This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-11T05:59:28+00:00 www.secnews.physaphae.fr ProofPoint - Cyber Firms 2024-08-20T05:00:25+00:00 https://www.proofpoint.com/us/blog/threat-insight/best-laid-plans-ta453-targets-religious-figure-fake-podcast-invite-delivering www.secnews.physaphae.fr/article.php?IdArticle=8560720 False Malware,Threat,Studies APT 35,APT 42 3.0000000000000000 Mandiant - Blog Sécu de Mandiant   Executive Summary  Mandiant assesses with high confidence that the Paris Olympics faces an elevated risk of cyber threat activity, including cyber espionage, disruptive and destructive operations, financially-motivated activity, hacktivism, and information operations.  Olympics-related cyber threats could realistically impact various targets including event organizers and sponsors, ticketing systems, Paris infrastructure, and athletes and spectators traveling to the event.  Mandiant assesses with high confidence that Russian threat groups pose the highest risk to the Olympics. While China, Iran, and North Korea state sponsored actors also pose a moderate to low risk. To reduce the risk of cyber threats associated with the Paris Olympics, organizations should update their threat profiles, conduct security awareness training, and consider travel-related cyber risks. The security community is better prepared for the cyber threats facing the Paris Olympics than it has been for previous Games, thanks to the insights gained from past events. While some entities may face unfamiliar state-sponsored threats, many of the cybercriminal threats will be familiar. While the technical disruption caused by hacktivism and information operations is often temporary, these operations can have an outsized impact during high-profile events with a global audience. Introduction  The 2024 Summer Olympics taking place in Paris, France between July and August creates opportunities for a range of cyber threat actors to pursue profit, notoriety, and intelligence. For organizations involved in the event, understanding relevant threats is key to developing a resilient security posture. Defenders should prepare against a variety of threats that will likely be interested in targeting the Games for different reasons:  Cyber espionage groups are likely to target the 2024 Olympics for information gathering purposes, due to the volume of government officials and senior decision makers attending. Disruptive and destructive operations could potentially target the Games to cause negative psychological effects and reputational damage. This type of activity could take the form of website defacements, distributed denial of service (DDoS) attacks, the deployment of wiper malware, and operational technology (OT) targeting. As a high profile, large-scale sporting event with a global audience, the Olympics represents an ideal stage for such operations given that the impact of any disruption would be significantly magnified.  Information operations will likely leverage interest in the Olympics to spread narratives and disinformation to target audiences. In some cases, threat actors may leverage disruptive and destructive attacks to amplify the spread of particular narratives in hybrid operations. Financially-motivated actors are likely to target the Olympics in v]]> 2024-06-05T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/cyber-threats-2024-paris-olympics/ www.secnews.physaphae.fr/article.php?IdArticle=8513588 False Ransomware,Malware,Threat,Studies,Mobile,Cloud,Technical APT 15,APT 31,APT 42 2.0000000000000000 Kovrr - cyber risk management platform 2023-11-28T00:00:00+00:00 https://www.kovrr.com/reports/investigating-the-risk-of-compromised-credentials-and-internet-exposed-assets www.secnews.physaphae.fr/article.php?IdArticle=8417472 False Ransomware,Threat,Studies,Prediction,Cloud APT 39,APT 39,APT 17 3.0000000000000000 HackRead - Chercher Cyber Par waqas Rapport des pertes de crypto immunufi: T1 2023 voit les plus hautes pertes de l'année. Ceci est un article de HackRead.com Lire le post original: L'industrie cryptographique a perdu 685 millions de dollars au troisième trimestre 2023, 30% par le groupe Lazare

---

>By Waqas Immunefi Crypto Losses Report: Q3 2023 Sees Highest Losses of the Year. This is a post from HackRead.com Read the original post: Crypto Industry Lost $685 Million in Q3 2023, 30% by Lazarus Group]]> 2023-10-02T17:05:46+00:00 https://www.hackread.com/crypto-industry-q3-2023-lazarus-group/ www.secnews.physaphae.fr/article.php?IdArticle=8390569 False Studies APT 38 4.0000000000000000 Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence UK and Allies Accuse China for a Pervasive Pattern of Hacking, Breaching Microsoft Exchange Servers (published: July 19, 2021) On July 19th, 2021, the US, the UK, and other global allies jointly accused China in a pattern of aggressive malicious cyber activity. First, they confirmed that Chinese state-backed actors (previously identified under the group name Hafnium) were responsible for gaining access to computer networks around the world via Microsoft Exchange servers. The attacks took place in early 2021, affecting over a quarter of a million servers worldwide. Additionally, APT31 (Judgement Panda) and APT40 (Kryptonite Panda) were attributed to Chinese Ministry of State Security (MSS), The US Department of Justice (DoJ) has indicted four APT40 members, and the Cybersecurity and Infrastructure Security Agency (CISA) shared indicators of compromise of the historic APT40 activity. Analyst Comment: Network defense-in-depth and adherence to information security best practices can assist organizations in reducing the risk. Pay special attention to the patch and vulnerability management, protecting credentials, and continuing network hygiene and monitoring. When possible, enforce the principle of least privilege, use segmentation and strict access control measures for critical data. Organisations can use Anomali Match to perform real time forensic analysis for tracking such attacks. MITRE ATT&CK: [MITRE ATT&CK] Drive-by Compromise - T1189 | [MITRE ATT&CK] Exploit Public-Facing Application - T1190 | [MITRE ATT&CK] External Remote Services - T1133 | [MITRE ATT&CK] Server Software Component - T1505 | [MITRE ATT&CK] Exploitation of Remote Services - T1210 Tags: Hafnium, Judgement Panda, APT31, TEMP.Jumper, APT40, Kryptonite Panda, Zirconium, Leviathan, TEMP.Periscope, Microsoft Exchange, CVE-2021-26857, CVE-2021-26855, CVE-2021-27065, CVE-2021-26858, Government, EU, UK, North America, China NSO’s Spyware Sold to Authoritarian Regimes Used to Target Activists, Politicians and Journalists (published: July 18, 2021) Israeli surveillance company NSO Group supposedly sells spyware to vetted governments bodies to fight crime and terrorism. New research discovered NSO’s tools being used against non-criminal actors, pro-democracy activists and journalists investigating corruption, political opponents and government critics, diplomats, etc. In some cases, the timeline of this surveillance coincided with journalists' arrests and even murders. The main penetration tool used by NSO is malware Pegasus that targets both iPho]]> 2021-07-20T15:00:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-china-blamed-for-microsoft-exchange-attacks-israeli-cyber-surveillance-companies-help-oppressive-governments-and-more www.secnews.physaphae.fr/article.php?IdArticle=3100256 False Ransomware,Malware,Tool,Vulnerability,Threat,Studies,Guideline,Industrial APT 41,APT 40,APT 28,APT 31 None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC subscribe to the Youtube channel to stay updated. This is a transcript of a recent feature on ThreatTraq.  The video features Jaime Blasco, VP and Chief Scientist, AlienVault, Stan Nurilov, Lead Member of Technical Staff, AT&T,  and Joe Harten, Director Technical Security. Stan: Jaime. I think you have a very interesting topic today about threat intelligence.  Jaime: Yes, we want to talk about how threat intelligence is critical for threat detection and incident response, but then when this threat intelligence and the threat actors try to match those indicators and that information that is being shared, it can actually be bad for companies. So we are going to share some of the experiences we have had with managing the Open Threat Exchange (OTX) - one of the biggest threat sharing communities out there. Stan: Jaime mentioned that they have so many threat indicators and so much threat intelligence as part of OTX, the platform.  Jaime: We know attackers monitor these platforms and are adjusting tactics and techniques and probably the infrastructure based on public reaction to cyber security companies sharing their activities in blog posts and other reporting. An example is in September 2017, we saw APT28, and it became harder to track because we were using some of the infrastructure and some of the techniques that were publicly known. And another cyber security company published content about that and then APT28 became much more difficult to track. The other example is APT1. If you remember the APT1 report in 2013 that Mandiant published, that made the group basically disappear from the face of earth, right? We didn't see them for a while and then they changed the infrastructure and they changed a lot of the tools that they were using, and then they came back in 2014. So we can see that that threat actor disappeared for a while, changed and rebuilt, and then they came back. We also know that attackers can try to publish false information in this platform, so that's why it's important that not only those platforms are automated, but also there are human analysts that can verify that information.  Joe: It seems like you have to have a process of validating the intelligence, right? I think part of it is you don't want to take this intelligence at face value without having some expertise of your own that asks, is this valid? Is this a false positive? Is this planted by the adversary in order to throw off the scent? I think it's one of those things where you can't automatically trust - threat intelligence. You have to do some of your own diligence to validate the intelligence, make sure it makes sense, make sure it's still fresh, it's still good. This is something we're working on internally - creating those other layers to validate and create better value of our threat intelligence. Jaime: The other issue I wanted to bring to the table is what we call false flag operations - that's when an adversary or a threat actor studies another threat actor and tries to emulate their behavior. So when companies try to do at]]> 2019-07-25T13:00:00+00:00 https://feeds.feedblitz.com/~/604869576/0/alienvault-blogs~Can-you-trust-threat-intelligence-from-threat-sharing-communities-ATampT-ThreatTraq www.secnews.physaphae.fr/article.php?IdArticle=1222817 False Malware,Threat,Studies,Guideline APT 38,APT 28,APT 1 None Wired Threat Level - Security News 2018-10-05T11:00:00+00:00 https://www.wired.com/story/the-sea-could-save-us-from-ourselves www.secnews.physaphae.fr/article.php?IdArticle=831558 False Studies APT 32 None