This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-10T16:16:32+00:00 www.secnews.physaphae.fr InfoSecurity Mag - InfoSecurity Magazine France\'s employment agency suffered a massive breach, exposing the data of users who registered over the past 20 years]]> 2024-03-14T15:00:00+00:00 https://www.infosecurity-magazine.com/news/french-employment-agency-data/ www.secnews.physaphae.fr/article.php?IdArticle=8463831 False Data Breach APT 19 3.0000000000000000 Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence German-made FinSpy Spyware Found in Egypt, and Mac and Linux Versions Revealed (published: September 25, 2020) Security Researchers from Amnesty International have identified new variants of FinSpy, spyware that can access private data and record audio/video. While used as a law enforcement tool, authoritarian governments have been using FinSpy to spy on activists and dissidents. Spreading through fake Flash Player updates, the malware is installed as root with use of exploits, and persistence is gained by creating a logind.pslist file. Once a system is infected with the malware, it has the ability to run shell scripts, record audio, keylogging, view network information, and list files. Samples have been found of FinSpy for macOS, Windows, Android, and Linux. Recommendation: Defense-in-depth (layering of security mechanisms, redundancy, fail-safe defense processes) is the best way to ensure safety from threat actors, including a focus on both network and host-based security. Prevention and detection capabilities should also be in place. Furthermore, all employees should be educated on the risks of spearphishing and how to identify such attempts. MITRE ATT&CK: [MITRE ATT&CK] Logon Scripts - T1037 | [MITRE ATT&CK] Standard Application Layer Protocol - T1071 Tags: Amnesty, Android, Backdoor, Linux, macOS, FinSpy, Spyware Magento Credit Card Stealing Malware: gstaticapi (published: September 25, 2020) Security researchers, at Sucuri, have identified a malicious script, dubbed “gstaticapi,” that is designed to steal payment information from Magento-based websites. The script first attempts to find the “checkout” string in a web browser URL and, if found, will create an element to the web pages header. This allows the JavaScript to handle external code-loading capabilities that are used to process the theft of billing and payment card information. Recommendation: Sometimes webmasters discover that one of their sites has been compromised months after the initial infection. Websites, much like personal workstations, require constant maintenance and upkeep in order to adapt to the latest threats. In addition to keeping server software up to date, it is critical that all external-facing assets are monitored and scanned for vulnerabilities. The ability to easily restore from backup, incident response planning, and customer communication channels should all be established before a breach occurs. MITRE ATT&CK: [MITRE ATT&CK] Command-Line Interface - T1059 | [MITRE ATT&CK] Input Capture - T1056 | [MITRE ATT&CK] Data Encoding - T1132 T]]> 2020-09-29T14:00:00+00:00 https://www.anomali.com/blog/weekly-threat-briefing-federal-agency-breach-exploits-malware-and-spyware www.secnews.physaphae.fr/article.php?IdArticle=2103280 False Data Breach,Malware,Vulnerability,Threat APT 19 5.0000000000000000