This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-11T02:10:47+00:00 www.secnews.physaphae.fr The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2021-01-19T07:04:55+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/h6AQYcEfo6Q/researchers-discover-raindrop-4th.html www.secnews.physaphae.fr/article.php?IdArticle=2215481 False Malware,Mobile Solardwinds,Solardwinds None IT Security Guru - Blog Sécurité 2021-01-12T12:32:07+00:00 https://www.itsecurityguru.org/2021/01/12/potential-link-between-solarwinds-and-turla-apt/?utm_source=rss&utm_medium=rss&utm_campaign=potential-link-between-solarwinds-and-turla-apt www.secnews.physaphae.fr/article.php?IdArticle=2176059 False Malware,Mobile Solardwinds,Solardwinds None InfoSecurity Mag - InfoSecurity Magazine 2021-01-12T11:25:00+00:00 https://www.infosecurity-magazine.com:443/news/third-malware-strain-discovered/ www.secnews.physaphae.fr/article.php?IdArticle=2175768 False Malware,Mobile Solardwinds,Solardwinds None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2021-01-11T22:29:57+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/k_Q9om7nPpw/unveiled-sunspot-malware-was-used-to.html www.secnews.physaphae.fr/article.php?IdArticle=2174897 False Malware,Tool,Mobile Solardwinds,Solardwinds None Security Affairs - Blog Secu 2021-01-11T21:37:06+00:00 https://securityaffairs.co/wordpress/113289/apt/solarwinds-turla-apt.html?utm_source=rss&utm_medium=rss&utm_campaign=solarwinds-turla-apt www.secnews.physaphae.fr/article.php?IdArticle=2172952 False Malware,Mobile Solardwinds,Solardwinds None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2021-01-11T17:53:21+00:00 https://threatpost.com/solarwinds-hack-linked-turla-apt/162918/ www.secnews.physaphae.fr/article.php?IdArticle=2171718 False Hack,Mobile Solardwinds,Solardwinds None SecurityWeek - Security News SolarWinds supply chain attack and Kazuar, a backdoor that appears to have been used by the Russia-linked cyber-espionage group known as Turla. ]]> 2021-01-11T13:47:16+00:00 http://feedproxy.google.com/~r/Securityweek/~3/9rA7NBHbIlI/malware-used-solarwinds-attack-linked-backdoor-attributed-turla-cyberspies www.secnews.physaphae.fr/article.php?IdArticle=2170297 False Malware,Mobile Solardwinds,Solardwinds None UnderNews - Site de news "pirate" francais Sunburst – Les experts ont trouvé des liens entre l'attaque de SolarWinds et le backdoor Kazuar first appeared on UnderNews.]]> 2021-01-11T12:19:03+00:00 https://www.undernews.fr/malwares-virus-antivirus/sunburst-les-experts-ont-trouve-des-liens-entre-lattaque-de-solarwinds-et-le-backdoor-kazuar.html www.secnews.physaphae.fr/article.php?IdArticle=2170037 False Mobile Solardwinds,Solardwinds None Kaspersky - Kaspersky Research blog 2021-01-11T10:00:00+00:00 https://securelist.com/sunburst-backdoor-kazuar/99981/ www.secnews.physaphae.fr/article.php?IdArticle=2169399 False Mobile Solardwinds,Solardwinds None Bleeping Computer - Magazine Américain 2021-01-11T09:07:54+00:00 https://www.bleepingcomputer.com/news/security/sunburst-backdoor-shares-features-with-russian-apt-malware/ www.secnews.physaphae.fr/article.php?IdArticle=2170389 False Malware,Mobile Solardwinds,Solardwinds None Checkpoint - Fabricant Materiel Securite 2021-01-04T11:00:50+00:00 https://blog.checkpoint.com/2021/01/04/our-new-years-resolution-for-you-protect-your-iot-networks-and-devices/ www.secnews.physaphae.fr/article.php?IdArticle=2143498 False Mobile Solardwinds,Solardwinds None Security Affairs - Blog Secu 2020-12-29T21:55:38+00:00 https://securityaffairs.co/wordpress/112773/hacking/solarwinds-solorigate-attack-chain.html?utm_source=rss&utm_medium=rss&utm_campaign=solarwinds-solorigate-attack-chain www.secnews.physaphae.fr/article.php?IdArticle=2134768 False Threat,Mobile Solardwinds None Anomali - Firm Blog detailed analysis about the attack carried out against SolarWinds, which appears to have compromised its Orion IT monitoring and management platform to spread the Sunburst Backdoor malware. As part of the attack, which started in March, the Orion platform started sending out the digitally-signed trojanized malware via regular updates. According to SolarWinds, the compromised update may have been installed by fewer than 18,000 of its customers, including many U.S. federal agencies and Fortune 500 firms that use Orion to monitor the health of their IT networks. In a related blog post, FireEye also announced that a highly sophisticated state-sponsored adversary penetrated its network and stole FireEye Red Team tools used to test customers’ security. In response to the attacks, Anomali has collected, curated, and distributed clear and concise open-source intelligence (OSINT) to help organizations determine if they have been impacted. Two key resources released include a SolarWinds Breach Threat Bulletin and a FireEye Red Team Tools Breach Threat Bulletin. These continually updated resources, for use inside Anomali ThreatStream, include threat analysis, signature threat models, and over 2,000 operationalized indicators of compromise (IOCs) for automated distribution to security controls. Both are available now to Anomali’s 1,500 customers. What Can I Do with This Threat Intelligence?...and How to Do It Our intent in aggregating and curating this threat intelligence is to provide organizations with high-fidelity IOCs that can immediately be pushed into their security stacks for rapid, proactive blocking and alerting. Security products that can take advantage of this actionable threat intelligence include security information and event management (SIEM), endpoint detection and response platforms, firewalls, domain name system (DNS) servers, security orchestration, automation, and response (SOAR) platforms, and other operational security products. These Anomali threat bulletins are designed to be used in conjunction with Anomali ThreatStream, a threat intelligence platform that allows organizations to aggregate, curate, analyze, and distribute multiple sources of threat intelligence to their operational security systems. Inside of the SolarWinds Breach Threat Bulletin, all of these IOCs have been tagged with “solarwinds”, “sunburst backdoor”, “unc2452”, or “avsvmcloud.com.” This enables ThreatStream users to create a simple rule to automatically push IOCs to their security systems, enabling real-time defense against both attacks. For example, if a compromised server inside the organization attempts to connect to a command and control (C2) server outside of the organization, Anomali customers that have activated this research will automatically block the C2 URL, avoiding risk of further compromise and data exfiltration. How Can I Get This Intelligence? The Anomali SolarWinds and FireEye Threat Bulletins are automatically available to Anomali’s ThreatStream customers, and all organizations participating in Anomali-powered threat intelligence sharing communities (ISACs). Anomali Threat Research also created a ]]> 2020-12-29T21:22:00+00:00 https://www.anomali.com/blog/actionable-threat-intelligence-available-for-sunburst-cyber-attacks-on-solarwinds www.secnews.physaphae.fr/article.php?IdArticle=2134713 False Malware,Threat,Mobile Solardwinds,Solardwinds None Anomali - Firm Blog FireEye is tracking as UNC2452. As part of the supply chain attack, the APT compromised the company’s Orion business software with trojanized malware known as Sunburst, which opens a backdoor into the networks of customers who executed Orion updates. Immediately following news of the attack, Anomali Threat Research launched a custom threat intelligence dashboard called Sunburst Backdoor. Now available to Anomali ThreatStream customers, the dashboard is accessible via the user console. It is preconfigured to provide immediate access and visibility into all known Sunburst Backdoor indicators of compromise (IOCs) that are made available through commercial and open-source threat feeds that users manage on ThreatStream. Customers using ThreatStream, Anomali Match, and Anomali Lens can immediately detect any IOCs present in their environments, quickly consume threat bulletins containing machine readable IOCs to operationalize threat intelligence across their security infrastructures, and communicate to all stakeholders how they have been impacted. As part of ongoing product enhancements that further automate and speed essential tasks performed by threat intelligence and security operations analysts, Anomali recently added thematic dashboards that respond to significant global events. In addition to Sunburst Backdoor, ThreatStream customers currently have access to additional dashboards announced as part of our December quarterly product release. Customers can integrate Sunburst Backdoor and other dashboards via the “+ Add Dashboard” tab in the ThreatStream console: After integration, users will have immediate access to the Sunburst Backdoor dashboard, which continually updates IOCs as they become available: Organizations interested in learning more about Anomali ThreatStream and our custom dashboard capabilities can request a demo here. For organizations interested in gaining wider visibility and detection capabilities for the Sunburst cyberattack, Anomali Threat Research has compiled and curated an initial threat bulletin and downloadable set of OSINT IOCs available here.]]> 2020-12-29T20:12:00+00:00 https://www.anomali.com/blog/anomali-threatstream-sunburst-backdoor-custom-dashboard-provides-machine-readable-iocs-related-to-solarwinds-supply-chain-attack www.secnews.physaphae.fr/article.php?IdArticle=2134714 False Malware,Threat,Mobile Solardwinds,Solardwinds None Security Affairs - Blog Secu 2020-12-22T21:52:57+00:00 https://securityaffairs.co/wordpress/112555/hacking/solarwinds-victims-lists.html?utm_source=rss&utm_medium=rss&utm_campaign=solarwinds-victims-lists www.secnews.physaphae.fr/article.php?IdArticle=2121425 False Hack,Threat,Mobile Solardwinds,Solardwinds None McAfee Labs - Editeur Logiciel In a blog post released 13 Dec 2020, FireEye disclosed that threat actors compromised SolarWinds's Orion IT monitoring and management software with a trojanized version of SoalrWinds.Orion.Core.BusinessLayer.dll delivered as part of a digitally-signed Windows Installer Patch. The trojanized file delivers a backdoor, dubbed SUNBURST by FireEye (and Solorigate by Microsoft), that communicates to third-party servers for […] ]]> 2020-12-21T21:32:24+00:00 https://www.mcafee.com/blogs/other-blogs/mcafee-labs/how-a-device-to-cloud-architecture-defends-against-the-solarwinds-supply-chain-compromise/ www.secnews.physaphae.fr/article.php?IdArticle=2118054 True Threat,Mobile Solardwinds,Solardwinds None McAfee Labs - Editeur Logiciel Executive Summary There has been considerable focus on the recent disclosures associated with SolarWinds, and while existing analysis on the broader campaign has resulted in detection against specific IoCs associated with the Sunburst trojan, the focus within the Advanced Threat Research (ATR) team has been to determine the possibility of additional persistence measures. Our analysis […] ]]> 2020-12-17T23:27:06+00:00 https://www.mcafee.com/blogs/other-blogs/mcafee-labs/additional-analysis-into-the-sunburst-backdoor/ www.secnews.physaphae.fr/article.php?IdArticle=2108849 False Threat,Mobile Solardwinds,Solardwinds None Security Affairs - Blog Secu 2020-12-17T00:31:32+00:00 https://securityaffairs.co/wordpress/112376/apt/solarwinds-backdoor-kill-switch.html?utm_source=rss&utm_medium=rss&utm_campaign=solarwinds-backdoor-kill-switch www.secnews.physaphae.fr/article.php?IdArticle=2106500 False Mobile Solardwinds 3.0000000000000000 Checkpoint - Fabricant Materiel Securite 2020-12-16T19:28:13+00:00 https://blog.checkpoint.com/2020/12/16/solarwinds-sunburst-attack-what-do-you-need-to-know/ www.secnews.physaphae.fr/article.php?IdArticle=2109764 False Threat,Mobile Solardwinds,Solardwinds None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2020-12-16T17:05:49+00:00 https://threatpost.com/solarwinds-default-password-access-sales/162327/ www.secnews.physaphae.fr/article.php?IdArticle=2105537 False Mobile Solardwinds 2.0000000000000000 Bleeping Computer - Magazine Américain 2020-12-16T16:21:50+00:00 https://www.bleepingcomputer.com/news/security/fireeye-microsoft-create-kill-switch-for-solarwinds-backdoor/ www.secnews.physaphae.fr/article.php?IdArticle=2106150 False Malware,Mobile Solardwinds None Contagio - Site d infos ransomware 2020-12-13 Fireeye Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor2020-12-13 MicrosoftCustomer Guidance on Recent Nation-State Cyber Attacks Well, here are the Sunburst binaries. Download             Other malware]]> 2020-12-15T00:41:04+00:00 http://contagiodump.blogspot.com/2020/12/2020-12-13-sunburst-solarwinds-backdoor.html www.secnews.physaphae.fr/article.php?IdArticle=2101960 False Mobile Solardwinds None TrendLabs Security - Editeur Antivirus ]]> 2020-12-15T00:00:00+00:00 https://www.trendmicro.com/en_us/research/20/l/overview-of-recent-sunburst-targeted-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=2148714 False Mobile Solardwinds,Solardwinds None Wired Threat Level - Security News 2018-09-24T14:00:00+00:00 https://www.wired.com/story/the-strange-sad-case-of-sunspot-the-empty-astronomy-town www.secnews.physaphae.fr/article.php?IdArticle=822065 False Mobile Solardwinds None