This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-11T20:22:51+00:00 www.secnews.physaphae.fr knowbe4 - cybersecurity services 30 octobre 2023 Le Wall Street Journal a annoncé que la Commission des États-Unis de sécurité et d'échange a poursuivi Solarwinds.Voici les premiers paragraphes et il y a un lien vers l'article WSJ complet en bas: "La société de logiciels & nbsp; victime de pirates liés à la Russie & nbsp; il y a plus de trois ans, alléguant que la société fraude les actionnaires par des actionnaires à plusieurs reprises par répétition par des actionnaires à plusieurs reprises par répétition par des actionnaires à plusieurs reprises à plusieurs reprises à plusieurs reprises par des actionnaires à plusieurs reprises par la firme à plusieurs reprises par les actionnaires à plusieurs reprises par à plusieurs reprises par des action à plusieurs reprises à plusieurs reprises à plusieurs reprises à plusieurs reprises à plusieurs reprises à plusieurs reprises par la firme francLes tromper sur ses cyber-vulnérabilités et la capacité des attaquants à pénétrer ses systèmes.

---

October 30, 2023 the Wall street Journal broke news that the United States Security and Exchange Commission sued Solarwinds. Here are the first few paragraphs and there is a link to the full WSJ article at the bottom : "the software company victimized by Russian-linked hackers over three years ago, alleging the firm defrauded shareholders by repeatedly misleading them about its cyber vulnerabilities and the ability of attackers to penetrate its systems.]]> 2023-10-31T14:24:03+00:00 https://blog.knowbe4.com/wsj-sec-sues-solarwinds-over-2020-hack-attributed-to-russians www.secnews.physaphae.fr/article.php?IdArticle=8403525 False Hack,Vulnerability Solardwinds 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC NotPetya malware was concealed in a software update for a widely-used tax program in Ukraine. Though primarily affecting IT networks, the malware caused shutdowns in industrial operations, illustrating how a corrupted element in the supply chain can have far-reaching effects on both IT and OT systems. These real-world incidents emphasize the multifaceted nature of cybersecurity risks within interconnected ICS/OT systems. They serve as a prelude to a deeper exploration of specific challenges and vulnerabilities, including: Malware attacks on ICS/OT: Specific targeting of components can disrupt operations and cause physical damage. Third-party vulnerabilities: Integration of third-party systems within the supply chain can create exploitable weak points. Data integrity issues: Unauthorized data manipulation within ICS/OT systems can lead to faulty decision-making. Access control challenges: Proper identity and access management within complex environments are crucial. Compliance with best practices: Adherence to guidelines such as NIST\'s best practices is essential for resilience. Rising threats in manufacturing: Unique challenges include intellectual property theft and process disruptions. Traditional defenses are proving inadequate, and a multifaceted strategy, including technologies like Content Disarm and Reconstruction (CDR), is required to safeguard these vital systems. Supply chain defense: The power of content disarm and reconstruction Content Disarm and Reconstruction (CDR) is a cutting-edge technology. It operates on a simple, yet powerful premise based on the Zero Trust principle: all files could be malicious. What does CDR do? In the complex cybersecurity landscape, CDR stands as a unique solution, transforming the way we approach file safety. Sanitizes and rebuilds files: By treating every file as potentially harmful, CDR ensures they are safe for use while mainta]]> 2023-08-29T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/battling-malware-in-the-industrial-supply-chain www.secnews.physaphae.fr/article.php?IdArticle=8376274 False Malware,Vulnerability,Threat,Industrial,Cloud NotPetya,Wannacry,Solardwinds 2.0000000000000000 Recorded Future - FLux Recorded Future Les décideurs doivent faire davantage pour affronter la vulnérabilité croissante des infrastructures critiques auxquelles les secteurs des secteurs des secteurs en raison de leur dépendance croissante à l'égard du cloud computing, un nouveau Rapport du Conseil de l'Atlantique Le rapport souligne que le cloud a déjà permis aux «acteurs malveillants» d'espionner les agences gouvernementales, pointant vers le 2020 Sunburst Hack dans lequel les produits cloud, en particulier [Microsoft

---

Policymakers must do more to confront the increasing vulnerability critical infrastructure sectors face due to their growing reliance on cloud computing, a new Atlantic Council report urges. The report underscores that the cloud has already allowed “malicious actors” to spy on government agencies, pointing to the 2020 Sunburst hack in which cloud products, specifically [Microsoft]]> 2023-07-10T21:33:00+00:00 https://therecord.media/policymakers-must-confront-cloud-insecurity www.secnews.physaphae.fr/article.php?IdArticle=8354252 False Vulnerability,Cloud Solardwinds 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC 45% of companies will have experienced a supply chain attack. Supply chain attacks can come in various ways, whether by malicious code injected into enterprise software or vulnerabilities in software your company uses. To mitigate this risk, companies must learn about the methods used to execute attacks and understand their company’s blind spots.  This article will look at 5 recent software supply chain attacks and how third-party partners can pose a security risk to your company. We’ll make recommendations for how to secure your business against supply chain attacks and how you can engage in early detection to respond to threats before they take down your enterprise. What is a software supply chain attack? The CISA or US Cybersecurity and Infrastructure Security Agency defines a software supply chain attack as an attack that “occurs when a cyber threat actor infiltrates a software vendor’s network and employs malicious code to compromise the software before the vendor sends it to their customers. The compromised software then compromises the customer’s data or system.” A software supply chain includes any company you purchase software from and any open-source software and public repositories from which your developers pull code. It also includes any service organizations that have access to your data. In the aggregate, all of these different suppliers exponentially increase the surface area of a potential attack. Software supply chain attacks are particularly dangerous because the software supply chain acts as an amplifier for hackers. This means that when one vendor is impacted, hackers can potentially reach any of their customers, giving them greater reach than if they attacked a single target corporation.  Two primary reasons contribute to the danger, according to CISA: Third-party software products usually require privileged access; They often require frequent communication between the vendor’s own network and the vendor’s software on customer networks. Attackers leverage privileged access and a privileged network access channel as their first point of access. Depending on the level of available access, attackers can easily target many devices and levels of an organization. Some industries, like healthcare, are of particular vulnerability because they possess huge volumes of patient data subject to strict compliance regulations and laws. Five major supply chain attacks In recent memory, software supply chain attacks have gathered increased attention from the public because of how damaging they can be to a company and its reputation. The Log4j vulnerability demonstrated just how vulnerable companies can be to relying on third-party software, for example. Other high-profile attacks like the SolarWinds SUNBURST attack and Kaseya VSA (REvil) attack also provided painful reminders of how damaging supply chain attacks can be. The SolarWinds SUNBURST backdoor On December 13th, 2020, the SUNBURST backdoor was first disclosed. The attack utilized the popular SolarWinds Orion IT monitorin]]> 2022-07-11T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/5-common-blind-spots-that-make-you-vulnerable-to-supply-chain-attacks www.secnews.physaphae.fr/article.php?IdArticle=5659440 False Ransomware,Data Breach,Vulnerability,Threat,Patching Solardwinds None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Google Just Patched These Two Chrome Zero-day Bugs That Are Under Attack Right Now (published: October 1, 2021) Google has warned users of Google Chrome to update to version 94.0.4606.71, due to two new zero-days that are currently being exploited in the wild. This marks the second update in a month due to actively exploited zero-day flaws. The first of these common vulnerabilities and exposures (CVEs), CVE-2021-37975, is a high severity flaw in the V8 JavaScript engine, which has been notoriously difficult to protect and could allow attackers to create malware that is resistant to hardware mitigations. Analyst Comment: Users and organizations are recommended to regularly check for and apply updates to the software applications they use, especially web browsers that are increasingly used for a variety of tasks. Organizations can leverage the capabilities of Anomali Threatstream to rapidly get information about new CVEs that need to be mitigated through their vulnerability management program. Tags: CVE-2021-37975, CVE-2021-37976, chrome, zero-day Hydra Malware Targets Customers of Germany's Second Largest Bank (published: October 1, 2021) A new campaign leveraging the Hydra banking trojan has been discovered by researchers. The malware containing an Android application impersonates the legitimate application for Germany's largest bank, Commerzbank. While Hydra has been seen for a number of years, this new campaign incorporates many new features, including abuse of the android accessibility features and permissions which give the application the ability to stay running and hidden with basically full administrator privileges over a victim's phone. It appears to be initially spread via a website that imitates the official Commerzbank website. Once installed it can spread via bulk SMS messages to a user's contacts. Analyst Comment: Applications, particularly banking applications, should only be installed from trusted and verified sources and reviewed for suspicious permissions they request. Similarly, emails and websites should be verified before using. Tags: Banking and Finance, EU, Hydra, trojan New APT ChamelGang Targets Russian Energy, Aviation Orgs (published: October 1, 2021) A new Advanced Persistent Threat (APT) group dubbed “ChamelGang” has been identified to be targeting the fuel and energy complex and aviation industry in Russia, exploiting known vulnerabilities like Microsoft Exchange Server’s ProxyShell and leveraging both new and existing malware to compromise networks. Researchers at Positive Technologies have been tracking the group since March 2017, and have observed that they have attacked targets in 10 countries so far. The group has been able to hi]]> 2021-10-05T18:28:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-new-apt-chamelgang-foggyweb-vmware-vulnerability-exploited-and-more www.secnews.physaphae.fr/article.php?IdArticle=3472727 False Ransomware,Malware,Tool,Vulnerability,Threat,Guideline Solardwinds,Solardwinds,APT 27 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2021-03-09T02:42:07+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/_Y8jADtm7C8/cybersecurity-webinar-solarwinds.html www.secnews.physaphae.fr/article.php?IdArticle=2455790 False Vulnerability Solardwinds,Solardwinds None Checkpoint - Fabricant Materiel Securite 2020-12-21T19:26:48+00:00 https://blog.checkpoint.com/2020/12/21/best-practice-identifying-and-mitigating-the-impact-of-sunburst/ www.secnews.physaphae.fr/article.php?IdArticle=2117719 False Vulnerability Solardwinds,Solardwinds None