www.secnews.physaphae.fr

www.secnews.physaphae.fr This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-07-04T22:41:58+00:00 www.secnews.physaphae.fr Security Intelligence - Site de news Américain How to Deal With Unpatched Software Vulnerabilities Right Now 2021-11-05T16:00:00+00:00 http://feedproxy.google.com/~r/SecurityIntelligence/~3/v1F-12H9r3o/ www.secnews.physaphae.fr/article.php?IdArticle=3614716 False Threat None 2.0000000000000000 Security Affairs - Blog Secu Threat actor exploits MS ProxyShell flaws to deploy Babuk ransomware 2021-11-05T11:52:07+00:00 https://securityaffairs.co/wordpress/124222/malware/hackers-proxyshell-babuk-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=hackers-proxyshell-babuk-ransomware www.secnews.physaphae.fr/article.php?IdArticle=3613435 True Ransomware,Threat None None Bleeping Computer - Magazine Américain US defense contractor Electronic Warfare hit by data breach 2021-11-05T10:59:33+00:00 https://www.bleepingcomputer.com/news/security/us-defense-contractor-electronic-warfare-hit-by-data-breach/ www.secnews.physaphae.fr/article.php?IdArticle=3614153 False Data Breach,Threat None None Security Affairs - Blog Secu npm libraries coa and rc. have been hijacked to deliver password-stealing malware 2021-11-05T09:21:55+00:00 https://securityaffairs.co/wordpress/124218/hacking/npm-libraries-coa-rc-hijacked.html?utm_source=rss&utm_medium=rss&utm_campaign=npm-libraries-coa-rc-hijacked www.secnews.physaphae.fr/article.php?IdArticle=3613108 False Malware,Threat None None InfoSecurity Mag - InfoSecurity Magazine Ukraine Unmasks Armageddon Group as FSB Officers 2021-11-05T08:54:00+00:00 https://www.infosecurity-magazine.com/news/ukraine-unmasks-armageddon-group/ www.secnews.physaphae.fr/article.php?IdArticle=3612989 False Threat None None CyberSecurityVentures - cybersecurity services Ransomware Is the Number One Cybercrime In 2021 2021-11-04T21:57:36+00:00 https://cybersecurityventures.com/ransomware-is-the-number-one-cybercrime-in-2021/ www.secnews.physaphae.fr/article.php?IdArticle=3791182 False Threat None None SecurityWeek - Security News Ukraine Names Russian FSB Officers Involved in Gamaredon Cyberattacks 2021-11-04T14:55:50+00:00 http://feedproxy.google.com/~r/securityweek/~3/TfeGxPwuiv4/ukraine-names-russian-fsb-officers-involved-gamaredon-cyberattacks www.secnews.physaphae.fr/article.php?IdArticle=3608593 False Threat None None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe Magecart Credit Card Skimmer Avoids VMs to Fly Under the Radar 2021-11-04T12:51:48+00:00 https://threatpost.com/magecart-credit-card-skimmer-avoids-vms-to-fly-under-the-radar/175993/ www.secnews.physaphae.fr/article.php?IdArticle=3607697 False Threat None None Bleeping Computer - Magazine Américain Microsoft Exchange ProxyShell exploits used to deploy Babuk ransomware 2021-11-04T12:39:34+00:00 https://www.bleepingcomputer.com/news/security/microsoft-exchange-proxyshell-exploits-used-to-deploy-babuk-ransomware/ www.secnews.physaphae.fr/article.php?IdArticle=3608827 False Ransomware,Threat None None CVE Liste - Common Vulnerability Exposure CVE-2021-43032 2021-11-03T20:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43032 www.secnews.physaphae.fr/article.php?IdArticle=3606527 False Threat None None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe \'Tortilla\' Wraps Exchange Servers in ProxyShell Attacks 2021-11-03T18:16:37+00:00 https://threatpost.com/tortilla-exchange-servers-proxyshell/175967/ www.secnews.physaphae.fr/article.php?IdArticle=3605093 False Threat None 2.0000000000000000 Team Cymru - Equipe de Threat Intelligence Webinject Panel Administration: A Vantage Point into Multiple Threat Actor Campaigns [...] ]]> 2021-11-03T14:19:09+00:00 https://team-cymru.com/blog/2021/11/03/webinject-panel-administration-a-vantage-point-into-multiple-threat-actor-campaigns/ www.secnews.physaphae.fr/article.php?IdArticle=3605038 False Threat None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) BlackMatter Ransomware Reportedly Shutting Down; Latest Analysis Released ]]> 2021-11-03T08:24:34+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/5UvtykUeXgE/blackmatter-ransomware-reportedly.html www.secnews.physaphae.fr/article.php?IdArticle=3604448 False Ransomware,Threat None None Security Affairs - Blog Secu Cybercrime underground flooded with offers for initial access to shipping and logistics orgs 2021-11-03T08:18:18+00:00 https://securityaffairs.co/wordpress/124141/deep-web/cybercrime-initial-access-shipping-orgs.html?utm_source=rss&utm_medium=rss&utm_campaign=cybercrime-initial-access-shipping-orgs www.secnews.physaphae.fr/article.php?IdArticle=3602989 False Threat None None SecurityWeek - Security News IBM Security to Acquire ReaQta for xDR Push 2021-11-02T16:05:05+00:00 http://feedproxy.google.com/~r/securityweek/~3/Y4pXqamn-lQ/ibm-security-acquire-reaqta-xdr-push www.secnews.physaphae.fr/article.php?IdArticle=3599603 False Threat None None Anomali - Firm Blog Anomali Cyber Watch: Russian Intelligence Targets IT Providers, Malspam Abuses Squid Games, Another npm Library Compromise, and More Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence BlackMatter: New Data Exfiltration Tool Used in Attacks (published: November 1, 2021) Symantec researchers have discovered a custom data exfiltration tool, dubbed Exmatter, being used by the BlackMatter ransomware group. The same group has also been responsible for the Darkside ransomware - the variant that led to the May 2021 Colonial Pipeline outage. Exmatter is compiled as a .NET executable and obfuscated. This tool is designed to steal sensitive data and upload it to an attacker-controlled server prior to deployment of the ransomware as fast as possible. The speed is achieved via multiple filtering mechanisms: directory exclusion list, filetype whitelist, excluding files under 1,024 bytes, excluding files with certain attributes, and filename string exclusion list. Exmatter is being actively developed as three newer versions were found in the wild. Analyst Comment: Exmatter exfiltration tool by BlackMatter is following two custom data exfiltration tools linked to the LockBit ransomware operation. Attackers try to narrow down data sources to only those deemed most profitable or business-critical to speed up the whole exfiltration process. It makes it even more crucial for defenders to be prepared to quickly stop any detected exfiltration operation. MITRE ATT&CK: [MITRE ATT&CK] File and Directory Discovery - T1083 | [MITRE ATT&CK] Obfuscated Files or Information - T1027 | [MITRE ATT&CK] Data Encrypted for Impact - T1486 | [MITRE ATT&CK] Exfiltration Over Alternative Protocol - T1048 Tags: Exmatter, BlackMatter, Darkside, Ransomware, Exfiltration, Data loss prevention Iran Says Israel, U.S. Likely Behind Cyberattack on Gas Stations (published: October 31, 2021) Iranian General Gholamreza Jalali, head of Iran’s passive defense organization, went to state-run television to blame Israel and the U.S. for an October 26, 2021 cyberattack that paralyzed gasoline stations across the country. The attack on the fuel distribution chain in Iran forced the shutdown of a network of filling stations. The incident disabled government-issued electronic cards providing subsidies that tens of millions of Iranians use to purchase fuel at discounted prices. Jalali said the attack bore similarities to cyber strikes on Iran’s rail network and the Shahid Rajaee port. The latest attack displayed a message reading "cyberattack 64411" on gas pumps when people tried to use their subsidy cards. Similarly, in July 2021, attackers targeting Iranian railroad prompted victims to call 64411, the phone number for the office of Supreme Leader Ali Khamenei. Analyst Comment: Iran has not provided evidence behind the attribution, so]]> 2021-11-02T15:00:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-russian-intelligence-targets-it-providers-malspam-abuses-squid-games-another-npm-library-compromise-and-more www.secnews.physaphae.fr/article.php?IdArticle=3598623 False Ransomware,Malware,Tool,Threat,Guideline APT 29,APT 29 None IT Security Guru - Blog Sécurité Mobile phishing threats surged 161% in 2021 – Lookout Energy Threat Report 2021-11-02T14:08:52+00:00 https://www.itsecurityguru.org/2021/11/02/mobile-phishing-threats-surged-161-in-2021-lookout-energy-threat-report/?utm_source=rss&utm_medium=rss&utm_campaign=mobile-phishing-threats-surged-161-in-2021-lookout-energy-threat-report www.secnews.physaphae.fr/article.php?IdArticle=3598937 False Threat None None Security Intelligence - Site de news Américain Taking Threat Detection and Response to the Next Level with Open XDR 2021-11-02T13:00:00+00:00 http://feedproxy.google.com/~r/SecurityIntelligence/~3/7a4fUn2l3mE/ www.secnews.physaphae.fr/article.php?IdArticle=3598422 False Threat,Guideline None None SecurityWeek - Security News Security Pros Know What They Need to Do, But Constrained by Lack of Resources 2021-11-02T12:51:34+00:00 http://feedproxy.google.com/~r/securityweek/~3/J8HAewmPJk0/security-pros-know-what-they-need-do-constrained-lack-resources www.secnews.physaphae.fr/article.php?IdArticle=3598432 False Threat None None Security Affairs - Blog Secu Trojan Source attack method allows hiding flaws in source code 2021-11-02T11:54:59+00:00 https://securityaffairs.co/wordpress/124081/hacking/trojan-source-attack.html?utm_source=rss&utm_medium=rss&utm_campaign=trojan-source-attack www.secnews.physaphae.fr/article.php?IdArticle=3597965 False Threat None None Mandiant - Blog Sécu de Mandiant Mandiant Data Science présente la dernière recherche sur l'apprentissage de la machine de sécurité à Camlis \\ '21<br>Mandiant Data Science Showcases Latest Security Machine Learning Research at CAMLIS \\'21 Mandiant Advantage SaaS Platform, mais nous présentons égalementet publier des recherches de pointe à l'intersection de la sécurité et de l'apprentissage automatique lors des principales conférences de l'industrie et des universitaires.Nous sommes fiers d'annoncer que notre équipe a récemment eu quatre conférences acceptées au Conférence sur l'apprentissage appliqué en matière de sécurité de l'information (CAMLIS)

The Mandiant Data Science (MDS) team\'s mission is to develop innovative machine learning solutions that apply Mandiant\'s unique expertise and threat intelligence at scale for our customers. MDS is involved in many diverse projects delivered as part of the Mandiant Advantage SaaS platform, but we also present and publish cutting-edge research at the intersection of security and machine learning at leading industry and academic conferences. We are proud to announce that our team recently had four talks accepted at the Conference on Applied Machine Learning in Information Security (CAMLIS)]]> 2021-11-02T08:01:01+00:00 https://www.mandiant.com/resources/blog/mandiant-data-science-camlis21 www.secnews.physaphae.fr/article.php?IdArticle=8377531 False Threat,Cloud None 3.0000000000000000 Bleeping Computer - Magazine Américain Kaspersky\'s stolen Amazon SES token used in Office 365 phishing 2021-11-01T13:25:00+00:00 https://www.bleepingcomputer.com/news/security/kasperskys-stolen-amazon-ses-token-used-in-office-365-phishing/ www.secnews.physaphae.fr/article.php?IdArticle=3593827 False Threat None None Security Affairs - Blog Secu Balikbayan Foxes group spoofs Philippine gov to spread RATs 2021-11-01T10:20:13+00:00 https://securityaffairs.co/wordpress/124017/apt/balikbayan-foxes-campaings.html?utm_source=rss&utm_medium=rss&utm_campaign=balikbayan-foxes-campaings www.secnews.physaphae.fr/article.php?IdArticle=3591807 False Threat None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) New \'Trojan Source\' Technique Lets Hackers Hide Vulnerabilities in Source Code ]]> 2021-11-01T04:25:57+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/_WKugqXMP7s/new-trojan-source-technique-lets.html www.secnews.physaphae.fr/article.php?IdArticle=3591934 False Malware,Threat None None McAfee Labs - Editeur Logiciel Nation States Will Weaponize Social and Recruit Bad Guys with Benefits in 2022 McAfee Enterprise and FireEye recently released its 2022 Threat Predictions. In this blog, we take a deeper dive into the... ]]> 2021-11-01T04:01:14+00:00 https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-atr/nation-states-will-weaponize-social-and-recruit-bad-guys-with-benefits-in-2022/ www.secnews.physaphae.fr/article.php?IdArticle=3590326 False Threat None None Cyber Skills - Podcast Cyber Cyber Skills - ce que vous devez savoir<br>Cyber Skills - What You Need to Know Cyber Skills – Building Ireland Cyber Security Skills Cyber Skills is national programme funded by the Higher Education Authority Pillar 3 Human Capital Initiative. In collaboration with Munster Technological University, University College Dublin, Technological University Dublin, and University of Limerick we are committed to addressing t]]> 2021-11-01T00:00:00+00:00 https://www.cyberskills.ie/explore/news/cyber-skills---what-you-need-to-know.html www.secnews.physaphae.fr/article.php?IdArticle=8517445 False Vulnerability,Threat,Studies,Cloud None 2.0000000000000000 Security Affairs - Blog Secu Graff multinational jeweller hit by Conti gang. Data of its rich clients are at risk, including Trump and Beckham 2021-10-31T09:30:41+00:00 https://securityaffairs.co/wordpress/123980/cyber-crime/conti-ransomware-graff-jeweller.html?utm_source=rss&utm_medium=rss&utm_campaign=conti-ransomware-graff-jeweller www.secnews.physaphae.fr/article.php?IdArticle=3587748 False Ransomware,Threat,Guideline None None Security Affairs - Blog Secu Hacker accessed medical info at UMass Memorial Health 2021-10-30T20:48:30+00:00 https://securityaffairs.co/wordpress/123970/data-breach/umass-memorial-health-cyberattack.html?utm_source=rss&utm_medium=rss&utm_campaign=umass-memorial-health-cyberattack www.secnews.physaphae.fr/article.php?IdArticle=3586407 False Threat None None CybeReason - Vendor blog Webinar November 11th: Live Attack Simulation - Ransomware Threat Hunter Series

Webinar November 11th: Live Attack Simulation - Ransomware Threat Hunter Series

Ransomware has the potential to affect any organization with exposed defenses. The challenges presented by a multi-stage ransomware attack to large organizations with a mature security team in place are unique and require an informed response. ]]> 2021-10-29T15:49:18+00:00 https://www.cybereason.com/blog/webinar-november-11-live-attack-simulation-ransomware-threat-hunter-series www.secnews.physaphae.fr/article.php?IdArticle=3581299 True Ransomware,Threat None None Security Affairs - Blog Secu NSA and CISA explained how to prevent and detect lateral movement in 5G networks via cloud systems 2021-10-29T13:47:05+00:00 https://securityaffairs.co/wordpress/123910/reports/5g-networks-prevent-lateral-movement.html?utm_source=rss&utm_medium=rss&utm_campaign=5g-networks-prevent-lateral-movement www.secnews.physaphae.fr/article.php?IdArticle=3580644 False Threat None None Security Intelligence - Site de news Américain 2021 Cyber Resilient Organization Study: Rise of Ransomware Shows the Need for Zero Trust and XDR 2021-10-28T17:00:00+00:00 http://feedproxy.google.com/~r/SecurityIntelligence/~3/cKpc9eYNOmI/ www.secnews.physaphae.fr/article.php?IdArticle=3577101 False Ransomware,Threat None 4.0000000000000000 Security Affairs - Blog Secu AbstractEmu, a new Android malware with rooting capabilities 2021-10-28T15:47:16+00:00 https://securityaffairs.co/wordpress/123873/malware/abstractemu-android-malware.html?utm_source=rss&utm_medium=rss&utm_campaign=abstractemu-android-malware www.secnews.physaphae.fr/article.php?IdArticle=3577148 False Malware,Threat None None CybeReason - Vendor blog THREAT ANALYSIS REPORT: Snake Infostealer Malware

THREAT ANALYSIS REPORT: Snake Infostealer Malware

The Cybereason Global Security Operations Center (GSOC) issues Cybereason Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them.]]> 2021-10-28T13:00:12+00:00 https://www.cybereason.com/blog/threat-analysis-report-snake-infostealer-malware www.secnews.physaphae.fr/article.php?IdArticle=3576713 True Malware,Threat None None SecurityWeek - Security News Cisco Patches High-Severity DoS Vulnerabilities in ASA, FTD Software 2021-10-28T12:25:51+00:00 http://feedproxy.google.com/~r/securityweek/~3/K9SW2cVgkwQ/cisco-patches-high-severity-dos-vulnerabilities-asa-ftd-software www.secnews.physaphae.fr/article.php?IdArticle=3577163 False Threat None None CybeReason - Vendor blog Webinar: Live Attack Simulation - EMEA Ransomware Threat Hunter Series

Webinar: Live Attack Simulation - EMEA Ransomware Threat Hunter Series

Ransomware has the potential to affect any organization with exposed defenses. The challenges presented by a multi-stage ransomware attack to large organizations with a mature security team in place are unique and require an informed response. ]]> 2021-10-28T12:00:00+00:00 https://www.cybereason.com/blog/webinar-live-attack-simulation-emea-ransomware-threat-hunter-series www.secnews.physaphae.fr/article.php?IdArticle=3576715 True Ransomware,Threat None None Security Affairs - Blog Secu Crooks steal $130 million worth of cryptocurrency assets from Cream Finance 2021-10-28T09:40:24+00:00 https://securityaffairs.co/wordpress/123861/cyber-crime/cream-finance-cyber-heist-130m.html?utm_source=rss&utm_medium=rss&utm_campaign=cream-finance-cyber-heist-130m www.secnews.physaphae.fr/article.php?IdArticle=3577150 True Threat None None CISCO Talos - Cisco Research blog Quarterly Report: Incident Response trends from Q3 2021 ]]> 2021-10-28T05:00:00+00:00 http://feedproxy.google.com/~r/feedburner/Talos/~3/HmFBvyeAQLU/quarterly-report-incident-response.html www.secnews.physaphae.fr/article.php?IdArticle=3577116 False Ransomware,Threat None None Fortinet - Fabricant Materiel Securite Chaos Ransomware Variant in Fake Minecraft Alt List Brings Destruction to Japanese Gamers

]]> 2021-10-28T00:00:00+00:00 http://feedproxy.google.com/~r/fortinet/blogs/~3/hJQpHNLUkK0/chaos-ransomware-variant-in-fake-minecraft-alt-list-brings-destruction www.secnews.physaphae.fr/article.php?IdArticle=3581229 False Ransomware,Threat None None Fortinet - Fabricant Materiel Securite Black Friday Scams are Coming-Online Shoppers Should Approach with Caution

]]> 2021-10-28T00:00:00+00:00 http://feedproxy.google.com/~r/fortinet/blogs/~3/H4bj7WH-_N4/black-friday-scams-are-coming-online-shoppers-should-approach-with-caution www.secnews.physaphae.fr/article.php?IdArticle=3576310 False Threat None None CVE Liste - Common Vulnerability Exposure CVE-2021-40117 2021-10-27T19:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40117 www.secnews.physaphae.fr/article.php?IdArticle=3575367 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure CVE-2021-34794 2021-10-27T19:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34794 www.secnews.physaphae.fr/article.php?IdArticle=3575296 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure CVE-2021-34793 2021-10-27T19:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34793 www.secnews.physaphae.fr/article.php?IdArticle=3575295 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure CVE-2021-34790 2021-10-27T19:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34790 www.secnews.physaphae.fr/article.php?IdArticle=3575292 False Threat None None CVE Liste - Common Vulnerability Exposure CVE-2021-34791 2021-10-27T19:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34791 www.secnews.physaphae.fr/article.php?IdArticle=3575293 False Threat None None CVE Liste - Common Vulnerability Exposure CVE-2021-34783 2021-10-27T19:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34783 www.secnews.physaphae.fr/article.php?IdArticle=3575290 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure CVE-2021-34781 2021-10-27T19:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34781 www.secnews.physaphae.fr/article.php?IdArticle=3575289 False Vulnerability,Threat None 2.0000000000000000 CVE Liste - Common Vulnerability Exposure CVE-2021-34761 2021-10-27T19:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34761 www.secnews.physaphae.fr/article.php?IdArticle=3575285 False Vulnerability,Threat None 5.0000000000000000 CVE Liste - Common Vulnerability Exposure CVE-2021-34787 2021-10-27T19:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34787 www.secnews.physaphae.fr/article.php?IdArticle=3575291 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure CVE-2021-40125 2021-10-27T19:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40125 www.secnews.physaphae.fr/article.php?IdArticle=3575369 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure CVE-2021-40118 2021-10-27T19:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40118 www.secnews.physaphae.fr/article.php?IdArticle=3575368 False Threat None None CVE Liste - Common Vulnerability Exposure CVE-2021-34755 2021-10-27T19:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34755 www.secnews.physaphae.fr/article.php?IdArticle=3575283 False Threat None 4.0000000000000000 CVE Liste - Common Vulnerability Exposure CVE-2021-34754 2021-10-27T19:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34754 www.secnews.physaphae.fr/article.php?IdArticle=3575282 False Threat None 4.0000000000000000 CVE Liste - Common Vulnerability Exposure CVE-2021-34756 2021-10-27T19:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34756 www.secnews.physaphae.fr/article.php?IdArticle=3575284 False Threat None 2.0000000000000000 CybeReason - Vendor blog THREAT ALERT: Malicious Code Implant in the UAParser.js Library

THREAT ALERT: Malicious Code Implant in the UAParser.js Library

The Cybereason Global Security Operations Center (SOC) issues Cybereason Threat Alerts to inform customers of emerging impacting threats. The Alerts summarize these threats and provide practical recommendations for protecting against them.]]> 2021-10-27T17:25:51+00:00 https://www.cybereason.com/blog/threat-alert-malicious-code-implant-in-the-uaparser.js-library www.secnews.physaphae.fr/article.php?IdArticle=3574114 True Threat None None Security Affairs - Blog Secu The 9th edition of the ENISA Threat Landscape (ETL) report is out! 2021-10-27T13:47:47+00:00 https://securityaffairs.co/wordpress/123839/security/enisa-threat-landscape-report-2021.html?utm_source=rss&utm_medium=rss&utm_campaign=enisa-threat-landscape-report-2021 www.secnews.physaphae.fr/article.php?IdArticle=3572899 False Threat None None ZD Net - Magazine Info Meet Balikbayan Foxes: a threat group impersonating the Philippine gov\'t 2021-10-27T11:30:00+00:00 https://www.zdnet.com/article/proofpoint-unmasks-balikbayan-foxes-a-threat-group-impersonating-the-philippine-govt/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=3572740 False Threat None None We Live Security - Editeur Logiciel Antivirus ESET Wslink: Unique and undocumented malicious loader that runs as a server 2021-10-27T09:30:06+00:00 http://feedproxy.google.com/~r/eset/blog/~3/tSW0dqoFVbo/ www.secnews.physaphae.fr/article.php?IdArticle=3577030 False Tool,Threat None None InfoSecurity Mag - InfoSecurity Magazine North Korean Lazarus APT Targets Software Supply Chain 2021-10-27T09:30:00+00:00 https://www.infosecurity-magazine.com/news/north-korean-lazarus-software/ www.secnews.physaphae.fr/article.php?IdArticle=3571769 False Threat APT 38,APT 28 4.0000000000000000 Mandiant - Blog Sécu de Mandiant Fichier exécutable portable infectant les logiciels malveillants se trouve de plus en plus dans les réseaux OT<br>Portable Executable File Infecting Malware Is Increasingly Found in OT Networks While researching files associated with a range of operational technology (OT) original equipment manufacturers (OEM), Mandiant Threat Intelligence uncovered a large number of legitimate portable executable (PE) binaries affected by various types of PE infecting malware. The infected files include binaries associated with programmable logical controllers (PLC), OLE for process control (OPC) communications, human-machine interface (HMI) applications, and other OT functions supported by Windows-based devices at levels 2 and 3 of the Purdue Model. A PE is a file format developed by Microsoft]]> 2021-10-27T08:01:01+00:00 https://www.mandiant.com/resources/blog/pe-file-infecting-malware-ot www.secnews.physaphae.fr/article.php?IdArticle=8377535 False Malware,Threat,Industrial None 3.0000000000000000 McAfee Labs - Editeur Logiciel McAfee Enterprise & FireEye 2022 Threat Predictions 2021-10-27T04:01:11+00:00 https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-atr/mcafee-enterprise-fireeye-2022-threat-predictions/ www.secnews.physaphae.fr/article.php?IdArticle=3570846 False Threat None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Latest Report Uncovers Supply Chain Attacks by North Korean Hackers ]]> 2021-10-27T00:14:47+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/nYK8fTcVuRM/latest-report-uncovers-supply-chain.html www.secnews.physaphae.fr/article.php?IdArticle=3571547 False Malware,Threat,Medical APT 38,APT 28 None Bleeping Computer - Magazine Américain Spammers use Squirrelwaffle malware to drop Cobalt Strike 2021-10-26T15:45:30+00:00 https://www.bleepingcomputer.com/news/security/spammers-use-squirrelwaffle-malware-to-drop-cobalt-strike/ www.secnews.physaphae.fr/article.php?IdArticle=3569198 False Malware,Threat None None CybeReason - Vendor blog Microsoft Publishes Veiled Mea Culpa Disguised as Research

Microsoft Publishes Veiled Mea Culpa Disguised as Research

The Microsoft Threat Intelligence Center (MSTIC) shared a report warning that NOBELIUM-the threat actor behind the SolarWinds attacks-is targeting delegated administrative privileges as part of a larger malicious campaign. Microsoft cautions that attackers are attempting to gain access to downstream customers of multiple cloud providers, managed service providers (MSPs), and IT services organizations in what at first glance appears to be a standard threat intelligence report, but upon examination more closely resembles a technical vulnerability disclosure. ]]> 2021-10-26T15:21:56+00:00 https://www.cybereason.com/blog/microsoft-publishes-veiled-mea-culpa-disguised-as-research www.secnews.physaphae.fr/article.php?IdArticle=3567535 False Vulnerability,Threat None None SecurityWeek - Security News BillQuick Billing Software Exploited to Hack U.S. Engineering Company 2021-10-26T12:28:47+00:00 http://feedproxy.google.com/~r/securityweek/~3/Xu0UXShZbKY/billquick-billing-software-exploited-hack-us-engineering-company www.secnews.physaphae.fr/article.php?IdArticle=3566663 False Hack,Threat None None Kaspersky - Kaspersky Research blog APT trends report Q3 2021 2021-10-26T10:00:11+00:00 https://securelist.com/apt-trends-report-q3-2021/104708/ www.secnews.physaphae.fr/article.php?IdArticle=3566240 False Threat None None Security Affairs - Blog Secu UltimaSMS subscription fraud campaign targeted millions of Android users 2021-10-26T08:32:07+00:00 https://securityaffairs.co/wordpress/123795/malware/ultimasms-massive-fraud-campaign.html?utm_source=rss&utm_medium=rss&utm_campaign=ultimasms-massive-fraud-campaign www.secnews.physaphae.fr/article.php?IdArticle=3565411 False Threat None None InfoSecurity Mag - InfoSecurity Magazine GCHQ Boss: Ransomware Has Doubled in a Year 2021-10-26T08:30:00+00:00 https://www.infosecurity-magazine.com/news/gchq-boss-ransomware-doubled-year/ www.secnews.physaphae.fr/article.php?IdArticle=3565288 False Ransomware,Threat None None Fortinet - Fabricant Materiel Securite Rickard Sellstedt, an NSE 8 Network and Security Engineer

]]> 2021-10-26T00:00:00+00:00 http://feedproxy.google.com/~r/fortinet/blogs/~3/23susn5Xglc/fortinet-network-and-security-engineer-nse-8-profile www.secnews.physaphae.fr/article.php?IdArticle=3567711 False Threat None None Security Intelligence - Site de news Américain Nobelium Espionage Campaign Persists, Service Providers in Crosshairs 2021-10-25T19:30:00+00:00 http://feedproxy.google.com/~r/SecurityIntelligence/~3/y9am4Yo_30k/ www.secnews.physaphae.fr/article.php?IdArticle=3562105 False Threat None None CybeReason - Vendor blog Webinar: Live Attack Simulation - Ransomware Threat Hunter Series

Webinar: Live Attack Simulation - Ransomware Threat Hunter Series

Ransomware has the potential to affect any organization with exposed defenses. The challenges presented by a multi-stage ransomware attack to large organizations with a mature security team in place are unique and require an informed response. ]]> 2021-10-25T16:22:58+00:00 https://www.cybereason.com/blog/webinar-live-attack-simulation-ransomware-threat-hunter-series www.secnews.physaphae.fr/article.php?IdArticle=3561119 False Ransomware,Threat None None SecurityWeek - Security News Changing Approaches to Preventing Ransomware Attacks 2021-10-25T14:54:45+00:00 http://feedproxy.google.com/~r/securityweek/~3/T42x-G-Y08U/changing-approaches-preventing-ransomware-attacks www.secnews.physaphae.fr/article.php?IdArticle=3560322 False Ransomware,Threat None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Hackers Exploited Popular BillQuick Billing Software to Deploy Ransomware ]]> 2021-10-25T01:19:44+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/58qR9l4jlls/hackers-exploited-popular-billquick.html www.secnews.physaphae.fr/article.php?IdArticle=3558236 False Ransomware,Vulnerability,Threat None None Fortinet - Fabricant Materiel Securite Global Cyber Threat Intelligence Partnerships: An Opportunity to Work Together

]]> 2021-10-25T00:00:00+00:00 http://feedproxy.google.com/~r/fortinet/blogs/~3/-Z4ba1C8lWc/global-cyber-threat-intelligence-partnerships www.secnews.physaphae.fr/article.php?IdArticle=3560602 False Threat None None Security Affairs - Blog Secu Security Affairs newsletter Round 337 2021-10-24T13:40:20+00:00 https://securityaffairs.co/wordpress/123723/breaking-news/security-affairs-newsletter-round-337.html?utm_source=rss&utm_medium=rss&utm_campaign=security-affairs-newsletter-round-337 www.secnews.physaphae.fr/article.php?IdArticle=3555212 False Threat None 3.0000000000000000 Security Affairs - Blog Secu Threat actors offer for sale data for 50 millions of Moscow drivers 2021-10-24T09:47:43+00:00 https://securityaffairs.co/wordpress/123711/data-breach/moscow-drivers-data-leak.html?utm_source=rss&utm_medium=rss&utm_campaign=moscow-drivers-data-leak www.secnews.physaphae.fr/article.php?IdArticle=3554483 False Threat None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft Warns of TodayZoo Phishing Kit Used in Extensive Credential Stealing Attacks ]]> 2021-10-23T09:25:31+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/F_Qonprj3Po/microsoft-warns-of-todayzoo-phishing.html www.secnews.physaphae.fr/article.php?IdArticle=3553492 False Tool,Threat None None SecurityWeek - Security News Cookie Theft Malware Used to Hijack YouTube Accounts 2021-10-22T08:51:49+00:00 http://feedproxy.google.com/~r/securityweek/~3/JjBIqS3BLPs/cookie-theft-malware-used-hijack-youtube-accounts www.secnews.physaphae.fr/article.php?IdArticle=3547976 False Malware,Threat None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) \'Lone Wolf\' Hacker Group Targeting Afghanistan and India with Commodity RATs ]]> 2021-10-22T08:01:26+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/a6Rp-gw4_o8/lone-wolf-hacker-group-targeting.html www.secnews.physaphae.fr/article.php?IdArticle=3550875 False Malware,Threat None None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe TA551 Shifts Tactics to Install Sliver Red-Teaming Tool 2021-10-21T19:31:40+00:00 https://threatpost.com/ta551-tactics-sliver-red-teaming/175651/ www.secnews.physaphae.fr/article.php?IdArticle=3545634 False Ransomware,Tool,Threat,Guideline None None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe Gigabyte Allegedly Hit by AvosLocker Ransomware 2021-10-21T17:33:24+00:00 https://threatpost.com/gigabyte-avoslocker-ransomware-gang/175642/ www.secnews.physaphae.fr/article.php?IdArticle=3544927 False Ransomware,Threat None None Security Intelligence - Site de news Américain Database Security Best Practices: The Essential Guide 2021-10-21T16:00:00+00:00 http://feedproxy.google.com/~r/SecurityIntelligence/~3/LoVCZggFRFU/ www.secnews.physaphae.fr/article.php?IdArticle=3544884 False Threat None None Graham Cluley - Blog Security US Government warns of BlackMatter ransomware attacks against critical infrastructure 2021-10-21T15:49:34+00:00 https://www.tripwire.com/state-of-security/security-data-protection/us-government-warns-of-blackmatter-ransomware-attacks-against-critical-infrastructure/ www.secnews.physaphae.fr/article.php?IdArticle=3544216 False Ransomware,Threat None None UnderNews - Site de news "pirate" francais Les fonctions de threat intelligence – plébiscitées par les fournisseurs de services managés Les fonctions de threat intelligence – plébiscitées par les fournisseurs de services managés first appeared on UnderNews.]]> 2021-10-21T13:39:26+00:00 https://www.undernews.fr/reseau-securite/les-fonctions-de-threat-intelligence-plebiscitees-par-les-fournisseurs-de-services-manages.html www.secnews.physaphae.fr/article.php?IdArticle=3543538 False Threat None None ComputerWeekly - Computer Magazine Airport operator MAG boosts threat visibility with hybrid SOC 2021-10-21T11:00:00+00:00 https://www.computerweekly.com/news/252508144/Airport-operator-MAG-boosts-threat-visibility-with-hybrid-SOC www.secnews.physaphae.fr/article.php?IdArticle=3544286 False Threat None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Hackers Stealing Browser Cookies to Hijack High-Profile YouTube Accounts ]]> 2021-10-21T00:03:14+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/-360A4XB0aQ/hackers-stealing-browser-cookies-to.html www.secnews.physaphae.fr/article.php?IdArticle=3542078 False Threat None None Security Affairs - Blog Secu YouTube creators\' accounts hijacked with cookie-stealing malware 2021-10-20T22:56:47+00:00 https://securityaffairs.co/wordpress/123630/hacking/youtube-creators-accounts-hijacked-malware.html?utm_source=rss&utm_medium=rss&utm_campaign=youtube-creators-accounts-hijacked-malware www.secnews.physaphae.fr/article.php?IdArticle=3540593 False Malware,Threat None None Security Intelligence - Site de news Américain Detections That Can Help You Identify Ransomware 2021-10-20T21:30:00+00:00 http://feedproxy.google.com/~r/SecurityIntelligence/~3/gxHq9r3kheI/ www.secnews.physaphae.fr/article.php?IdArticle=3540019 False Ransomware,Threat None None InfoSecurity Mag - InfoSecurity Magazine Russian Cyber-criminals Switch to Cloud 2021-10-20T20:47:00+00:00 https://www.infosecurity-magazine.com/news/russian-cybercriminals-switch-to/ www.secnews.physaphae.fr/article.php?IdArticle=3542147 False Threat None None Security Affairs - Blog Secu Acer suffers a second data breach in a week 2021-10-20T13:19:49+00:00 https://securityaffairs.co/wordpress/123616/data-breach/acer-suffers-second-data-breach.html?utm_source=rss&utm_medium=rss&utm_campaign=acer-suffers-second-data-breach www.secnews.physaphae.fr/article.php?IdArticle=3537154 False Data Breach,Threat None None Bleeping Computer - Magazine Américain Political-themed actor using old MS Office flaw to drop multiple RATs 2021-10-20T12:59:16+00:00 https://www.bleepingcomputer.com/news/security/political-themed-actor-using-old-ms-office-flaw-to-drop-multiple-rats/ www.secnews.physaphae.fr/article.php?IdArticle=3538047 False Threat None None CybeReason - Vendor blog Why All Telemetry is Essential for XDR Performance

Why All Telemetry is Essential for XDR Performance

Robust telemetry is essential to any threat detection and response strategy. Organizations need the ability to collect threat information from across their IT infrastructure so that they can see what's going on in their environments and correlate the intelligence across devices, personas, application suites, and the cloud so that it's actionable.]]> 2021-10-20T12:39:41+00:00 https://www.cybereason.com/blog/why-all-telemetry-is-essential-for-xdr-performance www.secnews.physaphae.fr/article.php?IdArticle=3537025 False Threat None None SecurityWeek - Security News U.S. Government Issues Urgent Warning on BlackMatter Ransomware 2021-10-19T21:42:01+00:00 http://feedproxy.google.com/~r/securityweek/~3/IFl9VeBPkPU/us-government-issues-urgent-warning-blackmatter-ransomware www.secnews.physaphae.fr/article.php?IdArticle=3533820 False Ransomware,Threat None None SecurityWeek - Security News Nation-State APT Targets Afghans With New Toolset 2021-10-19T21:31:23+00:00 http://feedproxy.google.com/~r/securityweek/~3/UEN25rNr30A/nation-state-apt-targets-afghans-new-toolset www.secnews.physaphae.fr/article.php?IdArticle=3533821 False Threat None None Security Affairs - Blog Secu Experts found many similarities between the new Karma Ransomware and Nemty variants 2021-10-19T17:48:31+00:00 https://securityaffairs.co/wordpress/123568/malware/karma-ransomware-nemty-similarities.html?utm_source=rss&utm_medium=rss&utm_campaign=karma-ransomware-nemty-similarities www.secnews.physaphae.fr/article.php?IdArticle=3532759 False Ransomware,Threat None None CISCO Talos - Cisco Research blog Malicious campaign uses a barrage of commodity RATs to target Afghanistan and India ]]> 2021-10-19T17:01:51+00:00 http://feedproxy.google.com/~r/feedburner/Talos/~3/-nsIY85fJB0/crimeware-targets-afghanistan-india.html www.secnews.physaphae.fr/article.php?IdArticle=3534714 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure CVE-2021-3746 2021-10-19T15:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3746 www.secnews.physaphae.fr/article.php?IdArticle=3532418 False Vulnerability,Threat None None Anomali - Firm Blog Anomali Cyber Watch: FIN12 Ramps-Up in Europe, Interactsh Being Used For Malicious Purposes, New Yanluowang Ransomware and More Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Harvester: Nation-State-Backed Group Uses New Toolset To Target Victims In South Asia (published: October 18, 2021) A new threat group dubbed ‘Harvester’ has been found attacking organizations in South Asia and Afghanistan using a custom toolset composed of both public and private malware. Given the nature of the targets, which include governments, IT and Telecom companies, combined with the information stealing campaign, there is a high likelihood that this group is Nation-State backed. The initial infection method is unknown, but victim machines are directed to a URL that checks for a local file (winser.dll). If it doesn’t exist, a redirect is performed for a VBS file to download and run; this downloads and installs the Graphon backdoor. The command and control (C2) uses legitimate Microsoft and CloudFront services to mask data exfiltration. Analyst Comment: Nation-state threat actors are continually evolving their tactics, techniques and tools to adapt and infiltrate victim governments and/or companies. Ensure that employees have a training policy that reflects education on only downloading programs or documents from known, trusted sources. It is also important to notify management and the proper IT department if you suspect malicous activity may be occurring. MITRE ATT&CK: [MITRE ATT&CK] Process Injection - T1055 | [MITRE ATT&CK] Process Discovery - T1057 Tags: Backdoor.Graphon, Cobalt Strike Beacon, Metasploit Attackers Are Taking Advantage of the Open-Source Service Interactsh for Malicious Purposes (published: October 14, 2021) Unit 42 researchers have observed active exploits related to an open-source service called Interactsh. This tool can generate specific domain names to help its users test whether an exploit is successful. It can be used by researchers - but also by attackers - to validate vulnerabilities via real-time monitoring on the trace path for the domain. Researchers creating a proof-of-concept (PoC) for an exploit can insert "Interactsh" to check whether the exploit is working, but the service could also be used to check if the PoC is working. The tool became publicly available on April 16, 2021, and the first attempts to abuse it were observed soon after, on April 18, 2021. Analyst Comment: As the landscape changes, researchers and attackers will often use the same tools in order to reach a goal. In this instance, Interact.sh can be used to show if an exploit will work. Dual-use tools are often under fire for being able to validate malicious code, with this being the latest example. If necessary, take precautions and block traffic with interact.sh attached to it within company networks. Tags: Interactsh, Exploits ]]> 2021-10-19T15:00:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-fin12-ramps-up-in-europe-interactsh-being-used-for-malicious-purposes-new-yanluowang-ransomware-and-more www.secnews.physaphae.fr/article.php?IdArticle=3531690 False Ransomware,Spam,Malware,Tool,Vulnerability,Threat,Patching,Guideline None None Bleeping Computer - Magazine Américain Acer hacked twice in a week by the same threat actor 2021-10-19T12:40:15+00:00 https://www.bleepingcomputer.com/news/security/acer-hacked-twice-in-a-week-by-the-same-threat-actor/ www.secnews.physaphae.fr/article.php?IdArticle=3532270 False Threat None None UnderNews - Site de news "pirate" francais Analyse de l\'impact croissant des opérateurs de ransomware à petite échelle Analyse de l'impact croissant des opérateurs de ransomware à petite échelle first appeared on UnderNews.]]> 2021-10-19T12:28:02+00:00 https://www.undernews.fr/malwares-virus-antivirus/analyse-de-limpact-croissant-des-operateurs-de-ransomware-a-petite-echelle.html www.secnews.physaphae.fr/article.php?IdArticle=3531382 False Ransomware,Threat None None Bleeping Computer - Magazine Américain FBI warns of fake govt sites used to steal financial, personal data 2021-10-19T09:00:00+00:00 https://www.bleepingcomputer.com/news/security/fbi-warns-of-fake-govt-sites-used-to-steal-financial-personal-data/ www.secnews.physaphae.fr/article.php?IdArticle=3531505 False Threat None None