www.secnews.physaphae.fr This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-06-06T22:18:57+00:00 www.secnews.physaphae.fr RiskIQ - cyber risk firms (now microsoft) Même cibles, nouveaux manuels: les acteurs de la menace en Asie de l'Est utilisent des méthodes uniques<br>Same targets, new playbooks: East Asia threat actors employ unique methods 2024-04-05T13:39:39+00:00 https://community.riskiq.com/article/b4f39b04 www.secnews.physaphae.fr/article.php?IdArticle=8476526 False Malware,Tool,Vulnerability,Threat,Studies,Industrial,Prediction,Technical Guam 3.0000000000000000 Mandiant - Blog Sécu de Mandiant Cutting avant, partie 4: Ivanti Connect Secure VPN Post-Exploitation Mouvement latéral Études de cas<br>Cutting Edge, Part 4: Ivanti Connect Secure VPN Post-Exploitation Lateral Movement Case Studies   Since the initial disclosure of CVE-2023-46805 and CVE-2024-21887 on Jan. 10, 2024, Mandiant has conducted multiple incident response engagements across a range of industry verticals and geographic regions. Mandiant\'s previous blog post, Cutting Edge, Part 3: Investigating Ivanti Connect Secure VPN Exploitation and Persistence Attempts, details zero-day exploitation of CVE-2024-21893 and CVE-2024-21887 by a suspected China-nexus espionage actor that Mandiant tracks as UNC5325.  This blog post, as well as our previous reports detailing Ivanti exploitation, help to underscore the different types of activity that Mandiant has observed on vulnerable Ivanti Connect Secure appliances that were unpatched or did not have the appropriate mitigation applied.  Mandiant has observed different types of post-exploitation activity across our incident response engagements, including lateral movement supported by the deployment of open-source tooling and custom malware families. In addition, we\'ve seen these suspected China-nexus actors evolve their understanding of Ivanti Connect Secure by abusing appliance-specific functionality to achieve their objectives. As of April 3, 2024, a patch is readily available for every supported version of Ivanti Connect Secure affected by the vulnerabilities. We recommend that customers follow Ivanti\'s latest patching guidance and instructions to prevent further exploitation activity. In addition, Ivanti released a new enhanced external integrity checker tool (ICT) to detect potential attempts of malware persistence across factory resets and system upgrades and other tactics, techniques, and procedures (TTPs) observed in the wild. We also released a remediation and hardening guide]]> 2024-04-04T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/ivanti-post-exploitation-lateral-movement/ www.secnews.physaphae.fr/article.php?IdArticle=8500398 False Malware,Tool,Vulnerability,Threat,Studies,Mobile,Cloud Guam 3.0000000000000000 Global Security Mag - Site de news francais SecurityScoreCard Research: Volt Typhoon compromet 30% des appareils Cisco RV320 / 325 en 37 jours<br>SecurityScorecard Threat Research: Volt Typhoon Compromises 30% of Cisco RV320/325 Devices in 37 Days mise à jour malveillant
SecurityScorecard Threat Research: Volt Typhoon Compromises 30% of Cisco RV320/325 Devices in 37 Days - Malware Update]]> 2024-01-11T15:24:12+00:00 https://www.globalsecuritymag.fr/securityscorecard-threat-research-volt-typhoon-compromises-30-of-cisco-rv320.html www.secnews.physaphae.fr/article.php?IdArticle=8437922 False Vulnerability,Threat,Studies Guam 4.0000000000000000