This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-11T21:12:44+00:00 www.secnews.physaphae.fr Cyble - CyberSecurity Firm According to a Cyble report sent to clients recently, France is increasingly becoming a target of hacktivists for its active role in international diplomacy and in ongoing conflicts in Ukraine and the Middle East. France\'s role in those conflicts “has drawn the ire of pro-Russian and pro-Palestinian hacktivist groups,” Cyble said, as those hacktivists have found ideological alignment and a common adversary in France. The attacks have ranged from Distributed Denial-of-Service (DDoS) attacks against French government institutions and other critical infrastructure to attacks against Industrial Control Systems (ICS), with the goal of disrupting essential services, influencing public opinion, and creating political pressure. Hacktivist Alliance Began with \'Holy League\' Pro-Russian and pro-Palestinian hacktivists collaborated in the December “Holy League” attacks against French infrastructure and have picked up significantly since January, although Holy League activity against France could also be seen months earlier following the arrest in France of Telegram founder and CEO Pavel Durov. Cyble ]]> 2025-03-27T16:24:42+00:00 https://cyble.com/blog/hacktivists-france-for-its-diplomatic-efforts/ www.secnews.physaphae.fr/article.php?IdArticle=8658630 False Tool,Industrial,Cloud APT 15 3.0000000000000000 Korben - Bloger francais Tiens tiens, et si on parlait d’une fonctionnalité HTML plutôt méconnue ? Je veux parler de l’attribut ping, ce petit bout de code qui permet de traquer les clics sur les liens en toute discrétion ! En effet, cette petite merveille issue du HTML5 fait polémique depuis sa création, entre les webmasters qui y voient une aubaine pour l’analyse d’audience et les défenseurs de la vie privée qui tirent la sonnette d’alarme.]]> 2025-01-09T09:00:00+00:00 https://korben.info/attribut-ping-html-tracking-web-vie-privee.html www.secnews.physaphae.fr/article.php?IdArticle=8635212 False None APT 19 4.0000000000000000 Global Security Mag - Site de news francais Malwares

---

Cyberattaque majeure : 40 Go de données clients Peugeot aux mains des hackers de Cicada 3301 - Malwares]]> 2024-12-24T13:13:55+00:00 https://www.globalsecuritymag.fr/cyberattaque-majeure-40-go-de-donnees-clients-peugeot-aux-mains-des-hackers-de.html www.secnews.physaphae.fr/article.php?IdArticle=8629519 False None APT 10 4.0000000000000000 Zataz - Magazine Francais de secu Le groupe de hackers malveillants Cicada 3301 menace Peugeot après avoir prétendument volé 40 Go de données liées à ses concessions. Diffusion prévue : 6 janvier 2025....]]> 2024-12-22T19:03:49+00:00 https://www.zataz.com/les-pirates-du-groupe-cicada-3301-revendiquent-une-attaque-contre-les-concessions-peugeot/ www.secnews.physaphae.fr/article.php?IdArticle=8628803 False None APT 10 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-12-12T20:36:12+00:00 https://community.riskiq.com/article/2b3cb06d www.secnews.physaphae.fr/article.php?IdArticle=8624235 False Malware,Tool,Threat,Legislation,Mobile APT 15 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-11-25T12:11:18+00:00 https://community.riskiq.com/article/2bbfcf8e www.secnews.physaphae.fr/article.php?IdArticle=8617686 False Ransomware,Malware,Tool,Vulnerability,Threat,Patching,Industrial,Prediction,Cloud APT 10 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-11-19T21:54:53+00:00 https://community.riskiq.com/article/e1cbba96 www.secnews.physaphae.fr/article.php?IdArticle=8614334 False Malware,Tool,Vulnerability,Threat,Prediction APT 10 2.0000000000000000 TrendMicro - Security Firm Blog LODEINFO is a malware used in attacks targeting mainly Japan since 2019. Trend Micro has been tracking the group as Earth Kasha. We have identified a new campaign connected to this group with significant updates to their strategy, tactics, and arsenals.]]> 2024-11-19T00:00:00+00:00 https://www.trendmicro.com/en_us/research/24/k/lodeinfo-campaign-of-earth-kasha.html www.secnews.physaphae.fr/article.php?IdArticle=8613956 False Malware,Prediction APT 10 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors in North Korea have been implicated in a recent incident that deployed a known ransomware family called Play, underscoring their financial motivations. The activity, observed between May and September 2024, has been attributed to a threat actor tracked as Jumpy Pisces, which is also known as Andariel, APT45, DarkSeoul, Nickel Hyatt, Onyx Sleet (formerly Plutonium), Operation Troy,]]> 2024-10-30T21:14:00+00:00 https://thehackernews.com/2024/10/north-korean-group-collaborates-with.html www.secnews.physaphae.fr/article.php?IdArticle=8603784 False Ransomware,Threat APT 15,APT 45 3.0000000000000000 ProjectZero - Blog de recherche Google In this example, Application.exe is a desktop program calling the documented RegCreateKeyEx function, which is exported by KernelBase.dll. The KernelBase.dll library implements RegCreateKeyEx by translating the high-level API parameters passed by the caller (paths, flags, etc.) to internal ones understood by the kernel. It then invokes the NtCreateKey system call through a thin wrapper provided by ntdll.dll, and the execution finally reaches the Windows kernel, where all of the actual work on the internal registry representation is performed. ]]> 2024-10-25T10:30:02+00:00 https://googleprojectzero.blogspot.com/2024/10/the-windows-registry-adventure-4-hives.html www.secnews.physaphae.fr/article.php?IdArticle=8601741 False Tool,Vulnerability,Threat,Legislation,Technical APT 17 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-14T21:26:20+00:00 https://community.riskiq.com/article/cd213500 www.secnews.physaphae.fr/article.php?IdArticle=8597846 False Ransomware,Malware,Tool,Vulnerability,Threat,Patching,Industrial,Medical,Cloud APT 29,APT 10,GoldenJackal 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-07T19:22:45+00:00 https://community.riskiq.com/article/d47fc595 www.secnews.physaphae.fr/article.php?IdArticle=8593838 False Malware,Tool,Threat,Industrial,Cloud APT 10 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-23T16:05:03+00:00 https://community.riskiq.com/article/2cc779bd www.secnews.physaphae.fr/article.php?IdArticle=8583096 False Ransomware,Malware,Tool,Vulnerability,Threat,Mobile,Industrial,Prediction,Cloud,Conference APT 10 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-20T13:20:01+00:00 https://community.riskiq.com/article/8f34c36c www.secnews.physaphae.fr/article.php?IdArticle=8580523 False Malware,Tool,Threat,Industrial,Commercial APT 10 2.0000000000000000 Contagio - Site d infos ransomware 2024 -08 -30 truesec : disséquant la cigale (ransomware ) & nbsp; ESXi ransomware cicada3301, un groupe de ransomware d'abord d'aborddétecté en juin 2024, semble être une version rebaptisée ou dérivée du groupe Ransomware AlphV, utilisant un modèle Ransomware-as-a-Service (RAAS).Le ransomware, écrit en rouille, cible les environnements Windows et Linux / Esxi, en utilisant Chacha20 pour le cryptage.L'analyse technique révèle plusieurs similitudes clés avec AlPHV: les deux utilisent des structures de commande presque identiques pour arrêter les machines virtuelles et supprimer des instantanés, et partager une convention de dénomination de fichiers similaire.Le binaire de Ransomware \\ est un fichier ELF, avec son origine de rouille confirmée par des références de chaîne et une enquête de la section .comment. Les paramètres clés incluent Sleep , qui retarde l'exécution de Ransomware \\, et ui , qui affiche la progression du chiffrement à l'écran.Le paramètre clé est crucial pour le déchiffrement;S'il n'est pas fourni ou incorrect, le ransomware cessera de fonctionner.La fonction principale, linux_enc , démarre le processus de chiffrement en générant une clé aléatoire à l'aide de osrng .Les fichiers supérieurs à 100 Mo sont chiffrés en pièces, tandis que les fichiers plus petits sont chiffrés entièrement à l'aide de Chacha20.La clé chacha20 est ensuite sécurisée avec une clé publique RSA et ajoutée, ainsi qu'une extension de fichier spécifique, à la fin du fichier crypté. L'accès initial semble être facilité par le botnet Brutus, avec des acteurs de menace utilisant des informations d'identification volées ou forcées pour accéder via ScreenConnect.L'adresse IP associée à cette attaque est liée au botnet Brutus, ce qui augmente la possibilité d'une connexion directe entre les opérateurs de botnet et CICADA3301.Le ransomware dispose également d'une routine de vérification de décryptage, où une note de ransomware codée et cryptée stockée dans le binaire est décryptée à l'aide de la clé fournie, validant le décryptage correct. Télécharger Télécharger.(Envoyez-moi un e-mail si vous avez besoin du schéma de mot de passe) ]]> 2024-09-07T17:31:39+00:00 https://contagiodump.blogspot.com/2024/09/2024-08-30-cicada-esxi-ransomware-sample.html www.secnews.physaphae.fr/article.php?IdArticle=8572211 False Ransomware,Threat,Technical APT 10 2.0000000000000000 The State of Security - Magazine Américain What is the Cicada ransomware? Cicada (also known as Cicada3301) is sophisticated ransomware written in Rust that has claimed more than 20 victims since its discovery in June 2024. Why is the ransomware called Cicada? The criminals behind Cicada appear to have named it after the mysterious Cicada 3301 puzzles posted on the internet between 2012 and 2014, seemingly to recruit highly intelligent individuals. Of course, there is no reason to believe that the ransomware is in any fashion related to the enigmatic puzzles that appeared a decade before it - other than through the name. Fair enough...]]> 2024-09-05T09:54:06+00:00 https://www.tripwire.com/state-of-security/cicada-ransomware-what-you-need-know www.secnews.physaphae.fr/article.php?IdArticle=8570547 False Ransomware APT 10 2.0000000000000000 The Register - Site journalistique Anglais Researchers find many similarities, and nasty new customizations such as embedded compromised user credentials The Cicada3301 ransomware, which has claimed at least 20 victims since it was spotted in June, shares "striking similarities" with the notorious BlackCat ransomware, according to security researchers at Israeli outfit endpoint security outfit Morphisec.…]]> 2024-09-04T14:29:06+00:00 https://go.theregister.com/feed/www.theregister.com/2024/09/04/cicada_ransomware_blackcat_links/ www.secnews.physaphae.fr/article.php?IdArticle=8569778 False Ransomware APT 10 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A North Korea-linked threat actor known for its cyber espionage operations has gradually expanded into financially-motivated attacks that involve the deployment of ransomware, setting it apart from other nation-state hacking groups linked to the country. Google-owned Mandiant is tracking the activity cluster under a new moniker APT45, which overlaps with names such as Andariel, Nickel Hyatt,]]> 2024-07-25T19:38:00+00:00 https://thehackernews.com/2024/07/north-korean-hackers-shift-from-cyber.html www.secnews.physaphae.fr/article.php?IdArticle=8544172 False Ransomware,Threat APT 15 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A China-linked threat actor called APT17 has been observed targeting Italian companies and government entities using a variant of a known malware referred to as 9002 RAT. The two targeted attacks took place on June 24 and July 2, 2024, Italian cybersecurity company TG Soft said in an analysis published last week. "The first campaign on June 24, 2024 used an Office document, while the second]]> 2024-07-17T14:17:00+00:00 https://thehackernews.com/2024/07/china-linked-apt17-targets-italian.html www.secnews.physaphae.fr/article.php?IdArticle=8538711 False Malware,Threat APT 17 4.0000000000000000 TrendLabs Security - Editeur Antivirus To test the effectiveness of managed services like our Trend Micro managed detection and response offering, MITRE Engenuity™ combined the tools, techniques, and practices of two globally notorious bad actors: menuPass and ALPHV/BlackCat. This blog tells the story of why they were chosen and what makes them threats to be reckoned with.]]> 2024-06-26T00:00:00+00:00 https://www.trendmicro.com/en_us/research/24/f/menupass-alphv-blackcat-threats.html www.secnews.physaphae.fr/article.php?IdArticle=8526072 False Tool,Prediction APT 10 3.0000000000000000 BlackBerry - Fabricant Matériel et Logiciels BlackBerry recently participated in the MITRE Engenuity ATT&CK Evaluations for Managed Services. This round of independent testing emulated the BlackCat/ALPHV and menuPass threat groups, highlighting the need for robust, adaptive security solutions in the face of sophisticated adversaries.]]> 2024-06-18T05:00:00+00:00 https://blogs.blackberry.com/en/2024/06/blackberry-effective-against-blackcat-alphv-and-menupass-in-mitre-attack-evaluations www.secnews.physaphae.fr/article.php?IdArticle=8520543 False Threat APT 10 2.0000000000000000 TrendLabs Security - Editeur Antivirus The latest MITRE Engenuity ATT&CK Evaluations pitted leading managed detection and response (MDR) services against threats modeled on the menuPass and BlackCat/AlphV adversary groups. Trend Micro achieved 100% detection across all 15 major attack steps with an 86% actionable rate for those steps- balancing detections and business priorities including operational continuity and minimized disruption.]]> 2024-06-18T00:00:00+00:00 https://www.trendmicro.com/en_us/research/24/f/mitre-enginuity-attack-evaluations.html www.secnews.physaphae.fr/article.php?IdArticle=8520494 False Prediction APT 10 2.0000000000000000 Mandiant - Blog Sécu de Mandiant   Executive Summary  Mandiant assesses with high confidence that the Paris Olympics faces an elevated risk of cyber threat activity, including cyber espionage, disruptive and destructive operations, financially-motivated activity, hacktivism, and information operations.  Olympics-related cyber threats could realistically impact various targets including event organizers and sponsors, ticketing systems, Paris infrastructure, and athletes and spectators traveling to the event.  Mandiant assesses with high confidence that Russian threat groups pose the highest risk to the Olympics. While China, Iran, and North Korea state sponsored actors also pose a moderate to low risk. To reduce the risk of cyber threats associated with the Paris Olympics, organizations should update their threat profiles, conduct security awareness training, and consider travel-related cyber risks. The security community is better prepared for the cyber threats facing the Paris Olympics than it has been for previous Games, thanks to the insights gained from past events. While some entities may face unfamiliar state-sponsored threats, many of the cybercriminal threats will be familiar. While the technical disruption caused by hacktivism and information operations is often temporary, these operations can have an outsized impact during high-profile events with a global audience. Introduction  The 2024 Summer Olympics taking place in Paris, France between July and August creates opportunities for a range of cyber threat actors to pursue profit, notoriety, and intelligence. For organizations involved in the event, understanding relevant threats is key to developing a resilient security posture. Defenders should prepare against a variety of threats that will likely be interested in targeting the Games for different reasons:  Cyber espionage groups are likely to target the 2024 Olympics for information gathering purposes, due to the volume of government officials and senior decision makers attending. Disruptive and destructive operations could potentially target the Games to cause negative psychological effects and reputational damage. This type of activity could take the form of website defacements, distributed denial of service (DDoS) attacks, the deployment of wiper malware, and operational technology (OT) targeting. As a high profile, large-scale sporting event with a global audience, the Olympics represents an ideal stage for such operations given that the impact of any disruption would be significantly magnified.  Information operations will likely leverage interest in the Olympics to spread narratives and disinformation to target audiences. In some cases, threat actors may leverage disruptive and destructive attacks to amplify the spread of particular narratives in hybrid operations. Financially-motivated actors are likely to target the Olympics in v]]> 2024-06-05T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/cyber-threats-2024-paris-olympics/ www.secnews.physaphae.fr/article.php?IdArticle=8513588 False Ransomware,Malware,Threat,Studies,Mobile,Cloud,Technical APT 15,APT 31,APT 42 2.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain Amplifiez l'intention humaine de l'intention humaineet capacité .C'était l'histoire de la révolution industrielle: nous pouvions contrôler la nature et construire de grandes sociétés humaines complexes, et plus nous employons et maîtrisons la technologie, mieux les choses sont devenues.Nous ne vivons plus dans ce monde.Non seulement la technologie est enchevêtrée avec la structure de la société, mais nous ne pouvons plus voir le monde qui nous entoure sans lui.La séparation a disparu et le contrôle que nous pensions que nous avions autrefois révélé comme un mirage.Nous & # 8217; re dans une période de transition de l'histoire en ce moment ...

---

Technology was once simply a tool—and a small one at that—used to amplify human intent and capacity. That was the story of the industrial revolution: we could control nature and build large, complex human societies, and the more we employed and mastered technology, the better things got. We don’t live in that world anymore. Not only has technology become entangled with the structure of society, but we also can no longer see the world around us without it. The separation is gone, and the control we thought we once had has revealed itself as a mirage. We’re in a transitional period of history right now...]]> 2024-06-03T11:06:54+00:00 https://www.schneier.com/blog/archives/2024/06/seeing-like-a-data-structure.html www.secnews.physaphae.fr/article.php?IdArticle=8512359 False Industrial APT 15 3.0000000000000000 Ars Technica - Risk Assessment Security Hacktivism Fixing the helium leak would delay Starliner crew test flight for months.]]> 2024-05-25T03:34:42+00:00 https://arstechnica.com/?p=2027053 www.secnews.physaphae.fr/article.php?IdArticle=8506506 False None APT 17 2.0000000000000000 The Register - Site journalistique Anglais Starliner or Padstayer? Boeing\'s Starliner, aka the Calamity Capsule, has suffered another setback after a hoped-for May 25 launch date has been dropped as engineers work to deal with a helium leak in the spacecraft\'s propulsion system.…]]> 2024-05-22T15:45:12+00:00 https://go.theregister.com/feed/www.theregister.com/2024/05/22/boeings_calamity_capsule_launch_date/ www.secnews.physaphae.fr/article.php?IdArticle=8504841 False None APT 17 3.0000000000000000 Mandiant - Blog Sécu de Mandiant   Mandiant Intelligence is tracking a growing trend among China-nexus cyber espionage operations where advanced persistent threat (APT) actors utilize proxy networks known as “ORB networks” (operational relay box networks) to gain an advantage when conducting espionage operations. ORB networks are akin to botnets and are made up of virtual private servers (VPS), as well as compromised Internet of Things (IoT) devices, smart devices, and routers that are often end of life or unsupported by their manufacturers. Building networks of compromised devices allows ORB network administrators to easily grow the size of their ORB network with little effort and create a constantly evolving mesh network that can be used to conceal espionage operations.  By using these mesh networks to conduct espionage operations, actors can disguise external traffic between command and control (C2) infrastructure and victim environments including vulnerable edge devices that are being exploited via zero-day vulnerabilities.  These networks often use both rented VPS nodes in combination with malware designed to target routers so they can grow the number of devices capable of relaying traffic within compromised networks.  Mandiant assesses with moderate confidence that this is an effort to raise the cost of defending an enterprise\'s network and shift the advantage toward espionage operators by evading detection and complicating attribution. Mandiant believes that if network defenders can shift the current enterprise defense paradigm away from treating adversary infrastructure like indicators of compromise (IOCs) and instead toward tracking ORB networks like evolving entities akin to APT groups, enterprises can contend with the rising challenge of ORB networks in the threat landscape. IOC Extinction and the Rise of ORB Networks The cybersecurity industry has reported on the APT practice of ORB network usage in the past as well as on the functional implementation of these networks. Less discussed are the implications of broad ORB network usage by a multitude of China-nexus espionage actors, which has become more common over recent years. The following are three key points and paradigm shifting implications about ORB networks that require enterprise network defenders to adapt the way they think about China-nexus espionage actors: ORB networks undermine the idea of “Actor-Controlled Infrastructure”: ORB networks are infrastructure networks administered by independent entities, contractors, or administrators within the People\'s Republic of China (PRC). They are not controlled by a single APT actor. ORB networks create a network interface, administer a network of compromised nodes, and contract access to those networks to multiple APT actors that will use the ORB networks to carry out their own distinct espionage and reconnaissance. These networks are not controlled by APT actors using them, but rather are temporarily used by these APT actors often to deploy custom tooling more conventionally attributable to known China-nexus adversaries. ORB network infrastructure has a short lifesp]]> 2024-05-22T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-espionage-orb-networks/ www.secnews.physaphae.fr/article.php?IdArticle=8504765 False Malware,Tool,Vulnerability,Threat,Prediction,Cloud,Commercial APT 15,APT 5,APT 31 3.0000000000000000 Ars Technica - Risk Assessment Security Hacktivism The first launch of astronauts aboard Boeing\'s Starliner capsule is now set for May 21.]]> 2024-05-14T19:47:22+00:00 https://arstechnica.com/?p=2024298 www.secnews.physaphae.fr/article.php?IdArticle=8499790 False None APT 17 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine France\'s employment agency suffered a massive breach, exposing the data of users who registered over the past 20 years]]> 2024-03-14T15:00:00+00:00 https://www.infosecurity-magazine.com/news/french-employment-agency-data/ www.secnews.physaphae.fr/article.php?IdArticle=8463831 False Data Breach APT 19 3.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain web3 va bien & # 8221;FAME & # 8212; critiques Chris Dixon & # 8217; s Blockchain Solutions Livre: lisez écrire propre : En fait, tout au long du livre, Dixon ne parvient pas à identifier un projet de blockchain qui a réussi à fournir un service non spécifique à tout type.Le plus proche qu'il arrive, c'est quand il parle de la façon dont & # 8220; Pendant des décennies, les technologues ont rêvé de construire un fournisseur d'accès Internet de base & # 8221;.Il décrit un projet qui est obtenu plus loin que quiconque & # 8221;: Helium.Il est raisonnable, tant que vous ignorez le fait que l'hélium fournissait à Lorawan, pas Internet, qu'au moment où il écrivait son livre, les hotspots d'hélium avaient depuis longtemps passé la phase où ils pourraient générer encore assez de jetons pour leurs opérateurs pour leurs opérateursPour se casser même, et que le réseau s'arrête dans environ 1 150 $ de frais d'utilisation par mois malgré le fait que l'entreprise soit évaluée à 1,2 milliard de dollars.Oh, et que l'entreprise avait largement menti au public sur ses supposés clients de renom, et que ses dirigeants ont été accusés d'avoir thésaurigeant le jeton du projet pour s'enrichir.Mais bon, A16Z a coulé des millions d'hélium (un fait que Dixon ne mentionne jamais), donc aussi bien essayer de stimuler un nouvel intérêt! ...

---

Molly White—of “Web3 is Going Just Great” fame—reviews Chris Dixon’s blockchain solutions book: Read Write Own: In fact, throughout the entire book, Dixon fails to identify a single blockchain project that has successfully provided a non-speculative service at any kind of scale. The closest he ever comes is when he speaks of how “for decades, technologists have dreamed of building a grassroots internet access provider”. He describes one project that “got further than anyone else”: Helium. He’s right, as long as you ignore the fact that Helium was providing LoRaWAN, not Internet, that by the time he was writing his book Helium hotspots had long since passed the phase where they might generate even enough tokens for their operators to merely break even, and that the network was pulling in somewhere around $1,150 in usage fees a month despite the company being valued at $1.2 billion. Oh, and that the company had widely lied to the public about its supposed big-name clients, and that its executives have been accused of hoarding the project’s token to enrich themselves. But hey, a16z sunk millions into Helium (a fact Dixon never mentions), so might as well try to drum up some new interest!...]]> 2024-02-13T12:07:03+00:00 https://www.schneier.com/blog/archives/2024/02/molly-white-reviews-blockchain-book.html www.secnews.physaphae.fr/article.php?IdArticle=8449566 False None APT 17 3.0000000000000000 Kovrr - cyber risk management platform 2023-11-28T00:00:00+00:00 https://www.kovrr.com/reports/investigating-the-risk-of-compromised-credentials-and-internet-exposed-assets www.secnews.physaphae.fr/article.php?IdArticle=8417472 False Ransomware,Threat,Studies,Prediction,Cloud APT 39,APT 39,APT 17 3.0000000000000000 Silicon - Site de News Francais 2023-10-24T08:07:41+00:00 https://www.silicon.fr/cloud-confiance-vision-environnementale-cigref-472634.html www.secnews.physaphae.fr/article.php?IdArticle=8399611 False Cloud APT 15 2.0000000000000000 Silicon - Site de News Francais 2023-10-20T10:19:43+00:00 https://www.silicon.fr/metiers-it-scrum-master-fonction-formation-et-salaire-472576.html www.secnews.physaphae.fr/article.php?IdArticle=8398212 False None APT 15 2.0000000000000000 knowbe4 - cybersecurity services Resesecurity avertit que l'acteur de la triade de smirage a «largement élargi son empreinte d'attaque» aux Émirats arabes unis (EAU).

---

Resecurity warns that the Smishing Triad threat actor has “vastly expanded its attack footprint” in the United Arab Emirates (UAE).]]> 2023-10-10T20:05:50+00:00 https://blog.knowbe4.com/smishing-triad-sets-its-sights-on-uae www.secnews.physaphae.fr/article.php?IdArticle=8393944 False Threat APT 15 3.0000000000000000 Data Security Breach - Site de news Francais Continue reading Un groupe d'espionnage aligné avec les intérêts chinois usurpant Signal et Telegram]]> 2023-09-01T13:43:32+00:00 https://www.datasecuritybreach.fr/apt-gref/ www.secnews.physaphae.fr/article.php?IdArticle=8377844 False Tool APT 15 3.0000000000000000 Global Security Mag - Site de news francais Malwares]]> 2023-08-31T09:18:59+00:00 https://www.globalsecuritymag.fr/ESET-decouvre-un-groupe-d-espionnage-aligne-avec-les-interets-chinois-usurpant.html www.secnews.physaphae.fr/article.php?IdArticle=8377106 False Malware APT 15 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered malicious Android apps for Signal and Telegram distributed via the Google Play Store and Samsung Galaxy Store that are engineered to deliver the BadBazaar spyware on infected devices. Slovakian company ESET attributed the campaign to a China-linked actor called GREF. "Most likely active since July 2020 and since July 2022, respectively, the campaigns]]> 2023-08-30T19:13:00+00:00 https://thehackernews.com/2023/08/china-linked-badbazaar-android-spyware.html www.secnews.physaphae.fr/article.php?IdArticle=8376758 False None APT 15,APT 15 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine ESET said BadBazaar was available via the Google Play Store, Samsung Galaxy Store and various app sites]]> 2023-08-30T16:00:00+00:00 https://www.infosecurity-magazine.com/news/chinese-gref-target-badbazaar/ www.secnews.physaphae.fr/article.php?IdArticle=8376774 False None APT 15,APT 15 3.0000000000000000 Bleeping Computer - Magazine Américain Trojanized Signal and Telegram apps containing the BadBazaar spyware were uploaded onto Google Play and Samsung Galaxy Store by a Chinese APT hacking group known as GREF. [...]]]> 2023-08-30T11:16:48+00:00 https://www.bleepingcomputer.com/news/security/trojanized-signal-and-telegram-apps-on-google-play-delivered-spyware/ www.secnews.physaphae.fr/article.php?IdArticle=8376772 False None APT 15 3.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET ESET researchers have discovered active campaigns linked to the China-aligned APT group known as GREF, distributing espionage code that has previously targeted Uyghurs]]> 2023-08-30T09:30:18+00:00 https://www.welivesecurity.com/en/eset-research/badbazaar-espionage-tool-targets-android-users-trojanized-signal-telegram-apps/ www.secnews.physaphae.fr/article.php?IdArticle=8382224 False Tool APT 15 2.0000000000000000 Bleeping Computer - Magazine Américain The China-aligned APT (advanced persistent threat) group known as \'Bronze Starlight\' was seen targeting the Southeast Asian gambling industry with malware signed using a valid certificate used by the Ivacy VPN provider. [...]]]> 2023-08-19T10:07:14+00:00 https://www.bleepingcomputer.com/news/security/hackers-use-vpn-providers-code-certificate-to-sign-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8372468 False Malware APT 10 3.0000000000000000 AhnLab - Korean Security Firm Tendances du groupe APT & # 8211;Juin 2023 1) Andariel 2) APT28 3) Cadet Blizzard (Dev-0586) 4) Camaro Dragon 5) Chicheau charmant (Mint Sandstorm) 6) Gamaredon (Shuckworm) 7) Ke3Chang (Apt15, Nickel) 8) Kimsuky 9) Lazarus 10) Eau boueuse 11) Mustang Panda 12) Oceanlotus 13) Patchwork (éléphant blanc) 14) REd Eyes (APT37) 15) Sharp Panda 16) Sidecopy 17) Soldat Stealth ATIP_2023_JUN_THREAT Rapport de tendance sur les groupes APT

---

APT Group Trends – June 2023  1) Andariel 2) APT28 3) Cadet Blizzard (DEV-0586) 4) Camaro Dragon 5) Charming Kitten (Mint Sandstorm) 6) Gamaredon (Shuckworm) 7) Ke3chang (APT15, Nickel) 8) Kimsuky 9) Lazarus 10) Muddy Water 11) Mustang Panda 12) OceanLotus 13) Patchwork (White Elephant) 14) Red Eyes (APT37) 15) Sharp Panda 16) SideCopy 17) Stealth Soldier ATIP_2023_Jun_Threat Trend Report on APT Groups ]]> 2023-08-16T06:46:45+00:00 https://asec.ahnlab.com/en/56195/ www.secnews.physaphae.fr/article.php?IdArticle=8370575 False Threat,Prediction APT 38,APT 37,APT 37,APT 35,APT 35,APT 32,APT 32,APT 28,APT 28,APT 15,APT 15,APT 25 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC AI-hallucinations: Artificial intelligence (AI) hallucinations, as described [2], refer to confident responses generated by AI systems that lack justification based on their training data. Similar to human psychological hallucinations, AI hallucinations involve the AI system providing information or responses that are not supported by the available data. However, in the context of AI, hallucinations are associated with unjustified responses or beliefs rather than false percepts. This phenomenon gained attention around 2022 with the introduction of large language models like ChatGPT, where users observed instances of seemingly random but plausible-sounding falsehoods being generated. By 2023, it was acknowledged that frequent hallucinations in AI systems posed a significant challenge for the field of language models. The exploitative process: Cybercriminals begin by deliberately publishing malicious packages under commonly hallucinated names produced by large language machines (LLMs) such as ChatGPT within trusted repositories. These package names closely resemble legitimate and widely used libraries or utilities, such as the legitimate package ‘arangojs’ vs the hallucinated package ‘arangodb’ as shown in the research done by Vulcan [1]. The trap unfolds: When developers, unaware of the malicious intent, utilize AI-based tools or large language models (LLMs) to generate code snippets for their projects, they inadvertently can fall into a trap. The AI-generated code snippets can include imaginary unpublished libraries, enabling cybercriminals to publish commonly used AI-generated imaginary package names. As a result, developers unknowingly import malicious packages into their projects, introducing vulnerabilities, backdoors, or other malicious functionalities that compromise the security and integrity of the software and possibly other projects. Implications for developers: The exploitation of AI-generated hallucinated package names poses significant risks to developers and their projects. Here are some key implications: Trusting familiar package names: Developers commonly rely on package names they recognize to introduce code snippets into their projects. The presence of malicious packages under commonly hallucinated names makes it increasingly difficult to distinguish between legitimate and malicious options when relying on the trust from AI generated code. Blind trust in AI-generated code: Many develo]]> 2023-08-02T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/code-mirage-how-cyber-criminals-harness-ai-hallucinated-code-for-malicious-machinations www.secnews.physaphae.fr/article.php?IdArticle=8364676 False Tool APT 15,ChatGPT,ChatGPT 3.0000000000000000 Silicon - Site de News Francais 2023-07-19T16:09:41+00:00 https://www.silicon.fr/ia-generative-cigref-470181.html www.secnews.physaphae.fr/article.php?IdArticle=8358883 False None APT 15 3.0000000000000000 Kovrr - cyber risk management platform 2023-07-13T00:00:00+00:00 https://www.kovrr.com/reports/the-ransomware-threat-landscape-h123 www.secnews.physaphae.fr/article.php?IdArticle=8393595 False Ransomware,Data Breach,Vulnerability,Threat,Cloud APT 17 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Social media reports suggest an individual allegedly dumped approximately 500GB of animation files]]> 2023-07-07T16:00:00+00:00 https://www.infosecurity-magazine.com/news/twitter-user-exposes-nickelodeon/ www.secnews.physaphae.fr/article.php?IdArticle=8353400 False None APT 15 2.0000000000000000 The Register - Site journalistique Anglais TV network\'s attorneys \'on a DMCA rampage\' ... are you sure you\'re ready, kids? Nickelodeon says it is probing claims that "decades old" material was stolen from it and leaked online. This follows reports on social media that someone had dumped 500GB of snatched animation files. Hilarity, and many SpongeBob SquarePants memes, ensued.…]]> 2023-07-06T22:45:12+00:00 https://go.theregister.com/feed/www.theregister.com/2023/07/06/nickelodeon_confirms_data_leak/ www.secnews.physaphae.fr/article.php?IdArticle=8353174 False None APT 15 2.0000000000000000 Recorded Future - FLux Recorded Future Le géant de la télévision des enfants, Nickelodeon, a déclaré qu'il enquêtait sur une violation présumée après que les pirates aient prétendu avoir volé 500 Go de données.Pendant des jours, les experts en cybersécurité ont averti que pirates partagent des documents volés du réseau qui comprenait des fuites du département d'animation Nickellodeon.Certaines des informations auraient remonté des décennies.[Captures d'écran du

---

Children\'s television giant Nickelodeon said it is investigating an alleged breach after hackers claimed to have stolen 500 GB of data. For days, cybersecurity experts have warned that hackers are sharing stolen documents from the network that included leaks from the Nickelodeon animation department. Some of the information allegedly dates back decades. [Screenshots of the]]> 2023-07-06T19:11:00+00:00 https://therecord.media/nickelodeon-alleged-data-breach www.secnews.physaphae.fr/article.php?IdArticle=8353124 False None APT 15 2.0000000000000000 Bleeping Computer - Magazine Américain Nickelodeon has confirmed that the data leaked from an alleged breach of the company is legitimate but it appears to be decades old. [...]]]> 2023-07-06T11:03:36+00:00 https://www.bleepingcomputer.com/news/security/nickelodeon-investigates-breach-after-leak-of-decades-old-data/ www.secnews.physaphae.fr/article.php?IdArticle=8352923 False None APT 15 2.0000000000000000 knowbe4 - cybersecurity services CyberheistNews Vol 13 #26  |   June 27th, 2023 [Eyes Open] The FTC Reveals the Latest Top Five Text Message Scams The U.S. Federal Trade Commission (FTC) has published a data spotlight outlining the most common text message scams. Phony bank fraud prevention alerts were the most common type of text scam last year. "Reports about texts impersonating banks are up nearly tenfold since 2019 with median reported individual losses of $3,000 last year," the report says. These are the top five text scams reported by the FTC: Copycat bank fraud prevention alerts Bogus "gifts" that can cost you Fake package delivery problems Phony job offers Not-really-from-Amazon security alerts "People get a text supposedly from a bank asking them to call a number ASAP about suspicious activity or to reply YES or NO to verify whether a transaction was authorized. If they reply, they\'ll get a call from a phony \'fraud department\' claiming they want to \'help get your money back.\' What they really want to do is make unauthorized transfers. "What\'s more, they may ask for personal information like Social Security numbers, setting people up for possible identity theft." Fake gift card offers took second place, followed by phony package delivery problems. "Scammers understand how our shopping habits have changed and have updated their sleazy tactics accordingly," the FTC says. "People may get a text pretending to be from the U.S. Postal Service, FedEx, or UPS claiming there\'s a problem with a delivery. "The text links to a convincing-looking – but utterly bogus – website that asks for a credit card number to cover a small \'redelivery fee.\'" Scammers also target job seekers with bogus job offers in an attempt to steal their money and personal information. "With workplaces in transition, some scammers are using texts to perpetrate old-school forms of fraud – for example, fake \'mystery shopper\' jobs or bogus money-making offers for driving around with cars wrapped in ads," the report says. "Other texts target people who post their resumes on employment websites. They claim to offer jobs and even send job seekers checks, usually with instructions to send some of the money to a different address for materials, training, or the like. By the time the check bounces, the person\'s money – and the phony \'employer\' – are long gone." Finally, scammers impersonate Amazon and send fake security alerts to trick victims into sending money. "People may get what looks like a message from \'Amazon,\' asking to verify a big-ticket order they didn\'t place," the FTC says. "Concerned ]]> 2023-06-27T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-26-eyes-open-the-ftc-reveals-the-latest-top-five-text-message-scams www.secnews.physaphae.fr/article.php?IdArticle=8349704 False Ransomware,Spam,Malware,Hack,Tool,Threat FedEx,APT 28,APT 15,ChatGPT,ChatGPT 2.0000000000000000 SlashNext - Cyber Firm Un nouvel avertissement de Verizon de la montée en puissance des smirs, des messages texte et des escroqueries par texte et du FBI signalent 10,3 milliards de dollars de fraude sur Internet l'année dernière, les CISO sont de plus en plus préoccupés par les menaces mobiles ciblant les employés et l'impact sur leur organisation.La montée en puissance du smirage, des messages texte de spam et des escroqueries par texte.Dans une enquête récente [& # 8230;] Le post CISOS de plus en plus préoccupé par les menaces mobiles : //slashnext.com "> slashnext .

---

>A new warning from Verizon about the rise of smishing, spam text messages and text scams and the FBI reporting $10.3 billion in internet fraud last year, CISOs are increasingly concerned about mobile threats targeting employees and the impact to their organization.  The rise of smishing, spam text messages and text scams.  In recent survey […] The post CISOs Increasingly Concerned About Mobile Threats first appeared on SlashNext.]]> 2023-06-23T21:30:46+00:00 https://slashnext.com/blog/cisos-increasingly-concerned-about-mobile-threats/ www.secnews.physaphae.fr/article.php?IdArticle=8386745 False Spam APT 15 2.0000000000000000 Dark Reading - Informationweek Branch The notorious APT15 used common malware tools and a third-generation custom "Graphican" backdoor to continue its information gathering exploits, this time against foreign ministries.]]> 2023-06-21T21:35:00+00:00 https://www.darkreading.com/vulnerabilities-threats/20-year-old-chinese-apt15-new-life-foreign-ministry-attacks www.secnews.physaphae.fr/article.php?IdArticle=8347850 False Malware APT 15,APT 15 2.0000000000000000 Dark Reading - Informationweek Branch A threat you\'ve never heard of is using double extortion attacks on mom-and-pop shops around the globe.]]> 2023-06-21T18:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/emerging-ransomware-8base-doxxes-smbs-globally www.secnews.physaphae.fr/article.php?IdArticle=8347782 False Ransomware,Threat APT 17 2.0000000000000000 Recorded Future - FLux Recorded Future Le groupe de cyber-espionnage chinois connu sous le nom de nickel ou APT15 a utilisé une porte dérobée auparavant invisible pour attaquer mercredi des ministères des affaires étrangères en Amérique centrale et du Sud.Dans la campagne qui s'est déroulée de la fin de 2022 au début de 2023, les pirates ont ciblé un département des finances du gouvernement et une société anonyme ainsi que les affaires étrangères

---

The Chinese cyber-espionage group known as Nickel or APT15 used a previously unseen backdoor to attack ministries of foreign affairs in Central and South America, researchers reported Wednesday. In the campaign that ran from late 2022 into early 2023, hackers targeted a government finance department and an unnamed corporation as well as the foreign affairs]]> 2023-06-21T17:13:00+00:00 https://therecord.media/apt15-nickel-graphican-backdoor www.secnews.physaphae.fr/article.php?IdArticle=8347784 False None APT 15,APT 15 2.0000000000000000 Bleeping Computer - Magazine Américain The Chinese state-sponsored hacking group tracked as APT15 has been observed using a novel backdoor named \'Graphican\' in a new campaign between late 2022 and early 2023. [...]]]> 2023-06-21T06:00:00+00:00 https://www.bleepingcomputer.com/news/security/chinese-apt15-hackers-resurface-with-new-graphican-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8347642 False Malware APT 15,APT 15 3.0000000000000000 Silicon - Site de News Francais 2023-06-20T08:37:46+00:00 https://www.silicon.fr/cigref-performance-dsi-468130.html www.secnews.physaphae.fr/article.php?IdArticle=8347228 False None APT 15 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC github page to provide user support or employee monitoring. It has been historically associated with malicious activity performed by threat actors, APT groups (like in this Mandiant report from 2017), or government attacks (in this report by Unit42 in 2017). It was first released in July 2014 as “xRAT” and renamed to “Quasar” in August 2015. Since then, there have been released updates to the code until v1.4.1 in March 2023, which is the most current version. As an open-source RAT tool with updates 9 years after its creation, it is no surprise that it continues to be a common tool used by itself or combined with other payloads by threat actors up to this day. In a review of the most recent samples, a new Quasar variant was observed by Alien Labs in the wild: SeroXen. This new RAT is a modified branch of the open-source version, adding some modifications features to the original RAT. They’re selling it for monthly or lifetime fee. Figure 1 contains some of the features advertised on their website. Figure 1. SeroXen features announced on its website. This new RAT first showed up on a Twitter account, established in September 2022. The person advertising the RAT appeared to be an English-speaking teenager. The same Twitter handle published a review of the RAT on YouTube. The video approached the review from an attacking/Red Team point of view, encouraging people to buy the tool because it is worth the money. They were claiming to be a reseller of the tool. In December 2022, a specific domain was registered to market/sell the tool, seroxen[.]com. The RAT was distributed via a monthly license for $30 USD or a lifetime license of $60 USD. It was around that time that the malware was first observed in the wild, appearing with 0 detections on VirusTotal. After a few months, on the 1st of February, the YouTuber CyberSec Zaado published a video alerting the community about the capabilities of the RAT from a defensive perspective. In late February, the RAT was advertised on social media platforms such as TikTok, Twitter, YouTube, and several cracking forums, including hackforums. There were some conversations on gaming forums complaining about being infected by malware after downloading some video games. The artifacts described by the users matched with SeroXen RAT. The threat actor updated the domain name to seroxen[.]net by the end of March. This domain name was registered on March 27th]]> 2023-05-30T22:00:00+00:00 https://cybersecurity.att.com/blogs/labs-research/seroxen-rat-for-sale www.secnews.physaphae.fr/article.php?IdArticle=8340743 False Malware,Tool,Threat Uber,APT 10 2.0000000000000000 Silicon - Site de News Francais 2023-05-29T09:42:08+00:00 https://www.silicon.fr/cigref-scoring-rse-projets-it-466305.html www.secnews.physaphae.fr/article.php?IdArticle=8340178 False None APT 15 3.0000000000000000 DDoSecrets - Blog Sécu: Distributed Email of Secrets Emails from the Indonesian conglomerate involved in nickel, coal, and bauxite mining, ferronickel smelters, alumina refineries, logging, and palm oil plantations.]]> 2023-05-17T07:28:14+00:00 https://ddosecrets.substack.com/p/release-harita-group-510-gb www.secnews.physaphae.fr/article.php?IdArticle=8337280 False None APT 15 2.0000000000000000 GoogleSec - Firm Security Blog Google announced its next step toward a passwordless future: passkeys. Passkeys are a new, passwordless authentication method that offer a convenient authentication experience for sites and apps, using just a fingerprint, face scan or other screen lock. They are designed to enhance online security for users. Because they are based on the public key cryptographic protocols that underpin security keys, they are resistant to phishing and other online attacks, making them more secure than SMS, app based one-time passwords and other forms of multi-factor authentication (MFA). And since passkeys are standardized, a single implementation enables a passwordless experience across browsers and operating systems. Passkeys can be used in two different ways: on the same device or from a different device. For example, if you need to sign in to a website on an Android device and you have a passkey stored on that same device, then using it only involves unlocking the phone. On the other hand, if you need to sign in to that website on the Chrome browser on your computer, you simply scan a QR code to connect the phone and computer to use the passkey.The technology behind the former (“same device passkey”) is not new: it was originally developed within the FIDO Alliance and first implemented by Google in August 2019 in select flows. Google and other FIDO members have been working together on enhancing the underlying technology of passkeys over the last few years to improve their usability and convenience. This technology behind passkeys allows users to log in to their account using any form of device-based user verification, such as biometrics or a PIN code. A credential is only registered once on a user\'s personal device, and then the device proves possession of the registered credential to the remote server by asking the user to use their device\'s screen lock. The user\'s biometric, or other screen lock data, is never sent to Google\'s servers - it stays securely stored on the device, and only cryptographic proof that the user has correctly provided it is sent to Google. Passkeys are also created and stored on your devices and are not sent to websites or apps. If you create a passkey on one device the Google Password Manager can make it available on your other devices that are signed into the same system account.Learn more on how passkey works under the hoo]]> 2023-05-05T12:00:43+00:00 http://security.googleblog.com/2023/05/making-authentication-faster-than-ever.html www.secnews.physaphae.fr/article.php?IdArticle=8333804 False None APT 38,APT 15,APT 10,Guam 2.0000000000000000 RedCanary - Red Canary Microsoft has awarded Red Canary\'s Director of Intelligence Operations its Security Changemaker award at its 2023 Security Excellence Awards.]]> 2023-04-26T16:11:23+00:00 https://redcanary.com/blog/katie-nickels-microsoft-security-award/ www.secnews.physaphae.fr/article.php?IdArticle=8331282 False None APT 15 2.0000000000000000 Recorded Future - FLux Recorded Future Le comté de Suffolk de New York a conclu une enquête sur une attaque de ransomware déstabilisatrice qui a forcé les travailleurs du gouvernement à s'appuyer sur des télécopies et des archives papier, découvrant des déficiences marquantes dans les pratiques de cybersécurité du greffier du comté.Steven Bellone du comté de Suffolk [a tenu une conférence de presse] (https://www.facebook.com/stevebellone/videos/550329996987344/) mercredi pour dévoiler les résultats de l'enquête médico-légale sur le septembre

---

New York\'s Suffolk County has concluded an investigation into a destabilizing ransomware attack that forced government workers to rely on fax machines and paper records, discovering stark deficiencies in the county clerk\'s cybersecurity practices. Suffolk County Executive Steven Bellone [held a press conference](https://www.facebook.com/SteveBellone/videos/550329996987344/) Wednesday to unveil the findings of the forensic investigation into the September]]> 2023-04-12T23:37:00+00:00 https://therecord.media/suffolk-county-new-york-ransomware-investigation www.secnews.physaphae.fr/article.php?IdArticle=8327274 False Ransomware APT 15 2.0000000000000000 Silicon - Site de News Francais 2023-02-22T16:34:23+00:00 https://www.silicon.fr/gestion-crise-cyber-approche-cigref-7-chiffres-458946.html www.secnews.physaphae.fr/article.php?IdArticle=8312524 False None APT 15 3.0000000000000000 Silicon - Site de News Francais 2023-02-20T16:33:54+00:00 https://www.silicon.fr/metiers-it-technologie-femmes-458752.html www.secnews.physaphae.fr/article.php?IdArticle=8311921 False None APT 15 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine 2023-02-17T17:00:00+00:00 https://www.infosecurity-magazine.com/news/eu-warns-chinese-apts/ www.secnews.physaphae.fr/article.php?IdArticle=8311285 False None APT 30,APT 27,APT 15,APT 25,APT 31 2.0000000000000000 Global Security Mag - Site de news francais Formations des Instituts privés et public]]> 2023-02-17T08:29:11+00:00 https://www.globalsecuritymag.fr/Fortinet-enrichit-son-offre-de-services-et-de-formations-pour-aider-les-equipes.html www.secnews.physaphae.fr/article.php?IdArticle=8311183 False None APT 15 2.0000000000000000 CVE Liste - Common Vulnerability Exposure 2023-02-08T14:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41620 www.secnews.physaphae.fr/article.php?IdArticle=8308289 False Vulnerability APT 19 None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Roaming Mantis Implements New DNS Changer in Its Malicious Mobile App in 2022 (published: January 19, 2023) In December 2022, a financially-motivated group dubbed Roaming Mantis (Shaoye) continued targeting mobile users with malicious landing pages. iOS users were redirected to phishing pages, while Android users were provided with malicious APK files detected as XLoader (Wroba, Moqhao). Japan, Austria, France, and Germany were the most targeted for XLoader downloads (in that order). All but one targeted country had smishing as an initial vector. In South Korea, Roaming Mantis implemented a new DNS changer function. XLoader-infected Android devices were targeting specific Wi-Fi routers used mostly in South Korea. The malware would compromise routers with default credentials and change the DNS settings to serve malicious landing pages from legitimate domains. Analyst Comment: The XLoader DNS changer function is especially dangerous in the context of free/public Wi-Fi that serve many devices. Install anti-virus software for your mobile device. Users should be cautious when receiving messages with a link or unwarranted prompts to install software. MITRE ATT&CK: [MITRE ATT&CK] T1078.001 - Valid Accounts: Default Accounts | [MITRE ATT&CK] T1584 - Compromise Infrastructure Tags: actor:Roaming Mantis, actor:Shaoye, file-type:APK, detection:Wroba, detection:Moqhao, detection:XLoader, malware-type:Trojan-Dropper, DNS changer, Wi-Fi routers, ipTIME, EFM Networks, Title router, DNS hijacking, Malicious app, Smishing, South Korea, target-country:KR, Japan, target-country:JP, Austria, target-country:AT, France, target-country:FR, Germany, target-country:DE, VK, Mobile, Android Hook: a New Ermac Fork with RAT Capabilities (published: January 19, 2023) ThreatFabric researchers analyzed a new Android banking trojan named Hook. It is a rebranded development of the Ermac malware that was based on the Android banker Cerberus. Hook added new capabilities in targeting banking and cryptocurrency-related applications. The malware also added capabilities of a remote access trojan and a spyware. Its device take-over capabilities include being able to remotely view and interact with the screen of the infected device, manipulate files on the devices file system, simulate clicks, fill text boxes, and perform gestures. Hook can start the social messaging application WhatsApp, extract all the messages present, and send new ones. Analyst Comment: Users should take their mobile device security seriously whether they use it for social messaging or actually provide access to their banking accounts and/or cryptocurrency holdings. Similar to its predecessors, Hook will likely be used by many threat actors (malware-as-as-service model). It means the need to protect from a wide range of attacks: smishing, prompts to install malicious apps, excessive]]> 2023-01-24T16:30:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-roaming-mantis-changes-dns-on-wi-fi-routers-hook-android-banking-trojan-has-device-take-over-capabilities-ke3chang-targeted-iran-with-updated-turian-backdoor www.secnews.physaphae.fr/article.php?IdArticle=8303740 False Malware,Tool,Threat,Guideline APT 15,APT 25 3.0000000000000000 SkullSecurity - Blog Sécu CVE-2022-41352 - my AttackerKB analysis for Rapid7) that turned out to be a new(-ish) exploit path for a really old bug in cpio - CVE-2015-1194. But that was patched in 2019, so what happened? (I posted this as a tweet-thread awhile back, but I decided to flesh it out and make it into a full blog post!) cpio is an archive tool commonly used for system-level stuff (firmware images and such). It can also extract other format, like .tar, which we'll use since it's more familiar. cpio has a flag (--no-absolute-filenames), off by default, that purports to prevent writing files outside of the target directory. That's handy when, for example, extracting untrusted files with Amavis (like Zimbra does). The problem is, symbolic links can point to absolute paths, and therefore, even with --no-absolute-filenames, there was no safe way to extract an untrusted archive (outside of using a chroot environment or something similar, which they really ought to do). Much later, in 2019, the cpio team released cpio version 2.13, which includes a patch for CVE-2015-1194, with unit tests and everything. Some (not all) modern OSes include the patched version of cpio, which should be the end of the story, but it's not! I'm currently writing this on Fedora 35, so let's try exploiting it. We can confirm that the version of cpio installed with the OS is, indeed, the fixed version: ron@fedora ~ $ cpio --version cpio (GNU cpio) 2.13 Copyright (C) 2017 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later . This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Written by Phil Nelson, David MacKenzie, John Oleynick, and Sergey Poznyakoff. That means that we shouldn't be able to use symlinks to write outside of the target directory, so let's create a .tar file that includes a symlink and a file written through that symlink (this is largely copied from this mailing list post: ron@fedora ~ $ mkdir cpiotest ron@fedora ~ $ cd cpiotest ron@fedora ~/cpiotest $ ln -s /tmp/ ./demo ron@fedora ~/cpiotest $ echo 'hello' > demo/imafile ron@fedora ~/cpiotest $ tar -cvf demo.tar demo demo/imafile demo demo/imafile ron@fedora ~/cpiotest $ ]]> 2023-01-23T20:14:17+00:00 https://www.skullsecurity.org/2023/blast-from-the-past--how-attackers-compromised-zimbra-with-a-patched-vulnerability www.secnews.physaphae.fr/article.php?IdArticle=8303535 False Tool,Vulnerability APT 17 4.0000000000000000 CSO - CSO Daily Dashboard Palo Alto Networks report. The Chinese threat actor also known as APT15, KeChang, NICKEL, BackdoorDiplomacy, and Vixen Panda, was observed attempting to connect government domains to malware infrastructure previously associated with the APT group, according to the report.“Playful Taurus continues to evolve their tactics and their tooling. Recent upgrades to the Turian backdoor and new C2 infrastructure suggest that these actors continue to see success during their cyber espionage campaigns,” Palo Alto Networks said in a blog. To read this article in full, please click here]]> 2023-01-19T04:27:00+00:00 https://www.csoonline.com/article/3686088/chinese-hackers-targeted-iranian-government-entities-for-months-report.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8302529 False Malware,Threat APT 15,APT 25 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine 2023-01-18T18:00:00+00:00 https://www.infosecurity-magazine.com/news/chinese-apt-group-vixen-panda/ www.secnews.physaphae.fr/article.php?IdArticle=8302416 False None APT 15,APT 25 3.0000000000000000 Silicon - Site de News Francais 2023-01-09T10:58:20+00:00 https://www.silicon.fr/low-code-enedis-pierre-fabre-stime-temoignent-455846.html www.secnews.physaphae.fr/article.php?IdArticle=8299144 False None APT 15 2.0000000000000000 Silicon - Site de News Francais 2023-01-09T09:34:59+00:00 https://www.silicon.fr/low-code-cigref-question-couts-455839.html www.secnews.physaphae.fr/article.php?IdArticle=8299130 False None APT 15 2.0000000000000000 Korben - Bloger francais Suite]]> 2023-01-01T08:00:00+00:00 https://korben.info/enlever-watermark-photo.html www.secnews.physaphae.fr/article.php?IdArticle=8296926 False None APT 19 3.0000000000000000 CVE Liste - Common Vulnerability Exposure 2022-12-17T13:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4584 www.secnews.physaphae.fr/article.php?IdArticle=8292381 False Vulnerability,Guideline APT 17 None InfoSecurity Mag - InfoSecurity Magazine 2022-12-09T16:00:00+00:00 https://www.infosecurity-magazine.com/news/iranian-hacker-uses-github-to/ www.secnews.physaphae.fr/article.php?IdArticle=8289582 False Malware APT 15 3.0000000000000000 Global Security Mag - Site de news francais Malwares]]> 2022-12-09T11:17:25+00:00 https://www.globalsecuritymag.fr/Un-groupe-soutenu-par-l-Iran-utilise-Github-pour-relayer-les-instructions-de.html www.secnews.physaphae.fr/article.php?IdArticle=8289522 False Malware APT 15 2.0000000000000000 SecureWork - SecureWork: incident response 2022-12-09T04:00:00+00:00 https://www.secureworks.com/blog/drokbk-malware-uses-github-as-dead-drop-resolver www.secnews.physaphae.fr/article.php?IdArticle=8289504 False Malware,Threat APT 15 2.0000000000000000 Silicon - Site de News Francais 2022-12-08T15:27:58+00:00 https://www.silicon.fr/machine-learning-tensorflow-google-sheets-454628.html www.secnews.physaphae.fr/article.php?IdArticle=8289147 False None APT 15 2.0000000000000000 CVE Liste - Common Vulnerability Exposure 2022-12-07T20:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46770 www.secnews.physaphae.fr/article.php?IdArticle=8288886 False None APT 15 None Silicon - Site de News Francais 2022-11-29T08:46:30+00:00 https://www.silicon.fr/rse-positionnement-dsi-453513.html www.secnews.physaphae.fr/article.php?IdArticle=8277891 False General Information APT 15 3.0000000000000000 CVE Liste - Common Vulnerability Exposure 2022-11-13T10:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3974 www.secnews.physaphae.fr/article.php?IdArticle=8042470 False Vulnerability,Guideline APT 17 None Silicon - Site de News Francais 2022-11-07T08:46:21+00:00 https://www.silicon.fr/crise-energetique-pistes-cigref-directions-numeriques-451957.html www.secnews.physaphae.fr/article.php?IdArticle=7879100 False None APT 15 None CVE Liste - Common Vulnerability Exposure 2022-11-02T13:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3810 www.secnews.physaphae.fr/article.php?IdArticle=7783702 False Vulnerability,Guideline APT 17 None CVE Liste - Common Vulnerability Exposure 2022-11-02T13:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3809 www.secnews.physaphae.fr/article.php?IdArticle=7783701 False Vulnerability,Guideline APT 17 None CVE Liste - Common Vulnerability Exposure 2022-11-01T22:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3813 www.secnews.physaphae.fr/article.php?IdArticle=7772559 False Vulnerability,Guideline APT 17 None CVE Liste - Common Vulnerability Exposure 2022-11-01T22:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3817 www.secnews.physaphae.fr/article.php?IdArticle=7772564 False Vulnerability,Guideline APT 17 None CVE Liste - Common Vulnerability Exposure 2022-11-01T22:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3812 www.secnews.physaphae.fr/article.php?IdArticle=7772558 False Vulnerability,Guideline APT 17 None CVE Liste - Common Vulnerability Exposure 2022-11-01T22:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3816 www.secnews.physaphae.fr/article.php?IdArticle=7772563 False Guideline APT 17 None CVE Liste - Common Vulnerability Exposure 2022-11-01T22:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3815 www.secnews.physaphae.fr/article.php?IdArticle=7772562 False Guideline APT 17 None CVE Liste - Common Vulnerability Exposure 2022-11-01T22:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3814 www.secnews.physaphae.fr/article.php?IdArticle=7772560 False Vulnerability,Guideline APT 17 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-11-01T20:45:00+00:00 https://thehackernews.com/2022/11/chinese-hackers-using-new-stealthy.html www.secnews.physaphae.fr/article.php?IdArticle=7766451 False Malware,Threat APT 10 None CVE Liste - Common Vulnerability Exposure 2022-11-01T20:15:22+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3807 www.secnews.physaphae.fr/article.php?IdArticle=7770916 False Vulnerability,Guideline APT 17 None CVE Liste - Common Vulnerability Exposure 2022-10-31T21:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3785 www.secnews.physaphae.fr/article.php?IdArticle=7758364 False Vulnerability,Guideline APT 17 None CVE Liste - Common Vulnerability Exposure 2022-10-31T21:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3784 www.secnews.physaphae.fr/article.php?IdArticle=7758363 False Vulnerability,Guideline APT 17 None Bleeping Computer - Magazine Américain 2022-10-31T11:34:52+00:00 https://www.bleepingcomputer.com/news/security/hacking-group-abuses-antivirus-software-to-launch-lodeinfo-malware/ www.secnews.physaphae.fr/article.php?IdArticle=7755377 False Malware APT 10 None Kaspersky - Kaspersky Research blog 2022-10-31T08:00:54+00:00 https://securelist.com/apt10-tracking-down-lodeinfo-2022-part-ii/107745/ www.secnews.physaphae.fr/article.php?IdArticle=7751558 False None APT 10 None Kaspersky - Kaspersky Research blog 2022-10-31T08:00:52+00:00 https://securelist.com/apt10-tracking-down-lodeinfo-2022-part-i/107742/ www.secnews.physaphae.fr/article.php?IdArticle=7751559 False None APT 10 None CVE Liste - Common Vulnerability Exposure 2022-10-26T19:15:27+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3670 www.secnews.physaphae.fr/article.php?IdArticle=7691534 False Vulnerability,Guideline APT 17 None CVE Liste - Common Vulnerability Exposure 2022-10-26T19:15:26+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3669 www.secnews.physaphae.fr/article.php?IdArticle=7691533 False Vulnerability,Guideline APT 17 None