This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-12T21:16:31+00:00 www.secnews.physaphae.fr Security Intelligence - Site de news Américain Un changement majeur dans la façon dont les travaux de cyber-assurance ont commencé par une attaque contre le géant pharmaceutique Merck.Ou a-t-il commencé ailleurs?En juin 2017, l'incident de NotPetya a frappé quelque 40 000 ordinateurs Merck, détruisant des données et forçant un processus de récupération de plusieurs mois.L'attaque a affecté des milliers de sociétés multinationales, dont Mondel & # 275; Z et Maersk.Au total, [& # 8230;]

---

>A major shift in how cyber insurance works started with an attack on the pharmaceutical giant Merck. Or did it start somewhere else? In June 2017, the NotPetya incident hit some 40,000 Merck computers, destroying data and forcing a months-long recovery process. The attack affected thousands of multinational companies, including Mondelēz and Maersk. In total, […] ]]> 2024-03-28T13:00:00+00:00 https://securityintelligence.com/articles/merck-settlement-affect-insurance-industry/ www.secnews.physaphae.fr/article.php?IdArticle=8472020 False None NotPetya 2.0000000000000000 Korben - Bloger francais 2024-02-03T08:00:00+00:00 https://korben.info/dearrow-solution-fin-putaclics-youtube.html www.secnews.physaphae.fr/article.php?IdArticle=8446286 False None NotPetya 3.0000000000000000 Data Security Breach - Site de news Francais 2024-01-12T10:49:28+00:00 https://www.datasecuritybreach.fr/notpetya-assurance-merck/ www.secnews.physaphae.fr/article.php?IdArticle=8438203 False None NotPetya 2.0000000000000000 Dark Reading - Informationweek Branch Following a settlement over Merck\'s $700 million claims over NotPetya damages, questions remain about what constitutes an act of war for cyber-insurance policies.]]> 2024-01-11T14:30:00+00:00 https://www.darkreading.com/cyber-risk/war-or-not-cyber-insurers-still-hashing-out-exclusion www.secnews.physaphae.fr/article.php?IdArticle=8437901 False None NotPetya 3.0000000000000000 Silicon - Site de News Francais 2024-01-09T10:21:35+00:00 https://www.silicon.fr/notpetya-merck-litige-assureurs-474784.html www.secnews.physaphae.fr/article.php?IdArticle=8437077 False Legislation NotPetya 5.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Pharma giant Merck has reached a settlement with cyber-insurers that refused to pay out for “acts of war”]]> 2024-01-08T10:30:00+00:00 https://www.infosecurity-magazine.com/news/merck-settles-insurers-700m/ www.secnews.physaphae.fr/article.php?IdArticle=8436539 False Legislation NotPetya 3.0000000000000000 Recorded Future - FLux Recorded Future Le géant pharmaceutique Merck aurait atteint un règlement avec les assureurs sur leurs refus de couvrir les pertes provenant de la cyberattaque NotPetya en 2017. Le règlement non divulgué, First Signalé par Bloomberg Law, est l'aboutissement d'une bataille judiciaire qui a attiré l'attention de la cybersécurité et de l'assurance en raison de ses implications en raison de ses implicationspour définir

---

Pharmaceutical giant Merck has reportedly reached a settlement with insurers over their refusals to cover losses stemming from the NotPetya cyberattack in 2017. The undisclosed settlement, first reported by Bloomberg Law, is the culmination of a years-long court battle that has attracted attention from the cybersecurity and insurance industries because of its implications for defining]]> 2024-01-05T17:52:00+00:00 https://therecord.media/merck-insurance-settlement-notpetya www.secnews.physaphae.fr/article.php?IdArticle=8435223 False None NotPetya 4.0000000000000000 SecurityWeek - Security News Dans un cas de repère qui brouille les frontières entre la guerre cyber et cinétique, Merck a atteint un règlement avec les assureurs de plus d'une réclamation de 1,4 milliard de dollars provenant de l'attaque de logiciels malveillante NotPetya.

---

>In a landmark case that blurs the lines between cyber and kinetic warfare, Merck reached a settlement with insurers over a $1.4 billion claim stemming from the NotPetya malware attack. ]]> 2024-01-05T16:00:49+00:00 https://www.securityweek.com/merck-settles-notpetya-insurance-claim-leaving-cyberwar-definition-unresolved/ www.secnews.physaphae.fr/article.php?IdArticle=8435198 False Malware NotPetya 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC NotPetya malware was concealed in a software update for a widely-used tax program in Ukraine. Though primarily affecting IT networks, the malware caused shutdowns in industrial operations, illustrating how a corrupted element in the supply chain can have far-reaching effects on both IT and OT systems. These real-world incidents emphasize the multifaceted nature of cybersecurity risks within interconnected ICS/OT systems. They serve as a prelude to a deeper exploration of specific challenges and vulnerabilities, including: Malware attacks on ICS/OT: Specific targeting of components can disrupt operations and cause physical damage. Third-party vulnerabilities: Integration of third-party systems within the supply chain can create exploitable weak points. Data integrity issues: Unauthorized data manipulation within ICS/OT systems can lead to faulty decision-making. Access control challenges: Proper identity and access management within complex environments are crucial. Compliance with best practices: Adherence to guidelines such as NIST\'s best practices is essential for resilience. Rising threats in manufacturing: Unique challenges include intellectual property theft and process disruptions. Traditional defenses are proving inadequate, and a multifaceted strategy, including technologies like Content Disarm and Reconstruction (CDR), is required to safeguard these vital systems. Supply chain defense: The power of content disarm and reconstruction Content Disarm and Reconstruction (CDR) is a cutting-edge technology. It operates on a simple, yet powerful premise based on the Zero Trust principle: all files could be malicious. What does CDR do? In the complex cybersecurity landscape, CDR stands as a unique solution, transforming the way we approach file safety. Sanitizes and rebuilds files: By treating every file as potentially harmful, CDR ensures they are safe for use while mainta]]> 2023-08-29T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/battling-malware-in-the-industrial-supply-chain www.secnews.physaphae.fr/article.php?IdArticle=8376274 False Malware,Vulnerability,Threat,Industrial,Cloud NotPetya,Solardwinds,Wannacry 2.0000000000000000 IT Security Guru - Blog Sécurité Six years have passed since the infamous NotPetya cyber attack sent shockwaves through the cybersecurity landscape. Initially disguised as ransomware, NotPetya quickly revealed its true destructive nature, spreading damage to businesses and governments around the world, resulting in billions of dollars in losses. Six years later, the impact of the NotPetya attack is still being […] ]]> 2023-06-27T14:54:03+00:00 https://www.itsecurityguru.org/2023/06/27/six-years-on-from-notpetya-an-analysis-from-tom-gol-cto-for-research-at-armis/?utm_source=rss&utm_medium=rss&utm_campaign=six-years-on-from-notpetya-an-analysis-from-tom-gol-cto-for-research-at-armis www.secnews.physaphae.fr/article.php?IdArticle=8349764 False None NotPetya,NotPetya 3.0000000000000000 knowbe4 - cybersecurity services CyberheistNews Vol 13 #19  |   May 9th, 2023 [Watch Your Back] New Fake Chrome Update Error Attack Targets Your Users Compromised websites (legitimate sites that have been successfully compromised to support social engineering) are serving visitors fake Google Chrome update error messages. "Google Chrome users who use the browser regularly should be wary of a new attack campaign that distributes malware by posing as a Google Chrome update error message," Trend Micro warns. "The attack campaign has been operational since February 2023 and has a large impact area." The message displayed reads, "UPDATE EXCEPTION. An error occurred in Chrome automatic update. Please install the update package manually later, or wait for the next automatic update." A link is provided at the bottom of the bogus error message that takes the user to what\'s misrepresented as a link that will support a Chrome manual update. In fact the link will download a ZIP file that contains an EXE file. The payload is a cryptojacking Monero miner. A cryptojacker is bad enough since it will drain power and degrade device performance. This one also carries the potential for compromising sensitive information, particularly credentials, and serving as staging for further attacks. This campaign may be more effective for its routine, innocent look. There are no spectacular threats, no promises of instant wealth, just a notice about a failed update. Users can become desensitized to the potential risks bogus messages concerning IT issues carry with them. Informed users are the last line of defense against attacks like these. New school security awareness training can help any organization sustain that line of defense and create a strong security culture. Blog post with links:https://blog.knowbe4.com/fake-chrome-update-error-messages A Master Class on IT Security: Roger A. Grimes Teaches You Phishing Mitigation Phishing attacks have come a long way from the spray-and-pray emails of just a few decades ago. Now they\'re more targeted, more cunning and more dangerous. And this enormous security gap leaves you open to business email compromise, session hijacking, ransomware and more. Join Roger A. Grimes, KnowBe4\'s Data-Driven Defense Evangelist, ]]> 2023-05-09T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-19-watch-your-back-new-fake-chrome-update-error-attack-targets-your-users www.secnews.physaphae.fr/article.php?IdArticle=8334782 False Ransomware,Data Breach,Spam,Malware,Tool,Threat,Prediction ChatGPT,ChatGPT,NotPetya,NotPetya,APT 28 2.0000000000000000 Global Security Mag - Site de news francais mise à jour malveillant

---

Following the ruling that Merck\'s insurers can\'t use an "act of war" clause to deny the pharmaceutical giant a claim against its NotPetya cyber attack, a response to this from Naoris Protocol, a decentralised cybersecurity firm, and its COO and co-founder Monica Oravcova, COO. - Malware Update]]> 2023-05-04T13:04:17+00:00 https://www.globalsecuritymag.fr/Comment-on-the-Superior-Court-of-New-Jersey-Appellate-Division-ruling-in-favour.html www.secnews.physaphae.fr/article.php?IdArticle=8333441 False None NotPetya,NotPetya 2.0000000000000000 Dark Reading - Informationweek Branch Insurers unsuccessfully argued Merck\'s $1.4B in losses following NotPetya cyberattack fell under wartime exclusion.]]> 2023-05-03T19:18:00+00:00 https://www.darkreading.com/attacks-breaches/court-rejects-merck-insurers-attempts-to-refuse-coverage-for-notpetya-damages www.secnews.physaphae.fr/article.php?IdArticle=8333247 False None NotPetya,NotPetya 3.0000000000000000 Recorded Future - FLux Recorded Future Alors que le rôle des cyber-opérations dans les États internationaux continue de croître, la cyber-force nationale du Royaume-Uni (NCF) a publié un article arguant que ses activités sont fondamentalement différentes de celles de ses adversaires.Contrairement aux cyberattaques «téméraires» que le Royaume-Uni dit [Russie] (https://www.ncsc.gov.uk/news/reckless-campaign-cyber-attacks-russian-military-intelligence-service-exposed) et [China] (https://www.ncsc.gov.uk/news/uk-conds-chinese-cyber-attacks-against-business-governments) se sont engagés - à savoir le notpetya destructeur

---

As the role of cyber operations in international statecraft continues to grow, the United Kingdom\'s National Cyber Force (NCF) has published a paper arguing that its activities are fundamentally different from those of its adversaries. In contrast to the “reckless” cyberattacks which U.K. says [Russia](https://www.ncsc.gov.uk/news/reckless-campaign-cyber-attacks-russian-military-intelligence-service-exposed) and [China](https://www.ncsc.gov.uk/news/uk-condemns-chinese-cyber-attacks-against-businesses-governments) have engaged in - namely the destructive NotPetya]]> 2023-04-03T23:00:00+00:00 https://therecord.media/uk-offensive-cyber-operations-mod-gchq-ncf- www.secnews.physaphae.fr/article.php?IdArticle=8324501 False None NotPetya,NotPetya 2.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Cyber insurance have already started to find other ways to avoid covering losses related to cyberattacks linked to nation-state hackers. ]]> 2022-11-04T18:38:41+00:00 https://www.cyberscoop.com/insurance-giant-settles-notpetya-lawsuit/ www.secnews.physaphae.fr/article.php?IdArticle=7827426 False None NotPetya,NotPetya None InfoSecurity Mag - InfoSecurity Magazine 2022-11-03T15:00:00+00:00 https://www.infosecurity-magazine.com/news/notpetya-settlement-may-increase/ www.secnews.physaphae.fr/article.php?IdArticle=7803386 False None NotPetya,NotPetya None CSO - CSO Daily Dashboard NotPetya malware attack that damaged the Mondelez network and infrastructure. The specifics of the settlement are unknown, but that it would come mid-trial has caught everyone's attention.The pain was felt on June 27, 2017, when NotPetya wiped out 24,000 laptops and 1,700 servers within the Mondelez network. The malware, designed to destroy, did just that. Mondelez estimated damages would approach $100 million USD.To read this article in full, please click here]]> 2022-11-03T10:41:00+00:00 https://www.csoonline.com/article/3678970/mondelez-and-zurich-s-notpetya-cyber-attack-insurance-settlement-leaves-behind-no-legal-precedent.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7805750 False Malware NotPetya,NotPetya 4.0000000000000000 The Register - Site journalistique Anglais 2022-11-02T07:29:05+00:00 https://go.theregister.com/feed/www.theregister.com/2022/11/02/mondelez_zurich_notpetya_settlement/ www.secnews.physaphae.fr/article.php?IdArticle=7777776 False None NotPetya,NotPetya None RedCanary - Red Canary 2022-10-19T17:37:26+00:00 https://redcanary.com/blog/computer-worms/ www.secnews.physaphae.fr/article.php?IdArticle=7565610 False Ransomware NotPetya,Wannacry,Wannacry None AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC launch their own ransomware attacks. All they need is to sign up for a RaaS platform and pay a fee (usually a percentage of the ransom they collect). RaaS is a growing threat because it makes it easy for anyone to launch attacks. Cybercriminals can target any organization, no matter its size or resources. And, because RaaS platforms typically take care of all the technical details, ransomware attacks can be launched with little effort. In the past several years, there have been a number of high-profile ransomware attacks that have made headlines. In May 2017, the WannaCry ransomware attack affected more than 200,000 computers in 150 countries. The attack caused billions of dollars in damage and disrupted critical infrastructure, such as hospitals and banks. In December 2017, the NotPetya ransomware attack hit more than 10,000 organizations in over 60 countries. The attack caused billions of dollars in damage and disrupted critical infrastructure, such as hospitals and banks. Ransomware attacks have become more sophisticated and targeted. Cybercriminals are now using RaaS platforms to launch targeted attacks against specific organizations. These attacks are often called "spear phishing" attacks because they use carefully crafted emails to trick people into clicking on malicious links or opening attachments that install ransomware on their computers. Organizations of all sizes need to be aware of the threat of ransomware and take steps to protect themselves. This includes having a robust backup and recovery plan in place in case of an attack. Internet of Things The Internet of Things (IoT) is a network of physical devices, vehicles, home appliances, and other items that are embedded with electronics, software, sensors, and connectivity enabling these objects to connect and exchange data. The IoT is a growing market with more and more devices being connected to the internet every day. However, this also creates new security risks. Because IoT devices are often connected to the internet, they can be hacked and used to launch attacks. In October 2016, a massive Distributed Denial of Service (DDoS) attack was launched against the Dyn DNS service using a network of IoT devices that had been infected with the Mirai malware. The attack caused widespread internet disruptions and took down major websites, such as Twitter and Netflix. The IoT presents a unique challenge for security because there are so many different types of devices that can be connected to the internet. Each type of device has its own security risks and vulnerabilities. And, as the number of IoT devices continues to grow, so do the opportunities for cybercriminals to exploit them. Cloud security The cloud has become an essential part of business for many organizations. It offers a number of advantages, such as flexibility, scalability, and cost savings. However, the cloud also creates new security risks. One of the biggest security risks associated with the cloud is data breaches. Because data is stored remotely on servers, it is more vulnerable to attack. In addition, cloud service providers often have access to customer data, which creates another potential point of entry for hackers. Another security risk associated with the ]]> 2022-10-06T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/7-biggest-cybersecurity-threats-of-the-21st-century www.secnews.physaphae.fr/article.php?IdArticle=7317553 False Ransomware,Malware,Threat NotPetya,NotPetya,Wannacry,Wannacry None CISCO Talos - Cisco Research blog By Joe Marshall.The war in Ukraine has had far-reaching global implications and one of the most immediate effects felt will be on the global supply chain for food. This war-induced fragility has exposed the weaknesses of how we feed ourselves globally. Ransomware cartels and other adversaries are well aware of this and are actively exploiting that fragility. For the past six years, Cisco Talos has been actively involved in assisting public and private institutions in Ukraine to defend themselves against state-sponsored actors. Our involvement stretches the gamut from commercial to critical infrastructure, to election security. Our presence has afforded us unique opportunities and observations about cybersecurity in a macro and micro way. Ukraine has been a frequent victim of state-sponsored cyber attacks aimed at critical infrastructures like power and transportation. Talos is proud to stand with our partners in Ukraine and help defend their critical networks and help users there maintain access to necessary services. Now that Russia has invaded Ukraine, those threats have escalated to kinetic attacks that are wreaking havoc on a critical element of our world: agriculture and our global food supply chain. Even worse is the implications this war will have for future cyber attacks, as fragility is considered a lucrative element in deciding victimology by threat actors like ransomware cartels. To truly grasp the implications of the war in Ukraine, we have to examine how vital Ukrainian agriculture feeds the world, the current state of affairs, and what this means for the global cybersecurity posture to protect agricultural assets. Where there is weakness, there is opportunityRansomware cartels and their affiliates are actively targeting the agricultural industry. Moreover, these actors have done their homework and are targeting agricultural companies during the two times of the year where they cannot suffer disruptions: planting and harvesting. Per the published FBI PIN Alert: “Cyber actors may perceive cooperatives as lucrative targets with a willingness to pay due to the time-sensitive role they play in agricultural production.” This is far from unusual for these adversaries - they are shrewd and calculating, and understand their victims' weaknesses and industries. H]]> 2022-08-18T08:00:00+00:00 http://blog.talosintelligence.com/2022/08/ukraine-and-fragility-of-agriculture.html www.secnews.physaphae.fr/article.php?IdArticle=6392803 False Ransomware,Threat,Guideline,Cloud APT 10,APT 32,APT 37,APT 21,NotPetya,Uber,Guam,APT 28 None UnderNews - Site de news "pirate" francais La semaine dernière a marqué le cinquième anniversaire des cyberattaques NotPetya, qui ont entraîné des conséquences destructrices dans le monde entier. The post Cyberattaque NotPetya, cinq ans après : quelles leçons en tirer ? first appeared on UnderNews.]]> 2022-07-05T15:55:19+00:00 https://www.undernews.fr/hacking-hacktivisme/cyberattaque-notpetya-cinq-ans-apres-quelles-lecons-en-tirer.html www.secnews.physaphae.fr/article.php?IdArticle=5564139 False None NotPetya None SANS Institute - SANS est un acteur de defense et formation 1] and about a week past the 5-year anniversary of NotPetya outbreak[2]. Since both WannaCry and NotPetya used the EternalBlue[3] exploit in order to spread, I thought that it might be interesting to take a look at how many internet-facing systems still remain vulnerable to it. ]]> 2022-07-05T08:37:42+00:00 https://isc.sans.edu/diary/rss/28816 www.secnews.physaphae.fr/article.php?IdArticle=5558696 False None NotPetya,NotPetya,Wannacry,Wannacry None InformationSecurityBuzzNews - Site de News Securite 2022-06-28T13:59:34+00:00 https://informationsecuritybuzz.com/expert-comments/how-can-we-protect-against-notpetya-like-malware/ www.secnews.physaphae.fr/article.php?IdArticle=5431193 False None NotPetya None CSO - CSO Daily Dashboard NotPetya. NotPetya didn't stay within Ukraine's borders but spilled out to infect and cause havoc for thousands of organizations across Europe and worldwide.NotPetya was so named because it was similar to but different from Petya, a self-propagating ransomware virus discovered in 2016 that, unlike other nascent forms of ransomware at the time, was incapable of being decrypted. In another departure from the earlier forms of ransomware, Petya also overwrote and encrypted master boot records and was, therefore, considered more a form of wiper malware than bona fide ransomware.To read this article in full, please click here]]> 2022-06-27T02:00:00+00:00 https://www.csoonline.com/article/3664930/5-years-after-notpetya-lessons-learned.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=5416577 False Ransomware,Malware NotPetya,NotPetya None Global Security Mag - Site de news francais Points de Vue]]> 2022-06-23T10:11:31+00:00 http://www.globalsecuritymag.fr/Mouvements-lateraux-le-succes-des,20220623,127005.html www.secnews.physaphae.fr/article.php?IdArticle=5340538 False Malware NotPetya,Wannacry,Wannacry None Anomali - Firm Blog our previous post on cyber threats, organizations must find new and novel defenses against adversaries who increasingly shift tactics. As adversaries become more nuanced, we must understand their moves and motivations to try to get one step ahead of them.  Let’s Recap:  Several high-profile security incidents in the recent past altogether grimly encapsulate the myriad challenges companies now face. NotPetya, the most expensive cyber incident in history, demonstrated how attackers are masquerading their efforts. NotPetya targeted a tax software company in Ukraine in 2017. At first, the effort appeared to be ransomware. However, its intent was purely destructive as it was designed to inflict damage as quickly and effectively as possible.    The C Cleaner attack, a few months later, demonstrated how complex and patient actors who were focused on IP level threats had become. The targets were system administrative tools that, if compromised, already had an increased level of access. C Cleaner showed that all software supply chain attacks aren’t created equal. It’s dependent on the level of access of the systems and the users that you’re compromising. Some 3 million versions of the compromised C Cleaner software were downloaded. However, only 50 of the downloaded software received additional payloads. This was an adversary that was willing to compromise more than 3 million systems to just get a foothold into 50. This gives you a clear idea of the challenges that we face as enterprises from these types of sophisticated actors. Attackers are also being more flagrant and doing a better job of covering their tracks. In the past, nation states focused on covert activities. Olympic Destroyer, which targeted the 2018 Olympics in South Korea, showed how attacks are now being brought to the public eye. False flags, tactics applied to deceive or misguide attribution attempts, were also put into Olympic Destroyer. Six months after the attack, it was attributed to multiple different nations, because such care had been put into throwing off attribution. More recently, VPN Filter/Cyber Blink demonstrated how adversaries are targeting different types of equipment. While attacks have historically focused on office equipment, these incidents shifted to home routers, in tandem with the increase in remote work. At home, people often use combination modem routers. These devices challenge detection capabilities. A foothold into home routers also allows actors to analyze all traffic moving in and out of the network. It’s incredibly difficult to detect an attack. You have to treat a home Wi-Fi like a public Wi-Fi at a coffee shop. Threat actors are targeting the foundational infrastructure of the internet as well. Sea T]]> 2022-06-22T13:00:00+00:00 https://www.anomali.com/blog/rsa-2022-cyber-attacks-continue-to-come-in-ever-shifting-waves www.secnews.physaphae.fr/article.php?IdArticle=5325562 False Malware,Tool,Threat NotPetya,NotPetya None Graham Cluley - Blog Security 2022-04-28T08:32:28+00:00 https://www.bitdefender.com/blog/hotforsecurity/us-offers-10-million-reward-for-information-about-russian-military-hackers-implicated-in-notpetya-attack/ www.secnews.physaphae.fr/article.php?IdArticle=4593825 False None NotPetya,NotPetya None IT Security Guru - Blog Sécurité 2022-04-27T09:25:59+00:00 https://www.itsecurityguru.org/2022/04/27/us-pledges-10m-for-sandworm-information/?utm_source=rss&utm_medium=rss&utm_campaign=us-pledges-10m-for-sandworm-information www.secnews.physaphae.fr/article.php?IdArticle=4512359 False None NotPetya None InfoSecurity Mag - InfoSecurity Magazine 2022-04-27T08:00:00+00:00 https://www.infosecurity-magazine.com/news/us-10m-russian-notpetya-sandworm/ www.secnews.physaphae.fr/article.php?IdArticle=4512246 False None NotPetya,NotPetya None SecurityWeek - Security News June 2017 “NotPetya” cyberattacks that had a massive impact on companies globally. ]]> 2022-04-26T21:17:48+00:00 https://www.securityweek.com/us-offers-10-million-reward-russian-intelligence-officers-behind-notpetya-cyberattacks www.secnews.physaphae.fr/article.php?IdArticle=4510426 False None NotPetya,NotPetya None CybeReason - Vendor blog The 2021 Round 4 MITRE ATT&CK evaluations focused on Wizard Spider and Sandworm, threat actor groups known to target large corporations and healthcare institutions. Wizard Spider is largely a financially motivated ransomware crime group conducting campaigns since 2017. The Sandworm team is a Russian Threat group that has been linked to the 2015 and 2016 targeting of Ukrainian electrical companies and the 2017 NotPetya attacks.]]> 2022-03-25T20:02:36+00:00 https://www.cybereason.com/blog/webinar-april-7th-2021-mitre-attck-evaluations-explained www.secnews.physaphae.fr/article.php?IdArticle=4342032 False Ransomware,Threat NotPetya,NotPetya None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2022-03-18T17:17:17+00:00 https://threatpost.com/sandworm-asus-routers-cyclops-blink-botnet/178986/ www.secnews.physaphae.fr/article.php?IdArticle=4303542 False None NotPetya,NotPetya None knowbe4 - cybersecurity services [Heads Up] The Ukraine War Started A New Wiper Malware Spillover Risk   Email not displaying? | CyberheistNews Vol 12 #09  |   Mar. 1st., 2022 [Heads Up] The Ukraine War Started A New Wiper Malware Spillover Risk   The war in Ukraine increases the risk of wiper malware to spill over. I'm sure you remember NotPetya, which caused billions of dollars of downtime damage. The WSJ reports that Symantec observed wiper malware was put in motion just hours before Russian tanks arrived in Ukraine. ]]> 2022-03-01T19:07:44+00:00 https://blog.knowbe4.com/cyberheistnews-vol-12-09-heads-up-the-ukraine-war-started-a-new-wiper-malware-spillover www.secnews.physaphae.fr/article.php?IdArticle=4209918 True Malware NotPetya None Marco Ramilli - Blog 2022-03-01T13:52:26+00:00 https://marcoramilli.com/2022/03/01/diskkill-hermeticwiper-and-notpetya-dissimilarities/ www.secnews.physaphae.fr/article.php?IdArticle=4207459 False None NotPetya,NotPetya None Schneier on Security - Chercheur Cryptologue Américain analyze a recent court decision that the NotPetya attacks are not considered an act of war under the wording of Merck’s insurance policy, and that the insurers must pay the $1B+ claim. Wheeler and Wolff argue that the judge “did the right thing for the wrong reasons..” ]]> 2022-02-28T12:26:10+00:00 https://www.schneier.com/blog/archives/2022/02/insurance-coverage-for-notpetya-losses.html www.secnews.physaphae.fr/article.php?IdArticle=4200143 False None NotPetya,NotPetya None knowbe4 - cybersecurity services The war in Ukraine increases the risk of wiper malware to spill over. I'm sure you remember NotPetya, which caused billions of dollars of downtime damage. The WSJ reports that Symantec observed wiper malware was put in motion just hours before Russian tanks arrived in Ukraine.  ]]> 2022-02-25T12:12:46+00:00 https://blog.knowbe4.com/heads-up-the-ukraine-war-started-a-new-wiper-malware-spillover-risk www.secnews.physaphae.fr/article.php?IdArticle=4182126 False Malware NotPetya None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Windows Vulnerability With New Public Exploits Lets You Become Admin (published: January 29, 2022) A new vulnerability, tracked as CVE-2022-21882 was discovered by researcher RyeLv in early January 2022. The exploit is a bypass to a previous vulnerability, CVE-2021-1732, and affects all Windows 10 machines that have not applied January’s Patch Tuesday patch. This vulnerability is a privilege escalation exploit, which grants administrator level privileges and allows for the creation of new admin accounts, as well as lateral movement. The exploit abuses a flaw in the manner in which the kernel handles callbacks, changing the flag ConsoleWindow. This will modify the window type, and tricks the system into thinking tagWND.WndExtra is an offset of the kernel desktop heap, thereby granting administrator level read and write access. Analyst Comment: Apply patches when they become available to keep your systems and assets protected from the latest attacks and vulnerabilities. This is essential when new vulnerabilities are discovered as threat actors will actively attempt to exploit them. A strong patch management policy combined with an effective asset management policy will assist you in keeping your assets up to date and protected. MITRE ATT&CK: [MITRE ATT&CK] Create Account - T1136 | [MITRE ATT&CK] Exploitation for Privilege Escalation - T1068 | [MITRE ATT&CK] Process Discovery - T1057 Tags: Windows, Priviledge escalation, CVE-2021-1732, CVE-2022-21882 Shipment-Delivery Scams Become the Favored Way to Spread Malware (published: January 28, 2022) Researchers at Cofense and Checkpoint have documented a series of Phishing campaigns throughout Q4 of 2021. The campaign imitates large known delivery brands such as DHL or the US postal service, and aims to abuse the trust these companies have associated with them to manipulate their targets into clicking malicious links or files. The most prominent tactic is to provide a link to a missed package, capitalizing on current global supply chain issues. Once clicked, TrickBot malware is delivered, though other campaigns are delivering as of yet non-attributed trojans. The malicious links in these campaigns are not particularly sophisticated, and are easily identified as false as they lead to domains outside the company they are targeting. Analyst Comment: Never click on attachments or links from untrustworthy sources, and verify with the legitimate sender the integrity of these emails. Treat any email that attempts to scare, coerce, provide a time limit or force you to click links or attachments with extreme suspicion. MITRE ATT&CK: [MITRE ATT&CK] User Execution - T1204 | [MITRE ATT&CK] Phishing]]> 2022-02-01T18:55:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-researchers-break-down-whispergate-wiper-malware-trickbot-will-now-try-to-crash-researcher-pcs-to-stop-reverse-engineering-attempts-new-deadbolt-ransomware-targets-qnap-devices www.secnews.physaphae.fr/article.php?IdArticle=4066974 False Ransomware,Malware,Vulnerability,Threat,Guideline NotPetya None knowbe4 - cybersecurity services   ]]> 2022-02-01T14:37:29+00:00 https://blog.knowbe4.com/cyberheistnews-vol-12-05-dhs-sounds-alarm-on-new-russian-destructive-disk-wiper-attack-potential www.secnews.physaphae.fr/article.php?IdArticle=4065596 False Ransomware,Malware,Hack,Tool,Threat,Guideline NotPetya,NotPetya,APT 27,APT 27,Wannacry,Wannacry None knowbe4 - cybersecurity services CNN just reported on a Jan 23 Intelligence Bulletin from the US Department of Homeland Security (DHS) that warned state and local governments and critical infrastructure operators about the risk of Russia hitting the US with cyberattacks in retaliation for a possible US or NATO response to a potential Russian invasion of Ukraine. ]]> 2022-01-27T13:01:08+00:00 https://blog.knowbe4.com/heads-up-dhs-sounds-alarm-on-new-russian-destructive-disk-wiper-attack-potential www.secnews.physaphae.fr/article.php?IdArticle=4040870 False None NotPetya None Schneier on Security - Chercheur Cryptologue Américain pay for the losses: On 6th December 2021, the New Jersey Superior Court granted partial summary judgment (attached) in favour of Merck and International Indemnity, declaring that the War or Hostile Acts exclusion was inapplicable to the dispute. Merck suffered US$1.4 billion in business interruption losses from the Notpetya cyber attack of 2017 which were claimed against “all risks” property re/insurance policies providing coverage for losses resulting from destruction or corruption of computer data and software...]]> 2022-01-25T15:35:59+00:00 https://www.schneier.com/blog/archives/2022/01/merck-wins-insurance-lawsuit-re-notpetya-attack.html www.secnews.physaphae.fr/article.php?IdArticle=4030950 False None NotPetya,NotPetya None SecurityWeek - Security News New Jersey court delivers summary judgment against insurance company's refusal to pay based on war exclusion clause ]]> 2022-01-24T20:05:48+00:00 https://www.securityweek.com/court-awards-merck-14b-insurance-claim-over-notpetya-cyberattack www.secnews.physaphae.fr/article.php?IdArticle=4028677 False None NotPetya,NotPetya None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-01-22T06:47:43+00:00 https://thehackernews.com/2022/01/experts-find-strategic-similarities-bw.html www.secnews.physaphae.fr/article.php?IdArticle=4017497 False Malware NotPetya,NotPetya None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2022-01-21T20:27:15+00:00 https://threatpost.com/merck-insurance-payout-notpetya-attack/177872/ www.secnews.physaphae.fr/article.php?IdArticle=4012529 False None NotPetya,NotPetya None InfoSecurity Mag - InfoSecurity Magazine 2022-01-21T09:00:00+00:00 https://www.infosecurity-magazine.com/news/merck-wins-notpetya-payout-insurer/ www.secnews.physaphae.fr/article.php?IdArticle=4008671 False None NotPetya,NotPetya None InfoSecurity Mag - InfoSecurity Magazine 2022-01-17T09:20:00+00:00 https://www.infosecurity-magazine.com/news/microsoft-destructive-malware/ www.secnews.physaphae.fr/article.php?IdArticle=3978272 False Malware NotPetya None AliceCliment-Pommeret - Chercher Cyber A long time ago, in a galaxy far far away, I was having fun reversing NotPetya. Files dropped by NotPetya During the dynamical analysis, I identified some files dropped on the disk by the sample. Files dropped in the disk An executed file using named pipe One of them caught my eye: it is executed by the sample with a named pipe argument. A binary executed with named pipe argument]]> 2021-12-05T19:50:59+00:00 https://alice.climent-pommeret.red/posts/playing-with-named-pipe-and-notpetya/ www.secnews.physaphae.fr/article.php?IdArticle=8383858 False Technical NotPetya 4.0000000000000000 CybeReason - Vendor blog Learn how to prepare and reduce the risk of the next ransomware event as Todd Inskeep, Founder at Incovate Solutions, walks us through the lessons learned after managing out of a NotPetya ransomware attack. Will you be ready? Don't miss this podcast for valuable insights from a real-life scenario - check it out...]]> 2021-10-21T12:31:48+00:00 https://www.cybereason.com/blog/ciso-stories-podcast-notpetya-45-minutes-and-10000-servers-encrypted www.secnews.physaphae.fr/article.php?IdArticle=3543277 False Ransomware NotPetya,NotPetya None CybeReason - Vendor blog As I was waking up in Boston on the morning of June 27, 2017, reports were being shared on social media that an electric power supplier in Ukraine was hit by a cyber attack. Within about an hour, a Danish power supplier was also knocked offline and Maersk shipping announced that it was affected as well. By the time I arrived at my desk, companies around the world were shut down by the same attack--which Symantec declared as Petya ransomware. It was going to be a busy and interesting day. ]]> 2021-06-15T13:46:35+00:00 https://www.cybereason.com/blog/deja-vu-what-do-notpetya-and-solarwinds-have-in-common www.secnews.physaphae.fr/article.php?IdArticle=2929413 False None NotPetya,NotPetya None TroyHunt - Blog Security 2021-06-06T11:30:45+00:00 https://arstechnica.com/?p=1770126 www.secnews.physaphae.fr/article.php?IdArticle=2880773 True None NotPetya,NotPetya None Wired Threat Level - Security News 2021-05-31T11:00:00+00:00 https://www.wired.com/story/hacker-lexicon-what-is-a-supply-chain-attack www.secnews.physaphae.fr/article.php?IdArticle=2862508 False None NotPetya,NotPetya None UnderNews - Site de news "pirate" francais 67% des environnements d'entreprise fonctionnent encore avec des protocoles exploités par WannaCry et NotPetya first appeared on UnderNews.]]> 2021-05-19T10:13:00+00:00 https://www.undernews.fr/malwares-virus-antivirus/67-des-environnements-dentreprise-fonctionnent-encore-avec-des-protocoles-exploites-par-wannacry-et-notpetya.html www.secnews.physaphae.fr/article.php?IdArticle=2810071 False None NotPetya,NotPetya,Wannacry,Wannacry None CybeReason - Vendor blog Many of you may have already heard of Amit Serper: he was the first researcher to tackle NotPetya and provide a solution when he was Principal Security Researcher at Cybereason back in 2017.]]> 2021-03-22T13:08:36+00:00 https://www.cybereason.com/blog/malicious-life-podcast-inside-notpetya-ransomware-part-2 www.secnews.physaphae.fr/article.php?IdArticle=2517105 False None NotPetya,NotPetya None CybeReason - Vendor blog On June 28th, 2017, millions of Ukrainians were celebrating Constitution Day. Their national holiday turned into a nightmare, as tens of thousands of computers all over the country were infected by mysterious malware. By that afternoon, the cyber-pandemic was already going global.]]> 2021-03-03T14:00:00+00:00 http://www.cybereason.com/blog/malicious-life-podcast-inside-notpetya-ransomware-part-1 www.secnews.physaphae.fr/article.php?IdArticle=2428397 False None NotPetya None Errata Security - Errata Security Baltimore ransomware attack. When the attack happened, the entire cybersecurity community agreed that EternalBlue wasn't responsible.But this New York Times article said otherwise, blaming the Baltimore attack on EternalBlue. And there are hundreds of other news articles [eg] that agree, citing the New York Times. There are no news articles that dispute this.In a recent book, the author of that article admits it's not true, that EternalBlue didn't cause the ransomware to spread. But they defend themselves as it being essentially true, that EternalBlue is responsible for a lot of bad things, even if technically, not in this case. Such errors are justified, on the grounds they are generalizations and simplifications needed for the mass audience.So we are left with the situation Orwell describes: all records tell the same tale -- when the lie passes into history, it becomes the truth.Orwell continues:He wondered, as he had many times wondered before, whether he himself was a lunatic. Perhaps a lunatic was simply a minority of one. At one time it had been a sign of madness to believe that the earth goes round the sun; today, to believe that the past is inalterable. He might be ALONE in holding that belief, and if alone, then a lunatic. But the thought of being a lunatic did not greatly trouble him: the horror was that he might also be wrong.I'm definitely a lunatic, alone in my beliefs. I sure hope I'm not wrong.

---

Update: Other lunatics document their struggles with Minitrue: When I was investigating the TJX breach, there were NYT articles citing unnamed sources that were made up & then outlets would publish citing the NYT. The TJX lawyers would require us to disprove the articles. Each time we would. It was maddening fighting lies for 8 months.— Nicholas J. Percoco (@c7five) March 1, 2021 ]]> 2021-02-28T20:05:19+00:00 https://blog.erratasec.com/2021/02/we-are-living-in-1984-eternalblue.html www.secnews.physaphae.fr/article.php?IdArticle=2414565 False Ransomware APT 32,NotPetya,Wannacry None Dark Reading - Informationweek Branch 2020-10-29T10:05:00+00:00 https://www.darkreading.com/attacks-breaches/act-of-war-clause-could-nix-cyber-insurance-payouts/d/d-id/1339317?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple www.secnews.physaphae.fr/article.php?IdArticle=2002313 False Ransomware NotPetya None Security Affairs - Blog Secu 2020-10-20T07:30:53+00:00 https://securityaffairs.co/wordpress/109754/intelligence/us-charges-russia-gru-intelligence-officers.html?utm_source=rss&utm_medium=rss&utm_campaign=us-charges-russia-gru-intelligence-officers www.secnews.physaphae.fr/article.php?IdArticle=1987131 False None NotPetya None ZD Net - Magazine Info 2020-10-19T17:03:00+00:00 https://www.zdnet.com/article/us-charges-russian-hackers-behind-notpetya-killdisk-olympicdestroyer-attacks/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1986221 False None NotPetya None InformationSecurityBuzzNews - Site de News Securite EU Applies First Ever Sanctions In Response To Cyber-Attacks]]> 2020-08-04T17:33:26+00:00 https://www.informationsecuritybuzz.com/expert-comments/eu-applies-first-ever-sanctions-in-response-to-cyber-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=1842056 False None NotPetya,Wannacry None IT Security Guru - Blog Sécurité 2020-07-31T11:31:24+00:00 https://www.itsecurityguru.org/2020/07/31/eu-imposes-sanctions-on-north-korean-chinese-and-russian-backed-cyberattackers/?utm_source=rss&utm_medium=rss&utm_campaign=eu-imposes-sanctions-on-north-korean-chinese-and-russian-backed-cyberattackers www.secnews.physaphae.fr/article.php?IdArticle=1834482 False None NotPetya,Wannacry None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2020-07-31T06:47:40+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/llFCzIzCSRo/sanctions-against-wanted-hackers.html www.secnews.physaphae.fr/article.php?IdArticle=1834674 False None NotPetya,Wannacry None IT Security Guru - Blog Sécurité 2020-07-30T19:19:01+00:00 https://www.itsecurityguru.org/2020/07/30/eu-first-sanctions-imposed-on-wannacry-notpetya-opcw-cloud-hopper-attackers/?utm_source=rss&utm_medium=rss&utm_campaign=eu-first-sanctions-imposed-on-wannacry-notpetya-opcw-cloud-hopper-attackers www.secnews.physaphae.fr/article.php?IdArticle=1833653 False None NotPetya,Wannacry None Errata Security - Errata Security July 16, 2020The only thing more broken than how CEOs view cybersecurity is how cybersecurity experts view cybersecurity. We have this flawed view that cybersecurity is a moral imperative, that it's an aim by itself. We are convinced that people are wrong for not taking security seriously. This isn't true. Security isn't a moral issue but simple cost vs. benefits, risk vs. rewards. Taking risks is more often the correct answer rather than having more security.Rather than experts dispensing unbiased advice, we've become advocates/activists, trying to convince people that they need to do more to secure things. This activism has destroyed our credibility in the boardroom. Nobody thinks we are honest.Most of our advice is actually internal political battles. CEOs trust outside consultants mostly because outsiders don't have a stake in internal politics. Thus, the consultant can say the same thing as what you say, but be trusted.CEOs view cybersecurity the same way they view everything else about building the business, from investment in office buildings, to capital equipment, to HR policies, to marketing programs, to telephone infrastructure, to law firms, to .... everything.They divide their business into two parts:The first is the part they do well, the thing they are experts at, the things that define who they are as a company, their competitive advantage.The second is everything else, the things they don't understand.For the second part, they just want to be average in their industry, or at best, slightly above average. They want their manufacturing costs to be about average. They want the salaries paid to employees to be about average. They want the same video conferencing system as everybody else. Everything outside of core competency is average.I can't express this enough: if it's not their core competency, then they don't want to excel at it. Excelling at a thing comes with a price. They have to pay people more. They have to find the leaders with proven track records at excelling at it. They have to manage excellence.This goes all the way to the top. If it's something the company is going to excel at, then the CEO at the top has to have enough expertise themselves to understand who the best leaders to can accomplish this goal. The CEO can't hire an excellent CSO unless they have enough competency to judge the qualifications of the CSO, and enough competency to hold the CSO accountable for the job they are doing.All this is a tradeoff. A focus of attention on one part of the business means less attention on other parts of the business. If your company excels at cybersecurity, it means not excelling at some other part of the business.So unless you are a company like Google, whose cybersecurity is a competitive advantage, you don't want to excel in cybersecurity. You want to be]]> 2020-07-19T17:07:57+00:00 https://blog.erratasec.com/2020/07/how-ceos-think.html www.secnews.physaphae.fr/article.php?IdArticle=1813717 False Ransomware,Guideline NotPetya None UnderNews - Site de news "pirate" francais Trente ans après le premier ransomware[1], ce type de logiciels malveillants chiffrant les données de leurs victimes jusqu'à l'obtention d'une rançon a toujours le vent en poupe. En 2017, les ransomwares avaient fait la une de l'actualité cyber. En effet, mai 2017 fut marqué par WannaCry qui bouscula le monde entier et causa des pertes consolidées qui s'élèveraient à 4 milliards de dollars. Les entreprises ne s'étaient pas encore remises de cette méga attaque qu'un nouveau ransomware, NotPetya, frappait un mois plus tard, causant 10 milliards[2] de dollars de dommages.]]> 2020-07-10T07:27:19+00:00 https://www.undernews.fr/malwares-virus-antivirus/pas-de-crise-de-la-trentaine-pour-les-ransomwares.html www.secnews.physaphae.fr/article.php?IdArticle=1800121 False None NotPetya,Wannacry None Graham Cluley - Blog Security 2020-06-25T12:48:10+00:00 https://www.grahamcluley.com/the-inside-story-of-the-maersk-notpetya-ransomware-attack/ www.secnews.physaphae.fr/article.php?IdArticle=1773814 False Ransomware NotPetya None Global Security Mag - Site de news francais Points de Vue ]]> 2020-06-24T13:01:51+00:00 http://www.globalsecuritymag.fr/3-ans-apres-le-spectre-de-NotPetya,20200624,99986.html www.secnews.physaphae.fr/article.php?IdArticle=1771680 False Ransomware,Malware NotPetya,Wannacry 3.0000000000000000 Global Security Mag - Site de news francais Points de Vue ]]> 2020-06-24T12:58:27+00:00 http://www.globalsecuritymag.fr/La-cyberattaque-mondiale-NotPetya,20200624,99985.html www.secnews.physaphae.fr/article.php?IdArticle=1771681 False Ransomware,Malware,Threat,Guideline NotPetya None InformationSecurityBuzzNews - Site de News Securite Experts’ Reactions on NotPetya Cyber Attack Anniversary]]> 2020-06-23T09:25:01+00:00 https://www.informationsecuritybuzz.com/expert-comments/comment-notpetya-cyber-attack-anniversary/ www.secnews.physaphae.fr/article.php?IdArticle=1770581 False Ransomware NotPetya None Wired Threat Level - Security News 2020-03-12T12:00:00+00:00 https://www.wired.com/story/a-new-wormable-windows-vulnerability-has-no-patch-in-sight www.secnews.physaphae.fr/article.php?IdArticle=1593484 False Vulnerability NotPetya,Wannacry None TechRepublic - Security News US 2020-01-28T17:45:00+00:00 https://www.techrepublic.com/article/c-suite-not-prepared-for-notpetya-and-other-extinction-level-cyberattacks/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=1514741 False None NotPetya None Malwarebytes Labs - MalwarebytesLabs As the 2010s come to a close, we take a snarky walk down memory lane, listing the craziest, most impactful, or simply just awful cybersecurity fails of the decade. Categories: Awareness Tags: ashley madisonashley madison hackBadRabbitcambridge analyticacryptolockercryptolocker ransomwareData privacyEdward Snowdenemotetexploitsfacebookhacktivismmat honanNotPetyaNSAnsa spyingnsa surveillanceNSA toolsplaystation breachplaystation hackransomwareryukRyuk ransomwaresecurity failsshadow brokerssocial mediasonysony pictures hacksurveillancetarget breachtarget hacktrickbottriple threatWannaCry (Read more...) ]]> 2019-12-19T18:03:33+00:00 https://blog.malwarebytes.com/awareness/2019/12/a-decade-in-cybersecurity-fails-top-breaches-threats-of-2010s/ www.secnews.physaphae.fr/article.php?IdArticle=1494817 False None NotPetya,Wannacry None NoticeBored - Experienced IT Security professional an interview for CIO Dive, Maersk's recently-appointed CISO Andy Powell discussed aligning the organization with these five 'key operating principles':"The first is trust. The client has got to trust us with their data, to trust us to look at their business. So we've got to build trust through the cybersecurity solutions that we put in place. That is absolutely fundamental. So client trust, client buy-in has been fundamental to what we tried to drive as a key message. The second is resilience. Because you've got to have resilient systems because clients won't give you business if you're not resilient ... The third really is around the fact that security is everybody's responsibility. And we push that message really hard across the company … be clear about what you need to do and we train people accordingly. ...The fourth one really is accountability of security and I have pushed accountability for cyber risk to the business. ... And the final piece, and this has been one of the big call outs of my team to everybody, is that security is a benefit, not a burden. The reason I say that is people's perception is that security will slow things down, will get in the way ... the reality is that if you involve security early enough, you can build solutions that actually attract additional clients."Fair enough Andy. I wouldn't particularly quarrel with any of them, but as to whether they would feature in my personal top-five I'm not so sure. Here are five others they'd be competing against, with shipping-related illustrations just for fun:Governance involves structuring, positioning, setting things up and guiding the organization in the right overall direction - determining then plotting the optimal route to the ship's ultimate destination, loading up with the right tools, people and provisions. Corporate governance necessarily involves putting things in place for both protecting and exploiting information, a vital and valuable yet vulnerable business asset;Information is subject to risks that can and probably should be managed proactively, just as a ship's captain doesn't merely accept the inclement weather and various other hazards but, where appropriate, actively mitigates or avoids them, dynamically reacting and adjusting course as things change;Flexibility and responsiveness, along with resilience and ro]]> 2019-12-03T17:12:11+00:00 http://feedproxy.google.com/~r/NoticeBored/~3/8b7e865ezZk/nblog-dec-3-infosec-driving-principles.html www.secnews.physaphae.fr/article.php?IdArticle=1495742 False Tool,Guideline NotPetya None Wired Threat Level - Security News 2019-11-15T13:00:00+00:00 https://www.wired.com/story/sandworm-russia-cyberattack-links www.secnews.physaphae.fr/article.php?IdArticle=1468995 False None NotPetya None CSO - CSO Daily Dashboard NotPetya attack in 2017. The attack crippled a number of companies, none more publicly than shipping giant Maersk, which temporarily lost its entire global operations.]]> 2019-10-09T03:00:00+00:00 https://www.csoonline.com/article/3444620/rebuilding-after-notpetya-how-maersk-moved-forward.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1392190 False None NotPetya None Wired Threat Level - Security News 2019-09-28T13:00:00+00:00 https://www.wired.com/story/doordash-breach-notpetya-fedex-security-roundup www.secnews.physaphae.fr/article.php?IdArticle=1366950 False None NotPetya None Errata Security - Errata Security these topics before.Who is CrowdStrike?They are a cybersecurity firm that, among other things, investigates hacker attacks. If you've been hacked by a nation state, then CrowdStrike is the sort of firm you'd hire to come and investigate what happened, and help prevent it from happening again.Why is CrowdStrike mentioned?Because they were the lead investigators in the DNC hack who came to the conclusion that Russia was responsible. The pro-Trump crowd believes this conclusion is false. If the conclusion is false, then it must mean CrowdStrike is part of the anti-Trump conspiracy.Trump always had a thing for CrowdStrike since their first investigation. It's intensified since the Mueller report, which solidified the ties between Trump-Russia, and Russia-DNC-Hack.Personally, I'm always suspicious of such investigations. Politics, either grand (on this scale) or small (internal company politics) seem to drive investigations, creating firm conclusions based on flimsy evidence. But CrowdStrike has made public some pretty solid information, such as BitLy accounts used both in the DNC hacks and other (known) targets of state-sponsored Russian hackers. Likewise, the Mueller report had good data on Bitcoin accounts. I'm sure if I looked at all the evidence, I'd have more doubts, but at the same time, of the politicized hacking incidents out there, this seems to have the best (public) support for the conclusion.What's the conspiracy?The basis of the conspiracy is that the DNC hack was actually an inside job. Some former intelligence officials lead by Bill Binney claim they looked at some data and found that the files were copied "locally" instead of across the Internet, and therefore, it was an insider who did it and not a remote hacker.I debunk the claim here, but the short explanation is: of course the files were copied "locally", the hacker was inside the network. In my long experience investigating hacker intrusions, and performing them myself, I know this is how it's normally done. I mention my own experience because I'm technical and know these things, in contrast with Bill Binney and those other intelligence officials who have no experience with such things. He sounds impressive that he's formerly of the NSA, but he was a mid-level manager in charge of budgets. Binney has never performed a data breach investigation, has never performed a pentest.There's other parts to the conspiracy. In the middle of all this, a DNC staffer was murdered on the street, possibley due to a mugging. Naturally this gets included as part of the conspiracy, this guy ("Seth Rich") must've been the "insider" in this attack, and mus]]> 2019-09-26T13:24:44+00:00 https://blog.erratasec.com/2019/09/crowdstrike-ukraine-explained.html www.secnews.physaphae.fr/article.php?IdArticle=1363510 False Data Breach,Hack,Guideline NotPetya None The Security Ledger - Blog Sécurité ]]> 2019-08-20T11:11:01+00:00 https://feeds.feedblitz.com/~/606605914/0/thesecurityledger~Episode-How-NotPetya-has-Insurers-grappling-with-Systemic-Cyber-Risk/ www.secnews.physaphae.fr/article.php?IdArticle=1315816 False None NotPetya None InformationSecurityBuzzNews - Site de News Securite NotPetya – Two Years On From “The Most Destructive And Costly Cyber-Attack In History”]]> 2019-06-27T23:12:04+00:00 https://www.informationsecuritybuzz.com/expert-comments/notpetya-two-years-on-from-the-most-destructive-and-costly-cyber-attack-in-history/ www.secnews.physaphae.fr/article.php?IdArticle=1177264 False Malware NotPetya None Checkpoint - Fabricant Materiel Securite 2019-06-13T13:00:03+00:00 https://blog.checkpoint.com/2019/06/13/may-2019-most-wanted-malware-bluekeep-microsoft-rdp-cryptocurrency-malware/ www.secnews.physaphae.fr/article.php?IdArticle=1152617 False Ransomware,Vulnerability,Threat,Guideline NotPetya,Wannacry 3.0000000000000000 Errata Security - Errata Security PhishingAn example is this question that misunderstands the threat of "phishing":Should failing multiple phishing tests be grounds for firing? I ran into a guy at a recent conference, said his employer fired people for repeatedly falling for (simulated) phishing attacks. I talked to experts, who weren't wild about this disincentive. https://t.co/eRYPZ9qkzB pic.twitter.com/Q1aqCmkrWL- briankrebs (@briankrebs) May 29, 2019The (wrong) threat model is here is that phishing is an email that smart users with training can identify and avoid. This isn't true.Good phishing messages are indistinguishable from legitimate messages. Said another way, a lot of legitimate messages are in fact phishing messages, such as when HR sends out a message saying "log into this website with your organization username/password".Recently, my university sent me an email for mandatory Title IX training, not digitally signed, with an external link to the training, that requested my university login creds for access, that was sent from an external address but from the Title IX coordinator.- Tyler Pieron (@tyler_pieron) May 29, 2019Yes, it's amazing how easily stupid employees are tricked by the most obvious of phishing messages, and you want to point and laugh at them. But frankly, you want the idiot employees doing this. The more obvious phishing attempts are the least harmful and a good test of the rest of your security -- which should be based on the assumption that users will frequently fall for phishing.In other words, if you paid attention to the threat model, you'd be mitigating the threat in other ways and not even bother training employees. You'd be firing HR idiots for phishing employees, not punishing employees for getting tricked. Your systems would be resilient against successful phishes, such as using two-factor authentication.IoT securityAfter the Mirai worm, government types pushed for laws to secure IoT devices, as billions of insecure devices like TVs, cars, security cameras, and toasters are added to the Internet. Everyone is afraid of the next Mirai-type worm. For example, they are pushing for devices to be auto-updated.But auto-updates are a bigger threat than worms.Since Mirai, roughly 10-billion new IoT devices have been added to the Internet, yet there hasn't been a Mirai-sized worm. Why is that? After 10-billion new IoT devices, it's still Windows and not IoT that is the main problem.The answer is that number, 10-billion. Internet worms work by guessing IPv4 addresses, of which there are only 4-billion. You can't have 10-billion new devices on the public IPv4 addresses because there simply aren't enough addresses. Instead, those 10-billion devices are almost entirely being put on private ne]]> 2019-05-29T20:16:09+00:00 https://blog.erratasec.com/2019/05/your-threat-model-is-wrong.html www.secnews.physaphae.fr/article.php?IdArticle=1131777 False Ransomware,Tool,Vulnerability,Threat,Guideline NotPetya,FedEx None Errata Security - Errata Security masscan, my Internet-scale port scanner, looking for port 3389, the one used by Remote Desktop. This takes a couple hours, and lists all the devices running Remote Desktop -- in theory.This returned 7,629,102 results (over 7-million). However, there is a lot of junk out there that'll respond on this port. Only about half are actually Remote Desktop.Masscan only finds the open ports, but is not complex enough to check for the vulnerability. Remote Desktop is a complicated protocol. A project was posted that could connect to an address and test it, to see if it was patched or vulnerable. I took that project and optimized it a bit, rdpscan, then used it to scan the results from masscan. It's a thousand times slower, but it's only scanning the results from masscan instead of the entire Internet.The table of results is as follows:1447579  UNKNOWN - receive timeout1414793  SAFE - Target appears patched1294719  UNKNOWN - connection reset by peer1235448  SAFE - CredSSP/NLA required 923671  VULNERABLE -- got appid 651545  UNKNOWN - FIN received 438480  UNKNOWN - connect timeout 105721  UNKNOWN - connect failed 9  82836  SAFE - not RDP but HTTP  24833  UNKNOWN - connection reset on connect   3098  UNKNOWN - network error   2576  UNKNOWN - connection terminatedThe various UNKNOWN things fail for various reasons. A lot of them are because the protocol isn't actually Remote Desktop and respond weirdly when we try to talk Remote Desktop. A lot of others are Windows machines, sometimes vulnerable and sometimes not, but for some reason return errors sometimes.The important results are those marked VULNERABLE. There are 923,671 vulnerable machines in this result. That means we've confirmed the vulnerability really does exist, though it's possible a small number of these are "honeypots" deliberately pretending to be vulnerable in order to monitor hacker activity on the Internet.The next result are those marked SAFE due to probably being "pached". Actually, it doesn't necessarily mean they are patched Windows boxes. They could instead be non-Windows systems that appear the same as patched Windows boxes. But either way, they are safe from this vulnerability. There are 1,414,793 of them.The next result to look at are those marked SAFE due to CredSSP/NLA failures, of which there are 1,235,448. This doesn't mean they are patched, but only that we can't exploit them. They require "network level authentication" first before we can talk Remote Desktop to them. That means we can't test whether they are patched or vulnerable -- but neither can the hackers. They may still be exploitable via an insider threat who knows a valid username/password, but they aren't exploitable by anonymous hackers or worms.The next category is marked as SAFE because they aren't Remote Desktop at all, but HTTP servers. In other words, in response to o]]> 2019-05-28T06:20:06+00:00 https://blog.erratasec.com/2019/05/almost-one-million-vulnerable-to.html www.secnews.physaphae.fr/article.php?IdArticle=1128860 False Ransomware,Vulnerability,Threat,Patching,Guideline NotPetya,Wannacry None Errata Security - Errata Security blaming the NSA for a ransomware attack on Baltimore is typical bad journalism. It's an op-ed masquerading as a news article. It cites many to support the conclusion the NSA is to be blamed, but only a single quote, from the NSA director, from the opposing side. Yet many experts oppose this conclusion, such as @dave_maynor, @beauwoods, @daveaitel, @riskybusiness, @shpantzer, @todb, @hrbrmst, ... It's not as if these people are hard to find, it's that the story's authors didn't look.The main reason experts disagree is that the NSA's Eternalblue isn't actually responsible for most ransomware infections. It's almost never used to start the initial infection -- that's almost always phishing or website vulns. Once inside, it's almost never used to spread laterally -- that's almost always done with windows networking and stolen credentials. Yes, ransomware increasingly includes Eternalblue as part of their arsenal of attacks, but this doesn't mean Eternalblue is responsible for ransomware.The NYTimes story takes extraordinary effort to jump around this fact, deliberately misleading the reader to conflate one with the other. A good example is this paragraph:That link is a warning from last July about the "Emotet" ransomware and makes no mention of EternalBlue. Instead, the story is citing anonymous researchers claiming that EthernalBlue has been added to Emotet since after that DHS warning.Who are these anonymous researchers? The NYTimes article doesn't say. This is bad journalism. The principles of journalism are that you are supposed to attribute where you got such information, so that the reader can verify for themselves whether the information is true or false, or at least, credible.And in this case, it's probably false. The likely source for that claim is this article from Malwarebytes about Emotet. They have since retracted this claim, as the latest version of their article points out.In any event, the NYTimes article claims that Emotet is now "relying" on the NSA's EternalBlue to spread. That's not the same thing as "using", not even close. Yes, lots of ransomware has been updated to also use Eternalblue to spread. However, what ransomware is relying upon is still the Wind]]> 2019-05-27T19:59:38+00:00 https://blog.erratasec.com/2019/05/a-lesson-in-journalism-vs-cybersecurity.html www.secnews.physaphae.fr/article.php?IdArticle=1128277 False Ransomware,Malware,Patching,Guideline NotPetya,Wannacry None SecurityWeek - Security News 2019-04-09T15:36:04+00:00 https://www.securityweek.com/get-ready-first-wave-ai-malware www.secnews.physaphae.fr/article.php?IdArticle=1091626 False Ransomware,Malware,Threat NotPetya,Wannacry None InformationSecurityBuzzNews - Site de News Securite Second Insurer Has Cited ‘War Exclusion’ To Avoid Payout Over NotPetya]]> 2019-03-27T21:19:02+00:00 https://www.informationsecuritybuzz.com/expert-comments/second-insurer-has-cited-war-exclusion-to-avoid-payout-over-notpetya/ www.secnews.physaphae.fr/article.php?IdArticle=1084215 False None NotPetya None The State of Security - Magazine Américain Read More ]]> 2019-03-26T08:00:02+00:00 https://www.tripwire.com/state-of-security/security-awareness/rsa-2019-survey-geopolitical-issues/ www.secnews.physaphae.fr/article.php?IdArticle=1081542 False None NotPetya,Wannacry None Graham Cluley - Blog Security Multinational law firm was hit in the crossfire as Russia-backed ransomware spread, and Hiscox is reportedly declining to pay up citing an “act of war”. ]]> 2019-03-25T17:07:03+00:00 https://www.grahamcluley.com/dla-piper-and-its-insurers-clash-over-multi-million-notpetya-payout/ www.secnews.physaphae.fr/article.php?IdArticle=1080797 False Ransomware NotPetya None Security Intelligence - Site de news Américain Cybercriminals made a lot of noise in 2017 with ransomware attacks like WannaCry and NotPetya, using an in-your-face approach to cyberattacks that netted them millions of dollars from victims. But new research from IBM X-Force, the threat intelligence, research and incident response arm of IBM Security, revealed that 2018 saw a rapid decline in ransomware […] ]]> 2019-02-26T11:00:03+00:00 https://securityintelligence.com/cryptojacking-rises-450-percent-as-cybercriminals-pivot-from-ransomware-to-stealthier-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=1042492 False Ransomware,Threat NotPetya,Wannacry 2.0000000000000000 Graham Cluley - Blog Security How would *you* track someone who owed you money? What was the colossal flaw Facebook left on its website for anyone to exploit and hijack accounts? And what excuse are insurance companies giving for not paying victims of the NotPetya malware millions of dollars? All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Joe Carrigan of the Information Security Institute at Johns Hopkins University. ]]> 2019-02-21T00:01:00+00:00 https://www.grahamcluley.com/smashing-security-116-stalking-debtors-facebook-farce-and-a-cyber-insurance-snag/ www.secnews.physaphae.fr/article.php?IdArticle=1034632 False Malware NotPetya None Zataz - Magazine Francais de secu Ransomware as a Service : le juteux business model de Satan & Co est apparu en premier sur ZATAZ. ]]> 2019-02-09T21:14:02+00:00 https://www.zataz.com/ransomware-as-a-service-le-juteux-business-model-de-satan-co/ www.secnews.physaphae.fr/article.php?IdArticle=1020599 False Ransomware NotPetya,Wannacry None Security Affairs - Blog Secu 2019-01-14T10:03:01+00:00 https://securityaffairs.co/wordpress/79867/security/mondelez-zurich-cyber-insurance.html www.secnews.physaphae.fr/article.php?IdArticle=991256 False Ransomware NotPetya None InformationSecurityBuzzNews - Site de News Securite Zurich Sued For $100 Million Following NotPetya Attack]]> 2019-01-12T19:00:01+00:00 https://www.informationsecuritybuzz.com/expert-comments/zurich-sued-for-100-million-following-notpetya-attack/ www.secnews.physaphae.fr/article.php?IdArticle=988957 False None NotPetya None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Joe Gray hasn’t really flown outside of the US other than Canada, so when presented with an opportunity to speak at conferences in Switzerland and Paris, he went about trying to find what a security professional should do when travelling internationally. The Preliminary Cybersecurity Guide To International Travel | Forbes Lesley Carhart’s blog which is referenced in Joe’s article probably has one of the most comprehensive posts on the topic The Infosec Introvert Travel Blog | tisi phone Mondelez Sues Zurich in Rest for Cyber Hack Insurance And so it begins… Mondelez, the US food company that owns the Oreo and Cadbury brands, is suing its insurance company, Zurich, for refusing to pay out on a $100m claim for damage caused by the NotPetya cyber attack. Mondelez sues Zurich in test for cyber hack insurance | FT (may require subscription) 2019 - The Year of Cloud-Based Cybersecurity Yes, it’s a prediction piece, but a rather specific one talking about how we’re seeing a rise in cloud-based security analytics and operations. 2019 will be the year of cloud-based cybersecurity analytics/operations | CSO The Cyber-Attack That Sent an Alaskan Community Back in Time They still don’t know where it c]]> 2019-01-11T14:00:00+00:00 https://feeds.feedblitz.com/~/591642828/0/alienvault-blogs~Things-I-Hearted-This-Week-th-Jan www.secnews.physaphae.fr/article.php?IdArticle=986797 False None NotPetya None ZD Net - Magazine Info 2019-01-11T10:04:05+00:00 https://www.zdnet.com/article/notpetya-an-act-of-war-cyber-insurance-firm-taken-to-task-for-refusing-to-pay-out/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=986379 False None NotPetya None InformationSecurityBuzzNews - Site de News Securite Ransomware Is Constantly Evolving But We Can Defeat It Through Innovation]]> 2018-12-05T12:30:04+00:00 https://www.informationsecuritybuzz.com/articles/ransomware-is-constantly-evolving/ www.secnews.physaphae.fr/article.php?IdArticle=935405 False Ransomware NotPetya,Wannacry None TechRepublic - Security News US 2018-11-29T19:19:03+00:00 https://www.techrepublic.com/article/wannacry-one-year-later-is-the-world-ready-for-another-major-attack/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=926637 False None NotPetya,Wannacry 3.0000000000000000 Malwarebytes Labs - MalwarebytesLabs The aviation industry and air traffic (control) are vital elements of our infrastructure. While flying is reportedly safe, how does that landscape look cybersecurity-wise? Categories: Business Cybercrime Tags: air trafficair traffic controlATCAATOaviationcontroldata breachesdronesEUROCONTROLfreightNotPetyaransomwarespamWannaCry (Read more...) ]]> 2018-11-15T20:12:00+00:00 https://blog.malwarebytes.com/security-world/business-security-world/2018/11/compromising-vital-infrastructure-air-traffic-control/ www.secnews.physaphae.fr/article.php?IdArticle=898943 False None NotPetya,Wannacry None Malwarebytes Labs - MalwarebytesLabs Transport and logistics are vital infrastructure, because we need them to deliver our daily necessities, but who is responsible for protecting them? Categories: Business Cybercrime Tags: cyberattackshackinginfrastructurelogisticsNotPetyaphishingprevent ransomware attacksprotectionransomwaretransportWannaCry (Read more...) ]]> 2018-11-06T18:05:01+00:00 https://blog.malwarebytes.com/101/business/2018/11/compromising-vital-infrastructure-transport-logistics/ www.secnews.physaphae.fr/article.php?IdArticle=883293 False Ransomware NotPetya,Wannacry None Global Security Mag - Site de news francais Malwares ]]> 2018-10-16T14:08:05+00:00 http://www.globalsecuritymag.fr/Les-chercheurs-d-ESET-etablissent,20181016,81580.html www.secnews.physaphae.fr/article.php?IdArticle=850157 False Malware NotPetya None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2018-10-15T15:38:02+00:00 https://threatpost.com/notpetya-linked-to-industroyer-attack-on-ukraine-energy-grid/138287/ www.secnews.physaphae.fr/article.php?IdArticle=848376 False None NotPetya None Bleeping Computer - Magazine Américain 2018-10-12T18:24:00+00:00 https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-12th-2018-notpetya-gandcrab-and-more/ www.secnews.physaphae.fr/article.php?IdArticle=844827 False Ransomware NotPetya None