This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-10T21:48:34+00:00 www.secnews.physaphae.fr InfoSecurity Mag - InfoSecurity Magazine France\'s employment agency suffered a massive breach, exposing the data of users who registered over the past 20 years]]> 2024-03-14T15:00:00+00:00 https://www.infosecurity-magazine.com/news/french-employment-agency-data/ www.secnews.physaphae.fr/article.php?IdArticle=8463831 False Data Breach APT 19 3.0000000000000000 Kovrr - cyber risk management platform 2023-07-13T00:00:00+00:00 https://www.kovrr.com/reports/the-ransomware-threat-landscape-h123 www.secnews.physaphae.fr/article.php?IdArticle=8393595 False Ransomware,Data Breach,Vulnerability,Threat,Cloud APT 17 3.0000000000000000 knowbe4 - cybersecurity services [Heads Up] FBI Warns Against New Criminal QR Code Scams   Email not displaying? | CyberheistNews Vol 12 #07  |   Feb. 15th., 2022 [Heads Up] FBI Warns Against New Criminal QR Code Scams QR codes have been around for many years. While they were adopted for certain niche uses, they never did quite reach their full potential. They are a bit like Rick Astley in that regard, really popular for one song, but well after the boat had sailed. Do not get me wrong, Rick Astley achieved a lot. In recent years, he has become immortalized as a meme and Rick roller, but he could have been so much more. However, in recent years, with lockdown and the drive to keep things at arms length, QR codes have become an efficient way to facilitate contactless communications, or the transfer of offers without physically handing over a coupon. As this has grown in popularity, more people have become familiar with how to generate their own QR codes and how to use them as virtual business cards, discount codes, links to videos and all sorts of other things. QRime Codes As with most things, once they begin to gain a bit of popularity, criminals move in to see how they can manipulate the situation to their advantage. Recently, we have seen fake QR codes stuck to parking meters enticing unwitting drivers to scan the code, and hand over their payment details believing they were paying for parking, whereas they were actually handing over their payment information to criminals. The rise in QR code fraud resulted in the FBI releasing an advisory warning against fake QR codes that are being used to scam users. In many cases, a fake QR code will lead people to a website that looks like the intended legitimate site. So, the usual verification process of checking the URL and any other red flags apply. CONTINUED with links and 4 example malicious QR codes on the KnowBe4 blog: https://blog.knowbe4.com/qr-codes-in-the-time-of-cybercrime ]]> 2022-02-15T14:24:51+00:00 https://blog.knowbe4.com/cyberheistnews-vol-12-07-heads-up-fbi-warns-against-new-criminal-qr-code-scams www.secnews.physaphae.fr/article.php?IdArticle=4133418 False Ransomware,Data Breach,Spam,Malware,Threat,Guideline APT 15,APT 43 None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer (published: November 8, 2021) US Cybersecurity and Infrastructure Security Agency (CISA) has released an alert about advanced persistent threat (APT) actors exploiting vulnerability in self-service password management and single sign-on solution known as ManageEngine ADSelfService Plus. PaloAlto, Microsoft & Lumen Technologies did a joint effort to track, analyse and mitigate this threat. The attack deployed a webshell and created a registry key for persistence. The actor leveraged leased infrastructure in the US to scan hundreds of organizations and compromised at least nine global organizations across technology, defense, healthcare and education industries. Analyst Comment: This actor has used some unique techniques in these attacks including: a blockchain based legitimate remote control application, and credential stealing tool which hooks specific functions from the LSASS process. It’s important to make sure your EDR solution is configured to and supports detecting such advanced techniques in order to detect such attacks. MITRE ATT&CK: [MITRE ATT&CK] OS Credential Dumping - T1003 | [MITRE ATT&CK] Ingress Tool Transfer - T1105 | [MITRE ATT&CK] Scripting - T1064 | [MITRE ATT&CK] Valid Accounts - T1078 | [MITRE ATT&CK] Application Layer Protocol - T1071 | [MITRE ATT&CK] Credentials in Files - T1081 | [MITRE ATT&CK] Brute Force - T1110 | [MITRE ATT&CK] Data Staged - T1074 | [MITRE ATT&CK] External Remote Services - T1133 | [MITRE ATT&CK] Hooking - T1179 | [MITRE ATT&CK] Registry Run Keys / Startup Folder - T1060 | [MITRE ATT&CK] Pass the Hash - T1075 Tags: Threat Group 3390, APT27, TG-3390, Emissary Panda, WildFire, NGLite backdoor, Cobalt Strike, Godzilla, PwDump, beacon, ChinaChopper, CVE-2021-40539, Healthcare, Military, North America, China REvil Affiliates Arrested; DOJ Seizes $6.1M in Ransom (published: November 9, 2021) A 22 year old Ukranian national named Yaroslav Vasinskyi, has been charged with conducting ransomware attacks by the U.S Department of Justice (DOJ). These attacks include t]]> 2021-11-16T17:34:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-revil-affiliates-arrested-electronics-retail-giant-hit-by-ransomware-robinhood-breach-zero-day-in-palo-alto-security-appliance-and-more www.secnews.physaphae.fr/article.php?IdArticle=3667130 False Ransomware,Data Breach,Malware,Tool,Vulnerability,Threat,Medical APT 38,APT 27,APT 1 None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence German-made FinSpy Spyware Found in Egypt, and Mac and Linux Versions Revealed (published: September 25, 2020) Security Researchers from Amnesty International have identified new variants of FinSpy, spyware that can access private data and record audio/video. While used as a law enforcement tool, authoritarian governments have been using FinSpy to spy on activists and dissidents. Spreading through fake Flash Player updates, the malware is installed as root with use of exploits, and persistence is gained by creating a logind.pslist file. Once a system is infected with the malware, it has the ability to run shell scripts, record audio, keylogging, view network information, and list files. Samples have been found of FinSpy for macOS, Windows, Android, and Linux. Recommendation: Defense-in-depth (layering of security mechanisms, redundancy, fail-safe defense processes) is the best way to ensure safety from threat actors, including a focus on both network and host-based security. Prevention and detection capabilities should also be in place. Furthermore, all employees should be educated on the risks of spearphishing and how to identify such attempts. MITRE ATT&CK: [MITRE ATT&CK] Logon Scripts - T1037 | [MITRE ATT&CK] Standard Application Layer Protocol - T1071 Tags: Amnesty, Android, Backdoor, Linux, macOS, FinSpy, Spyware Magento Credit Card Stealing Malware: gstaticapi (published: September 25, 2020) Security researchers, at Sucuri, have identified a malicious script, dubbed “gstaticapi,” that is designed to steal payment information from Magento-based websites. The script first attempts to find the “checkout” string in a web browser URL and, if found, will create an element to the web pages header. This allows the JavaScript to handle external code-loading capabilities that are used to process the theft of billing and payment card information. Recommendation: Sometimes webmasters discover that one of their sites has been compromised months after the initial infection. Websites, much like personal workstations, require constant maintenance and upkeep in order to adapt to the latest threats. In addition to keeping server software up to date, it is critical that all external-facing assets are monitored and scanned for vulnerabilities. The ability to easily restore from backup, incident response planning, and customer communication channels should all be established before a breach occurs. MITRE ATT&CK: [MITRE ATT&CK] Command-Line Interface - T1059 | [MITRE ATT&CK] Input Capture - T1056 | [MITRE ATT&CK] Data Encoding - T1132 T]]> 2020-09-29T14:00:00+00:00 https://www.anomali.com/blog/weekly-threat-briefing-federal-agency-breach-exploits-malware-and-spyware www.secnews.physaphae.fr/article.php?IdArticle=2103280 False Data Breach,Malware,Vulnerability,Threat APT 19 5.0000000000000000