This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-10T18:51:38+00:00 www.secnews.physaphae.fr RiskIQ - cyber risk firms (now microsoft) 2024-07-15T11:27:07+00:00 https://community.riskiq.com/article/fdcb22e4 www.secnews.physaphae.fr/article.php?IdArticle=8537522 False Ransomware,Malware,Tool,Vulnerability,Threat,Legislation,Prediction,Medical APT 41,APT 40 2.0000000000000000 HackRead - Chercher Cyber Australia isn’t alone! The Five Eyes (US, UK, Canada, NZ) along with Japan and South Korea join forces…]]> 2024-07-10T13:30:41+00:00 https://hackread.com/five-eyes-blames-chinese-apt40-for-govt-hacks/ www.secnews.physaphae.fr/article.php?IdArticle=8534284 False None APT 40 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-07-09T19:47:09+00:00 https://community.riskiq.com/article/e8378a00 www.secnews.physaphae.fr/article.php?IdArticle=8533748 False Malware,Tool,Vulnerability,Threat,Patching,Legislation,Industrial APT 40 3.0000000000000000 Dark Reading - Informationweek Branch The state-sponsored threat group is capable of exploiting fresh software vulnerabilities within hours of their initial discovery.]]> 2024-07-09T17:08:06+00:00 https://www.darkreading.com/endpoint-security/chinese-apt40-exploits-nday-vulns-rapid-pace www.secnews.physaphae.fr/article.php?IdArticle=8533656 False Vulnerability,Threat APT 40 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine A joint government advisory warned that the Chinese state-sponsored actor APT40 is capable of immediately exploiting newly public vulnerabilities in widely used software]]> 2024-07-09T12:30:00+00:00 https://www.infosecurity-magazine.com/news/chinese-state-exploits/ www.secnews.physaphae.fr/article.php?IdArticle=8533475 False Vulnerability APT 40 4.0000000000000000 IndustrialCyber - cyber risk firms for industrial Transnational cybersecurity agencies release an advisory outlining a People\'s Republic of China (PRC) state-sponsored cyber group and their... ]]> 2024-07-09T11:49:18+00:00 https://industrialcyber.co/cisa/global-agencies-warn-of-prcs-apt40-cyber-threats-targeting-australian-international-networks/ www.secnews.physaphae.fr/article.php?IdArticle=8533440 False None APT 40 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity agencies from Australia, Canada, Germany, Japan, New Zealand, South Korea, the U.K., and the U.S. have released a joint advisory about a China-linked cyber espionage group called APT40, warning about its ability to co-opt exploits for newly disclosed security flaws within hours or days of public release. "APT 40 has previously targeted organizations in various countries, including]]> 2024-07-09T11:26:00+00:00 https://thehackernews.com/2024/07/cybersecurity-agencies-warn-of-china.html www.secnews.physaphae.fr/article.php?IdArticle=8533291 False Threat APT 40 3.0000000000000000 The Register - Site journalistique Anglais Lax patching and vulnerable small biz kit make life easy for Beijing\'s secret-stealers Law enforcement agencies from eight nations, led by Australia, have issued an advisory that details the tradecraft used by China-aligned threat actor APT40 – aka Kryptonite Panda, GINGHAM TYPHOON, Leviathan and Bronze Mohawk – and found it prioritizes developing exploits for newly found vulnerabilities and can target them within hours.…]]> 2024-07-09T02:33:07+00:00 https://go.theregister.com/feed/www.theregister.com/2024/07/09/apt_40_tradecraft_advisory/ www.secnews.physaphae.fr/article.php?IdArticle=8533187 False Vulnerability,Threat,Patching,Legislation APT 40 3.0000000000000000 Mandiant - Blog Sécu de Mandiant   Executive Summary The election cybersecurity landscape globally is characterized by a diversity of targets, tactics, and threats. Elections attract threat activity from a variety of threat actors including: state-sponsored actors, cyber criminals, hacktivists, insiders, and information operations as-a-service entities. Mandiant assesses with high confidence that state-sponsored actors pose the most serious cybersecurity risk to elections. Operations targeting election-related infrastructure can combine cyber intrusion activity, disruptive and destructive capabilities, and information operations, which include elements of public-facing advertisement and amplification of threat activity claims. Successful targeting does not automatically translate to high impact. Many threat actors have struggled to influence or achieve significant effects, despite their best efforts.  When we look across the globe we find that the attack surface of an election involves a wide variety of entities beyond voting machines and voter registries. In fact, our observations of past cycles indicate that cyber operations target the major players involved in campaigning, political parties, news and social media more frequently than actual election infrastructure.   Securing elections requires a comprehensive understanding of many types of threats and tactics, from distributed denial of service (DDoS) to data theft to deepfakes, that are likely to impact elections in 2024. It is vital to understand the variety of relevant threat vectors and how they relate, and to ensure mitigation strategies are in place to address the full scope of potential activity.  Election organizations should consider steps to harden infrastructure against common attacks, and utilize account security tools such as Google\'s Advanced Protection Program to protect high-risk accounts. Introduction  The 2024 global election cybersecurity landscape is characterized by a diversity of targets, tactics, and threats. An expansive ecosystem of systems, administrators, campaign infrastructure, and public communications venues must be secured against a diverse array of operators and methods. Any election cybersecurity strategy should begin with a survey of the threat landscape to build a more proactive and tailored security posture.  The cybersecurity community must keep pace as more than two billion voters are expected to head to the polls in 2024. With elections in more than an estimated 50 countries, there is an opportunity to dynamically track how threats to democracy evolve. Understanding how threats are targeting one country will enable us to better anticipate and prepare for upcoming elections globally. At the same time, we must also appreciate the unique context of different countries. Election threats to South Africa, India, and the United States will inevitably differ in some regard. In either case, there is an opportunity for us to prepare with the advantage of intelligence.  ]]> 2024-04-25T10:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/cyber-threats-global-elections/ www.secnews.physaphae.fr/article.php?IdArticle=8500393 False Ransomware,Malware,Hack,Tool,Vulnerability,Threat,Legislation,Cloud,Technical APT 40,APT 29,APT 28,APT 43,APT 31,APT 42 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Sysdig stated that by deploying multiple miners, the group decreased attack time and detection risk]]> 2024-04-09T14:30:00+00:00 https://www.infosecurity-magazine.com/news/rubycarps-multi-miner-assault/ www.secnews.physaphae.fr/article.php?IdArticle=8478743 False None APT 40 3.0000000000000000 Dark Reading - Informationweek Branch It\'s not theoretical anymore: the world\'s major powers are working with large language models to enhance their offensive cyber operations.]]> 2024-02-14T22:14:54+00:00 https://www.darkreading.com/threat-intelligence/microsoft-openai-nation-states-are-weaponizing-ai-in-cyberattacks www.secnews.physaphae.fr/article.php?IdArticle=8450171 False None APT 40 2.0000000000000000 GoogleSec - Firm Security Blog 1 Pixel phones also get better every few months with Feature Drops that provide the latest product updates, tips and tricks from Google. And Pixel 7 and Pixel 7 Pro users will receive at least five years of security updates2, so your Pixel gets even more secure over time. Your protection, built into PixelYour digital life and most sensitive information lives on your phone: financial information, passwords, personal data, photos – you name it. With Google Tensor G2 and our custom Titan M2 security chip, Pixel 7 and Pixel 7 Pro have multiple layers of hardware security to help keep you and your personal information safe. We take a comprehensive, end-to-end approach to security with verifiable protections at each layer - the network, application, operating system and multiple layers on the silicon itself. If you use Pixel for your business, this approach helps protect your company data, too. Google Tensor G2 is Pixel's newest powerful processor custom built with Google AI, and makes Pixel 7 faster, more efficient and secure3. Every aspect of Tensor G2 was designed to improve Pixel's performance and efficiency for great battery life, amazing photos and videos. Tensor's built-in security core works with our Titan M2 security chip to keep your personal information, PINs and passwords safe. Titan family chips are also used to protect Google Cloud data centers and Chromebooks, so the same hardware that protects Google servers also secures your sensitive information stored on Pixel. And, in a first for Google, Titan M2 hardware has now been certified under Common Criteria PP0084: the international gold standard for hardware security components also used for identity, SIM cards, and bankcard security chips.]]> 2022-10-11T19:22:42+00:00 http://security.googleblog.com/2022/10/google-pixel-7-and-pixel-7-pro-next.html www.secnews.physaphae.fr/article.php?IdArticle=7482584 False Spam,Malware,Vulnerability,Guideline,Industrial APT 40 None Security Affairs - Blog Secu Experts uncovered a cyber espionage campaign conducted by a China-linked APT group and aimed at several entities in the South China Sea. Proofpoint's Threat Research Team uncovered a cyber espionage campaign targeting entities across the world that was orchestrated by a China-linked threat actor. The campaign aimed at entities in Australia, Malaysia, and Europe, as […] ]]> 2022-08-31T13:03:30+00:00 https://securityaffairs.co/wordpress/135076/apt/apt40-scanbox-campaign.html www.secnews.physaphae.fr/article.php?IdArticle=6645584 False Threat APT 40 None The Register - Site journalistique Anglais 2022-08-31T05:02:05+00:00 https://go.theregister.com/feed/www.theregister.com/2022/08/31/chinanexus_apt40_targeting_australian_government/ www.secnews.physaphae.fr/article.php?IdArticle=6640351 False None APT 40 None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2022-08-30T16:00:43+00:00 https://threatpost.com/watering-hole-attacks-push-scanbox-keylogger/180490/ www.secnews.physaphae.fr/article.php?IdArticle=6627513 False Industrial APT 40 None TroyHunt - Blog Security 2022-06-30T13:49:56+00:00 https://arstechnica.com/?p=1863684 www.secnews.physaphae.fr/article.php?IdArticle=5471666 False Industrial APT 40 None The Security Ledger - Blog Sécurité 2021-07-23T22:03:21+00:00 https://feeds.feedblitz.com/~/659295268/0/thesecurityledger~Episode-Biden-Unmasked-APT-But-Does-It-Matter/ www.secnews.physaphae.fr/article.php?IdArticle=3123305 False Industrial APT 40 None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2021-07-21T17:31:16+00:00 https://threatpost.com/indictments-attribution-chinese-hacking/168005/ www.secnews.physaphae.fr/article.php?IdArticle=3106756 False Industrial APT 40 None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence UK and Allies Accuse China for a Pervasive Pattern of Hacking, Breaching Microsoft Exchange Servers (published: July 19, 2021) On July 19th, 2021, the US, the UK, and other global allies jointly accused China in a pattern of aggressive malicious cyber activity. First, they confirmed that Chinese state-backed actors (previously identified under the group name Hafnium) were responsible for gaining access to computer networks around the world via Microsoft Exchange servers. The attacks took place in early 2021, affecting over a quarter of a million servers worldwide. Additionally, APT31 (Judgement Panda) and APT40 (Kryptonite Panda) were attributed to Chinese Ministry of State Security (MSS), The US Department of Justice (DoJ) has indicted four APT40 members, and the Cybersecurity and Infrastructure Security Agency (CISA) shared indicators of compromise of the historic APT40 activity. Analyst Comment: Network defense-in-depth and adherence to information security best practices can assist organizations in reducing the risk. Pay special attention to the patch and vulnerability management, protecting credentials, and continuing network hygiene and monitoring. When possible, enforce the principle of least privilege, use segmentation and strict access control measures for critical data. Organisations can use Anomali Match to perform real time forensic analysis for tracking such attacks. MITRE ATT&CK: [MITRE ATT&CK] Drive-by Compromise - T1189 | [MITRE ATT&CK] Exploit Public-Facing Application - T1190 | [MITRE ATT&CK] External Remote Services - T1133 | [MITRE ATT&CK] Server Software Component - T1505 | [MITRE ATT&CK] Exploitation of Remote Services - T1210 Tags: Hafnium, Judgement Panda, APT31, TEMP.Jumper, APT40, Kryptonite Panda, Zirconium, Leviathan, TEMP.Periscope, Microsoft Exchange, CVE-2021-26857, CVE-2021-26855, CVE-2021-27065, CVE-2021-26858, Government, EU, UK, North America, China NSO’s Spyware Sold to Authoritarian Regimes Used to Target Activists, Politicians and Journalists (published: July 18, 2021) Israeli surveillance company NSO Group supposedly sells spyware to vetted governments bodies to fight crime and terrorism. New research discovered NSO’s tools being used against non-criminal actors, pro-democracy activists and journalists investigating corruption, political opponents and government critics, diplomats, etc. In some cases, the timeline of this surveillance coincided with journalists' arrests and even murders. The main penetration tool used by NSO is malware Pegasus that targets both iPho]]> 2021-07-20T15:00:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-china-blamed-for-microsoft-exchange-attacks-israeli-cyber-surveillance-companies-help-oppressive-governments-and-more www.secnews.physaphae.fr/article.php?IdArticle=3100256 False Ransomware,Malware,Tool,Vulnerability,Threat,Studies,Guideline,Industrial APT 41,APT 40,APT 28,APT 31 None Security Affairs - Blog Secu 2021-07-19T20:36:16+00:00 https://securityaffairs.co/wordpress/120316/apt/doj-members-apt40.html?utm_source=rss&utm_medium=rss&utm_campaign=doj-members-apt40 www.secnews.physaphae.fr/article.php?IdArticle=3096450 False Industrial APT 40 None SecurityWeek - Security News 2021-07-19T13:44:03+00:00 http://feedproxy.google.com/~r/securityweek/~3/GQEbQ009wb0/us-allies-officially-accuse-china-microsoft-exchange-attacks www.secnews.physaphae.fr/article.php?IdArticle=3093748 False Industrial APT 40 None Bleeping Computer - Magazine Américain 2021-07-19T10:44:21+00:00 https://www.bleepingcomputer.com/news/security/us-indicts-members-of-chinese-backed-hacking-group-apt40/ www.secnews.physaphae.fr/article.php?IdArticle=3093811 False Industrial APT 40 None Wired Threat Level - Security News 2020-10-07T18:31:39+00:00 https://www.wired.com/story/amazon-wants-to-win-at-games-so-why-hasnt-it www.secnews.physaphae.fr/article.php?IdArticle=1962083 False Industrial APT 40 None Security Affairs - Blog Secu 2020-10-04T09:35:41+00:00 https://securityaffairs.co/wordpress/109069/breaking-news/security-affairs-newsletter-round-284.html?utm_source=rss&utm_medium=rss&utm_campaign=security-affairs-newsletter-round-284 www.secnews.physaphae.fr/article.php?IdArticle=1955115 False Industrial APT 40 None Security Affairs - Blog Secu 2020-09-27T09:28:15+00:00 https://securityaffairs.co/wordpress/108798/apt/gadolinium-azure-ad-abuses.html?utm_source=rss&utm_medium=rss&utm_campaign=gadolinium-azure-ad-abuses www.secnews.physaphae.fr/article.php?IdArticle=1941721 False Industrial APT 40 None ZD Net - Magazine Info 2020-09-24T21:09:50+00:00 https://www.zdnet.com/article/microsoft-removed-18-azure-ad-apps-used-by-chinese-state-sponsored-hacker-group/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1937536 False Industrial APT 40 None Security Affairs - Blog Secu 2020-02-10T08:28:13+00:00 https://securityaffairs.co/wordpress/97582/apt/malaysias-mycert-apt40-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=1533226 False Industrial APT 40 None ZD Net - Magazine Info 2020-02-07T01:25:41+00:00 https://www.zdnet.com/article/malaysia-warns-of-chinese-hacking-campaign-targeting-government-projects/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1528965 False Industrial APT 40 None Malwarebytes Labs - MalwarebytesLabs Our weekly security roundup for January 13-19, with a look at elastic servers, data enrichment, rootkits, regulation for deepfakes, and more. Categories: A week in security Tags: apt40Ciscocitrixdata enrichmentdeepfakeselastic serversemotetrootkittravelexweleakinfo (Read more...) ]]> 2020-01-20T16:32:45+00:00 https://blog.malwarebytes.com/a-week-in-security/2020/01/a-week-in-security-january-13-19/ www.secnews.physaphae.fr/article.php?IdArticle=1502313 False Industrial APT 40 None ZD Net - Magazine Info 2020-01-13T17:01:05+00:00 https://www.zdnet.com/article/report-chinese-hacking-group-apt40-hides-behind-network-of-front-companies/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1501614 False None APT 40 4.0000000000000000 Security Affairs - Blog Secu 2019-03-06T07:59:00+00:00 https://securityaffairs.co/wordpress/82018/apt/apt40-naval-industry.html www.secnews.physaphae.fr/article.php?IdArticle=1055606 False Industrial APT 40 None SecurityWeek - Security News 2019-03-05T13:19:03+00:00 https://www.securityweek.com/state-sponsored-hackers-supporting-china%E2%80%99s-naval-modernization-efforts-report www.secnews.physaphae.fr/article.php?IdArticle=1055437 False Industrial APT 40 None Mandiant - Blog Sécu de Mandiant FireEye is highlighting a cyber espionage operation targeting crucial technologies and traditional intelligence targets from a China-nexus state sponsored actor we call APT40. The actor has conducted operations since at least 2013 in support of China\'s naval modernization effort. The group has specifically targeted engineering, transportation, and the defense industry, especially where these sectors overlap with maritime technologies. More recently, we have also observed specific targeting of countries strategically important to the Belt and Road Initiative including Cambodia, Belgium, Germany]]> 2019-03-04T13:00:00+00:00 https://www.mandiant.com/resources/blog/apt40-examining-a-china-nexus-espionage-actor www.secnews.physaphae.fr/article.php?IdArticle=8377710 False None APT 40,APT 40 4.0000000000000000 Security Affairs - Blog Secu 2018-11-15T11:04:02+00:00 https://securityaffairs.co/wordpress/78047/apt/temp-periscope-false-flag.html www.secnews.physaphae.fr/article.php?IdArticle=898007 False Industrial APT 40 None Data Security Breach - Site de news Francais TEMP.Periscope : Des pirates Chinois, amateurs d’éléctions présidentielles ? est apparu en premier sur Data Security Breach. ]]> 2018-07-20T09:33:00+00:00 http://www.datasecuritybreach.fr/temp-periscope-des-pirates-chinois-amateurs-delections-presidentielles/ www.secnews.physaphae.fr/article.php?IdArticle=747691 False Industrial APT 40 None Security Affairs - Blog Secu 2018-07-12T08:22:03+00:00 https://securityaffairs.co/wordpress/74378/intelligence/temp-periscope-cambodia.html www.secnews.physaphae.fr/article.php?IdArticle=741376 False Industrial APT 40 None Mandiant - Blog Sécu de Mandiant Introduction FireEye has examined a range of TEMP.Periscope activity revealing extensive interest in Cambodia\'s politics, with active compromises of multiple Cambodian entities related to the country\'s electoral system. This includes compromises of Cambodian government entities charged with overseeing the elections, as well as the targeting of opposition figures. This campaign occurs in the run up to the country\'s July 29, 2018, general elections. TEMP.Periscope used the same infrastructure for a range of activity against other more traditional targets, including the defense industrial base]]> 2018-07-10T07:00:00+00:00 https://www.mandiant.com/resources/blog/chinese-espionage-group-targets-cambodia-ahead-of-elections www.secnews.physaphae.fr/article.php?IdArticle=8377736 False Industrial APT 40 4.0000000000000000 Adam Shostack - American Security Blog Continue reading "Threat Model Thursdays: Crispin Cowan"]]> 2018-07-05T17:10:01+00:00 https://adam.shostack.org/blog/2018/07/threat-model-thursdays-crispin-cowan/ www.secnews.physaphae.fr/article.php?IdArticle=731749 False Threat,Industrial APT 40 None UnderNews - Site de news "pirate" francais Un groupe de cyber-espionnage chinois (TEMP.Periscope) s'attaque à des entreprises américaines dans les secteurs de l'ingénierie et du maritime.]]> 2018-03-20T09:52:03+00:00 http://feedproxy.google.com/~r/undernews/oCmA/~3/9d23Df75lZw/un-groupe-de-cyber-espionnage-chinois-sattaque-a-des-entreprises-americaines.html www.secnews.physaphae.fr/article.php?IdArticle=531310 False Industrial APT 40 None Security Affairs - Blog Secu 2018-03-17T16:49:02+00:00 http://securityaffairs.co/wordpress/70355/hacking/temp-periscope-espionage.html www.secnews.physaphae.fr/article.php?IdArticle=522933 False Industrial APT 40 None SecurityWeek - Security News says. ]]> 2018-03-16T20:36:03+00:00 http://feedproxy.google.com/~r/Securityweek/~3/XyHzIV30FB8/china-linked-hackers-target-engineering-and-maritime-industries www.secnews.physaphae.fr/article.php?IdArticle=520362 True Industrial APT 40 None Mandiant - Blog Sécu de Mandiant Leviathan ”par d'autres sociétés de sécurité. La campagne actuelle est une forte escalade de l'activité détectée

---

Intrusions Focus on the Engineering and Maritime Sector Since early 2018, FireEye (including our FireEye as a Service (FaaS), Mandiant Consulting, and iSIGHT Intelligence teams) has been tracking an ongoing wave of intrusions targeting engineering and maritime entities, especially those connected to South China Sea issues. The campaign is linked to a group of suspected Chinese cyber espionage actors we have tracked since 2013, dubbed TEMP.Periscope. The group has also been reported as “Leviathan” by other security firms. The current campaign is a sharp escalation of detected activity]]> 2018-03-15T23:00:00+00:00 https://www.mandiant.com/resources/blog/suspected-chinese-espionage-group-targeting-maritime-and-engineering-industries www.secnews.physaphae.fr/article.php?IdArticle=8377750 False None APT 40 4.0000000000000000 IT Security Guru - Blog Sécurité Leviathan, an espionage group active since 2014, is launching cyber attacks against the maritime and defense sectors- focusing specifically on contractors and associated University Research institutions. View Full Story  ORIGINAL SOURCE: ZDNet ]]> 2017-10-19T09:50:25+00:00 http://www.itsecurityguru.org/2017/10/19/group-launches-cyber-attacks-maritime-defense-sectors/ www.secnews.physaphae.fr/article.php?IdArticle=421084 False Industrial APT 40 None