This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-06-01T20:18:11+00:00 www.secnews.physaphae.fr InformationSecurityBuzzNews - Site de News Securite Iran-linked Threat Actor Targets T20 Summit Attendees]]> 2020-10-29T11:16:42+00:00 https://www.informationsecuritybuzz.com/expert-comments/iran-linked-threat-actor-targets-t20-summit-attendees/ www.secnews.physaphae.fr/article.php?IdArticle=2001940 False Threat,Conference APT 35 None Security Affairs - Blog Secu 2020-10-29T08:28:32+00:00 https://securityaffairs.co/wordpress/110110/apt/iran-phosphorus-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=iran-phosphorus-attacks www.secnews.physaphae.fr/article.php?IdArticle=2001792 False Conference APT 35 None Wired Threat Level - Security News 2020-10-27T12:00:00+00:00 https://www.wired.com/story/these-oceanographers-want-to-turn-marine-slime-into-drugs www.secnews.physaphae.fr/article.php?IdArticle=1998944 False None APT 32 4.0000000000000000 Anomali - Firm Blog Defending Your Organization Against COVID-19 Cyber Attacks. In this webinar, AJ, and I describe COVID-19 attacks in January through March, the groups behind them, and key MITRE ATT&CK techniques being employed. We then discuss ways an organization can keep themselves safe from these types of attacks. Pandemic Background COVID-19 is a pandemic viral respiratory disease, originally identified in Wuhan, China in December 2019. At the time of the webinar, it had infected around 1.5 million people worldwide. Within the first month, cyber actors capitalized on the opportunity.  COVID Attack Timeline December 2019 - January 2020 At the end of December 2019, China alerted the World Health Organization (WHO) that there was an outbreak in Wuhan, China. Within a month, the first cyber events were being recorded. Around January 31, 2020, malicious emails (T1566.001) using the Emotet malware (S0367) and a phishing campaign (T1566.001) using LokiBot (S0447) were tied to TA542 alias Mummy Spider. Emotet, in particular, was prolific. It originally started as a banking Trojan, then evolved into a delivery mechanism for an initial payload that infected systems to download additional malware families such as TrickBot (S0266). Around this same time, there was a marked increase in the registration of domain names with COVID-19 naming conventions, a key indicator of an uptick in phishing campaigns. February 2020 In early February, the progression of adversaries using uncertainty about and thirst for information regarding the COVID-19 pandemic became apparent. New malware variants and malware families were reported employing coronavirus related content, including NanoCore RAT (S0336) and Parallax RAT, a newer remote-access Trojan, to infect unsuspecting users. Throughout February, cybercrime actors launched several phishing campaigns (T1566.001) to deliver information stealer AZORult (S0344). With worldwide government health agencies giving advice on cyber and physical health, threat actors aligned with nation-states such as Russia (Hades APT), China (Mustang Panda), and North Korea (Kimsuky - G0094) used this messaging to lure individuals to download and/or execute malicious files disguised as legitimate documents. These state-sponsored groups used convincing lures to impersonate organizations such as the United Nations (UN), the World Health Organization (WHO), and various public health government agencies to achieve short- and long-term national objectives. March 2020 In March, we observed a flurry of nation-state and cybercrime attributed malicious activity seeking to exploit the COVID-19 pandemic. Cybercrime actors distributed a range of malware families, including NanoCore (S0336), ]]> 2020-10-15T14:00:00+00:00 https://www.anomali.com/blog/covid-19-attacks-defending-your-organization www.secnews.physaphae.fr/article.php?IdArticle=2103277 False Ransomware,Spam,Malware,Threat APT 36 3.0000000000000000 Malwarebytes Labs - MalwarebytesLabs We discovered a new attack that injected its payload-dubbed "Kraken-into the Windows Error Reporting (WER) service as a defense evasion mechanism. Categories: Malware Malwarebytes news Threat analysis Tags: "your right to compensation"APTAPT attacksAPT32APTsCactusTorchcompensation manual.docDotNettoJscriptkrakenkraken.krakenWERWerFault.exeWindow Error ReportingWindows Error Reporting service (Read more...) ]]> 2020-10-06T15:00:00+00:00 https://blog.malwarebytes.com/malwarebytes-news/2020/10/kraken-attack-abuses-wer-service/ www.secnews.physaphae.fr/article.php?IdArticle=1959760 False None APT 32 None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Grindr Fixed a Bug Allowing Full Takeover of Any User Account (published: October 3, 2020) Grindr, an LGBT networking platform, has fixed a vulnerability that could allow any account to be hijacked. The vulnerability was identified by security researcher Wassime Bouimadaghene, finding that the reset token was leaked in the page’s response content. This would enable anyone who knows a users’ email address to generate the reset link that is sent via email. Gaining account access would enable an attacker to obtain sensitive information such as pictures stored on the app (including NSFW), HIV status, location, and messages. Grindr has announced a bug bounty program. Recommendation: If your account has been breached, you can reset the password using the reset link sent to the associated email address. Tags: Browser, Exposed tokens, Grindr, Sensitive Info XDSpy: Stealing Government Secrets Since 2011 (published: October 2, 2020) Security researchers from ESET have identified a new Advanced Persistent Threat (APT) group that has been targeting Eastern European governments and businesses for up to nine years. Dubbed “XDSpy,” ESET was unable to identify any code similarity or shared infrastructure with other known groups and believe the group operates in a UTC+2 or UTC+3 time zone, Monday to Friday. XDSpy mainly uses spearphishing emails with some variance, some will contain attachments or links to malicious files, usually a ZIP or RAR archive. When the malicious file has infected a victim, it will install “XDDown,” a downloader that will begin to install additional plugins that will begin to exfiltrate files, passwords, and nearby SSIDs. XDSpy has also been observed using “CVE-2020-0968” (Internet Explorer legacy JavaScript vulnerability) bearing some resemblance to DarkHotel campaigns and Operation Domino, ESET do not believe these campaigns are related but may be using the same exploit broker. Recommendation: Defense-in-depth (layering of security mechanisms, redundancy, fail-safe defense processes) is the best way to ensure safety from APTs, including a focus on both network and host-based security. Prevention and detection capabilities should also be in place. Furthermore, all employees should be educated on the risks of spearphishing and how to identify such attempts. MITRE ATT&CK: [MITRE ATT&CK] Exploitation for Client Execution - T1203 | [MITRE ATT&CK] System Owner/User Discovery - T1033 | [MITRE ATT&CK] System Information Discovery - T1082 | [MITRE ATT&CK] System Information Discovery - T1082 | [MITRE ATT&CK] File and Directory Discovery ]]> 2020-10-06T14:00:00+00:00 https://www.anomali.com/blog/weekly-threat-briefing-ransomware-ipstorm-apt-group-and-more www.secnews.physaphae.fr/article.php?IdArticle=2103278 False Ransomware,Malware,Vulnerability,Threat,Medical APT 38 5.0000000000000000 ZD Net - Magazine Info 2020-09-17T23:41:21+00:00 https://www.zdnet.com/article/us-sanctions-iranian-government-front-company-hiding-major-hacking-operations/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1923902 False Prediction APT 39 None Dark Reading - Informationweek Branch 2020-09-17T17:10:00+00:00 https://www.darkreading.com/vulnerabilities---threats/iranian-hackers-indicted-for-stealing-aerospace-and-satellite-tracking-data/d/d-id/1338950?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple www.secnews.physaphae.fr/article.php?IdArticle=1923785 False Malware,Prediction APT 39 None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence China’s ‘Hybrid War’: Beijing’s Mass Surveillance of Australia and the World for Secrets and Scandal (published: September 14, 2020) A database containing 2.4 million people has been leaked from a Shenzhen company, Zhenhua Data, believed to have ties to the Chinese intelligence service. The database contains personal information on over 35,000 Australians and prominent figures, and 52,000 Americans. This includes addresses, bank information, birth dates, criminal records, job applications, psychological profiles, and social media. Politicians, lawyers, journalists, military officers, media figures, and Natalie Imbruglia are among the records of Australians contained in the database. While a lot of the information is public, there is also non-public information contributing to claims that China is developing a mass surveillance system. Recommendation: Users should always remain vigilant about the information they are putting out into the public, and avoid posting personal or sensitive information online. Tags: China, spying US Criminal Court Hit by Conti Ransomware; Critical Data at Risk (published: September 11, 2020) The Fourth District Court of Louisiana, part of the US criminal court system, appears to have become the latest victim of the Conti ransomware. The court's website was attacked and used to steal numerous court documents related to defendants, jurors, and witnesses, and then install the Conti ransomware. Evidence of the data theft was posted to the dark web. Analysis of the malware by Emsisoft’s threat analyst, Brett Callow, indicates that the ransomware deployed in the attack was Conti, which has code similarity to another ransomware strain, Ryuk. The Conti group, believed to be behind this ransomware as a service, is sophisticated and due to the fact that they receive a large portion of the ransoms paid, they are motivated to avoid detections and continue to develop advanced attacking tools. This attack also used the Trickbot malware in its exploit chain, similar to that used by Ryuk campaigns. Recommendation: Defense in Depth, including vulnerability remediation and scanning, monitoring, endpoint protection, backups, etc. is key to thwarting increasingly sophisticated attacks. Ransomware attacks are particularly attractive to attackers due to the fact that each successful ransomware attack allows for multiple streams of income. The attackers can not only extort a ransom to decrypt the victim's files (especially in cases where the victim finds they do not have appropriate disaster recovery plans), but they can also monetize the exfiltrated data directly and/or use the data to aid in future attacks. This technique is increasingly used in supply chain compromises to build difficult to detect spearphishing attacks. Tags: conti, ryuk, ransomware ]]> 2020-09-15T15:00:00+00:00 https://www.anomali.com/blog/weekly-threat-briefing-apt-group-malware-ransomware-and-vulnerabilities www.secnews.physaphae.fr/article.php?IdArticle=2103282 False Ransomware,Malware,Tool,Vulnerability,Threat,Conference APT 35,APT 31,APT 28 3.0000000000000000 Malwarebytes Labs - MalwarebytesLabs This week on Lock and Code, we talk to Pieter Arntz, malware intelligence researcher for Malwarebytes, about Google Chrome extensions. Categories: Podcast Tags: advanced persistent threatsAPTCenter for Public Health ResearchCharming Kittencovid-19data breachddosDDos attackdistributed denial of service attackelection interferenceelectionsLugar CentremalvertisingNetflix scampandemic (Read more...) ]]> 2020-09-14T14:49:08+00:00 https://blog.malwarebytes.com/podcast/2020/09/lock-and-code-s1ep15-safely-using-google-chrome-extensions-with-pieter-arntz/ www.secnews.physaphae.fr/article.php?IdArticle=1916438 False Malware,Conference APT 35 None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence ‘Baka’ Javascript Skimmer Identified (published: September 6, 2020) Visa have issued a security alert based on identification of a new skimmer, named “Baka”. Based on analysis by Visa Payment Fraud Disruption, the skimmer appears to be more advanced, loading dynamically and using an XOR cipher for obfuscation. The attacks behind Baka are injecting it into checkout pages using a script tag, with the skimming code downloading from the Command and Control (C2) server and executing in memory to steal customer data. Recommendation: eCommerce site owners must take every step necessary to secure their data and safeguard their payment card information. Visa has also released best practices in the security advisory. Tags: Baka, Javascript, Skimmer Netwalker Ransomware Hits Argentinian Government, Demands $4 Million (published: September 6, 2020) The Argentinian immigration agency, Dirección Nacional de Migaciones suffered a ransomware attack that shut down border crossings. After receiving many tech support calls, the computer networks were shut down to prevent further spread of the ransomware, which led to a cecission in border crossings until systems were up again. The ransomware used in this attack is Netwalker ransomware, that left a ransom note demanding initalling $2 million, however when this wasn’t paid in the first week, the ransom increased to $4 million. Recommendation: Ransomware can potentially be blocked by using endpoint protection solutions (HIDS). Always keep your important files backed up following the 3-2-1 rule: have at least 3 different copies, on 2 different mediums, with 1 off-site. In the case of ransomware infection, the affected system must be wiped and reformatted. Other devices on the network should be checked for similar infections. Always check for a decryptor before considering payment; avoid payment at all costs. Ransomware should be reported to law enforcement agencies who are doing their best to track these actors and prevent ransom from being a profitable business for cyber criminals. MITRE ATT&CK: [MITRE ATT&CK] Data Encrypted for Impact - T1486 Tags: Argentina, Government, Netwalker, Ransomware No Rest for the Wicked: Evilnum Unleashes PyVil RAT (published: September 3, 2020) Researchers on the Cybereason Nocturnus team have published their research tracking the threat actor group known as Evilnum, and an ongoing change in their tooling and attack procedures. This includes a new Remote Access Trojan (RAT), written in python that they have begun to use. The actor group attacks targets in the financial services sector using highly targeted spearphishing. The phishing lures leverage "Know Your Customer" (KY]]> 2020-09-09T16:24:00+00:00 https://www.anomali.com/blog/weekly-threat-briefing-skimmer-ransomware-apt-group-and-more www.secnews.physaphae.fr/article.php?IdArticle=2103283 False Ransomware,Malware,Tool,Vulnerability,Threat,Medical APT 38,APT 28 4.0000000000000000 Wired Threat Level - Security News 2020-09-02T12:00:00+00:00 https://www.wired.com/story/your-blue-jeans-are-polluting-the-ocean www.secnews.physaphae.fr/article.php?IdArticle=1894384 False None APT 32 None Wired Threat Level - Security News 2020-09-01T11:00:00+00:00 https://www.wired.com/story/can-a-bubble-net-stop-a-hurricane-some-norwegians-think-so www.secnews.physaphae.fr/article.php?IdArticle=1892241 False None APT 32 None Security Affairs - Blog Secu 2020-08-28T15:33:29+00:00 https://securityaffairs.co/wordpress/107644/apt/charming-kitten-apt-whatsapp-linkedin.html?utm_source=rss&utm_medium=rss&utm_campaign=charming-kitten-apt-whatsapp-linkedin www.secnews.physaphae.fr/article.php?IdArticle=1887053 False Conference APT 35 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2020-08-28T03:36:28+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/SlFF9FYAUqI/hackers-journalist-malware.html www.secnews.physaphae.fr/article.php?IdArticle=1886578 False Malware,Conference APT 35 None Dark Reading - Informationweek Branch 2020-08-26T18:30:00+00:00 https://www.darkreading.com/attacks-breaches/transparent-tribe-apt-group-deploys-new-android-spyware-for-cyber-espionage-/d/d-id/1338769?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple www.secnews.physaphae.fr/article.php?IdArticle=1884019 False None APT 36 None Kaspersky - Kaspersky Research blog 2020-08-26T10:00:44+00:00 https://securelist.com/transparent-tribe-part-2/98233/ www.secnews.physaphae.fr/article.php?IdArticle=1882871 False None APT 36 None Security Affairs - Blog Secu 2020-08-26T06:43:13+00:00 https://securityaffairs.co/wordpress/107519/apt/lazarus-targets-cryptocurrency.html?utm_source=rss&utm_medium=rss&utm_campaign=lazarus-targets-cryptocurrency www.secnews.physaphae.fr/article.php?IdArticle=1882664 False Medical APT 38 None ZD Net - Magazine Info 2020-08-25T09:00:00+00:00 https://www.zdnet.com/article/lazarus-group-strikes-cryptocurrency-firm-through-linkedin-job-adverts/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1880944 False None APT 38 None Security Affairs - Blog Secu 2020-08-24T06:51:36+00:00 https://securityaffairs.co/wordpress/107446/apt/transparent-tribe-apt-2020.html?utm_source=rss&utm_medium=rss&utm_campaign=transparent-tribe-apt-2020 www.secnews.physaphae.fr/article.php?IdArticle=1878694 False None APT 36 None ZD Net - Magazine Info 2020-08-20T12:03:21+00:00 https://www.zdnet.com/article/transparent-tribe-hacking-group-spreads-malware-by-infecting-usb-devices/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1871935 False None APT 36 None Kaspersky - Kaspersky Research blog 2020-08-20T10:00:13+00:00 https://securelist.com/transparent-tribe-part-1/98127/ www.secnews.physaphae.fr/article.php?IdArticle=1871683 False None APT 36 None Wired Threat Level - Security News 2020-08-18T17:46:29+00:00 https://www.wired.com/story/how-much-microplastic-is-swirling-in-the-atlantic www.secnews.physaphae.fr/article.php?IdArticle=1869137 False None APT 32 None ZD Net - Magazine Info 2020-08-18T04:35:04+00:00 https://www.zdnet.com/article/us-army-report-says-many-north-korean-hackers-operate-from-abroad/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1868050 False Cloud APT 37 None Security Affairs - Blog Secu 2020-08-14T17:39:50+00:00 https://securityaffairs.co/wordpress/107155/apt/north-korea-lazarus-israel.html?utm_source=rss&utm_medium=rss&utm_campaign=north-korea-lazarus-israel www.secnews.physaphae.fr/article.php?IdArticle=1860362 True Threat APT 38 None We Live Security - Editeur Logiciel Antivirus ESET 2020-08-10T14:30:04+00:00 http://feedproxy.google.com/~r/eset/blog/~3/9SndoHhhp5w/ www.secnews.physaphae.fr/article.php?IdArticle=1853533 False None APT 32 None ZD Net - Magazine Info 2020-08-04T16:20:12+00:00 https://www.zdnet.com/article/iranian-hacker-group-becomes-first-known-apt-to-weaponize-dns-over-https-doh/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1841913 False None APT 34 None Security Affairs - Blog Secu 2020-07-29T06:42:42+00:00 https://securityaffairs.co/wordpress/106511/cyber-warfare-2/vhd-ransomware-lazarus.html?utm_source=rss&utm_medium=rss&utm_campaign=vhd-ransomware-lazarus www.secnews.physaphae.fr/article.php?IdArticle=1830609 False Ransomware APT 38 None Bleeping Computer - Magazine Américain 2020-07-28T12:15:00+00:00 https://www.bleepingcomputer.com/news/security/north-korean-hackers-created-vhd-ransomware-for-enterprise-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=1829725 False Ransomware,Medical APT 38 None Kaspersky - Kaspersky Research blog 2020-07-28T10:00:27+00:00 https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ www.secnews.physaphae.fr/article.php?IdArticle=1828920 False Ransomware APT 38 None Checkpoint - Fabricant Materiel Securite 2020-07-24T13:00:18+00:00 https://blog.checkpoint.com/2020/07/24/check-point-cloudguard-connect-protects-microsoft-azure-branch-office-internet-connections-from-cyber-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=1823010 False Prediction APT 39 None Security Affairs - Blog Secu 2020-07-23T14:46:05+00:00 https://securityaffairs.co/wordpress/106267/apt/mata-multi-platform-malware-framework.html?utm_source=rss&utm_medium=rss&utm_campaign=mata-multi-platform-malware-framework www.secnews.physaphae.fr/article.php?IdArticle=1820999 False Ransomware,Malware,Threat,Medical APT 38 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2020-07-23T02:18:46+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/DVxmjqiYd-s/lazarus-north-korean-hackers.html www.secnews.physaphae.fr/article.php?IdArticle=1820424 False Malware,Medical APT 38 None Dark Reading - Informationweek Branch 2020-07-22T15:55:00+00:00 https://www.darkreading.com/threat-intelligence/north-koreas-lazarus-group-developing-cross-platform-malware-framework/d/d-id/1338422?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple www.secnews.physaphae.fr/article.php?IdArticle=1819168 False Malware APT 38 None Bleeping Computer - Magazine Américain 2020-07-22T14:49:59+00:00 https://www.bleepingcomputer.com/news/security/lazarus-hackers-deploy-ransomware-steal-data-using-mata-malware/ www.secnews.physaphae.fr/article.php?IdArticle=1819112 False Ransomware,Malware APT 38 None Security Affairs - Blog Secu 2020-07-17T13:49:25+00:00 https://securityaffairs.co/wordpress/106032/apt/apt35-data-leak.html?utm_source=rss&utm_medium=rss&utm_campaign=apt35-data-leak www.secnews.physaphae.fr/article.php?IdArticle=1809947 False Conference APT 35 None Checkpoint - Fabricant Materiel Securite 2020-07-17T10:00:58+00:00 https://blog.checkpoint.com/2020/07/17/check-point-iot-protect-uses-automation-and-threat-intelligence-to-prevent-the-most-advanced-iot-cyber-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=1809424 False Threat,Prediction APT 39 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2020-07-17T03:23:46+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/AGojF6xrBSA/iranian-hacking-training-videos.html www.secnews.physaphae.fr/article.php?IdArticle=1809580 False Threat,Conference APT 35 5.0000000000000000 Wired Threat Level - Security News 2020-07-16T10:00:00+00:00 https://www.wired.com/story/iran-apt35-hacking-video www.secnews.physaphae.fr/article.php?IdArticle=1807436 False Conference APT 35 None Security Intelligence - Site de news Américain 2020-07-16T09:00:00+00:00 http://feedproxy.google.com/~r/SecurityIntelligence/~3/FW3Ff-e-Gik/ www.secnews.physaphae.fr/article.php?IdArticle=1807511 False Threat,Conference APT 35 None Security Affairs - Blog Secu 2020-07-16T05:43:03+00:00 https://securityaffairs.co/wordpress/105959/intelligence/cia-covert-operations-fsb-apt34.html?utm_source=rss&utm_medium=rss&utm_campaign=cia-covert-operations-fsb-apt34 www.secnews.physaphae.fr/article.php?IdArticle=1807132 False Threat Yahoo,APT 34 None ZD Net - Magazine Info 2020-07-15T13:07:00+00:00 https://www.zdnet.com/article/report-cia-most-likely-behind-apt34-and-fsb-hacks-and-data-dumps/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1806326 True None APT 34 None ZD Net - Magazine Info 2020-07-15T13:07:00+00:00 https://www.zdnet.com/article/report-cia-behind-apt34-and-fsb-hacks-and-data-dumps/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1805829 False None APT 34 None Security Affairs - Blog Secu 2020-07-06T13:45:36+00:00 https://securityaffairs.co/wordpress/105582/apt/north-korea-lazarus-apt-e-skimming.html?utm_source=rss&utm_medium=rss&utm_campaign=north-korea-lazarus-apt-e-skimming www.secnews.physaphae.fr/article.php?IdArticle=1793218 True None APT 38 None InformationSecurityBuzzNews - Site de News Securite Comment: North Korean Hackers Linked to Credit Card Stealing Attacks on US Stores]]> 2020-07-06T12:28:02+00:00 https://www.informationsecuritybuzz.com/expert-comments/comment-north-korean-hackers-linked-to-credit-card-stealing-attacks-on-us-stores/ www.secnews.physaphae.fr/article.php?IdArticle=1793117 True Medical APT 38 None InformationSecurityBuzzNews - Site de News Securite North Korean State Hackers Reportedly Planning COVID-19 phishing campaign targeting 5M Across Six Nations]]> 2020-06-22T10:10:06+00:00 https://www.informationsecuritybuzz.com/expert-comments/north-korean-state-hackers-reportedly-planning-covid-19-phishing-campaign-targeting-5m-across-six-nations/ www.secnews.physaphae.fr/article.php?IdArticle=1770142 True None APT 38 None IT Security Guru - Blog Sécurité 2020-06-19T10:36:38+00:00 https://www.itsecurityguru.org/2020/06/19/north-korean-state-hackers-reportedly-planning-covid-19-phishing-campaign-targeting-5m-across-six-nations/?utm_source=rss&utm_medium=rss&utm_campaign=north-korean-state-hackers-reportedly-planning-covid-19-phishing-campaign-targeting-5m-across-six-nations www.secnews.physaphae.fr/article.php?IdArticle=1770369 False None APT 38 None IT Security Guru - Blog Sécurité 2020-06-12T12:17:52+00:00 https://www.itsecurityguru.org/2020/06/12/insurance-firm-discloses-data-breach/?utm_source=rss&utm_medium=rss&utm_campaign=insurance-firm-discloses-data-breach www.secnews.physaphae.fr/article.php?IdArticle=1763479 True Data Breach APT 32 None Security Affairs - Blog Secu 2020-05-21T11:49:49+00:00 https://securityaffairs.co/wordpress/103556/apt/chafer-apt-kuwait-saudi-arabia.html?utm_source=rss&utm_medium=rss&utm_campaign=chafer-apt-kuwait-saudi-arabia www.secnews.physaphae.fr/article.php?IdArticle=1722957 False Prediction APT 39 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2020-05-21T01:11:42+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/2m27rfRz1GU/iran-hackers-kuwait.html www.secnews.physaphae.fr/article.php?IdArticle=1722583 False Threat,Prediction APT 39 None Checkpoint - Fabricant Materiel Securite 2020-05-20T13:00:40+00:00 https://blog.checkpoint.com/2020/05/20/check-point-and-citrix-securing-the-sd-wan-edge-with-multi-layered-security/ www.secnews.physaphae.fr/article.php?IdArticle=1720622 False Prediction APT 39 None Security Affairs - Blog Secu 2020-05-13T06:49:31+00:00 https://securityaffairs.co/wordpress/103127/apt/uscybercom-north-korea-malware-samples.html?utm_source=rss&utm_medium=rss&utm_campaign=uscybercom-north-korea-malware-samples www.secnews.physaphae.fr/article.php?IdArticle=1706210 False Malware APT 38 None Wired Threat Level - Security News 2020-05-12T18:00:00+00:00 https://www.wired.com/story/sea-breeze-microplastic www.secnews.physaphae.fr/article.php?IdArticle=1705446 False None APT 32 None Dark Reading - Informationweek Branch 2020-05-12T16:30:00+00:00 https://www.darkreading.com/vulnerabilities---threats/dhs-fbi-and-dod-report-on-new-north-korean-malware/d/d-id/1337795?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple www.secnews.physaphae.fr/article.php?IdArticle=1705623 False Malware,Medical APT 38 None Bleeping Computer - Magazine Américain 2020-05-12T11:36:58+00:00 https://www.bleepingcomputer.com/news/security/us-govt-exposes-new-north-korean-malware-phishing-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=1705223 False Malware,Medical APT 38 None Tech Worm - Desc 2020-05-10T14:50:19+00:00 https://www.techworm.net/2020/05/digitalocean-data-breach.html www.secnews.physaphae.fr/article.php?IdArticle=1701750 False Data Breach,Guideline APT 32 None Security Affairs - Blog Secu 2020-05-09T22:14:52+00:00 https://securityaffairs.co/wordpress/102981/apt/lazarus-apt-mac-dacls-rat.html?utm_source=rss&utm_medium=rss&utm_campaign=lazarus-apt-mac-dacls-rat www.secnews.physaphae.fr/article.php?IdArticle=1700919 False Malware,Medical APT 38 None Bleeping Computer - Magazine Américain 2020-05-09T12:39:40+00:00 https://www.bleepingcomputer.com/news/security/north-korean-hackers-infect-real-2fa-app-to-compromise-macs/ www.secnews.physaphae.fr/article.php?IdArticle=1700555 False Malware,Medical APT 38 None ZD Net - Magazine Info 2020-05-08T20:31:00+00:00 https://www.zdnet.com/article/digital-ocean-says-it-exposed-customer-data-after-it-left-an-internal-doc-online/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1699337 False None APT 32 None InformationSecurityBuzzNews - Site de News Securite Comment: Lazarus Group Hides macOS Spyware In 2FA Application]]> 2020-05-08T15:16:23+00:00 https://www.informationsecuritybuzz.com/expert-comments/comment-lazarus-group-hides-macos-spyware-in-2fa-application/ www.secnews.physaphae.fr/article.php?IdArticle=1698781 True Medical APT 38 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2020-05-08T15:03:00+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/QnwmsUOEI8o/digitalocean-data-breach.html www.secnews.physaphae.fr/article.php?IdArticle=1699367 False None APT 32 None TechRepublic - Security News US 2020-05-07T10:00:09+00:00 https://www.techrepublic.com/article/report-chinese-linked-hacking-group-has-been-infiltrating-apac-governments-for-years/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=1696523 False None APT 30 None IT Security Guru - Blog Sécurité 2020-05-07T09:56:52+00:00 https://www.itsecurityguru.org/2020/05/07/lazarus-macos-spyware-hidden-in-two-factor-authentication-application/?utm_source=rss&utm_medium=rss&utm_campaign=lazarus-macos-spyware-hidden-in-two-factor-authentication-application www.secnews.physaphae.fr/article.php?IdArticle=1696506 False Medical APT 38 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2020-05-07T02:59:30+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/3mdfxlhuBic/asia-pacific-cyber-espionage.html www.secnews.physaphae.fr/article.php?IdArticle=1696469 False None APT 30 None Malwarebytes Labs - MalwarebytesLabs The Lazarus group improves their toolset with a new RAT specifically designed for the Mac. Categories: Mac Malware Threat analysis Tags: APTDaclsLazarusmacmalwarerattinkaOTP (Read more...) ]]> 2020-05-06T15:59:36+00:00 https://blog.malwarebytes.com/threat-analysis/2020/05/new-mac-variant-of-lazarus-dacls-rat-distributed-via-trojanized-2fa-app/ www.secnews.physaphae.fr/article.php?IdArticle=1694730 False Medical APT 38 None Malwarebytes Labs - MalwarebytesLabs A roundup of the previous week's security news, including cloud data protection, Troldesh, VPNs, the cybercrime economy, and more. Categories: Malwarebytes news Tags: AppleAPTawisbluetoothbluetooth attackBluetooth vulnerabilitiesCivicSmartcloud securitycoronaviruscovid-19hackedhospitalsJITjust in timeoceanlotuspandemic survival bookPhantomLancephishing scamransomwarerecapscadaSMBTroldesh ransomwarevpnweekly blog roundupzoomzoom phishing (Read more...) ]]> 2020-05-04T15:17:37+00:00 https://blog.malwarebytes.com/malwarebytes-news/2020/05/a-week-in-security-april-27-may-3-2/ www.secnews.physaphae.fr/article.php?IdArticle=1690365 True None APT 32 None Wired Threat Level - Security News 2020-04-29T14:00:00+00:00 https://www.wired.com/gallery/board-games-for-remote-play www.secnews.physaphae.fr/article.php?IdArticle=1681837 False Cloud APT 37 None IT Security Guru - Blog Sécurité 2020-04-29T09:49:08+00:00 https://www.itsecurityguru.org/2020/04/29/android-spyware-spread-by-google-play/?utm_source=rss&utm_medium=rss&utm_campaign=android-spyware-spread-by-google-play www.secnews.physaphae.fr/article.php?IdArticle=1681392 False Threat APT 32 None Dark Reading - Informationweek Branch 2020-04-28T16:30:00+00:00 https://www.darkreading.com/endpoint/5-year-long-cyber-espionage-campaign-hid-in-google-play/d/d-id/1337676?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple www.secnews.physaphae.fr/article.php?IdArticle=1680357 False None APT 32 None Global Security Mag - Site de news francais Malwares ]]> 2020-04-28T15:19:37+00:00 http://www.globalsecuritymag.fr/PhantomLance-une-campagne-APT,20200428,98094.html www.secnews.physaphae.fr/article.php?IdArticle=1679830 False None APT 32 None Security Affairs - Blog Secu 2020-04-23T18:29:49+00:00 https://securityaffairs.co/wordpress/102124/apt/apt32-target-china-covid19.html www.secnews.physaphae.fr/article.php?IdArticle=1672145 False None APT 32 None Mandiant - Blog Sécu de Mandiant activité que nous avons précédemment signalée sur APT32 , cet incidentet d'autres intrusions publiquement signalées font partie d'une augmentation mondiale du cyber

---

From at least January to April 2020, suspected Vietnamese actors APT32 carried out intrusion campaigns against Chinese targets that Mandiant Threat Intelligence believes was designed to collect intelligence on the COVID-19 crisis. Spear phishing messages were sent by the actor to China\'s Ministry of Emergency Management as well as the government of Wuhan province, where COVID-19 was first identified. While targeting of East Asia is consistent with the activity we\'ve previously reported on APT32, this incident, and other publicly reported intrusions, are part of a global increase in cyber]]> 2020-04-22T09:00:00+00:00 https://www.mandiant.com/resources/blog/apt32-targeting-chinese-government-in-covid-19-related-espionage www.secnews.physaphae.fr/article.php?IdArticle=8377644 False Threat APT 32,APT 32 4.0000000000000000 Wired Threat Level - Security News 2020-04-07T13:00:00+00:00 https://www.wired.com/story/how-escape-sunken-submarine www.secnews.physaphae.fr/article.php?IdArticle=1642626 False None APT 32 None Malwarebytes Labs - MalwarebytesLabs A roundup of the previous week's most notable security stories and events, including COVID-19-themed threats, child identity theft, and securely working from home. Categories: A week in security Tags: APT36awiscovid-19emotetfake newsmoney muleMonitorMinorphishing scamromance scamshadow IoTSlackstalkerwaretrickbotweek in securityweekly blog roundupWHOWorld Health Organization (Read more...) ]]> 2020-03-23T16:44:58+00:00 https://blog.malwarebytes.com/a-week-in-security/2020/03/a-week-in-security-march-16-22/ www.secnews.physaphae.fr/article.php?IdArticle=1615986 False None APT 36 None Wired Threat Level - Security News 2020-03-22T12:00:00+00:00 https://www.wired.com/story/an-ancient-magma-flood-offers-clues-about-global-warming www.secnews.physaphae.fr/article.php?IdArticle=1613576 False None APT 32 None IT Security Guru - Blog Sécurité 2020-03-18T10:48:32+00:00 https://www.itsecurityguru.org/2020/03/18/crimson-rat-spread-via-coronavirus-phishing/?utm_source=rss&utm_medium=rss&utm_campaign=crimson-rat-spread-via-coronavirus-phishing www.secnews.physaphae.fr/article.php?IdArticle=1604445 True Tool,Threat APT 36 2.0000000000000000 Malwarebytes Labs - MalwarebytesLabs We look at a spear phishing attack from APT36, an Advanced Persistent Threat group posing as the government of India and offering guidance on coronavirus. Instead, users are infected with a Crimson RAT that steals data. Categories: Threat analysis Tags: APTAPT36coronaviruscoronavirus malwarecovid-19credential stealercrimson ratexploitexploitsinfo-stealermacromalicious macromalwarenation-state attackratremote administration toolSocial Engineeringspear phishingspear phishing attacktransparent tribe (Read more...) ]]> 2020-03-16T15:00:00+00:00 https://blog.malwarebytes.com/threat-analysis/2020/03/apt36-jumps-on-the-coronavirus-bandwagon-delivers-crimson-rat/ www.secnews.physaphae.fr/article.php?IdArticle=1600364 False Threat APT 36 None Security Affairs - Blog Secu 2020-03-08T10:23:46+00:00 https://securityaffairs.co/wordpress/99151/breaking-news/security-affairs-newsletter-round-254.html www.secnews.physaphae.fr/article.php?IdArticle=1587970 False None APT 34 None Wired Threat Level - Security News 2020-03-07T13:00:00+00:00 https://www.wired.com/story/dolphins-are-still-accidental-casualties-of-tuna-fishing www.secnews.physaphae.fr/article.php?IdArticle=1586636 False None APT 32 None Bleeping Computer - Magazine Américain 2020-03-04T09:00:00+00:00 https://www.bleepingcomputer.com/news/security/zero-day-bug-allowed-attackers-to-register-malicious-domains/ www.secnews.physaphae.fr/article.php?IdArticle=1580762 False Vulnerability APT 32 None Security Affairs - Blog Secu 2020-03-03T18:48:42+00:00 https://securityaffairs.co/wordpress/98878/malware/kimsuky-apt-south-korea.html www.secnews.physaphae.fr/article.php?IdArticle=1579381 False Threat APT 36,APT 34 None Security Affairs - Blog Secu 2020-03-02T19:19:39+00:00 https://securityaffairs.co/wordpress/98802/uncategorized/karkoff-malware-lebanon.html www.secnews.physaphae.fr/article.php?IdArticle=1577259 False None APT 34 None Bleeping Computer - Magazine Américain 2020-03-02T17:35:17+00:00 https://www.bleepingcomputer.com/news/security/us-charges-two-with-laundering-100m-for-north-korean-hackers/ www.secnews.physaphae.fr/article.php?IdArticle=1577651 False Medical APT 38 None Wired Threat Level - Security News 2020-02-25T12:00:00+00:00 https://www.wired.com/story/malware-reuse-north-korea-lazarus-group www.secnews.physaphae.fr/article.php?IdArticle=1564513 False Tool,Medical APT 38 None Security Affairs - Blog Secu 2020-02-21T13:48:11+00:00 https://securityaffairs.co/wordpress/98249/apt/operation-transparent-tribe-pakistan-india.html www.secnews.physaphae.fr/article.php?IdArticle=1556872 False None APT 36 None Wired Threat Level - Security News 2020-02-21T13:00:00+00:00 https://www.wired.com/story/environmental-dna-lets-scientists-probe-underwater-life www.secnews.physaphae.fr/article.php?IdArticle=1556939 False None APT 32 None Wired Threat Level - Security News 2020-02-18T13:00:00+00:00 https://www.wired.com/story/the-atlantic-oceans-conveyor-belt-stirs-up-a-science-fight www.secnews.physaphae.fr/article.php?IdArticle=1549225 False None APT 32 None Security Affairs - Blog Secu 2020-02-14T21:07:17+00:00 https://securityaffairs.co/wordpress/97863/apt/hidden-cobra-malware-mars-reports.html www.secnews.physaphae.fr/article.php?IdArticle=1541692 False Malware,Medical APT 38 None Security Affairs - Blog Secu 2020-02-07T10:59:52+00:00 https://securityaffairs.co/wordpress/97430/apt/charming-kitten-phishing-campaign.html www.secnews.physaphae.fr/article.php?IdArticle=1529366 False Conference APT 35 None Bleeping Computer - Magazine Américain 2020-02-05T12:57:16+00:00 https://www.bleepingcomputer.com/news/security/charming-kitten-hackers-impersonate-journalist-in-phishing-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=1526763 True None APT 35 None Security Affairs - Blog Secu 2020-01-31T07:53:00+00:00 https://securityaffairs.co/wordpress/97067/apt/apt34-westat-survey.html www.secnews.physaphae.fr/article.php?IdArticle=1519812 False None APT 34 None UnderNews - Site de news "pirate" francais En 2018 l'équipe GReAT (Global Research & Analysis Team) de Kaspersky publiait les résultats de son enquête sur AppleJeus, une opération visant à dérober des cryptomonnaies et menée par le prolifique groupe malveillant Lazarus.]]> 2020-01-16T11:11:35+00:00 https://www.undernews.fr/hacking-hacktivisme/lazarus-renforce-les-capacites-de-son-attaque-applejeus-contre-les-cryptomonnaies.html www.secnews.physaphae.fr/article.php?IdArticle=1501465 False None APT 38 None Wired Threat Level - Security News 2020-01-10T13:00:00+00:00 https://www.wired.com/story/gadget-lab-podcast-437 www.secnews.physaphae.fr/article.php?IdArticle=1500097 False None APT 32 None Security Affairs - Blog Secu 2020-01-10T06:23:08+00:00 https://securityaffairs.co/wordpress/96228/apt/lazarus-cryptocurrency-exchanges.html www.secnews.physaphae.fr/article.php?IdArticle=1499994 False None APT 38 None Wired Threat Level - Security News 2020-01-09T18:59:03+00:00 https://www.wired.com/story/iran-apt33-us-electric-grid www.secnews.physaphae.fr/article.php?IdArticle=1500108 False None APT 33 None IT Security Guru - Blog Sécurité 2020-01-03T10:40:14+00:00 https://www.itsecurityguru.org/2020/01/03/microsoft-helps-shutter-domains-run-by-north-korean-cybergang-thallium/?utm_source=rss&utm_medium=rss&utm_campaign=microsoft-helps-shutter-domains-run-by-north-korean-cybergang-thallium www.secnews.physaphae.fr/article.php?IdArticle=1495435 False Threat,Cloud APT 37 None 01net. Actualites - Securite - Magazine Francais ]]> 2019-12-31T02:39:43+00:00 https://www.01net.com/actualites/microsoft-elimine-50-noms-de-domaine-exploites-par-de-redoutables-hackersnord-coreens-1832976.html www.secnews.physaphae.fr/article.php?IdArticle=1495015 False Cloud APT 37 None Security Affairs - Blog Secu 2019-12-30T21:57:04+00:00 https://securityaffairs.co/wordpress/95786/apt/microsoft-sued-north-korea-thallium.html www.secnews.physaphae.fr/article.php?IdArticle=1494535 False Cloud APT 37 None ZD Net - Magazine Info 2019-12-30T21:53:41+00:00 https://www.zdnet.com/article/microsoft-takes-down-50-domains-operated-by-north-korean-hackers/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1494774 False Cloud APT 37 None Errata Security - Errata Security #MedicareForAll-and we need to tackle corruption and price gouging in drug manufacturing head on. https://t.co/yNxo7yUDri- Elizabeth Warren (@ewarren) September 23, 2019My tweet is widely misunderstood as saying "here's a good alternative", when I meant "here's a less bad alternative". Maybe I was wrong and it's not "less bad", but nobody has responded that way. All the toxic spew on Twitter has been based on their interpretation that I was asserting it was "good".And the reason I chose this particular response is because I thought it was a Democrat talking point. As Bernie Sanders (a 2020 presidential candidate) puts it:“The original insulin patent expired 75 years ago. Instead of falling prices, as one might expect after decades of competition, three drugmakers who make different versions of insulin have continuously raised prices on this life-saving medication.”This is called "evergreening", as described in articles like this one that claim insulin makers have been making needless small improvements to keep their products patent-protected, so that they don't have to compete against generics whose patents have expired.It's Democrats like Bernie who claim expensive insulin is little different than cheaper insulin, not me. If you disagree, go complain to him, not me.Bernie is wrong, by the way. The more expensive "insulin analogs" result in dramatically improved blood sugar control for Type 1 diabetics. The results are life changing, especially when combined with glucose monitors and insulin pumps. Drug companies deserve to recoup the billions spent on these advances. My original point is still true that "cheap insulin" is better than "no insulin", but it's also true that it's far worse than modern, more expensive insulin.Anyway, I wasn't really focused on that part of the argument but the other part, how list prices are an exaggeration. They are a fiction that nobody needs to pay, even those without insurance. They aren't the result of price gouging by drug manufacturers, as Elizabeth Warren claims. Bu]]> 2019-12-30T14:30:20+00:00 https://blog.erratasec.com/2019/12/when-tweets-are-taken-out-of-context.html www.secnews.physaphae.fr/article.php?IdArticle=1494512 False None APT 32 None