This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-11T22:17:06+00:00 www.secnews.physaphae.fr taosecurity - Blog Sécurité Chinois Happy 20th birthday TaoSecurity Blog, born on 8 January 2003. Thank you BloggerBlogger (now part of Google) has continuously hosted this blog for 20 years, for free. I'd like to thank Blogger and Google for providing this platform for two decades. It's tough to find extant self-hosted security content that was born at the same time, or earlier. Bruce Schneier's Schneier on Security is the main one that comes to mind. If not for the wonderful Internet Archive, many blogs from the early days would be lost.StatisticsIn my 15 year post I included some statistics, so here are a few, current as of the evening of 7 January:I think it's cool to see almost 29 million "all time" views, but that's not the whole story.Here are the so-called "all time" statistics:It turns out that Blogger only started capturing these numbers in January 2011. That means I've had almost 29 million views in the last 12 years. I don't know what happened on 20 April 2022, when I had almost 1.5 million views?Top Ten Posts Since January 2011]]> 2023-01-08T10:00:00+00:00 https://taosecurity.blogspot.com/2023/01/happy-20th-birthday-taosecurity-blog.html www.secnews.physaphae.fr/article.php?IdArticle=8298985 False Ransomware,Studies,Guideline Solardwinds 2.0000000000000000 CrowdStrike - CTI Society 2022-12-14T17:43:30+00:00 http://provinggrounds.cs.sys/blog/managed-threat-hunting-should-top-every-ciso-wish-list/ www.secnews.physaphae.fr/article.php?IdArticle=8291606 False Threat,Guideline Solardwinds 2.0000000000000000 Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Google Just Patched These Two Chrome Zero-day Bugs That Are Under Attack Right Now (published: October 1, 2021) Google has warned users of Google Chrome to update to version 94.0.4606.71, due to two new zero-days that are currently being exploited in the wild. This marks the second update in a month due to actively exploited zero-day flaws. The first of these common vulnerabilities and exposures (CVEs), CVE-2021-37975, is a high severity flaw in the V8 JavaScript engine, which has been notoriously difficult to protect and could allow attackers to create malware that is resistant to hardware mitigations. Analyst Comment: Users and organizations are recommended to regularly check for and apply updates to the software applications they use, especially web browsers that are increasingly used for a variety of tasks. Organizations can leverage the capabilities of Anomali Threatstream to rapidly get information about new CVEs that need to be mitigated through their vulnerability management program. Tags: CVE-2021-37975, CVE-2021-37976, chrome, zero-day Hydra Malware Targets Customers of Germany's Second Largest Bank (published: October 1, 2021) A new campaign leveraging the Hydra banking trojan has been discovered by researchers. The malware containing an Android application impersonates the legitimate application for Germany's largest bank, Commerzbank. While Hydra has been seen for a number of years, this new campaign incorporates many new features, including abuse of the android accessibility features and permissions which give the application the ability to stay running and hidden with basically full administrator privileges over a victim's phone. It appears to be initially spread via a website that imitates the official Commerzbank website. Once installed it can spread via bulk SMS messages to a user's contacts. Analyst Comment: Applications, particularly banking applications, should only be installed from trusted and verified sources and reviewed for suspicious permissions they request. Similarly, emails and websites should be verified before using. Tags: Banking and Finance, EU, Hydra, trojan New APT ChamelGang Targets Russian Energy, Aviation Orgs (published: October 1, 2021) A new Advanced Persistent Threat (APT) group dubbed “ChamelGang” has been identified to be targeting the fuel and energy complex and aviation industry in Russia, exploiting known vulnerabilities like Microsoft Exchange Server’s ProxyShell and leveraging both new and existing malware to compromise networks. Researchers at Positive Technologies have been tracking the group since March 2017, and have observed that they have attacked targets in 10 countries so far. The group has been able to hi]]> 2021-10-05T18:28:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-new-apt-chamelgang-foggyweb-vmware-vulnerability-exploited-and-more www.secnews.physaphae.fr/article.php?IdArticle=3472727 False Ransomware,Malware,Tool,Vulnerability,Threat,Guideline Solardwinds,Solardwinds,APT 27 None Anomali - Firm Blog Enterprise Strategy Group (ESG) research study showed that some 63 percent of security pros say that the job is tougher today than it was just two years ago. While there's no doubt that the variety and volume of threats keep on growing by the year, the question is whether or not it’s the complexity of the security problems that have risen precipitously, or whether something else is going on. I'd argue that it's mostly the latter, in that it’s not so much that the complexity has grown tremendously over this time so much as the “awareness” of already latent complexity has become more apparent. As the breadth of technologies and data available to modern cybersecurity organizations continues to proliferate, security strategists are finally getting enough visibility into their environments to start discovering gaps that have existed all along. But knowing where the deficiencies exist doesn’t always equate to being able to address them. These same security folks are also struggling to wrap their arms around what is possible to achieve by using the array of tools in their arsenals and the vast quantities of information available. Years ago in the security world, the common mantra was that security organizations “don't know what they don't know” and this was due to deficiencies in monitoring and threat intelligence capabilities. Nowadays the opposite is true. They're flooded with data and they're starting to get a better sense of what they don't fully know or understand about adversarial activities in their environments. But this dawning self-awareness can be quite nerve-wracking as they ask themselves, “Now that I know, what should I do?” It can be daunting to make that jump from understanding to taking action—this is the process that many organizations struggle with when we talk about “operationalizing” threat intelligence. For security operations, it’s not enough to just know about an adversary via various threat feeds and other sources. To take action, threat intelligence needs to be deployed in real-time so that security tools and personnel can actually leverage it to run investigations, detect the presence of threats in their networks, respond faster, and continuously improve their security architectures. But there are many significant hurdles in running security operations that stand in the way of achieving those goals. This is where a robust threat intelligence platform (TIP) can add significant value to the security ecosystem. TIPs help security operations teams tackle some of the greatest hurdles. Big Data Conundrum with Threat Intelligence Platforms  The first challenge is that the sheer volume of threat intelligence made available to security teams has become a big data problem, one that can't be solved by just filtering out the feeds that are in use, which would defeat the purpose of acquiring varied and relevant feeds in the first place. Organizations don't want to ingest millions or billions of evolving threat indicators into their security information and event manager (SIEM), which would be cost-prohibitive but also lead to the creation of unmanageable levels of false positives. This is where Anomali comes in, with a TIP doing the work on the front end, interesting and pre-curated threat “matches” can be integrated directly into your SIEM. These matches prese]]> 2021-05-26T17:20:00+00:00 https://www.anomali.com/blog/threat-intelligence-platforms-help-organizations-overcome-key-security-hurdles www.secnews.physaphae.fr/article.php?IdArticle=2841816 False Tool,Threat,Guideline Solardwinds,Solardwinds None Kaspersky - Kaspersky Research blog 2020-12-18T13:00:20+00:00 https://securelist.com/sunburst-connecting-the-dots-in-the-dns-requests/99862/ www.secnews.physaphae.fr/article.php?IdArticle=2109879 False Guideline Solardwinds None Bleeping Computer - Magazine Américain 2020-12-14T10:04:46+00:00 https://www.bleepingcomputer.com/news/security/us-govt-fireeye-breached-after-solarwinds-supply-chain-attack/ www.secnews.physaphae.fr/article.php?IdArticle=2100840 False Malware,Guideline Solardwinds None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Here are five non-security tips to help security teams: 1. Put toothpicks in your data Security historically has presented data in a rather statistical manner. But merely stating how many suspicious emails your spam filter caught is akin to describing your umbrella by the number of raindrops it stops. The debate to find the ideal security metrics has raged on for many years without showing any signs of slowing down. One way to look at the problem is by asking how the existing data could be presented in a way that is aligned to the target audience expectations. For example, research has found that when you tell people that what they are eating or drinking is a high-end product, they won't just say that it tastes better than a cheaper product — their brains will actually experience it as better. This was proven by two Dutch pranksters who snuck into a large food-industry expo in Houten, The Netherlands. The pranksters served McDonalds food cut into pieces with toothpicks on trays, telling attendees it was an organic product. Tasters described the samples as tasting very rich, and very pure. Try presenting data differently with some toothpicks and see how it changes perceptions. 2. Reframing Security on its own has little meaning. Many businesses will judge security teams and their effectiveness based on how they feel about it. Most will tend to frame risk based on how they have perceived it in the past. Although this isn't wrong in some cases, at other times, particularly where experience is tied to a negative perception, these habits need to be changed - or reframed. In this regard, there are two areas that a CISO can focus on to reframe. The first aspect is around framing context correctly and involves framing something that seems undesirable, and showing the benefits in another context. For example, Rudolph's red nose was an anomaly that made him stick out from the other reindeers. But the red nose saved all the reindeer on a dark and stormy night. Similarly, many security controls may seem undesirable in some situations, can become a great asset given the right con]]> 2017-05-11T13:00:00+00:00 http://feeds.feedblitz.com/~/316912190/0/alienvault-blogs~What-Got-CISOs-Here-Wont-Get-CISOs-There www.secnews.physaphae.fr/article.php?IdArticle=364375 False Guideline Solardwinds None