This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-06-17T10:27:45+00:00 www.secnews.physaphae.fr Dark Reading - Informationweek Branch Amazon Web Services announced enhancements to several of its security tools, including GuardDuty, Inspector, Detective, IAM Access Analyzer, and Secrets Manager, to name a few during its re:Invent event.]]> 2023-11-30T01:00:00+00:00 https://www.darkreading.com/cloud-security/rundown-of-security-news-from-aws-re-invent-2023 www.secnews.physaphae.fr/article.php?IdArticle=8418067 False Tool None 2.0000000000000000 Recorded Future - FLux Recorded Future Le gouvernement fédéral avertit que les pirates ciblent un outil spécifique utilisé par les systèmes d'eau et d'eaux usées après que deux services publics ont annoncé des attaques cette semaine.L'Agence de sécurité de la cybersécurité et de l'infrastructure (CISA) a déclaré qu'elle répondait au Exploitation active des contrôleurs logiques programmables unitroniques (PLC) utilisés par de nombreuses organisations du secteur de l'eau.Cisa

---

The federal government is warning that hackers are targeting a specific tool used by water and wastewater systems after two utilities announced attacks this week. The Cybersecurity and Infrastructure Security Agency (CISA) said it is responding to the active exploitation of Unitronics programmable logic controllers (PLCs) used by many organizations in the water sector. CISA]]> 2023-11-29T21:05:00+00:00 https://therecord.media/cisa-water-utilities-unitronics-plc-vulnerability www.secnews.physaphae.fr/article.php?IdArticle=8417909 False Tool,Industrial None 3.0000000000000000 Global Security Mag - Site de news francais nouvelles commerciales

---

This morning, CardinalOps announced their contribution to MITRE ATT&CK v14, the industry-standard framework for understanding cyber adversary playbooks and behavior. - Business News]]> 2023-11-29T20:16:43+00:00 https://www.globalsecuritymag.fr/MITRE-ATT-CK-Update-Includes-Wi-Fi-Discovery-Defense-Evasion-and-Masquerading.html www.secnews.physaphae.fr/article.php?IdArticle=8417895 False Tool None 4.0000000000000000 Recorded Future - FLux Recorded Future Les législateurs américains devraient joindre une prolongation à court terme d'un outil de surveillance controversé au projet de loi final de politique de défense de cette année, a déclaré une source de future nouvelle enregistrée.En atteignant un renouvellement temporaire de l'article 702 de la Foreign Intelligence Surveillance Act - qui devrait expirer à la fin de l'année civile

---

U.S. lawmakers are expected to attach a short-term extension of a controversial surveillance tool to this year\'s final defense policy bill, a congressional source told Recorded Future News. By hitching a temporary renewal of Section 702 of the Foreign Intelligence Surveillance Act - which is set to expire at the end of the calendar year]]> 2023-11-29T17:45:00+00:00 https://therecord.media/surveillance-extension-attached-to-defense-bill www.secnews.physaphae.fr/article.php?IdArticle=8417858 False Tool None 2.0000000000000000 Silicon - Site de News Francais 2023-11-29T15:45:49+00:00 https://www.silicon.fr/avis-expert/les-centres-de-donnees-moteurs-invisibles-du-changement www.secnews.physaphae.fr/article.php?IdArticle=8417825 False Tool None 2.0000000000000000 Global Security Mag - Site de news francais Malwares]]> 2023-11-29T12:40:09+00:00 https://www.globalsecuritymag.fr/Jeux-P2E-escroqueries-aux-oeuvres-de-bienfaisance-et-deepfakes-vocaux-ce-que.html www.secnews.physaphae.fr/article.php?IdArticle=8417786 False Tool,Threat None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial The U.S. Cybersecurity and Infrastructure Security Agency (CISA) provided on Tuesday a sneak peek into the launch of... ]]> 2023-11-29T11:43:49+00:00 https://industrialcyber.co/cisa/cisa-plans-to-launch-readysetcyber-tool-in-early-2024-to-integrate-cybersecurity-into-business-decisions/ www.secnews.physaphae.fr/article.php?IdArticle=8418424 False Tool,Industrial None 3.0000000000000000 Korben - Bloger francais Suite]]> 2023-11-29T08:15:46+00:00 https://korben.info/filmora-13.html www.secnews.physaphae.fr/article.php?IdArticle=8417727 False Tool None 2.0000000000000000 WatchGuard - Fabricant Matériel et Logiciels 2023-11-29T00:00:00+00:00 https://www.watchguard.com/fr/wgrd-news/press-releases/manipulation-de-modeles-linguistiques-piratage-de-casques-vr-renouveau-des www.secnews.physaphae.fr/article.php?IdArticle=8417803 False Tool,Threat,Prediction ChatGPT,ChatGPT 3.0000000000000000 ProofPoint - Cyber Firms 2023-11-28T23:05:04+00:00 https://www.proofpoint.com/us/blog/ciso-perspectives/proofpoints-2024-predictions-brace-impact www.secnews.physaphae.fr/article.php?IdArticle=8417740 False Ransomware,Malware,Tool,Vulnerability,Threat,Mobile,Prediction,Prediction ChatGPT,ChatGPT 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine AI-powered tools are among the top fraud techniques used by threat actors in 2023, according to Sumsub\'s third annual Identity Fraud Report]]> 2023-11-28T15:15:00+00:00 https://www.infosecurity-magazine.com/news/deepfake-identity-fraud-surges/ www.secnews.physaphae.fr/article.php?IdArticle=8417545 False Tool,Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine An analysis of dark web forums revealed many threat actors are skeptical about using tools like ChatGPT to launch attacks]]> 2023-11-28T11:40:00+00:00 https://www.infosecurity-magazine.com/news/cyber-criminals-hesitant/ www.secnews.physaphae.fr/article.php?IdArticle=8417485 False Tool,Threat ChatGPT,ChatGPT 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) If forecasters are right, over the course of today, consumers will spend $13.7 billion. Just about every click, sale, and engagement will be captured by a CRM platform. Inventory applications will trigger automated re-orders; communication tools will send automated email and text messages confirming sales and sharing shipping information.  SaaS applications supporting retail efforts will host]]> 2023-11-27T23:27:00+00:00 https://thehackernews.com/2023/11/how-to-handle-retail-saas-security-on.html www.secnews.physaphae.fr/article.php?IdArticle=8417295 False Tool,Cloud None 2.0000000000000000 Recorded Future - FLux Recorded Future Les autorités britanniques et américaines de la cybersécurité ont publié lundi des conseils sur la façon de développer des systèmes d'intelligence artificielle d'une manière qui minimisera les risques auxquels ils sont confrontés des méfaits aux pirates parrainés par l'État.«Les systèmes d'IA sont soumis à de nouveaux types de vulnérabilités», les 20 pagesDocument prévient - se référant spécifiquement aux outils d'apprentissage automatique.Les nouvelles directives ont

---

British and U.S. cybersecurity authorities published guidance on Monday about how to develop artificial intelligence systems in a way that will minimize the risks they face from mischief-makers through to state-sponsored hackers. “AI systems are subject to new types of vulnerabilities,” the 20-page document warns - specifically referring to machine-learning tools. The new guidelines have]]> 2023-11-27T22:00:00+00:00 https://therecord.media/ai-subject-to-new-vulnerabilities www.secnews.physaphae.fr/article.php?IdArticle=8417334 False Tool,Vulnerability None 3.0000000000000000 ProofPoint - Cyber Firms 2023-11-27T09:26:51+00:00 https://www.proofpoint.com/us/blog/security-awareness-training/cybersecurity-topics-to-include-in-your-program www.secnews.physaphae.fr/article.php?IdArticle=8417272 False Ransomware,Malware,Tool,Vulnerability,Threat,Mobile,Cloud Uber,Uber 2.0000000000000000 Dark Reading - Informationweek Branch A favorite post-exploitation tool continues to gain sophistication, with one recent example adding disguised log-in pages, credential stealing, and information gathering via services such as VirusTotal.]]> 2023-11-22T19:52:00+00:00 https://www.darkreading.com/cloud-security/web-shells-gain-sophistication-for-stealth-persistence www.secnews.physaphae.fr/article.php?IdArticle=8417424 False Tool None 2.0000000000000000 Dark Reading - Informationweek Branch A favorite post-exploitation tool continues to gain sophistication, with one recent example adding disguised log-in pages, credential stealing, and information gathering via services such as VirusTotal.]]> 2023-11-22T19:52:00+00:00 https://www.darkreading.com/cloud/web-shells-sophistication-stealth-persistence www.secnews.physaphae.fr/article.php?IdArticle=8416072 False Tool None 3.0000000000000000 Techworm - News ExpressVPN, the Spartans in the 7th century developed a tool, namely, Scytale, that helped them encode a message. Scytale was a wooden rod with parchment wrapped around it.  During the preparation phase, the sender wrote and encoded the message while the parchment was on the rod. When the receiver took off the parchment, the words would automatically get jumbled. So, to decode it, the receiver wrapped the parchment around a rod with the same diameter. Encryption witnessed massive developments during the Two World Wars. During the Second World War, Germans developed one of the most feature-packed and reliable encryption tools, The Enigma Machine. The Enigma Machine used rotor mechanics that scrambled the 26 letters of the alphabet and converted the actual message into a complex puzzle. During the early- to mid-20th century, The Enigma Machine was considered super secure, and it was used to encode the most top-secret messages. ]]> 2023-11-22T18:26:04+00:00 https://www.techworm.net/2023/11/everything-know-encryption.html www.secnews.physaphae.fr/article.php?IdArticle=8415909 False Tool None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Ambitious Employees Tout New AI Tools, Ignore Serious SaaS Security RisksLike the SaaS shadow IT of the past, AI is placing CISOs and cybersecurity teams in a tough but familiar spot.  Employees are covertly using AI with little regard for established IT and cybersecurity review procedures. Considering ChatGPT\'s meteoric rise to 100 million users within 60 days of launch, especially with little]]> 2023-11-22T16:38:00+00:00 https://thehackernews.com/2023/11/ai-solutions-are-new-shadow-it.html www.secnews.physaphae.fr/article.php?IdArticle=8415868 False Tool,Cloud ChatGPT 3.0000000000000000 Intigrity - Blog Bug Bytes est une newsletter hebdomadaire organisée par les membres de la communauté Bug Bounty.La deuxième série est organisée par InsiderPhd.Chaque semaine, elle nous tient à jour avec une liste complète des articles, des outils, des tutoriels et des ressources.Ce numéro couvre les semaines du 6 novembre au 19 novembre Intigriti News de mon cahier

---

>Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources. This issue covers the weeks from November 6th to November 19th Intigriti News From my notebook ]]> 2023-11-22T11:30:00+00:00 https://blog.intigriti.com/2023/11/22/bug-bytes-217-how-to-submit-vulnerabilities-writing-a-great-writeup-and-2-years-of-bug-bounty/ www.secnews.physaphae.fr/article.php?IdArticle=8415866 False Tool,Vulnerability None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC ripe opportunity to scam.  According to the New Jersey Cybersecurity & Communications Integration Cell, recent reports had indicated. “spoofed emails were sent appearing to originate from legitimate organizations and contained [Thanksgiving-themed subject lines]’” noting how criminals and bad actors exploit the spirit of the season. Furthermore, they highlight that ”an Emotet banking trojan campaign was [also] observed using Thanksgiving lures.” Criminals know that with increased online transactions comes increased vulnerability, so they capitalize on the holiday spirit, designing scams that blend seamlessly with genuine promotional content, making it harder for individuals to distinguish between what\'s authentic and what\'s not. The risks of phishing One of the primary ways cybercriminals target individuals and businesses is through phishing attacks. Around Thanksgiving time, these types of scams might manifest as emails purporting to offer massive discounts, invitations to exclusive Thanksgiving events, or even charitable appeals meant to tug at the heartstrings to draw you in.  However, phishing isn’t restricted to just email—with their vast user bases, social media platforms are also prime targets for scams of all kinds.  Cybercriminals often create fake profiles or pages promoting too-good-to-be-true Thanksgiving deals, leading unsuspecting and unknowing victims to phishing websites or even tricking them into sharing personal information that can be further exploited. The hidden benefits of cybersecurity When businesses transform their robust cybersecurity processes into content, it becomes a powerful tool for brand awareness and elevation. Sharing with your audience the measures you\'ve implemented reassures them of the sanctity of their data. It\'s not just about telling them they\'re safe; it\'s about showing them. For potential customers, especially in niche markets, tangible information is a beacon of trust. So when they can actively see and better understand ]]> 2023-11-22T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/thanksgiving-cyber-feast-safeguarding-against-seasonal-scams www.secnews.physaphae.fr/article.php?IdArticle=8415844 False Malware,Tool,Vulnerability,Threat None 2.0000000000000000 Korben - Bloger francais 2023-11-22T09:21:21+00:00 https://korben.info/lm-studio-local-llms-integration-code-usage.html www.secnews.physaphae.fr/article.php?IdArticle=8415915 False Tool ChatGPT 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Description A new variant of Agent Tesla has been discovered that uses the ZPAQ archive and .wav file extension to infect systems and steal information from approximately 40 web browsers and various email clients. ZPAQ is a file compression format that offers a better compression ratio and journaling function compared to widely used formats like ZIP and RAR. However, ZPAQ has limited software support, making it difficult to work with, especially for users without technical expertise. The .NET executable file is bloated with zero bytes, which allows threat actors to bypass traditional security measures and increase the effectiveness of their attack. The usage of the ZPAQ compression format raises more questions than answers. The assumptions here are that either threat actors target a specific group of people who have technical knowledge or use less widely known archive tools, or they are testing other techniques to spread malware faster and bypass security software. The malware uses Telegram as a C&C due to its widespread legal usage and the fact that its traffic is often allowed through firewalls, making it a useful medium for covert communication. Like any other stealer, Agent Tesla can harm not only private individuals but also organizations. It has gained popularity among cybercriminals for many reasons including ease of use, versatility, and affordability on the Dark Web. #### Reference URL(s) 1. https://www.gdatasoftware.com/blog/2023/11/37822-agent-tesla-zpaq #### Publication Date November 20, 2023 #### Author(s) Anna Lvova ]]> 2023-11-21T21:19:53+00:00 https://community.riskiq.com/article/818d5f5c www.secnews.physaphae.fr/article.php?IdArticle=8415603 False Malware,Tool,Threat,Technical None 3.0000000000000000 Global Security Mag - Site de news francais revues de produits

---

Guardz Launches Growth Hub to Empower MSPs with Cybersecurity Sales Support, ROI Reports, and Prospecting Tools The cybersecurity company\'s latest offering enables MSPs to better protect and serve existing SME customers and foster new business conversion - Product Reviews]]> 2023-11-21T15:32:19+00:00 https://www.globalsecuritymag.fr/Guardz-introduced-its-Growth-Hub-for-Managed-Service-Providers.html www.secnews.physaphae.fr/article.php?IdArticle=8415449 False Tool None 2.0000000000000000 HackRead - Chercher Cyber Par owais sultan Classé et décrit les fonctionnalités des 5 meilleures applications clients télégrammes pour Android.Telegram Messenger est & # 8230; Ceci est un article de HackRead.com Lire la publication originale: Top 5 des meilleures applications client télégrammes pour Android

---

>By Owais Sultan Ranked and described the functionality of the top 5 best Telegram client applications for Android. Telegram messenger is… This is a post from HackRead.com Read the original post: Top 5 Best Telegram Client Apps for Android]]> 2023-11-21T12:48:00+00:00 https://www.hackread.com/top-5-best-telegram-client-apps-for-android/ www.secnews.physaphae.fr/article.php?IdArticle=8415362 False Tool,Mobile None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC 88% of data breaches are caused by employee mistakes. Not to mention that we\'ve observed a surging trend of attacks that sidestep technology and instead, zero in on people. The strategy is proving effective. Prominent ransomware incidents, such as those affecting Colonial Pipeline, JBS Foods, and Kaseya, have dominated headlines. As our tech-driven defenses become more advanced, malicious actors are adapting, always looking for the easiest entry point. Seeking efficiency and reduced effort, these cyberattackers often find employees to be the most appealing targets. So, training everyone to have better awareness about cybersecurity isn\'t just a good idea; it\'s a must. Based on all this, we\'ve got some recommendations for what leaders need to know and smart questions they should keep in mind for their next big meeting. Five things leaders need to know about cybersecurity culture Understanding security culture The ambiguity surrounding the term "security culture" often stems from a foundational problem: its frequent usage without a clear definition. This lack of clarity paves the way for varied interpretations and assumptions. With this work, we aim to bring clarity to the concept. Security culture is described as the beliefs, traditions, and collective behaviors of a group that shape its security posture. Why does security culture matter? Sometimes, employees adopt poor security habits, either independently or due to a lack of proper guidance from the organization. Addressing these habits can be challenging. However, establishing a robust security culture can change their behaviors, enabling an organization to safeguard its reputation, brand, and financial well-being. What does a good security culture look like? Suppose an employee, Alex, receives an email from a bank filled with typos and featuring a suspicious link. At a workplace lacking a security culture, Alex thinks, "This is odd. I\'ll set it aside for now." However, in a company with a solid security culture, Alex’s immediate reaction is, "This could be dangerous. I need to inform IT." Such a prompt action gives the tech team an early warning, allowing them to act before more damage occurs. It isn\'t about turning every employee into a cybersecurity specialist; it\'s about ensuring each individual acts responsibly, embodying the qualities of a "security champion." Prioritizing values, attitudes, and beliefs over rules and policies Cyber threats often catch organizations off-guard because a significant portion of their workforce isn\'t adequately informed or prepared for these risks. Leaders hope for their teams to act responsibly, like locking an unattended computer or reporting suspicious emails. However, just organizing train]]> 2023-11-21T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/7-must-ask-questions-for-leaders-on-security-culture www.secnews.physaphae.fr/article.php?IdArticle=8415314 False Ransomware,Tool,Prediction None 3.0000000000000000 ProofPoint - Cyber Firms 2023-11-21T08:35:02+00:00 https://www.proofpoint.com/us/blog/information-protection/preventing-mfa-fatigue-attacks www.secnews.physaphae.fr/article.php?IdArticle=8415409 False Ransomware,Data Breach,Malware,Tool,Threat,Technical Uber 3.0000000000000000 Cyber Skills - Podcast Cyber As the countdown to the festive shopping frenzy begins, MTU Cyber Skills has launched a new line of defence for online shoppers: CheckMyLink at https://check.cyberskills.ie is a scam prevention tool and a timely response to the expected surge in cybercrime as substantial sums are set to be spent online on Black Friday sales and Christmas presents. What is CheckMyLink? CheckMyLink, is a security tool built by MTU Cyber Skills in collaboration with Scam Advisor and An Garda Síochána. It is designed to boost your confidence when shopping online. It checks that the website you\'re about to buy from is genuine and free from malware. All you need to do is enter the website\'s address (URL) and CheckMyLink will quickly tell you if it\'s a safe place to shop. Donna O\' Shea, Chair of ]]> 2023-11-21T00:00:00+00:00 https://www.cyberskills.ie/explore/news/garda-backed-scam-prevention-tool-launched-by-mtu-cyber-skills-ahead-of-black-friday-and-christmas.html www.secnews.physaphae.fr/article.php?IdArticle=8517392 True Malware,Tool,Prediction None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Description Cisco Talos has recently observed an increase in activity conducted by 8Base, a ransomware group that uses a variant of the Phobos ransomware and other publicly available tools to facilitate their operations. Most of the group\'s Phobos variants are distributed by SmokeLoader, a backdoor trojan. This commodity loader typically drops or downloads additional payloads when deployed. In 8Base campaigns, however, it has the ransomware component embedded in its encrypted payloads, which is then decrypted and loaded into the SmokeLoader process\' memory. #### Reference URL(s) 1. https://blog.talosintelligence.com/deep-dive-into-phobos-ransomware/ 2. https://blog.talosintelligence.com/understanding-the-phobos-affiliate-structure/ #### Publication Date November 17, 2023 #### Author(s) Guilherme Venere ]]> 2023-11-20T20:25:28+00:00 https://community.riskiq.com/article/d75b18b5 www.secnews.physaphae.fr/article.php?IdArticle=8415045 False Ransomware,Tool None 3.0000000000000000 CrowdStrike - CTI Society Adversaries are becoming more sophisticated and faster with their attacks. According to the CrowdStrike 2023 Threat Hunting Report, the average eCrime breakout time is just 79 minutes. This is partly due to adversaries taking advantage of tools that leverage automation like password-cracking tools, exploit kits for web browser vulnerabilities, and marketplaces that sell stolen data. […]]]> 2023-11-20T18:38:02+00:00 https://www.crowdstrike.com/blog/accelerate-response-with-falcon-fusion/ www.secnews.physaphae.fr/article.php?IdArticle=8417520 False Tool,Vulnerability,Threat None 2.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain Exemple Il est utilisé pour l'analyse des sentiments.Je suppose que ce n'est pas encore très bon, mais qu'il ira mieux.

---

Generative AI is going to be a powerful tool for data analysis and summarization. Here’s an example of it being used for sentiment analysis. My guess is that it isn’t very good yet, but that it will get better.]]> 2023-11-20T11:57:37+00:00 https://www.schneier.com/blog/archives/2023/11/using-generative-ai-for-surveillance.html www.secnews.physaphae.fr/article.php?IdArticle=8414823 False Tool ChatGPT 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Wireshark: A powerful network protocol analyzer that allows you to capture and analyze network traffic. NetworkMiner: A tool for network forensics that can extract files, emails, and other artifacts from captured network traffic. We have covered FTK, ]]> 2023-11-20T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/how-to-perform-basic-digital-forensics-on-a-windows-computer www.secnews.physaphae.fr/article.php?IdArticle=8414800 False Tool,Cloud,Commercial None 3.0000000000000000 CyberWarzone - Cyber News [Plus ...]

---

Understanding the Role of Mcrypt in PHP Development In the realm of PHP development, the mcrypt extension once stood as a crucial tool for data [more...]]]> 2023-11-19T20:36:10+00:00 https://cyberwarzone.com/what-is-the-mcrypt-extension-in-php-and-why-was-it-deprecated/ www.secnews.physaphae.fr/article.php?IdArticle=8414511 False Tool,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch Building a resilient incident response team requires more than a simple combination of tools and on-call rotations.]]> 2023-11-17T14:00:00+00:00 https://www.darkreading.com/endpoint/detection-response-that-scales-4-pronged-approach www.secnews.physaphae.fr/article.php?IdArticle=8413403 False Tool None 3.0000000000000000 Recorded Future - FLux Recorded Future Un groupe de piratage qui cible l'Ukraine depuis un certain temps a lancé une nouvelle campagne sur les agences gouvernementales en utilisant un outil de surveillance familier - Remcos.Le logiciel sophistiqué d'accès à distance, commercialisé comme un outil administratif légitime, peut être abusé par des pirates pour prendre le contrôle total d'un système infecté.Dans une récente campagne, les pirates

---

A hacking group that has been targeting Ukraine for a while has launched a new campaign on government agencies using a familiar surveillance tool - Remcos. The sophisticated remote access software, marketed as a legitimate administrative tool, can be abused by hackers to gain full control over an infected system. In a recent campaign, hackers]]> 2023-11-17T13:46:00+00:00 https://therecord.media/remcos-phishing-ukraine-government-agencies www.secnews.physaphae.fr/article.php?IdArticle=8413406 False Tool None 2.0000000000000000 Checkpoint - Fabricant Materiel Securite Faits saillants: Gamaredon, un joueur approprié distinct de l'espionnage russe, se distingue par ses campagnes à grande échelle ciblant principalement les entités ukrainiennes.Le ver USB, Litterdrifter, révèle un impact mondial avec des infections potentielles dans des pays comme les États-Unis, le Vietnam, le Chili, la Pologne, l'Allemagne et Hong Kong, s'étendant au-delà de ses cibles d'origine.Récemment déployé par Gamaredon, Litterdrifter est un ver rédigé par VBS conçu pour se propager à travers des disques USB, démontrant les tactiques évolutives du groupe dans le maintien d'une infrastructure flexible et volatile.Les principaux résultats sur Litterdrifter: Litterdrifter, le dernier outil de Gamaredon & # 8217; dans son cyber arsenal, est un ver écrit par VBS avec deux fonctionnalités.Ses principaux objectifs sont la propagation automatique sur [& # 8230;]

---

>Highlights: Gamaredon, a distinct APT player in Russian espionage, stands out for its large-scale campaigns primarily targeting Ukrainian entities. The USB worm, LitterDrifter, reveals a global impact with potential infections in countries like the USA, Vietnam, Chile, Poland, Germany, and Hong Kong, expanding beyond its original targets. Recently deployed by Gamaredon, LitterDrifter is a VBS-written worm designed to spread through USB drives, demonstrating the group’s evolving tactics in maintaining a flexible and volatile infrastructure. Key Findings on LitterDrifter: LitterDrifter, Gamaredon’s latest tool in its cyber arsenal, is a VBS-written worm with dual functionalities. Its primary objectives are automatic spreading over […] ]]> 2023-11-17T13:00:07+00:00 https://blog.checkpoint.com/research/decrypting-danger-check-point-research-deep-dive-into-cyber-espionage-tactics-by-russian-origin-attackers-targeting-ukrainian-entities/ www.secnews.physaphae.fr/article.php?IdArticle=8413379 False Tool None 2.0000000000000000 ProofPoint - Cyber Firms 2023-11-17T12:01:12+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/demystifying-ai-and-ml-six-critical-questions-ask-your-cybersecurity www.secnews.physaphae.fr/article.php?IdArticle=8413357 False Malware,Tool,Vulnerability,Threat None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Smartproxy are better if security and privacy are your goals. Keep reading to discover how free proxies work and the dangers they pose. What is a proxy? A proxy is an intermediary server that accepts and forwards all your requests to the web server. This means that instead of connecting directly to the internet, you first connect to the proxy server. You might be wondering why using an intermediary server like a proxy is effective. Usually, it’s better to cut out the middleman, right? In this case, by connecting to the proxy first, your personal information, such as your IP and other associated data, is replaced by a new IP. This completely hides your information from the websites you visit. By changing your IP address through a proxy, websites or apps cannot track you, and your data is more secure. However, that’s not all a proxy does. What can you use a proxy for? By now, we know that proxies are great tools when it comes to online security and privacy. By hiding your real IP, the websites that you visit won’t be able to collect the data associated with your IP. This usually includes your name, location, ISP, devices, operating system, and more. Residential proxies, in particular, are great for anonymity because they use the IPs from real devices. As such, they don’t look like proxies and are much less likely to be detected as such. However, proxies can be used for many other ways aside from security and privacy. Another use is managing multiple social media accounts. Social media platforms are quick to issue IP bans if they find the same IP address creating multiple accounts. Account limits are usually only a handful per IP address, and the moment you create too many, you might receive an IP ban. This is frustrating if you’re a digital marketer who creates and manages accounts for clients. However, by using a proxy, you can change the IP that creates the accounts and avoid IP bans. Another use of proxies is related to automation. This can affect a wide range of automated tools, from sneaker bots to data scrapers and even social media automation. Many websites and social media platforms block automation tools as part of their anti-bot protection. However, by linking residential proxies to these tools, you can make them appear like natural users and bypass these limitations. However, to be successful, you’ll need to use residential proxies with a real IP. Finally, proxies can also help improve your connection speed and stabilize it. This is because you’re routing all your traffic through larger servers instead of your own device. These servers are much more capa]]> 2023-11-17T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/free-proxies-and-the-hidden-dangers www.secnews.physaphae.fr/article.php?IdArticle=8413331 False Malware,Tool,Vulnerability,Threat None 2.0000000000000000 Recorded Future - FLux Recorded Future Un contrat signé l'année dernière par les douanes et la patrouille frontalière des États-Unis (CBP) semble donner à l'agence le package le plus agressif et le plus vaste d'outils de surveillance qu'il ait jamais utilisés, selon un groupe de plaidoyer.L'accord avec le courtier de données LexisNexis Risk Solutions a fourni à CBP des capacités telles que la collecte de données de géolocalisation, la surveillance sociale

---

A contract signed last year by U.S. Customs and Border Patrol (CBP) appears to give the agency the most aggressive and expansive package of surveillance tools it has ever used, according to an advocacy group. The deal with the data broker LexisNexis Risk Solutions provided CBP with capabilities such as collecting geolocation data, monitoring social]]> 2023-11-16T21:32:00+00:00 https://therecord.media/cbp-lexisnexis-risk-solutions-contract-surveillance www.secnews.physaphae.fr/article.php?IdArticle=8413084 False Tool None 2.0000000000000000 Recorded Future - FLux Recorded Future La société de logiciels financiers Meridianlink a confirmé qu'elle faisait face à une cyberattaque après que les pirates derrière l'incident aient pris des mesures extraordinaires pour faire pression sur l'entreprise pour payer une rançon.Meridianlink, qui a déclaré plus de 76 millions de dollars de revenus au dernier trimestre, fournit des outils aux banques, aux coopératives de crédit, aux prêteurs hypothécaires et aux agences de rapports de consommation aux États-Unis

---

Financial software company MeridianLink confirmed that it is dealing with a cyberattack after the hackers behind the incident took extraordinary measures to pressure the company into paying a ransom. MeridianLink, which reported more than $76 million in revenue last quarter, provides tools to banks, credit unions, mortgage lenders and consumer reporting agencies in the United]]> 2023-11-16T17:30:00+00:00 https://therecord.media/meridianlink-confirms-cyberattack-after-sec-threat www.secnews.physaphae.fr/article.php?IdArticle=8412991 False Ransomware,Tool None 2.0000000000000000 Recorded Future - FLux Recorded Future Pour la deuxième fois en autant de semaines, un groupe de législateurs américains a dévoilé jeudi une législation pour renouveler un puissant outil d'espionnage avant une date limite critique et de fin d'année.Le comité du renseignement de la Chambre dirigée par les républicains a lancé une introduction aux réformes réautoriser l'article 702 du

---

For the second time in as many weeks, a group of U.S. lawmakers on Thursday unveiled legislation to renew a powerful spy tool before a critical, year-end deadline. The Republican-led House Intelligence Committee rolled out a primer on the reforms that will be proposed in a forthcoming bipartisan measure to reauthorize Section 702 of the]]> 2023-11-16T17:00:00+00:00 https://therecord.media/house-intelligence-committee-section-702-proposal www.secnews.physaphae.fr/article.php?IdArticle=8412963 False Tool,Legislation None 2.0000000000000000 Silicon - Site de News Francais 2023-11-16T16:28:21+00:00 https://www.silicon.fr/microsoft-ignite-2023-boite-outils-ia-473494.html www.secnews.physaphae.fr/article.php?IdArticle=8412961 False Tool None 2.0000000000000000 ProofPoint - Cyber Firms 2023-11-16T14:15:19+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/actionable-insights-simplifying-threat-explainability-condemnation www.secnews.physaphae.fr/article.php?IdArticle=8412833 False Tool,Threat,Technical None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC aa22-074a & nbsp; décrire comment les configurations par défaut dans les applications MFA sont considérées comme une vulnérabilité.La tactique a été utilisée par les cyber-acteurs parrainés par l'État russe dès mai 2021 dans un compromis réussi d'une organisation américaine. Sur la base de ces directives de la CISA, les AT & amp; T cybersecurity a géré la détection gérée par la cybersecurity.et réponse (MDR) Centre d'opérations de sécurité (SOC) a analysé de manière proactive dans notre flotte de clients et a découvert un client qui utilisait la configuration par défaut, qui peut être exploitée.Les analystes de SOC ont contacté le client pour l'informer du risque et ont fourni des recommandations sur la façon de sécuriser leur réseau. Investigation Recherche d'événements Les analystes ont utilisé l'outil open-source, Elastic Stack, pour rechercher nos clients pour & ldquo; défaillance, & rdquo; qui est la configuration par défaut dans les applications MFA qui rend possible un accès non autorisé. & nbsp; & nbsp; Événement Deep-Dive La recherche a révélé un client avec son ensemble de candidatures MFA sur Rectendopen = 1, qui est le paramètre qui permet à un acteur malveillant de contourner l'authentification lorsqu'il est exploité.Le & ldquo; défaillance & rdquo;Le paramètre permet une tentative incorrecte de connexion, ce qui permettrait alors un accès sans entrave à un compte avec ce paramètre sur le réseau client. Revue pour des indicateurs supplémentaires De là, les analystes SOC ont pivoté pour rechercher l'environnement client pour toutes les informations qui identifieraient les actifs et les comptes des clients associés et qui indiqueraient une activité malveillante extérieure.Ils ont découvert que l'utilisateur responsable était répertorié comme administrateur dans l'environnement client. Réponse Construire l'enquête Les analystes ont ouvert une enquête pour traiter la mauvaise configuration de l'application mobile MFA ainsi que pour confirmer si l'activité associée à l'utilisateur identifié a été autorisée.L'enquête comprenait une explication de la vulnérabilité ainsi qu'un résumé de l'activité de l'utilisateur impliqué sur les actifs identifiés au cours des 30 derniers jours. Interaction client Les analystes ont créé une enquête à faible sévérité, ce qui, dans ce cas, signifiait qu'ils n'étaient pas tenus de contacter le client.(Nos clients MDR déterminent quand et comment le SOC communique avec eux.) Cependant, pour s'assurer que le problème a été résolu en temps opportun, les analystes ont également informé le groupe Hu]]> 2023-11-16T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/stories-from-the-soc-proactive-steps-to-protect-customers-from-misconfigured-mfa www.secnews.physaphae.fr/article.php?IdArticle=8412811 False Tool,Vulnerability,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Description Rhysida-an emerging ransomware variant-has predominately been deployed against the education, healthcare, manufacturing, information technology, and government sectors since May 2023. Threat actors leveraging Rhysida ransomware are known to impact “targets of opportunity,” including victims in the education, healthcare, manufacturing, information technology, and government sectors. Open source reporting details similarities between Vice Society (DEV-0832) activity and the actors observed deploying Rhysida ransomware. Additionally, open source reporting has confirmed observed instances of Rhysida actors operating in a ransomware-as-a-service (RaaS) capacity, where ransomware tools and infrastructure are leased out in a profit-sharing model. Any ransoms paid are then split between the group and the affiliates. #### Reference URL(s) 1. https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-319a #### Publication Date November 15, 2023 #### Author(s) CISA ]]> 2023-11-15T21:25:29+00:00 https://community.riskiq.com/article/966909c4 www.secnews.physaphae.fr/article.php?IdArticle=8412573 False Ransomware,Tool,Threat None 2.0000000000000000 The Intercept - Site journalistique Anglais Les organisateurs ont juré de violence, mais les flics ont utilisé leurs outils de jardin comme excuse pour les attaquer de toute façon.

---

>Organizers swore off violence, but the cops used their garden tools as an excuse to attack them anyway. ]]> 2023-11-15T16:32:26+00:00 https://theintercept.com/2023/11/15/cop-city-protest-police-atlanta-tear-gas/ www.secnews.physaphae.fr/article.php?IdArticle=8412424 False Tool None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC supply chain attack, hackers aim to breach a target\'s defenses by exploiting vulnerabilities in third-party companies. These attacks typically follow one of two paths. The first involves targeting a service provider or contractor, often a smaller entity with less robust security. The second path targets software developers, embedding malicious code into their products. This code, masquerading as a legitimate update, may later infiltrate the IT systems of customers. This article delves into specific instances of supply chain attacks, explores the inherent risks, examines common strategies employed by attackers, as well as effective defense mechanisms, and offers supply chain risk management tips. Understanding the scope and danger of supply chain cyberattacks In their assaults on supply chains, attackers are driven by various objectives, which can range from espionage and extortion to other malicious intents. These attacks are merely one of many strategies hackers use to infiltrate a victim\'s infrastructure. What makes supply chain attacks particularly dangerous is their unpredictability and extensive reach. Companies can find themselves compromised by mere misfortune. A case in point is the 2020 incident involving SolarWinds, a network management software firm. The company fell victim to a hack that resulted in extensive breaches across various government agencies and private corporations. Over 18,000 SolarWinds customers unknowingly installed malicious updates, which led to an undetected, widespread malware infiltration. Why do companies fall victim to supply chain attacks? Several factors contribute to the susceptibility of companies to supply chain attacks: Inadequate security measures A staggering 84% of businesses have high-risk vulnerabilities within their networks. For companies involved in software production and distribution, a supply chain attack represents a significant breach of security protocols. Reliance on unsafe components Many firms utilize components from third-party vendors and open-source software (OSS), seeking to cut costs and expedite product development. However, this practice can backfire by introducing severe vulnerabilities into a company\'s infrastructure. OSS platforms and repositories frequently contain security loopholes. Cybersecurity professionals have identified over 10,000 GitHub repositories susceptible to RepoJacking, a form of supply chain attack exploiting dependency hijacking. Furthermore, the layered nature of OSS, often integrating third-party components, creates a chain of transitive dependencies and potential security threats. Overconfidence in partners Not many companies conduct thorough security evaluations of their service providers, typically relying on superficial questionnaires or legal compliance checks. These measures fall short of providing an accurate picture of a partner\'s cybersecurity maturity. In most cases, real audits are an afterthought triggered by a security incident that has already taken place. Additional risk factors precipit]]> 2023-11-15T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/how-prepared-is-your-company-for-a-supply-chain-attack www.secnews.physaphae.fr/article.php?IdArticle=8412299 False Malware,Hack,Tool,Vulnerability,Threat None 2.0000000000000000 CyberWarzone - Cyber News [plus...]

---

Ever wondered how cybersecurity professionals and ethical hackers stay on top of their game? They use powerful tools, and one such tool is Metasploit. So, [more...]]]> 2023-11-14T17:32:41+00:00 https://cyberwarzone.com/install-metasploit-on-kali-linux-also-works-for-ubuntu-22-04/ www.secnews.physaphae.fr/article.php?IdArticle=8411980 False Tool None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC part one here. This is a continuation of my interview with Scott Scheppers, chief experience officer for AT&T Cybersecurity, on the cybersecurity talent shortage. Scheppers points out that organizations have to pay attention to compensation when it comes to talent retention. “Good pay - don’t discount that. You need to be competitive and compensate people well, but that’s not the only thing that matters.” To expand on this, he points to other key factors that help retain good workers. “Having said that, it’s not just about the pay. People really care about the culture and work environment. There’s often a lot of pressure in the cybersecurity world, but if people enjoy working with their peers and feel supported, they are much more likely to stick around. Cutthroat cultures with ‘zero sum’ mentalities can only go so far. A culture of teamwork is very important.” Scheppers continues, “Everything starts with leadership. As a leader, you must be able to set an example. You can’t just promise things- you must deliver as well.” Alongside a supportive and consistent culture, Scheppers emphasizes the importance of providing workers with a path for growth, “If you don’t have an internal path of growth for people, they’re eventually going to go elsewhere. As a leader, you need to take the time to understand where people want to go and help them get there. Of course, you can’t retain everyone. Sometimes you may not have the job opening someone is looking for, but that is okay. Growth for anyone often means seeing and doing different things in different companies or organizations.” According to Scheppers, the key to building a strong team in cyber is not different than in other industries. Leaders need to focus on the career aspirations of their people and finding a path to help them achieve their goals. “Give your team the tools and training needed to excel at the job—and then hold them accountable! No one understands the dynamics of a team better than the team itself. Sometimes the leader, especially those higher in the chain of command, don’t understand all the group dynamics at play. But, if you as a leader have someone that’s not pulling their weight and holding everyone back, know that other team members will see it and it will pull the team down. When people on the team understand that they must keep to a certain standard, it propels them. They know that they will be recognized for good and bad work. This is one key aspect of a strong culture.” How can we increase diversity in the field? According to the 2021 Aspen Digital Tech Policy report, only 9% of cybersecurity professionals were black, 9% were Asian, and 4% were Hispanic. CREST, the global not-for-profit membership body that ‘helps represent the global cyber security industry’, commented that inclusion and diversity need to be a priority in 2023.  “Diversity is very important but note that it goes deeper than just race or gender,” Scheppers begins. “You can find two white males, one from a farm in Alabama and one from the big city of Seattle. Both people can bring unique experiences and different viewpoints to the table. But if I looked around the room and saw that everyone on my team was a white male, I might start to ask what’s going on. Of course, race and gender can play a large part of your worl]]> 2023-11-14T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/what-are-the-keys-to-retaining-top-talent-in-cybersecurity www.secnews.physaphae.fr/article.php?IdArticle=8411990 False Tool,Conference None 3.0000000000000000 Global Security Mag - Site de news francais Investigations]]> 2023-11-14T09:04:35+00:00 https://www.globalsecuritymag.fr/Rapport-HP-Wolf-Security-les-Meal-Kits-une-menace-serieuse-pour-les-entreprises.html www.secnews.physaphae.fr/article.php?IdArticle=8411656 False Tool None 2.0000000000000000 Kovrr - cyber risk management platform 2023-11-14T00:00:00+00:00 https://www.kovrr.com/reports/cybersecurity-assessments-and-fortifying-digital-defenses-with-crq www.secnews.physaphae.fr/article.php?IdArticle=8412008 False Data Breach,Tool,Vulnerability,Threat,Technical None 3.0000000000000000 HackRead - Chercher Cyber Par waqas abrax666 L'AI Chatbot est vanté par son développeur comme une alternative malveillante à Chatgpt, affirmant qu'il est un outil multitâche parfait pour les activités éthiques et contraires à l'éthique. . Ceci est un article de HackRead.com Lire la publication originale: Abrax666 malveillant AI Chatbot exposé comme escroquerie potentielle

---

>By Waqas Abrax666 AI Chatbot is being boasted by its developer as a malicious alternative to ChatGPT, claiming it\'s a perfect multitasking tool for both ethical and unethical activities. This is a post from HackRead.com Read the original post: Malicious Abrax666 AI Chatbot Exposed as Potential Scam]]> 2023-11-13T23:18:17+00:00 https://www.hackread.com/abrax666-ai-chatbot-exposed-as-potential-scam/ www.secnews.physaphae.fr/article.php?IdArticle=8411366 False Tool ChatGPT 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC 2023-11-13T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/securely-disposing-of-old-electronics-and-data-a-forensic-guide-to-protecting-your-information www.secnews.physaphae.fr/article.php?IdArticle=8410924 False Tool,Cloud CCleaner 3.0000000000000000 Dark Reading - Informationweek Branch Process failures are the root cause of most serious cybersecurity incidents. We need to treat security as a process issue, not try to solve it with a collection of tools.]]> 2023-11-13T08:00:00+00:00 https://www.darkreading.com/risk/security-is-a-process-not-a-tool www.secnews.physaphae.fr/article.php?IdArticle=8410831 False Tool None 3.0000000000000000 ProofPoint - Cyber Firms 2023-11-13T07:23:13+00:00 https://www.proofpoint.com/us/blog/information-protection/proofpoint-recognized-2023-gartner-market-guide-data-loss-prevention www.secnews.physaphae.fr/article.php?IdArticle=8410965 False Tool,Threat,Cloud None 1.00000000000000000000 ProofPoint - Cyber Firms 2023-11-13T07:14:17+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/actionable-insights-understand-risk-profile-executive-summary www.secnews.physaphae.fr/article.php?IdArticle=8411686 False Malware,Tool,Threat,Prediction None 2.0000000000000000 Veracode - Application Security Research, News, and Education Blog Web applications are one of the most common vector for breaches, accounting for over 40% of breaches according to Verizon\'s 2022 Data Breach Report. Ensuring that your web applications are sufficiently protected and continue to be monitored once they are in production is vital to the security of your customers and your organization.  Staying Ahead of the Threat Attackers are constantly looking for new ways to exploit vulnerabilities and to breach web applications, which means that as their methods mature and they become more aggressive, even the most securely developed applications can become vulnerable. Organizations that only perform annual penetration tests on their web applications may be leaving themselves open to a breach that could be easily prevented with regular production scanning.  Application security outlines a collection of processes and tools focused on identifying, remediating, and preventing application-level vulnerabilities throughout the entire software development…]]> 2023-11-12T22:55:15+00:00 https://www.veracode.com/blog/managing-appsec/securing-your-web-applications-and-apis-veracode-dast-essentials www.secnews.physaphae.fr/article.php?IdArticle=8415095 False Data Breach,Tool,Vulnerability,Threat None 2.0000000000000000 Korben - Bloger francais 2023-11-12T08:00:00+00:00 https://korben.info/gpt-fdisk-guide-conversion-mbr-gpt-partitionnement-disques-modernes.html www.secnews.physaphae.fr/article.php?IdArticle=8410201 False Tool None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Description In a new campaign, Malwarebytes observed a threat actor copying a legitimate Windows news portal to distribute a malicious installer for the popular processor tool CPU-Z. This incident is a part of a larger malvertising campaign that targets other utilities like Notepad++, Citrix and VNC Viewer as seen in its infrastructure (domain names) and cloaking templates used to avoid detection. Malwarebytes have informed Google with the relevant details for takedown. #### Reference URL(s) 1. https://www.malwarebytes.com/blog/threat-intelligence/2023/11/malvertiser-copies-pc-news-site-to-deliver-infostealer #### Publication Date November 8, 2023 #### Author(s) Jérôme Segura ]]> 2023-11-10T19:10:55+00:00 https://community.riskiq.com/article/fb1132c1 www.secnews.physaphae.fr/article.php?IdArticle=8409316 False Tool,Threat None 2.0000000000000000 Bleeping Computer - Magazine Américain Security researchers are warning that hackers are targeting multiple healthcare organizations in the U.S. by abusing the ScreenConnect remote access tool. [...]]]> 2023-11-10T14:57:04+00:00 https://www.bleepingcomputer.com/news/security/hackers-breach-healthcare-orgs-via-screenconnect-remote-access/ www.secnews.physaphae.fr/article.php?IdArticle=8409273 False Tool,Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) There is a seemingly never-ending quest to find the right security tools that offer the right capabilities for your organization. SOC teams tend to spend about a third of their day on events that don\'t pose any threat to their organization, and this has accelerated the adoption of automated solutions to take the place of (or augment) inefficient and cumbersome SIEMs. With an estimated 80% of]]> 2023-11-10T14:30:00+00:00 https://thehackernews.com/2023/11/the-new-8020-rule-for-secops-customize.html www.secnews.physaphae.fr/article.php?IdArticle=8408991 False Tool,Threat None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC here. This blog is focused on what we found across the AT&T Cybersecurity customer base as we looked for the indicators of compromise (IOCs) identified in the BlackBerry blog and on the quick-follow up analysis we performed and provided to our customers. As a part of the AT&T Managed Threat Detection and Response (MTDR) threat hunter team, we have the unique opportunity to perform threat hunting across our fleet of customers in a very fast and efficient manner. Leveraging the logs across hundreds of data sources, we can come up with our own hunt hypotheses and develop extremely complex searches to find potential prior incidents and compromises. We can also work with the AT&T Alien Labs team to turn that search syntax into a correlation rule. The Alien Labs team uses this backend data that we gather to create thousands of rules and signatures within the USM Anywhere platform. Threat hunters can also search for specific known tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) as we ingest and process cyber threat intelligence from both open sources (i.e., publicly available data) and closed sources (i.e., government or private data that is not publicly available). When we looked for the TTPs that the attackers were using to deploy the credit card skimming scripts, our searches yielded no results, but when we searched for IOCs related to where the credit card data was exfiltrated during this campaign, we observed one domain come up across a few customers. Armed with key information such as time frames and which customers and users were impacted, we could now go deeper into USM Anywhere to investigate. Figure 1 – Web request for credit card skimming exfiltration domain Figure 1 shows that the request for the credit card skimming site referred from another website for a well-known food company with an online purchasing option. We observed this to be the case for all the other customers too, with the food site being either the direct referer or being the HTTP request right before the connection to the cdn[.]nightboxcdn[.]com site. One of the other observed impacted customers had a user’s credit information skimmed from a different compromised site (see Figure 2). Figure 2 – Traffic going to shopping site (redacted) followed by traffic to the skim exfiltration and then a legitimate payment site We can see that the user is on an online shopping site (redacted) followed by traffic to the exfiltration domain as well as to a legitimate payment portal service. We can conclude from the traffic flow that the user went to checkout and that after they input their payment details, this information went to both the exfiltration site and the legitimate payment service, ProPay. By using the website scanning tool urlscan.io and by looking at a scan of the shopping site from May 23, 2023, we could see the skimming script appended to the jquery.hoverIntent.js file (legitimate script ends after });). Figure 3 – Skimming script appended to legitimate script]]> 2023-11-10T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/dont-check-out-credit-card-skimming-activity-observed www.secnews.physaphae.fr/article.php?IdArticle=8409194 False Tool,Threat None 2.0000000000000000 ProofPoint - Cyber Firms 2023-11-10T08:04:20+00:00 https://www.proofpoint.com/us/blog/security-awareness-training/holiday-scam-predictions www.secnews.physaphae.fr/article.php?IdArticle=8409070 False Tool,Threat,Prediction FedEx 3.0000000000000000 Korben - Bloger francais 2023-11-10T08:00:00+00:00 https://korben.info/bruno-nouveau-client-api-open-source-alternative-postman.html www.secnews.physaphae.fr/article.php?IdArticle=8408989 False Tool None 4.0000000000000000 ProofPoint - Cyber Firms 2023-11-10T07:55:46+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/new-gartner-bec-report-recommendations-are-fully-supported-proofpoint www.secnews.physaphae.fr/article.php?IdArticle=8409069 False Ransomware,Malware,Tool,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch Avoid making these mistakes when crafting a security awareness strategy at your organization.]]> 2023-11-09T19:07:00+00:00 https://www.darkreading.com/edge-articles/when-good-security-awareness-programs-go-wrong www.secnews.physaphae.fr/article.php?IdArticle=8408666 False Tool None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new malvertising campaign has been found to employ fake sites that masquerade as legitimate Windows news portal to propagate a malicious installer for a popular system profiling tool called CPU-Z. "This incident is a part of a larger malvertising campaign that targets other utilities like Notepad++, Citrix, and VNC Viewer as seen in its infrastructure (domain names) and cloaking templates used]]> 2023-11-09T18:56:00+00:00 https://thehackernews.com/2023/11/new-malvertising-campaign-uses-fake.html www.secnews.physaphae.fr/article.php?IdArticle=8408503 False Tool,Threat None 2.0000000000000000 Recorded Future - FLux Recorded Future Le gang de ransomes russes derrière l'exploitation de plusieurs outils de transfert de fichiers populaires exploite désormais une nouvelle vulnérabilité dans le logiciel de support informatique SYSAID, selon un nouveau rapport.Mercredi soir, les responsables de la sécurité à Microsoft a déclaré le gang ransomware declop - qu'ils appellent Lance Tempest - vise de nouvelles victimes à travers

---

The Russian ransomware gang behind the exploitation of several popular file transfer tools is now exploiting a new vulnerability in SysAid IT support software, according to a new report. On Wednesday night, security officials at Microsoft said the Clop ransomware gang - which they refer to as Lance Tempest - is targeting new victims through]]> 2023-11-09T17:45:00+00:00 https://therecord.media/clop-ransomware-gang-targets-new-zero-day www.secnews.physaphae.fr/article.php?IdArticle=8408637 False Ransomware,Tool,Vulnerability None 2.0000000000000000 Silicon - Site de News Francais 2023-11-09T16:42:29+00:00 https://www.silicon.fr/github-copilot-llm-473257.html www.secnews.physaphae.fr/article.php?IdArticle=8408604 False Tool None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Iranian nation-state actors have been observed using a previously undocumented command-and-control (C2) framework called MuddyC2Go as part of attacks targeting Israel. "The framework\'s web component is written in the Go programming language," Deep Instinct security researcher Simon Kenin said in a technical report published Wednesday. The tool has been attributed to MuddyWater, an Iranian]]> 2023-11-09T16:20:00+00:00 https://thehackernews.com/2023/11/muddyc2go-new-c2-framework-iranian.html www.secnews.physaphae.fr/article.php?IdArticle=8408439 False Tool,Technical None 3.0000000000000000 ProofPoint - Cyber Firms 2023-11-09T14:25:13+00:00 https://www.proofpoint.com/us/blog/identity-threat-defense/how-find-your-risky-identities www.secnews.physaphae.fr/article.php?IdArticle=8408437 False Tool,Vulnerability,Threat,Cloud None 2.0000000000000000 SecurityWeek - Security News Checkmarx uncovers a malicious campaign targeting Python developers with malware that takes over their systems. ]]> 2023-11-09T14:06:34+00:00 https://www.securityweek.com/blazestealer-malware-delivered-to-python-developers-looking-for-obfuscation-tools/ www.secnews.physaphae.fr/article.php?IdArticle=8408539 False Malware,Tool None 2.0000000000000000 Bleeping Computer - Magazine Américain A threat actor has been abusing Google Ads to distribute a trojanized version of the CPU-Z tool to deliver the Redline info-stealing malware. [...]]]> 2023-11-09T11:09:38+00:00 https://www.bleepingcomputer.com/news/security/google-ads-push-malicious-cpu-z-app-from-fake-windows-news-site/ www.secnews.physaphae.fr/article.php?IdArticle=8408601 False Malware,Tool,Threat None 2.0000000000000000 Global Security Mag - Site de news francais Investigations]]> 2023-11-09T08:42:45+00:00 https://www.globalsecuritymag.fr/PwC-72-des-entreprises-estiment-que-l-Intelligence-Artificielle-Generative-sera.html www.secnews.physaphae.fr/article.php?IdArticle=8408371 False Tool,Studies,Cloud None 3.0000000000000000 Korben - Bloger francais 2023-11-09T08:00:00+00:00 https://korben.info/decouvrez-openhue-api-open-source-philips-hue-controle-eclairage-connecte.html www.secnews.physaphae.fr/article.php?IdArticle=8408387 False Tool None 2.0000000000000000 ProofPoint - Cyber Firms 2023-11-09T07:02:10+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/power-simplicity-elevating-your-security-experience www.secnews.physaphae.fr/article.php?IdArticle=8408572 False Ransomware,Spam,Tool,Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Meta-owned WhatsApp is officially rolling out a new privacy feature in its messaging service called "Protect IP Address in Calls" that masks users\' IP addresses to other parties by relaying the calls through its servers. "Calls are end-to-end encrypted, so even if a call is relayed through WhatsApp servers, WhatsApp cannot listen to your calls," the company said in a statement shared with The]]> 2023-11-08T19:27:00+00:00 https://thehackernews.com/2023/11/whatsapp-introduces-new-privacy-feature.html www.secnews.physaphae.fr/article.php?IdArticle=8407908 False Tool None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Description SentinelLabs has identified a new Python-based infostealer and hacktool called \'Predator AI\' that is designed to target cloud services. Predator AI is advertised through Telegram channels related to hacking. The main purpose of Predator is to facilitate web application attacks against various commonly used technologies, including content management systems (CMS) like WordPress, as well as cloud email services like AWS SES. However, Predator is a multi-purpose tool, much like the AlienFox and Legion cloud spamming toolsets. These toolsets share considerable overlap in publicly available code that each repurposes for their brand\'s own use, including the use of Androxgh0st and Greenbot modules. The Predator AI developer implemented a ChatGPT-driven class into the Python script, which is designed to make the tool easier to use and to serve as a single text-driven interface between disparate features. There were several projects like BlackMamba that ultimately were more hype than the tool could deliver. Predator AI is a small step forward in this space: the actor is actively working on making a tool that can utilize AI. #### Reference URL(s) 1. https://www.sentinelone.com/labs/predator-ai-chatgpt-powered-infostealer-takes-aim-at-cloud-platforms/ #### Publication Date November 7, 2023 #### Author(s) Alex Delamotte ]]> 2023-11-08T18:59:39+00:00 https://community.riskiq.com/article/e5536969 www.secnews.physaphae.fr/article.php?IdArticle=8408039 False Tool,Cloud ChatGPT 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new set of malicious Python packages has slithered their way to the Python Package Index (PyPI) repository with the ultimate aim of stealing sensitive information from compromised developer systems. The packages masquerade as seemingly innocuous obfuscation tools, but harbor a piece of malware called BlazeStealer, Checkmarx said in a report shared with The Hacker News. "[BlazeStealer]]]> 2023-11-08T18:27:00+00:00 https://thehackernews.com/2023/11/beware-developers-blazestealer-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8407875 False Malware,Tool None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Download the free guide, "It\'s a Generative AI World: How vCISOs, MSPs and MSSPs Can Keep their Customers Safe from Gen AI Risks." ChatGPT now boasts anywhere from 1.5 to 2 billion visits per month. Countless sales, marketing, HR, IT executive, technical support, operations, finance and other functions are feeding data prompts and queries into generative AI engines. They use these tools to write]]> 2023-11-08T16:30:00+00:00 https://thehackernews.com/2023/11/guide-how-vcisos-msps-and-mssps-can.html www.secnews.physaphae.fr/article.php?IdArticle=8407813 False Tool,Technical ChatGPT 2.0000000000000000 Bleeping Computer - Magazine Américain The Federal Bureau of Investigation is warning that ransomware threat actors are targeting casino servers and use legitimate system management tools to increase their permissions on the network. [...]]]> 2023-11-08T11:44:35+00:00 https://www.bleepingcomputer.com/news/security/fbi-ransomware-gangs-hack-casinos-via-3rd-party-gaming-vendors/ www.secnews.physaphae.fr/article.php?IdArticle=8407960 False Ransomware,Hack,Tool,Threat None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC 2023-11-08T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/mitigating-deepfake-threats-in-the-corporate-world-a-forensic-approach www.secnews.physaphae.fr/article.php?IdArticle=8408045 False Tool,Vulnerability,Threat,Commercial None 2.0000000000000000 Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique Dans le paysage en constante évolution de la cybersécurité, le concept d'un «volet unique de verre» a longtemps été le Saint Graal pour de nombreuses organisations.L'idée est simple: consolider tous vos outils et données de cybersécurité sur un seul tableau de bord pour une visibilité et un contrôle améliorés. & # 160;Bien que ce concept contient du mérite, en particulier dans la main-d'œuvre hybride moderne, il \'s [& # 8230;]

---

>In the ever-evolving landscape of cybersecurity, the concept of a ”single pane of glass” has long been the Holy Grail for many organisations. The idea is simple: consolidate all your cybersecurity tools and data onto a single dashboard for improved visibility and control.  While this concept holds merit, particularly in the modern hybrid workforce, it\'s […] ]]> 2023-11-08T07:00:00+00:00 https://www.netskope.com/blog/can-a-single-pane-of-glass-ever-be-discovered-for-cybersecurity www.secnews.physaphae.fr/article.php?IdArticle=8407694 False Tool None 2.0000000000000000 ProofPoint - Cyber Firms 2023-11-08T06:00:00+00:00 https://www.proofpoint.com/us/blog/identity-threat-defense/importance-of-continuous-attack-path-management-analysis www.secnews.physaphae.fr/article.php?IdArticle=8408086 False Ransomware,Tool,Vulnerability,Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new variant of the GootLoader malware called GootBot has been found to facilitate lateral movement on compromised systems and evade detection. "The GootLoader group\'s introduction of their own custom bot into the late stages of their attack chain is an attempt to avoid detections when using off-the-shelf tools for C2 such as CobaltStrike or RDP," IBM X-Force researchers Golo Mühr and Ole]]> 2023-11-07T17:58:00+00:00 https://thehackernews.com/2023/11/new-gootloader-malware-variant-evades.html www.secnews.physaphae.fr/article.php?IdArticle=8407229 False Malware,Tool None 3.0000000000000000 Veracode - Application Security Research, News, and Education Blog In the dynamic world of software development, Application Programming Interfaces (APIs) serve as essential conduits, facilitating seamless interaction between software components. This intermediary interface not only streamlines development but also empowers software teams to reuse code. However, the increasing prevalence of APIs in modern business comes with security challenges. That\'s why we\'ve created this blog post - to provide you with actionable steps to enhance the security of your APIs today.  Understanding API Security API Security extends beyond protecting an application\'s backend services, including elements such as databases, user management systems, and components interacting with data stores. It involves adopting diverse tools and practices to strengthen the integrity of your tech stack. A strong API security strategy reduces the risk of unauthorized access and malicious actions, ensuring the protection of sensitive information. Exploring API Vulnerabilities Despite the…]]> 2023-11-07T17:37:50+00:00 https://www.veracode.com/blog/managing-appsec/securing-apis-practical-steps-protecting-your-software www.secnews.physaphae.fr/article.php?IdArticle=8407931 False Tool,Guideline None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine IBM found Gootloader group opting for GootBot over off-the-shelf tools for lateral movement]]> 2023-11-07T16:30:00+00:00 https://www.infosecurity-magazine.com/news/gootbot-heightens-risk-of-post/ www.secnews.physaphae.fr/article.php?IdArticle=8407350 False Ransomware,Tool None 2.0000000000000000 SonarSource - Blog Sécu et Codage We took a look at the security of the most popular code editor, Visual Studio Code! This blog post covers common risks and attack surfaces so you know what to expect when using it.]]> 2023-11-07T16:00:00+00:00 https://www.sonarsource.com/blog/visual-studio-code-security-deep-dive-into-your-favorite-editor www.secnews.physaphae.fr/article.php?IdArticle=8407348 False Tool,Vulnerability None 3.0000000000000000 Global Security Mag - Site de news francais Produits]]> 2023-11-07T15:59:21+00:00 https://www.globalsecuritymag.fr/Eaton-lance-une-plateforme-logicielle-pour-les-exploitatants-de-Data-Centers.html www.secnews.physaphae.fr/article.php?IdArticle=8407324 False Tool None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ChatGPT: Productivity tool, great for writing poems, and… a security risk?! In this article, we show how threat actors can exploit ChatGPT, but also how defenders can use it for leveling up their game. ChatGPT is the most swiftly growing consumer application to date. The extremely popular generative AI chatbot has the ability to generate human-like, coherent and contextually relevant responses.]]> 2023-11-07T15:51:00+00:00 https://thehackernews.com/2023/11/offensive-and-defensive-ai-lets-chatgpt.html www.secnews.physaphae.fr/article.php?IdArticle=8407178 False Tool,Threat ChatGPT 3.0000000000000000 Recorded Future - FLux Recorded Future Cette année, la première législation majeure de \\ pour étendre les autorités de surveillance du gouvernement américain expirées est un effort bipartite qui comprendrait certaines des bordures les plus substantielles depuis des années sur ces outils et autres pouvoirs de renseignement.Un groupe de législateurs de la Chambre et du Sénat a introduit la mesure mardi pour renouveler l'article 702 de la Foreign Intelligence Act,

---

This year\'s first major legislation to extend expiring U.S. government surveillance authorities is a bipartisan effort that would include some of the most substantial curbs in years on those tools and other intelligence powers. A group of House and Senate lawmakers introduced the measure on Tuesday to renew Section 702 of the Foreign Intelligence Act,]]> 2023-11-07T15:26:00+00:00 https://therecord.media/bipartisan-legislation-congress-renew-overhaul-surveillance-section-702 www.secnews.physaphae.fr/article.php?IdArticle=8407321 False Tool,Legislation None 2.0000000000000000 Korben - Bloger francais 2023-11-07T08:00:00+00:00 https://korben.info/windows-memory-cleaner-optimiser-ram-gratuit-ameliorer-performances.html www.secnews.physaphae.fr/article.php?IdArticle=8407127 False Tool None 2.0000000000000000 Dark Reading - Informationweek Branch With AI and publicly available data, cybercriminals have the resources they need to fake a real-life kidnapping and make you believe it.]]> 2023-11-06T21:35:00+00:00 https://www.darkreading.com/black-hat/virtual-kidnapping-ai-tools-enabling-irl-extortion-scams www.secnews.physaphae.fr/article.php?IdArticle=8406843 False Tool None 2.0000000000000000 CVE Liste - Common Vulnerability Exposure The Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. If such a password contains the percent (%) character, invalid values will be included, potentially truncating the string if a NUL is encountered. If the simplified password is not detected by the administrator, the device might be left in a vulnerable state as a result of more-easily compromised credentials. Note that passwords entered via the Crimson system web server do not suffer from this vulnerability.]]> 2023-11-06T20:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5719 www.secnews.physaphae.fr/article.php?IdArticle=8406852 False Tool,Vulnerability None None The Intercept - Site journalistique Anglais La communauté du renseignement américain est confrontée à des appels pour réformer l'outil d'espionnage connu sous le nom de 702, qui devrait expirer à la fin de l'année.

---

>The U.S. intelligence community is facing calls to reform the spying tool known as 702, which is set to expire at the end of the year. ]]> 2023-11-06T19:56:48+00:00 https://theintercept.com/2023/11/06/hamas-counterterrorism-mass-surveillance-section-702/ www.secnews.physaphae.fr/article.php?IdArticle=8406775 False Tool None 2.0000000000000000 Silicon - Site de News Francais 2023-11-06T16:44:35+00:00 https://www.silicon.fr/aws-codewhisperer-mongodb-473114.html www.secnews.physaphae.fr/article.php?IdArticle=8406713 False Tool None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google is warning of multiple threat actors sharing a public proof-of-concept (PoC) exploit that leverages its Calendar service to host command-and-control (C2) infrastructure. The tool, called Google Calendar RAT (GCR), employs Google Calendar Events for C2 using a Gmail account. It was first published to GitHub in June 2023. "The script creates a \'Covert Channel\' by exploiting the event]]> 2023-11-06T13:55:00+00:00 https://thehackernews.com/2023/11/google-warns-of-hackers-absing-calendar.html www.secnews.physaphae.fr/article.php?IdArticle=8406528 False Tool,Threat None 4.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Intelligence in War In the ever-changing landscape of global cybersecurity, the boundaries between traditional military intelligence and cybersecurity are increasingly blurred. At the heart of this convergence lies the science of intelligence analysis—a process fundamental to both realms. Equally important is the recognition of target indicators, which serve as harbingers of impending activities, whether on a battlefield or within the complex circuits of cyberspace. For the modern organization, Security Information and Event Management (SIEM) systems serve as the nexus where the ancient art of intelligence gathering meets the contemporary needs of cybersecurity. This fusion is further enriched by dark web monitoring, a relatively new frontier in information gathering that equips analysts with a fuller understanding of the threat landscape in the darker recesses of the Internet where cybercriminals do their bidding. Traditionally, military intelligence has been the linchpin of strategic and tactical decision-making. It involves complex processes for data collection, analysis, and interpretation.  In short, it turns ubiquitous data into actionable intelligence. The types of data used in intelligence analysis range from intercepted radio communications, satellite images, and even information gathered from troops on the ground. Analysts and applications sift through this plethora of information to extract actionable insights, scrutinizing for target indicators—clues that signal the enemy\'s intent or location. For instance, an unusual accumulation of vehicles in a remote area could indicate the staging of troops, thereby serving as a target indicator. Recognizing such cues is crucial for informed decision-making. Likewise, in cybersecurity, intelligence analysis serves as the backbone of protective strategies. Here, data collection is continuous and automated, thanks to SIEM systems and security correlation engines. These systems aggregate logs from various network endpoints, generating alerts based on defined rules that flag anomalies or known indicators of compromise. Just as military analysts look for signs like troop movement or weapons stockpiling, cybersecurity analysts review SIEM logs for target indicators such as repeated failed login attempts or abnormal data transfers, which might indicate a cyber-attack. The enrichment of SIEM data sets through dark web monitoring brings a novel depth to cybersecurity. For the uninitiated, the dark web serves as a haven for cybercriminals, offering a marketplace for anything from hacking tools to stolen data. This space is often the first point of compromise, where stolen data may appear for sale or where impending cyber-attacks might be discussed. Dark web monitoring involves the tracking of these criminal forums and marketplaces for specific keywords, threats, or data sets related to an organization. Information gleaned from the dark web provides that extra layer of intelligence, allowing for a more proactive cybersecurity posture. For example, a company might discover on the dark web that its stolen user credentials or company client lists are being sold. This type of information is a specific target indication that a company has experienced a data breach at some level. The parallels between military intelligence and cybersecurity are not merely conceptual; they have practical implications. Military operations often employ real-ti]]> 2023-11-06T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/applying-an-intelligence-based-approach-to-cybersecurity-siem-and-dark-web-monitoring www.secnews.physaphae.fr/article.php?IdArticle=8406512 False Data Breach,Tool,Threat None 2.0000000000000000 ProofPoint - Cyber Firms 2023-11-06T07:20:56+00:00 https://www.proofpoint.com/us/blog/security-awareness-training/security-awareness-program-mistakes-how-to-fix www.secnews.physaphae.fr/article.php?IdArticle=8406667 False Malware,Tool,Vulnerability None 2.0000000000000000 CyberWarzone - Cyber News [Plus ...]

---

Let me give you the lowdown on what’s brewing in the digital underground with this fresh piece of software called Havoc. Now, you might be [more...]]]> 2023-11-05T17:45:05+00:00 https://cyberwarzone.com/so-have-you-heard-about-havoc-the-new-tool-in-the-cyber-arsenal/ www.secnews.physaphae.fr/article.php?IdArticle=8406327 False Tool,Tool,Technical None 4.0000000000000000