This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-10T13:09:17+00:00 www.secnews.physaphae.fr Dark Reading - Informationweek Branch DMARC adoption is more important than ever following Google\'s and Yahoo\'s latest mandates for large email senders. This Tech Tip outlines what needs to be done to enable DMARC on your domain.]]> 2024-05-01T15:17:04+00:00 https://www.darkreading.com/cybersecurity-operations/tech-tip-why-haven-t-you-set-up-dmarc-yet- www.secnews.physaphae.fr/article.php?IdArticle=8492385 False None Yahoo 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Description A new malware campaign called Sign1 has been discovered by Sucuri and GoDaddy Infosec. The malware has been found on over 2,500 sites in the past two months. The malware is injected into WordPress custom HTML widgets that the attackers add to compromised websites. The malware is injected using a legitimate Simple Custom CSS and JS plugin. The malware is designed to redirect visitors to scam sites. The malware is time-based and uses dynamic JavaScript code to generate URLs that change every 10 minutes. The malware is specifically looking to see if the visitor has come from any major websites such as Google, Facebook, Yahoo, Instagram etc. If the referrer does not match to these major sites, then the malware will not execute. #### Reference URL(s) 1. https://blog.sucuri.net/2024/03/sign1-malware-analysis-campaign-history-indicators-of-compromise.html #### Publication Date March 20, 2024 #### Author(s) Ben Martin ]]> 2024-03-26T19:39:28+00:00 https://community.riskiq.com/article/063f7fac www.secnews.physaphae.fr/article.php?IdArticle=8470965 False Malware Yahoo 2.0000000000000000 Dark Reading - Informationweek Branch Yet challenges remain as many nation\'s policies for the email authentication protocol remain lax and could run afoul of Google\'s and Yahoo\'s restrictions.]]> 2024-03-04T19:22:10+00:00 https://www.darkreading.com/cyber-risk/middle-east-leads-in-dmarc-deployment www.secnews.physaphae.fr/article.php?IdArticle=8458971 False None Yahoo 2.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain utilise haricots noirs pour la couleur et les algues pour la saveur. Comme d'habitude, vous pouvez également utiliser ce post de calmar pour parler des histoires de sécurité dans les nouvelles que je n'ai pas couvertes. . Lisez mes directives de publication de blog ici .

---

It uses black beans for color and seaweed for flavor. As usual, you can also use this squid post to talk about the security stories in the news that I haven\'t covered. Read my blog posting guidelines here.]]> 2024-02-16T22:04:11+00:00 https://www.schneier.com/blog/archives/2024/02/friday-squid-blogging-vegan-squid-ink-pasta.html www.secnews.physaphae.fr/article.php?IdArticle=8451113 False None Yahoo 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Nigeria-based cybercriminals known as Yahoo Boys are the main drivers of a financial sextortion increase on TikTok, Instagram and Snapchat, targeting English-speaking teenagers]]> 2024-01-29T13:15:00+00:00 https://www.infosecurity-magazine.com/news/nigerian-yahoo-boys-social-media/ www.secnews.physaphae.fr/article.php?IdArticle=8444424 False None Yahoo 2.0000000000000000 ProofPoint - Firm Security 2024-01-25T10:19:42+00:00 https://www.proofpoint.com/us/newsroom/news/se-preparer-aux-nouvelles-exigences-dauthentification-emails-imposees-par-google-et www.secnews.physaphae.fr/article.php?IdArticle=8447813 False None Yahoo 2.0000000000000000 Dark Reading - Informationweek Branch Local Nigerian cybersecurity expert tells Economic and Financial Crimes Commission to educate and not jail so-called Yahoo boys.]]> 2024-01-18T15:35:00+00:00 https://www.darkreading.com/cybersecurity-operations/nigerian-law-enforcement-agency-advised-to-retrain-african-cybercriminals www.secnews.physaphae.fr/article.php?IdArticle=8440620 False None Yahoo 3.0000000000000000 Global Security Mag - Site de news francais Points de Vue]]> 2024-01-11T10:24:43+00:00 https://www.globalsecuritymag.fr/google-et-yahoo-musclent-la-cybersecurite-en-imposant-les-protocoles-spf-dkim.html www.secnews.physaphae.fr/article.php?IdArticle=8437826 False None Yahoo 3.0000000000000000 The State of Security - Magazine Américain The shifting sands of IT make the adage "you never know it all" ever more true as time goes by. I recall days when it felt like you could click through every major directory of Yahoo and know a little something about everything. I was a young man with a voracious reading appetite and an active imagination – both of which were thoroughly outpaced by the growth of the internet and my own developing maturity. Yet, knowing enough can be a formidable shield against the myriad threats lurking in the digital realm. Understanding your IT environment, from the administrators and software versions to...]]> 2024-01-10T01:55:55+00:00 https://www.tripwire.com/state-of-security/know-thyself-and-thy-network www.secnews.physaphae.fr/article.php?IdArticle=8437434 False None Yahoo 3.0000000000000000 Incogni - Blog Sécu de la société incogni, spécialisé en protection de la vie privé 2024-01-08T13:35:45+00:00 https://blog.incogni.com/stop-spam-emails/ www.secnews.physaphae.fr/article.php?IdArticle=8436613 False Spam Yahoo 1.00000000000000000000 Dark Reading - Informationweek Branch Yahoo customers suffered the largest data breaches in history by some measures. But a decade on, experts warn, we still haven\'t learned our lesson.]]> 2024-01-02T14:00:00+00:00 https://www.darkreading.com/cyberattacks-data-breaches/10-years-after-yahoo-whats-changed-not-much www.secnews.physaphae.fr/article.php?IdArticle=8432937 False None Yahoo 3.0000000000000000 Recorded Future - FLux Recorded Future Un bug sur une plate-forme de paris sportifs Yahoo populaire semble avoir permis aux gens de tricher en plaçant des paris après la tranche des jeux.Le problème affectant le match de football de survie de Yahoo \\ a été découvert par un joueur exigeant qui a remarqué qu'un de ses adversaires a continué à gagner grâce aux matchs joués jeudi soir.

---

A bug on a popular Yahoo sports betting platform appears to have allowed people to cheat by placing bets after the games have already been decided. The issue affecting Yahoo\'s Survival Football game was discovered by a discerning player who noticed that one of his opponents kept winning thanks to games played on Thursday nights.]]> 2023-12-20T22:00:00+00:00 https://therecord.media/yahoo-survivor-football-bug-cheating www.secnews.physaphae.fr/article.php?IdArticle=8426359 False None Yahoo 4.0000000000000000 ProofPoint - Cyber Firms 2023-12-04T07:10:47+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/using-behavioral-ai-to-quash-payroll-diversion www.secnews.physaphae.fr/article.php?IdArticle=8419043 False Ransomware,Tool,Threat Yahoo 2.0000000000000000 ProofPoint - Cyber Firms 2023-10-11T17:00:26+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/google-and-yahoo-set-new-email-authentication-requirements www.secnews.physaphae.fr/article.php?IdArticle=8394335 False Spam,Threat Yahoo 2.0000000000000000 Dark Reading - Informationweek Branch The move by the two giants means that DMARC, already in use by half of enterprises, will become table stakes for anyone using email for marketing, with all users set to benefit.]]> 2023-10-06T15:28:58+00:00 https://www.darkreading.com/dr-tech/google-yahoo-push-dmarc-forcing-companies-to-catch-up www.secnews.physaphae.fr/article.php?IdArticle=8392398 False General Information Yahoo 3.0000000000000000 Silicon - Site de News Francais 2023-10-05T07:35:50+00:00 https://www.silicon.fr/blackberry-intel-yahoo-restructurent-activites-472046.html www.secnews.physaphae.fr/article.php?IdArticle=8391754 False None Yahoo 2.0000000000000000 Recorded Future - FLux Recorded Future Deux des plus grands fournisseurs de courriels du monde ont déclaré mardi qu'ils prendraient plusieurs nouvelles mesures pour freiner les expéditeurs en vrac et empêcher le spam.Dans son annonce , Yahoo a noté que de nombreux expéditeurs en vrac ne se déroulent pas \\ 't.des systèmes correctement, ce qui peut conduire à des «acteurs malveillants» qui les exploitent non détectés.Au cours du premier trimestre de 2024, Yahoo a déclaré

---

Two of the world\'s largest email providers said Tuesday that they will take several new steps to rein in bulk senders and prevent spam. In its announcement, Yahoo noted that many bulk senders don\'t set systems up properly, which can lead to “malicious actors” exploiting them undetected. Across the first quarter of 2024, Yahoo said]]> 2023-10-03T21:09:00+00:00 https://therecord.media/google-yahoo-crack-down-on-spam www.secnews.physaphae.fr/article.php?IdArticle=8391155 False Spam Yahoo 3.0000000000000000 Intigrity - Blog Depuis sa création, le programme Boug Bounty de Yahoo \\ a reçu des milliers de rapports de vulnérabilité de plus de 6 000 pirates dans le monde.Et aujourd'hui, le programme de dix ans augmente avec une expansion en Europe grâce à un nouveau programme public géré par Intigriti, la plus grande plate-forme de prime de bogue du continent.Pour célébrer le lancement, Yahoo promulgue également un nouveau type [& # 8230;]

---

>Since its inception, Yahoo\'s Bug Bounty program has received thousands of vulnerability reports from over 6,000 hackers worldwide. And today, the ten-year-old program is growing with an expansion into Europe through a new public program managed by Intigriti, the continent’s largest bug bounty platform. To celebrate the launch, Yahoo is also enacting a new type […] ]]> 2023-09-28T08:06:20+00:00 https://blog.intigriti.com/2023/09/28/glacierctf-players-earn-up-to-15k-bonuses-for-yahoo-bug-bounty-submissions/ www.secnews.physaphae.fr/article.php?IdArticle=8388969 False Vulnerability Yahoo 2.0000000000000000 Intigrity - Blog Anvers, en Belgique, 28 septembre 2023, Yahoo s'est associé à Intigriti, un leader mondial de la sécurité du crowdsourced, pour lancer un nouveau programme de primes de bogues publics.Le partenariat de cybersécurité lance officiellement aujourd'hui et étend la portée de Yahoo \\ dans la communauté mondiale de la sécurité du crowdsourced.Selon les termes du nouveau partenariat, le programme BUNTY BUNTY de Yahoo \\ sera hébergé par Intigriti et [& # 8230;]

---

>Antwerp, BelgiumSeptember 28, 2023 Yahoo has partnered with Intigriti, a global leader in crowdsourced security, to launch a new public bug bounty program. The cybersecurity partnership officially launches today and expands Yahoo\'s reach into the global crowdsourced security community. Under the terms of the new partnership, Yahoo\'s bug bounty program will be hosted by Intigriti and […] ]]> 2023-09-28T08:00:00+00:00 https://blog.intigriti.com/2023/09/28/yahoo-partners-with-intigriti-to-launch-a-new-crowdsourced-security-program/ www.secnews.physaphae.fr/article.php?IdArticle=8389410 False None Yahoo 3.0000000000000000 ComputerWeekly - Computer Magazine 2023-09-28T05:30:00+00:00 https://www.computerweekly.com/news/366553653/Yahoo-picks-Intigriti-to-run-crowdsourced-bug-bounty-programme www.secnews.physaphae.fr/article.php?IdArticle=8388983 False None Yahoo 3.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain Vaut-être extrait . Comme d'habitude, vous pouvez également utiliser ce post de calmar pour parler des histoires de sécurité dans les nouvelles que je n'ai pas couvertes. . Lisez mes directives de publication de blog ici .

---

I had no idea that squid contain sufficient oil to be worth extracting. As usual, you can also use this squid post to talk about the security stories in the news that I haven\'t covered. Read my blog posting guidelines here.]]> 2023-08-04T21:07:34+00:00 https://www.schneier.com/blog/archives/2023/08/friday-squid-blogging-2023-squid-oil-global-market-report.html www.secnews.physaphae.fr/article.php?IdArticle=8365860 False None Yahoo 2.0000000000000000 Soc Radar - Blog spécialisé SOC Welcome to this week’s dark web summary from SOCRadar. Our vigilant Dark Web Team has... ]]> 2023-07-03T11:30:10+00:00 https://socradar.io/major-data-leaks-on-tiktok-instagram-and-yahoo/ www.secnews.physaphae.fr/article.php?IdArticle=8351799 False None Yahoo 2.0000000000000000 GoogleSec - Firm Security Blog Graph for Understanding Artifact Composition (GUAC). Introduced at Kubecon 2022 in October, GUAC targets a critical need in the software industry to understand the software supply chain. In collaboration with Kusari, Purdue University, Citi, and community members, we have incorporated feedback from our early testers to improve GUAC and make it more useful for security professionals. This improved version is now available as an API for you to start developing on top of, and integrating into, your systems.The need for GUACHigh-profile incidents such as Solarwinds, and the recent 3CX supply chain double-exposure, are evidence that supply chain attacks are getting more sophisticated. As highlighted by the ]]> 2023-05-24T12:49:28+00:00 http://security.googleblog.com/2023/05/announcing-launch-of-guac-v01.html www.secnews.physaphae.fr/article.php?IdArticle=8339090 False Tool,Vulnerability,Threat Yahoo 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC 2023 AT&T Cybersecurity Insights Report, which was met with enthusiasm by the industry and the media. In fact, Will Townsend, writing for Forbes, noted that our report joined other great research by industry peers who are striving to do more than just provide security solutions. “RSAC 2023 could be best characterized by its emphasis on the advantages and disadvantages of AI and numerous published cybersecurity reports designed to raise awareness of threats and subsequent remediation, in addition to cybersecurity platform enhancements. These subjects are a definite departure from the past few RSAC events, which seemed to be zero-trust "me too” conventions. It is a welcome change, given that the emphasis on improving security outcomes benefits everyone.” Read more >> Townsend perfectly captures the AT&T Cybersecurity mission to help business leaders understand both the business and security landscape - and how it’s evolving as technology continues to change the way we work and live. After listening to the challenges organizations are encountering, it’s clear that research and understanding the business landscape are essential parts of a responsible cybersecurity vendor strategy. DDoS versus ransomware – how does edge computing change the equation? I participated in a panel discussion hosted by Channel Futures examining the challenges of securing critical infrastructure. The discussion kicked off with a Gartner prediction, “by 2025, 30% of critical infrastructure organizations will experience a security breach resulting in the halting of operations and/or mission-critical cyber-physical system.,” I spoke about our research findings that indicate a change in perceived attacks: when it comes to edge computing, DDoS is perceived as a greater attack concern than ransomware. “One of the reasons cybercriminals are gravitating to DDoS is it’s cheaper and easier than ransomware.” Read more >> I did a video interview with BankInfoSecurity.com discussing how edge computing and innovative use cases are changing the way we’re dealing with cyber resilience. "Organizations are investing in the edge but they also know that their endpoints are changing," said Lanowitz. "They want to make sure they are futureproofing themselves and going to be dynamic in their cyber resilience. That\'s because the  security edge is not linear or a straight line. It\'s a circuitous, often confusing, and an often-changing environment that you will have to live with." Learn more >> Watch the webcast discussing the AT&T Cybersecurity Insights Report findings. If you prefer to listen to the research results, ]]> 2023-05-10T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/rsac-2023-cybersecurity-research-on-edge-computing-generates-big-interest www.secnews.physaphae.fr/article.php?IdArticle=8335117 False Ransomware,Malware Yahoo 2.0000000000000000 Zataz - Magazine Francais de secu 2023-04-20T13:56:55+00:00 https://www.zataz.com/un-nouveau-yahoo-boy-adepte-de-hushpuppi-arrete/ www.secnews.physaphae.fr/article.php?IdArticle=8329675 False None Yahoo,Yahoo 2.0000000000000000 Recorded Future - FLux Recorded Future Just in time for Valentine's Day, the Federal Trade Commission released its latest report on romance scams. Last year, it said some 70,000 people reported being on the receiving end of some lovelorn scheme and paid out something in the neighborhood of $1.3 billion. That's as much as the previous five years combined. Romance scams […]]> 2023-02-14T12:15:03+00:00 https://therecord.media/for-a-former-yahoo-boy-romance-is-a-cut-and-paste-proposition/ www.secnews.physaphae.fr/article.php?IdArticle=8310002 False None Yahoo 2.0000000000000000 knowbe4 - cybersecurity services ]]> 2023-02-02T21:31:58+00:00 https://blog.knowbe4.com/yahoo-suddenly-rises-in-popularity-in-q4-to-become-the-most-impersonated-brand-in-phishing-attacks www.secnews.physaphae.fr/article.php?IdArticle=8306689 False None Yahoo,Yahoo 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine 2023-01-25T17:00:00+00:00 https://www.infosecurity-magazine.com/news/yahoo-impersonated-brand-q4-2022/ www.secnews.physaphae.fr/article.php?IdArticle=8304000 False None Yahoo,Yahoo 4.0000000000000000 Checkpoint - Fabricant Materiel Securite Summary Following a significant phishing campaign in the previous quarter, Yahoo became the top brand impersonated in phishing attacks in Q4 2022, climbing 23 spots in the ranking from the previous quarter. DHL dropped from the lead in Q3 2022 to 2nd place in the last quarter of the year, followed by Microsoft which also… ]]> 2023-01-23T11:00:05+00:00 https://blog.checkpoint.com/2023/01/23/brand-phishing-report-q4-2022/ www.secnews.physaphae.fr/article.php?IdArticle=8303366 False Guideline Yahoo,Yahoo 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC 2022-12-21T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/top-bug-bounty-platforms-for-organizations-to-improve-security www.secnews.physaphae.fr/article.php?IdArticle=8293343 False Vulnerability,Guideline Yahoo 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC malware on your computer. Don't give out any personal information to someone who calls you out of the blue. And if they try to get you to click on a link, don't do it. Hang up and call the organization they claimed to be from using a number you know to be legitimate (e.g., the number on the back of your credit card or from the organization's website). What’s more, consider doing a reverse phone lookup on them to see where the number is actually originating from. The message is not personalized If you receive an email that doesn't address you by name or refers to you as "Dear User" or "Dear Valued Customer," be wary. Phishing emails often use generic greetings in an attempt to seem more widespread - and less suspicious - than they actually are. That's because they are usually sent out en masse as part of a massive automated campaign. Phishers usually just have a list of email addresses and the idea isn't to find out the name of the person it belongs to or do any kind of in-depth personalization, but to get as many people as possible to click on the links in their message. The sender's email address doesn't match the organization they're claiming to represent This is a pretty straightforward way to spot a phishing attempt. If you get an email purporting to be from your bank, but the email address it comes from is something like johnsmith12345@gmail.com, then it's pretty clear that something is not right. Organizations won’t send out official communications from a Gmail or Hotmail address. They will always use their own domain name (e.g., WellsFargo.com, PayPal.com). So, if the email you receive is coming from anything other than an organization's official domain, it's a huge red flag. There are grammatical errors or typos in the email If you receive an email that is full of grammatical errors, typos, or just generally seems to be poorly written, it's a good indicator that it's a phishing email. Phishers often send out their emails quickly and without much care or attention to detail. So if an email looks like it was dashed off in a hurry, with no regard for proper spelling or grammar, it's probably a phishing email. Phishing scams also originate overseas, and the architects of these scams aren't native English speakers. So another giveaway that an email might be a phishing attempt is if it contains poor grammar or strange phrasing. The message is urgent or includes a sense of urgency Phishers often try to create a sense of urgency in their emails in order to get people to act quickly without thinking. They might say that your account is about to be closed, or that you need to take action immediately to prevent]]> 2022-11-22T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/10-ways-to-spot-a-phishing-attempt www.secnews.physaphae.fr/article.php?IdArticle=8166765 False Malware Yahoo,Deloitte 4.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC weeks of gradual rise against a weakening dollar. While there is a sense of solidity in trading precious metals, given their very real world physical sense, they are, like every other digitally traded item, subject to the same cyber threats and risks that attack the digital markets every day. Staying safe in the face of these threats is key and starts with protecting spot trades. Understanding stock market attacks Precious metals are traded, just like other stocks, shares and commodities, at spot price. This means the buyer will pay a determined price from the seller, in addition to a variable degree of commission to the broker or other middleman. The high-profile nature of stock markets means that they are often well protected against cyber-attack, but this protection is faltering as stock trades become more diversified. As more and more brokers and agents get involved in trading, the number of weak points in the networks increases. This is especially the case in precious metals; the sensitive pricing of precious metals means that the trades need to be completed quickly, or at high frequency. According to Investopedia, this extreme need for expediency offers an ‘in’ for attackers in two main forms. Seizing the algorithm Cryptocurrency has helped to shed a light on one of the most important threats to counter - algorithm hacking. This is a process whereby the malicious actor will attempt to seize control of a trading algorithm, whether used on a wider scale by the market or by individual brokers. Through this, they can crash prices, causing instant damage that will be confusing to rectify with corrections. As Yahoo highlights, cryptocurrency deals with such attacks on a minute-by-minute basis; through proper online hygiene and experienced 2+ factor authentication, trading houses can stop third parties from accessing this data. Distributed outages A very common form of cyber-attack in the modern day is the DDoS. This takes networks offline, denying users access to data, and can sow confusion. While proprietary vendors such as Cloudflare have helped to provide coverage, there have still been high-profile attacks on stock markets. Consider, for instance, the multi-day outage of the New Zealand stock exchange, highlighted by GARP. While not a primary player in the world markets, these smaller hubs feed into the larger, regional markets, in London, New York and Tokyo. While smaller hubs are taken down, there are huge risks in terms of inaccurate costing, hijacked sales, and other risks. Ensuring that markets are protected as much as possible by DDoS protection is essential and, for individual traders, looking to take full logs and using a high-quality broker will help further. Criminals will continue to exploit the incr]]> 2022-11-15T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/as-volumes-continue-to-rise-precious-metal-traders-must-be-cyber-vigilant www.secnews.physaphae.fr/article.php?IdArticle=8024792 False None Yahoo,Yahoo None CISCO Talos - Cisco Research blog By Abhishek Singh.BEC is a multi-stage attack. Adversaries first identify targets, then they establish rapport with the victim before exploiting them for whatever their end goal is. In the case of BEC, a threat actor can impersonate any employee in the organization to trick targets.  A policy that checks for authorized email addresses of the sender can prevent BEC attacks. However, scaling the approach for every employee in a large organization is a challenge.  Building an executive profile based on email analysis using a machine learning model and scanning emails against that profile will detect BEC. Data collection for building and training machine learning algorithms can take time, though, opening a window of opportunity for threat actors to exploit.  Detection of exploitation techniques such as lookalike domains and any differences in the email addresses in the "From" and "Reply-to" fields can also detect BEC messages. However, the final verdict cannot account for the threat actor's intent.  The intent-based approach detects BEC and then classifies it into the type of scam. It catches BEC messages, irrespective of whether a threat actor is impersonating a C-level executive or any employee in an organization. Classification based on the type of scam can help identify which segment of an organization was targeted and which employees were being impersonated by the threat actor. The additional information will further assist in better designing preventive features to stop BEC. Business email compromise (BEC) is one of the most financially damaging online crimes. As per the internet crime 221 report, the total loss in 2021 due to BEC is around 2.4 billion dollars. Since 2013, BEC has resulted in a 43 billion dollars loss. The report defines BEC as a scam targeting businesses (not individuals) working with foreign suppliers and companies regularly performing wire transfer payments. Fraudsters carry out these sophisticated scams to conduct the unauthorized transfer of funds. This introduces the challenge of how to detect and block these campaigns as they continue to compromise organizations successfully. There are a variety of approaches to identifying BEC email messages, such as using policy to allow emails from authorized email addresses, detecting exploitation techniques used by threat actors, building profiles by analysis of emails, and validating against the profile to detect BEC. These approaches have a variety of limitations or shortcomings. Cisco Talos is taking a different approach and using an intent-based model to identify and block BEC messages. Before we get too deep into the intent-based model, take a deeper look at the commonly used approaches to block BEC from the simplistic through machine learning (ML) approaches. Policy-based detection The first place to start is with policy-based detection as it is one of the most common and simplistic approaches to blocking BEC campaigns. Let's start by looking at an example of a BEC email. ]]> 2022-10-18T08:41:18+00:00 http://blog.talosintelligence.com/2022/10/the-benefits-of-taking-intent-based.html www.secnews.physaphae.fr/article.php?IdArticle=7540074 False Threat,Medical,Cloud APT 38,APT 19,APT 29,APT 10,APT 37,Uber,APT 15,Yahoo None Schneier on Security - Chercheur Cryptologue Américain compromised by—at least—China and Iran, and that the blunder caused a bunch of arrests, imprisonments, and executions. We’re now learning that the CIA is still “using an irresponsibly secured system for asset communication.” Citizen Lab did the research: Using only a single website, as well as publicly available material such as historical internet scanning results and the Internet Archive’s Wayback Machine, we identified a network of 885 websites and have high confidence that the United States (US) Central Intelligence Agency (CIA) used these sites for covert communication...]]> 2022-09-30T14:19:16+00:00 https://www.schneier.com/blog/archives/2022/09/security-vulnerabilities-in-covert-cia-websites.html www.secnews.physaphae.fr/article.php?IdArticle=7225990 False None Yahoo None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence EvilProxy Phishing-As-A-Service With MFA Bypass Emerged In Dark Web (published: September 5, 2022) Resecurity researchers analyzed EvilProxy, a phishing kit that uses reverse proxy and cookie injection methods to bypass two-factor authentication (2FA). EvilProxy uses extensive virtual machine checks and browser fingerprinting. If the victim passes the checks, Evilproxy acts as a proxy between the victim and the legitimate site that asks for credentials. EvilProxy is being sold as a service on the dark web. Since early May 2022, Evilproxy enables phishing attacks against customer accounts of major brands such as Apple, Facebook, GoDaddy, GitHub, Google, Dropbox, Instagram, Microsoft, Twitter, Yahoo, Yandex, and others. Analyst Comment: EvilProxy is a dangerous automation tool that enables more phishing attacks. Additionally, EvilProxy targeting GitHub and npmjs accounts increases risks of follow-up supply-chain attacks. Anomali platform has historic EvilProxy network indicators that can help when investigating incidents affecting 2FA. With 2FA bypass, users need to be aware of phishing risks and pay even more attention to domains that ask for their credentials and 2FA codes. MITRE ATT&CK: [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] Proxy - T1090 | [MITRE ATT&CK] Supply Chain Compromise - T1195 Tags: EvilProxy, Phishing, Phishing-as-s-service, Reverse proxy, Cookie injection, 2FA, MFA, Supply chain Ragnar Locker Ransomware Targeting the Energy Sector (published: September 1, 2022) Cybereason researchers investigated the Ragnar Locker ransomware that was involved in cyberattack on DESFA, a Greek pipeline company. On August 19, 2022, the Ragnar Locker group listed DESFA on its data leak site. The group has been active since 2019 and it is not the first time it targets critical infrastructure companies with the double-extortion scheme. Their Ragnar Locker ransomware shows the typical abilities of modern ransomware including system information and location collection, deleting shadow copies, identifying processes (antiviruses, backup solutions, IT remote management solutions, and virtual-based software), and encrypting the system with the exception list in mind. Analyst Comment: Ragnar Locker appears to be an aggressive ransomware group that is not shy attacking critical infrastructure as far as they are not in the Commonwealth of Independent States (Russia and associated countries). Always be on high alert while reading emails, in particular those with attachments, URL redirection, false sense of urgency or poor grammar. Use anti-spam and antivirus protection, and avoid opening email from untrusted or unverified senders. Additionally, it is important to have a comprehensive and teste]]> 2022-09-07T15:00:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-evilproxy-defeats-second-factor-ragnar-locker-ransomware-hits-critical-infrastructure-montenegro-blames-russia-for-massive-cyberattack-and-more www.secnews.physaphae.fr/article.php?IdArticle=6768417 False Ransomware,Malware,Tool,Threat,Patching,Guideline Yahoo None CSO - CSO Daily Dashboard the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. The vulnerability meant that a malicious user could easily trick a vulnerable web server into sending sensitive information, including usernames and passwords.The TLS/SSL standards are crucial for modern web encryption, and while the flaw was in the OpenSSL implementation rather than the standards themselves, OpenSSL is so widely used-when the bug was made public, it affected 17% of all SSL servers-that it precipitated a security crisis.To read this article in full, please click here]]> 2022-09-06T01:00:00+00:00 https://www.csoonline.com/article/3223203/the-heartbleed-bug-how-a-flaw-in-openssl-caused-a-security-crisis.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=6747289 False Vulnerability Yahoo None CISCO Talos - Cisco Research blog By Vanja SvajcerCisco Talos recently observed three separate, but related, campaigns between March and June 2022 delivering a variety of threats, including the ModernLoader bot, RedLine information-stealer and cryptocurrency-mining malware to victims. The actors use PowerShell, .NET assemblies, and HTA and VBS files to spread across a targeted network, eventually dropping other pieces of malware, such as the SystemBC trojan and DCRAT, to enable various stages of their operations. The attackers' use of a variety of off-the-shelf tools makes it difficult to attribute this activity to a specific adversary.The final payload appears to be ModernLoader, which acts as a remote access trojan (RAT) by collecting system information and deploying various modules. In the earlier campaigns from March, we also observed the attackers delivering the cryptocurrency mining malware XMRig. The March campaigns appeared to be targeting Eastern European users, as the constructor utility we analyzed had predefined script templates written in Bulgarian, Polish, Hungarian and Russian.The actors are attempting to compromise vulnerable web applications to serve malware and deliver threats via files masquerading as fake Amazon gift cards. Technical detailsInitial findingsIn June 2022, Cisco Talos identified an unusual command line execution in our telemetry. The decoded base64 command is below:Initial finding: A command executed on the system.The 31.41.244[.]231 IP is a Russian IP and hosts several other URLs with similar naming conventions. Autostart commandFollowing the discovery of the initial command, we identified two other command lines. They are a result of an autorun registered executable and the execution of a scheduled task.]]> 2022-08-30T08:00:09+00:00 http://blog.talosintelligence.com/2022/08/modernloader-delivers-multiple-stealers.html www.secnews.physaphae.fr/article.php?IdArticle=6625062 False Malware,Tool,Threat Yahoo None Dark Reading - Informationweek Branch 2022-08-23T11:57:26+00:00 https://www.darkreading.com/endpoint/charming-kitten-apt-wields-new-scraper-to-steal-email-inboxes www.secnews.physaphae.fr/article.php?IdArticle=6483285 False Tool APT 35,Yahoo None CyberScoop - scoopnewsgroup.com special Cyber 2022-08-23T11:00:00+00:00 https://www.cyberscoop.com/google-iran-hackers-gmail-irgc-charming-kitten/ www.secnews.physaphae.fr/article.php?IdArticle=6481908 False Tool Yahoo,Yahoo None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-08-23T07:50:00+00:00 https://thehackernews.com/2022/08/google-uncovers-tool-used-by-iranian.html www.secnews.physaphae.fr/article.php?IdArticle=6485628 False Malware,Tool,Threat,Conference APT 35,Yahoo None CSO - CSO Daily Dashboard How an unqualified sex worker allegedly infiltrated a top Air Force lab” and our eyes immediately rolled as we read the bizarre case of Dr. James Gord. He maneuvered a 32-year-old sex worker into a position of trust within Spectral Energies, a government contractor associated with the U.S. Air Force Research Laboratory located at Wright Paterson Air Force Base. His motivation? He wished to keep his sexual liaison sub rosa.Stuff right out of Ripley's Believe It or Not. While we sit and smirk at the ridiculousness of the situation, a deeper dive gives CISOs and their organizations food for thought as we dissect how Gord was able to manipulate his business partner and others to successfully place an individual within his company who had no business being there. Specifically, it underscores the value of background checks on individuals being placed into sensitive roles.To read this article in full, please click here]]> 2022-07-26T02:00:00+00:00 https://www.csoonline.com/article/3668131/how-a-sex-worker-became-a-defense-contractor-employee-and-an-insider-threat.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=5948149 False Threat Yahoo None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Update: The Phish Goes On - 5 Million Stolen Credentials and Counting (published: June 16, 2022) PIXM researchers describe an ongoing, large-scale Facebook phishing campaign. Its primary targets are Facebook Messenger mobile users and an estimated five million users lost their login credentials. The campaign evades Facebook anti-phishing protection by redirecting to a new page at a legitimate service such as amaze.co, famous.co, funnel-preview.com, or glitch.me. In June 2022, the campaign also employed the tactic of displaying legitimate shopping cart content at the final page for about two seconds before displaying the phishing content. The campaign is attributed to Colombian actor BenderCrack (Hackerasueldo) who monetizes displaying affiliate ads. Analyst Comment: Users should check what domain is asking for login credentials before providing those. Organizations can consider monitoring their employees using Facebook as a Single Sign-On (SSO) Provider. MITRE ATT&CK: [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] User Execution - T1204 Tags: Facebook, Phishing, Facebook Messenger, Social networks, Mobile, Android, iOS, Redirect, Colombia, source-country:CO, BenderCrack, Hackerasueldo F5 Labs Investigates MaliBot (published: June 15, 2022) F5 Labs researchers describe a novel Android trojan, dubbed MaliBot. Based on re-written SOVA malware code, MaliBot is maintaining its Background Service by setting itself as a launcher. Its code has some unused evasion portions for emulation environment detection and setting the malware as a hidden app. MaliBot spreads via smishing, takes control of the device and monetizes using overlays for certain Italian and Spanish banks, stealing cryptocurrency, and sometimes sending Premium SMS to paid services. Analyst Comment: Users should be wary of following links in unexpected SMS messages. Try to avoid downloading apps from third-party websites. Be cautious with enabling accessibility options. MITRE ATT&CK: [MITRE ATT&CK] System Network Configuration Discovery - T1016 | [MITRE ATT&CK] User Execution - T1204 Tags: MaliBot, Android, MFA bypass, SMS theft, Premium SMS, Smishing, Binance, Trust wallet, VNC, SOVA, Sality, Cryptocurrency, Financial, Italy, target-country:IT, Spain, target-country:ES Extortion Gang Ransoms Shoprite, Largest Supermarket Chain in Africa (published: June 15, 2022) On June 10, 2022, the African largest supermarket chain operating in twelve countries, Shoprite Holdings, announced a possible cybersecurity incident. The company notified customers in E]]> 2022-06-21T15:03:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-gallium-expands-targeting-across-telecommunications-government-and-finance-sectors-with-new-pingpull-tool-dragonforce-malaysia-opspatuk-opsindia-and-more www.secnews.physaphae.fr/article.php?IdArticle=5309464 False Ransomware,Malware,Tool,Vulnerability,Threat,Guideline,Conference APT 35,Yahoo None IT Security Guru - Blog Sécurité 2021-12-24T11:24:05+00:00 https://www.itsecurityguru.org/2021/12/24/new-coinspot-phishing-campaign-discovered/?utm_source=rss&utm_medium=rss&utm_campaign=new-coinspot-phishing-campaign-discovered www.secnews.physaphae.fr/article.php?IdArticle=3869153 False Threat Yahoo,Yahoo None Wired Threat Level - Security News 2021-12-10T14:00:00+00:00 https://www.wired.com/story/plaintext-big-tech-flagships-leaking www.secnews.physaphae.fr/article.php?IdArticle=3774352 False None Yahoo,Yahoo None Bleeping Computer - Magazine Américain 2021-11-03T09:42:38+00:00 https://www.bleepingcomputer.com/news/technology/yahoo-becomes-the-next-us-firm-to-pull-services-out-of-china/ www.secnews.physaphae.fr/article.php?IdArticle=3603829 False None Yahoo,Yahoo None Zataz - Magazine Francais de secu 2021-09-30T20:44:26+00:00 https://www.zataz.com/fuite-de-donnees-vous-en-prendrez-bien-pour-100-millions/ www.secnews.physaphae.fr/article.php?IdArticle=3449977 False None Yahoo,Yahoo None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2021-09-27T04:21:35+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/G7li3ub2TF4/how-does-dmarc-prevent-phishing.html www.secnews.physaphae.fr/article.php?IdArticle=3432888 False Spam Yahoo None TroyHunt - Blog Security 2021-05-03T15:48:31+00:00 https://arstechnica.com/?p=1761961 www.secnews.physaphae.fr/article.php?IdArticle=2733271 False None Yahoo,Yahoo None TroyHunt - Blog Security 2021-04-29T16:21:01+00:00 https://arstechnica.com/?p=1761189 www.secnews.physaphae.fr/article.php?IdArticle=2715424 False None Yahoo,Yahoo None The Last Watchdog - Blog Sécurité de Byron V Acohido Supply-chains become top targets Homeland Security Secretary Alejandro Mayorkas has assumed a very visible and vocal role. Mayorkas has been championing an extensive portfolio of … (more…) ]]> 2021-04-08T11:14:47+00:00 https://www.lastwatchdog.com/roundtable-mayorkas-60-day-cybersecurity-sprints-win-support-also-a-prove-it-to-me-response/ www.secnews.physaphae.fr/article.php?IdArticle=2607994 False None Yahoo None TroyHunt - Blog Security 2021-04-06T16:21:54+00:00 https://arstechnica.com/?p=1754863 www.secnews.physaphae.fr/article.php?IdArticle=2593620 False None Yahoo,Yahoo None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Image Source This blog was written by an independent guest blogger. Cybersecurity may be different based on a person's viewpoint. One may want to simply protect and secure their social media accounts from hackers, and that would be the definition of what cybersecurity is to them. On the other hand, a small business owner may want to protect and secure credit card information gathered from their point-of-sale registers and that is what they define as cybersecurity. Despite differences in implementation, at its core, cybersecurity pertains to the mitigation of potential intrusion of unauthorized persons into your system(s). It should encompass all aspects of one’s digital experience--whether you are an individual user or a company. Your cyber protection needs to cover your online platforms, devices, servers, and even your cloud storage. Any unprotected area of your digital journey can serve as an exploit point for hackers and cyber criminals intent on finding vulnerabilities.  People assume that it is the responsibility of the IT Department to stop any intrusion. That may be true up to a certain point, cybersecurity responsibility rests with everyone, in reality. Cybersecurity should be everybody’s business. The cybersecurity landscape is changing. With 68% of businesses saying that their cybersecurity risks have increased, it is no wonder that businesses have been making increased  efforts to protect from, and mitigate attacks. During the height of the pandemic,  about 46% of the workforce shifted to working from home. We saw a surge in cybersecurity attacks - for example, RDP brute-force attacks increased by 400% around the same time. This is why cybersecurity must be and should be everybody’s business. According to the 2019 Cost of Cybercrime Study, cyberattacks often are successful due to employees willingly participating as an internal actors or or employees and affiliates carelessly clicking a link by accident. Sadly, it is still happening today. Unsuspecting employees can be caught vulnerable and cause a corporate-wide cyberattack by opening a phishing email or bringing risks into the company’s network in a BYOD (Bring Your Own Device) system. Just a decade ago, Yahoo experienced a series of major data breaches, via a backdoor to their network system established by a hacker (or a group of hackers). Further digital forensic investigation shows the breach started from a phishing email opened by an employee. Another example was Equifax when it experienced a data breach in 2017 and was liable for fines amounting to $425 million by the Federal Trade Commission (FTC). Companies continue to double up on their investments in cybersecurity and privacy protection today to ensure that incidents like these do not happen to their own networks. But a network is only as strong as its weakest link. Hackers continue to innovate, making their attacks more and mo]]> 2021-01-12T11:00:00+00:00 https://feeds.feedblitz.com/~/641451762/0/alienvault-blogs~Why-cybersecurity-awareness-is-a-team-sport www.secnews.physaphae.fr/article.php?IdArticle=2175341 False Ransomware,Data Breach,Malware,Vulnerability,Guideline Equifax,Equifax,Yahoo,Yahoo None SecurityWeek - Security News 2021-01-08T15:21:31+00:00 http://feedproxy.google.com/~r/Securityweek/~3/00nx5E5klZs/solarwinds-taps-firm-launched-cisa-chief-chris-krebs-former-facebook-cso-alex-stamos www.secnews.physaphae.fr/article.php?IdArticle=2158895 False None Yahoo,Yahoo None Wired Threat Level - Security News 2020-11-18T14:00:00+00:00 https://www.wired.com/story/marissa-mayer-startup-sunshine-contacts www.secnews.physaphae.fr/article.php?IdArticle=2042352 False None Yahoo None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Last time I covered the talks I attended on day one. Interestingly enough, the talks all had to do with threat detection and analysis. Maybe that’s just what I’m fixated on these days. The talks I attended on the second day all covered matters businesses must be aware of these days and well into the future. On day two, I learned a lot about how to talk to non-technical executives about security, the unique challenges of cloud security, and the legal implications of cyber threats. Enjoy! How to Talk to the Board About Cybersecurity The first talk I attended on the second day was presented by Jeff Costlow, a CISO with nearly 25 years of industry experience. This is the description of the talk from SecTor’s web app: “With the sudden shift of the global workforce from in-office to remote, IT teams quickly transformed their operations to accommodate the new realities of business — including large-scale adoption of work-from-home technologies, heightened activity on customer-facing networks, and greater use of online services. While these examples of agility allowed business to continue, they also greatly increased the risk of misconfigurations and cyberthreats. Now, it’s looking like they could be here to stay for a while. On top of that, bad actors have wasted no time trying to exploit new vulnerabilities. In the past several weeks, we’ve seen ransomware attacks affect several major organizations. These attacks come on the tail of a surge of attacks across the board brought on during the pandemic, as hackers scanned and took advantage of new workloads, and vulnerable VPN connections and misconfigurations left the gates to the network open. When attacks like these make headlines, panicked board members have one question for CISOs: how can we be sure that won’t happen to us? Drawing from nearly 25 years of experience in the security industry, Jeff Costlow, CISO at ExtraHop, will share his top strategies for CISOs to lead board-level conversations about risk management amidst the stark new realities of IT.” When risk enters an organization through devices that the IT department cannot control, securing a network becomes very difficult. Any devices and applications that connect to the network that administrators can’t administrate are considered to be “shadow IT.” This is often a consequence of bring-your-own-device habits, but not always. Costlow discussed the implications of shadow IT: “All you have to do is Google or use the search engine of your choice. Search ‘shadow IT horror stories,’ and you will find a ton of these. There is the laptop that runs underneath someone's desk. It turns out it's a business critical piece of software that everyone's using, and it's just running on a laptop under a desk somewhere. There are also plenty of stories. These are some of my favorites the ones about somebody just wanted to get their job done. And so they started forwarding all their business email to their Google account or their Yahoo account or something like that. Or maybe a personal Dropbox use. One of my favorites is unapproved chat clients. Or an even worse, operating those chat rooms. This is sometimes called ChatOps. We're inside a chat r]]> 2020-11-09T12:00:00+00:00 https://feeds.feedblitz.com/~/638496232/0/alienvault-blogs~SecTor-Canada%e2%80%99s-Biggest-Cybersecurity-Event-Day-Two www.secnews.physaphae.fr/article.php?IdArticle=2024708 False Ransomware,Vulnerability,Threat,Guideline Yahoo None ZD Net - Magazine Info 2020-11-08T11:52:00+00:00 https://www.zdnet.com/article/yahoo-mail-discontinues-automatic-email-forwarding-for-free-users/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=2023118 False None Yahoo None Security Affairs - Blog Secu 2020-07-16T05:43:03+00:00 https://securityaffairs.co/wordpress/105959/intelligence/cia-covert-operations-fsb-apt34.html?utm_source=rss&utm_medium=rss&utm_campaign=cia-covert-operations-fsb-apt34 www.secnews.physaphae.fr/article.php?IdArticle=1807132 False Threat Yahoo,APT 34 None Security Affairs - Blog Secu 2020-07-12T07:56:33+00:00 https://securityaffairs.co/wordpress/105808/breaking-news/security-affairs-newsletter-round-272.html?utm_source=rss&utm_medium=rss&utm_campaign=security-affairs-newsletter-round-272 www.secnews.physaphae.fr/article.php?IdArticle=1801450 False None Yahoo 5.0000000000000000 Security Affairs - Blog Secu 2020-07-06T19:04:02+00:00 https://securityaffairs.co/wordpress/105593/cyber-crime/former-yahoo-employee-sentenced.html?utm_source=rss&utm_medium=rss&utm_campaign=former-yahoo-employee-sentenced www.secnews.physaphae.fr/article.php?IdArticle=1793783 False None Yahoo None Graham Cluley - Blog Security 2020-07-06T16:02:50+00:00 https://hotforsecurity.bitdefender.com/blog/ex-yahoo-employee-avoids-jail-despite-hacking-6000-accounts-and-stealing-explicit-photos-and-videos-23657.html#new_tab www.secnews.physaphae.fr/article.php?IdArticle=1793370 False Hack Yahoo None ZD Net - Magazine Info 2020-07-06T10:53:40+00:00 https://www.zdnet.com/article/yahoo-engineer-gets-no-jail-time-after-hacking-6000-accounts-to-look-for-porn/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1792720 False None Yahoo None InformationSecurityBuzzNews - Site de News Securite Apple Is Most Imitated Brand For Phishing: Check Point Research's Q1 2020 Brand Phishing Report]]> 2020-04-14T11:32:35+00:00 https://www.informationsecuritybuzz.com/study-research/apple-is-most-imitated-brand-for-phishing-check-point-researchs-q1-2020-brand-phishing-report/ www.secnews.physaphae.fr/article.php?IdArticle=1654173 False None Yahoo None Wired Threat Level - Security News 2020-02-10T22:41:37+00:00 https://www.wired.com/story/oscars-parasite-netflix-yahoo-breach-money www.secnews.physaphae.fr/article.php?IdArticle=1534381 False None Yahoo None Darknet - The Darkside - Site de news Américain The OWASP Amass Project is a DNS Enumeration, Attack Surface Mapping & External Asset Discovery tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques. Information Gathering Techniques Used by OWASP Amass for DNS Enumeration and More The main functionality of Amass is as follows: DNS: Basic enumeration, Brute forcing (optional), Reverse DNS sweeping, Subdomain name alterations/permutations, Zone transfers (optional) Scraping: Ask, Baidu, Bing, DNSDumpster, DNSTable, Dogpile, Exalead, Google, HackerOne, IPv4Info, Netcraft, PTRArchive, Riddler, SiteDossier, ViewDNS, Yahoo Certificates: Active pulls (optional), Censys, CertSpotter, Crtsh, Entrust, GoogleCT APIs: AlienVault, BinaryEdge, BufferOver, CIRCL, CommonCrawl, DNSDB, GitHub, HackerTarget, IPToASN, Mnemonic, NetworksDB, PassiveTotal, Pastebin, RADb, Robtex, SecurityTrails, ShadowServer, Shodan, Spyse (CertDB & FindSubdomains), Sublist3rAPI, TeamCymru, ThreatCrowd, Twitter, Umbrella, URLScan, VirusTotal, WhoisXML Web Archives: ArchiveIt, ArchiveToday, Arquivo, LoCArchive, OpenUKArchive, UKGovArchive, Wayback Usage of Amass for DNS Enumeration, Attack Surface Mapping & External Asset Discovery The Amass tool has several subcommands shown below for handling your Internet exposure investigation. Read the rest of OWASP Amass – DNS Enumeration, Attack Surface Mapping & External Asset Discovery now! Only available at Darknet. ]]> 2020-02-10T14:05:43+00:00 https://www.darknet.org.uk/2020/02/owasp-amass-dns-enumeration-attack-surface-mapping-external-asset-discovery/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=1533751 False Tool,Guideline Yahoo None Wired Threat Level - Security News 2020-02-08T12:00:00+00:00 https://www.wired.com/story/how-to-get-yahoo-breach-settlement-money www.secnews.physaphae.fr/article.php?IdArticle=1531062 False None Yahoo None InformationSecurityBuzzNews - Site de News Securite 1 Billion Email And Password Combinations Leaked – Expert Comment]]> 2019-12-13T12:38:25+00:00 https://www.informationsecuritybuzz.com/expert-comments/1-billion-email-and-password-combinations-leaked-expert-comment/ www.secnews.physaphae.fr/article.php?IdArticle=1494089 False Spam Yahoo None Dark Reading - Informationweek Branch 2019-10-17T12:50:00+00:00 https://www.darkreading.com/endpoint/yahoo-breach-victims-may-qualify-for-$358-payout/d/d-id/1336113?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple www.secnews.physaphae.fr/article.php?IdArticle=1409548 False None Yahoo None Graham Cluley - Blog Security 2019-10-10T08:37:46+00:00 https://www.grahamcluley.com/smashing-security-149-falling-in-love-with-fraudsters/ www.secnews.physaphae.fr/article.php?IdArticle=1394238 False Threat Yahoo None UnderNews - Site de news "pirate" francais Les experts, Julien Chamonal de Varonis et Jean-Paul Kerouanton de Vectra, proposent leurs commentaires sur la condamnation de l'ancien ingénieur informatique de Yahoo qui avait utilisé ses privilèges en tant qu'employé de l'entreprise pour accéder à 6000 comptes Yahoo à la recherche de contenus personnels explicites.]]> 2019-10-09T11:08:14+00:00 https://www.undernews.fr/reseau-securite/piratage-yahoo-lindispensable-controle-des-utilisateurs.html www.secnews.physaphae.fr/article.php?IdArticle=1392322 False None Yahoo None IT Security Guru - Blog Sécurité 2019-10-08T09:06:48+00:00 https://www.itsecurityguru.org/2019/10/08/yahoo-engineer-has-pleaded-guilty-to-stealing-pictures-of-women/ www.secnews.physaphae.fr/article.php?IdArticle=1390111 False Hack,Guideline Yahoo None Graham Cluley - Blog Security 2019-10-04T12:51:28+00:00 https://hotforsecurity.bitdefender.com/blog/former-yahoo-employee-admits-he-hacked-6000-users-accounts-stole-nude-photos-and-videos-21577.html#new_tab www.secnews.physaphae.fr/article.php?IdArticle=1380110 False None Yahoo None TechRepublic - Security News US 2019-10-02T14:53:45+00:00 https://www.techrepublic.com/article/yahoo-porn-hacking-breach-shows-need-for-better-security-5-ways-to-protect-your-company/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=1375783 False Guideline Yahoo None InformationSecurityBuzzNews - Site de News Securite Ex-Yahoo Engineer Hacked Accounts To Steal Pornography]]> 2019-10-02T14:53:24+00:00 https://www.informationsecuritybuzz.com/expert-comments/ex-yahoo-engineer-hacked-accounts-to-steal-pornography/ www.secnews.physaphae.fr/article.php?IdArticle=1375830 False None Yahoo None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2019-10-02T01:30:32+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/CFPGW3ngSds/yahoo-email-hacking.html www.secnews.physaphae.fr/article.php?IdArticle=1375145 False Hack,Guideline Yahoo None SecurityWeek - Security News 2019-10-01T13:24:45+00:00 http://feedproxy.google.com/~r/Securityweek/~3/aDbXJvWE1Ts/former-yahoo-programmer-pleads-guilty-hacking-user-accounts www.secnews.physaphae.fr/article.php?IdArticle=1373990 False Guideline Yahoo None ZD Net - Magazine Info 2019-10-01T09:07:07+00:00 https://www.zdnet.com/article/former-yahoo-engineer-pleads-guilty-to-hacking-user-emails-in-search-for-porn/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1373019 False None Yahoo None The Last Watchdog - Blog Sécurité de Byron V Acohido 2019-09-23T08:46:59+00:00 https://www.lastwatchdog.com/new-tech-how-cryptographic-splitting-bakes-in-security-at-a-protect-the-data-itself-level/ www.secnews.physaphae.fr/article.php?IdArticle=1355563 False Data Breach Uber,Equifax,Yahoo None TechRepublic - Security News US 2019-09-19T13:45:54+00:00 https://www.techrepublic.com/article/yahoo-data-breach-settlement-means-affected-users-may-get-100/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=1346521 False Data Breach Yahoo None SecurityWeek - Security News Yahoo News reported this week that an Iranian mole recruited by Dutch intelligence helped the United States and Israel sabotage Iran's nuclear program by planting the]]> 2019-09-06T15:32:04+00:00 https://www.securityweek.com/industry-reactions-iranian-mole-planting-stuxnet-feedback-friday www.secnews.physaphae.fr/article.php?IdArticle=1312285 False None Yahoo None Dark Reading - Informationweek Branch 2019-09-03T11:55:00+00:00 https://www.darkreading.com/attacks-breaches/report-iranian-mole-carried-stuxnet-to-iranian-nuclear-facility/d/d-id/1335715?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple www.secnews.physaphae.fr/article.php?IdArticle=1303573 False Malware Yahoo None taosecurity - Blog Sécurité Chinois Meet the US's First Ever Cyber Chief, published 8 September 2016.Mr. Bejtlich was interviewed for the NPR story Cybersecurity: Who's Vulnerable To Attack?, aired 30 July 2016.Mr. Bejtlich was interviewed for the Washington Post story It's not just the DNC; we all send emails we probably shouldn't, published 25 July 2016.Mr. Bejtlich was interviewed for the New Scientist story NATO says the internet is now a war zone – what does that mean?, published 22 June 2016.Mr. Bejtlich was interviewed for the Military Times story The Pentagon's controversial plan to hire military leaders off the street, published 19 June 2016.Mr. Bejtlich was interviewed for the Idealog story Idealog talks with a cyber-war expert, published 6 May 2016.Mr. Bejtlich was cited in the New Zealand Herald story Cyber-attacks part of doing business with China - experts, published 5 May 2016.Mr. Bejtlich was cited in the Christian Science Monitor story Iran hacking indictment highlights US naming and shaming strategy, published 30 March 2016.Mr. Bejtlich was cited in the Financial Times story Defence groups take aim at cyber security, published 28 March 2016.Mr. Bejtlich was interviewed for the Security Management story A Chinese New Year, published 4 January 2016.2015Mr. Bejtlich was cited in the AP story US Advised to Examine "Hack Back" Options against China, published 17 November 2015.Mr. Bejtlich was cited in the Reuters story Data from US agency cyber breach not on black market - researcher, published 2 November 2015.Mr. Bejtlich was cited in the NextGov story Creative, Audacious or Destructive: The Different Personalities of Nation-State Hackers, published 2 November 2015.Mr. Bejtlich was cited in the Baltimore Sun story As more devices go online, hackers hunt for vulnerabilities, published 24 October 2015.Mr. Bejtlich was cited in the Atlantic story Can Campus Networks Ever Be Secure?, published 12 October 2015.Mr. Bejtlich was cited in the Info Security story ]]> 2019-07-01T08:00:01+00:00 https://taosecurity.blogspot.com/2019/07/reference-taosecurity-press.html www.secnews.physaphae.fr/article.php?IdArticle=1181234 False Guideline Yahoo None InformationSecurityBuzzNews - Site de News Securite The Next Generation Of Agnostic Cloud Security Delivered By cloudAshur]]> 2019-06-04T15:55:02+00:00 https://www.informationsecuritybuzz.com/articles/the-next-generation-of-agnostic-cloud-security-delivered-by-cloudashur/ www.secnews.physaphae.fr/article.php?IdArticle=1139474 False Hack Yahoo None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC last blog on DNS cache poisoning only covered the superficial aspects of this long-standing issue. This installment aims to give a bit more technical detail, and expose some of the tactics used by the "bad-actors" looking to leverage a poisoned DNS cache against you and your network. In a worst-case scenario, the results of a poisoned DNS cache could lead to more than just a headache: civil liability, phishing, increased DNS overhead, and other kinds of nightmares are too easy to overlook with this type of 'attack'. So, you may be wondering, "What exactly makes a DNS cache poisoning attack so dangerous, and what can we do to prevent it?" Well, as outlined in my first article, not answering DNS requests on the web is a great place to start. If you're only running an internal DNS infrastructure, your attack-surface is much lower. However, this comes with a caveat; "internal-only" DNS attacks are much harder to detect, and can often go weeks or months before even the keenest of sysops recognize them. This has to do with the fundamental structure of DNS. Let me explain. Fundamental structure of DNS In a typical DNS server (e.g. Windows DNS, or BIND) there is little mechanism (e.g. NONE) to provide any sanity checking. In its simplest form, a DNS query will look to its local database (the 'cache') first, upon finding no answer for the request it will then send a lookup request to its configured DNS server (the one you hopefully manage) and see if it can find an answer for the request. If this lookup fails a 2nd time, there is a 'forwarder' configuration that kicks in, and the request goes to a list of pre-specified DNS hosts that your server will send the request to, looking for a resolution to the name. If this final 'forward' lookup fails, the final lookup happens out on the internet, on one of the 'Root' nameservers that share a distributed list of all the DNS hosts that make up the TCP/IPv4 internet. If this final lookup fails, the original requesting client is returned with a 'DNS Name not found' answer, and the name will not resolve. At any point during this journey, a "faked" response can be issued, and the initiator will accept it. No questions asked. Problems with the model This model is good when we can trust each one of the segments in the process. However, even during the early days of the web - there were some issues that became apparent with the way DNS works. For example, what if the root servers are unavailable? Unless your local DNS server has a record of ALL of the domains on the web, or one of your 'forwarders' does - the DNS name will not resolve. Even if it is a valid domain, DNS will simply not be able to lookup your host. There was an "attack" on several of the root servers in the late 1990's. Several of the root servers were knocked offline, effectively taking down the internet for a large portion of the USA. It was during this outage that many network operators realized a large oversight of the DNS system, and a push was made to distribute control of these systems to a variety of trustworthy and capable internet entities. At the time of this attack, much of the internet name resolution duties fell to a single entity: Yahoo. A DDoS of Yahoo effectively killed the internet. Sure, we could still get to our desired hosts via IP, but e-mail, for example, was not as resilient. It was a great learning lesson for the web community at-large. This was just a denial-of-service at the highest level of the infrastructure. What would  happen if the localized database on every computer in your organization had different "answers" for DNS lookups? Instead of consistent ]]> 2019-04-11T13:00:00+00:00 https://feeds.feedblitz.com/~/600721416/0/alienvault-blogs~DNS-cache-poisoning-part www.secnews.physaphae.fr/article.php?IdArticle=1092951 False Tool,Guideline Yahoo None InformationSecurityBuzzNews - Site de News Securite Yahoo In New $117.5 Million Data Breach Settlement]]> 2019-04-10T19:22:02+00:00 https://www.informationsecuritybuzz.com/expert-comments/yahoo-in-new-117-5-million-data-breach-settlement/ www.secnews.physaphae.fr/article.php?IdArticle=1092808 False None Yahoo None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2019-04-10T15:21:02+00:00 https://threatpost.com/yahoo-offers-117-5m-settlement-in-data-breach-lawsuit/143671/ www.secnews.physaphae.fr/article.php?IdArticle=1092274 False Data Breach Yahoo None ZD Net - Magazine Info 2019-04-10T10:48:05+00:00 https://www.zdnet.com/article/yahoo-data-breach-settlement-effort-reaches-117-5-million/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1091991 False Data Breach Yahoo None Security Affairs - Blog Secu 2019-04-09T21:27:04+00:00 https://securityaffairs.co/wordpress/83562/security/yahoo-data-breach-settlement.html www.secnews.physaphae.fr/article.php?IdArticle=1091746 False Data Breach Yahoo None Dark Reading - Informationweek Branch 2019-04-09T11:00:00+00:00 https://www.darkreading.com/threat-intelligence/yahoo-reaches-$1175m-breach-accord-following-failed-settlement/d/d-id/1334379?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple www.secnews.physaphae.fr/article.php?IdArticle=1091862 False Data Breach Yahoo None ZD Net - Magazine Info 2019-03-17T02:59:02+00:00 https://www.zdnet.com/article/dutch-hacker-who-ddosed-the-bbc-and-yahoo-news-gets-no-jail-time/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1073384 False None Yahoo None TechRepublic - Security News US 2019-03-11T03:32:00+00:00 https://www.techrepublic.com/article/unintended-inferences-the-biggest-threat-to-data-privacy-and-cybersecurity/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=1063714 False Threat Yahoo None Security Affairs - Blog Secu 2019-02-25T10:02:01+00:00 https://securityaffairs.co/wordpress/81607/hacking/xss-flaw-yahoo-mail.html www.secnews.physaphae.fr/article.php?IdArticle=1040706 False Vulnerability Yahoo None SecurityWeek - Security News 2019-02-22T07:14:00+00:00 https://www.securityweek.com/researcher-earns-10000-another-xss-flaw-yahoo-mail www.secnews.physaphae.fr/article.php?IdArticle=1037808 False Vulnerability Yahoo None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Life without the tech giants | Gizmondo Week 1, Amazon | Gizmondo Week 2, Facebook | Gizmondo Week 3, Google | Gizmondo Considerations for When Your Apartment Goes “Smart” Everything is getting ‘smart’ these days. By smart, I mean connected and vulnerable. So, what should you do if you live in an apartment where everyone is getting fancy new smart locks (or terribly insecure cheap locks depending on how you look at it). Lesley Carhart recently found herself in the same position, and has written a really good post on security considerations if you ever find yourself in a similar position. Security Things to Consider When Your Apartment Goes ‘Smart’ | tisiphone Abusing Exchange: One API Call Away From Domain Admin An attacker with just the credentials of a single lowly Exchange mailbox user can gain Domain Admin privileges by using a simple tool. Very good writeup here. Abusing Exchange: One API call away from Domain Admin | dirkjanm.io Sending Love Letters The "Love Letter" malspam campaign has now changed its focus to Japanese targets and almost doubled the volume of malicious attachments it delivers. Love Letter Malspam Serves Cocktail of Malware, Heavily Targets Japan | Bleeping Computer While we’re talking about Japan, a new law in Japan allows the nation's National Institute of Information and Communications Technology (NICT) to hack into citizens' personal IoT equipment as part of a survey of vuln]]> 2019-02-01T14:00:00+00:00 https://feeds.feedblitz.com/~/595125804/0/alienvault-blogs~Things-I-Hearted-This-Week-st-Feb www.secnews.physaphae.fr/article.php?IdArticle=1019346 False Data Breach,Hack Yahoo None IT Security Guru - Blog Sécurité 2019-01-31T10:31:03+00:00 https://www.itsecurityguru.org/2019/01/31/yahoos-settlement-proposal-on-data-breach-case-rejected-by-court/ www.secnews.physaphae.fr/article.php?IdArticle=1016370 False Data Breach Yahoo None SecurityWeek - Security News 2019-01-30T18:57:04+00:00 https://www.securityweek.com/yahoo-breach-settlement-rejected-judge www.secnews.physaphae.fr/article.php?IdArticle=1015908 False None Yahoo None The State of Security - Magazine Américain Read More ]]> 2019-01-30T12:19:00+00:00 https://www.tripwire.com/state-of-security/security-data-protection/judge-denies-approval-of-50m-settlement-to-yahoo-data-breach-lawsuit/ www.secnews.physaphae.fr/article.php?IdArticle=1014911 False Data Breach Yahoo None The Security Ledger - Blog Sécurité Read the whole entry...  _!fbztxtlnk!_ https://feeds.feedblitz.com/~/594686064/0/thesecurityledger -->» ]]> 2019-01-29T23:26:03+00:00 https://feeds.feedblitz.com/~/594686064/0/thesecurityledger~Podcast-Episode-suing-Yahoo-Executivesand-winning/ www.secnews.physaphae.fr/article.php?IdArticle=1014307 False None Yahoo None BBC - BBC News - Technology 2019-01-29T14:50:00+00:00 https://www.bbc.co.uk/news/technology-47044652 www.secnews.physaphae.fr/article.php?IdArticle=1013672 False Data Breach Yahoo None CSO - CSO Daily Dashboard 2019-01-07T06:05:00+00:00 https://www.csoonline.com/article/3331598/identity-management/managing-identity-and-access-management-in-uncertain-times.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=978974 False Data Breach Equifax,Yahoo,Deloitte None Security Affairs - Blog Secu 2018-12-25T20:14:03+00:00 https://securityaffairs.co/wordpress/79165/hacking/amnesty-phishing-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=964015 False Threat Yahoo None