This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-10T23:15:55+00:00 www.secnews.physaphae.fr ProofPoint - Firm Security 2023-05-25T16:17:54+00:00 https://www.proofpoint.com/us/newsroom/news/cybersecurity-chiefs-navigate-ai-risks-and-potential-rewards www.secnews.physaphae.fr/article.php?IdArticle=8339894 False None APT 30 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine 2023-02-17T17:00:00+00:00 https://www.infosecurity-magazine.com/news/eu-warns-chinese-apts/ www.secnews.physaphae.fr/article.php?IdArticle=8311285 False None APT 30,APT 27,APT 15,APT 25,APT 31 2.0000000000000000 SecurityWeek - Security News 2022-07-20T08:37:31+00:00 https://www.securityweek.com/belgium-says-chinese-apts-targeted-interior-defense-ministries www.secnews.physaphae.fr/article.php?IdArticle=5828610 False None APT 30,APT 27,APT 31 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-05-02T06:39:38+00:00 https://thehackernews.com/2022/05/chinese-override-panda-hackers.html www.secnews.physaphae.fr/article.php?IdArticle=4532702 False None APT 30 None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Actively Exploited Bug Bypasses Authentication On Millions Of Routers (published: August 7, 2021) The ongoing attacks were discovered by Juniper Threat Labs researchers exploiting recently discovered vulnerability CVE-2021-20090. This is a critical path traversal vulnerability in the web interfaces of routers with Arcadyan firmware that could allow unauthenticated remote attackers to bypass authentication. The total number of devices exposed to attacks likely reaches millions of routers. Researchers identified attacks originating from China and are deploying a variant of Mirai botnet on vulnerable routers. Analyst Comment: Attackers have continuous and automated routines to look out for publicly accessible vulnerable routers and exploit them as soon as the exploit is made public. To reduce the attack surface, routers management console should only be accessible from specific public IP addresses. Also default password and other security policies should be changed to make it more secure. Tags: CVE-2021-20090, Mirai, China Computer Hardware Giant GIGABYTE Hit By RansomEXX Ransomware (published: August 7, 2021) The attack occurred late Tuesday night into Wednesday and forced the company to shut down its systems in Taiwan. The incident also affected multiple websites of the company, including its support site and portions of the Taiwanese website. Attackers have threatened to publish 112GB of stolen data which they claim to include documents under NDA (Non Disclosure Agreement) from companies including Intel, AMD, American Megatrends unless a ransom is paid. Analyst Comment: At this point no official confirmation from GIGABYTE about the attack. Also no clarity yet on potential vulnerabilities or attack vectors used to carry out this attack. Tags: RansomEXX, Defray, Ransomware, Taiwan Millions of Senior Citizens' Personal Data Exposed By Misconfiguration (published: August 6, 2021) The researchers have discovered a misconfigured Amazon S3 bucket owned by the Senior Advisor website which hosts ratings and reviews for senior care services across the US and Canada. The bucket contained more than one million files and 182 GB of data containing names, emails, phone numbers of senior citizens from North America. This exposed data was not encrypted and did not require a password or login credentials to access. Analyst Comment: Senior citizens are at high risk of online frauds. Their personal information and context regarding appointments getting leaked can lead to targeted phishing scams. Tags: Data Leak, Phishing, North America, AWS ]]> 2021-08-10T17:39:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-gigabyte-hit-by-ransomexx-ransomware-seniors-data-exposed-fatalrat-analysis-and-more www.secnews.physaphae.fr/article.php?IdArticle=3205930 False Malware,Vulnerability,Threat,Guideline APT 41,APT 41,APT 30,APT 27,APT 23 None SecurityWeek - Security News APT27). ]]> 2021-08-03T04:00:51+00:00 http://feedproxy.google.com/~r/securityweek/~3/5y_WhvgvrlA/deadringer-three-pronged-attack-chinese-military-actors-against-major-telcos www.secnews.physaphae.fr/article.php?IdArticle=3164983 False Threat APT 30,APT 27 None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Microsoft Signed a Malicious Netfilter Rootkit (published: June 25, 2021) Security researchers recently discovered a malicious netfilter driver that is signed by a valid Microsoft signing certificate. The files were initially thought to be a false positive due to the valid signing, but further inspection revealed that the malicious driver called out to a Chinese IP. Further research has analyzed the malware, dropper, and Command and Control (C2) commands. Microsoft is still investigating this incident, but has clarified that they did approve the signing of the driver. Analyst Comment: Malware signed by a trusted source is a threat vector that can be easily missed, as organizations may be tempted to not inspect files from a trusted source. It is important for organizations to have network monitoring as part of their defenses. Additionally, the signing certificate used was quite old, so review and/or expiration of old certificates could prevent this malware from running. MITRE ATT&CK: [MITRE ATT&CK] Code Signing - T1116 | [MITRE ATT&CK] Install Root Certificate - T1130 Tags: Netfilter, China Dell BIOSConnect Flaws Affect 30 Million Devices (published: June 24, 2021) Four vulnerabilities have been identified in the BIOSConnect tool distributed by Dell as part of SupportAssist. The core vulnerability is due to insecure/faulty handling of TLS, specifically accepting any valid wildcard certificate. The flaws in this software affect over 30 million Dell devices across 128 models, and could be used for Remote Code Execution (RCE). Dell has released patches for these vulnerabilities and currently there are no known actors scanning or exploiting these flaws. Analyst Comment: Any business or customer using Dell hardware should patch this vulnerability to prevent malicious actors from being able to exploit it. The good news is that Dell has addressed the issue. Patch management and asset inventories are critical portions of a good defense in depth security program. MITRE ATT&CK: [MITRE ATT&CK] Exploitation for Client Execution - T1203 | [MITRE ATT&CK] Exploitation for Privilege Escalation - T1068 | [MITRE ATT&CK] Peripheral Device Discovery - T1120 Tags: CVE-2021-21571, CVE-2021-21572, CVE-2021-21573, CVE-2021-21574, Dell, BIOSConnect Malicious Spam Campaigns Delivering Banking Trojans (published: June 24, 2021) Analysis from two mid-March 2021 spam campaignts revealed that th]]> 2021-06-29T16:29:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-microsoft-signs-malicious-netfilter-rootkit-ransomware-attackers-using-vms-fertility-clinic-hit-with-data-breach-and-more www.secnews.physaphae.fr/article.php?IdArticle=2996479 False Ransomware,Data Breach,Spam,Malware,Tool,Vulnerability,Threat,Patching APT 30 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2021-04-29T03:19:09+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/RkNn6-LJ5CA/chinese-hackers-attacking-military.html www.secnews.physaphae.fr/article.php?IdArticle=2713697 False Threat APT 30 None Security Affairs - Blog Secu 2021-04-28T19:40:55+00:00 https://securityaffairs.co/wordpress/117321/apt/naikon-apt-nebulae-backdoor.html?utm_source=rss&utm_medium=rss&utm_campaign=naikon-apt-nebulae-backdoor www.secnews.physaphae.fr/article.php?IdArticle=2710429 False None APT 30 None TechRepublic - Security News US 2020-05-07T10:00:09+00:00 https://www.techrepublic.com/article/report-chinese-linked-hacking-group-has-been-infiltrating-apac-governments-for-years/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=1696523 False None APT 30 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2020-05-07T02:59:30+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/3mdfxlhuBic/asia-pacific-cyber-espionage.html www.secnews.physaphae.fr/article.php?IdArticle=1696469 False None APT 30 None