This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-11T03:36:32+00:00 www.secnews.physaphae.fr Cyble - CyberSecurity Firm Overview  Google Threat Intelligence Group (GTIG) has identified multiple Russia-aligned threat actors actively targeting Signal Messenger accounts as part of a multi-year cyber espionage operation. The campaign, likely driven by Russia\'s intelligence-gathering objectives during its invasion of Ukraine, aims to compromise the secure communications of military personnel, politicians, journalists, and activists.  The tactics observed in this campaign include phishing attacks abusing Signal\'s linked devices feature, malicious JavaScript payloads and malware designed to steal Signal messages from compromised Android and Windows devices. While the focus remains on Ukrainian targets, the threat is expected to expand globally as adversaries refine their techniques.  Google has partnered with Signal to introduce security enhancements that mitigate these attack vectors, urging users to update to the latest versions of the app.  Tactics Used to Compromise Signal Accounts  Exploiting Signal\'s "Linked Devices" Feature  Russia-aligned threat actors have manipulated Signal\'s legitimate linked devices functionality to gain persistent access to victim accounts. By tricking users into scanning malicious QR codes, attackers can link an actor-controlled device to the victim\'s account, enabling real-time message interception without full device compromise.  The phishing methods used to deliver these malicious QR codes include:  Fake Signal group invites containing altered JavaScript redirects.  Phishing pages masquerading as Ukrainian military applications.  ]]> 2025-02-20T13:21:16+00:00 https://cyble.com/blog/germany-strengthening-cybersecurity-2/ www.secnews.physaphae.fr/article.php?IdArticle=8649243 True Malware,Tool,Vulnerability,Threat,Mobile,Cloud,Conference APT 44 2.0000000000000000 Mandiant - Blog Sécu de Mandiant Google Threat Intelligence Group (GTIG) has observed increasing efforts from several Russia state-aligned threat actors to compromise Signal Messenger accounts used by individuals of interest to Russia\'s intelligence services. While this emerging operational interest has likely been sparked by wartime demands to gain access to sensitive government and military communications in the context of Russia\'s re-invasion of Ukraine, we anticipate the tactics and methods used to target Signal will grow in prevalence in the near-term and proliferate to additional threat actors and regions outside the Ukrainian theater of war. Signal\'s popularity among common targets of surveillance and espionage activity-such as military personnel, politicians, journalists, activists, and other at-risk communities-has positioned the secure messaging application as a high-value target for adversaries seeking to intercept sensitive information that could fulfil a range of different intelligence requirements. More broadly, this threat also extends to other popular messaging applications such as WhatsApp and Telegram, which are also being actively targeted by Russian-aligned threat groups using similar techniques. In anticipation of a wider adoption of similar tradecraft by other threat actors, we are issuing a public warning regarding the tactics and methods used to date to help build public awareness and help communities better safeguard themselves from similar threats. We are grateful to the team at Signal for their close partnership in investigating this activity. The latest Signal releases on Android and iOS contain hardened features designed to help protect against similar phishing campaigns in the future. Update to the latest version to enable these features. Phishing Campaigns Abusing Signal\'s "Linked Devices" Feature The most novel and widely used technique underpinning Russian-aligned attempts to compromise Signal accounts is the abuse of the app\'s legitimate "linked devices" feature that enables Signal to be used on multiple devices concurrently. Because linking an additional device typically requires scanning a quick-response (QR) code, threat actors have resorted to crafting malicious QR codes that, when scanned, will link a victim\'s account to an actor-controlled Signal instance. If successful, future messages will be delivered synchronously to both the victim and the threat actor in real-time, providing a persistent means to eavesdrop on the victim\'s secure conversations without the need for full-device compromise. ]]> 2025-02-19T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/russia-targeting-signal-messenger/ www.secnews.physaphae.fr/article.php?IdArticle=8648980 False Malware,Threat,Mobile,Cloud,Commercial APT 44 2.0000000000000000 Mandiant - Blog Sécu de Mandiant science, technology, and beyond. In cybersecurity, AI is poised to transform digital defense, empowering defenders and enhancing our collective security. Large language models (LLMs) open new possibilities for defenders, from sifting through complex telemetry to secure coding, vulnerability discovery, and streamlining operations. However, some of these same AI capabilities are also available to attackers, leading to understandable anxieties about the potential for AI to be misused for malicious purposes.  Much of the current discourse around cyber threat actors\' misuse of AI is confined to theoretical research. While these studies demonstrate the potential for malicious exploitation of AI, they don\'t necessarily reflect the reality of how AI is currently being used by threat actors in the wild. To bridge this gap, we are sharing a comprehensive analysis of how threat actors interacted with Google\'s AI-powered assistant, Gemini. Our analysis was grounded by the expertise of Google\'s Threat Intelligence Group (GTIG), which combines decades of experience tracking threat actors on the front lines and protecting Google, our users, and our customers from government-backed attackers, targeted 0-day exploits, coordinated information operations (IO), and serious cyber crime networks. We believe the private sector, governments, educational institutions, and other stakeholders must work together to maximize AI\'s benefits while also reducing the risks of abuse. At Google, we are committed to developing responsible AI guided by our principles, and we share ]]> 2025-01-29T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/adversarial-misuse-generative-ai/ www.secnews.physaphae.fr/article.php?IdArticle=8644222 False Ransomware,Malware,Tool,Vulnerability,Threat,Studies,Legislation,Mobile,Industrial,Cloud,Technical,Commercial APT 41,APT 43,APT 42 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-12-09T12:22:03+00:00 https://community.riskiq.com/article/86d339a0 www.secnews.physaphae.fr/article.php?IdArticle=8622260 False Ransomware,Malware,Tool,Vulnerability,Threat,Mobile,Industrial,Prediction APT 45 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-11-04T12:25:16+00:00 https://community.riskiq.com/article/d6da7f0d www.secnews.physaphae.fr/article.php?IdArticle=8605948 False Ransomware,Malware,Tool,Vulnerability,Threat,Mobile,Prediction,Medical,Cloud,Technical APT 41,APT 28,APT 31,Guam 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-07T16:54:11+00:00 https://community.riskiq.com/article/33015049 www.secnews.physaphae.fr/article.php?IdArticle=8593765 False Ransomware,Malware,Tool,Vulnerability,Threat,Mobile,Prediction,Cloud APT 37,APT 45 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-02T19:54:58+00:00 https://community.riskiq.com/article/161e114f www.secnews.physaphae.fr/article.php?IdArticle=8568711 False Ransomware,Malware,Tool,Vulnerability,Threat,Mobile,Medical,Cloud APT 41,APT 32 2.0000000000000000 Mandiant - Blog Sécu de Mandiant Today Mandiant is releasing details of a suspected Iran-nexus counterintelligence operation aimed at collecting data on Iranians and domestic threats who may be collaborating with intelligence and security agencies abroad, particularly in Israel.  The data collected by this campaign may support the Iranian intelligence apparatus in pinpointing individuals who are interested in collaborating with Iran\'s perceived adversarial countries. The collected data may be leveraged to uncover human intelligence (HUMINT) operations conducted against Iran and to persecute any Iranians suspected to be involved in these operations. These may include Iranian dissidents, activists, human rights advocates, and Farsi speakers living in and outside Iran. Mandiant assesses with high confidence this campaign was operated on behalf of Iran\'s regime, based on its tactics, techniques, and procedures (TTPs), themes, and targeting. In addition, we observed a weak overlap between this campaign and APT42, an Iran-nexus threat actor suspected to operate on behalf of Iran\'s IRGC Intelligence Organization (IRGC-IO). This campaign\'s activities are in line with Iran\'s IRGC and APT42\'s history of conducting surveillance operations against domestic threats and individuals of interest to the Iranian government. Despite the possible APT42 connection, Mandiant observed no relations between this activity and any U.S. elections-related targeting as previously reported by Google\'s Threat Analysis Group. The activity used multiple social media accounts to disseminate a network of over 35 fake recruiting websites containing extensive Farsi decoy content, including job offers and Israel-related lures, such as images of Israeli national symbols, hi-tech offices, and major city landmarks. Upon entry, the targeted users are required to enter their personal details as well as their professional and academic experience, which are subsequently sent to the attackers.  The suspected counterintelligence operations started as early as 2017 and lasted at least until March 2024. In the past, similar campaigns were deployed in Arabic, targeting individuals affiliated with Syria and Hezbollah intelligence and security agencies. This may indicate Iran\'s counterintelligence activities extend beyond its own security and intelligence apparatus, possibly in support of its allies in Syria and Lebanon.  Mandiant worked to help ensure this activity was blocked and disrupted, the threat actor\'s accounts were terminated, and Google Chrome users and the users of other browsers were protected.]]> 2024-08-28T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/uncovering-iranian-counterintelligence-operation/ www.secnews.physaphae.fr/article.php?IdArticle=8565655 False Threat,Mobile,Cloud APT 42 4.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-08-05T10:51:17+00:00 https://community.riskiq.com/article/ed438f56 www.secnews.physaphae.fr/article.php?IdArticle=8552050 False Ransomware,Spam,Malware,Tool,Vulnerability,Threat,Mobile APT33,APT 41,APT 33,APT-C-17 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-07-22T10:33:31+00:00 https://community.riskiq.com/article/12ac549a www.secnews.physaphae.fr/article.php?IdArticle=8541988 False Ransomware,Malware,Tool,Vulnerability,Threat,Mobile,Prediction,Cloud APT 41 3.0000000000000000 Mandiant - Blog Sécu de Mandiant   Executive Summary  Mandiant assesses with high confidence that the Paris Olympics faces an elevated risk of cyber threat activity, including cyber espionage, disruptive and destructive operations, financially-motivated activity, hacktivism, and information operations.  Olympics-related cyber threats could realistically impact various targets including event organizers and sponsors, ticketing systems, Paris infrastructure, and athletes and spectators traveling to the event.  Mandiant assesses with high confidence that Russian threat groups pose the highest risk to the Olympics. While China, Iran, and North Korea state sponsored actors also pose a moderate to low risk. To reduce the risk of cyber threats associated with the Paris Olympics, organizations should update their threat profiles, conduct security awareness training, and consider travel-related cyber risks. The security community is better prepared for the cyber threats facing the Paris Olympics than it has been for previous Games, thanks to the insights gained from past events. While some entities may face unfamiliar state-sponsored threats, many of the cybercriminal threats will be familiar. While the technical disruption caused by hacktivism and information operations is often temporary, these operations can have an outsized impact during high-profile events with a global audience. Introduction  The 2024 Summer Olympics taking place in Paris, France between July and August creates opportunities for a range of cyber threat actors to pursue profit, notoriety, and intelligence. For organizations involved in the event, understanding relevant threats is key to developing a resilient security posture. Defenders should prepare against a variety of threats that will likely be interested in targeting the Games for different reasons:  Cyber espionage groups are likely to target the 2024 Olympics for information gathering purposes, due to the volume of government officials and senior decision makers attending. Disruptive and destructive operations could potentially target the Games to cause negative psychological effects and reputational damage. This type of activity could take the form of website defacements, distributed denial of service (DDoS) attacks, the deployment of wiper malware, and operational technology (OT) targeting. As a high profile, large-scale sporting event with a global audience, the Olympics represents an ideal stage for such operations given that the impact of any disruption would be significantly magnified.  Information operations will likely leverage interest in the Olympics to spread narratives and disinformation to target audiences. In some cases, threat actors may leverage disruptive and destructive attacks to amplify the spread of particular narratives in hybrid operations. Financially-motivated actors are likely to target the Olympics in v]]> 2024-06-05T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/cyber-threats-2024-paris-olympics/ www.secnews.physaphae.fr/article.php?IdArticle=8513588 False Ransomware,Malware,Threat,Studies,Mobile,Cloud,Technical APT 15,APT 31,APT 42 2.0000000000000000 IT Security Guru - Blog Sécurité Yesterday, Lookout, Inc., announced the discovery of sophisticated Android surveillanceware known as WyrmSpy and DragonEgg, which has been linked to the Chinese espionage group APT41 (AKA Double Dragon, BARIUM and Winnti). Despite being indicted on multiple charges by the U.S. government for its attacks on more than 100 private and public enterprises in the U.S. […] ]]> 2023-07-20T09:34:15+00:00 https://www.itsecurityguru.org/2023/07/20/lookout-uncovers-advanced-android-surveillanceware-linked-to-chinas-apt41/?utm_source=rss&utm_medium=rss&utm_campaign=lookout-uncovers-advanced-android-surveillanceware-linked-to-chinas-apt41 www.secnews.physaphae.fr/article.php?IdArticle=8359177 False Mobile APT 41,APT 41 3.0000000000000000