336898 False Ransomware,Medical None 2.0000000000000000 Bleeping Computer - Magazine Américain Ransomware gang steals data of 5.8 million PharMerica patients Pharmacy services provider PharMerica has disclosed a massive data breach impacting over 5.8 million patients, exposing their medical data to hackers. [...]]]> 2023-05-15T14:10:40+00:00 https://www.bleepingcomputer.com/news/security/ransomware-gang-steals-data-of-58-million-pharmerica-patients/ www.secnews.physaphae.fr/article.php?IdArticle=8336750 False Ransomware,Data Breach,Medical None 2.0000000000000000 CVE Liste - Common Vulnerability Exposure CVE-2023-29863 Medical Systems Co. Medisys Weblab Products v19.4.03 was discovered to contain a SQL injection vulnerability via the tem:statement parameter in the WSDL files.]]> 2023-05-11T13:15:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29863 www.secnews.physaphae.fr/article.php?IdArticle=8335670 False Vulnerability,Medical None None Dark Reading - Informationweek Branch La vulnérabilité des équipements de séquençage d'ADN ajoute une nouvelle torsion aux cyber-menaces de dispositifs médicaux DNA Sequencing Equipment Vulnerability Adds New Twist to Medical Device Cyber Threats A vulnerability in a DNA sequencer highlights the expanded attack surface area of healthcare organizations but also shows that reporting of medical device vulnerabilities works.]]> 2023-05-03T20:38:00+00:00 https://www.darkreading.com/ics-ot/medical-device-flaws-gets-new-twist-with-dna-sequencer-vulnerabilities www.secnews.physaphae.fr/article.php?IdArticle=8333259 False Vulnerability,Medical None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Le rôle de l'IA dans les soins de santé: révolutionner l'industrie des soins de santé The role of AI in healthcare: Revolutionizing the healthcare industry DeepMind a montré une précision similaire par rapport aux radiologues humains dans l'identification du cancer du sein. & nbsp; Médecine personnalisée: L'IA peut être utilisée pour générer des informations sur les biomarqueurs, les informations génétiques, les allergies et les évaluations psychologiques pour personnaliser le meilleur traitement des patients. . Ces données peuvent être utilisées pour prédire comment le patient réagira à divers cours de traitement pour une certaine condition.Cela peut minimiser les effets indésirables et réduire les coûts des options de traitement inutiles ou coûteuses.De même, il peut être utilisé pour traiter les troubles génétiques avec des plans de traitement personnalisés.Par exemple, Genomics profonde est une entreprise utilisant des systèmes d'IA pour développer des traitements personnalisés pour les troubles génétiques. Diagnostic de la maladie: Les systèmes d'IA peuvent être utilisés pour analyser les données des patients, y compris les antécédents médicaux et les résultats des tests pour établir un diagnostic plus précis et précoce des conditions mortelles comme le cancer.Par exemple, Pfizer a collaboré avec différents services basés sur l'IA pour diagnostiquer les maladies et IBM Watson utilise les PNL et les algorithmes d'apprentissage automatique pour l'oncologie dans l'élaboration de plans de traitement pour les patients atteints de cancer. Découverte de médicaments: L'IA peut être utilisée en R & amp; D pour la découverte de médicaments, ce qui rend le processus plus rapidement.L'IA peut supprimer certaines ]]> 2023-05-01T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/the-role-of-ai-in-healthcare-revolutionizing-the-healthcare-industry www.secnews.physaphae.fr/article.php?IdArticle=8332591 False Prediction,Medical ChatGPT,ChatGPT 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) CISA met en garde contre les défauts critiques dans les instruments de séquençage d'ADN d'Illumina \\ CISA Warns of Critical Flaws in Illumina\\'s DNA Sequencing Instruments The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released an Industrial Control Systems (ICS) medical advisory warning of a critical flaw impacting Illumina medical devices. The issues impact the Universal Copy Service (UCS) software in the Illumina MiSeqDx, NextSeq 550Dx, iScan, iSeq 100, MiniSeq, MiSeq, NextSeq 500, NextSeq 550, NextSeq 1000/2000, and NovaSeq 6000 DNA]]> 2023-04-29T10:04:00+00:00 https://thehackernews.com/2023/04/cisa-warns-of-critical-flaws-in.html www.secnews.physaphae.fr/article.php?IdArticle=8332120 False Industrial,Medical None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Sécuriser l'écosystème Edge Research mondial publié & # 8211;Rapport gratuit disponible Securing the Edge Ecosystem Global Research released – Complimentary report available Get your free copy now. This is the 12th edition of our vendor-neutral and forward-looking report. During the last four years, the annual AT&T Cybersecurity Insights Report has focused on edge migration. Past reports have documented how we interact using edge computing (get the 2020 report) benefit from edge computing (get the 2021 report) secure the data, applications, and endpoints that rely on edge computing (get the 2022 report) This year’s report reveals how the edge ecosystem is maturing along with our guidance on adapting and managing this new era of computing. Watch the webcast to hear more about our findings. The robust quantitative field survey reached 1,418 professionals in security, IT, application development, and line of business from around the world. The qualitative research tapped subject matter experts across the cybersecurity industry. At the onset of our research, we set out to find the following: Momentum of edge computing in the market. Collaboration approaches to connecting and securing the edge ecosystem. Perceived risk and benefit of the common use cases in each industry surveyed. The results focus on common edge use cases in seven vertical industries – healthcare, retail, finance, manufacturing, energy and utilities, transportation, and U.S. SLED and delivers actionable advice for securing and connecting an edge ecosystem – including external trusted advisors. Finally, it examines cybersecurity and the broader edge ecosystem of networking, service providers, and top use cases. As with any piece of primary research, we found some surprising and some not-so-surprising answers to these three broad questions. Edge computing has expanded, creating a new ecosystem Because our survey focused on leaders who are using edge to solve business problems, the research revealed a set of common characteristics that respondents agreed define edge computing. A distributed model of management, intelligence, and networks. Applications, workloads, and hosting closer to users and digital assets that are generating or consuming the data, which can be on-premises and/or in the cloud. Software-defined (which can mean the dominant use of private, public, or hybrid cloud environments; however, this does not rule out on-premises environments). Understanding these common characteristics are essential as we move to an even further democratized version of computing with an abundance of connected IoT devices that will process and deliver data with velocity, volume, and variety, unlike anything we’ve previously seen. Business is embracing the value of edge deployments The primary use case of industries we sur]]> 2023-04-24T10:56:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/securing-the-edge-ecosystem-global-research-released-complimentary-report-available www.secnews.physaphae.fr/article.php?IdArticle=8330563 False Ransomware,Medical,Cloud None 3.0000000000000000 Dark Reading - Informationweek Branch Shields Health Breach expose 2,3 millions d'utilisateurs \\ 'Données Shields Health Breach Exposes 2.3M Users\\' Data The medical imaging firm\'s systems were compromised by a threat actor, exposing patients\' driver\'s licenses and other identifying information.]]> 2023-04-21T20:33:00+00:00 https://www.darkreading.com/attacks-breaches/shields-health-breach-exposes-2-3m-users-data www.secnews.physaphae.fr/article.php?IdArticle=8330062 False Threat,Medical None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Systèmes d'appel d'infirmière, pompes de perfusion Nurse Call Systems, Infusion Pumps Riskiest Connected Medical Devices The findings come from a new report by asset visibility and security company Armis]]> 2023-04-19T15:30:00+00:00 https://www.infosecurity-magazine.com/news/nurse-call-systems-riskiest/ www.secnews.physaphae.fr/article.php?IdArticle=8329396 False Medical None 2.0000000000000000 Dark Reading - Informationweek Branch Crowdsstrike étend Falcon pour inclure l'IoT CrowdStrike Expands Falcon to Include IoT CrowdStrike Falcon Insight for IoT covers Internet of Things, Industrial IoT, Operations Technology, as well as medical devices.]]> 2023-04-12T16:00:00+00:00 https://www.darkreading.com/dr-tech/crowdstrike-expands-falcon-to-include-iot www.secnews.physaphae.fr/article.php?IdArticle=8327071 False Industrial,Medical None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Sécuriser les dispositifs médicaux est une question de vie et de mort Securing Medical Devices is a Matter of Life and Death The cybersecurity challenges of the Internet of Medical Things (IoMT) are still largely unanswered]]> 2023-04-06T13:45:00+00:00 https://www.infosecurity-magazine.com/news/securing-medical-devices-matter/ www.secnews.physaphae.fr/article.php?IdArticle=8325455 False Medical None 3.0000000000000000 Dark Reading - Informationweek Branch La refonte de cybersécurité des dispositifs médicaux de la FDA \\ a de vraies dents, disent les experts [The FDA\\'s Medical Device Cybersecurity Overhaul Has Real Teeth, Experts Say] The physical and cyber safety issues surrounding medical devices like IV pumps is finally being meaningfully addressed by a new policy taking effect this week.]]> 2023-03-31T21:32:00+00:00 https://www.darkreading.com/cloud/the-fda-medical-device-cybersecurity-overhaul-real-teeth www.secnews.physaphae.fr/article.php?IdArticle=8323881 False Medical None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine La FDA protège les dispositifs médicaux contre les cyber-menaces avec de nouvelles mesures [FDA Protects Medical Devices Against Cyber-Threats With New Measures] New medical devices applications should "monitor, identify, and address" cybersecurity issues]]> 2023-03-30T15:30:00+00:00 https://www.infosecurity-magazine.com/news/fda-protects-medical-devices-cyber/ www.secnews.physaphae.fr/article.php?IdArticle=8323492 False Medical None 3.0000000000000000 Recorded Future - FLux Recorded Future La FDA peut désormais rejeter de nouveaux dispositifs médicaux par rapport aux normes de cyber [FDA can now reject new medical devices over cyber standards]

La Food and Drug Administration [affirmée] (https://www.fda.gov/regulatory-information/search-fda-puidance-cuments/cybersecurity-medical-devices-refuse-accept-policy-cyber-devices-Systèmes et systèmes liés à la section) Mercredi que les fabricants de dispositifs médicaux doivent désormais prouver que leurs produits répondent à certaines normes de cybersécurité afin d'obtenir l'approbation de l'agence.Les directives ont été présentées dans le projet de loi sur les crédits omnibus signé en décembre dernier, qui a autorisé la FDA à imposer des exigences de sécurité aux fabricants et à attribuer 5 $

The Food and Drug Administration [affirmed](https://www.fda.gov/regulatory-information/search-fda-guidance-documents/cybersecurity-medical-devices-refuse-accept-policy-cyber-devices-and-related-systems-under-section) Wednesday that medical device manufacturers must now prove their products meet certain cybersecurity standards in order to get the agency\'s approval. The guidelines were laid out in the omnibus appropriations bill signed into law last December, which authorized the FDA to impose security requirements on manufacturers and allocated $5]]> 2023-03-29T21:09:00+00:00 https://therecord.media/fda-medical-device-cyber-standards www.secnews.physaphae.fr/article.php?IdArticle=8323247 False Medical None 2.0000000000000000 CVE Liste - Common Vulnerability Exposure CVE-2023-1566 A vulnerability was found in SourceCodester Medical Certificate Generator App 1.0. It has been declared as critical. This vulnerability affects unknown code of the file action.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-223558 is the identifier assigned to this vulnerability.]]> 2023-03-22T14:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1566 www.secnews.physaphae.fr/article.php?IdArticle=8320635 False Vulnerability,Guideline,Medical None None Security Intelligence - Site de news Américain When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule En février 2023, X-Force a publié un blog intitulé & # 8220; Direct Kernel Object Manipulation (DKOM) Attacks contre les fournisseurs ETW & # 8221;Cela détaille les capacités d'un échantillon attribué au groupe Lazare se sont exploités pour altérer la visibilité des opérations de logiciels malveillants.Ce blog ne remaniera pas l'analyse de l'échantillon de logiciel malveillant Lazarus ou du traçage d'événements pour Windows (ETW) comme [& # 8230;]

>In February 2023, X-Force posted a blog entitled “Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers” that details the capabilities of a sample attributed to the Lazarus group leveraged to impair visibility of the malware’s operations. This blog will not rehash analysis of the Lazarus malware sample or Event Tracing for Windows (ETW) as […] ]]> 2023-03-20T18:30:00+00:00 https://securityintelligence.com/posts/defensive-considerations-lazarus-fudmodule/ www.secnews.physaphae.fr/article.php?IdArticle=8320005 False Malware,Medical APT 38 3.0000000000000000 InformationSecurityBuzzNews - Site de News Securite Healthcare Firm ILS Alerts 4.2 Million People Of Data Breach 2023-03-17T16:57:59+00:00 https://informationsecuritybuzz.com/healthcare-firm-ils-data-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8319443 False Data Breach,Medical None 3.0000000000000000 Recorded Future - FLux Recorded Future Healthcare software firm ILS announces data breach affecting more than 4 million people

The sensitive healthcare data of more than four million people was accessed by hackers who broke into the network of Independent Living Systems (ILS), a healthcare software company based in Miami. The company has provided third-party administrative services to health plans, providers, hospitals, and pharmaceutical and medical device companies for nearly two decades. ILS began]]> 2023-03-16T12:45:00+00:00 https://therecord.media/ils-data-breach-patient-information www.secnews.physaphae.fr/article.php?IdArticle=8319081 False Data Breach,Medical None 2.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Cancer patient sues medical provider after ransomware group posts her photos online The suit comes about six weeks after the ransomware threatened to post sensitive material online if they weren't paid. ]]> 2023-03-14T19:57:32+00:00 https://cyberscoop.com/patient-sues-leigh-valley-ransomware/ www.secnews.physaphae.fr/article.php?IdArticle=8318613 False Ransomware,Medical None 3.0000000000000000 InformationSecurityBuzzNews - Site de News Securite 1 Million People Affected By Zoll Medical Data Breach 2023-03-14T13:09:20+00:00 https://informationsecuritybuzz.com/people-affected-zoll-medical-data-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8318440 False Data Breach,Medical None 2.0000000000000000 knowbe4 - cybersecurity services CyberheistNews Vol 13 #11 [Heads Up] Employees Are Feeding Sensitive Biz Data to ChatGPT, Raising Security Fears

CyberheistNews Vol 13 #11 | March 14th, 2023 [Heads Up] Employees Are Feeding Sensitive Biz Data to ChatGPT, Raising Security Fears Robert Lemos at DARKReading just reported on a worrying trend. The title said it all, and the news is that more than 4% of employees have put sensitive corporate data into the large language model, raising concerns that its popularity may result in massive leaks of proprietary information. Yikes. I'm giving you a short extract of the story and the link to the whole article is below. "Employees are submitting sensitive business data and privacy-protected information to large language models (LLMs) such as ChatGPT, raising concerns that artificial intelligence (AI) services could be incorporating the data into their models, and that information could be retrieved at a later date if proper data security isn't in place for the service. "In a recent report, data security service Cyberhaven detected and blocked requests to input data into ChatGPT from 4.2% of the 1.6 million workers at its client companies because of the risk of leaking confidential info, client data, source code, or regulated information to the LLM. "In one case, an executive cut and pasted the firm's 2023 strategy document into ChatGPT and asked it to create a PowerPoint deck. In another case, a doctor input his patient's name and their medical condition and asked ChatGPT to craft a letter to the patient's insurance company. "And as more employees use ChatGPT and other AI-based services as productivity tools, the risk will grow, says Howard Ting, CEO of Cyberhaven. "'There was this big migration of data from on-prem to cloud, and the next big shift is going to be the migration of data into these generative apps," he says. "And how that plays out [remains to be seen] - I think, we're in pregame; we're not even in the first inning.'" Your employees need to be stepped through new-school security awareness training so that they understand the risks of doing things like this. Blog post with links:https://blog.knowbe4.com/employees-are-feeding-sensitive-biz-data-to-chatgpt-raising-security-fears [New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blockl]]> 2023-03-14T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-11-heads-up-employees-are-feeding-sensitive-biz-data-to-chatgpt-raising-security-fears www.secnews.physaphae.fr/article.php?IdArticle=8318404 False Ransomware,Data Breach,Spam,Malware,Threat,Guideline,Medical ChatGPT,ChatGPT 2.0000000000000000 Recorded Future - FLux Recorded Future Medical device giant says cyberattack leaked sensitive data of 1 million people

Medical device maker Zoll said a cyberattack in January exposed the sensitive information of more than 1 million people. In documents [provided](https://apps.web.maine.gov/online/aeviewer/ME/40/ab192c35-667d-4bc9-ad18-fa710bd10b15.shtml) to Maine's Attorney General, Zoll said the incident started on January 28 when they “detected unusual activity” on their internal network. The company added that information was accessed on February 2. Zoll said]]> 2023-03-14T12:01:00+00:00 https://therecord.media/zoll-data-breach-cyberattack www.secnews.physaphae.fr/article.php?IdArticle=8318429 False Medical None 3.0000000000000000 SecurityWeek - Security News Zoll Medical Data Breach Impacts 1 Million Individuals Zoll Medical is notifying one million individuals that their personal information was compromised in a data breach earlier this year. ]]> 2023-03-13T11:16:54+00:00 https://www.securityweek.com/zoll-medical-data-breach-impacts-1-million-individuals/ www.secnews.physaphae.fr/article.php?IdArticle=8318052 False Data Breach,Medical None 2.0000000000000000 CVE Liste - Common Vulnerability Exposure CVE-2023-0888 2023-03-13T09:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0888 www.secnews.physaphae.fr/article.php?IdArticle=8318026 False Vulnerability,Medical None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Lazarus Group Exploits Zero-Day Vulnerability to Hack South Korean Financial Entity 2023-03-08T16:04:00+00:00 https://thehackernews.com/2023/03/lazarus-group-exploits-zero-day.html www.secnews.physaphae.fr/article.php?IdArticle=8316641 False Hack,Vulnerability,Medical APT 38 3.0000000000000000 Anomali - Firm Blog Anomali Cyber Watch: Mustang Panda Adopted MQTT Protocol, Redis Miner Optimization Risks Data Corruption, BlackLotus Bootkit Reintroduces Vulnerable UEFI Binaries Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence MQsTTang: Mustang Panda’s Latest Backdoor Treads New Ground with Qt and MQTT (published: March 2, 2023) In early 2023, China-sponsored group Mustang Panda began experimenting with a new custom backdoor dubbed MQsTTang. The backdoor received its name based on the attribution and the unique use of the MQTT command and control (C2) communication protocol that is typically used for communication between IoT devices and controllers. To establish this protocol, MQsTTang uses the open source QMQTT library based on the Qt framework. MQsTTang is delivered through spearphishing malicious link pointing at a RAR archive with a single malicious executable. MQsTTang was delivered to targets in Australia, Bulgaria, Taiwan, and likely some other countries in Asia and Europe. Analyst Comment: Mustang Panda is likely exploring this communication protocol in an attempt to hide its C2 traffic. Defense-in-depth approach should be used to stop sophisticated threats that evolve and utilize various techniques of defense evasion. Sensitive government sector workers should be educated on spearphishing threats and be wary of executable files delivered in archives. MITRE ATT&CK: [MITRE ATT&CK] T1583.003 - Acquire Infrastructure: Virtual Private Server | [MITRE ATT&CK] T1583.004 - Acquire Infrastructure: Server | [MITRE ATT&CK] T1587.001 - Develop Capabilities: Malware | [MITRE ATT&CK] T1588.002 - Obtain Capabilities: Tool | [MITRE ATT&CK] T1608.001 - Stage Capabilities: Upload Malware | [MITRE ATT&CK] T1608.002 - Stage Capabilities: Upload Tool | [MITRE ATT&CK] T1566.002 - Phishing: Spearphishing Link | [MITRE ATT&CK] T1106: Native API | [MITRE ATT&CK] T1204.002 - User Execution: Malicious File | [MITRE ATT&CK] T1547.001 - Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder | [MITRE ATT&CK] T1036.004 - Masquerading: Masquerade Task Or Service | [MITRE ATT&CK] T1036.005 - Masquerading: Match Legitimate Name Or Location | [MITRE ATT&CK] T1480 - Execution Guardrails | [MITRE ATT&CK] T1622 - Debugger Evasion | ]]> 2023-03-07T16:30:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-mustang-panda-adopted-mqtt-protocol-redis-miner-optimization-risks-data-corruption-blacklotus-bootkit-reintroduces-vulnerable-uefi-binaries www.secnews.physaphae.fr/article.php?IdArticle=8316353 False Ransomware,Malware,Tool,Vulnerability,Threat,Medical None 1.00000000000000000000 AhnLab - Korean Security Firm Lazarus Group Attack Case Using Vulnerability of Certificate Software Commonly Used by Public Institutions and Universities Since two years ago (March 2021), the Lazarus group’s malware strains have been found in various Korean companies related to national defense, satellites, software, media press, etc. As such, ASEC (AhnLab Security Emergency Response Center) has been pursuing and analyzing the Lazarus threat group’s activities and related malware. The affected company in this case had been infiltrated by the Lazarus group in May 2022 and was re-infiltrated recently through the same software’s 0-Day vulnerability. During the infiltration in May 2022,... ]]> 2023-03-06T23:30:00+00:00 https://asec.ahnlab.com/en/48810/ www.secnews.physaphae.fr/article.php?IdArticle=8316149 False Malware,Vulnerability,Threat,Medical APT 38 3.0000000000000000 CVE Liste - Common Vulnerability Exposure CVE-2023-1151 2023-03-02T07:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1151 www.secnews.physaphae.fr/article.php?IdArticle=8314963 False Vulnerability,Guideline,Medical None None Anomali - Firm Blog Anomali Cyber Watch: Newly-Discovered WinorDLL64 Backdoor Has Code Similarities with Lazarus GhostSecret, Atharvan Backdoor Can Be Restricted to Communicate on Certain Days Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence WinorDLL64: A Backdoor From The Vast Lazarus Arsenal? (published: February 23, 2023) When the Wslink downloader (WinorLoaderDLL64.dll) was first discovered in 2021, it had no known payload and no known attribution. Now ESET researchers have discovered a Wslink payload dubbed WinorDLL64. This backdoor uses some of Wslink functions and the Wslink-established TCP connection encrypted with 256-bit AES-CBC cipher. WinorDLL64 has some code similarities with the GhostSecret malware used by North Korea-sponsored Lazarus Group. Analyst Comment: Wslink and WinorDLL64 use a well-developed cryptographic protocol to protect the exchanged data. Innovating advanced persistent groups like Lazarus often come out with new versions of their custom malware. It makes it important for network defenders to leverage the knowledge of a wider security community by adding relevant premium feeds and leveraging the controls automation via Anomali Platform integrations. MITRE ATT&CK: [MITRE ATT&CK] T1587.001 - Develop Capabilities: Malware | [MITRE ATT&CK] T1059.001: PowerShell | [MITRE ATT&CK] T1106: Native API | [MITRE ATT&CK] T1134.002 - Access Token Manipulation: Create Process With Token | [MITRE ATT&CK] T1070.004 - Indicator Removal on Host: File Deletion | [MITRE ATT&CK] T1087.001 - Account Discovery: Local Account | [MITRE ATT&CK] T1087.002 - Account Discovery: Domain Account | [MITRE ATT&CK] T1083 - File And Directory Discovery | [MITRE ATT&CK] T1135 - Network Share Discovery | [MITRE ATT&CK] T1057 - Process Discovery | [MITRE ATT&CK] T1012: Query Registry | [MITRE ATT&CK] Picus: The System Information Discovery Technique Explained - MITRE ATT&CK T1082 | [MITRE ATT&CK] T1614 - System Location Discovery | [MITRE ATT&CK] T1614.001 - System Location Discovery: System Language Discovery | [MITRE ATT&CK] T1016 - System Network Configuration Discovery | [MITRE ATT&CK] T1049 - System Network Connections Discovery |]]> 2023-02-28T16:15:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-newly-discovered-winordll64-backdoor-has-code-similarities-with-lazarus-ghostsecret-atharvan-backdoor-can-be-restricted-to-communicate-on-certain-days www.secnews.physaphae.fr/article.php?IdArticle=8314193 False Ransomware,Malware,Tool,Threat,Medical,Medical,Cloud APT 38 1.00000000000000000000 Recorded Future - FLux Recorded Future Danish hospitals hit by cyberattack from \'Anonymous Sudan\'

The websites of nine hospitals in Denmark went offline on Sunday evening following distributed-denial-of-service (DDoS) attacks from a group calling itself Anonymous Sudan. Copenhagen's health authority said on Twitter that although the websites for the hospitals were down, medical care at the facilities was unaffected by the attacks. It later added the sites were back […]]> 2023-02-27T12:42:51+00:00 https://therecord.media/danish-hospitals-hit-by-cyberattack-from-anonymous-sudan/ www.secnews.physaphae.fr/article.php?IdArticle=8313664 False Medical None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Integrating Cybersecurity in UX design Pexels Integrating Cybersecurity in UX design The digital landscape has ensured a wider range of businesses has access to a truly global marketplace. On one hand, this helps bolster a thriving entrepreneurial ecosystem. However, it also means there is a significant amount of competition. If your company’s website or mobile application doesn’t provide a stellar user experience (UX), consumers are able and willing to go elsewhere. Yet, in the online environment, UX is not your only consideration. There are various threats your business and consumers face from cyber criminals. Therefore, when developing your online tools, you need to adopt effective protections. Unfortunately, many businesses struggle with implementing strong security that doesn’t also disrupt the UX. Your best approach here is usually to integrate cybersecurity with UX design. So, let’s explore why and how you can achieve this. How are UX and Cybersecurity related? One of the mistakes too many businesses make is assuming that UX and cybersecurity are separate aspects of the digital infrastructure. They can certainly have independent intentions to an extent with different goals and actions to achieve these goals. Yet, understanding how they are closely related is the first step to effective integration. In some ways one can’t — or, at least, shouldn’t — exist without the other. A good example of this is the application of web design in high-stakes sectors, like telehealth care. There are two core types of telehealth services; asynchronous care and synchronous (live) care. While there is a difference here in how patients interact with the medical professional, both types involve the collection and storage of sensitive data. It’s certainly important from a UX perspective to make both asynchronous and live processes as simple and convenient as possible for patients. Yet, this simplicity shouldn’t sacrifice the security of the data. Clear and strong security protocols give consumers confidence in the system and the company they’re interacting with. This applies to not just healthcare industries but also eCommerce, education, and supply chain sectors, among others. Similarly, consumers may be more likely to adopt more secure behaviors if they can see how it feeds into the convenience and enjoyment of their experience. This means that the UX development process must involve security considerations from the ground up, rather than as an afterthought. How can you plan effectively? As with any project, planning is essential to the successful integration of cybersecurity and UX design. An improvisatory approach that involves tacking security or UX elements onto your site or app doesn’t result in a strong development. Wherever possible, your best route is to bring both the UX departments and cybersecurity professionals together in the planning process from the outset. Each department will have insights into one another’s challenges that benefit the project as a whole. Another key part of your planning process is researching and analyzing your users’ behavior concerning the types of online tools you’re developing. Work with business analytics professionals to understand in what ways security factors into your target demographic’s preferred online experiences.]]> 2023-02-27T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/integrating-cybersecurity-in-ux-design www.secnews.physaphae.fr/article.php?IdArticle=8313637 False Tool,Medical None 2.0000000000000000 CVE Liste - Common Vulnerability Exposure CVE-2023-1006 prompt(1) leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-221739.]]> 2023-02-24T09:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1006 www.secnews.physaphae.fr/article.php?IdArticle=8313129 False Vulnerability,Guideline,Medical None None Dark Reading - Informationweek Branch Student Medical Records Exposed After LAUSD Breach 2023-02-23T22:33:00+00:00 https://www.darkreading.com/analytics/student-medical-records-exposed-after-lausd-breach www.secnews.physaphae.fr/article.php?IdArticle=8313004 False Medical None 2.0000000000000000 Dark Reading - Informationweek Branch Hydrochasma Threat Group Bombards Targets with Slew of Commodity Malware, Tools 2023-02-23T19:54:00+00:00 https://www.darkreading.com/analytics/hydrochasma-bombards-targets-slew-commodity-malware-tools www.secnews.physaphae.fr/article.php?IdArticle=8312951 False Malware,Threat,Medical None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Lazarus Group Using New WinorDLL64 Backdoor to Exfiltrate Sensitive Data 2023-02-23T17:17:00+00:00 https://thehackernews.com/2023/02/lazarus-group-using-new-winordll64.html www.secnews.physaphae.fr/article.php?IdArticle=8312842 False Malware,Tool,Medical APT 38 1.00000000000000000000 AhnLab - Korean Security Firm Anti-Forensic Techniques Used By Lazarus Group Since approximately a year ago, the Lazarus group’s malware has been discovered in various Korean companies related to national defense, satellites, software, and media press. The AhnLab ASEC analysis team has been continuously tracking the Lazarus threat group’s activities and other related TTPs. Among the recent cases, this post aims to share the anti-forensic traces and details found in the systems that were infiltrated by the Lazarus group. Overview Definition of Anti-Forensics Anti-forensics refers to the tampering of evidence in... ]]> 2023-02-23T02:00:00+00:00 https://asec.ahnlab.com/en/48223/ www.secnews.physaphae.fr/article.php?IdArticle=8312769 False Malware,Threat,Medical APT 38 2.0000000000000000 Recorded Future - FLux Recorded Future Shipping companies, medical laboratories in Asia targeted in espionage campaign

Several shipping companies and medical laboratories in an Asian country have been targeted in an ongoing espionage campaign, Symantec says]]> 2023-02-22T22:42:55+00:00 https://therecord.media/shipping-companies-medical-laboratories-asia-covid19-espionage/ www.secnews.physaphae.fr/article.php?IdArticle=8312622 False Medical None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Hydrochasma: New Threat Actor Targets Shipping Companies and Medical Labs in Asia 2023-02-22T16:29:00+00:00 https://thehackernews.com/2023/02/hydrochasma-new-threat-actor-targets.html www.secnews.physaphae.fr/article.php?IdArticle=8312459 False Threat,Medical None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Hydrochasma Group Targets Asian Medical and Shipping Sectors 2023-02-22T16:00:00+00:00 https://www.infosecurity-magazine.com/news/hydrochasma-targets-asian-medical/ www.secnews.physaphae.fr/article.php?IdArticle=8312508 False Medical None 2.0000000000000000 ZoneAlarm - Security Firm Blog Norway Seizes Stolen Crypto Funds Linked to the Lazarus Group In March 2022, the Lazarus Group, a North Korea-backed hacking group, stole around $5.84 million worth of cryptocurrency through the Axie Infinity Ronin Bridge hack. However, over ten months later, the Norwegian police agency Økokrim announced they had seized the stolen funds. The crime-fighting unit was able to track the money on the blockchain, even … ]]> 2023-02-21T15:23:27+00:00 https://blog.zonealarm.com/2023/02/norway-seizes-stolen-crypto-funds-linked-to-the-lazarus-group/ www.secnews.physaphae.fr/article.php?IdArticle=8312231 True Medical APT 38 2.0000000000000000 ZoneAlarm - Security Firm Blog Norwegian Seize Stolen Crypto Funds Linked to the Lazarus Group In March 2022, the Lazarus Group, a North Korea-backed hacking group, stole around $5.84 million worth of cryptocurrency through the Axie Infinity Ronin Bridge hack. However, over ten months later, the Norwegian police agency Økokrim announced they had seized part of the stolen funds. The crime-fighting unit was able to track the money on the … ]]> 2023-02-21T15:23:27+00:00 https://blog.zonealarm.com/2023/02/norwegian-seize-stolen-crypto-funds-linked-to-the-lazarus-group/ www.secnews.physaphae.fr/article.php?IdArticle=8312195 False Medical APT 38 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Norway Seizes $5.84 Million in Cryptocurrency Stolen by Lazarus Hackers 2023-02-20T16:53:00+00:00 https://thehackernews.com/2023/02/norway-seizes-584-million-in.html www.secnews.physaphae.fr/article.php?IdArticle=8311878 False Medical APT 38 2.0000000000000000 Contagio - Site d infos ransomware Malware Arsenal used by Ember Bear (aka UAC-0056,Saint Bear, UNC2589, Lorec53, TA471, Nodaria, Nascent Ursa, LorecBear, Bleeding Bear, and DEV-0586) in attacks targeting Ukraine (samples)

2023-02-18Ember Bear (aka UAC-0056,Saint Bear, UNC2589, Lorec53, TA471, Nodaria, Nascent Ursa, LorecBear, Bleeding Bear, and DEV-0586) is an Advanced Persistent Threat (APT) group believed to be based in Russia. Their primary targets have been diplomatic and government entities in Europe, particularly Ukraine, and the United States. They have also targeted various industries, including defense, energy, and technology.

Download the full collectionEmail me if you need the password (see in my profile) (209 MB. 218 samples listed in the hash tables below).The malware arsenal collected here includes:Elephant framework (GrimPlant (Backdoor) and GraphSteel (Stealer).)Graphiron BackdoorOutSteel (LorecDocStealer)BabaDedaCobalt Strike (Beacon)SaintBot DownloaderWhisperGate WiperAPT Group DescriptionAPT Group aliases:UAC-0056 (UA CERT)Ember Bear (Crowdstrike)Saint Bear (F-Secure)UNC2589 (Fireeye, IBM)Lorec53 (NSFOCUS)TA471 (Proofpoint)Nodaria (Symantec)Nascent Ursa (Palo Alto)LorecBearBleeding Bear (Elastic)DEV-0586 (MIcrosoft)The group is a suspected Russian state-sponsored cyber espionage group that has been active since at least March 2021.The group primarily targets Ukraine and Georgia, but has also targeted Western European and North American foreign ministries, pharmaceutical companies, and financial sector organizations.The group is known for using various malicious implants such as GrimPlant, GraphSteel, and CobaltStrike Beacon, as well as spear phishing attacks with macro-embedded Excel documents.In January 2022, the group performed a destructive wiper attack on multiple Ukrainian government computers and websites, known as WhisperGate.The Lorec53 group is a new type of APT group fi]]> 2023-02-18T03:02:00+00:00 https://contagiodump.blogspot.com/2023/02/malware-arsenal-used-by-ember-bear-aka.html www.secnews.physaphae.fr/article.php?IdArticle=8311492 False Ransomware,Malware,Hack,Tool,Vulnerability,Threat,Medical None 2.0000000000000000 The Register - Site journalistique Anglais Norway finds a way to recover crypto North Korea pinched in Axie heist 2023-02-17T05:15:06+00:00 https://go.theregister.com/feed/www.theregister.com/2023/02/17/norwegian_authorities_found_59_million/ www.secnews.physaphae.fr/article.php?IdArticle=8311157 False Hack,Medical APT 38 3.0000000000000000 SecurityWeek - Security News 3.3 Million Impacted by Ransomware Attack at California Healthcare Provider The personal and health information of more than 3.3 million individuals was stolen in a ransomware attack at Regal Medical Group. ]]> 2023-02-13T14:34:20+00:00 https://www.securityweek.com/3-3-million-impacted-by-ransomware-attack-at-california-healthcare-provider/ www.secnews.physaphae.fr/article.php?IdArticle=8309657 False Ransomware,Medical None 2.0000000000000000 The Register - Site journalistique Anglais Ransomware crooks steal 3m+ patients\' medical records, personal info 2023-02-11T02:16:08+00:00 https://go.theregister.com/feed/www.theregister.com/2023/02/11/ransomware_regal_medical_group/ www.secnews.physaphae.fr/article.php?IdArticle=8308990 False Ransomware,Medical None 3.0000000000000000 Bleeping Computer - Magazine Américain California medical group data breach impacts 3.3 million patients 2023-02-10T12:36:22+00:00 https://www.bleepingcomputer.com/news/security/california-medical-group-data-breach-impacts-33-million-patients/ www.secnews.physaphae.fr/article.php?IdArticle=8308931 False Ransomware,Data Breach,Medical Heritage,Heritage 3.0000000000000000 CVE Liste - Common Vulnerability Exposure CVE-2023-0774 2023-02-10T12:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0774 www.secnews.physaphae.fr/article.php?IdArticle=8308901 False Vulnerability,Guideline,Medical None None Dark Reading - Informationweek Branch DPRK Using Unpatched Zimbra Devices to Spy on Researchers 2023-02-07T21:05:00+00:00 https://www.darkreading.com/remote-workforce/dprk-using-unpatched-zimbra-devices-to-spy-on-researchers- www.secnews.physaphae.fr/article.php?IdArticle=8308050 False Medical,Medical APT 38 3.0000000000000000 Anomali - Firm Blog Anomali Cyber Watch: MalVirt Obfuscates with KoiVM Virtualization, IceBreaker Overlay Hides V8 Bytecode Runtime Interpretation, Sandworm Deploys Multiple Wipers in Ukraine Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence No Pineapple! –DPRK Targeting of Medical Research and Technology Sector (published: February 2, 2023) In August-November 2022, North Korea-sponsored group Lazarus has been engaging in cyberespionage operations targeting defense, engineering, healthcare, manufacturing, and research organizations. The group has shifted their infrastructure from using domains to be solely IP-based. For initial compromise the group exploited known vulnerabilities in unpatched Zimbra mail servers (CVE-2022-27925 and CVE-2022-37042). Lazarus used off the shelf malware (Cobalt Strike, JspFileBrowser, JspSpy webshell, and WSO webshell), abused legitimate Windows and Unix tools (such as Putty SCP), and tools for proxying (3Proxy, Plink, and Stunnel). Two custom malware unique to North Korea-based advanced persistent threat actors were a new Grease version that enables RDP access on the host, and the Dtrack infostealer. Analyst Comment: Organizations should keep their mail server and other publicly-facing systems always up-to-date with the latest security features. Lazarus Group cyberespionage attacks are often accompanied by stages of multi-gigabyte exfiltration traffic. Suspicious connections and events should be monitored, detected and acted upon. Use the available YARA signatures and known indicators. MITRE ATT&CK: [MITRE ATT&CK] T1587.002 - Develop Capabilities: Code Signing Certificates | [MITRE ATT&CK] T1190 - Exploit Public-Facing Application | [MITRE ATT&CK] picus-security: The Most Used ATT&CK Technique—T1059 Command and Scripting Interpreter | [MITRE ATT&CK] T1569.002: Service Execution | [MITRE ATT&CK] T1106: Native API | [MITRE ATT&CK] T1505.003 - Server Software Component: Web Shell | [MITRE ATT&CK] T1037.005 - Boot or Logon Initialization Scripts: Startup Items | [MITRE ATT&CK] T1053.005 - Scheduled Task/Job: Scheduled Task | [MITRE ATT&CK] T1036.005 - Masquerading: Match Legitimate Name Or Location | [MITRE ATT&CK] T1553 - Subvert Trust Controls | [MITRE ATT&CK] T1070.004 - Indicator Removal on Host: File Deletion | [MITRE ATT&CK] T1070.007 - Indicator Removal: Clear Network Connection History And Configurations | ]]> 2023-02-07T17:23:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-malvirt-obfuscates-with-koivm-virtualization-icebreaker-overlay-hides-v8-bytecode-runtime-interpretation-sandworm-deploys-multiple-wipers-in-ukraine www.secnews.physaphae.fr/article.php?IdArticle=8307984 False Malware,Tool,Threat,Medical,Medical APT 38 3.0000000000000000 CVE Liste - Common Vulnerability Exposure CVE-2023-0707 2023-02-07T13:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0707 www.secnews.physaphae.fr/article.php?IdArticle=8307951 False Vulnerability,Guideline,Medical None None CVE Liste - Common Vulnerability Exposure CVE-2023-0706 2023-02-07T10:15:52+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0706 www.secnews.physaphae.fr/article.php?IdArticle=8307882 False Vulnerability,Guideline,Medical None None AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC The ethics of biometric data use in security a biometrics researcher helped investigators hack into a murder victim’s phone with only a photo of the man’s fingerprint. While security systems are getting more advanced all the time, current technology also allows cybercriminals to run wild with a single piece of biometric data, accessing everything from laptop logins to bank accounts. By its very nature, biometric authentication requires third parties to store biometric data. What happens if the information is exposed? In addition to potential hacking, breaching people’s personal data might reveal something they’d rather keep private. Vein patterns could reveal that a person has a vascular disorder, raising their insurance premiums. Fingerprints could expose a chromosomal disease. True, people give this same information to their doctors, and a medical data breach could have the same repercussions. But handing off biometric data to a commercial company — which isn’t bound by HIPAA or sworn to do no harm — is a much grayer area. Another issue that occasionally plagues biometric authentication is injuries and natural bodily changes. A single paper cut can derail a fingerprint scanner, and an aging eye throws iris scanners for a loop. People will have to update their photos every few years to remind the system what they look like. Some facial recognition programs can even predict how long a person will live. Insurance companies have expressed interest in getting hold of this data, since the way a person ages says a lot about their health. If stolen biometric data fed into an algorithm predicts a person won’t make it past 50, will their employer pass them up for a promotion? In the event of an accident, your family won’t easily be able to access your accounts if you use biometric authentication, since it’s not as simple as writing down a list of passwords. Maybe that’s a good thing — but maybe not. Another ethical dilemma with biometric data use is identifying people without their consent. Most people are used to being on camera at the grocery store, but if that same camera snaps a photo without permission and stores it for later retrieval, they probably won’t be too happy. Some people point out that you have no right to privacy in a public space, and that’s true — to an extent. But where do you draw the line between publicity and paparazzi? Is it OK to snap a stranger’s photo while you’re talking to them, or is that considered rude and intrusive? The benefits of biometric data Of course, no one would be handing off a photo of their face if the]]> 2023-02-06T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/the-ethics-of-biometric-data-use-in-security www.secnews.physaphae.fr/article.php?IdArticle=8307491 False Data Breach,Hack,Prediction,Medical None 2.0000000000000000 Recorded Future - FLux Recorded Future Hackers linked to North Korea targeted Indian medical org, energy sector

The North Korean military's notorious hacking arm – known as the Lazarus Group – has been accused of targeting public and private sector research organizations, an Indian medical research company and other businesses in the energy sector. Security analysts at WithSecure said they were called on to respond to a cyberattack that they initially tied to the […]]> 2023-02-02T21:04:29+00:00 https://therecord.media/hackers-linked-to-north-korea-targeted-indian-medical-org-energy-sector/ www.secnews.physaphae.fr/article.php?IdArticle=8306679 False Medical,Medical APT 38 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) North Korean Hackers Exploit Unpatched Zimbra Devices in \'No Pineapple\' Campaign 2023-02-02T15:15:00+00:00 https://thehackernews.com/2023/02/north-korean-hackers-exploit-unpatched.html www.secnews.physaphae.fr/article.php?IdArticle=8306524 False Medical APT 38 2.0000000000000000 Global Security Mag - Site de news francais WithSecure™ researchers link intelligence-gathering campaign targeting medical research and energy organizations back to North Korea\'s Lazarus Group Malware Update]]> 2023-02-02T09:12:35+00:00 https://www.globalsecuritymag.fr/WithSecure-TM-researchers-link-intelligence-gathering-campaign-targeting.html www.secnews.physaphae.fr/article.php?IdArticle=8306512 False Medical,Medical APT 38 1.00000000000000000000 CSO - CSO Daily Dashboard APT groups use ransomware TTPs as cover for intelligence gathering and sabotage To read this article in full, please click here]]> 2023-02-02T01:00:00+00:00 https://www.csoonline.com/article/3686580/apt-groups-use-ransomware-ttps-as-cover-for-intelligence-gathering-and-sabotage.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8306508 False Ransomware,Threat,Medical APT 38 2.0000000000000000 LogPoint - Blog Secu SAP: What is the SAP migration for 2027? SAP is one of the largest software companies in the world, providing enterprise application software across industries. Based in Germany, SAP software is used by 92% of Forbes Global 2000 companies, including organizations distributing 78% of the world's food and 82% of the world's medical devices. And so, as the saying goes when you have a [...] ]]> 2023-02-01T09:05:23+00:00 https://www.logpoint.com/fr/blog/sap-migration-2027/ www.secnews.physaphae.fr/article.php?IdArticle=8306129 False Medical None 2.0000000000000000 Anomali - Firm Blog Anomali Cyber Watch: KilllSomeOne Folders Invisible in Windows, Everything APIs Abuse Speeds Up Ransomware, APT38 Experiments with Delivery Vectors and Backdoors Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Chinese PlugX Malware Hidden in Your USB Devices? (published: January 26, 2023) Palo Alto researchers analyzed a PlugX malware variant (KilllSomeOne) that spreads via USB devices such as floppy, thumb, or flash drives. The variant is used by a technically-skilled group, possibly by the Black Basta ransomware. The actors use special shortcuts, folder icons and settings to make folders impersonating disks and a recycle bin directory. They also name certain folders with the 00A0 (no-break space) Unicode character thus hindering Windows Explorer and the command shell from displaying the folder and all the files inside it. Analyst Comment: Several behavior detections could be used to spot similar PlugX malware variants: DLL side loading, adding registry persistence, and payload execution with rundll32.exe. Incidents responders can check USB devices for the presence of no-break space as a folder name. MITRE ATT&CK: [MITRE ATT&CK] T1091 - Replication Through Removable Media | [MITRE ATT&CK] T1559.001 - Inter-Process Communication: Component Object Model | [MITRE ATT&CK] T1547.009 - Boot or Logon Autostart Execution: Shortcut Modification | [MITRE ATT&CK] T1574.002 - Hijack Execution Flow: Dll Side-Loading | [MITRE ATT&CK] T1036 - Masquerading | [MITRE ATT&CK] T1027 - Obfuscated Files Or Information | [MITRE ATT&CK] T1564.001: Hidden Files and Directories | [MITRE ATT&CK] T1105 - Ingress Tool Transfer Tags: detection:PlugX, detection:KilllSomeOne, USB, No-break space, file-type:DAT, file-type:EXE, file-type:DLL, actor:Black Basta, Windows Abraham's Ax Likely Linked to Moses Staff (published: January 26, 2023) Cobalt Sapling is an Iran-based threat actor active in hacking, leaking, and sabotage since at least November 2020. Since October 2021, Cobalt Sapling has been operating under a persona called Moses Staff to leak data from Israeli businesses and government entities. In November 2022, an additional fake identity was created, Abraham's Ax, to target government ministries in Saudi Arabia. Cobalt Sapling uses their custom PyDCrypt loader, the StrifeWater remote access trojan, and the DCSrv wiper styled as ransomware. Analyst Comment: A defense-in-depth approach can assist in creating a proactive stance against threat actors attempting to destroy data. Critical systems should be segregated from each other to minimize potential damage, with an]]> 2023-01-31T17:27:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-killlsomeone-folders-invisible-in-windows-everything-apis-abuse-speeds-up-ransomware-apt38-experiments-with-delivery-vectors-and-backdoors www.secnews.physaphae.fr/article.php?IdArticle=8305945 False Ransomware,Malware,Tool,Threat,Medical APT 38 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Two US Doctors Convicted of $30m Medicare Fraud 2023-01-31T10:00:00+00:00 https://www.infosecurity-magazine.com/news/two-us-doctors-convicted-30m/ www.secnews.physaphae.fr/article.php?IdArticle=8305821 False Medical None 2.0000000000000000 Global Security Mag - Site de news francais Cybermenace : le groupe TA444 déploie de nouvelles méthodes pour dérober des cryptomonnaies Malwares]]> 2023-01-25T14:41:22+00:00 https://www.globalsecuritymag.fr/Cybermenace-le-groupe-TA444-deploie-de-nouvelles-methodes-pour-derober-des.html www.secnews.physaphae.fr/article.php?IdArticle=8303977 False Medical APT 38 1.00000000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) FBI Says North Korean Hackers Behind $100 Million Horizon Bridge Crypto Theft 2023-01-24T17:28:00+00:00 https://thehackernews.com/2023/01/fbi-says-north-korean-hackers-behind.html www.secnews.physaphae.fr/article.php?IdArticle=8303677 False Hack,Threat,Medical APT 38 2.0000000000000000 Bleeping Computer - Magazine Américain FBI: North Korean hackers stole $100 million in Harmony crypto hack 2023-01-24T09:49:59+00:00 https://www.bleepingcomputer.com/news/security/fbi-north-korean-hackers-stole-100-million-in-harmony-crypto-hack/ www.secnews.physaphae.fr/article.php?IdArticle=8303700 False Hack,Medical APT 38 2.0000000000000000 CSO - CSO Daily Dashboard BrandPost: IoT Adoption in Healthcare Brings Security Opportunities To read this article in full, please click here]]> 2023-01-20T09:43:00+00:00 https://www.csoonline.com/article/3686188/iot-adoption-in-healthcare-brings-security-opportunities.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8302878 False Medical None 1.00000000000000000000 CSO - CSO Daily Dashboard BrandPost: Securing Critical Infrastructure with Zero Trust To read this article in full, please click here]]> 2023-01-19T12:48:00+00:00 https://www.csoonline.com/article/3686111/securing-critical-infrastructure-with-zero-trust.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8302670 False Industrial,Medical None 1.00000000000000000000 Checkpoint Research - Fabricant Materiel Securite AI Can Write Malware Now. Are We Doomed? Today’s AI can beat humans at Jeopardy, chess, recognizing faces and diagnosing medical conditions. As of last Fall it can write malware, too. In fact, it can write an entire attack chain: phishing emails, macros, reverse shells, you name it. What do we do now? ]]> 2023-01-15T22:05:17+00:00 https://research.checkpoint.com/2023/ai-can-write-malware-now-are-we-doomed/ www.secnews.physaphae.fr/article.php?IdArticle=8301342 False Malware,Medical None 2.0000000000000000 Dark Reading - Informationweek Branch Black Hat Flashback: The Deadly Consequences of Weak Medical Device Security 2023-01-10T14:00:00+00:00 https://www.darkreading.com/iot/black-hat-flashback-deadly-consequences-weak-medical-device-security www.secnews.physaphae.fr/article.php?IdArticle=8299524 False Hack,Medical None 1.00000000000000000000 CSO - CSO Daily Dashboard The BISO: bringing security to business and business to security descriptions found online and those laid out by multiple sources interviewed for this article. The people holding these roles also come from diverse educational and experiential backgrounds, at the core of which are strong familiarity with compliance regulations, solid cybersecurity foundations, and business acumen.To read this article in full, please click here]]> 2023-01-05T02:00:00+00:00 https://www.csoonline.com/article/3684728/the-biso-bringing-security-to-business-and-business-to-security.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8298064 False Medical None 2.0000000000000000 Anomali - Firm Blog Anomali Cyber Watch: Machine Learning Toolkit Targeted by Dependency Confusion, Multiple Campaigns Hide in Google Ads, Lazarus Group Experiments with Bypassing Mark-of-the-Web Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence PyTorch Discloses Malicious Dependency Chain Compromise Over Holidays (published: January 1, 2023) Between December 25th and December 30th, 2022, users who installed PyTorch-nightly were targeted by a malicious library. The malicious torchtriton dependency on PyPI uses the dependency confusion attack by having the same name as the legitimate one on the PyTorch repository (PyPI takes precedence unless excluded). The actor behind the malicious library claims that it was part of ethical research and that he alerted some affected companies via HackerOne programs (Facebook was allegedly alerted). At the same time the library’s features are more aligned with being a malware than a research project. The code is obfuscated, it employs anti-VM techniques and doesn’t stop at fingerprinting. It exfiltrates passwords, certain files, and the history of Terminal commands. Stolen data is sent to the C2 domain via encrypted DNS queries using the wheezy[.]io DNS server. Analyst Comment: The presence of the malicious torchtriton binary can be detected, and it should be uninstalled. PyTorch team has renamed the 'torchtriton' library to 'pytorch-triton' and reserved the name on PyPI to prevent similar attacks. Opensource repositories and apps are a valuable asset for many organizations but adoption of these must be security risk assessed, appropriately mitigated and then monitored to ensure ongoing integrity. MITRE ATT&CK: [MITRE ATT&CK] T1195.001 - Supply Chain Compromise: Compromise Software Dependencies And Development Tools | [MITRE ATT&CK] T1027 - Obfuscated Files Or Information | [MITRE ATT&CK] Picus: The System Information Discovery Technique Explained - MITRE ATT&CK T1082 | [MITRE ATT&CK] T1003.008 - OS Credential Dumping: /Etc/Passwd And /Etc/Shadow | [MITRE ATT&CK] T1041 - Exfiltration Over C2 Channel Tags: Dependency confusion, Dependency chain compromise, PyPI, PyTorch, torchtriton, Facebook, Meta AI, Exfiltration over DNS, Linux Linux Backdoor Malware Infects WordPress-Based Websites (published: December 30, 2022) Doctor Web researchers have discovered a new Linux backdoor that attacks websites based on the WordPress content management system. The latest version of the backdoor exploits 30 vulnerabilities in outdated versions of WordPress add-ons (plugins and themes). The exploited website pages are injected with a malicious JavaScript that intercepts all users clicks on the infected page to cause a malicious redirect. Analyst Comment: Owners of WordPress-based websites should keep all the components of the platform up-to-date, including third-party add-ons and themes. Use ]]> 2023-01-04T16:30:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-machine-learning-toolkit-targeted-by-dependency-confusion-multiple-campaigns-hide-in-google-ads-lazarus-group-experiments-with-bypassing-mark-of-the-web www.secnews.physaphae.fr/article.php?IdArticle=8297872 False Malware,Tool,Vulnerability,Threat,Patching,Medical APT 38,LastPass 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The FBI\'s Perspective on Ransomware 2023-01-04T15:54:00+00:00 https://thehackernews.com/2023/01/the-fbis-perspective-on-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=8297734 False Ransomware,Threat,Medical None 3.0000000000000000 Dark Reading - Informationweek Branch Holiday Spirit? LockBit Gives Children\'s Hospital Free Decryptor 2023-01-03T18:58:00+00:00 https://www.darkreading.com/attacks-breaches/holiday-spirit-lockbit-children-s-hospital-free-decryptor www.secnews.physaphae.fr/article.php?IdArticle=8297528 False Guideline,Medical None 2.0000000000000000 SC Magazine - Magazine NJ hospital CentraState diverting patients after cyberattack, IT shutdown 2023-01-03T15:25:59+00:00 https://www.scmagazine.com/analysis/ransomware/nj-hospital-centrastate-diverting-patients-after-cyberattack-it-shutdown www.secnews.physaphae.fr/article.php?IdArticle=8297552 False Ransomware,Medical None 1.00000000000000000000 SecurityWeek - Security News Data Breach at Louisiana Healthcare Provider Impacts 270,000 Patients 2022-12-29T10:42:45+00:00 https://www.securityweek.com/data-breach-louisiana-healthcare-provider-impacts-270000-patients www.secnews.physaphae.fr/article.php?IdArticle=8295758 False Data Breach,Medical None 2.0000000000000000 Bleeping Computer - Magazine Américain Ransomware attack at Louisiana hospital impacts 270,000 patients 2022-12-28T08:54:26+00:00 https://www.bleepingcomputer.com/news/security/ransomware-attack-at-louisiana-hospital-impacts-270-000-patients/ www.secnews.physaphae.fr/article.php?IdArticle=8295526 False Ransomware,Data Breach,Medical None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) BlueNoroff APT Hackers Using New Ways to Bypass Windows MotW Protection 2022-12-27T20:27:00+00:00 https://thehackernews.com/2022/12/bluenoroff-apt-hackers-using-new-ways.html www.secnews.physaphae.fr/article.php?IdArticle=8295250 False Medical APT 38 3.0000000000000000 SC Magazine - Magazine Clop ransomware group targeting provider-patient trust by infecting medical images 2022-12-20T20:24:13+00:00 https://www.scmagazine.com/analysis/ransomware/clop-ransomware-group-targeting-provider-patient-trust-by-infecting-medical-images www.secnews.physaphae.fr/article.php?IdArticle=8296297 False Ransomware,Medical None 3.0000000000000000 The Register - Site journalistique Anglais Iran-linked Charming Kitten espionage gang bares claws to pollies, power orgs 2022-12-15T02:35:09+00:00 https://go.theregister.com/feed/www.theregister.com/2022/12/15/charming_kitten_ta453_expands_targets/ www.secnews.physaphae.fr/article.php?IdArticle=8291417 False Medical APT 35 1.00000000000000000000 ProofPoint - Firm Security Iran-linked cyberspies expand targeting to medical researchers, travel agencies 2022-12-14T14:23:37+00:00 https://www.proofpoint.com/us/newsroom/news/iran-linked-cyberspies-expand-targeting-medical-researchers-travel-agencies www.secnews.physaphae.fr/article.php?IdArticle=8291796 False Medical None 2.0000000000000000 Anomali - Firm Blog Anomali Cyber Watch: MuddyWater Hides Behind Legitimate Remote Administration Tools, Vice Society Tops Ransomware Threats to Education, Abandoned JavaScript Library Domain Pushes Web-Skimmers Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence New MuddyWater Threat: Old Kitten; New Tricks (published: December 8, 2022) In 2020-2022, Iran-sponsored MuddyWater (Static Kitten, Mercury) group went through abusing several legitimate remote administration tools: RemoteUtilities, followed by ScreenConnect and then Atera Agent. Since September 2022, a new campaign attributed to MuddyWater uses spearphishing to deliver links to archived MSI files with yet another remote administration tool: Syncro. Deep Instinct researchers observed the targeting of Armenia, Azerbaijan, Egypt, Iraq, Israel, Jordan, Oman, Qatar, Tajikistan, and United Arab Emirates. Analyst Comment: Network defenders are advised to establish a baseline for typical running processes and monitor for remote desktop solutions that are not common in the organization. MITRE ATT&CK: [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] Remote Access Tools - T1219 Tags: mitre-group:MuddyWater, actor:Static Kitten, actor:Mercury, Iran, source-country:IR, APT, Cyberespionage, Ministry of Intelligence and Security, detection:Syncro, malware-type:RAT, file-type:MSI, file-type:ZIP, OneHub, Windows Babuk Ransomware Variant in Major New Attack (published: December 7, 2022) In November 2022, Morphisec researchers identified a new ransomware variant based on the Babuk source code that was leaked in 2021. One modification is lowering detection by abusing the legitimate Microsoft signed process: DLL side-loading into NTSD.exe — a Symbolic Debugger tool for Windows. The mechanism to remove the available Shadow Copies was changed to using Component Object Model objects that execute Windows Management Instrumentation queries. This sample was detected in a large, unnamed manufacturing company where attackers had network access and were gathering information for two weeks. They have compromised the company’s domain controller and used it to distribute ransomware to all devices within the organization through Group Policy Object. The delivered BAT script bypasses User Account Control and executes a malicious MSI file that contains files for DLL side-loading and an open-source-based reflective loader (OCS files). Analyst Comment: The attackers strive to improve their evasion techniques, their malware on certain steps hides behind Microsoft-signed processes and exists primarily in device memory. It increases the need for the defense-in-depth approach and robust monitoring of your organization domain. MITRE ATT&CK: [MITRE ATT&CK] Data Encrypted for Impact - T1486 | [MITRE ATT&CK] Abuse Elevation Control Mechanism - T1548 | [MITRE ATT&CK] Hijack Execution Flow - T1574 | ]]> 2022-12-13T16:00:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-muddywater-hides-behind-legitimate-remote-administration-tools-vice-society-tops-ransomware-threats-to-education-abandoned-javascript-library-domain-pushes-web-skimmers www.secnews.physaphae.fr/article.php?IdArticle=8290724 False Ransomware,Malware,Tool,Threat,Medical APT 38 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC 2023 Cybersecurity predictions 2022 AT&T Cybersecurity Insights Report, 75% of organizations are on a journey to the edge, the way we interact with technology is rapidly shifting. We are moving from input/output types of functions to more seamless interactions that deliver outcomes. With more of a focus on outcomes, security becomes the center of focus in the new democratized era of computing. We are just getting started with ideas for edge computing. And, by association, we are just getting started with what security means. Here are my predictions for some of the trends and highlights we will see in cybersecurity landscape in the year ahead. Move to the edge A new paradigm of computing is upon us. This new era is underpinned by 5G and edge. Edge is a word we have heard for quite some time, but in general conversation lacks a consistent definition. Vendors and business users alike tend to define edge in accordance with the technology stack being sold or used. When thinking about edge, consider these three characteristics as a starting point: A distributed model of management, intelligence, and networks Applications, workloads, and hosting closer to users and assets that are generating or consuming the data – may be on-premise or in the cloud Software defined Edge use cases are largely driven by the world of the internet of things (IoT) that collect and transmit data to make logical and rational decisions to derive an outcome. In 2023, we should expect to see an accelerated full-scale rollout of edge use cases in areas such as: Real-time fraud detection for financial services Automated warehousing with near real-time inventory management Near real-time visual inspections for uses as varied as manufacturing assembly lines, passport control at border crossing, and available parking spaces These use cases require connected systems from the network layer through to application monitoring/management, and require each component to be secure in order to derive the desired outcome. 2023 Cybersecurity predictions

With more democratized computing, security is no longer isolated, it is central to delivering strong business outcomes. In 2023, expect to see more edge use cases and applications. For successful implementation and with security at the core, expect to see the erosion of decades-old siloes such as networking, IT, app development, and security begin to fade away and enable more cross-functional work and roles. Read more about the edge ecosystem in the upcoming 2023 AT&T Cybersecurity Insights Report due out January 24, 2023. Check out our previous reports available here for: 2022 and ]]> 2022-12-13T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/2023-cybersecurity-predictions www.secnews.physaphae.fr/article.php?IdArticle=8290654 False Malware,Hack,Threat,Medical None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft Alerts Cryptocurrency Industry of Targeted Cyber Attacks 2022-12-07T14:52:00+00:00 https://thehackernews.com/2022/12/microsoft-alerts-cryptocurrency.html www.secnews.physaphae.fr/article.php?IdArticle=8288593 False Threat,Medical APT 38 3.0000000000000000 Anomali - Firm Blog Anomali Cyber Watch: Infected Websites Show Different Headers Depending on Search Engine Fingerprinting, 10 Android Platform Certificates Abused in the Wild, Phishing Group Impersonated Major UAE Oil Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Chinese Gambling Spam Targets World Cup Keywords (published: December 2, 2022) Since 2018, a large-scale website infection campaign was affecting up to over 100,000 sites at a given moment. Infected websites, mostly oriented at audiences in China, were modified with additional scripts. Compromised websites were made to redirect users to Chinese gambling sites. Title and Meta tags on the compromised websites were changed to display keywords that the attackers had chosen to abuse search engine optimization (SEO). At the same time, additional scripts were switching the page titles back to the original if the visitor fingerprinting did not show a Chinese search engine from a preset list (such as Baidu). Analyst Comment: Website owners should keep their systems updated, use unique strong passwords and introduce MFA for all privileged or internet facing resources, and employ server-side scanning to detect unauthorized malicious content. Implement secure storage for website backups. MITRE ATT&CK: [MITRE ATT&CK] Exploit Public-Facing Application - T1190 | [MITRE ATT&CK] Obfuscated Files or Information - T1027 Tags: SEO hack, HTML entities, Black hat SEO, Fraudulent redirects, Visitor fingerprinting, Gambling, Sports betting, World Cup, China, target-country:CN, JavaScript, Baidu, baiduspider, Sogou, 360spider, Yisou Leaked Android Platform Certificates Create Risks for Users (published: December 2, 2022) On November 30, 2022, Google reported 10 different Android platform certificates that were seen actively abused in the wild to sign malware. Rapid7 researchers found that the reported signed samples are adware, so it is possible that these platform certificates may have been widely available. It is not shared how these platform certificates could have been leaked. Analyst Comment: Malware signed with a platform certificate can enjoy privileged execution with system permissions, including permissions to access user data. Developers should minimize the number of applications requiring a platform certificate signature. Tags: Android, Google, Platform certificates, Signed malware, malware-type:Adware Blowing Cobalt Strike Out of the Water With Memory Analysis (published: December 2, 2022) The Cobalt Strike attack framework remains difficult to detect as it works mostly in memory and doesn’t touch the disk much after the initial loader stage. Palo Alto researchers analyzed three types of Cobalt Strike loaders: KoboldLoader which loads an SMB beacon, MagnetLoader loading an HTTPS beacon, and LithiumLoader loading a stager beacon. These beacon samples do not execute in normal sandbox environments and utilize in-me]]> 2022-12-06T17:09:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-infected-websites-show-different-headers-depending-on-search-engine-fingerprinting-10-android-platform-certificates-abused-in-the-wild-phishing-group-impersonated-major-uae-oil www.secnews.physaphae.fr/article.php?IdArticle=8288335 False Spam,Malware,Tool,Threat,Medical APT 38 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Russian Courts Targeted by New CryWiper Data Wiper Malware Posing as Ransomware 2022-12-05T17:54:00+00:00 https://thehackernews.com/2022/12/russian-courts-targeted-by-new-crywiper.html www.secnews.physaphae.fr/article.php?IdArticle=8287807 False Ransomware,Malware,Medical APT 38 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) North Korean Hackers Spread AppleJeus Malware Disguised as Cryptocurrency Apps 2022-12-05T16:00:00+00:00 https://thehackernews.com/2022/12/north-korean-hackers-spread-applejeus.html www.secnews.physaphae.fr/article.php?IdArticle=8287791 False Malware,Threat,Medical APT 38 3.0000000000000000 Anomali - Firm Blog Anomali Cyber Watch: URI Fragmentation Used to Stealthily Defraud Holiday Shoppers, Lazarus and BillBug Stick to Their Custom Backdoors, Z-Team Turned Ransomware into Wiper, and More Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence DEV-0569 Finds New Ways to Deliver Royal Ransomware, Various Payloads (published: November 17, 2022) From August to October, 2022, Microsoft researchers detected new campaigns by a threat group dubbed DEV-0569. For delivery, the group alternated between delivering malicious links by abusing Google Ads for malvertising and by using contact forms on targeted organizations’ public websites. Fake installer files were hosted on typosquatted domains or legitimate repositories (GitHub, OneDrive). First stage was user-downloaded, signed MSI or VHD file (BatLoader malware), leading to second stage payloads such as BumbleBee, Gozi, Royal Ransomware, or Vidar Stealer. Analyst Comment: DEV-0569 is a dangerous group for its abuse of legitimate services and legitimate certificates. Organizations should consider educating and limiting their users regarding software installation options. Links from alternative incoming messaging such as from contact forms should be treated as thorough as links from incoming email traffic. MITRE ATT&CK: [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] User Execution - T1204 | [MITRE ATT&CK] Ingress Tool Transfer - T1105 | [MITRE ATT&CK] Command and Scripting Interpreter - T1059 | [MITRE ATT&CK] Impair Defenses - T1562 | [MITRE ATT&CK] Data Encrypted for Impact - T1486 Tags: actor:DEV-0569, detection:Cobalt Strike, detection:Royal, malware-type:Ransomware, file-type:VHD, detection:NSudo, malware-type:Hacktool, detection:IcedID, Google Ads, Keitaro, Traffic distribution system, detection:Gozi, detection:BumbleBee, NirCmd, detection:BatLoader, malware-type:Loader, detection:Vidar, malware-type:Stealer, AnyDesk, GitHub, OneDrive, PowerShell, Phishing, SEO poisoning, TeamViewer, Adobe Flash Player, Zoom, Windows Highly Sophisticated Phishing Scams Are Abusing Holiday Sentiment (published: November 16, 2022) From mid-September 2022, a new phishing campaign targets users in North America with holiday special pretenses. It impersonated a number of major brands including Costco, Delta Airlines, Dick's, and Sam's Club. Akamai researchers analyzed techniques that the underlying sophisticated phishing kit was using. For defense evasion and tracking, the attackers used URI fragmentation. They were placing target-specific tokens after the URL fragment identifier (a hash mark, aka HTML anchor). The value was used by a JavaScript code running on the victim’s browser to reconstruct the redirecting URL. Analyst Comment: Evasion through URI fragmentation hides the token value from traff]]> 2022-11-22T23:47:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-uri-fragmentation-used-to-stealthily-defraud-holiday-shoppers-lazarus-and-billbug-stick-to-their-custom-backdoors-z-team-turned-ransomware-into-wiper-and-more www.secnews.physaphae.fr/article.php?IdArticle=8169179 False Ransomware,Malware,Tool,Threat,Guideline,Medical APT 38 4.0000000000000000 AhnLab - Korean Security Firm A Case of Malware Infection by the Lazarus Attack Group Disabling Anti-Malware Programs With the BYOVD Technique In the ASEC blog post uploaded on April 2022 (New Malware of Lazarus Threat Actor Group Exploiting INITECH Process, https://asec.ahnlab.com/en/33801/), the team discussed the fact that the Lazarus attack group had been exploiting the INITECH process to infect systems with malware. This article aims to cover the details of the Lazarus group using the watering hole technique to hack into systems before exploiting the vulnerability of the MagicLine4NX product from Dream Security in order to additionally hack into systems in... ]]> 2022-10-31T01:57:31+00:00 https://asec.ahnlab.com/en/40830/ www.secnews.physaphae.fr/article.php?IdArticle=7747128 False Malware,Hack,Vulnerability,Threat,Medical APT 38 None Anomali - Firm Blog Anomali Cyber Watch: Daixin Team Ransoms Healthcare Sector, Earth Berberoka Breaches Casinos for Data, Windows Affected by Bring-Your-Own-Vulnerable-Driver Attacks, and More Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Alert (AA22-294A) #StopRansomware: Daixin Team (published: October 21, 2022) Daixin Team is a double-extortion ransomware group that has been targeting US businesses, predominantly in the healthcare sector. Since June 2022, Daixin Team has been encrypting electronic health record services, diagnostics services, imaging services, and intranet services. The group has exfiltrated personal identifiable information and patient health information. Typical intrusion starts with initial access through virtual private network (VPN) servers gained by exploitation or valid credentials derived from prior phishing. They use SSH and RDP for lateral movement and target VMware ESXi systems with ransomware based on leaked Babuk Locker source code. Analyst Comment: Network defenders should keep organization’s VPN servers up-to-date on security updates. Enable multifactor authentication (MFA) on your VPN server and other critical accounts (administrative, backup-related, and webmail). Restrict the use of RDP, SSH, Telnet, virtual desktop and similar services in your environment. MITRE ATT&CK: [MITRE ATT&CK] Exploit Public-Facing Application - T1190 | [MITRE ATT&CK] Valid Accounts - T1078 | [MITRE ATT&CK] Account Manipulation - T1098 | [MITRE ATT&CK] OS Credential Dumping - T1003 | [MITRE ATT&CK] Remote Service Session Hijacking - T1563 | [MITRE ATT&CK] Use Alternate Authentication Material - T1550 | [MITRE ATT&CK] Exfiltration Over Web Service - T1567 | [MITRE ATT&CK] Data Encrypted for Impact - T1486 Tags: actor:Daixin Team, malware-type:Ransomware, PHI, SSH, RDP, Rclone, Ngrok, target-sector:Health Care NAICS 62, ESXi, VMware, Windows Exbyte: BlackByte Ransomware Attackers Deploy New Exfiltration Tool (published: October 21, 2022) Symantec detected a new custom data exfiltration tool used in a number of BlackByte ransomware attacks. This infostealer, dubbed Exbyte, performs anti-sandbox checks and proceeds to exfiltrate selected file types to a hardcoded Mega account. BlackByte ransomware-as-a-service operations were first uncovered in February 2022. The group’s recent attacks start with exploiting public-facing vulnerabilities of ProxyShell and ProxyLogon families. BlackByte removes Kernel Notify Routines to bypass Endpoint Detection and Response (EDR) products. The group uses AdFind, AnyDesk, Exbyte, NetScan, and PowerView tools and deploys BlackByte 2.0 ransomware payload. Analyst Comment: It is crucial that your company ensures that servers are]]> 2022-10-25T16:53:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-daixin-team-ransoms-healthcare-sector-earth-berberoka-breaches-casinos-for-data-windows-affected-by-bring-your-own-vulnerable-driver-attacks-and-more www.secnews.physaphae.fr/article.php?IdArticle=7673563 False Ransomware,Malware,Tool,Vulnerability,Threat,Medical APT 38 None CISCO Talos - Cisco Research blog The benefits of taking an intent-based approach to detecting Business Email Compromise

By Abhishek Singh.BEC is a multi-stage attack. Adversaries first identify targets, then they establish rapport with the victim before exploiting them for whatever their end goal is. In the case of BEC, a threat actor can impersonate any employee in the organization to trick targets. A policy that checks for authorized email addresses of the sender can prevent BEC attacks. However, scaling the approach for every employee in a large organization is a challenge. Building an executive profile based on email analysis using a machine learning model and scanning emails against that profile will detect BEC. Data collection for building and training machine learning algorithms can take time, though, opening a window of opportunity for threat actors to exploit. Detection of exploitation techniques such as lookalike domains and any differences in the email addresses in the "From" and "Reply-to" fields can also detect BEC messages. However, the final verdict cannot account for the threat actor's intent. The intent-based approach detects BEC and then classifies it into the type of scam. It catches BEC messages, irrespective of whether a threat actor is impersonating a C-level executive or any employee in an organization. Classification based on the type of scam can help identify which segment of an organization was targeted and which employees were being impersonated by the threat actor. The additional information will further assist in better designing preventive features to stop BEC. Business email compromise (BEC) is one of the most financially damaging online crimes. As per the internet crime 221 report, the total loss in 2021 due to BEC is around 2.4 billion dollars. Since 2013, BEC has resulted in a 43 billion dollars loss. The report defines BEC as a scam targeting businesses (not individuals) working with foreign suppliers and companies regularly performing wire transfer payments. Fraudsters carry out these sophisticated scams to conduct the unauthorized transfer of funds. This introduces the challenge of how to detect and block these campaigns as they continue to compromise organizations successfully. There are a variety of approaches to identifying BEC email messages, such as using policy to allow emails from authorized email addresses, detecting exploitation techniques used by threat actors, building profiles by analysis of emails, and validating against the profile to detect BEC. These approaches have a variety of limitations or shortcomings. Cisco Talos is taking a different approach and using an intent-based model to identify and block BEC messages. Before we get too deep into the intent-based model, take a deeper look at the commonly used approaches to block BEC from the simplistic through machine learning (ML) approaches. Policy-based detection The first place to start is with policy-based detection as it is one of the most common and simplistic approaches to blocking BEC campaigns. Let's start by looking at an example of a BEC email. ]]> 2022-10-18T08:41:18+00:00 http://blog.talosintelligence.com/2022/10/the-benefits-of-taking-intent-based.html www.secnews.physaphae.fr/article.php?IdArticle=7540074 False Threat,Medical,Cloud Yahoo,Uber,APT 38,APT 37,APT 29,APT 19,APT 15,APT 10 None CVE Liste - Common Vulnerability Exposure CVE-2022-32172 2022-10-06T18:16:03+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-32172 www.secnews.physaphae.fr/article.php?IdArticle=7323479 False Medical APT 38 None CVE Liste - Common Vulnerability Exposure CVE-2022-32171 2022-10-06T18:16:02+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-32171 www.secnews.physaphae.fr/article.php?IdArticle=7323478 False Medical APT 38 None Malwarebytes Labs - MalwarebytesLabs Bogus job offers hide trojanised open-source software Categories: NewsTags: malware Tags: ZINC Tags: microsoft Tags: infection Tags: C&C Tags: open source Tags: job offer Tags: fake Tags: LinkedIn A North Korean ZINC group is accused of creating compromised versions of KiTTY, PuTTY, TightVNC, and other popular open-source software apps (Read more...) ]]> 2022-10-05T15:45:00+00:00 https://www.malwarebytes.com/blog/news/2022/10/bogus-job-offers-lead-to-weaponised-open-source-software www.secnews.physaphae.fr/article.php?IdArticle=7312391 False Guideline,Medical APT 38 None Anomali - Firm Blog Anomali Cyber Watch: Canceling Subscription Installs Royal Ransomware, Lazarus Covinces to SSH to Its Servers, Polyglot File Executed Itself as a Different File Type, and More Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence New Royal Ransomware Emerges in Multi-Million Dollar Attacks (published: September 29, 2022) AdvIntel and BleepingComputer researchers describe the Royal ransomware group. Several experienced ransomware actors formed this group in January 2022. It started with third-party encryptors such as BlackCat, switched to using its own custom Zeon ransomware, and, since the middle of September 2022, the Royal ransomware. Royal group utilizes targeted callback phishing attacks. Its phishing emails impersonating food delivery and software providers contained phone numbers to cancel the alleged subscription (after the alleged end of a free trial). If an employee calls the number, Royal uses social engineering to convince the victim to install a remote access tool, which is used to gain initial access to the corporate network. Analyst Comment: Use services such as Anomali's Premium Digital Risk Protection to detect the abuse of your brands in typosquatting and phishing attacks. Organizations should include callback phishing attacks awareness into their anti-phishing training. MITRE ATT&CK: [MITRE ATT&CK] Data Encrypted for Impact - T1486 | [MITRE ATT&CK] Phishing - T1566 Tags: actor:Royal, detection:Zeon, detection:Royal, malware-type:Ransomware, detection:BlackCat, detection:Cobalt Strike, Callback phishing attacks, Spearphishing, Social Engineering ZINC Weaponizing Open-Source Software (published: September 29, 2022) Microsoft researchers described recent developments in Lazarus Group (ZINC) campaigns that start from social engineering conversations on LinkedIn. Since June 2022, Lazarus was able to trojanize several open-source tools (KiTTY, muPDF/Subliminal Recording software installer, PuTTY, TightVNC, and Sumatra PDF Reader). When a target extracts the trojanized tool from the ISO file and installs it, Lazarus is able to deliver their custom malware such as EventHorizon and ZetaNile. In many cases, the final payload was not delivered unless the target manually established an SSH connection to an attacker-controlled IP address provided in the attached ReadMe.txt file. Analyst Comment: All known indicators connected to this recent Lazarus Group campaign are available in the Anomali platform and customers are advised to block these on their infrastructure. Researchers should monitor for the additional User Execution step required for payload delivery. Defense contractors should be aware of advanced social engineering efforts abusing LinkedIn and other means of establishing trusted communication. MITRE ATT&CK: [MITRE ATT&CK] User Execution - T1204 | [MITRE ATT&CK] Scheduled Task - T1053 | ]]> 2022-10-04T18:08:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-canceling-subscription-installs-royal-ransomware-lazarus-covinces-to-ssh-to-its-servers-polyglot-file-executed-itself-as-a-different-file-type-and-more www.secnews.physaphae.fr/article.php?IdArticle=7298043 False Ransomware,Malware,Tool,Threat,Medical APT 38 None Security Affairs - Blog Secu Lazarus APT employed an exploit in a Dell firmware driver in recent attacks North Korea-linked Lazarus APT has been spotted deploying a Windows rootkit by taking advantage of an exploit in a Dell firmware driver. The North Korea-backed Lazarus Group has been observed deploying a Windows rootkit by relying on exploit in a Dell firmware driver dbutil_2_3.sys, ESET researchers warn. The discovery was made by ESET researchers while […] ]]> 2022-10-04T15:02:16+00:00 https://securityaffairs.co/wordpress/136623/apt/lazarus-exploit-dell-firmware-driver.html www.secnews.physaphae.fr/article.php?IdArticle=7296096 False Medical APT 38 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Hackers Exploiting Dell Driver Vulnerability to Deploy Rootkit on Targeted Computers 2022-10-03T16:26:00+00:00 https://thehackernews.com/2022/10/hackers-exploiting-dell-driver.html www.secnews.physaphae.fr/article.php?IdArticle=7292668 False Vulnerability,Threat,Medical APT 38 None