This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-20T14:42:10+00:00 www.secnews.physaphae.fr The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2020-11-03T03:49:37+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/6uTYoCnRAAw/new-kimsuky-module-makes-north-korean.html www.secnews.physaphae.fr/article.php?IdArticle=2013136 False Threat,Cloud APT 37 None Security Affairs - Blog Secu 2020-11-02T16:40:03+00:00 https://securityaffairs.co/wordpress/110306/apt/kimsuky-apt-new-malware.html?utm_source=rss&utm_medium=rss&utm_campaign=kimsuky-apt-new-malware www.secnews.physaphae.fr/article.php?IdArticle=2011016 False Malware,Cloud APT 37 None ZD Net - Magazine Info 2020-08-18T04:35:04+00:00 https://www.zdnet.com/article/us-army-report-says-many-north-korean-hackers-operate-from-abroad/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1868050 False Cloud APT 37 None Wired Threat Level - Security News 2020-04-29T14:00:00+00:00 https://www.wired.com/gallery/board-games-for-remote-play www.secnews.physaphae.fr/article.php?IdArticle=1681837 False Cloud APT 37 None IT Security Guru - Blog Sécurité 2020-01-03T10:40:14+00:00 https://www.itsecurityguru.org/2020/01/03/microsoft-helps-shutter-domains-run-by-north-korean-cybergang-thallium/?utm_source=rss&utm_medium=rss&utm_campaign=microsoft-helps-shutter-domains-run-by-north-korean-cybergang-thallium www.secnews.physaphae.fr/article.php?IdArticle=1495435 False Threat,Cloud APT 37 None 01net. Actualites - Securite - Magazine Francais ]]> 2019-12-31T02:39:43+00:00 https://www.01net.com/actualites/microsoft-elimine-50-noms-de-domaine-exploites-par-de-redoutables-hackersnord-coreens-1832976.html www.secnews.physaphae.fr/article.php?IdArticle=1495015 False Cloud APT 37 None Security Affairs - Blog Secu 2019-12-30T21:57:04+00:00 https://securityaffairs.co/wordpress/95786/apt/microsoft-sued-north-korea-thallium.html www.secnews.physaphae.fr/article.php?IdArticle=1494535 False Cloud APT 37 None ZD Net - Magazine Info 2019-12-30T21:53:41+00:00 https://www.zdnet.com/article/microsoft-takes-down-50-domains-operated-by-north-korean-hackers/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1494774 False Cloud APT 37 None Bleeping Computer - Magazine Américain 2019-12-30T13:01:33+00:00 https://www.bleepingcomputer.com/news/security/microsoft-takes-north-korean-hacking-group-thallium-to-court/ www.secnews.physaphae.fr/article.php?IdArticle=1494612 False Cloud APT 37 None Security Affairs - Blog Secu 2019-05-14T12:48:00+00:00 https://securityaffairs.co/wordpress/85469/apt/scarcruft-apt-bluetooth-harvester.html www.secnews.physaphae.fr/article.php?IdArticle=1106580 False Cloud APT 37 None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2019-05-13T16:46:00+00:00 https://threatpost.com/scarcruft-apt-bluetooth-harvester/144643/ www.secnews.physaphae.fr/article.php?IdArticle=1105523 False Malware APT 37 None SecurityWeek - Security News 2019-05-13T15:29:00+00:00 https://www.securityweek.com/north-korea-linked-scarcruft-adds-bluetooth-harvester-toolkit www.secnews.physaphae.fr/article.php?IdArticle=1106316 False Threat,Cloud APT 37 None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2018-10-02T19:23:03+00:00 https://threatpost.com/nokki-malware-sports-mysterious-link-to-reaper-apt-group/137883/ www.secnews.physaphae.fr/article.php?IdArticle=828913 False Malware APT 37 None Bleeping Computer - Magazine Américain 2018-10-01T11:00:00+00:00 https://www.bleepingcomputer.com/news/security/report-ties-north-korean-attacks-to-new-malware-linked-by-word-macros/ www.secnews.physaphae.fr/article.php?IdArticle=827138 False Malware,Cloud APT 37 None Checkpoint - Fabricant Materiel Securite 2018-08-15T12:30:04+00:00 http://blog.checkpoint.com/2018/08/15/julys-most-wanted-malware-attacks-targeting-iot-and-networking-doubled-since-may-2018/ www.secnews.physaphae.fr/article.php?IdArticle=779574 False Threat,Cloud APT 37 None Security Affairs - Blog Secu 2018-08-10T16:15:03+00:00 https://securityaffairs.co/wordpress/75227/malware/north-korea-malware-lazarus.html www.secnews.physaphae.fr/article.php?IdArticle=775338 False Malware,Medical,Cloud APT 38,APT 37 None McAfee Labs - Editeur Logiciel This research is a joint effort by Jay Rosenberg, senior security researcher at Intezer, and Christiaan Beek, lead scientist and senior principal engineer at McAfee. Intezer has also posted this story.  Attacks from the online groups Lazarus, Silent Chollima, Group 123, Hidden Cobra, DarkSeoul, Blockbuster, Operation Troy, and 10 Days of Rain are believed to … ]]> 2018-08-09T13:00:01+00:00 https://securingtomorrow.mcafee.com/mcafee-labs/examining-code-reuse-reveals-undiscovered-links-among-north-koreas-malware-families/ www.secnews.physaphae.fr/article.php?IdArticle=773111 False Malware,Guideline,Medical,Cloud APT 38,APT 37 None Wired Threat Level - Security News 2018-07-21T12:00:00+00:00 https://www.wired.com/story/space-photos-of-the-week-sweeping-the-clouds-away-on-titan www.secnews.physaphae.fr/article.php?IdArticle=747653 False Cloud APT 37 None The Security Ledger - Blog Sécurité Read the whole entry...  _!fbztxtlnk!_ https://feeds.feedblitz.com/~/559125228/0/thesecurityledger -->» ]]> 2018-07-17T23:11:03+00:00 https://feeds.feedblitz.com/~/559125228/0/thesecurityledger~Episode-Muellers-Cyber-Eye-on-the-Russian-Guys-also-Reaper-Drone-Docs-Stolen/ www.secnews.physaphae.fr/article.php?IdArticle=747735 False None APT 37 None The Last Watchdog - Blog Sécurité de Byron V Acohido 2018-07-13T00:21:05+00:00 https://www.lastwatchdog.com/guest-essay-theft-of-mq-9-reaper-docs-highlights-need-to-better-protect-high-value-assets/ www.secnews.physaphae.fr/article.php?IdArticle=742990 False None APT 37 None The Security Ledger - Blog Sécurité Read the whole entry...  _!fbztxtlnk!_ https://feeds.feedblitz.com/~/557965066/0/thesecurityledger -->»]]> 2018-07-12T14:35:00+00:00 https://feeds.feedblitz.com/~/557965066/0/thesecurityledger~Military-documents-about-MQ-Reaper-drone-leaked-on-dark-web/ www.secnews.physaphae.fr/article.php?IdArticle=742012 False Cloud APT 37 None Security Affairs - Blog Secu 2018-07-11T11:49:04+00:00 https://securityaffairs.co/wordpress/74357/data-breach/reaper-drone-data-leak.html www.secnews.physaphae.fr/article.php?IdArticle=740073 False Threat,Cloud APT 37 None Dark Reading - Informationweek Branch 2018-06-04T16:54:00+00:00 https://www.darkreading.com/attacks-breaches/us-north-korea-summit-news-being-used-as-lure-in-new-malware-campaign/d/d-id/1331960?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple www.secnews.physaphae.fr/article.php?IdArticle=692025 False Cloud APT 37 None Dark Reading - Informationweek Branch 2018-06-04T16:54:00+00:00 https://www.darkreading.com/attacks-breaches/us-north-korea-summit-news-used-as-lure-in-new-malware-campaign/d/d-id/1331960?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple www.secnews.physaphae.fr/article.php?IdArticle=693189 True Cloud APT 37 None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2018-05-08T20:27:00+00:00 https://threatpost.com/sierra-wireless-patches-critical-vulns-in-hundreds-of-thousands-of-wireless-routers/131804/ www.secnews.physaphae.fr/article.php?IdArticle=632419 False Cloud APT 37 None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2018-04-06T19:24:04+00:00 https://threatpost.com/mirai-variant-targets-financial-sector-with-iot-ddos-attacks/131056/ www.secnews.physaphae.fr/article.php?IdArticle=570879 False Cloud APT 37 None InformationSecurityBuzzNews - Site de News Securite Reaper Botnet]]> 2018-04-06T17:15:05+00:00 https://www.informationsecuritybuzz.com/expert-comments/reaper-botnet/ www.secnews.physaphae.fr/article.php?IdArticle=570713 False Cloud APT 37 None SecurityWeek - Security News 2018-04-06T14:54:05+00:00 https://www.securityweek.com/researchers-link-new-android-backdoor-north-korean-hackers www.secnews.physaphae.fr/article.php?IdArticle=577113 False Cloud APT 37 None SecurityWeek - Security News A new type of ATM jackpotting malware has been discovered. Dubbed ATMJackpot, the malware appears to be still under development, and to have originated in Hong Kong. There are no current details of any deployment or use. ATMJackpot was discovered and analyzed by Netskope Threat Research Labs. It has a smaller footprint than earlier strains of jackpotting malware, but serves the same purpose: to steal money from automated teller machines (ATMs). ATM jackpotting -- also known as a logical attack -- is the use of malware to control cash dispensing from individual ATMs. The malware can be delivered locally to each ATM via a USB port, or remotely by compromising the ATM operator network. Jackpotting has become an increasing problem in recent years, originally and primarily in Europe and Asia. In 2017, Europol warned that ATM attacks were increasing. "The malware being used has evolved significantly and the scope and scale of the attacks have grown proportionately," said Steven Wilson, head of Europol's EC3 cybercrime center. The first attacks against ATMs in the U.S. were discovered in January 2018 following an alert issued by the Secret Service. In March 2018, the alleged leader of the Carbanak group was arrested in Spain. Carbanak is believed to have stolen around $1.24 million over the preceding years. Its method was to compromise the servers controlling ATM networks by spear-phishing bank employers, and then use foot soldiers (mules) to collect money dispensed from specific ATMs at specific times. It is not clear whether the ATMJackpot malware discovered by Netskope is intended to be manually installed via USB on individual ATMs, or downloaded from a compromised network. Physical installation on an ATM is not always difficult. In July 2017, IOActive described how its researchers could gain access to the Diebold Opteva ATM. It was achieved by inserting a metal rod through a speaker hole and raising a metal locking bar. From there they were able to reverse engineer software to get access to the money vault. Jackpotting malware is designed to avoid the need to physically break into the vault. It can be transferred via a USB port to the computer part of the ATM that controls the vault. Most ATMs use a version of Windows that is well understood by criminals. ATMJackpot malware first registers the windows class name 'Win' with a procedure for the malware activity.  The malware then populates the options on the window and initiates a connection with the XFS manager. The XFS subsystem provides a common API to access and manipulate the ATM devices from different vendors. The malware then opens a session with the service providers and registers to monitor events. It opens a session with the cash dispenser, the card reader and the PIN pad servic]]> 2018-04-06T12:08:04+00:00 https://www.securityweek.com/new-strain-atm-jackpotting-malware-discovered www.secnews.physaphae.fr/article.php?IdArticle=570159 False Guideline,Cloud APT 37 None SecurityWeek - Security News Recorded Future's "Insikt" threat intelligence research group has linked the Mirai variant IoTroop (aka Reaper) botnet with attacks on the Netherlands financial sector in January 2018. The existence of IoTroop was first noted by Check Point in October 2017. At that point the botnet had not been used to deliver any known DDoS attacks, and its size was disputed. What was clear, however, was its potential for growth. In January 2018, the financial services sector in the Netherlands was hit by a number of DDoS attacks. Targets included ABN Amro, Rabobank and Ing; but at that time the source of the attack was unknown. Insikt researchers now report  that at least one these financial services attacks -- and possibly more -- was the first known use of IoTroop to deliver a DDoS attack. "IoTroop is a powerful internet of things (IoT) botnet," reports Insikt, "primarily comprised of compromised home routers, TVs, DVRs, and IP cameras exploiting vulnerabilities in products from major vendors including MikroTik, Ubiquity and GoAhead." The attack itself was not excessively high by modern standards. "The initial attack was a DNS amplification attack with traffic volumes peaking at 30Gb/s," reports Insikt -- far short of the 1.7Tb/s attack that occurred in February. If the IoTroop assumption is correct, it is clear the botnet has evolved extensively since its discovery last year. Fortinet's SVP products and solutions reported last month, "the Reaper [IoTroop] exploit was built using a flexible Lua engine and scripts, which means that instead of being limited to the static, pre-programmed attacks of previous exploits, its code can be easily updated on the fly, allowing massive, in-place botnets to run new and more malicious attacks as soon as they become available." Insikt reports that the malware can use at least a dozen vulnerabilities and can be updated by the attackers as new vulnerabilities are exposed. "Our analysis," it says, "shows the botnet involved in the first company attack was 80% comprised of compromised MikroTik routers with the remaining 20% composed of various IoT devices ranging from vulnerable Apache and IIS web servers to routers from Ubiquity, Cisco and ZyXEL. We also discovered Webcams, TVs and DVRs among the 20% of IoT devices, which included products from major vendors such as MikroTik, GoAhead, Ubiquity, Linksys, TP-Link and Dahua." This list adds new devices now vulnerable to IoTroop in addition to those noted in the original October 2017 research -- which suggests, says Insikt, "a widespread and rapidly evolving botnet that appears to be leveraging publicly disclosed vulnerabilities in many IoT devices." ]]> 2018-04-05T16:59:01+00:00 https://www.securityweek.com/financial-services-ddos-attacks-tied-reaper-botnet www.secnews.physaphae.fr/article.php?IdArticle=568368 False Cloud APT 37 None SecurityWeek - Security News Security researchers have discovered a new Android Remote Access Trojan (RAT) that can steal a great deal of information from infected devices. Dubbed KevDroid, the mobile threat can steal contacts, messages, and phone history, while also able to record phone calls, Talos reports. Two variants of the malware have been identified so far. One of the variants exploits CVE-2015-3636 to gain root access, but both implement the same call recording capabilities, taken from an open-source project on GitHub. Once it has infected a device, the first KevDroid variant can gather and siphon information such as installed applications, phone number, phone unique ID, location, stored contacts information, stored SMS, call logs, stored emails, and photos. ]]> 2018-04-03T18:30:03+00:00 https://www.securityweek.com/new-kevdroid-android-backdoor-discovered www.secnews.physaphae.fr/article.php?IdArticle=564075 False Guideline,Cloud APT 37 None SecurityWeek - Security News Bill No. 2/2018, referred to as “the Cybersecurity Bill.” Local infosec professionals consider it, overall, a good bill, covering exactly the topics one would expect to see from the Singaporean government. After a first draft, lively debate ensued during the public commentary period, and the government folded the best suggestions into its final bill. The administration of the statute will be completed by a Cybersecurity Commissioner. This person will define many of the finer points of policy, which have been purposely left out of the framework.  The bill comprises three main themes: 1. Critical Infrastructure. The Cybersecurity Bill defines the criteria by which the commissioner should identify critical infrastructure (sections 7–9). These include 11 groupings of “essential services,” including aviation, banking, and healthcare. Fun Fact #1: The Philippine government is working on a similar project, called the “National Cybersecurity Plan 2022”, and word is that they copied the groupings, in order, from the Singaporean version. Nothing wrong with that, though. The local cybersecurity community applauds the Singapore bill's requirements for bi-annual audits and regular penetration tests. That's just good policy, so it might as well be a law; after all, this is Singapore. 2. Incident Response. Sections 19–23 define the powers the commissioner has to investigate, prevent, and respond to cybersecurity incidents. Fun Fact #2: Of interest is that the bill allows the designation of temporary technical experts, who will be issued cards identifying themselves as such. Your reporter personally finds this pretty cool, and would be tickled to be a card-carrying Singaporean crime fighter (temporarily) someday. He imagines himself holding up a badge and saying, with authority, “Everyone calm down, I'm here to help.” 3. Cybersecurity Service Providers. Sections 24–35 describe the governance of so-called cybersecurity service providers-penetration testers and security operations centers (SOCs). Perhaps the most significant aspect of the bill is Fun Fact #3: Provid]]> 2018-03-21T11:29:00+00:00 http://feedproxy.google.com/~r/Securityweek/~3/WDFUJCCVTUY/5-fun-facts-about-2018-singapore-cybersecurity-statute www.secnews.physaphae.fr/article.php?IdArticle=533209 True Cloud APT 37 None SecurityWeek - Security News injecting malicious JavaScript into vulnerable websites, or delivering it via phishing campaigns. Simply browsing an infected site can enable attackers to hijack CPU cycles to perform cryptomining on behalf of a cybercriminal. While such attacks initially hijacked all available CPU, causing machines to become virtually unusable, new, more sophisticated attacks, now monitor device CPU and rate limit the amount of processing power they leverage, often using 50% or less of available processing power at any given moment in order to evade detection. Cryptojacking can result in everything from annoying side effects such browser hang-ups and system crashes, to degraded network performance, sophisticated data theft, and increasingly, even the delivery of ransomware. IoT Botnets  IoT-based botnets also continue to dominate the threat landscape. But unlike the first generation of IoT attacks, which focused on exploiting a single vulnerability, new IoT botnets such as Reaper and Hajime simultaneously target multiple vulnerabilities, making them much harder to combat. Even worse, because many IoT manufacturers don't have a PSIRT team in place, many of these attacks target known IoT vulnerabilities for which no CVE has been named, which means there is little opportunity to even report vulnerabilities when they are discovered, let alone prepare for them. To complicate things further, the Reaper exploit was built using a flexible Lua engine and scripts, which means that instead of being limited to the static, pre-programmed attacks of previous exploits, its code can be easily updated on the fly, allowing massive, in-place botnets to run new and more malicious attacks as soon as they become available.  Ransomware ]]> 2018-03-14T15:56:03+00:00 http://feedproxy.google.com/~r/Securityweek/~3/pVXSqpoZfuc/combatting-transformation-cybercrime www.secnews.physaphae.fr/article.php?IdArticle=513565 False Cloud APT 37 None Security Affairs - Blog Secu 2018-02-27T18:54:05+00:00 http://securityaffairs.co/wordpress/69620/cyber-crime/cve-2018-4878-malspam-campaign.html www.secnews.physaphae.fr/article.php?IdArticle=492272 False Cloud APT 37 None SecurityWeek - Security News warned Tuesday, as it identified a Pyongyang-linked group as an "advanced persistent threat". ]]> 2018-02-21T15:20:05+00:00 http://feedproxy.google.com/~r/Securityweek/~3/QMJAPQcpioU/north-korea-cyber-threat-more-aggressive-china-us-firm www.secnews.physaphae.fr/article.php?IdArticle=487344 False Guideline,Cloud APT 37 None IT Security Guru - Blog Sécurité 2018-02-21T14:07:03+00:00 http://www.itsecurityguru.org/2018/02/21/reaper-little-known-north-korean-hacker-group-steps-attacks-vietnam-japan-middle-east/ www.secnews.physaphae.fr/article.php?IdArticle=487273 False Cloud APT 37 4.0000000000000000 ZD Net - Magazine Info 2018-02-21T11:13:02+00:00 http://www.zdnet.com/article/north-korean-reaper-apt-uses-zero-day-vulnerabilities-to-spy-on-governments/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=486985 False None APT 37 None Security Affairs - Blog Secu 2018-02-21T06:34:04+00:00 http://securityaffairs.co/wordpress/69339/apt/apt37-broadens-horizons.html www.secnews.physaphae.fr/article.php?IdArticle=486967 False Cloud APT 37 None UnderNews - Site de news "pirate" francais FireEye a publié aujourd'hui une nouvelle étude qui met en lumière les activités d'une importante menace de cyber espionnage : l'APT37 de Corée du Nord.]]> 2018-02-20T18:05:00+00:00 http://feedproxy.google.com/~r/undernews/oCmA/~3/2aNslc3VNr0/un-nouveau-rapport-fireeye-apt37-reaper.html www.secnews.physaphae.fr/article.php?IdArticle=486940 False Cloud APT 37 None SecurityWeek - Security News 2018-02-20T15:14:04+00:00 http://feedproxy.google.com/~r/Securityweek/~3/4PWPqamrHXM/north-korean-hacking-group-apt37-expands-targets www.secnews.physaphae.fr/article.php?IdArticle=486740 False None APT 37 None Mandiant - Blog Sécu de Mandiant Blog détaillant l'utilisation d'une vulnérabilité Adobe Flash Zero-Day (CVE-2018-4878) par un groupe de cyber-espionnage nord-coréen présumé que nous suivons maintenant comme APT37 (Reaper). Notre analyse de l'activité récente d'APT37 \\ révèle que les opérations du groupe \\ se développent en portée et en sophistication, avec un ensemble d'outils qui comprend l'accès aux vulnérabilités zéro-jour et aux logiciels malveillants d'essuie-glace.Nous évaluons avec une grande confiance que cette activité est réalisée au nom du gouvernement nord-coréen compte tenu des artefacts de développement de logiciels malveillants et ciblant qui s'aligne sur l'État nord-coréen

---

On Feb. 2, 2018, we published a blog detailing the use of an Adobe Flash zero-day vulnerability (CVE-2018-4878) by a suspected North Korean cyber espionage group that we now track as APT37 (Reaper). Our analysis of APT37\'s recent activity reveals that the group\'s operations are expanding in scope and sophistication, with a toolset that includes access to zero-day vulnerabilities and wiper malware. We assess with high confidence that this activity is carried out on behalf of the North Korean government given malware development artifacts and targeting that aligns with North Korean state]]> 2018-02-20T13:30:00+00:00 https://www.mandiant.com/resources/blog/apt37-overlooked-north-korean-actor www.secnews.physaphae.fr/article.php?IdArticle=8377752 False Malware,Vulnerability APT 37,APT 37 4.0000000000000000 AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC life of its own a few days ago. But I’m reminded of the ending monologue by Morgan Freeman in “The Shawshank Redemption”, in which he starts off by saying, “Get busy living or get busy dying.” So the thought of the week is, “Get busy securing, or get busy insecuring.” Hmm doesn’t quite have the same ring to it. Will have to think of a better word – but you catch my drift. Let’s jump into this week’s interesting security bits Mirai Mirai on the wall I picture Brian Krebs as being a Liam Neeson type – he sees that his website is under attack by a never-before seen DDoS attack. He mutters to himself, “I don’t know who you are, but I will hunt you, I will find you, and I will blog about it until you get arrested, prosecuted, and thrown in jail.” It so happens that this week the hackers behind the Mirai botnet and a series of DDoS attacks pled guilty. The Hackers Behind Some of the Biggest DDoS Attacks in History Plead Guilty | Motherboard Mirai IoT Botnet Co-Authors Plead Guilty | KrebsonSecurity Botnet Creators Who Took Down the Internet Plead Guilty | Gizmondo Bug Laundering Bounties Apparently, HBO negotiated with hackers. Paying them $250,000 under the guise of a bug bounty as opposed to a ransom. Maybe in time, it will be found that HBO acted above board, maybe it was a sting operation, maybe it was a misconstrued email. The worrying fact is that any payment exchange system can be used to launder money. However, bug bounty providers don’t (as far as I can tell) have financial services obligations. Does the bug bounty industry need more regulation (shudder)? Leaked email shows HBO negotiating with hackers | Calgary Herald Remember the 'Game of Thrones' leak? An Iranian hacker was charged with stealing HBO scripts to raise bitcoin | USA Today Uber used bug bounty program to launder blackmail payment to hacker | ars Technica Inside a low budget consumer hardware espionage implant I’m not much of a hardware expert – actually, I’m not much of a hardware novice either. But this writeup by Mich is awesome. I didn’t even know there were so many ways to sniff, intercept and basically mess around with stuff at such small scale. It’s extremely detailed and I’ve permanently bookmarked it for future reference. ]]> 2017-12-15T14:00:00+00:00 http://feeds.feedblitz.com/~/510731884/0/alienvault-blogs~Things-I-Hearted-This-Week-th-December www.secnews.physaphae.fr/article.php?IdArticle=451486 False Guideline,Medical,Cloud APT 38,APT 37,Uber None SecurityWeek - Security News Reaper ups the ante for IoT security. ]]> 2017-12-13T17:37:49+00:00 http://feedproxy.google.com/~r/Securityweek/~3/1CSmjFi03Wg/threat-modeling-internet-things-modeling-reaper www.secnews.physaphae.fr/article.php?IdArticle=449937 False Cloud APT 37 None The Security Ledger - Blog Sécurité Read the whole entry...  _!fbztxtlnk!_ https://feeds.feedblitz.com/~/495673822/0/thesecurityledger -->» ]]> 2017-11-19T20:44:20+00:00 https://feeds.feedblitz.com/~/495673822/0/thesecurityledger~North-Koreas-widening-Net-pricing-the-Equifax-Hack-Dark-Markets-in-Turmoil/ www.secnews.physaphae.fr/article.php?IdArticle=435925 False Cloud APT 37,Equifax None Fortinet - Fabricant Materiel Securite 2017-11-16T17:40:59+00:00 https://blog.fortinet.com/2017/11/16/reaper-the-next-evolution-of-iot-botnets www.secnews.physaphae.fr/article.php?IdArticle=434734 False None APT 37 None IT Security Guru - Blog Sécurité Move over Mirai, there's a new monstrous botnet in town. The newly-discovered botnet, dubbed “Reaper” or “IoTroop,” appears to be a more powerful strain of the Internet of Things (IoT) attack malware that Mirai was, the previous holder of the IoT botnet crown. And while Reaper hasn't yet to launch an attack, security researchers warn ... ]]> 2017-11-16T10:10:59+00:00 http://www.itsecurityguru.org/2017/11/16/should-you-fear-the-reaper/ www.secnews.physaphae.fr/article.php?IdArticle=434337 False Cloud APT 37 2.0000000000000000 IT Security Guru - Blog Sécurité It was found that hackers, who were looking to create their own version of the Reaper botnet, downloaded an IP scanner which was a PHP file that was made available as a free download after news about Reaper botnet broke. View Full Story ORIGINAL SOURCE: BleepingComputer ]]> 2017-11-09T10:36:35+00:00 http://www.itsecurityguru.org/2017/11/09/backdoored-ip-scanner-tricks-hackers/ www.secnews.physaphae.fr/article.php?IdArticle=430733 False Cloud APT 37 None Bleeping Computer - Magazine Américain 2017-11-08T16:16:00+00:00 https://www.bleepingcomputer.com/news/security/hacker-wannabes-fooled-by-backdoored-ip-scanner/ www.secnews.physaphae.fr/article.php?IdArticle=430368 False Cloud APT 37 None F-Secure - F-Secure ]]> 2017-11-03T12:39:20+00:00 https://labsblog.f-secure.com/2017/11/03/rickrolled-by-none-other-than-iotreaper/ www.secnews.physaphae.fr/article.php?IdArticle=428076 False Cloud APT 37 None SecurityWeek - Security News The Mirai-like "Reaper" botnet that began infecting Internet of Things (IoT) devices in late September has only ensnared up to 20,000 bots so far, according to estimates from Arbor Networks. ]]> 2017-10-30T12:55:31+00:00 http://feedproxy.google.com/~r/Securityweek/~3/Ale8wQm96CM/researchers-downplay-size-reaper-iot-botnet www.secnews.physaphae.fr/article.php?IdArticle=425241 False Cloud APT 37 None ZD Net - Magazine Info 2017-10-30T12:33:00+00:00 http://www.zdnet.com/article/reaper-botnet-experts-reassess-size-and-firepower/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=425185 False None APT 37 None Krebs on Security - Chercheur Américain 2017-10-27T20:39:21+00:00 https://krebsonsecurity.com/2017/10/fear-the-reaper-or-reaper-madness/ www.secnews.physaphae.fr/article.php?IdArticle=424874 False Cloud APT 37 None InformationSecurityBuzzNews - Site de News Securite eSentire Security Advisory: Reaper IoT Botnet]]> 2017-10-26T14:15:38+00:00 http://www.informationsecuritybuzz.com/news/esentire-security-advisory-reaper-iot-botnet/ www.secnews.physaphae.fr/article.php?IdArticle=424371 False Cloud APT 37 None Data Security Breach - Site de news Francais Reaper, un nouveau botnet visant des objets connectés,  emmagasinerai des informations pour une future attaque. Reaper, une... Cet article Future attaque ? Le petit frère de Miraim, Reaper, collecte ses objets connectés est diffusé par Data Security Breach. ]]> 2017-10-25T23:00:16+00:00 https://www.datasecuritybreach.fr/reaper-future-attaque-iot/ www.secnews.physaphae.fr/article.php?IdArticle=423858 False Cloud APT 37 None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2017-10-25T18:33:18+00:00 https://threatpost.com/hackers-prepping-iotroop-botnet-with-exploits/128608/ www.secnews.physaphae.fr/article.php?IdArticle=423872 False Cloud APT 37 None Graham Cluley - Blog Security Think the Mirai botnet which launched a DDoS attack that knocked major websites offline last year was bad? It's possible that you ain't seen nothing yet. ]]> 2017-10-24T16:14:49+00:00 https://www.bitdefender.com/box/blog/iot-news/reaper-iot-botnet-devastating-mirai/#new_tab www.secnews.physaphae.fr/article.php?IdArticle=423063 False Cloud APT 37 None ZD Net - Magazine Info 2017-10-24T12:46:37+00:00 http://www.zdnet.com/article/reaper-botnet-could-be-worse-than-mirai-cyberattack/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=422895 False Cloud APT 37 None Krebs on Security - Chercheur Américain 2017-10-23T19:42:42+00:00 https://krebsonsecurity.com/2017/10/reaper-calm-before-the-iot-security-storm/ www.secnews.physaphae.fr/article.php?IdArticle=422363 False Cloud APT 37 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2017-10-21T00:49:26+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/N3Rrk3CAFZk/iot-botnet-malware-attack.html www.secnews.physaphae.fr/article.php?IdArticle=421826 False Cloud APT 37 None Bleeping Computer - Magazine Américain 2017-10-20T09:30:39+00:00 https://www.bleepingcomputer.com/news/security/a-gigantic-iot-botnet-has-grown-in-the-shadows-in-the-past-month/ www.secnews.physaphae.fr/article.php?IdArticle=422140 False Cloud APT 37 None NoticeBored - Experienced IT Security professional Further to yesterday's ISO27k Forum thread and blog piece, I've been contemplating the idea of extending the security awareness program into an "outreach" initiative for Information Security, or at least viewing it in that way. I have in mind a planned, systematic, proactive approach not just to spread the information risk and security gospel, but to forge stronger more productive working relationships throughout the organization, perhaps even beyond.  Virtually every interaction between anyone from Information Security and The Business is a relationship-enhancing opportunity, a chance to inform, communicate/exchange information in both directions, assist, guide, and generally build the credibility and information Security's brand. Doing so has the potential to:Drive or enhance the corporate security culture through Information Security becoming increasingly respected, trusted, approachable, consulted, informed and most of all used, rather than being ignored, feared and shunned (the "No Department");Improve understanding on all sides, such as identifying business initiatives, issues, concerns and demands for Information Security involvement, at an early enough stage to be able to specify, plan, resource and deliver the work at a sensible pace rather than at the last possible moment with next to no available resources; also knowing when to back-off, leaving the business to its own devices if there are other more pressing demands, including situations where accepting information risks is necessary or appropriate for various business reasons;Encourage and facilitate collaboration, cooperation and alignment around common goals;Improve the productivity and effectiveness of Information Security by being more customer-oriented - always a concern with ivory-tower expert functions staffed by professionals who think they (OK, we!) know best;Improve the management and treatment of information risks as a whole through better information security, supporting key business objectives such as being able to exploit business opportunities that would otherwise be too risky, while complying with applicable laws and regulations.]]> 2017-08-23T13:14:19+00:00 http://feedproxy.google.com/~r/NoticeBored/~3/r3CdR4cAALs/nblog-august-23-information-security.html www.secnews.physaphae.fr/article.php?IdArticle=409096 False Cloud APT 37 None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC improvements to the depth of data in OTX recently, which are now available via the free API tool. Some of the API functions now include: Malware anti-virus and sandbox reports (example) A Whois API, including reverse whois and reverse SSL (example) View IP addresses that our telemetry indicates a specific network signature has fired on (example) The HTTP contents of a domain or URL (example), as well as finding all pages that link to it (example) Passive DNS history (example) Find malware samples that talk to a domain or ip (example) Retrieve malware samples by anti-virus detection (example) Lists of malicious URLs on domains (example) Download all indicators from users that you subscribe to (example) Find pulses based on the adversary, industry or keywords that interest you (example) What could you build? This depth of data could be used for countless things, but here are a couple of examples the API could used for: Actor Tracking Let’s say you want to get daily updates on an attacker that has targeted your sector before. With the new API, you will get a daily email on name servers they use, domain registration emails they use, and servers that have fired network alerts for their malware. Malicious File Alerting Another common task is when you want to know if files that pass your network or mail gateway (either at the MX or Inbox) are malicious. You can easily extract these files, then check them against OTX to see if they are malicious. Examples Our Python SDK page includes some simple examples of using the API, such as: Storing a feed of malicious indicators on OTX Telling if a Domain, IP, File hash or URL is malicious ]]> 2017-08-17T13:00:00+00:00 http://feeds.feedblitz.com/~/437689044/0/alienvault-blogs~The-Upgraded-AlienVault-OTX-API-amp-Ways-to-Score-Swag www.secnews.physaphae.fr/article.php?IdArticle=397846 False Cloud APT 37 None SANS Institute - SANS est un acteur de defense et formation $ sudo apt-get update margin-right:0in"> Install MongoDB : In this dairy I am not going to discuss how to install MongoDB , for futher details about margin-left:.5in"> $ git clone https://github.com/volatilityfoundation/volatility $ cd volatility $ sudo python setup.py install margin-left:.5in"> $ git clone https://github.com/kevthehermit/VolUtility Configuration In this diary I am going to use the default config file volutility.conf.sample border:solid windowtext 1.0pt"> $ ./manage.py runserver 0.0.0.0:8000 width:400px" /> Enter a name for the session and the location of the memory image ,for the profile you can either specify it or you can choose autodetect, then click on submit button width:400px" /> You have to wait for few minutest till it finishes from processing the image, once it finished the status will change to Complete width:400px" /> To examine the image click on the session name , in this the dairy its SANS ISC width:400px" /> Now let width:400px" /> And you can of course filter your result using tools such as MS Excel. _______________________________________________________ [1] https://github.com/kevthehermit/VolUtility/wiki [1] https://digital-forensics.sans.org/community/downloads (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.]]> 2017-06-12T19:07:51+00:00 https://isc.sans.edu/diary.html?storyid=22508&rss www.secnews.physaphae.fr/article.php?IdArticle=373310 False Cloud APT 37 None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2016-06-17T10:00:38+00:00 https://threatpost.com/scarcruft-apt-group-used-latest-flash-zero-day-in-two-dozen-attacks/118642/ www.secnews.physaphae.fr/article.php?IdArticle=3025 False Cloud APT 37 None The State of Security - Magazine Américain Read More]]> 2016-06-14T03:00:49+00:00 http://www.tripwire.com/state-of-security/risk-based-security-for-executives/connecting-security-to-the-business/dont-fear-the-reaper-getting-the-most-out-of-your-penetration-test/ www.secnews.physaphae.fr/article.php?IdArticle=2768 False Cloud APT 37 None