This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-06-06T18:54:09+00:00 www.secnews.physaphae.fr Dark Reading - Informationweek Branch A successor to the "Golden SAML" tactic used in the SolarWinds campaign, this new technique taps SAML response forgery to gain illegitimate access to apps and services.]]> 2024-02-29T11:00:00+00:00 https://www.darkreading.com/cyber-risk/researchers-release-details-on-new-silver-saml-attack-technique www.secnews.physaphae.fr/article.php?IdArticle=8456900 False None Solardwinds 3.0000000000000000 TroyHunt - Blog Security SolarWinds misled public about security while hackers accessed network, SEC says.]]> 2023-10-31T19:43:20+00:00 https://arstechnica.com/?p=1980175 www.secnews.physaphae.fr/article.php?IdArticle=8403723 False Hack Solardwinds 2.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber La SEC allègue que Solarwinds a fraudé les investisseurs en omettant de divulguer des lacunes dans leurs pratiques de sécurité exploitées plus tard par les pirates russes.

---

>The SEC alleges SolarWinds defrauded investors by failing to disclose gaps in their security practices later exploited by Russian hackers. ]]> 2023-10-31T18:50:52+00:00 https://cyberscoop.com/sec-sues-solarwinds-and-ciso-for-fraud/ www.secnews.physaphae.fr/article.php?IdArticle=8403667 False Legislation Solardwinds 2.0000000000000000 knowbe4 - cybersecurity services 30 octobre 2023 Le Wall Street Journal a annoncé que la Commission des États-Unis de sécurité et d'échange a poursuivi Solarwinds.Voici les premiers paragraphes et il y a un lien vers l'article WSJ complet en bas: "La société de logiciels & nbsp; victime de pirates liés à la Russie & nbsp; il y a plus de trois ans, alléguant que la société fraude les actionnaires par des actionnaires à plusieurs reprises par répétition par des actionnaires à plusieurs reprises par répétition par des actionnaires à plusieurs reprises à plusieurs reprises à plusieurs reprises par des actionnaires à plusieurs reprises par la firme à plusieurs reprises par les actionnaires à plusieurs reprises par à plusieurs reprises par des action à plusieurs reprises à plusieurs reprises à plusieurs reprises à plusieurs reprises à plusieurs reprises à plusieurs reprises par la firme francLes tromper sur ses cyber-vulnérabilités et la capacité des attaquants à pénétrer ses systèmes.

---

October 30, 2023 the Wall street Journal broke news that the United States Security and Exchange Commission sued Solarwinds. Here are the first few paragraphs and there is a link to the full WSJ article at the bottom : "the software company victimized by Russian-linked hackers over three years ago, alleging the firm defrauded shareholders by repeatedly misleading them about its cyber vulnerabilities and the ability of attackers to penetrate its systems.]]> 2023-10-31T14:24:03+00:00 https://blog.knowbe4.com/wsj-sec-sues-solarwinds-over-2020-hack-attributed-to-russians www.secnews.physaphae.fr/article.php?IdArticle=8403525 False Hack,Vulnerability Solardwinds 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Complaint alleges company overstated security posture and understated risks]]> 2023-10-31T09:30:00+00:00 https://www.infosecurity-magazine.com/news/sec-charges-solarwinds-ciso/ www.secnews.physaphae.fr/article.php?IdArticle=8403399 False None Solardwinds 4.0000000000000000 The Register - Site journalistique Anglais Developer labels action \'unfounded\' after company and CISO slapped with suit for misleading investors SolarWinds and its chief infosec officer have been charged with fraud by America\'s financial watchdog, which alleges the software maker knew its security was in a poor state ahead of the SUNBURST supply chain attack.…]]> 2023-10-31T00:57:46+00:00 https://go.theregister.com/feed/www.theregister.com/2023/10/31/sec_charges_solarwinds_sunburst_fraud/ www.secnews.physaphae.fr/article.php?IdArticle=8403207 False None Solardwinds,Solardwinds 3.0000000000000000 Recorded Future - FLux Recorded Future La Securities and Exchange Commission (SEC) a annoncé lundi soir qu'elle prévoyait de facturer à Solarwinds le responsable de la sécurité de l'information Timothy Brown avec fraude pour son rôle dans le mensonge prétendument aux investisseurs en «surestimant Solarwinds \\ 'Cybersecurity Practices et en dépréciant ou en omettant de divulguer connu connudes risques."La plainte a été déposée dans le district sud de New

---

The Securities and Exchange Commission (SEC) announced on Monday evening that it plans to charge SolarWinds Chief Information Security Officer Timothy Brown with fraud for his role in allegedly lying to investors by “overstating SolarWinds\' cybersecurity practices and understating or failing to disclose known risks.” The complaint was filed in the Southern District of New]]> 2023-10-30T21:30:00+00:00 https://therecord.media/solarwinds-ciso-sec-charged www.secnews.physaphae.fr/article.php?IdArticle=8403151 False None Solardwinds 3.0000000000000000 Bleeping Computer - Magazine Américain The U.S. Securities and Exchange Commission (SEC) today charged SolarWinds with defrauding investors by allegedly concealing cybersecurity defense issues before a December 2020 linked to APT29, the Russian Foreign Intelligence Service (SVR) hacking division. [...]]]> 2023-10-30T17:54:13+00:00 https://www.bleepingcomputer.com/news/security/sec-sues-solarwinds-for-misleading-investors-before-2020-hack/ www.secnews.physaphae.fr/article.php?IdArticle=8403150 False Hack APT 29,Solardwinds 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC NotPetya malware was concealed in a software update for a widely-used tax program in Ukraine. Though primarily affecting IT networks, the malware caused shutdowns in industrial operations, illustrating how a corrupted element in the supply chain can have far-reaching effects on both IT and OT systems. These real-world incidents emphasize the multifaceted nature of cybersecurity risks within interconnected ICS/OT systems. They serve as a prelude to a deeper exploration of specific challenges and vulnerabilities, including: Malware attacks on ICS/OT: Specific targeting of components can disrupt operations and cause physical damage. Third-party vulnerabilities: Integration of third-party systems within the supply chain can create exploitable weak points. Data integrity issues: Unauthorized data manipulation within ICS/OT systems can lead to faulty decision-making. Access control challenges: Proper identity and access management within complex environments are crucial. Compliance with best practices: Adherence to guidelines such as NIST\'s best practices is essential for resilience. Rising threats in manufacturing: Unique challenges include intellectual property theft and process disruptions. Traditional defenses are proving inadequate, and a multifaceted strategy, including technologies like Content Disarm and Reconstruction (CDR), is required to safeguard these vital systems. Supply chain defense: The power of content disarm and reconstruction Content Disarm and Reconstruction (CDR) is a cutting-edge technology. It operates on a simple, yet powerful premise based on the Zero Trust principle: all files could be malicious. What does CDR do? In the complex cybersecurity landscape, CDR stands as a unique solution, transforming the way we approach file safety. Sanitizes and rebuilds files: By treating every file as potentially harmful, CDR ensures they are safe for use while mainta]]> 2023-08-29T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/battling-malware-in-the-industrial-supply-chain www.secnews.physaphae.fr/article.php?IdArticle=8376274 False Malware,Vulnerability,Threat,Industrial,Cloud NotPetya,Solardwinds,Wannacry 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Attackers continue to target Microsoft identities to gain access to connected Microsoft applications and federated SaaS applications. Additionally, attackers continue to progress their attacks in these environments, not by exploiting vulnerabilities, but by abusing native Microsoft functionality to achieve their objective. The attacker group Nobelium, linked with the SolarWinds attacks, has been]]> 2023-08-10T16:44:00+00:00 https://thehackernews.com/2023/08/emerging-attacker-exploit-microsoft.html www.secnews.physaphae.fr/article.php?IdArticle=8368339 False Cloud Solardwinds 2.0000000000000000 Recorded Future - FLux Recorded Future Les décideurs doivent faire davantage pour affronter la vulnérabilité croissante des infrastructures critiques auxquelles les secteurs des secteurs des secteurs en raison de leur dépendance croissante à l'égard du cloud computing, un nouveau Rapport du Conseil de l'Atlantique Le rapport souligne que le cloud a déjà permis aux «acteurs malveillants» d'espionner les agences gouvernementales, pointant vers le 2020 Sunburst Hack dans lequel les produits cloud, en particulier [Microsoft

---

Policymakers must do more to confront the increasing vulnerability critical infrastructure sectors face due to their growing reliance on cloud computing, a new Atlantic Council report urges. The report underscores that the cloud has already allowed “malicious actors” to spy on government agencies, pointing to the 2020 Sunburst hack in which cloud products, specifically [Microsoft]]> 2023-07-10T21:33:00+00:00 https://therecord.media/policymakers-must-confront-cloud-insecurity www.secnews.physaphae.fr/article.php?IdArticle=8354252 False Vulnerability,Cloud Solardwinds 3.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain 2023-02-14T12:06:06+00:00 https://www.schneier.com/blog/archives/2023/02/what-will-it-take.html www.secnews.physaphae.fr/article.php?IdArticle=8310001 False Ransomware Solardwinds,Equifax,Equifax 2.0000000000000000 taosecurity - Blog Sécurité Chinois Happy 20th birthday TaoSecurity Blog, born on 8 January 2003. Thank you BloggerBlogger (now part of Google) has continuously hosted this blog for 20 years, for free. I'd like to thank Blogger and Google for providing this platform for two decades. It's tough to find extant self-hosted security content that was born at the same time, or earlier. Bruce Schneier's Schneier on Security is the main one that comes to mind. If not for the wonderful Internet Archive, many blogs from the early days would be lost.StatisticsIn my 15 year post I included some statistics, so here are a few, current as of the evening of 7 January:I think it's cool to see almost 29 million "all time" views, but that's not the whole story.Here are the so-called "all time" statistics:It turns out that Blogger only started capturing these numbers in January 2011. That means I've had almost 29 million views in the last 12 years. I don't know what happened on 20 April 2022, when I had almost 1.5 million views?Top Ten Posts Since January 2011]]> 2023-01-08T10:00:00+00:00 https://taosecurity.blogspot.com/2023/01/happy-20th-birthday-taosecurity-blog.html www.secnews.physaphae.fr/article.php?IdArticle=8298985 False Ransomware,Studies,Guideline Solardwinds 2.0000000000000000 CrowdStrike - CTI Society 2022-12-14T17:43:30+00:00 http://provinggrounds.cs.sys/blog/managed-threat-hunting-should-top-every-ciso-wish-list/ www.secnews.physaphae.fr/article.php?IdArticle=8291606 False Threat,Guideline Solardwinds 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC 45% of companies will have experienced a supply chain attack. Supply chain attacks can come in various ways, whether by malicious code injected into enterprise software or vulnerabilities in software your company uses. To mitigate this risk, companies must learn about the methods used to execute attacks and understand their company’s blind spots.  This article will look at 5 recent software supply chain attacks and how third-party partners can pose a security risk to your company. We’ll make recommendations for how to secure your business against supply chain attacks and how you can engage in early detection to respond to threats before they take down your enterprise. What is a software supply chain attack? The CISA or US Cybersecurity and Infrastructure Security Agency defines a software supply chain attack as an attack that “occurs when a cyber threat actor infiltrates a software vendor’s network and employs malicious code to compromise the software before the vendor sends it to their customers. The compromised software then compromises the customer’s data or system.” A software supply chain includes any company you purchase software from and any open-source software and public repositories from which your developers pull code. It also includes any service organizations that have access to your data. In the aggregate, all of these different suppliers exponentially increase the surface area of a potential attack. Software supply chain attacks are particularly dangerous because the software supply chain acts as an amplifier for hackers. This means that when one vendor is impacted, hackers can potentially reach any of their customers, giving them greater reach than if they attacked a single target corporation.  Two primary reasons contribute to the danger, according to CISA: Third-party software products usually require privileged access; They often require frequent communication between the vendor’s own network and the vendor’s software on customer networks. Attackers leverage privileged access and a privileged network access channel as their first point of access. Depending on the level of available access, attackers can easily target many devices and levels of an organization. Some industries, like healthcare, are of particular vulnerability because they possess huge volumes of patient data subject to strict compliance regulations and laws. Five major supply chain attacks In recent memory, software supply chain attacks have gathered increased attention from the public because of how damaging they can be to a company and its reputation. The Log4j vulnerability demonstrated just how vulnerable companies can be to relying on third-party software, for example. Other high-profile attacks like the SolarWinds SUNBURST attack and Kaseya VSA (REvil) attack also provided painful reminders of how damaging supply chain attacks can be. The SolarWinds SUNBURST backdoor On December 13th, 2020, the SUNBURST backdoor was first disclosed. The attack utilized the popular SolarWinds Orion IT monitorin]]> 2022-07-11T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/5-common-blind-spots-that-make-you-vulnerable-to-supply-chain-attacks www.secnews.physaphae.fr/article.php?IdArticle=5659440 False Ransomware,Data Breach,Vulnerability,Threat,Patching Solardwinds None CSO - CSO Daily Dashboard has introduced new software development practices and technology to strengthen the integrity of its build environment. It includes what SolarWinds says is the first-of-its-kind “parallel build” process, where the software development takes place through multiple highly secure duplicate paths to establish a basis for integrity checks.To read this article in full, please click here]]> 2022-06-29T16:25:00+00:00 https://www.csoonline.com/article/3665650/solarwinds-creates-new-software-build-system-in-wake-of-sunburst-attack.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=5459968 False Threat Solardwinds None ComputerWeekly - Computer Magazine 2022-06-23T05:29:00+00:00 https://www.computerweekly.com/news/252521914/SolarWinds-unveils-new-development-model-to-avoid-a-repeat-of-Sunburst www.secnews.physaphae.fr/article.php?IdArticle=5339653 False None Solardwinds None CSO - CSO Daily Dashboard SolarWinds SUNBURST attack, the Kaseya VSA (REvil) attack, or the Log4j vulnerability making headlines and impacting thousands of enterprises. It isn't that a handful of examples happen to make the news: Supply chain attacks are growing more common. Gartner predicts that by 2025, 45% of organizations worldwide will have experienced attacks on their software supply chain.To read this article in full, please click here]]> 2022-06-13T11:30:00+00:00 https://www.csoonline.com/article/3663436/five-blind-spots-that-leave-you-open-to-supply-chain-vulnerabilities.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=5134762 False None Solardwinds None InfoSecurity Mag - InfoSecurity Magazine 2022-06-09T19:00:00+00:00 https://www.infosecurity-magazine.com/news/rsac-lessons-learned-solarwinds/ www.secnews.physaphae.fr/article.php?IdArticle=5061725 False Threat Solardwinds None CrowdStrike - CTI Society 2022-06-03T08:16:58+00:00 https://www.crowdstrike.com/blog/how-crowdstrike-detects-poisoned-python-packages-ctx-phpass/ www.secnews.physaphae.fr/article.php?IdArticle=4950106 False None Solardwinds None Mandiant - Blog Sécu de Mandiant Solarwinds Compromis en décembre 2020 , est attribuable à APT29. Cette conclusion correspond aux instructions d'attribution précédemment faites par le u.s.Gouvernement que le compromis de la chaîne d'approvisionnement de Solarwinds a été réalisé par APT29, un groupe d'espionnage basé en Russie évalué comme parrainé par le Russian Foreign Intelligence Service (SVR).Notre évaluation est basée sur des données de première main recueillies par Mandiant et est le résultat d'une comparaison et d'une revue approfondies de UNC2452 et de notre ]]> 2022-04-27T09:00:00+00:00 https://www.mandiant.com/resources/blog/unc2452-merged-into-apt29 www.secnews.physaphae.fr/article.php?IdArticle=8377472 False None APT 29,APT 29,Solardwinds 3.0000000000000000 GoogleSec - Firm Security Blog use malicious source files, inject malicious artifacts into a compromised build platform, and bypass trusted builders to upload malicious artifacts. Each of these attacks could have been prevented if there were a way to detect that the delivered artifacts diverged from the expected origin of the software. But until now, generating verifiable information that described where, when, and how software artifacts were produced (information known as provenance) was difficult. This information allows users to trace artifacts verifiably back to the source and develop risk-based policies around what they consume. Currently, provenance generation is not widely supported, and solutions that do exist may require migrating build processes to services like Tekton Chains.This blog post describes a new method of generating non-forgeable provenance using GitHub Actions workflows for isolation and Sigstore's signing tools for authenticity. Using this approach, projects building on GitHub runners can achieve SLSA 3 (the third of four progressive SLSA “levels”), which affirms to consumers that your artifacts are authentic and trustworthy. ProvenanceSLSA ("Supply-chain Levels for Software Artifacts”) is a framework to help improve the integrity of your project throughout its development cycle, allowing consumers to trace the final piece of software you release all the way back to the source. Achieving a high SLSA level helps to improve the trust that your artifacts are what you say they are.This blog post focuses on build provenance, which gives users important information about the build: who performed the release process? Was the build artifact protected against malicious tampering? Source provenance describes how the source code was protected, which we'll cover in future blog posts, so stay tuned.Go prototype to generate non-forgeable build provenanceTo create tamperless evidence of the build and allow consumer verification, you need to:Isolate the provenance generation from the build process;Isolate against maintainers interfering in the workflow;Provide a mechanism to identify the builder during provenance verification.The full isolation described in the first two points allows consumers to trust that the provenance was faithfully recorded; entities that provide this guarantee are called trusted builders.Our Go prototype solves all three challenges. It also includes running the build inside the trusted builder, which provides a strong guarantee that the build achieves SLSA 3's ephemeral and isolated requirement.How does it work?The following steps create the trusted builder that is necessar]]> 2022-04-07T11:33:30+00:00 http://security.googleblog.com/2022/04/improving-software-supply-chain.html www.secnews.physaphae.fr/article.php?IdArticle=4593787 False None Solardwinds None TechRepublic - Security News US 2022-04-05T18:29:26+00:00 https://www.techrepublic.com/article/how-to-add-a-data-source-to-redash/ www.secnews.physaphae.fr/article.php?IdArticle=4401391 False None Solardwinds None CrowdStrike - CTI Society 2022-01-27T08:00:06+00:00 https://www.crowdstrike.com/blog/observations-from-the-stellarparticle-campaign/ www.secnews.physaphae.fr/article.php?IdArticle=4040759 False None APT 29,APT 29,Solardwinds,Solardwinds None Mandiant - Blog Sécu de Mandiant Solarwinds incident .La discussion démarre avec l'hôte de Kevin Luke McNamara

---

With 2021 nearly behind us, we could think of no better way to close out this year of Eye on Security podcasts than to bring on the individual responsible for founding Mandiant more than 17 years ago, Kevin Mandia. Beyond leading our company as CEO since 2016, Kevin is simply a well of cyber security knowledge, with frontline experience dating back to the 90s when he served as a computer security officer in the United States Air Force. It\'s hard to believe, but it\'s been one year since we announced the SolarWinds incident. The discussion kicks off with Kevin telling host Luke McNamara]]> 2021-12-15T15:00:00+00:00 https://www.mandiant.com/resources/blog/kevin-mandia-year-in-review www.secnews.physaphae.fr/article.php?IdArticle=8377514 False None Solardwinds 3.0000000000000000 Mandiant - Blog Sécu de Mandiant fusionné unc2452 avec apt29 .L'activité UNC2452 décrite dans ce post est désormais attribuée à APT29. comme anniversaire d'un an de la découverte du Chaîne d'approvisionnement Solarwinds Passe de compromis, mandiant reste engagé à être engagé à être engagé à être engagé à engagerSuivre l'un des acteurs les plus difficiles que nous ayons rencontrés.Ces acteurs russes présumés pratiquent la sécurité opérationnelle de premier ordre et les métiers avancés.Cependant, ils sont faillibles et nous continuons à découvrir leur activité et à apprendre de leurs erreurs.En fin de compte, ils restent une menace adaptable et évolutive qui doit être étroitement étudiée par

---

UPDATE (May 2022): We have merged UNC2452 with APT29. The UNC2452 activity described in this post is now attributed to APT29. As the one-year anniversary of the discovery of the SolarWinds supply chain compromise passes, Mandiant remains committed to tracking one of the toughest actors we have encountered. These suspected Russian actors practice top-notch operational security and advanced tradecraft. However, they are fallible, and we continue to uncover their activity and learn from their mistakes. Ultimately, they remain an adaptable and evolving threat that must be closely studied by]]> 2021-12-06T10:00:00+00:00 https://www.mandiant.com/resources/blog/russian-targeting-gov-business www.secnews.physaphae.fr/article.php?IdArticle=8377522 False Threat APT 29,Solardwinds 3.0000000000000000 Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Google Just Patched These Two Chrome Zero-day Bugs That Are Under Attack Right Now (published: October 1, 2021) Google has warned users of Google Chrome to update to version 94.0.4606.71, due to two new zero-days that are currently being exploited in the wild. This marks the second update in a month due to actively exploited zero-day flaws. The first of these common vulnerabilities and exposures (CVEs), CVE-2021-37975, is a high severity flaw in the V8 JavaScript engine, which has been notoriously difficult to protect and could allow attackers to create malware that is resistant to hardware mitigations. Analyst Comment: Users and organizations are recommended to regularly check for and apply updates to the software applications they use, especially web browsers that are increasingly used for a variety of tasks. Organizations can leverage the capabilities of Anomali Threatstream to rapidly get information about new CVEs that need to be mitigated through their vulnerability management program. Tags: CVE-2021-37975, CVE-2021-37976, chrome, zero-day Hydra Malware Targets Customers of Germany's Second Largest Bank (published: October 1, 2021) A new campaign leveraging the Hydra banking trojan has been discovered by researchers. The malware containing an Android application impersonates the legitimate application for Germany's largest bank, Commerzbank. While Hydra has been seen for a number of years, this new campaign incorporates many new features, including abuse of the android accessibility features and permissions which give the application the ability to stay running and hidden with basically full administrator privileges over a victim's phone. It appears to be initially spread via a website that imitates the official Commerzbank website. Once installed it can spread via bulk SMS messages to a user's contacts. Analyst Comment: Applications, particularly banking applications, should only be installed from trusted and verified sources and reviewed for suspicious permissions they request. Similarly, emails and websites should be verified before using. Tags: Banking and Finance, EU, Hydra, trojan New APT ChamelGang Targets Russian Energy, Aviation Orgs (published: October 1, 2021) A new Advanced Persistent Threat (APT) group dubbed “ChamelGang” has been identified to be targeting the fuel and energy complex and aviation industry in Russia, exploiting known vulnerabilities like Microsoft Exchange Server’s ProxyShell and leveraging both new and existing malware to compromise networks. Researchers at Positive Technologies have been tracking the group since March 2017, and have observed that they have attacked targets in 10 countries so far. The group has been able to hi]]> 2021-10-05T18:28:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-new-apt-chamelgang-foggyweb-vmware-vulnerability-exploited-and-more www.secnews.physaphae.fr/article.php?IdArticle=3472727 False Ransomware,Malware,Tool,Vulnerability,Threat,Guideline Solardwinds,Solardwinds,APT 27 None UnderNews - Site de news "pirate" francais SAS 2021 Tomiris – Le groupe de hackers à l'origine de la cyberattaque Sunburst est de nouveau actif first appeared on UnderNews.]]> 2021-09-30T11:07:22+00:00 https://www.undernews.fr/hacking-hacktivisme/sas-2021-tomiris-le-groupe-de-hackers-a-lorigine-de-la-cyberattaque-sunburst-est-de-nouveau-actif.html www.secnews.physaphae.fr/article.php?IdArticle=3449949 False None Solardwinds,Solardwinds None Bleeping Computer - Magazine Américain 2021-09-02T07:30:30+00:00 https://www.bleepingcomputer.com/news/security/autodesk-reveals-it-was-targeted-by-russian-solarwinds-hackers/ www.secnews.physaphae.fr/article.php?IdArticle=3324980 False None Solardwinds None TroyHunt - Blog Security 2021-08-12T19:20:18+00:00 https://arstechnica.com/?p=1786860 www.secnews.physaphae.fr/article.php?IdArticle=3218853 False None Solardwinds,Solardwinds None Mandiant - Blog Sécu de Mandiant Ne pas suffisamment aborder les cyber-risques , selon l'étude CSO 2020 Les priorités de sécurité . Ce n'est pas nécessairement surprenant étant donné la sophistication des menaces aujourd'hui.Le paysage des attaques se développe rapidement, avec des attaques à l'état national telles que SolarWinds et hafnium causant des défis pour de nombreux CISO du secteur public et CSOS. Le gouvernement américain a pris note et vient d'approuver le financement pour améliorer considérablement les capacités fédérales de la cybersécurité des succursales et la capacité du gouvernement fédéral à

---

A large majority (87%) of security leaders say their organizations are not sufficiently addressing cyber risks, according to the CSO 2020 Security Priorities Study. That\'s not necessarily surprising given the sophistication of threats today. The attack landscape is quickly expanding, with nation-state attacks such as SolarWinds and HAFNIUM causing challenges for many public sector CISOs and CSOs. The U.S. government has taken notice and has just approved the funding to dramatically improve federal executive branch cyber security capabilities and the capacity for the federal government to]]> 2021-06-23T12:00:00+00:00 https://www.mandiant.com/resources/blog/prove-your-next-cyber-investment-addresses-most-risk www.secnews.physaphae.fr/article.php?IdArticle=8377577 False None Solardwinds 3.0000000000000000 Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence New Sophisticated Email-based Attack From NOBELIUM (published: May 28, 2021) NOBELIUM, the threat actor behind SolarWinds attacks, has been conducting a widespread email campaign against more than 150 organizations. Using attached HTML files containing JavaScript, the email will write an ISO file to disk; this contains a Cobalt Strike beacon that will activate on completion. Once detonated, the attackers have persistent access to a victims’ system for additional objectives such as data harvesting/exfiltration, monitoring, and lateral movement. Analyst Comment: Be sure to update and monitor email filter rules constantly. As noted in the report, many organizations managed to block these malicious emails; however, some payloads successfully bypassed cloud security due to incorrect/poorly implemented filter rules. MITRE ATT&CK: [MITRE ATT&CK] Spearphishing Link - T1192 | [MITRE ATT&CK] Spearphishing Attachment - T1193 Tags: Nobelium, SolarWinds, TearDrop, CVE-2021-1879, Government, Military Evolution of JSWorm Ransomware (published: May 25, 2021) JSWorm ransomware was discovered in 2019, and since then different variants have gained notoriety under different names such as Nemty, Nefilim, and Offwhite, among others. It has been used to target multiple industries with the largest concentration in engineering, and others including finance, healthcare, and energy. While the underlying code has been rewritten from C++ to Golang (and back again), along with revolving distribution methods, JSWorm remains a consistent threat. Analyst Comment: Ransomware threats often affect organisations in two ways. First encrypting operational critical documents and data. In these cases EDR solutions will help to block potential Ransomwares and data backup solutions will help for restoring files in case an attack is successful. Secondly, sensitive customer and business files are exfiltrated and leaked online by ransomware gangs. DLP solutions will help to identify and block potential data exfiltration attempts. Whereas network segregation and encryption of critical data will play an important role in reducing the risk. MITRE ATT&CK: [MITRE ATT&CK] Obfuscated Files or Information - T1027 | [MITRE ATT&CK] Private Keys - T1145 | [MITRE ATT&CK] Remote File Copy - T1105 | [MITRE ATT&CK] System Owner/User Discovery - T1033 | [MITRE ATT&CK] Code Signing - T1116 | [MITRE ATT&CK] BITS Jobs - T1197]]> 2021-06-02T15:00:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-attacks-against-israeli-targets-macos-zero-days-conti-ransomware-targeting-us-healthcare-and-more www.secnews.physaphae.fr/article.php?IdArticle=2868449 False Ransomware,Malware,Threat,Medical APT 38,Solardwinds,APT 28 None Schneier on Security - Chercheur Cryptologue Américain Sunburst cyberespionage campaign, discovered late last year, impacted more than 100 large companies and US federal agencies, including the Treasury, Energy, Justice, and Homeland Security departments. A crucial part of the Russians’ success was their ability to move through these organizations by compromising cloud and local network identity systems to then access cloud accounts and pilfer emails and files. Hackers said by the US government to have been working for the Kremlin targeted a widely used Microsoft cloud service that synchronizes user identities. The hackers ...]]> 2021-05-28T11:20:29+00:00 https://www.schneier.com/blog/archives/2021/05/the-misaligned-incentives-for-cloud-security.html www.secnews.physaphae.fr/article.php?IdArticle=2851170 False None Solardwinds None Security Affairs - Blog Secu 2021-05-28T10:56:54+00:00 https://securityaffairs.co/wordpress/118352/apt/spear-phishing-attacks-nobelium.html?utm_source=rss&utm_medium=rss&utm_campaign=spear-phishing-attacks-nobelium www.secnews.physaphae.fr/article.php?IdArticle=2850908 False Threat Solardwinds 2.0000000000000000 Anomali - Firm Blog Enterprise Strategy Group (ESG) research study showed that some 63 percent of security pros say that the job is tougher today than it was just two years ago. While there's no doubt that the variety and volume of threats keep on growing by the year, the question is whether or not it’s the complexity of the security problems that have risen precipitously, or whether something else is going on. I'd argue that it's mostly the latter, in that it’s not so much that the complexity has grown tremendously over this time so much as the “awareness” of already latent complexity has become more apparent. As the breadth of technologies and data available to modern cybersecurity organizations continues to proliferate, security strategists are finally getting enough visibility into their environments to start discovering gaps that have existed all along. But knowing where the deficiencies exist doesn’t always equate to being able to address them. These same security folks are also struggling to wrap their arms around what is possible to achieve by using the array of tools in their arsenals and the vast quantities of information available. Years ago in the security world, the common mantra was that security organizations “don't know what they don't know” and this was due to deficiencies in monitoring and threat intelligence capabilities. Nowadays the opposite is true. They're flooded with data and they're starting to get a better sense of what they don't fully know or understand about adversarial activities in their environments. But this dawning self-awareness can be quite nerve-wracking as they ask themselves, “Now that I know, what should I do?” It can be daunting to make that jump from understanding to taking action—this is the process that many organizations struggle with when we talk about “operationalizing” threat intelligence. For security operations, it’s not enough to just know about an adversary via various threat feeds and other sources. To take action, threat intelligence needs to be deployed in real-time so that security tools and personnel can actually leverage it to run investigations, detect the presence of threats in their networks, respond faster, and continuously improve their security architectures. But there are many significant hurdles in running security operations that stand in the way of achieving those goals. This is where a robust threat intelligence platform (TIP) can add significant value to the security ecosystem. TIPs help security operations teams tackle some of the greatest hurdles. Big Data Conundrum with Threat Intelligence Platforms  The first challenge is that the sheer volume of threat intelligence made available to security teams has become a big data problem, one that can't be solved by just filtering out the feeds that are in use, which would defeat the purpose of acquiring varied and relevant feeds in the first place. Organizations don't want to ingest millions or billions of evolving threat indicators into their security information and event manager (SIEM), which would be cost-prohibitive but also lead to the creation of unmanageable levels of false positives. This is where Anomali comes in, with a TIP doing the work on the front end, interesting and pre-curated threat “matches” can be integrated directly into your SIEM. These matches prese]]> 2021-05-26T17:20:00+00:00 https://www.anomali.com/blog/threat-intelligence-platforms-help-organizations-overcome-key-security-hurdles www.secnews.physaphae.fr/article.php?IdArticle=2841816 False Tool,Threat,Guideline Solardwinds,Solardwinds None The Last Watchdog - Blog Sécurité de Byron V Acohido The undermining of the global supply chain But there's … (more…) ]]> 2021-05-15T12:20:41+00:00 https://www.lastwatchdog.com/rsac-insights-deploying-soar-xdr-along-with-better-threat-intel-stiffens-network-defense/ www.secnews.physaphae.fr/article.php?IdArticle=2793360 False Malware,Threat Solardwinds,Solardwinds None ComputerWeekly - Computer Magazine 2021-04-16T11:15:00+00:00 https://www.computerweekly.com/opinion/The-Secret-IR-Insiders-Diary-from-Sunburst-to-DarkSide www.secnews.physaphae.fr/article.php?IdArticle=2653705 False None Solardwinds,Solardwinds None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2021-04-13T04:04:13+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/E54HufS4xFI/detecting-next-solarwinds-attack.html www.secnews.physaphae.fr/article.php?IdArticle=2629902 False None Solardwinds,Solardwinds None Bleeping Computer - Magazine Américain 2021-03-16T12:53:25+00:00 https://www.bleepingcomputer.com/news/security/mimecast-solarwinds-hackers-stole-some-of-our-source-code/ www.secnews.physaphae.fr/article.php?IdArticle=2492680 True None Solardwinds,Solardwinds None Bleeping Computer - Magazine Américain 2021-03-16T12:53:25+00:00 https://www.bleepingcomputer.com/news/security/mimecast-solarwinds-hackers-used-sunburst-malware-for-initial-intrusion/ www.secnews.physaphae.fr/article.php?IdArticle=2491681 False Malware Solardwinds,Solardwinds None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2021-03-09T02:42:07+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/_Y8jADtm7C8/cybersecurity-webinar-solarwinds.html www.secnews.physaphae.fr/article.php?IdArticle=2455790 False Vulnerability Solardwinds,Solardwinds None Anomali - Firm Blog MITRE ATT&CK framework techniques, we’ve added the ability to import content from the MITRE ATT&CK Navigator tool and store your framework capabilities inside ThreatStream. Users can use the MITRE capability in ThreatStream's Investigations feature to help prioritize investigative activity and decision-making, making security teams more efficient and responsive. Advanced Search Functionality for Threat Models This month we’ve extended advanced search to Threat Model content in ThreatStream - providing the same flexibility and features for finding and refining content in our platform as for observable content. Users can now create advanced search queries with conditions and operators, and some additional capabilities specific to our Threat Model content, to find relevant intelligence quickly, as well as save their complex searches for future use at a click. Collaboration via Full-Featured ThreatStream Chat Customers now have the benefit of real-time, protected communication within ThreatStream for their internal teams and with Trusted Circle collaborators via the use of a full-featured chat client. With this built-in chat functionality, analysts can communicate and share tactical information as well as more strategic aspects of analysis and response quickly and easily with colleagues and peers at organizations that are members of common Trusted Circles--from inside the ThreatStream platform, where it can be easily shared and investigated. Most importantly, the collaboration remains anonymized and privacy is ensured. Clone Custom Themed Dashboards Extending the custom themed dashboards developed by the Anomali Threat Research (ATR) team and released in December, we are now offering the ability to not only access a custom themed dashboard (for COVID, Sunburst or other specific themes), but also to clone (or create a copy) of that dashboard, which you can now further customize or tailor to your specific needs and preferences. Once a dashboard is cloned a user can change, for a given widget, the saved query upon which the widget is based, as well as add their own custom widgets. Intelligence Enrichment Inside of Investigations We continue to refine the display of critical information to the user at the appropriate point of their research in order to ensure analysts have the right intelligence ]]> 2021-03-02T14:59:00+00:00 https://www.anomali.com/blog/anomali-february-product-release-moving-beyond-tactical-intelligence www.secnews.physaphae.fr/article.php?IdArticle=2422683 False Tool,Threat Solardwinds,Solardwinds None Security Affairs - Blog Secu 2021-02-26T17:36:35+00:00 https://securityaffairs.co/wordpress/115056/hacking/microsoft-codeql-queries-solarwinds.html?utm_source=rss&utm_medium=rss&utm_campaign=microsoft-codeql-queries-solarwinds www.secnews.physaphae.fr/article.php?IdArticle=2404780 True None Solardwinds,Solardwinds None SecurityWeek - Security News 2021-02-26T13:42:41+00:00 http://feedproxy.google.com/~r/Securityweek/~3/zeCnnF8IDVg/microsoft-releases-open-source-resources-solorigate-threat-hunting www.secnews.physaphae.fr/article.php?IdArticle=2403335 False Threat Solardwinds,Solardwinds None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2021-02-19T14:11:33+00:00 https://threatpost.com/microsoft-solarwinds-azure-exchange-code/164104/ www.secnews.physaphae.fr/article.php?IdArticle=2371190 False None Solardwinds,Solardwinds None Microsoft - Microsoft Security Response Center Microsoft Internal Solorigate Investigation – Final Update Read More "]]> 2021-02-18T16:00:00+00:00 https://msrc-blog.microsoft.com/2021/02/18/microsoft-internal-solorigate-investigation-final-update/ www.secnews.physaphae.fr/article.php?IdArticle=2555918 False None Solardwinds,Solardwinds None McAfee Labs - Editeur Logiciel 1. Attackers have a plan, with clear objectives and outcomes in mind. Do you have one? Clearly this was a motivated and patient adversary. They spent many months in the planning and execution of an attack that was not incredibly sophisticated in its tactics, but rather used multiple semi-novel attack methods combined with persistent, stealthy […] ]]> 2021-02-05T18:52:59+00:00 https://www.mcafee.com/blogs/enterprise/security-operations/6-best-practices-for-secops-in-the-wake-of-the-sunburst-threat-campaign/ www.secnews.physaphae.fr/article.php?IdArticle=2301319 False Threat Solardwinds,Solardwinds None McAfee Labs - Editeur Logiciel This blog is part of our SOCwise series where we’ll be digging into all things related to SecOps from a practitioner’s point of view, helping us enable defenders to both build context and confidence in what they do.  Although there's been a lot of chatter about supply chain attacks, we're going to bring you a slightly different […] ]]> 2021-02-04T17:20:56+00:00 https://www.mcafee.com/blogs/enterprise/security-operations/socwise-series-practical-considerations-on-sunburst/ www.secnews.physaphae.fr/article.php?IdArticle=2295797 False None Solardwinds,Solardwinds 2.0000000000000000 UnderNews - Site de news "pirate" francais SolarWinds Sunburst, la plus grande cyberattaque de l'histoire ciblant la supply chain de l'industrie du logiciel first appeared on UnderNews.]]> 2021-02-03T12:46:59+00:00 https://www.undernews.fr/hacking-hacktivisme/solarwinds-sunburst-la-plus-grande-cyberattaque-de-lhistoire-ciblant-la-supply-chain-de-lindustrie-du-logiciel.html www.secnews.physaphae.fr/article.php?IdArticle=2288820 False None Solardwinds None Schneier on Security - Chercheur Cryptologue Américain analyzed details of the SolarWinds attack: Microsoft and FireEye only detected the Sunburst or Solorigate malware in December, but Crowdstrike reported this month that another related piece of malware, Sunspot, was deployed in September 2019, at the time hackers breached SolarWinds’ internal network. Other related malware includes Teardrop aka Raindrop. Details are in the Microsoft blog: We have published our in-depth analysis of the Solorigate backdoor malware (also referred to as SUNBURST by FireEye), the compromised DLL that was deployed on networks as part of SolarWinds products, that allowed attackers to gain backdoor access to affected devices. We have also detailed the ...]]> 2021-02-03T12:10:45+00:00 https://www.schneier.com/blog/archives/2021/02/more-solarwinds-news.html www.secnews.physaphae.fr/article.php?IdArticle=2288921 False Malware Solardwinds None InfoSecurity Mag - InfoSecurity Magazine 2021-01-29T15:40:00+00:00 https://www.infosecurity-magazine.com:443/news/solarwinds-sunburst-backdoor/ www.secnews.physaphae.fr/article.php?IdArticle=2267190 False None Solardwinds,Solardwinds None ComputerWeekly - Computer Magazine 2021-01-29T06:12:00+00:00 https://www.computerweekly.com/news/252495571/Manufacturing-particularly-at-risk-of-Solorigate-linked-breaches www.secnews.physaphae.fr/article.php?IdArticle=2265874 False None Solardwinds None SecurityWeek - Security News supply chain attack that hit IT management and monitoring firm SolarWinds last year, Kaspersky's ICS CERT unit reported on Tuesday. ]]> 2021-01-27T13:06:01+00:00 http://feedproxy.google.com/~r/Securityweek/~3/6suEbRYThZA/hundreds-industrial-organizations-received-sunburst-malware-solarwinds-attack www.secnews.physaphae.fr/article.php?IdArticle=2252886 False Malware Solardwinds,Solardwinds None IT Security Guru - Blog Sécurité 2021-01-21T15:28:30+00:00 https://www.itsecurityguru.org/2021/01/21/how-did-solarwind-hackers-evade-detection/?utm_source=rss&utm_medium=rss&utm_campaign=how-did-solarwind-hackers-evade-detection www.secnews.physaphae.fr/article.php?IdArticle=2225979 False Threat Solardwinds None CybeReason - Vendor blog We're still learning the full extent of the SolarWinds supply chain attacks. On January 11, for instance, researchers published a technical breakdown of a malicious tool detected as SUNSPOT that was employed as part of the infection chain involving the IT management software provider's Orion platform. ]]> 2021-01-21T14:08:16+00:00 https://www.cybereason.com/blog/solarwinds-attacks-highlight-importance-of-operation-centric-approach www.secnews.physaphae.fr/article.php?IdArticle=2225390 False Tool Solardwinds,Solardwinds None Security Affairs - Blog Secu 2021-01-21T12:01:36+00:00 https://securityaffairs.co/wordpress/113681/apt/microsoft-solorigate.html?utm_source=rss&utm_medium=rss&utm_campaign=microsoft-solorigate www.secnews.physaphae.fr/article.php?IdArticle=2224229 False Malware Solardwinds,Solardwinds None InformationSecurityBuzzNews - Site de News Securite Expert Comment On New Malware Strain Found In SolarWinds Hack]]> 2021-01-20T11:33:16+00:00 https://informationsecuritybuzz.com/expert-comments/expert-comment-on-new-malware-strain-found-in-solarwinds-hack/ www.secnews.physaphae.fr/article.php?IdArticle=2218741 False Malware,Hack Solardwinds None Security Affairs - Blog Secu 2021-01-19T22:31:27+00:00 https://securityaffairs.co/wordpress/113620/hacking/raindrop-solarwinds-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=raindrop-solarwinds-attacks www.secnews.physaphae.fr/article.php?IdArticle=2217125 False Malware,Threat Solardwinds None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2021-01-19T16:40:55+00:00 https://threatpost.com/solarwinds-malware-arsenal-raindrop/163153/ www.secnews.physaphae.fr/article.php?IdArticle=2215894 False Malware Solardwinds 3.0000000000000000 Bleeping Computer - Magazine Américain 2021-01-19T14:09:38+00:00 https://www.bleepingcomputer.com/news/security/solarwinds-hackers-used-7-zip-code-to-hide-raindrop-cobalt-strike-loader/ www.secnews.physaphae.fr/article.php?IdArticle=2216333 False Tool Solardwinds None SecurityWeek - Security News 2021-01-19T13:09:32+00:00 http://feedproxy.google.com/~r/Securityweek/~3/xV2Euh7dT3Y/solarwinds-hackers-used-raindrop-malware-lateral-movement www.secnews.physaphae.fr/article.php?IdArticle=2215323 False Malware,Threat Solardwinds None Schneier on Security - Chercheur Cryptologue Américain reporting on a sophisticated piece of malware that was able to inject malware into the SolarWinds build process: Key Points SUNSPOT is StellarParticle’s malware used to insert the SUNBURST backdoor into software builds of the SolarWinds Orion IT management product. SUNSPOT monitors running processes for those involved in compilation of the Orion product and replaces one of the source files to include the SUNBURST backdoor code. Several safeguards were added to SUNSPOT to avoid the Orion builds from failing, potentially alerting developers to the adversary’s presence...]]> 2021-01-19T12:16:36+00:00 https://www.schneier.com/blog/archives/2021/01/injecting-a-backdoor-into-solarwinds-orion.html www.secnews.physaphae.fr/article.php?IdArticle=2214762 False Malware Solardwinds,Solardwinds None ZD Net - Magazine Info 2021-01-19T12:00:05+00:00 https://www.zdnet.com/article/fourth-malware-strain-discovered-in-solarwinds-incident/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=2214949 False Malware Solardwinds None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2021-01-19T07:04:55+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/h6AQYcEfo6Q/researchers-discover-raindrop-4th.html www.secnews.physaphae.fr/article.php?IdArticle=2215481 False Malware,Mobile Solardwinds,Solardwinds None Cisco - Security Firm Blog 2021-01-14T09:00:10+00:00 https://blogs.cisco.com/security/cisco-secure-workload-immediate-actions-in-response-to-sunburst-trojan-and-backdoor www.secnews.physaphae.fr/article.php?IdArticle=2215392 False None Solardwinds None IT Security Guru - Blog Sécurité 2021-01-12T12:32:07+00:00 https://www.itsecurityguru.org/2021/01/12/potential-link-between-solarwinds-and-turla-apt/?utm_source=rss&utm_medium=rss&utm_campaign=potential-link-between-solarwinds-and-turla-apt www.secnews.physaphae.fr/article.php?IdArticle=2176059 False Malware,Mobile Solardwinds,Solardwinds None SecurityWeek - Security News 2021-01-12T12:04:51+00:00 http://feedproxy.google.com/~r/Securityweek/~3/NwmfVL066rQ/sunspot-malware-used-insert-backdoor-solarwinds-product-supply-chain-attack www.secnews.physaphae.fr/article.php?IdArticle=2176007 False Malware Solardwinds 3.0000000000000000 Security Affairs - Blog Secu 2021-01-12T11:41:20+00:00 https://securityaffairs.co/wordpress/113316/malware/sunspot-solarwinds-attack.html?utm_source=rss&utm_medium=rss&utm_campaign=sunspot-solarwinds-attack www.secnews.physaphae.fr/article.php?IdArticle=2175667 False Malware Solardwinds None InfoSecurity Mag - InfoSecurity Magazine 2021-01-12T11:25:00+00:00 https://www.infosecurity-magazine.com:443/news/third-malware-strain-discovered/ www.secnews.physaphae.fr/article.php?IdArticle=2175768 False Malware,Mobile Solardwinds,Solardwinds None Bleeping Computer - Magazine Américain 2021-01-12T08:33:19+00:00 https://www.bleepingcomputer.com/news/security/new-sunspot-malware-found-while-investigating-solarwinds-hack/ www.secnews.physaphae.fr/article.php?IdArticle=2176100 False Malware,Hack Solardwinds None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2021-01-11T22:29:57+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/k_Q9om7nPpw/unveiled-sunspot-malware-was-used-to.html www.secnews.physaphae.fr/article.php?IdArticle=2174897 False Malware,Tool,Mobile Solardwinds,Solardwinds None Security Affairs - Blog Secu 2021-01-11T21:37:06+00:00 https://securityaffairs.co/wordpress/113289/apt/solarwinds-turla-apt.html?utm_source=rss&utm_medium=rss&utm_campaign=solarwinds-turla-apt www.secnews.physaphae.fr/article.php?IdArticle=2172952 False Malware,Mobile Solardwinds,Solardwinds None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2021-01-11T17:53:21+00:00 https://threatpost.com/solarwinds-hack-linked-turla-apt/162918/ www.secnews.physaphae.fr/article.php?IdArticle=2171718 False Hack,Mobile Solardwinds,Solardwinds None SecurityWeek - Security News SolarWinds supply chain attack and Kazuar, a backdoor that appears to have been used by the Russia-linked cyber-espionage group known as Turla. ]]> 2021-01-11T13:47:16+00:00 http://feedproxy.google.com/~r/Securityweek/~3/9rA7NBHbIlI/malware-used-solarwinds-attack-linked-backdoor-attributed-turla-cyberspies www.secnews.physaphae.fr/article.php?IdArticle=2170297 False Malware,Mobile Solardwinds,Solardwinds None UnderNews - Site de news "pirate" francais Sunburst – Les experts ont trouvé des liens entre l'attaque de SolarWinds et le backdoor Kazuar first appeared on UnderNews.]]> 2021-01-11T12:19:03+00:00 https://www.undernews.fr/malwares-virus-antivirus/sunburst-les-experts-ont-trouve-des-liens-entre-lattaque-de-solarwinds-et-le-backdoor-kazuar.html www.secnews.physaphae.fr/article.php?IdArticle=2170037 False Mobile Solardwinds,Solardwinds None Kaspersky - Kaspersky Research blog 2021-01-11T10:00:00+00:00 https://securelist.com/sunburst-backdoor-kazuar/99981/ www.secnews.physaphae.fr/article.php?IdArticle=2169399 False Mobile Solardwinds,Solardwinds None Bleeping Computer - Magazine Américain 2021-01-11T09:07:54+00:00 https://www.bleepingcomputer.com/news/security/sunburst-backdoor-shares-features-with-russian-apt-malware/ www.secnews.physaphae.fr/article.php?IdArticle=2170389 False Malware,Mobile Solardwinds,Solardwinds None ComputerWeekly - Computer Magazine 2021-01-11T06:18:00+00:00 https://www.computerweekly.com/news/252494603/Kaspersky-claims-link-between-Solorigate-and-Kazuar-backdoors www.secnews.physaphae.fr/article.php?IdArticle=2169823 False None Solardwinds None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2021-01-11T05:41:59+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/svCQ65KUMLQ/researchers-find-links-between-sunburst.html www.secnews.physaphae.fr/article.php?IdArticle=2170259 False Malware Solardwinds,Solardwinds None CybeReason - Vendor blog In the middle of December, IT management software provider SolarWinds revealed in a security advisory that it had fallen victim to a sophisticated supply chain attack. The offensive involved the placement of a backdoor known as SUNBURST into versions 2019.4 HF 5, 2020.2 with no hotfix installed and 2020.2 HF 1 of the company's Orion Platform software. If executed, SUNBURST allowed an attacker to compromise the server running the Orion build.]]> 2021-01-05T19:42:44+00:00 https://www.cybereason.com/blog/contextualizing-microsofts-source-code-exposure-in-the-solarwinds-attacks www.secnews.physaphae.fr/article.php?IdArticle=2146483 False None Solardwinds,Solardwinds None Checkpoint - Fabricant Materiel Securite 2021-01-04T11:00:50+00:00 https://blog.checkpoint.com/2021/01/04/our-new-years-resolution-for-you-protect-your-iot-networks-and-devices/ www.secnews.physaphae.fr/article.php?IdArticle=2143498 False Mobile Solardwinds,Solardwinds None Security Affairs - Blog Secu 2020-12-29T21:55:38+00:00 https://securityaffairs.co/wordpress/112773/hacking/solarwinds-solorigate-attack-chain.html?utm_source=rss&utm_medium=rss&utm_campaign=solarwinds-solorigate-attack-chain www.secnews.physaphae.fr/article.php?IdArticle=2134768 False Threat,Mobile Solardwinds None Anomali - Firm Blog detailed analysis about the attack carried out against SolarWinds, which appears to have compromised its Orion IT monitoring and management platform to spread the Sunburst Backdoor malware. As part of the attack, which started in March, the Orion platform started sending out the digitally-signed trojanized malware via regular updates. According to SolarWinds, the compromised update may have been installed by fewer than 18,000 of its customers, including many U.S. federal agencies and Fortune 500 firms that use Orion to monitor the health of their IT networks. In a related blog post, FireEye also announced that a highly sophisticated state-sponsored adversary penetrated its network and stole FireEye Red Team tools used to test customers’ security. In response to the attacks, Anomali has collected, curated, and distributed clear and concise open-source intelligence (OSINT) to help organizations determine if they have been impacted. Two key resources released include a SolarWinds Breach Threat Bulletin and a FireEye Red Team Tools Breach Threat Bulletin. These continually updated resources, for use inside Anomali ThreatStream, include threat analysis, signature threat models, and over 2,000 operationalized indicators of compromise (IOCs) for automated distribution to security controls. Both are available now to Anomali’s 1,500 customers. What Can I Do with This Threat Intelligence?...and How to Do It Our intent in aggregating and curating this threat intelligence is to provide organizations with high-fidelity IOCs that can immediately be pushed into their security stacks for rapid, proactive blocking and alerting. Security products that can take advantage of this actionable threat intelligence include security information and event management (SIEM), endpoint detection and response platforms, firewalls, domain name system (DNS) servers, security orchestration, automation, and response (SOAR) platforms, and other operational security products. These Anomali threat bulletins are designed to be used in conjunction with Anomali ThreatStream, a threat intelligence platform that allows organizations to aggregate, curate, analyze, and distribute multiple sources of threat intelligence to their operational security systems. Inside of the SolarWinds Breach Threat Bulletin, all of these IOCs have been tagged with “solarwinds”, “sunburst backdoor”, “unc2452”, or “avsvmcloud.com.” This enables ThreatStream users to create a simple rule to automatically push IOCs to their security systems, enabling real-time defense against both attacks. For example, if a compromised server inside the organization attempts to connect to a command and control (C2) server outside of the organization, Anomali customers that have activated this research will automatically block the C2 URL, avoiding risk of further compromise and data exfiltration. How Can I Get This Intelligence? The Anomali SolarWinds and FireEye Threat Bulletins are automatically available to Anomali’s ThreatStream customers, and all organizations participating in Anomali-powered threat intelligence sharing communities (ISACs). Anomali Threat Research also created a ]]> 2020-12-29T21:22:00+00:00 https://www.anomali.com/blog/actionable-threat-intelligence-available-for-sunburst-cyber-attacks-on-solarwinds www.secnews.physaphae.fr/article.php?IdArticle=2134713 False Malware,Threat,Mobile Solardwinds,Solardwinds None Anomali - Firm Blog FireEye is tracking as UNC2452. As part of the supply chain attack, the APT compromised the company’s Orion business software with trojanized malware known as Sunburst, which opens a backdoor into the networks of customers who executed Orion updates. Immediately following news of the attack, Anomali Threat Research launched a custom threat intelligence dashboard called Sunburst Backdoor. Now available to Anomali ThreatStream customers, the dashboard is accessible via the user console. It is preconfigured to provide immediate access and visibility into all known Sunburst Backdoor indicators of compromise (IOCs) that are made available through commercial and open-source threat feeds that users manage on ThreatStream. Customers using ThreatStream, Anomali Match, and Anomali Lens can immediately detect any IOCs present in their environments, quickly consume threat bulletins containing machine readable IOCs to operationalize threat intelligence across their security infrastructures, and communicate to all stakeholders how they have been impacted. As part of ongoing product enhancements that further automate and speed essential tasks performed by threat intelligence and security operations analysts, Anomali recently added thematic dashboards that respond to significant global events. In addition to Sunburst Backdoor, ThreatStream customers currently have access to additional dashboards announced as part of our December quarterly product release. Customers can integrate Sunburst Backdoor and other dashboards via the “+ Add Dashboard” tab in the ThreatStream console: After integration, users will have immediate access to the Sunburst Backdoor dashboard, which continually updates IOCs as they become available: Organizations interested in learning more about Anomali ThreatStream and our custom dashboard capabilities can request a demo here. For organizations interested in gaining wider visibility and detection capabilities for the Sunburst cyberattack, Anomali Threat Research has compiled and curated an initial threat bulletin and downloadable set of OSINT IOCs available here.]]> 2020-12-29T20:12:00+00:00 https://www.anomali.com/blog/anomali-threatstream-sunburst-backdoor-custom-dashboard-provides-machine-readable-iocs-related-to-solarwinds-supply-chain-attack www.secnews.physaphae.fr/article.php?IdArticle=2134714 False Malware,Threat,Mobile Solardwinds,Solardwinds None Bleeping Computer - Magazine Américain 2020-12-29T13:30:00+00:00 https://www.bleepingcomputer.com/news/security/microsoft-solarwinds-hackers-goal-was-the-victims-cloud-data/ www.secnews.physaphae.fr/article.php?IdArticle=2134608 False None Solardwinds None Mandiant - Blog Sécu de Mandiant Solarwinds Supply Compromis , qui a révélé une campagne d'intrusion mondiale par une campagne sophistiquée sophistiquée Acteur de menace que nous suivons actuellement UNC2452. Sunburst est une version trojanisée d'un plugin SolarWinds Orion signé numérique appelé solarwinds.orion.core.businesslayer.dll .Le plugin contient une porte dérobée qui communique via HTTP à un tiers

---

FireEye has discovered additional details about the SUNBURST backdoor since our initial publication on Dec. 13, 2020. Before diving into the technical depth of this malware, we recommend readers familiarize themselves with our blog post about the SolarWinds supply chain compromise, which revealed a global intrusion campaign by a sophisticated threat actor we are currently tracking as UNC2452. SUNBURST is a trojanized version of a digitally signed SolarWinds Orion plugin called SolarWinds.Orion.Core.BusinessLayer.dll. The plugin contains a backdoor that communicates via HTTP to third party]]> 2020-12-24T20:15:00+00:00 https://www.mandiant.com/resources/blog/sunburst-additional-technical-details www.secnews.physaphae.fr/article.php?IdArticle=8377612 False Threat Solardwinds 4.0000000000000000 Global Security Mag - Site de news francais Produits ]]> 2020-12-24T08:15:45+00:00 http://www.globalsecuritymag.fr/Zscaler-met-en-place-un-programme,20201224,106542.html www.secnews.physaphae.fr/article.php?IdArticle=2124292 False Malware Solardwinds,Solardwinds None McAfee Labs - Editeur Logiciel On December 13, 2020, FireEye announced that threat actors had compromised SolarWinds's Orion IT monitoring and management software and used it to distribute a software backdoor to dozens of that company's customers, including several high profile U.S. government agencies. Many are referring to the SolarWinds-SUNBURST campaign incidents as the long-prophesied “Cyber Pearl Harbor.” We agree, […] ]]> 2020-12-23T23:45:25+00:00 https://www.mcafee.com/blogs/other-blogs/executive-perspectives/why-solarwinds-sunburst-is-our-cyber-pearl-harbor/ www.secnews.physaphae.fr/article.php?IdArticle=2123687 False Threat Solardwinds None BBC - BBC News - Technology 2020-12-23T14:36:49+00:00 https://www.bbc.co.uk/news/technology-55426212 www.secnews.physaphae.fr/article.php?IdArticle=2122820 False Hack Solardwinds 2.0000000000000000 Kaspersky - Kaspersky Research blog 2020-12-23T11:30:52+00:00 https://securelist.com/how-we-protect-against-sunburst-backdoor/99959/ www.secnews.physaphae.fr/article.php?IdArticle=2122517 False None Solardwinds,Solardwinds None Security Affairs - Blog Secu 2020-12-22T21:52:57+00:00 https://securityaffairs.co/wordpress/112555/hacking/solarwinds-victims-lists.html?utm_source=rss&utm_medium=rss&utm_campaign=solarwinds-victims-lists www.secnews.physaphae.fr/article.php?IdArticle=2121425 False Hack,Threat,Mobile Solardwinds,Solardwinds None CybeReason - Vendor blog On December 13, 2020, IT infrastructure management provider SolarWinds issued a Security Advisory regarding their SolarWinds Orion Platform after experiencing a “highly sophisticated” supply chain attack. The activity is reported to have begun as early as Spring 2020, as reported by researchers from security firm FireEye.]]> 2020-12-22T21:14:06+00:00 https://www.cybereason.com/blog/cybereason-vs-solarwinds-supply-chain-attack www.secnews.physaphae.fr/article.php?IdArticle=2121357 False None Solardwinds None Bleeping Computer - Magazine Américain 2020-12-22T09:11:33+00:00 https://www.bleepingcomputer.com/news/security/solarwinds-victims-revealed-after-cracking-the-sunburst-malware-dga/ www.secnews.physaphae.fr/article.php?IdArticle=2120509 False Malware,Threat Solardwinds,Solardwinds None McAfee Labs - Editeur Logiciel In a blog post released 13 Dec 2020, FireEye disclosed that threat actors compromised SolarWinds's Orion IT monitoring and management software with a trojanized version of SoalrWinds.Orion.Core.BusinessLayer.dll delivered as part of a digitally-signed Windows Installer Patch. The trojanized file delivers a backdoor, dubbed SUNBURST by FireEye (and Solorigate by Microsoft), that communicates to third-party servers for […] ]]> 2020-12-21T21:32:24+00:00 https://www.mcafee.com/blogs/other-blogs/mcafee-labs/how-a-device-to-cloud-architecture-defends-against-the-solarwinds-supply-chain-compromise/ www.secnews.physaphae.fr/article.php?IdArticle=2118054 True Threat,Mobile Solardwinds,Solardwinds None ZD Net - Magazine Info 2020-12-21T20:40:45+00:00 https://www.zdnet.com/article/partial-lists-of-organizations-infected-with-sunburst-malware-released-online/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=2117879 False Malware Solardwinds,Solardwinds None Checkpoint - Fabricant Materiel Securite 2020-12-21T19:26:48+00:00 https://blog.checkpoint.com/2020/12/21/best-practice-identifying-and-mitigating-the-impact-of-sunburst/ www.secnews.physaphae.fr/article.php?IdArticle=2117719 False Vulnerability Solardwinds,Solardwinds None CSO - CSO Daily Dashboard cybersecurity company FireEye (itself the first public victim of the supply chain interference) named SUNBURST, is a backdoor that can transfer and execute files, profile systems, reboot machines and disable system services.]]> 2020-12-21T02:00:00+00:00 https://www.csoonline.com/article/3601796/how-to-prepare-for-the-next-solarwinds-like-threat.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=2116482 False Malware,Threat Solardwinds None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2020-12-18T19:01:07+00:00 https://threatpost.com/sunburst-c2-secrets-rsolarwinds-victims/162426/ www.secnews.physaphae.fr/article.php?IdArticle=2110868 False None Solardwinds,Solardwinds None Krebs on Security - Chercheur Américain 2020-12-18T18:33:13+00:00 https://krebsonsecurity.com/2020/12/vmware-flaw-a-vector-in-solarwinds-breach/ www.secnews.physaphae.fr/article.php?IdArticle=2110938 False Hack Solardwinds None Kaspersky - Kaspersky Research blog 2020-12-18T13:00:20+00:00 https://securelist.com/sunburst-connecting-the-dots-in-the-dns-requests/99862/ www.secnews.physaphae.fr/article.php?IdArticle=2109879 False Guideline Solardwinds None