This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-17T10:42:39+00:00 www.secnews.physaphae.fr IndustrialCyber - cyber risk firms for industrial In a letter to the Cybersecurity and Infrastructure Security Agency (CISA), a U.S. Senator warned of the threat... ]]> 2024-05-16T12:10:52+00:00 https://industrialcyber.co/critical-infrastructure/senator-vance-issues-warning-on-china-backed-volt-typhoon-threat-to-us-critical-infrastructure/ www.secnews.physaphae.fr/article.php?IdArticle=8500935 False Threat Guam 3.0000000000000000 Recorded Future - FLux Recorded Future 2024-05-08T01:43:23+00:00 https://therecord.media/volt-typhoon-targets-underestimated-cisa-says www.secnews.physaphae.fr/article.php?IdArticle=8495600 False None Guam 2.0000000000000000 Recorded Future - FLux Recorded Future 2024-05-07T12:11:45+00:00 https://therecord.media/china-volt-typhoon-direct-talks-us-china www.secnews.physaphae.fr/article.php?IdArticle=8495211 False None Guam 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Wray a indiqué que le FBI considère la Chine comme une menace plus imminente pour les infrastructures américaines alors que des groupes de piratage comme Volt Typhoon Position Resources pour une perturbation avant une confrontation potentielle avec les États-Unis au-dessus de Taïwan dès 2027.

---

>Wray indicated the FBI sees China as a more imminent threat to U.S. infrastructure as hacking groups like Volt Typhoon position resources for disruption ahead of a potential confrontation with the U.S. over Taiwan as early as 2027. ]]> 2024-04-19T17:05:09+00:00 https://cyberscoop.com/fbi-warns-china-preparing-for-disruptive-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8485382 False Threat Guam 3.0000000000000000 Dark Reading - Informationweek Branch Following the Volt Typhoon attacks on critical infrastructure in the region by China, the US reportedly will share cybersecurity threat information with both countries.]]> 2024-04-10T23:00:00+00:00 https://www.darkreading.com/cybersecurity-operations/japan-philippines-us-forge-cyber-threat-intelligence-sharing-alliance www.secnews.physaphae.fr/article.php?IdArticle=8479615 False Threat Guam 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-04-05T13:39:39+00:00 https://community.riskiq.com/article/b4f39b04 www.secnews.physaphae.fr/article.php?IdArticle=8476526 False Malware,Tool,Vulnerability,Threat,Studies,Industrial,Prediction,Technical Guam 3.0000000000000000 Recorded Future - FLux Recorded Future Plusieurs groupes de piratage basés en Chine, dont Volt Typhoon, visent un trio de vulnérabilités affectant son géant ivanti aux côtés de multiples opérations cybercriminales.L'Agence de sécurité de la cybersécurité et de l'infrastructure (CISA) et plusieurs des principales agences de cybersécurité du monde ont publié des avertissements sur les vulnérabilités - étiquetées CVE-2023-46805, CVE-2024-21887 et CVE-2024-21893 - en raison deleur utilisation généralisée

---

Several China-based hacking groups, including Volt Typhoon, are targeting a trio of vulnerabilities affecting IT giant Ivanti alongside multiple cybercriminal operations. The Cybersecurity and Infrastructure Security Agency (CISA) and several of the world\'s leading cybersecurity agencies have released warnings about the vulnerabilities - labeled CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893 - due to their widespread use]]> 2024-04-04T16:40:24+00:00 https://therecord.media/volt-typhoon-china-targeting-energy-defense-ivanti-bugs www.secnews.physaphae.fr/article.php?IdArticle=8476005 False Vulnerability Guam 3.0000000000000000 Mandiant - Blog Sécu de Mandiant   Since the initial disclosure of CVE-2023-46805 and CVE-2024-21887 on Jan. 10, 2024, Mandiant has conducted multiple incident response engagements across a range of industry verticals and geographic regions. Mandiant\'s previous blog post, Cutting Edge, Part 3: Investigating Ivanti Connect Secure VPN Exploitation and Persistence Attempts, details zero-day exploitation of CVE-2024-21893 and CVE-2024-21887 by a suspected China-nexus espionage actor that Mandiant tracks as UNC5325.  This blog post, as well as our previous reports detailing Ivanti exploitation, help to underscore the different types of activity that Mandiant has observed on vulnerable Ivanti Connect Secure appliances that were unpatched or did not have the appropriate mitigation applied.  Mandiant has observed different types of post-exploitation activity across our incident response engagements, including lateral movement supported by the deployment of open-source tooling and custom malware families. In addition, we\'ve seen these suspected China-nexus actors evolve their understanding of Ivanti Connect Secure by abusing appliance-specific functionality to achieve their objectives. As of April 3, 2024, a patch is readily available for every supported version of Ivanti Connect Secure affected by the vulnerabilities. We recommend that customers follow Ivanti\'s latest patching guidance and instructions to prevent further exploitation activity. In addition, Ivanti released a new enhanced external integrity checker tool (ICT) to detect potential attempts of malware persistence across factory resets and system upgrades and other tactics, techniques, and procedures (TTPs) observed in the wild. We also released a remediation and hardening guide]]> 2024-04-04T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/ivanti-post-exploitation-lateral-movement/ www.secnews.physaphae.fr/article.php?IdArticle=8500398 False Malware,Tool,Vulnerability,Threat,Studies,Mobile,Cloud Guam 3.0000000000000000 Dark Reading - Informationweek Branch Kiribati, the Marshall Islands, Micronesia, Nauru, and Palau participate in the cybersecurity exercise held in Guam.]]> 2024-03-25T12:34:16+00:00 https://www.darkreading.com/cyber-risk/japan-runs-inaugural-cyber-defense-drills-with-pacific-island-nations www.secnews.physaphae.fr/article.php?IdArticle=8470151 False None Guam 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The agency has issued a fact sheet about the threat actor, emphasizing the importance of cyber-risk as a core business concern]]> 2024-03-20T17:00:00+00:00 https://www.infosecurity-magazine.com/news/cisa-warns-critical-infrastructure/ www.secnews.physaphae.fr/article.php?IdArticle=8467425 False Threat Guam 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Transnational security agencies collaborated once more to issue a fact sheet alerting critical infrastructure leaders to the imminent... ]]> 2024-03-20T15:28:59+00:00 https://industrialcyber.co/cisa/transnational-security-agencies-warn-of-volt-typhoon-cyber-threat-emphasize-cyber-risk-as-core-business-risk/ www.secnews.physaphae.fr/article.php?IdArticle=8467399 False Threat Guam 2.0000000000000000 The Register - Site journalistique Anglais Unless you want to be the next Change Healthcare, that is The Feds and friends yesterday issued yet another warning about China\'s Volt Typhoon gang, this time urging critical infrastructure owners and operators to protect their facilities against destructive cyber attacks that may be brewing.…]]> 2024-03-20T10:15:08+00:00 https://go.theregister.com/feed/www.theregister.com/2024/03/20/five_eyes_volt_typhoon/ www.secnews.physaphae.fr/article.php?IdArticle=8467248 False Medical Guam 3.0000000000000000 Dark Reading - Informationweek Branch The China-backed APT that\'s been trying to set itself up inside US critical infrastructure for the purpose of disrupting physical processes is deploying a similar playbook in Africa.]]> 2024-02-28T21:45:24+00:00 https://www.darkreading.com/vulnerabilities-threats/voltzite-zaps-african-utilities-volt-typhoon-onslaught www.secnews.physaphae.fr/article.php?IdArticle=8456652 False None Guam 4.0000000000000000 TechRepublic - Security News US The outing of China-backed threat actor Volt Typhoon and Microsoft\'s compromise by Russia-backed Midnight Blizzard provide important cyber security strategy lessons for Australia, says Tenable.]]> 2024-02-22T14:52:59+00:00 https://www.techrepublic.com/article/australian-cyber-security-pros-state-sponsored-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8453708 False Threat Guam 3.0000000000000000 Dragos - CTI Society Voltzite est un groupe de menaces actif suivi par Dragos Intelligence.Ce groupe partage des chevauchements avec Volt Typhoon (Microsoft) et le ... The Post groupe de menaces voltzite \\Sous le cyber-espionnage radar sur les systèmes critiques américains est apparu pour la première fois sur dragos .

---

>VOLTZITE is an active threat group tracked by Dragos Intelligence. This group shares overlaps with Volt Typhoon (Microsoft) and the... The post VOLTZITE Threat Group\'s Under the Radar Cyber Espionage on U.S. Critical Systems  first appeared on Dragos.]]> 2024-02-22T13:00:00+00:00 https://www.dragos.com/blog/voltzite-threat-group-under-the-radar-cyber-espionage-on-us-critical-systems/ www.secnews.physaphae.fr/article.php?IdArticle=8453659 False Threat,Industrial Guam 2.0000000000000000 Dark Reading - Informationweek Branch "Voltzite," the APT\'s subset that focuses on OT networks and critical infrastructure, has also compromised targets in Africa.]]> 2024-02-15T22:31:47+00:00 https://www.darkreading.com/vulnerabilities-threats/volt-typhoon-hits-multiple-electric-cos-expands-cyber-activity www.secnews.physaphae.fr/article.php?IdArticle=8450608 False Industrial,Industrial Guam 4.0000000000000000 The Register - Site journalistique Anglais Jeez, not now, Xi. Can\'t you see we\'ve got an election and Ukraine and Gaza and cost of living and layoffs and ... The Chinese government\'s Volt Typhoon spy team has apparently already compromised a large US city\'s emergency services network and has been spotted snooping around America\'s telecommunications\' providers as well.…]]> 2024-02-14T21:00:06+00:00 https://go.theregister.com/feed/www.theregister.com/2024/02/14/volt_typhoon_emergency_network/ www.secnews.physaphae.fr/article.php?IdArticle=8450137 False None Guam 2.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Les chercheurs de Dragos ont constaté que le groupe de piratage parrainé par la Chine attaque les services publics d'électricité depuis 2023.

---

>Dragos researchers found that the China-sponsored hacking group has been attacking electric utilities since 2023. ]]> 2024-02-13T23:06:54+00:00 https://cyberscoop.com/volt-typhoon-critical-infrastructure-report/ www.secnews.physaphae.fr/article.php?IdArticle=8449755 False None Guam 3.0000000000000000 Wired Threat Level - Security News Plus: China\'s Volt Typhoon hackers lurked in US systems for years, the Biden administration\'s crackdown on spyware vendors ramps up, and a new pro-Beijing disinformation campaign gets exposed.]]> 2024-02-10T14:00:00+00:00 https://www.wired.com/story/3-million-hacked-toothbrushes-urban-legend/ www.secnews.physaphae.fr/article.php?IdArticle=8448684 False None Guam 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. government on Wednesday said the Chinese state-sponsored hacking group known as Volt Typhoon had been embedded into some critical infrastructure networks in the country for at least five years. Targets of the threat actor include communications, energy, transportation, and water and wastewater systems sectors in the U.S. and Guam. "Volt Typhoon\'s choice of targets and pattern]]> 2024-02-08T18:35:00+00:00 https://thehackernews.com/2024/02/chinese-hackers-operate-undetected-in.html www.secnews.physaphae.fr/article.php?IdArticle=8448027 False Threat Guam 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The US claims to have discovered Chinese Volt Typhoon intrusions in multiple critical infrastructure sectors]]> 2024-02-08T10:00:00+00:00 https://www.infosecurity-magazine.com/news/us-warns-of-destructive-chinese/ www.secnews.physaphae.fr/article.php?IdArticle=8447953 False None Guam 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial L'Agence américaine de sécurité de la cybersécurité et de l'infrastructure (CISA), la National Security Agency (NSA) et le Federal Bureau of Investigation (FBI), ...

---

>The U.S. Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI),... ]]> 2024-02-08T08:20:09+00:00 https://industrialcyber.co/threats-attacks/global-security-partners-issue-cybersecurity-advisory-on-state-sponsored-chinese-hacker-group-volt-typhoon/ www.secnews.physaphae.fr/article.php?IdArticle=8447934 False None Guam 3.0000000000000000 Dark Reading - Informationweek Branch Volt Typhoon is positioning itself to physically disrupt and cripple US critical infrastructure by gaining access to operational technology networks in the energy, water, communications, and transportation sectors, according to CISA.]]> 2024-02-07T23:12:03+00:00 https://www.darkreading.com/threat-intelligence/china-cyberattackers-disrupt-us-critical-infrastructure www.secnews.physaphae.fr/article.php?IdArticle=8447829 False None Guam 3.0000000000000000 SecurityWeek - Security News New CISA alert includes technical mitigations to harden attack surfaces and instructions to hunt for the Chinese government-backed hackers. ]]> 2024-02-07T21:45:09+00:00 https://www.securityweek.com/cisa-chinas-volt-typhoon-hackers-planning-critical-infrastructure-disruption/ www.secnews.physaphae.fr/article.php?IdArticle=8447815 False Technical Guam 2.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Les responsables du FBI, de la NSA et de la CISA avertissent que les acteurs de Volt Typhoon "se préposent sur les réseaux informatiques pour permettre au mouvement latéral des actifs pour perturber les fonctions". "

---

>FBI, NSA and CISA officials warn that Volt Typhoon actors are "pre-positioning themselves on IT networks to enable lateral movement to OT assets to disrupt functions." ]]> 2024-02-07T18:22:35+00:00 https://cyberscoop.com/feds-chinese-hacking-operations-have-been-in-critical-infrastructure-networks-for-five-years/ www.secnews.physaphae.fr/article.php?IdArticle=8447754 False Industrial Guam 4.0000000000000000 Silicon - Site de News Francais 2024-02-02T10:39:38+00:00 https://www.silicon.fr/volt-typhoon-les-etats-unis-annoncent-le-demantelement-du-botnet-chinois-475538.html www.secnews.physaphae.fr/article.php?IdArticle=8445922 False None Guam 3.0000000000000000 Dark Reading - Informationweek Branch The China-backed APT was using the botnet, made up of mostly end-of-life, patchless routers from Cisco and Netgear, to set up shop inside US critical infrastructure.]]> 2024-02-01T21:40:00+00:00 https://www.darkreading.com/endpoint-security/feds-confirm-remote-killing-volt-typhoon-soho-botnet www.secnews.physaphae.fr/article.php?IdArticle=8445727 False None Guam 3.0000000000000000 Dark Reading - Informationweek Branch Threat actors linked to the People\'s Republic of China, such as Volt Typhoon, continue to "pre-position" themselves in the critical infrastructure of the United States, according to military and law enforcement officials.]]> 2024-02-01T20:30:00+00:00 https://www.darkreading.com/cyberattacks-data-breaches/china-infiltrates-us-critical-infrastructure-ramp-up-conflict www.secnews.physaphae.fr/article.php?IdArticle=8445711 False Threat Guam 3.0000000000000000 HackRead - Chercher Cyber waqas Le KV Botnet, un groupe d'acteurs de menaces parrainé par l'État chinois a attiré une attention généralisée pour compromettre des centaines de routeurs de petit bureau / bureau à domicile basés aux États-Unis (SOHO). Ceci est un article de HackRead.com Lire la publication originale: Le FBI perturbe le Typhoon Volt soutenu par l'État chinois & # 8217; s kv botnet

---

By Waqas The KV Botnet, a Chinese state-sponsored threat actor group gained widespread attention for compromising hundreds of U.S.-based small office/home office (SOHO) routers. This is a post from HackRead.com Read the original post: FBI Disrupts Chinese State-Backed Volt Typhoon’s KV Botnet]]> 2024-02-01T20:23:00+00:00 https://www.hackread.com/fbi-disrupts-china-volt-typhoon-kv-botnet/ www.secnews.physaphae.fr/article.php?IdArticle=8445706 False Threat Guam 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. government on Wednesday said it took steps to neutralize a botnet comprising hundreds of U.S.-based small office and home office (SOHO) routers hijacked by a China-linked state-sponsored threat actor called Volt Typhoon and blunt the impact posed by the hacking campaign. The existence of the botnet, dubbed KV-botnet, was first disclosed by the Black Lotus Labs team at]]> 2024-02-01T17:07:00+00:00 https://thehackernews.com/2024/02/us-feds-shut-down-china-linked-kv.html www.secnews.physaphae.fr/article.php?IdArticle=8445551 False Threat,Legislation Guam 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine US government agencies took down the botnet of Chinese APT Volt Typhoon, used to target critical infrastructure for nation-state espionage]]> 2024-02-01T12:35:00+00:00 https://www.infosecurity-magazine.com/news/us-thwarts-volt-typhoon-espionage/ www.secnews.physaphae.fr/article.php?IdArticle=8445549 False None Guam 2.0000000000000000 The Register - Site journalistique Anglais 2024-01-31T19:41:21+00:00 https://go.theregister.com/feed/www.theregister.com/2024/01/31/volt_typhoon_botnet/ www.secnews.physaphae.fr/article.php?IdArticle=8445293 False Malware Guam 4.0000000000000000 Recorded Future - FLux Recorded Future Le ministère américain de la Justice a confirmé mercredi qu'il avait perturbé un botnet géré par une opération de piratage du gouvernement chinois prolifique connu sous le nom de Volt Typhoon.Les nouvelles du démontage du botnet ont émergé mardi pour la première fois, lorsque Reuters a rapporté que le ministère de la Justice et le FBI ont obtenu l'autorisation légale d'un tribunal américain pour désactiver à distance les outils implantés

---

The U.S. Justice Department confirmed on Wednesday that it disrupted a botnet run by a prolific Chinese government hacking operation known as Volt Typhoon. News of the botnet takedown first emerged on Tuesday, when Reuters reported that the Justice Department and FBI got legal authorization from a U.S. court to remotely disable the tools implanted]]> 2024-01-31T19:25:01+00:00 https://therecord.media/china-run-botnet-takedown-fbi-doj-routers www.secnews.physaphae.fr/article.php?IdArticle=8445296 False Tool Guam 3.0000000000000000 Bleeping Computer - Magazine Américain The FBI has disrupted the KV Botnet used by Chinese Volt Typhoon state hackers to evade detection during attacks targeting U.S. critical infrastructure. [...]]]> 2024-01-31T12:43:28+00:00 https://www.bleepingcomputer.com/news/security/fbi-disrupts-chinese-botnet-by-wiping-malware-from-infected-routers/ www.secnews.physaphae.fr/article.php?IdArticle=8445262 False Malware Guam 3.0000000000000000 SecurityWeek - Security News Le gouvernement américain aurait désactivé des parties d'une cyber campagne de botnet menée par l'acteur de menace chinoise Volt Typhoon.

---

>US government reportedly disabled parts of a botnet-powered cyber campaign conducted by the Chinese threat actor Volt Typhoon. ]]> 2024-01-30T12:54:27+00:00 https://www.securityweek.com/us-disrupted-chinese-hacking-operation-aimed-at-critical-infrastructure-report/ www.secnews.physaphae.fr/article.php?IdArticle=8444814 False Threat Guam 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC AT&T Cybersecurity Alien Labs reviewed the big events of 2023 and how malware morphed this year to try new ways to breach and wreak havoc. This year\'s events kept cybersecurity experts on their toes, from expanding malware variants to introducing new threat actors and attack techniques. Here are some of the most compelling developments, highlighting malware\'s evolving capabilities and the challenges defenders face. Highlights of the year: Emerging trends and notable incidents As the year unfolded, several trends and incidents left an indelible mark on the cybersecurity landscape: Exploiting OneNote for malicious payloads Cybercriminals leveraged Microsoft OneNote to deliver many malicious payloads to victims, including Redline, AgentTesla, Quasar RAT, and others. This previously underutilized Office program became a favored tool due to its low suspicion and widespread usage. SEO poisoning and Google Ads Malicious actors resorted to SEO poisoning tactics, deploying phishing links through Google Ads to deceive unsuspecting victims. These links led to cloned, benign web pages, avoiding Google\'s detection and remaining active for extended periods. Prominent malware families, including Raccoon Stealer and IcedID, capitalized on this strategy. Exploiting geopolitical events Cybercriminals exploited the geopolitical climate, particularly the Middle East conflict, as a lure for their attacks. This trend mirrored the previous year\'s Ukraine-related phishing campaigns and crypto scams. APTs: State-sponsored espionage continues to present challenges Advanced Persistent Threats (APTs) continued to pose a significant threat in 2023: Snake: CISA reported on the Snake APT, an advanced cyber-espionage tool associated with the Russian Federal Security Service (FSB). This malware had been in use for nearly two decades. Volt Typhoon: A campaign targeting critical infrastructure organizations in the United States was attributed to Volt Typhoon, a state-sponsored actor based in China. Their focus lay on espionage and information gathering. Storm-0558: This highly sophisticated intrusion campaign, orchestrated by the Storm-0558 APT from China, infiltrated the email accounts of approximately 25 organizations, including government agencies. Ransomware\'s relentless rise Ransomware remained a prevalent and lucrative threat throughout the year: Cuba and Snatch: Ransomware groups like Cuba and Snatch targeted critical infrastructure in the United States, causing concern for national security. ALPHV/BlackCat: Beyond SEO poisoning, this group compromised the computer systems of Caesar and MGM casinos. They also resorted to filing complaints with the US Securities and Exchange Commission (SEC) against their victims, applying additional pressure to pay ransoms. Exploiting new vulnerabilities: Cybercriminals wasted no time exploiting newly discovered vulnerabilities, such as CVE-2023-22518 in Atlassian\'s Confluence, CVE-2023-4966 (Citrix bleed), and others. These vulnerabilities became gateways for ransomware attacks. Evolving ransom]]> 2024-01-25T11:00:00+00:00 https://cybersecurity.att.com/blogs/labs-research/the-dark-side-of-2023-cybersecurity-malware-evolution-and-cyber-threats www.secnews.physaphae.fr/article.php?IdArticle=8442915 False Ransomware,Spam,Malware,Tool,Vulnerability,Threat,Prediction Guam 3.0000000000000000 Recorded Future - FLux Recorded Future Un groupe de piratage parrainé par l'État en Chine semble cibler les routeurs de fin de vie et les appareils réseau aux États-Unis, au Royaume-Uni et en Australie dans le cadre d'une campagne plus large.Un Nouveau rapport De l'équipe de grève de SecurityScoreCard \\ a découvert de nouvelles infrastructures prétendument liées à prétendument liées au prétendument lien.à un groupe étiqueté comme Volt Typhoon - un gouvernement chinois

---

A prominent state-sponsored hacking group in China appears to be targeting end-of-life Cisco routers and network devices in the U.S., U.K. and Australia as part of a larger campaign. A new report from SecurityScorecard\'s STRIKE Team claims to have discovered new infrastructure allegedly linked to a group labeled as Volt Typhoon - a Chinese government]]> 2024-01-12T18:25:00+00:00 https://therecord.media/cisco-routers-end-of-life-china-espionage-volt-typhoon www.secnews.physaphae.fr/article.php?IdArticle=8438355 False None Guam 3.0000000000000000 Dark Reading - Informationweek Branch The Chinese state-sponsored APT has compromised as many as 30% of Cisco legacy routers on a SOHO botnet that multiple threat groups use.]]> 2024-01-11T22:49:00+00:00 https://www.darkreading.com/cyber-risk/volt-typhoon-ramps-up-malicious-activity-critical-infrastructure www.secnews.physaphae.fr/article.php?IdArticle=8438034 False Threat Guam 3.0000000000000000 Global Security Mag - Site de news francais mise à jour malveillant

---

SecurityScorecard Threat Research: Volt Typhoon Compromises 30% of Cisco RV320/325 Devices in 37 Days - Malware Update]]> 2024-01-11T15:24:12+00:00 https://www.globalsecuritymag.fr/securityscorecard-threat-research-volt-typhoon-compromises-30-of-cisco-rv320.html www.secnews.physaphae.fr/article.php?IdArticle=8437922 False Vulnerability,Threat,Studies Guam 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new botnet consisting of firewalls and routers from Cisco, DrayTek, Fortinet, and NETGEAR is being used as a covert data transfer network for advanced persistent threat actors, including the China-linked threat actor called Volt Typhoon. Dubbed KV-botnet by the Black Lotus Labs team at Lumen Technologies, the malicious network is an amalgamation of two complementary activity]]> 2023-12-15T19:47:00+00:00 https://thehackernews.com/2023/12/new-kv-botnet-targeting-cisco-draytek.html www.secnews.physaphae.fr/article.php?IdArticle=8423240 False Threat Guam 2.0000000000000000 Bleeping Computer - Magazine Américain The Chinese state-sponsored APT hacking group known as Volt Typhoon (Bronze Silhouette) has been linked to a sophisticated botnet named \'KV-botnet\' since at least 2022 to attack SOHO routers in high-value targets. [...]]]> 2023-12-13T17:47:20+00:00 https://www.bleepingcomputer.com/news/security/stealthy-kv-botnet-hijacks-soho-routers-and-vpn-devices/ www.secnews.physaphae.fr/article.php?IdArticle=8422307 False Threat Guam 3.0000000000000000 Soc Radar - Blog spécialisé SOC À mesure que les cyber-courants refluent et s'écoulent, une tempête nommée Typhoon vole du numérique ...

---

>As cyber currents ebb and flow, a storm named Volt Typhoon surges from the digital... ]]> 2023-11-23T14:22:57+00:00 https://socradar.io/apt-profile-volt-typhoon/ www.secnews.physaphae.fr/article.php?IdArticle=8416351 False None Guam 2.0000000000000000 Dark Reading - Informationweek Branch US officials are concerned that the Beijing-directed cyberattacks could be a precursor to military disruption and broader destructive attacks on citizens and businesses.]]> 2023-07-31T20:42:00+00:00 https://www.darkreading.com/vulnerabilities-threats/china-s-volt-typhoon-apt-burrows-us-critical-infrastructure www.secnews.physaphae.fr/article.php?IdArticle=8364025 False None Guam,Guam 2.0000000000000000 AhnLab - Korean Security Firm Les cas de grands groupes APT pour le mai 2023 réunis à partir de documents rendus publics par des sociétés de sécurité et des institutions sont comme commesuit.& # 8211;Agrius & # 8211;Andariel & # 8211;APT28 & # 8211;APT29 & # 8211;APT-C-36 (Blind Eagle) & # 8211;Camaro Dragon & # 8211;CloudWizard & # 8211;Earth Longzhi (APT41) & # 8211;Goldenjackal & # 8211;Kimsuky & # 8211;Lazarus & # 8211;Lancefly & # 8211;Oilalpha & # 8211;Red Eyes (Apt37, Scarcruft) & # 8211;Sidecopy & # 8211;Sidewinder & # 8211;Tribu transparente (APT36) & # 8211;Volt Typhoon (Silhouette de bronze) ATIP_2023_MAY_TRADEAT Rapport sur les groupes APT_20230609

---

The cases of major APT groups for May 2023 gathered from materials made public by security companies and institutions are as follows. – Agrius – Andariel – APT28 – APT29 – APT-C-36 (Blind Eagle) – Camaro Dragon – CloudWizard – Earth Longzhi (APT41) – GoldenJackal – Kimsuky – Lazarus – Lancefly – OilAlpha – Red Eyes (APT37, ScarCruft) – SideCopy – SideWinder – Transparent Tribe (APT36) – Volt Typhoon (Bronze Silhouette) ATIP_2023_May_Threat Trend Report on APT Groups_20230609 ]]> 2023-07-07T02:33:29+00:00 https://asec.ahnlab.com/en/55184/ www.secnews.physaphae.fr/article.php?IdArticle=8353225 False Threat,Prediction APT 38,GoldenJackal,GoldenJackal,APT-C-36,APT 29,APT 29,APT 37,APT 37,Guam,Guam,APT 28,APT 28,APT 41,APT 36,APT 36,APT-C-17,APT-C-17 3.0000000000000000 Dark Reading - Informationweek Branch A recent campaign shows that the politically motivated threat actor has more tricks up its sleeve than previously known, targeting a critical exploit and wiping logs to cover their tracks.]]> 2023-06-26T21:05:13+00:00 https://www.darkreading.com/ics-ot/china-volt-typhoon-apt-zoho-manageengine-fresh-cyberattacks www.secnews.physaphae.fr/article.php?IdArticle=8349465 False Threat Guam 2.0000000000000000 Dark Reading - Informationweek Branch A recent campaign shows that the politically motivated threat actor has more tricks up its sleeve than previously known, targeting a critical exploit and wiping logs to cover their tracks.]]> 2023-06-26T21:05:13+00:00 https://www.darkreading.com/cloud/china-volt-typhoon-apt-zoho-manageengine-fresh-cyberattacks www.secnews.physaphae.fr/article.php?IdArticle=8349487 False Threat Guam 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The newly discovered Chinese nation-state actor known as Volt Typhoon has been observed to be active in the wild since at least mid-2020, with the hacking crew linked to never-before-seen tradecraft to retain remote access to targets of interest. The findings come from CrowdStrike, which is tracking the adversary under the name Vanguard Panda. "The adversary consistently employed ManageEngine]]> 2023-06-26T11:21:00+00:00 https://thehackernews.com/2023/06/chinese-hackers-using-never-before-seen.html www.secnews.physaphae.fr/article.php?IdArticle=8349267 False None Guam 4.0000000000000000 CrowdStrike - CTI Society VANGUARD PANDA Background On May 24, 2023, industry and government sources detailed China-nexus activity in which the threat actor dubbed Volt Typhoon targeted U.S.-based critical infrastructure entities. CrowdStrike Intelligence tracks this actor as VANGUARD PANDA.  Since at least mid-2020, the CrowdStrike Falcon® Complete managed detection and response (MDR) team and the CrowdStrike® Falcon OverWatch™ threat […]]]> 2023-06-22T18:12:12+00:00 https://www.crowdstrike.com/blog/falcon-complete-thwarts-vanguard-panda-tradecraft/ www.secnews.physaphae.fr/article.php?IdArticle=8358261 False Threat Guam,Guam 3.0000000000000000 Fortinet - Fabricant Materiel Securite Today, Fortinet published a CVSS Critical PSIRT Advisory (FG-IR-23-097 / CVE-2023-27997) along with several other SSL-VPN related fixes. This blog adds context to that advisory, providing our customers with additional details to help them make informed, risk-based decisions, and provides our perspective relative to recent events involving malicious actor activity.]]> 2023-06-12T07:59:00+00:00 https://www.fortinet.com/blog/psirt-blogs/analysis-of-cve-2023-27997-and-clarifications-on-volt-typhoon-campaign www.secnews.physaphae.fr/article.php?IdArticle=8344548 False None Guam 2.0000000000000000 Anomali - Firm Blog Figure 1 - Diagrammes de résumé du CIO.Ces graphiques résument les CIO attachés à ce magazine et donnent un aperçu des menaces discutées. Cyber News et Intelligence des menaces shadowVictiticoor et Coinmin de Force Group \\ (Publié: 27 mai 2023) Force Shadow est une menace qui cible les organisations sud-coréennes depuis 2013. Il cible principalement les serveurs Windows.Les chercheurs d'AHNLAB ont analysé l'activité du groupe en 2020-2022.Les activités de force fantôme sont relativement faciles à détecter car les acteurs ont tendance à réutiliser les mêmes noms de fichiers pour leurs logiciels malveillants.Dans le même temps, le groupe a évolué: après mars, ses fichiers dépassent souvent 10 Mo en raison de l'emballage binaire.Les acteurs ont également commencé à introduire divers mineurs de crypto-monnaie et une nouvelle porte dérobée surnommée Viticdoor. Commentaire de l'analyste: Les organisations doivent garder leurs serveurs à jour et correctement configurés avec la sécurité à l'esprit.Une utilisation et une surchauffe du processeur inhabituellement élevées peuvent être un signe du détournement de ressources malveillantes pour l'exploitation de la crypto-monnaie.Les indicateurs basés sur le réseau et l'hôte associés à la force fantôme sont disponibles dans la plate-forme Anomali et il est conseillé aux clients de les bloquer sur leur infrastructure. mitre att & amp; ck: [mitre att & amp; ck] t1588.003 - obtenir des capacités:Certificats de signature de code | [mitre att & amp; ck] t1105 - transfert d'outils d'entrée | [mitre att & amp; ck] t1027.002 - fichiers ou informations obscurcies: emballage logiciel | [mitre att & amp; ck] t1569.002: exécution du service | [mitre att & amp; ck] T1059.003 - Commande et script Interpréteur: Windows Command Shell | [mitre att & amp; ck] T1547.001 - Exécution de botter ou de connexion automatique: Registre Run Keys / Startup Folder | [mitre att & amp; ck] t1546.008 - Événement Exécution déclenchée: caractéristiques de l'accessibilité | [mitre att & amp; ck] t1543.003 - créer ou modifier le processus système: service Windows | [mitre att & amp; ck] t1554 - compromis le logiciel client binaire | [mitreAtt & amp; ck] t1078.001 - Comptes valides: comptes par défaut | [mitre att & amp; ck] t1140 - désobfuscate / décode ou infor]]> 2023-05-31T17:19:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-shadow-force-targets-korean-servers-volt-typhoon-abuses-built-in-tools-cosmicenergy-tests-electric-distribution-disruption www.secnews.physaphae.fr/article.php?IdArticle=8340962 False Ransomware,Malware,Tool,Vulnerability,Threat APT 38,CosmicEnergy ,Guam 2.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain Tout le monde est écriture About an Interagency et rapport international Sur le piratage chinois de l'infrastructure critique américaine. Beaucoup de détails intéressants sur la façon dont le groupe, appelé Volt Typhoon , accède aux réseaux cibles et élude la détection.

---

Everyone is writing about an interagency and international report on Chinese hacking of US critical infrastructure. Lots of interesting details about how the group, called Volt Typhoon, accesses target networks and evades detection.]]> 2023-05-31T14:53:11+00:00 https://www.schneier.com/blog/archives/2023/05/chinese-hacking-of-us-critical-infrastructure.html www.secnews.physaphae.fr/article.php?IdArticle=8340891 False None Guam 2.0000000000000000 knowbe4 - cybersecurity services CyberheistNews Vol 13 #22  |   May 31st, 2023 [Eye on Fraud] A Closer Look at the Massive 72% Spike in Financial Phishing Attacks With attackers knowing financial fraud-based phishing attacks are best suited for the one industry where the money is, this massive spike in attacks should both surprise you and not surprise you at all. When you want tires, where do you go? Right – to the tire store. Shoes? Yup – shoe store. The most money you can scam from a single attack? That\'s right – the financial services industry, at least according to cybersecurity vendor Armorblox\'s 2023 Email Security Threat Report. According to the report, the financial services industry as a target has increased by 72% over 2022 and was the single largest target of financial fraud attacks, representing 49% of all such attacks. When breaking down the specific types of financial fraud, it doesn\'t get any better for the financial industry: 51% of invoice fraud attacks targeted the financial services industry 42% were payroll fraud attacks 63% were payment fraud To make matters worse, nearly one-quarter (22%) of financial fraud attacks successfully bypassed native email security controls, according to Armorblox. That means one in five email-based attacks made it all the way to the Inbox. The next layer in your defense should be a user that\'s properly educated using security awareness training to easily identify financial fraud and other phishing-based threats, stopping them before they do actual damage. Blog post with links:https://blog.knowbe4.com/financial-fraud-phishing [Live Demo] Ridiculously Easy Security Awareness Training and Phishing Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense. Join us Wednesday, June 7, @ 2:00 PM (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing. Get a look at THREE NEW FEATURES and see how easy it is to train and phish your users. ]]> 2023-05-31T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-22-eye-on-fraud-a-closer-look-at-the-massive-72-percent-spike-in-financial-phishing-attacks www.secnews.physaphae.fr/article.php?IdArticle=8340859 False Ransomware,Malware,Hack,Tool,Threat,Conference ChatGPT,ChatGPT,Uber,Guam 2.0000000000000000 Dark Reading - Informationweek Branch This is the first incident where a threat actor from the country appears to be laying the groundwork for disruptive attacks in the future, researchers say.]]> 2023-05-25T21:53:00+00:00 https://www.darkreading.com/ics-ot/volt-typhoon-breaks-fresh-ground-china-backed-cyber-campaigns www.secnews.physaphae.fr/article.php?IdArticle=8339476 False Threat Guam 2.0000000000000000 Recorded Future - FLux Recorded Future Un groupe de piratage chinois parrainé par l'État qui était mercredi rapporté Guam collecte également les renseignements militaires auprès des entreprises américaines depuis au moins deux ans, ont déclaré des chercheurs au dossier.Des experts de SecureWorks ont déclaré que le groupe qu'il appelle la silhouette de bronze - suivi comme Volt Typhoon par Microsoft - était derrière

---

A state-sponsored Chinese hacking group that on Wednesday was reported to have compromised critical infrastructure in Guam has also been collecting military intelligence from U.S. companies for at least two years, researchers told The Record. Experts from Secureworks said the group it calls Bronze Silhouette - tracked as Volt Typhoon by Microsoft - was behind]]> 2023-05-25T16:50:00+00:00 https://therecord.media/chinese-hackers-behind-guam-hack-targeting-us-for-years www.secnews.physaphae.fr/article.php?IdArticle=8339420 False None Guam,Guam 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A stealthy China-based group managed to establish a persistent foothold into critical infrastructure organizations in the U.S. and Guam without being detected, Microsoft and the "Five Eyes" nations said on Wednesday. The tech giant\'s threat intelligence team is tracking the activity, which includes post-compromise credential access and network system discovery, under the name Volt Typhoon. The]]> 2023-05-25T13:58:00+00:00 https://thehackernews.com/2023/05/chinas-stealthy-hackers-infiltrate-us.html www.secnews.physaphae.fr/article.php?IdArticle=8339287 False Threat Guam 2.0000000000000000 Checkpoint - Fabricant Materiel Securite Mercredi dernier, Microsoft a émis un avertissement affirmant que des pirates chinois parrainés par l'État ont compromis la cyber-infrastructure «critique» dans une variété d'industries, y compris le gouvernement et les organisations de communication.«Les États-Unis et les autorités internationales de cybersécurité émettent ce conseil conjoint de cybersécurité (CSA) pour mettre en évidence un groupe d'activités d'intérêt récemment découvert associé à un cyber-acteur de la République de Chine du peuple (RPC), également connu sous le nom de Cyber Actor, également connu sous le nomVolt Typhoon », a déclaré un communiqué publié par les autorités aux États-Unis, en Australie, au Canada, en Nouvelle-Zélande et au Royaume-Uni & # 8211;pays qui composent le réseau de renseignements Five Eyes.Dans cet avis et sur un article de blog qui l'accompagne [& # 8230;]

---

>Last Wednesday, Microsoft issued a warning claiming Chinese state-sponsored hackers have compromised “critical” cyber infrastructure in a variety of industries, including government and communications organizations. “The United States and international cybersecurity authorities are issuing this joint Cybersecurity Advisory (CSA) to highlight a recently discovered cluster of activity of interest associated with a People\'s Republic of China (PRC) state-sponsored cyber actor, also known as Volt Typhoon,” said a statement released by authorities in the US, Australia, Canada, New Zealand and the UK – countries that make up the Five Eyes intelligence network. In this advisory, and on an accompanying blog post […] ]]> 2023-05-25T10:49:50+00:00 https://blog.checkpoint.com/security/latest-chinese-state-sponsored-attacks-on-critical-us-infrastructure-spies-a-continuation-of-trend-reports-check-point-research/ www.secnews.physaphae.fr/article.php?IdArticle=8339293 False None Guam 2.0000000000000000 BBC - BBC News - Technology The malware hit facilities on Guam that would be critical to any US response to an invasion of Taiwan.]]> 2023-05-25T10:11:41+00:00 https://www.bbc.co.uk/news/world-asia-65705198?at_medium=RSS&at_campaign=KARANGA www.secnews.physaphae.fr/article.php?IdArticle=8339321 False Malware Guam 3.0000000000000000 The Register - Site journalistique Anglais Defeating Volt Typhoon will be hard, because the attacks look like legit Windows admin activity China has attacked critical infrastructure organizations in the US using a "living off the land" attack that hides offensive action among everyday Windows admin activity.…]]> 2023-05-25T03:30:08+00:00 https://go.theregister.com/feed/www.theregister.com/2023/05/25/china_volt_typhoon_attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8339235 False None Guam 2.0000000000000000 TroyHunt - Blog Security Group uses living-off-the-land attack and infected routers to remain undetected.]]> 2023-05-24T23:11:52+00:00 https://arstechnica.com/?p=1942057 www.secnews.physaphae.fr/article.php?IdArticle=8339207 False None Guam 2.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber La campagne de piratage peut être de jeter les bases de la perturbation des communications entre les États-Unis et l'Asie en cas de crise.

---

>The hacking campaign may be laying the groundwork for disrupting communications between the U.S. and Asia in the event of a crisis. ]]> 2023-05-24T22:43:32+00:00 https://cyberscoop.com/china-critical-infrastructure-volt-typhoon/ www.secnews.physaphae.fr/article.php?IdArticle=8339169 False None Guam 2.0000000000000000 Dark Reading - Informationweek Branch According to Microsoft and researchers, the state-sponsored threat actor could very well be setting up a contingency plan for disruptive attacks on the US in the wake of an armed conflict in the South China Sea.]]> 2023-05-24T22:09:00+00:00 https://www.darkreading.com/endpoint/-volt-typhoon-china-backed-apt-infiltrates-us-critical-infrastructure www.secnews.physaphae.fr/article.php?IdArticle=8339198 False Threat Guam 2.0000000000000000 Recorded Future - FLux Recorded Future Un groupe de piratage parrainé par l'État chinois a eu accès à des organisations d'infrastructures critiques à Guam et dans d'autres parties des États-Unis, Microsoft.24 / Volt-Typhoon-Targets-Us-Critical-Infrastructure-With-Living-Off-the-Land-Techniques / "> averti Mercredi.Le groupe, que la société appelle Volt Typhoon, a tenté d'accéder aux organisations dans «les secteurs des communications, de la fabrication, des services publics, des transports, de la construction, du gouvernement, du gouvernement, des technologies de l'information et de l'éducation».Dans un cas, rapporté sur par

---

A Chinese state-sponsored hacking group gained access to critical infrastructure organizations in Guam and other parts of the U.S., Microsoft warned on Wednesday. The group, which the company calls Volt Typhoon, has attempted to access organizations in “communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.” In one case reported on by]]> 2023-05-24T20:58:00+00:00 https://therecord.media/china-state-backed-hacking-group-compromises-us www.secnews.physaphae.fr/article.php?IdArticle=8339138 False None Guam 2.0000000000000000 Bleeping Computer - Magazine Américain Microsoft says a Chinese cyberespionage group it tracks as Volt Typhoon has been targeting critical infrastructure organizations across the United States, including Guam, since at least mid-2021. [...]]]> 2023-05-24T16:43:37+00:00 https://www.bleepingcomputer.com/news/security/chinese-hackers-breach-us-critical-infrastructure-in-stealthy-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8339140 False None Guam 2.0000000000000000 GoogleSec - Firm Security Blog Google announced its next step toward a passwordless future: passkeys. Passkeys are a new, passwordless authentication method that offer a convenient authentication experience for sites and apps, using just a fingerprint, face scan or other screen lock. They are designed to enhance online security for users. Because they are based on the public key cryptographic protocols that underpin security keys, they are resistant to phishing and other online attacks, making them more secure than SMS, app based one-time passwords and other forms of multi-factor authentication (MFA). And since passkeys are standardized, a single implementation enables a passwordless experience across browsers and operating systems. Passkeys can be used in two different ways: on the same device or from a different device. For example, if you need to sign in to a website on an Android device and you have a passkey stored on that same device, then using it only involves unlocking the phone. On the other hand, if you need to sign in to that website on the Chrome browser on your computer, you simply scan a QR code to connect the phone and computer to use the passkey.The technology behind the former (“same device passkey”) is not new: it was originally developed within the FIDO Alliance and first implemented by Google in August 2019 in select flows. Google and other FIDO members have been working together on enhancing the underlying technology of passkeys over the last few years to improve their usability and convenience. This technology behind passkeys allows users to log in to their account using any form of device-based user verification, such as biometrics or a PIN code. A credential is only registered once on a user\'s personal device, and then the device proves possession of the registered credential to the remote server by asking the user to use their device\'s screen lock. The user\'s biometric, or other screen lock data, is never sent to Google\'s servers - it stays securely stored on the device, and only cryptographic proof that the user has correctly provided it is sent to Google. Passkeys are also created and stored on your devices and are not sent to websites or apps. If you create a passkey on one device the Google Password Manager can make it available on your other devices that are signed into the same system account.Learn more on how passkey works under the hoo]]> 2023-05-05T12:00:43+00:00 http://security.googleblog.com/2023/05/making-authentication-faster-than-ever.html www.secnews.physaphae.fr/article.php?IdArticle=8333804 False None APT 38,APT 10,APT 15,Guam 2.0000000000000000 CISCO Talos - Cisco Research blog By Joe Marshall.The war in Ukraine has had far-reaching global implications and one of the most immediate effects felt will be on the global supply chain for food. This war-induced fragility has exposed the weaknesses of how we feed ourselves globally. Ransomware cartels and other adversaries are well aware of this and are actively exploiting that fragility. For the past six years, Cisco Talos has been actively involved in assisting public and private institutions in Ukraine to defend themselves against state-sponsored actors. Our involvement stretches the gamut from commercial to critical infrastructure, to election security. Our presence has afforded us unique opportunities and observations about cybersecurity in a macro and micro way. Ukraine has been a frequent victim of state-sponsored cyber attacks aimed at critical infrastructures like power and transportation. Talos is proud to stand with our partners in Ukraine and help defend their critical networks and help users there maintain access to necessary services. Now that Russia has invaded Ukraine, those threats have escalated to kinetic attacks that are wreaking havoc on a critical element of our world: agriculture and our global food supply chain. Even worse is the implications this war will have for future cyber attacks, as fragility is considered a lucrative element in deciding victimology by threat actors like ransomware cartels. To truly grasp the implications of the war in Ukraine, we have to examine how vital Ukrainian agriculture feeds the world, the current state of affairs, and what this means for the global cybersecurity posture to protect agricultural assets. Where there is weakness, there is opportunityRansomware cartels and their affiliates are actively targeting the agricultural industry. Moreover, these actors have done their homework and are targeting agricultural companies during the two times of the year where they cannot suffer disruptions: planting and harvesting. Per the published FBI PIN Alert: “Cyber actors may perceive cooperatives as lucrative targets with a willingness to pay due to the time-sensitive role they play in agricultural production.” This is far from unusual for these adversaries - they are shrewd and calculating, and understand their victims' weaknesses and industries. H]]> 2022-08-18T08:00:00+00:00 http://blog.talosintelligence.com/2022/08/ukraine-and-fragility-of-agriculture.html www.secnews.physaphae.fr/article.php?IdArticle=6392803 False Ransomware,Threat,Guideline,Cloud APT 10,APT 32,APT 37,APT 21,NotPetya,Uber,Guam,APT 28 None NoticeBored - Experienced IT Security professional glossy, nicely-constructed and detailed PowerPoint slide deck by Microsoft Security caught my beady this morning. The title 'CISO Workshop: Security Program and Strategy' with 'Your Name Here' suggests it might be a template for use in a workshop/course bringing CISOs up to speed on the governance, strategic and architectural aspects of information security, but in fact given the amount of technical detail, it appears to be aimed at informing IT/technology managers about IT or cybersecurity, specifically. Maybe it is intended for newly-appointed CISOs or more junior managers who aspire to be CISOs, helping them clamber up the pyramid (slide 87 of 142):]]> 2022-08-06T10:46:21+00:00 http://blog.noticebored.com/2022/08/a-glossy-nicely-constructed-and.html www.secnews.physaphae.fr/article.php?IdArticle=6150878 False Malware,Vulnerability,Threat,Patching,Guideline,Medical,Cloud APT 38,APT 19,APT 10,APT 37,Uber,APT 15,Guam,APT 28,APT 34 None SANS Institute - SANS est un acteur de defense et formation https://myaccount.google.com/security , I found that at some point in the past, I granted TripAdvisor access to my Gmail account. This wasnt intentional, it was probably an OK prompt during an install or update process you know, the ones you sometimes just click quickly / accidentally without paying attention to? Then wonder if you just clicked something dumb right after? Anyway, yes, one of those - *click* - gone now! I moved on to Facebook - application settings are here: https://www.facebook.com/settings and privacy settings are here: https://www.facebook.com/settings?tab=privacy Really, everything in that page needs to be looked at!. Me, I was surprised to find that I was using an older email address for my Facebook login (oops) with the login buried in my iPad app, it wasnt something I had thought about (plus Im not in facebook too much lately) Other sites of interest: Twitter: https://twitter.com/settings/account In particular: https://twitter.com/settings/safety And: https://twitter.com/settings/applications Linkedin: https://www.linkedin.com/psettings/ Really, most apps that you run have a privacy or a security page it never seems to be front-and-center though, in fact for many of the apps I access primarily from a dedicated app on my phone or tablet, I needed to go to the real application in my browser to find these settings. As you go, be sure to translate the security questions to plain English. For instance, from Googles privacy checkup, youbase64,iVBORw0KGgoAAAANSUhEUgAAAwQAAABsCAIAAABb1uIfAAAgAElEQVR4nOy9Z1dcSbYm3D9p3o8zs9adO/ftrq6qLkkljwBhlSC89wiPkAQyIIckQB5ZZAp5A3IgCYQTMiAJhIf0mcfGOXEinvkQSRZluqf7TvVU1TTPyiUlJzMj4+zYe8cTO/aO/AOWsYxlLGMZy1jGMv6F8YdfuwPLWMYylrGMZSxjGb8mlsnQMpaxjGUsYxnL+JfGMhlaxjKWsYxlLGMZ/9JYJkPLWMYylrGMZSzjXxrLZGgZy1jGMpaxjGX8S2OZDC1jGctYxjKWsYx/afwBAOccAGPsR6+pqmqapnjOGHO73X9no4QQxpho9teCZVm6rovnlFJxI4qi/Ipd+llomgYgKGdKKQC/3/9Ltf9LyeH3Is/fETjnnHPTNAkh4opQhmX857DUgxmGsVRFg/a1rLe/ffwG7cI0TVVVgwpmWRYASikhRExzv+5kt4xfBD8gQ2KMOedL3Yqu63+P71BVdenb+CJ++S7/I9B1/Vc3pL8HQZ4hy/I/qf1fRA6/F3n+9vGjmVuY3jL+DyEm0eCfQSGrqvqjJ8v4beK3ZhdBzyzAGAsuBZfCsqyfRhOW8fvCHwBYliVYi2maIjLx1/D3uJKlXCpI7f/vI8jMRB8Mw/gFwy2/IITBBwUlSdIva/+/lBx+L/L8vYAQQik1DCNoLLqu/+qu//eLoBjFet00TRGctizLsqylZEhc+fV6uoy/hd+aXSxd0gsmFLy+9G3LSvX/AP4AgFIqBjI4opTSN2/enDlzpqioqLCwMCsrKyUlpbCwMDs7O+evIzs7u7CwMD09vamp6d27d7/ujf2Ipwu3+Gt15m/gnx08+6Xk8HuR5+8XhmH82l34fWPpWi7o05bxe8evbheWZWma9iN1opRSSpejQf8vIRAZEnG/IBkaGxurq6urqalJT0/Pzc3NzMxMTEwsKSnJy8v7a0woMzMzJSUlNzc3JSVl7969hw4dGhoa+nXvTZIkTdM458GdnV8xUvU3IFZCuq4LV/6LG9gvJYffizx/Fwj6VsaYqqo+n++nsfdl/ENQFMXn8y2dtIJujTFmGIaINyyTpN8yfmt28dNVHyEk6AAFJQq+tMyNftcIVJOJWS0YXr506VJGRsbY2NiP3v23M1qEKliW5XK5cnNz6+vr/zl9/ruwdO]]> 2017-05-10T02:16:35+00:00 https://isc.sans.edu/diary.html?storyid=22400&rss www.secnews.physaphae.fr/article.php?IdArticle=363706 False Guideline Guam,Yahoo None Krebs on Security - Chercheur Américain 2017-04-24T16:37:23+00:00 https://krebsonsecurity.com/2017/04/the-backstory-behind-carder-kingpin-roman-seleznevs-record-27-year-prison-sentence/ www.secnews.physaphae.fr/article.php?IdArticle=358866 False None Guam None