This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-20T17:31:09+00:00 www.secnews.physaphae.fr Global Security Mag - Site de news francais Malwares ]]> 2020-08-14T08:19:05+00:00 http://www.globalsecuritymag.fr/APT28-malware-decouvert-par-NSA,20200814,101790.html www.secnews.physaphae.fr/article.php?IdArticle=1859294 False Malware APT 28 None McAfee Labs - Editeur Logiciel Intro In a U.S. government cyber security advisory released today, the National Security Agency and Federal Bureau of Investigation warn of a previously undisclosed piece of Linux rootkit malware called Drovorub and attribute the threat to malicious actor APT28. The report is incredibly detailed and proposes several complementary detection techniques to effectively identify Drovorub malware […] ]]> 2020-08-13T18:19:06+00:00 https://www.mcafee.com/blogs/other-blogs/mcafee-labs/on-drovorub-linux-kernel-security-best-practices/ www.secnews.physaphae.fr/article.php?IdArticle=2031369 False Malware,Threat APT 28 None Security Affairs - Blog Secu 2020-08-13T18:07:18+00:00 https://securityaffairs.co/wordpress/107112/malware/apt28-drovorub-linux-malware.html?utm_source=rss&utm_medium=rss&utm_campaign=apt28-drovorub-linux-malware www.secnews.physaphae.fr/article.php?IdArticle=1857930 False Malware APT 28 None Dark Reading - Informationweek Branch 2020-08-13T13:25:00+00:00 https://www.darkreading.com/vulnerabilities---threats/nsa-and-fbi-disclose-new-russian-cyberespionage-malware/d/d-id/1338662?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple www.secnews.physaphae.fr/article.php?IdArticle=1857859 False Malware APT 28 None Veracode - Application Security Research, News, and Education Blog Psychological operations, orﾂ?PsyOps, is a topic I???ve been interested in for a while. It???s aﾂ?blend of social engineering and marketing, both passions of mine. That's why I found the keynote byﾂ?Renﾃｩeﾂ?DiResta,ﾂ?Research Managerﾂ?at theﾂ?Stanford Internet Observatory, particularly interesting.ﾂ? The Internet Makes Spreading Information Cheap & Easyﾂ? Disinformation and propaganda areﾂ?oldﾂ?phenomenaﾂ?that can be traced back to the invention of the printing press ??? and arguably before then.ﾂ?With the advent of theﾂ?Internet, the cost of publishing dropped to zero. There are no hosting costs on certain platforms, butﾂ?especially in the beginning, theﾂ?blogosphere was veryﾂ?decentralized,ﾂ?and it was hard to get people to read your content.ﾂ?With theﾂ?rise of social media,ﾂ?you can share your content and it can become viral. At the same time, content creation becomes easier.ﾂ?All of thisﾂ?eliminates cost barriers andﾂ?gatekeepers.ﾂ?ﾂ? State Actors ???Hack??? Our Opinionsﾂ? As social media platforms matured, the algorithms that curate content become more and more sophisticated. They are trying to group people and deliver personalized targeting of content, which allows adversaries to analyze and game the algorithms.ﾂ?ﾂ? State actors don???t just influence, they start hacking public opinion, which involves fake content producers and fake accounts. They can do this more effectively because they understand the ecosystem extremely well, typically applying one of four tactics, sometimes in combination:ﾂ?ﾂ?ﾂ? Distract:ﾂ?Taki]]> 2020-08-06T17:05:49+00:00 https://www.veracode.com/blog/research/live-black-hat-hacking-public-opinion-renee-diresta www.secnews.physaphae.fr/article.php?IdArticle=2103329 False Hack APT 28 5.0000000000000000 Wired Threat Level - Security News 2020-07-24T11:00:00+00:00 https://www.wired.com/story/russia-fancy-bear-us-hacking-campaign-government-energy www.secnews.physaphae.fr/article.php?IdArticle=1822690 False None APT 28 None IT Security Guru - Blog Sécurité 2020-03-25T11:14:47+00:00 https://www.itsecurityguru.org/2020/03/25/middle-east-firms-face-cyber-espionage-attempts-from-russian-hackers/?utm_source=rss&utm_medium=rss&utm_campaign=middle-east-firms-face-cyber-espionage-attempts-from-russian-hackers www.secnews.physaphae.fr/article.php?IdArticle=1619100 False Threat APT 28 None Security Affairs - Blog Secu 2020-03-20T12:47:42+00:00 https://securityaffairs.co/wordpress/100072/apt/apt28-vulnerable-email-servers.html www.secnews.physaphae.fr/article.php?IdArticle=1609285 False None APT 28 None IT Security Guru - Blog Sécurité 2020-03-20T11:02:10+00:00 https://www.itsecurityguru.org/2020/03/20/report-reveals-apt28-email-scanning-activities/?utm_source=rss&utm_medium=rss&utm_campaign=report-reveals-apt28-email-scanning-activities www.secnews.physaphae.fr/article.php?IdArticle=1609153 False None APT 28 None ZD Net - Magazine Info 2020-03-20T05:16:42+00:00 https://www.zdnet.com/article/apt28-has-been-scanning-and-exploiting-vulnerable-email-servers-for-more-than-a-year/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1608733 False None APT 28 None Dark Reading - Informationweek Branch 2020-01-14T15:30:00+00:00 https://www.darkreading.com/attacks-breaches/fancy-bear-targets-ukrainian-oil-firm-burisma-in-phishing-attack/d/d-id/1336802?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple www.secnews.physaphae.fr/article.php?IdArticle=1501539 False None APT 28 None Security Affairs - Blog Secu 2019-12-05T06:41:32+00:00 https://securityaffairs.co/wordpress/94747/apt/evolutions-apt28-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=1493448 False None APT 28 None Malwarebytes Labs - MalwarebytesLabs A roundup of the latest cybersecurity news for the week of October 28 – November 3, including cyberattacks against SMBs, the Internet's 50th birthday, stalkerware, donation scams, and more. Categories: A week in security Tags: Adobe Creative Cloudadvanced persistent threatsAmerican Cancer SocietyAndroidAPTbloggercybersecurity challengesdata breachdisaster donation scamemoji appesportsFancy BearfraudFTCGafgytinternetjournalistsMaaSMagecartMalware-as-a-ServiceMessageTapNuclear Power Corp of IndiaRaccoonRetina-XsextortionSMBstalkerwareUS Federal Trade Commissionwordpress (Read more...) ]]> 2019-11-04T16:37:57+00:00 https://blog.malwarebytes.com/a-week-in-security/2019/11/a-week-in-security-october-28-november-3/ www.secnews.physaphae.fr/article.php?IdArticle=1444706 False None APT 28 None InformationSecurityBuzzNews - Site de News Securite Russia-linked Hackers Target Sports Organisations]]> 2019-10-30T13:10:59+00:00 https://www.informationsecuritybuzz.com/expert-comments/russia-linked-hackers-target-sports-organisations/ www.secnews.physaphae.fr/article.php?IdArticle=1435091 False None APT 28 None 01net. Actualites - Securite - Magazine Francais ]]> 2019-10-30T07:22:00+00:00 https://www.01net.com/actualites/des-pirates-russes-tentent-deja-de-perturber-les-jeux-olympiques-de-tokyo-1796049.html www.secnews.physaphae.fr/article.php?IdArticle=1436169 False None APT 28 4.0000000000000000 Security Affairs - Blog Secu 2019-10-29T06:57:24+00:00 https://securityaffairs.co/wordpress/93121/apt/fancy-bear-anti-doping-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=1432421 False None APT 28 None Wired Threat Level - Security News 2019-10-28T22:00:19+00:00 https://www.wired.com/story/fancy-bear-antidoping-olympics-hacks www.secnews.physaphae.fr/article.php?IdArticle=1431898 False None APT 28 None ZD Net - Magazine Info 2019-10-28T21:21:36+00:00 https://www.zdnet.com/article/microsoft-russian-hackers-are-targeting-sporting-organizations-ahead-of-tokyo-olympics/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1431862 False None APT 28 None ZD Net - Magazine Info 2019-10-24T19:29:53+00:00 https://www.zdnet.com/article/a-ddos-gang-is-extorting-businesses-posing-as-russian-government-hackers/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1424633 False None APT 28 None Security Affairs - Blog Secu 2019-09-24T20:01:51+00:00 https://securityaffairs.co/wordpress/91671/hacking/fancy-bear-new-backdoor.html www.secnews.physaphae.fr/article.php?IdArticle=1359040 False None APT 28 None ZD Net - Magazine Info 2019-09-24T09:34:10+00:00 https://www.zdnet.com/article/political-targets-at-risk-as-fancy-bear-returns-with-refreshed-backdoor-malware/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1357979 False Malware,Threat APT 28 None We Live Security - Editeur Logiciel Antivirus ESET 2019-09-24T09:30:57+00:00 http://feedproxy.google.com/~r/eset/blog/~3/jRI3Z9rfDl0/ www.secnews.physaphae.fr/article.php?IdArticle=1357858 False None APT 28 None Malwarebytes Labs - MalwarebytesLabs The latest cybersecurity news for the week of August 5–11. We touch on problematic backdoors, the grim possibility of the Internet of Thoughts, and smart home improvement. We also released a retrospective report on ransomware. Categories: A week in security Tags: a week in securityAPT28awisbackdoorsbitcoinbmibrain-machine interfacechrome incognitoCTNT reportdslr flawfacebookFancy BearIBM X-Force Incident Response and Intelligence ServicesIRISMark Zuckerbergmessenger kidsphishingprotonmailransomwarerobocallrobocall scamsextortionsmart homessteamStrontiumweekly blog roundup (Read more...) ]]> 2019-08-12T15:38:03+00:00 https://blog.malwarebytes.com/a-week-in-security/2019/08/a-week-in-security-august-5-11/ www.secnews.physaphae.fr/article.php?IdArticle=1258697 False None APT 28 None Tech Worm - Desc 2019-08-07T08:06:04+00:00 https://www.techworm.net/2019/08/russian-hackers-iot-corporate-microsoft.html www.secnews.physaphae.fr/article.php?IdArticle=1247932 True None APT 28 None Dark Reading - Informationweek Branch 2019-08-06T18:15:00+00:00 https://www.darkreading.com/endpoint/russian-attack-group-uses-phones-and-printers-to-breach-corporate-networks/d/d-id/1335461?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple www.secnews.physaphae.fr/article.php?IdArticle=1247161 False None APT 28 None Network World - Magazine Info IoT-based attack on unnamed Microsoft customers, according to the company. a blog post from the company's security response center issued Monday.Microsoft said in a blog that the attack, which it discovered in April, targeted three specific IoT devices – a VoIP phone, a video decoder and a printer (the company declined to specify the brands) – and used them to gain access to unspecified corporate networks. Two of the devices were compromised because nobody had changed the manufacturer's default password, and the other one hadn't had the latest security patch applied.]]> 2019-08-06T15:20:00+00:00 https://www.networkworld.com/article/3430356/microsoft-finds-russia-backed-attacks-that-exploit-iot-devices.html#tk.rss_security www.secnews.physaphae.fr/article.php?IdArticle=1247157 False None APT 28 None Security Affairs - Blog Secu 2019-08-06T07:04:02+00:00 https://securityaffairs.co/wordpress/89473/apt/strontium-abuses-iot-devices.html www.secnews.physaphae.fr/article.php?IdArticle=1245819 False Hack APT 28 None ZD Net - Magazine Info 2019-08-05T18:30:00+00:00 https://www.zdnet.com/article/microsoft-russian-state-hackers-are-using-iot-devices-to-breach-enterprise-networks/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1244911 False None APT 28 None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC subscribe to the Youtube channel to stay updated. This is a transcript of a recent feature on ThreatTraq.  The video features Jaime Blasco, VP and Chief Scientist, AlienVault, Stan Nurilov, Lead Member of Technical Staff, AT&T,  and Joe Harten, Director Technical Security. Stan: Jaime. I think you have a very interesting topic today about threat intelligence.  Jaime: Yes, we want to talk about how threat intelligence is critical for threat detection and incident response, but then when this threat intelligence and the threat actors try to match those indicators and that information that is being shared, it can actually be bad for companies. So we are going to share some of the experiences we have had with managing the Open Threat Exchange (OTX) - one of the biggest threat sharing communities out there. Stan: Jaime mentioned that they have so many threat indicators and so much threat intelligence as part of OTX, the platform.  Jaime: We know attackers monitor these platforms and are adjusting tactics and techniques and probably the infrastructure based on public reaction to cyber security companies sharing their activities in blog posts and other reporting. An example is in September 2017, we saw APT28, and it became harder to track because we were using some of the infrastructure and some of the techniques that were publicly known. And another cyber security company published content about that and then APT28 became much more difficult to track. The other example is APT1. If you remember the APT1 report in 2013 that Mandiant published, that made the group basically disappear from the face of earth, right? We didn't see them for a while and then they changed the infrastructure and they changed a lot of the tools that they were using, and then they came back in 2014. So we can see that that threat actor disappeared for a while, changed and rebuilt, and then they came back. We also know that attackers can try to publish false information in this platform, so that's why it's important that not only those platforms are automated, but also there are human analysts that can verify that information.  Joe: It seems like you have to have a process of validating the intelligence, right? I think part of it is you don't want to take this intelligence at face value without having some expertise of your own that asks, is this valid? Is this a false positive? Is this planted by the adversary in order to throw off the scent? I think it's one of those things where you can't automatically trust - threat intelligence. You have to do some of your own diligence to validate the intelligence, make sure it makes sense, make sure it's still fresh, it's still good. This is something we're working on internally - creating those other layers to validate and create better value of our threat intelligence. Jaime: The other issue I wanted to bring to the table is what we call false flag operations - that's when an adversary or a threat actor studies another threat actor and tries to emulate their behavior. So when companies try to do at]]> 2019-07-25T13:00:00+00:00 https://feeds.feedblitz.com/~/604869576/0/alienvault-blogs~Can-you-trust-threat-intelligence-from-threat-sharing-communities-ATampT-ThreatTraq www.secnews.physaphae.fr/article.php?IdArticle=1222817 False Malware,Threat,Studies,Guideline APT 38,APT 28,APT 1 None We Live Security - Editeur Logiciel Antivirus ESET 2019-05-22T09:30:03+00:00 https://www.welivesecurity.com/2019/05/22/journey-zebrocy-land/ www.secnews.physaphae.fr/article.php?IdArticle=1119310 False None APT 28 None ZD Net - Magazine Info 2019-05-01T12:03:00+00:00 https://www.zdnet.com/article/mysterious-hacker-has-been-selling-windows-0-days-to-apt-groups-for-three-years/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1097377 False None APT 28 None Security Affairs - Blog Secu 2019-04-18T11:08:02+00:00 https://securityaffairs.co/wordpress/84088/apt/apt28-upcoming-elections-2.html www.secnews.physaphae.fr/article.php?IdArticle=1093978 False None APT 28 None Security Affairs - Blog Secu 2019-04-12T14:14:05+00:00 https://securityaffairs.co/wordpress/83729/apt/apt28-upcoming-elections-interference.html www.secnews.physaphae.fr/article.php?IdArticle=1093282 False Guideline APT 28 None InformationSecurityBuzzNews - Site de News Securite Russian Hackers Target EU Elections]]> 2019-03-22T21:16:03+00:00 https://www.informationsecuritybuzz.com/expert-comments/russian-hackers-target-eu-elections/ www.secnews.physaphae.fr/article.php?IdArticle=1077553 False None APT 28 None Security Affairs - Blog Secu 2019-02-20T21:12:03+00:00 https://securityaffairs.co/wordpress/81445/apt/apt28-institutions-europe.html www.secnews.physaphae.fr/article.php?IdArticle=1034486 False None APT 28 None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2019-02-20T16:16:05+00:00 https://threatpost.com/microsoft-russias-fancy-bear-working-to-influence-eu-elections/142007/ www.secnews.physaphae.fr/article.php?IdArticle=1034089 False None APT 28 None ZD Net - Magazine Info 2019-02-20T08:20:05+00:00 https://www.zdnet.com/article/microsoft-reveals-new-apt28-cyber-attacks-against-european-political-entities/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1033457 False None APT 28 None Security Affairs - Blog Secu 2019-01-30T07:28:05+00:00 https://securityaffairs.co/wordpress/80440/apt/sofacy-zepakab-downloader.html www.secnews.physaphae.fr/article.php?IdArticle=1014624 False None APT 28 None Bleeping Computer - Magazine Américain 2019-01-16T11:07:00+00:00 https://www.bleepingcomputer.com/news/security/lojax-command-and-control-domains-still-active/ www.secnews.physaphae.fr/article.php?IdArticle=995464 False None APT 28 None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2018-12-28T20:02:01+00:00 https://threatpost.com/uefi-rootkit-sednit/140420/ www.secnews.physaphae.fr/article.php?IdArticle=968773 False None APT 28 None ZD Net - Magazine Info 2018-12-14T13:41:04+00:00 https://www.zdnet.com/article/fancy-bear-exploits-brexit-to-target-government-groups-with-zebrocy-trojan/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=946027 False None APT 28 None Security Affairs - Blog Secu 2018-12-14T08:22:03+00:00 https://securityaffairs.co/wordpress/78896/apt/sofacy-government-agencies.html www.secnews.physaphae.fr/article.php?IdArticle=945660 False None APT 28 None Security Affairs - Blog Secu 2018-12-04T07:24:01+00:00 https://securityaffairs.co/wordpress/78648/apt/sofacy-brexit-lures.html www.secnews.physaphae.fr/article.php?IdArticle=933456 True None APT 28 None Dark Reading - Informationweek Branch 2018-11-29T12:00:00+00:00 https://www.darkreading.com/attacks-breaches/beware-the-malware-laden-brexit-news/d/d-id/1333364?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple www.secnews.physaphae.fr/article.php?IdArticle=926523 False None APT 28 None Security Affairs - Blog Secu 2018-11-21T06:23:03+00:00 https://securityaffairs.co/wordpress/78268/apt/sofacy-apt-cannon.html www.secnews.physaphae.fr/article.php?IdArticle=909722 False Tool APT 28 None We Live Security - Editeur Logiciel Antivirus ESET In August 2018, Sednit's operators deployed two new Zebrocy components, and since then we have seen an uptick in Zebrocy deployments, with targets in Central Asia, as well as countries in Central and Eastern Europe, notably embassies, ministries of foreign affairs, and diplomats. ]]> 2018-11-20T16:34:03+00:00 https://www.welivesecurity.com/2018/11/20/sednit-whats-going-zebrocy/ www.secnews.physaphae.fr/article.php?IdArticle=908885 False None APT 28 None Wired Threat Level - Security News 2018-11-20T14:16:01+00:00 https://www.wired.com/story/russia-fancy-bear-hackers-phishing www.secnews.physaphae.fr/article.php?IdArticle=908650 False None APT 29,APT 28 None Security Affairs - Blog Secu 2018-11-16T13:35:01+00:00 https://securityaffairs.co/wordpress/78085/malware/apt28-lojax-variant.html www.secnews.physaphae.fr/article.php?IdArticle=900435 False None APT 28 None InformationSecurityBuzzNews - Site de News Securite US Cyber Command Starts Uploading Foreign APT Malware To Virus Total]]> 2018-11-09T15:30:00+00:00 https://www.informationsecuritybuzz.com/expert-comments/us-cyber-command/ www.secnews.physaphae.fr/article.php?IdArticle=888736 False Malware,Threat APT 28 None Security Affairs - Blog Secu 2018-10-14T12:33:03+00:00 https://securityaffairs.co/wordpress/77112/breaking-news/security-affairs-newsletter-round-184.html www.secnews.physaphae.fr/article.php?IdArticle=846556 True None APT 28 None Dark Reading - Informationweek Branch 2018-10-10T19:00:00+00:00 https://www.darkreading.com/perimeter/russian-hacking-groups-intersect-in-recent-cyberattacks/d/d-id/1333012?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple www.secnews.physaphae.fr/article.php?IdArticle=841278 False None APT 28 None Security Affairs - Blog Secu 2018-10-07T14:08:00+00:00 https://securityaffairs.co/wordpress/76922/intelligence/apt28-back-espionage.html www.secnews.physaphae.fr/article.php?IdArticle=834764 False None APT 28 None InformationSecurityBuzzNews - Site de News Securite UK Accuses GRU Of Cyberattacks]]> 2018-10-06T09:00:02+00:00 https://www.informationsecuritybuzz.com/expert-comments/uk-accuses-gru-of-cyberattacks/ www.secnews.physaphae.fr/article.php?IdArticle=833128 False None APT 28 None ZD Net - Magazine Info 2018-10-05T05:25:00+00:00 https://www.zdnet.com/article/russias-elite-hacking-unit-has-been-silent-but-busy/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=831207 False None APT 28 None ZD Net - Magazine Info 2018-10-04T13:00:01+00:00 https://www.zdnet.com/article/fancy-bear-apt-linked-to-earworm-cyberespionage-group/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=830565 False None APT 28 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2018-09-27T10:40:03+00:00 https://thehackernews.com/2018/09/uefi-rootkit-malware.html www.secnews.physaphae.fr/article.php?IdArticle=825841 False Malware APT 28 5.0000000000000000 ZD Net - Magazine Info 2018-09-27T10:03:00+00:00 https://www.zdnet.com/article/fancy-bear-lojax-campaign-reveals-first-documented-use-of-uefi-rootkit-in-the-wild/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=825772 False None APT 28 None We Live Security - Editeur Logiciel Antivirus ESET ESET researchers have shown that the Sednit operators used different components of the LoJax malware to target a few government organizations in the Balkans as well as in Central and Eastern Europe ]]> 2018-09-27T09:57:03+00:00 https://www.welivesecurity.com/2018/09/27/lojax-first-uefi-rootkit-found-wild-courtesy-sednit-group/ www.secnews.physaphae.fr/article.php?IdArticle=825881 False Malware APT 28 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2018-09-27T03:30:00+00:00 https://thehackernews.com/2018/09/vpnfilter-router-hacking.html www.secnews.physaphae.fr/article.php?IdArticle=825842 False Malware APT 28,VPNFilter 5.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2018-08-21T01:29:01+00:00 https://thehackernews.com/2018/08/russia-election-hacking.html www.secnews.physaphae.fr/article.php?IdArticle=782900 False None APT 28 None AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC part of the Pakistani army). There are some clear trends in the themes of the decoy documents the attackers chose to include with file names such as: China-Pakistan-Internet-Security-LAW_2017.doc Strategic Thinking on Ensuring Ideological.docx Fazaia_Housing_Scheme_Notice_Inviting_Tenders.doc PAFs first multinational air exercise ACES Meet 2017 concludes in Pakistan.doc IDUF-01.doc Pakistan Air Force Jet Crashes During Routine Operation  Sales_Tax.doc Hajj Policy and Plan 2017.doc   ]]> 2018-08-01T13:00:00+00:00 http://feeds.feedblitz.com/~/561937962/0/alienvaultotx www.secnews.physaphae.fr/article.php?IdArticle=761751 False None APT 28 None F-Secure - F-Secure 2018-07-30T17:17:05+00:00 https://labsblog.f-secure.com/2018/07/30/how-to-locate-domains-spoofing-campaigns-using-google-dorks-midterms2018/ www.secnews.physaphae.fr/article.php?IdArticle=759219 False None APT 28 None Security Affairs - Blog Secu 2018-07-28T10:38:05+00:00 https://securityaffairs.co/wordpress/74843/cyber-warfare-2/apt28-targeted-senator-mccaskill.html www.secnews.physaphae.fr/article.php?IdArticle=758119 False None APT 28 None Security Affairs - Blog Secu 2018-06-07T19:51:02+00:00 https://securityaffairs.co/wordpress/73299/apt/sofacy-apt-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=698132 False None APT 28 None Bleeping Computer - Magazine Américain 2018-05-24T06:34:05+00:00 https://www.bleepingcomputer.com/news/security/fbi-takes-control-of-apt28s-vpnfilter-botnet/ www.secnews.physaphae.fr/article.php?IdArticle=669428 False None APT 28,VPNFilter None IT Security Guru - Blog Sécurité 2018-05-03T13:56:02+00:00 http://www.itsecurityguru.org/2018/05/03/fancy-fancy-bear-lojack-anti-laptop-theft-tool-caught-phoning-home-kremlin/ www.secnews.physaphae.fr/article.php?IdArticle=624574 False None APT 28 None Zataz - Magazine Francais de secu Des versions du logiciel LoJack infiltrées par des pirates est apparu en premier sur ZATAZ. ]]> 2018-05-03T13:31:00+00:00 https://www.zataz.com/lojack-infiltrees-atp28/ www.secnews.physaphae.fr/article.php?IdArticle=624561 False None APT 28 None Security Affairs - Blog Secu 2018-05-03T04:27:05+00:00 https://securityaffairs.co/wordpress/72072/apt/fancy-bear-abuses-lojack.html www.secnews.physaphae.fr/article.php?IdArticle=623697 False None APT 28 None Bleeping Computer - Magazine Américain 2018-05-02T06:17:05+00:00 https://www.bleepingcomputer.com/news/security/apt28-hackers-caught-hijacking-legitimate-lojack-software/ www.secnews.physaphae.fr/article.php?IdArticle=622305 False None APT 28 None We Live Security - Editeur Logiciel Antivirus ESET 2018-04-24T12:56:02+00:00 https://www.welivesecurity.com/2018/04/24/sednit-update-analysis-zebrocy/ www.secnews.physaphae.fr/article.php?IdArticle=611344 False None APT 28 None SecurityWeek - Security News sanctions against Russian spy agencies and more than a dozen individuals for trying to influence the 2016 presidential election and launching cyberattacks, including the destructive NotPetya campaign and operations targeting energy firms. The Department of Homeland Security and Federal Bureau of Investigation issued a joint technical alert via US-CERT last year to warn about attacks launched by a group known as Dragonfly, Crouching Yeti and Energetic Bear on critical infrastructure. Researchers previously linked Dragonfly to the Russian government and now the DHS has officially stated the same. US-CERT has updated its alert with some additional information. The new version of the alert replaces “APT actors” with “Russian government cyber actors.” The DHS said that based on its analysis of malware and indicators of compromise, Dragonfly attacks are ongoing, with threat actors “actively pursuing their ultimate objectives over a long-term campaign.” This is not the first time the U.S. has imposed sanctions on Russia over its attempt to influence elections. Russia has also been accused by Washington and others of launching the NotPetya attack last year. The Kremlin has always denied the accusations, but President Vladimir Putin did admit at one point that patriotic hackers could be behind the attacks. If Dragonfly and Sofacy (aka Fancy Bear, APT28, Sednit, Tsar Team and Pawn Storm) are truly operating out of Russia, they don't seem to be discouraged by sanctions and accusations. On March 12 and March 14, security firm Palo Alto Networks spotted attacks launched by Sofacy against an unnamed European government agency using an updated variant of a known tool. Sofacy has been using a Flash Player exploit platform dubbed DealersChoice since at least 2016 and it has continued improving it. The latest version has been delivered to a government organization in Europe using a spear phishing email referencing the “Underwat]]> 2018-03-16T14:40:02+00:00 http://feedproxy.google.com/~r/Securityweek/~3/H_qjWOR2vLM/sofacy-targets-european-govt-us-accuses-russia-hacking www.secnews.physaphae.fr/article.php?IdArticle=519656 False None NotPetya,APT 28 None SecurityWeek - Security News fileless attacks, primarily via PowerShell, grew; and there was a surge in cryptocurrency hijacking malware. These were the primary threats outlined in the latest McAfee Lab's Threat Report (PDF) covering Q4 2017. The growth of cryptomining malware coincided with the surge in Bitcoin value, which peaked at just under $20,000 on Dec. 22. With the cost of dedicated mining hardware at upwards of $5,000 per machine, criminals chose to steal users' CPU time via malware. It demonstrates how criminals always follow the money, and choose the least expensive method of acquiring it with the greatest chance of avoiding detection. Since December, Bitcoin's value has fallen to $9,000 (at the time of publishing). Criminals' focus on Bitcoin is likewise being modified, with Ethereum and Monero becoming popular. Last week, Microsoft discovered a major campaign focused on stealing Electroneum. "We currently see discussions in underground forums that suggest moving from Bitcoin to Litecoin because the latter is a safer model with less chance of exposure," comments Raj Samani, chief scientist and McAfee fellow with the Advanced Threat Research Team. The speed with which criminals adapt to their latest market conditions is also seen in the way they maximize their asymmetric advantage. "Adversaries," writes Samani, "have the luxury of access to research done by the technical community, and can download and use opensource tools to support their campaigns, while the defenders' level of insight into cybercriminal activities is considerably more limited, and identifying evolving tactics often must take place after malicious campaigns have begun." Examples of attackers making use of legitimate research include Fancy Bear (APT28) leveraging a Microsoft Office Dynamic Data Exchange technique in November 2017 that had been made public just a few we]]> 2018-03-13T15:50:02+00:00 http://feedproxy.google.com/~r/Securityweek/~3/oZrY8mCN0zo/usual-threats-more-sophisticated-and-faster-report www.secnews.physaphae.fr/article.php?IdArticle=510719 True None NotPetya,APT 28,Equifax None UnderNews - Site de news "pirate" francais Les chercheurs de Kaspersky Lab ont observé que le groupe malveillant russophone Sofacy, également connu sous le nom de APT28 ou Fancy Bear, déplace son terrain d'action vers l'Extrême-Orient, avec un intérêt marqué pour des cibles militaires et diplomatiques, en plus de celles traditionnellement liées à l'OTAN.]]> 2018-03-10T09:38:00+00:00 http://feedproxy.google.com/~r/undernews/oCmA/~3/bQKMrMPpgmA/sofacy-fancy-bear-soriente-vers-des-cibles-militaires-et-diplomatiques-en-extreme-orient.html www.secnews.physaphae.fr/article.php?IdArticle=504681 False None APT 28 None The State of Security - Magazine Américain Read More ]]> 2018-03-01T11:51:01+00:00 https://www.tripwire.com/state-of-security/latest-security-news/germany-blames-russian-black-hat-hackers-for-breach-of-federal-agencies/ www.secnews.physaphae.fr/article.php?IdArticle=493527 False None APT 28 None Security Affairs - Blog Secu 2018-03-01T08:38:02+00:00 http://securityaffairs.co/wordpress/69682/apt/apt28-hacked-german-government.html www.secnews.physaphae.fr/article.php?IdArticle=493637 False None APT 28 None Bleeping Computer - Magazine Américain 2018-03-01T08:10:05+00:00 https://www.bleepingcomputer.com/news/government/infamous-russian-cyber-espionage-group-hacks-german-government/ www.secnews.physaphae.fr/article.php?IdArticle=493623 False None APT 28 None UnderNews - Site de news "pirate" francais L'année dernière, des pirates liés au groupe de hackers russe APT28 ont démarré une attaque comme en 1999 avec un malware basé sur Microsoft Word qui ne déclenche aucune alerte de sécurité dans son parcours. Ces types d'attaques sont appelées " macro-less malware " car ils contournent les alertes de sécurité mises en place dans les logiciels Microsoft Office en réponse aux macro malwares traditionnels tels que le virus Melissa à la fin du 20ème siècle.]]> 2018-02-23T13:51:02+00:00 http://feedproxy.google.com/~r/undernews/oCmA/~3/Ec7Q6F7UhCU/quest-ce-quun-malware-macro-less-et-pourquoi-cela-vous-dit-il-quelque-chose.html www.secnews.physaphae.fr/article.php?IdArticle=489968 False None APT 28 None Security Affairs - Blog Secu 2018-02-21T20:25:00+00:00 http://securityaffairs.co/wordpress/69365/apt/sofacy-apt-east.html www.secnews.physaphae.fr/article.php?IdArticle=487758 False None APT 28 None SecurityWeek - Security News 2018-02-20T18:41:02+00:00 http://feedproxy.google.com/~r/Securityweek/~3/56CeXXwJ6pI/russian-cyberspies-shift-focus-nato-countries-asia www.secnews.physaphae.fr/article.php?IdArticle=486815 False None APT 28 None IT Security Guru - Blog Sécurité AlienVault researchers have listed Sofacy, also known as Fancy Bear or APT28, as the most capable hacking group in the world. This was based on ranking the top threat actors which have been reported the most frequently on the AlienVault Open Threat Exchange (OTX) Platform.   The results were then formulated to measure the cyber ... ]]> 2018-02-02T09:55:56+00:00 http://www.itsecurityguru.org/2018/02/02/dangerous-global-hacking-cyber-group-alienvault-research/ www.secnews.physaphae.fr/article.php?IdArticle=463618 False None APT 28 None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Part 1 focused on exploits and part 2 addressed malware. This part will discuss threat actors and patterns we have detected with OTX. Which threat actors should I be most concerned about? Which threat actors your organization should be most concerned about will vary greatly. A flower shop will have a very different threat profile from a defense contractor. Therefore below we’ve limited ourselves to some very high level trends of particular threat actors below- many of which may not be relevant to your organisation. Which threat actors are most active? The following graph describes the number of vendor reports for each threat actor over the past two years by quarter: For clarity, we have limited the graph to the five threat actors reported on most in OTX. This is useful as a very rough indication of which actors are particularly busy. Caveats There are a number of caveats to consider here. One news-worthy event against a single target may be reported in multiple vendor reports. Whereas a campaign against thousands of targets may be only represented by one report. Vendors are also more inclined to report on something that is “commercially interesting”. For example activity targeting banks in the United States is more likely to be reported than attacks targeting the Uyghur population in China. It’s also likely we missed some reports, particularly in the earlier days of OTX which may explain some of the increase in reports between 2016 and 2017. The global targeted threat landscape There are a number of suggested methods to classify the capability of different threat actors. Each have their problems however. For example – if a threat actor never deploys 0-day exploits do they lack the resources to develop them, or are they mature enough to avoid wasting resources unnecessarily? Below we have plotted out a graph of the threat actors most reported on in the last two years. We have excluded threat actors whose motivation is thought to be criminal, as that wouldn’t be an apples to apples comparison. Both the measure of their activity (the number of vendor reports) and the measure of their capability (a rough rule of thumb) are not scientific, but can provide some rough insights: A rough chart of the activity and capability of notable threat actors in the last year Perhaps most notable here is which threat actors are not listed here. Some, such as APT1 and Equation Group, seem to have disappeared under their existing formation following from very public reporting. It seems unlikely groups which likely employ thousands of people such as those have disappeared completely. The lack of such reporting is more likely a result of significantly changed tactics and identification following their outing. Others remain visibly active, but not enough to make our chart of “worst offenders”. A review of the most reported on threat actors The threat actor referenced i]]> 2018-01-30T13:40:00+00:00 http://feeds.feedblitz.com/~/521337082/0/alienvault-blogs~OTX-Trends-Part-Threat-Actors www.secnews.physaphae.fr/article.php?IdArticle=461917 False None APT 38,APT 10,APT 28,APT 3,APT 1,APT 34 None TrendLabs Security - Editeur Antivirus Trendlabs Security Intelligence Blog - by Trend Micro Update on Pawn Storm: New Targets and Politically Motivated Campaigns ]]> 2018-01-12T13:00:23+00:00 http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/dEwRiIXzA5M/ www.secnews.physaphae.fr/article.php?IdArticle=459308 False None APT 28 None Security Affairs - Blog Secu Fancy Bear APT group refactored its backdoor and improved encryption to make it stealthier and harder to stop. The operations conducted by Russian Fancy Bear APT group (aka Sednit, APT28, and Sofacy,  Pawn Storm, and Strontium) are even more sophisticated and hard to detect due to. According to a new report published by experts from security firm ESET, the […] ]]> 2017-12-23T13:48:25+00:00 http://securityaffairs.co/wordpress/67029/apt/fancy-bear-apt-backdoor.html www.secnews.physaphae.fr/article.php?IdArticle=454669 False None APT 28 None Dark Reading - Informationweek Branch 2017-12-21T16:20:00+00:00 https://www.darkreading.com/attacks-breaches/russias-fancy-bear-apt-group-gets-more-dangerous/d/d-id/1330702?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple www.secnews.physaphae.fr/article.php?IdArticle=454132 False None APT 28 None We Live Security - Editeur Logiciel Antivirus ESET 2017-12-21T13:58:28+00:00 http://feedproxy.google.com/~r/eset/blog/~3/_L65c96kaEQ/ www.secnews.physaphae.fr/article.php?IdArticle=454019 False None APT 28 None TrendLabs Security - Editeur Antivirus Trendlabs Security Intelligence Blog - by Trend Micro November's Patch Tuesday Includes Defense in Depth Update for Attacks Abusing Dynamic Data Exchange ]]> 2017-11-15T10:00:45+00:00 http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/e9Cjxn9flqM/ www.secnews.physaphae.fr/article.php?IdArticle=433292 False None APT 23,APT 28 None InformationSecurityBuzzNews - Site de News Securite Fancy Bears Use Microsoft Vulnerability To Play On US Terrorism Fears]]> 2017-11-14T19:30:02+00:00 http://www.informationsecuritybuzz.com/expert-comments/fancy-bears-use-microsoft-vulnerability-play-us-terrorism-fears/ www.secnews.physaphae.fr/article.php?IdArticle=433017 False None APT 28 None IT Security Guru - Blog Sécurité The Russian linked hacking group Fancy Bear has been discovered in delivering malware to targeted users by exposing a recently disclosed technique that involves Microsoft Windows feature Dynamic Data Exchange. View Full Story ORIGINAL SOURCE: Security Week ]]> 2017-11-10T11:43:05+00:00 http://www.itsecurityguru.org/2017/11/10/fancy-bear-found-distributing-malware/ www.secnews.physaphae.fr/article.php?IdArticle=431480 False None APT 28 None Security Affairs - Blog Secu Security experts at McAfee observed the Russian APT28 group using the recently reported the DDE attack technique to deliver malware in espionage campaign. Security experts at McAfee observed the Russian APT group APT28 using the recently reported the DDE technique to deliver malware in targeted attacks. The cyber spies were conducting a cyber espionage campaign that involved blank documents […] ]]> 2017-11-09T06:54:05+00:00 http://securityaffairs.co/wordpress/65318/hacking/dde-attack-apt28.html www.secnews.physaphae.fr/article.php?IdArticle=430510 False None APT 28 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2017-11-09T01:14:31+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/NJpDug3pK2o/apt28-office-dde-malware.html www.secnews.physaphae.fr/article.php?IdArticle=430398 False None APT 28 None SecurityWeek - Security News 2017-11-08T08:41:21+00:00 http://feedproxy.google.com/~r/Securityweek/~3/AUJO2VclBI0/russia-linked-spies-deliver-malware-dde-attack www.secnews.physaphae.fr/article.php?IdArticle=429856 False None APT 28 None McAfee Labs - Editeur Logiciel This blog post was co-written by Michael Rea. During our monitoring of activities around the APT28 threat group, McAfee Advanced Threat Research analysts identified a malicious Word document that appears to leverage the Microsoft Office Dynamic Data Exchange (DDE) technique that has been previously reported by Advanced Threat Research. This document likely marks the first … ]]> 2017-11-07T18:00:00+00:00 https://securingtomorrow.mcafee.com/mcafee-labs/apt28-threat-group-adopts-dde-technique-nyc-attack-theme-in-latest-campaign/ www.secnews.physaphae.fr/article.php?IdArticle=705910 False None APT 28 4.0000000000000000 The Security Ledger - Blog Sécurité Read the whole entry...  _!fbztxtlnk!_ https://feeds.feedblitz.com/~/486500376/0/thesecurityledger -->»]]> 2017-11-05T16:59:02+00:00 https://feeds.feedblitz.com/~/486500376/0/thesecurityledger~Dark-Markets-do-it-better-surveying-the-Phishing-underground-and-dissecting-a-Fancy-Bear-attack/ www.secnews.physaphae.fr/article.php?IdArticle=428269 False None APT 28 None SecurityWeek - Security News 2017-11-03T08:52:21+00:00 http://feedproxy.google.com/~r/Securityweek/~3/rfFnl95DqHU/russian-fancy-bear-hackers-abuse-blogspot-phishing www.secnews.physaphae.fr/article.php?IdArticle=427714 False None APT 28 None The Security Ledger - Blog Sécurité Read the whole entry...  _!fbztxtlnk!_ https://feeds.feedblitz.com/~/484600838/0/thesecurityledger -->»]]> 2017-11-02T21:51:07+00:00 https://feeds.feedblitz.com/~/484600838/0/thesecurityledger~AP-Russia-hackers-had-targets-worldwide-beyond-US-election/ www.secnews.physaphae.fr/article.php?IdArticle=427643 False None APT 28 None Security Affairs - Blog Secu A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Once again thank you! ·Â Â Â Â Â  A leaked document raises a doubt about NSA knew the #Krack attack since 2010 ·Â Â Â Â Â  APT28 group is rushing to exploit recent CVE-2017-11292 Flash 0-Day before users apply the patches ·Â Â Â Â Â  DHS […] ]]> 2017-10-29T09:28:35+00:00 http://securityaffairs.co/wordpress/64917/breaking-news/security-affairs-newsletter-round-134.html www.secnews.physaphae.fr/article.php?IdArticle=424925 False None APT 28 None InformationSecurityBuzzNews - Site de News Securite Fancy Bear Hackers Race To Exploit Flash Bug Against The US And Europe]]> 2017-10-26T15:16:29+00:00 http://www.informationsecuritybuzz.com/expert-comments/fancy-bear-hackers-race-exploit-flash-bug-us-europe/ www.secnews.physaphae.fr/article.php?IdArticle=424370 False None APT 28 None Security Affairs - Blog Secu Russian cyber espionage group APT28 targeted individuals with spear-phishing messages using documents referencing a NATO cybersecurity conference. Researchers with Cisco Talos have spotted a Russian cyber espionage group targeting individuals with spear-phishing messages using documents referencing a NATO cybersecurity conference. Experts attributed the attack to the dreaded Russian APT28 group, aka Pawn Storm, Fancy Bear, Sofacy, Group 74, Sednit, […] ]]> 2017-10-24T06:32:53+00:00 http://securityaffairs.co/wordpress/64668/cyber-warfare-2/apt28-security-experts-conference.html www.secnews.physaphae.fr/article.php?IdArticle=422613 False None APT 28 None Security Affairs - Blog Secu The APT28 group is trying to exploit the CVE-2017-11292 Flash zero-day before users receive patches or update their systems. Security experts at Proofpoint collected evidence of several malware campaigns, powered by the Russian APT28 group, that rely on a Flash zero-day vulnerability that Adobe patched earlier this week. According to the experts who observed attacks on organizations […] ]]> 2017-10-22T11:29:08+00:00 http://securityaffairs.co/wordpress/64611/apt/cve-2017-11292-apt28.html www.secnews.physaphae.fr/article.php?IdArticle=421871 False None APT 28 None SecurityWeek - Security News 2017-10-20T11:06:44+00:00 http://feedproxy.google.com/~r/Securityweek/~3/IV_WEWgHz7M/russian-hackers-exploit-recently-patched-flash-vulnerability www.secnews.physaphae.fr/article.php?IdArticle=421625 False None APT 28 None