This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-12T00:35:19+00:00 www.secnews.physaphae.fr We Live Security - Editeur Logiciel Antivirus ESET 2019-04-01T14:24:05+00:00 https://www.welivesecurity.com/2019/04/01/cryptocurrency-exchange-millions-heist/ www.secnews.physaphae.fr/article.php?IdArticle=1087621 False None Bithumb None ZD Net - Magazine Info 2019-03-30T20:28:00+00:00 https://www.zdnet.com/article/bithumb-cryptocurrency-exchange-hacked-a-third-time-in-two-years/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1087469 False None Bithumb None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2019-03-30T03:09:05+00:00 https://thehackernews.com/2019/03/bithumb-cryptocurrency-hacked.html www.secnews.physaphae.fr/article.php?IdArticle=1087400 False None Bithumb None Zataz - Magazine Francais de secu 25 millions d’euros en crypto-monnaies volés à BitHumb est apparu en premier sur ZATAZ. ]]> 2018-06-27T09:51:00+00:00 https://www.zataz.com/euros-cryptomonnaies-bithumb/ www.secnews.physaphae.fr/article.php?IdArticle=725138 False None Bithumb,Bithumb None Security Affairs - Blog Secu 2018-06-26T04:44:00+00:00 https://securityaffairs.co/wordpress/73903/apt/hwp-documents-lazarus-apt.html www.secnews.physaphae.fr/article.php?IdArticle=723253 False Hack,Threat APT 38,Bithumb None Dark Reading - Informationweek Branch 2018-06-25T18:30:00+00:00 https://www.darkreading.com/attacks-breaches/malware-in-south-korean-cyberattacks-linked-to-bithumb-heist/d/d-id/1332144?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple www.secnews.physaphae.fr/article.php?IdArticle=722895 False Malware,Medical APT 38,Bithumb,Bithumb None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC discussed and reviewed by researchers in South Korea over the past week. The malware is linked to Lazarus, a reportedly North Korean group of attackers. One malicious document appears to be targeting members of a recent G20 Financial Meeting, seeking coordination of the economic policies between the wealthiest countries. Another is reportedly related to the recent theft of $30 million from the Bithumb crypto-currency exchange in South Korea. This article stands very much on the shoulders of other work by researchers in South Korea. Credit for initially identifying these documents goes to @issuemakerslab, @_jsoo_ and others. Malicious Documents We looked at three similar malicious documents: 국제금융체제 실무그룹 회의결과.hwp ("Results of the international financial system working group meeting") - cf09201f02f2edb9c555942a2d6b01d4 금융안정 컨퍼런스 개최결과.hwp ("Financial Stability Conference held") -  69ad5bd4b881d6d1fdb7b19939903e0b 신재영 전산담당 경력.hwp (“[Name] Computer Experience”) - 06cfc6cda57fb5b67ee3eb0400dd5b97 The decoy document, mentioning the G20 International Financial Architecture Working Group Meeting The decoy document of a resume These are Hangul Word Processor (“HWP”) files - a South Korean document editor. The HWP files contain malicious postscript code to download either a 32 or 64 bit version of the next stage from: https://tpddata[.]com/skins/skin-8.thm - eb6275a24d047e3be05c2b4e5f50703d - 32 bit https://tpddata[.]com/skins/skin-6.thm - a6d1424e1c33ac7a95eb5b92b923c511 - 64 bit The malware is Manuscrypt (previously described by McAfee and ]]> 2018-06-22T14:41:00+00:00 http://feeds.feedblitz.com/~/557751904/0/alienvault-blogs~Malicious-Documents-from-Lazarus-Group-Targeting-South-Korea www.secnews.physaphae.fr/article.php?IdArticle=740332 False None APT 38,Bithumb,Wannacry None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC The Tesla Insider Elon Musk sent out an email stating an employee had stabbed the company in the back like Brutus, changing production code, and leaking inside information. I'll admit that like many people who have talked about or written about insider threats in the past, I instinctively punched the air and yelled, "YES! I warned you but you didn't listen." The incident is also notable for the impact it had on the company's  share price which dropped more than 6% in trading. "I was dismayed to learn this weekend about a Tesla employee who had conducted quite extensive and damaging sabotage to our operations, this included making direct code changes to the Tesla Manufacturing Operating System under false usernames and exporting large amounts of highly sensitive Tesla data to unknown third parties." Insider threats defined | AlienVault Tesla hit by insider saboteur who changed code, exfiltrated data | SC Magazine Tesla sinks after Elon Musk says an employee conducted 'sabotage' and Trump ramps up fears of a trade war (TSLA) | Business Insider Can't Fix Won't Fix, Don't Fix Organisations cannot afford to view penetration testing as a tick box exercise. How should they mitigate the fact some vulnerabilities can’t be fixed, won’t be fixed, and in some instances, actually shouldn’t be fixed? Can’t fix, won’t fix, don’t fix: Is it time for businesses to rethink how they action pen test results?| IT Pro Portal On the topic of pen tests, check out Adrian Sanabria's presentation slides from RSA earlier this year on killing the pen test. It's time to kill the pen test (PDF) | RSAconference To add balance, and to convince you pen testers out there that I'm not a bad person who hates all pen testers, here's an awesome collection of penetration testing resources that include tools, online resources, books, courses, conferences, magazine... Awesome Penetration Testing | Kinimiwar, GitHub A Case Study In Bad Disclosure Imagine you're a researcher and have found a vulnerability, you then disclose it responsibly to a vendor, then that vendor fixes the issue - but instead of sending the chopper over to you with a care package, they pretend like you didn't exist. Akin to Tom Cruise getting disavowed in every single Mission Impossible movie. Then imagine that vendor submitted the vulnerability details to Google and received a bug bounty award to the tune of $5,000. Then to top it off, they sat back in a massive reclining chair, threw their head back and laughed as they donated the full $5,000 to a good cause. ]]> 2018-06-22T13:00:00+00:00 http://feeds.feedblitz.com/~/557751908/0/alienvault-blogs~Things-I-Hearted-this-Week-nd-June www.secnews.physaphae.fr/article.php?IdArticle=740333 False Hack,Vulnerability,Guideline Tesla,Tesla,Bithumb None InformationSecurityBuzzNews - Site de News Securite South Korea 35bn Won Bithumb Theft]]> 2018-06-21T11:45:01+00:00 https://www.informationsecuritybuzz.com/expert-comments/south-korea-35bn-won-bithumb-theft/ www.secnews.physaphae.fr/article.php?IdArticle=715399 False None Bithumb None We Live Security - Editeur Logiciel Antivirus ESET 2018-06-21T08:04:01+00:00 https://www.welivesecurity.com/2018/06/21/south-koreas-largest-cryptocurrency-exchange-hacked/ www.secnews.physaphae.fr/article.php?IdArticle=715149 False None Bithumb None The State of Security - Magazine Américain Read More ]]> 2018-06-20T12:34:04+00:00 https://www.tripwire.com/state-of-security/security-data-protection/south-korean-cryptocurrency-exchange-loses-32m-in-heist/ www.secnews.physaphae.fr/article.php?IdArticle=713654 False None Bithumb None Security Affairs - Blog Secu 2018-06-20T11:08:01+00:00 https://securityaffairs.co/wordpress/73720/data-breach/bithumb-hack.html www.secnews.physaphae.fr/article.php?IdArticle=713484 True None Bithumb None Bleeping Computer - Magazine Américain 2018-06-20T04:00:00+00:00 https://www.bleepingcomputer.com/news/security/bithumb-hacked-second-time-in-a-year-hackers-steal-31-million/ www.secnews.physaphae.fr/article.php?IdArticle=713281 False None Bithumb None AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC application compiled on Christmas Eve 2017. It is an Installer for software to mine the Monero crypto-currency. Any mined currency is sent to Kim Il Sung University in Pyongyang, North Korea. The Installer copies a file named intelservice.exe to the system. The filename intelservice.exe is often associated with crypto-currency mining malware. Based on the arguments it’s executed with, it’s likely a piece of software called xmrig.  It’s not unusual to see xmrig in malware campaigns. It was recently used in some wide campaigns exploiting unpatched IIS servers to mine Monero. The Installer executes Xmrig with the following command: "-o barjuok.ryongnamsan.edu.kp:5615 -u 4JUdGzvrMFDWrUUwY... -p KJU" + processorCount + " -k -t " + (processorCount -1)" The installer passes xmrig the following arguments: 4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRy5YeFCqgoUMnzumvS is the address of the Monero wallet barjuok.ryongnamsan.edu.kp is the mining server that would receive any mined currency. The ryongnamsan.edu.kp domain indicates this server is located at Kim Il Sung University. The password, KJU, is a possible reference to Kim Jong-un Why was this application created? The hostname barjuok.ryongnamsan.edu.kp address doesn’t currently resolve. That means the software can’t send mined currency to the authors - on most networks. It may be that: The application is designed to be run within another network, such as that of the university itself; The address used to resolve but no longer does; or The usage of a North Korean server is a prank to trick security researchers. It’s not clear if we’re looking at an early test of an attack, or part of a ‘legitimate’ mining operation where the owners of ]]> 2018-01-08T14:00:00+00:00 http://feeds.feedblitz.com/~/515873718/0/alienvaultotx~A-North-Korean-Monero-Cryptocurrency-Miner www.secnews.physaphae.fr/article.php?IdArticle=456470 False None APT 38,Bithumb,Wannacry None InformationSecurityBuzzNews - Site de News Securite Bithumb Exchange Breach: “This Latest Attack Is Troublesome On A Variety Of Levels. ….”]]> 2017-07-07T13:18:50+00:00 http://www.informationsecuritybuzz.com/expert-comments/bithumb-exchange-breach-latest-attack-troublesome-variety-levels/ www.secnews.physaphae.fr/article.php?IdArticle=382423 False None Bithumb None IT Security Guru - Blog Sécurité 2017-07-06T10:08:51+00:00 http://www.itsecurityguru.org/2017/07/06/largest-cryptocurrency-exchange-hacked-1-million-worth-bitcoin-stolen/ www.secnews.physaphae.fr/article.php?IdArticle=381801 False Guideline Bithumb 5.0000000000000000 Dark Reading - Informationweek Branch 2017-07-05T20:25:00+00:00 https://www.darkreading.com/threat-intelligence/bitcoin-funds-stolen-from-bithumb-exchange/d/d-id/1329275?_mc=RSS_DR_EDT www.secnews.physaphae.fr/article.php?IdArticle=381814 False None Bithumb None Graham Cluley - Blog Security Read more in my article on the Hot for Security blog. ]]> 2017-07-05T12:48:46+00:00 https://hotforsecurity.bitdefender.com/blog/major-cryptocurrency-exchange-hacked-customers-bitcoin-and-ethereum-accounts-plundered-18340.html#new_tab www.secnews.physaphae.fr/article.php?IdArticle=381364 False None Bithumb None SecurityWeek - Security News 2017-07-05T12:30:39+00:00 http://feedproxy.google.com/~r/Securityweek/~3/xNGDF7SWYNQ/bitcoin-ethereum-stolen-following-bithumb-hack www.secnews.physaphae.fr/article.php?IdArticle=381321 False None Bithumb None IT Security Guru - Blog Sécurité 2017-07-05T09:10:16+00:00 http://www.itsecurityguru.org/2017/07/05/hackers-steal-billions-s-korean-won-hacking-4th-largest-bitcoin-exchange/ www.secnews.physaphae.fr/article.php?IdArticle=381238 False None Bithumb 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2017-07-05T03:18:16+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/muu5Bvavt10/bitcoin-ethereum-cryptocurrency-exchange.html www.secnews.physaphae.fr/article.php?IdArticle=381302 False None Bithumb None Bleeping Computer - Magazine Américain 2017-07-04T19:49:29+00:00 https://www.bleepingcomputer.com/news/security/fourth-largest-cryptocurrency-exchange-was-hacked-users-lose-ethereum-and-bitcoin/ www.secnews.physaphae.fr/article.php?IdArticle=381223 False None Bithumb None