This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-20T13:22:57+00:00 www.secnews.physaphae.fr Dark Reading - Informationweek Branch Weapons systems data, AI research, and other classified information may be up for sale, not to mention access to other government agencies.]]> 2023-11-27T20:55:00+00:00 https://www.darkreading.com/attacks-breaches/general-electric-darpa-hack-claims-raise-national-security-concerns www.secnews.physaphae.fr/article.php?IdArticle=8417323 False Hack None 2.0000000000000000 Dark Reading - Informationweek Branch Weapons systems data, AI research, and other classified information may be up for sale, not to mention access to other government agencies.]]> 2023-11-27T20:55:00+00:00 https://www.darkreading.com/cyberattacks-data-breaches/general-electric-darpa-hack-claims-raise-national-security-concerns www.secnews.physaphae.fr/article.php?IdArticle=8418319 False Hack None 2.0000000000000000 Recorded Future - FLux Recorded Future La Direction des renseignements de la défense de l'Ukraine a affirmé avoir effectué une cyber-opération réussie contre l'agence de l'aviation civile du gouvernement russe, également connu sous le nom de Rosavisitsia.L'agence a rapporté novembre23 qu'en raison du pirat

---

Ukraine\'s defense intelligence directorate has claimed it carried out a successful cyber operation against Russian government\'s civil aviation agency, also known as Rosaviatsia. The agency reported November 23 that as a result of the hack, it obtained “a large volume of confidential documents,” including a list of daily reports from Rosaviatsia spanning more than a]]> 2023-11-27T15:38:00+00:00 https://therecord.media/ukraine-cyber-operation-russian-aviation-agency www.secnews.physaphae.fr/article.php?IdArticle=8417244 False Hack None 2.0000000000000000 Dark Reading - Informationweek Branch 2023-11-22T20:30:00+00:00 https://www.darkreading.com/careers-and-people/hack-the-box-launches-5th-annual-university-ctf-competition www.secnews.physaphae.fr/article.php?IdArticle=8416100 False Hack None 2.0000000000000000 SecurityWeek - Security News Les pièces automobiles Giant Autozone indiquent que près de 185 000 personnes ont été touchées par une violation de données causée par le hack Moveit.

---

>Car parts giant AutoZone says nearly 185,000 individuals were impacted by a data breach caused by the MOVEit hack. ]]> 2023-11-22T13:47:29+00:00 https://www.securityweek.com/185000-individuals-impacted-by-moveit-hack-at-car-parts-giant-autozone/ www.secnews.physaphae.fr/article.php?IdArticle=8415920 False Data Breach,Hack None 3.0000000000000000 ComputerWeekly - Computer Magazine 2023-11-20T05:00:00+00:00 https://www.computerweekly.com/news/366560072/Defence-lawyers-seek-appeal-of-tribunal-ruling-on-police-EncroChat-cryptophone-hack www.secnews.physaphae.fr/article.php?IdArticle=8414799 False Hack None 3.0000000000000000 SecurityWeek - Security News Google dit qu'un zéro-jour Zimbra depuis plus tôt cette année, CVE-2023-37580, a été exploité dans plusieurs campagnes pour pirater les e-mails du gouvernement.

---

>Google says a Zimbra zero-day from earlier this year, CVE-2023-37580, was exploited in several campaigns to hack government emails. ]]> 2023-11-16T16:00:00+00:00 https://www.securityweek.com/zimbra-zero-day-exploited-to-hack-government-emails/ www.secnews.physaphae.fr/article.php?IdArticle=8412957 False Hack None 2.0000000000000000 Wired Threat Level - Security News This week, we talk about the Mirai cyberattack that caused a massive internet blackout, the three young friends who wrote the calamitous code, and the FBI manhunt that followed.]]> 2023-11-16T13:00:00+00:00 https://www.wired.com/story/gadget-lab-podcast-621/ www.secnews.physaphae.fr/article.php?IdArticle=8412853 False Hack None 2.0000000000000000 Recorded Future - FLux Recorded Future La capacité de l'armée ukrainienne à se remettre du Russe attaque contre la société satellite viasat est un exemple de la nécessité de systèmes redondants etorganisations résilientes, selon un haut responsable du gouvernement américain de la cybersécurité.Au Aspen Cyber Summit à New York mercredi, la directrice exécutive de la cybersécurité de la cybersécurité et de l'infrastructure (CISA) de Cybersecurity Eric

---

The Ukrainian military\'s ability to recover from the Russian attack on satellite company Viasat is an example of the need for redundant systems and resilient organizations, according to a top U.S. government cybersecurity official. At the Aspen Cyber Summit in New York on Wednesday, Cybersecurity and Infrastructure Security Agency (CISA) executive director of cybersecurity Eric]]> 2023-11-15T19:30:00+00:00 https://therecord.media/cisa-goldstein-ukrainian-response-to-viasat-hack-proves-need-for-redundancy www.secnews.physaphae.fr/article.php?IdArticle=8412508 False Hack None 3.0000000000000000 Soc Radar - Blog spécialisé SOC Dans le monde compliqué de la cybersécurité, l'élément le plus imprévisible reste le facteur humain.Social ...

---

>In the complicated world of cybersecurity, the most unpredictable element remains the human factor. Social... ]]> 2023-11-15T14:44:31+00:00 https://socradar.io/mgm-casino-hack-and-realities-of-social-engineering-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8412380 False Hack,Threat None 5.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC supply chain attack, hackers aim to breach a target\'s defenses by exploiting vulnerabilities in third-party companies. These attacks typically follow one of two paths. The first involves targeting a service provider or contractor, often a smaller entity with less robust security. The second path targets software developers, embedding malicious code into their products. This code, masquerading as a legitimate update, may later infiltrate the IT systems of customers. This article delves into specific instances of supply chain attacks, explores the inherent risks, examines common strategies employed by attackers, as well as effective defense mechanisms, and offers supply chain risk management tips. Understanding the scope and danger of supply chain cyberattacks In their assaults on supply chains, attackers are driven by various objectives, which can range from espionage and extortion to other malicious intents. These attacks are merely one of many strategies hackers use to infiltrate a victim\'s infrastructure. What makes supply chain attacks particularly dangerous is their unpredictability and extensive reach. Companies can find themselves compromised by mere misfortune. A case in point is the 2020 incident involving SolarWinds, a network management software firm. The company fell victim to a hack that resulted in extensive breaches across various government agencies and private corporations. Over 18,000 SolarWinds customers unknowingly installed malicious updates, which led to an undetected, widespread malware infiltration. Why do companies fall victim to supply chain attacks? Several factors contribute to the susceptibility of companies to supply chain attacks: Inadequate security measures A staggering 84% of businesses have high-risk vulnerabilities within their networks. For companies involved in software production and distribution, a supply chain attack represents a significant breach of security protocols. Reliance on unsafe components Many firms utilize components from third-party vendors and open-source software (OSS), seeking to cut costs and expedite product development. However, this practice can backfire by introducing severe vulnerabilities into a company\'s infrastructure. OSS platforms and repositories frequently contain security loopholes. Cybersecurity professionals have identified over 10,000 GitHub repositories susceptible to RepoJacking, a form of supply chain attack exploiting dependency hijacking. Furthermore, the layered nature of OSS, often integrating third-party components, creates a chain of transitive dependencies and potential security threats. Overconfidence in partners Not many companies conduct thorough security evaluations of their service providers, typically relying on superficial questionnaires or legal compliance checks. These measures fall short of providing an accurate picture of a partner\'s cybersecurity maturity. In most cases, real audits are an afterthought triggered by a security incident that has already taken place. Additional risk factors precipit]]> 2023-11-15T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/how-prepared-is-your-company-for-a-supply-chain-attack www.secnews.physaphae.fr/article.php?IdArticle=8412299 False Malware,Hack,Tool,Vulnerability,Threat None 2.0000000000000000 ComputerWeekly - Computer Magazine 2023-11-15T07:30:00+00:00 https://www.computerweekly.com/news/366559532/US-government-reinforces-ICBC-hack-link-to-Citrix-Bleed www.secnews.physaphae.fr/article.php?IdArticle=8412334 False Hack None 2.0000000000000000 Ars Technica - Risk Assessment Security Hacktivism Upstart Android OEM hopes Apple won\'t immediately shut the project down.]]> 2023-11-14T23:47:11+00:00 https://arstechnica.com/?p=1983702 www.secnews.physaphae.fr/article.php?IdArticle=8412125 False Hack,Mobile None 2.0000000000000000 Bleeping Computer - Magazine Américain A new software-based fault injection attack, CacheWarp, can let threat actors hack into AMD SEV-protected virtual machines by targeting memory writes to escalate privileges and gain remote code execution. [...]]]> 2023-11-14T15:34:15+00:00 https://www.bleepingcomputer.com/news/security/new-cachewarp-amd-cpu-attack-lets-hackers-gain-root-in-linux-vms/ www.secnews.physaphae.fr/article.php?IdArticle=8412075 False Hack,Vulnerability,Threat None 2.0000000000000000 SecurityWeek - Security News Dragos ne trouve aucune preuve d'une violation de données après que le groupe de ransomware BlackCat a affirmé avoir piraté la société de sécurité via un tiers.

---

>Dragos finds no evidence of a data breach after the BlackCat ransomware group claimed to have hacked the security firm via a third party. ]]> 2023-11-13T15:02:51+00:00 https://www.securityweek.com/dragos-says-no-evidence-of-breach-after-ransomware-gang-claims-hack-via-third-party/ www.secnews.physaphae.fr/article.php?IdArticle=8411102 False Ransomware,Data Breach,Hack None 2.0000000000000000 Recorded Future - FLux Recorded Future Les pirates ont volé plus de 100 millions de dollars à la plate-forme de trading de crypto-monnaie Poloniex vendredi, décoller avec des millions de bitcoin et d'Ethereum.La plate-forme a confirmé sur les réseaux sociaux qu'il enquêtait sur le vol et qu'il prévoit de rembourser pleinement ceux qui ont été touchés par le piratage.Poloniex a déclaré

---

Hackers stole more than $100 million from cryptocurrency trading platform Poloniex on Friday, taking off with millions worth of Bitcoin and Ethereum. The platform confirmed on social media that it is investigating the theft and that it plans to fully reimburse those who were affected by the hack. Poloniex said it would pay 5% of]]> 2023-11-12T20:15:00+00:00 https://therecord.media/poloniex-cryptocurrency-platform-millions-stolen www.secnews.physaphae.fr/article.php?IdArticle=8410503 False Hack None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The notorious Russian hackers known as Sandworm targeted an electrical substation in Ukraine last year, causing a brief power outage in October 2022. The findings come from Google\'s Mandiant, which described the hack as a "multi-event cyber attack" leveraging a novel technique for impacting industrial control systems (ICS). "The actor first used OT-level living-off-the-land (LotL) techniques to]]> 2023-11-10T17:52:00+00:00 https://thehackernews.com/2023/11/russian-hackers-sandworm-cause-power.html www.secnews.physaphae.fr/article.php?IdArticle=8409099 False Hack,Industrial APT 28 3.0000000000000000 SecurityWeek - Security News L'État du Maine affirme que les informations personnelles de 1,3 million de personnes ont été compromises dans l'attaque de Moveit.

---

>The State of Maine says the personal information of 1.3 million individuals was compromised in the MOVEit attack. ]]> 2023-11-10T11:23:26+00:00 https://www.securityweek.com/1-3-million-maine-residents-impacted-by-moveit-hack/ www.secnews.physaphae.fr/article.php?IdArticle=8409067 False Hack None 2.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain répliques miniatures aux acheteurs sans méfiance: marchés en ligne vendent de minuscules chapeaux de cowboy rose.Ils vendent également des aiguilles de crayons miniatures, des ustensiles de cuisine de la taille d'une paume, des livres à l'échelle et des chaises de camping si petites qu'ils évoquent la scène de Stonehenge dans & # 8220; c'est la spinal. & # 8221;Beaucoup d'objets minuscules ne sont pas clairement annoncés. [& # 8230;] Mais il ne fait aucun doute que certains vendeurs en ligne incitent délibérément les clients à acheter des articles plus petits et souvent moins chers à produire, a déclaré Witcher.Les tactiques courantes incluent l'affichage de produits sur un fond blanc plutôt que dans des ensembles de chambres ou sur des modèles, ou photographier des articles avec une perspective qui les fait paraître plus grands qu'ils ne le sont vraiment.Les dimensions peuvent être cachées au plus profond de la description du produit, ou pas du tout incluses ...

---

Selling miniature replicas to unsuspecting shoppers: Online marketplaces sell tiny pink cowboy hats. They also sell miniature pencil sharpeners, palm-size kitchen utensils, scaled-down books and camping chairs so small they evoke the Stonehenge scene in “This Is Spinal Tap.” Many of the minuscule objects aren’t clearly advertised. […] But there is no doubt some online sellers deliberately trick customers into buying smaller and often cheaper-to-produce items, Witcher said. Common tactics include displaying products against a white background rather than in room sets or on models, or photographing items with a perspective that makes them appear bigger than they really are. Dimensions can be hidden deep in the product description, or not included at all...]]> 2023-11-09T12:09:12+00:00 https://www.schneier.com/blog/archives/2023/11/online-retail-hack.html www.secnews.physaphae.fr/article.php?IdArticle=8408464 False Hack None 2.0000000000000000 Bleeping Computer - Magazine Américain The Federal Bureau of Investigation is warning that ransomware threat actors are targeting casino servers and use legitimate system management tools to increase their permissions on the network. [...]]]> 2023-11-08T11:44:35+00:00 https://www.bleepingcomputer.com/news/security/fbi-ransomware-gangs-hack-casinos-via-3rd-party-gaming-vendors/ www.secnews.physaphae.fr/article.php?IdArticle=8407960 False Ransomware,Hack,Tool,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch To combat sophisticated threats, we need to improve how we approach authorization and access controls.]]> 2023-11-07T15:00:00+00:00 https://www.darkreading.com/operations/identity-alone-wont-save-us-tsa-paradigm-mgm-hack www.secnews.physaphae.fr/article.php?IdArticle=8407302 False Hack None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC one of the most impactful business trends in 2023.  While this shift promises increased efficiency and growth, it also opens more opportunities for cybersecurity attacks and, consequently, an accelerated need for cybersecurity experts. Unfortunately, the latter part is where the industry is facing a challenge. The (ISC)2 2022 workforce study revealed there is a shortage of 3.4 million cybersecurity specialists, an increase of 26% from the previous year. On the other hand, the Bureau of Labor Statistics reported that the field is expected to expand by more than 33% from 2020 to 2030. The industry’s need for skilled cybersecurity practitioners is, in fact, growing faster than the number of people entering the field. To address some of these pressing issues, Scott Scheppers, chief experience officer (CXO) at AT&T Cybersecurity, lends insight on how his team is meeting the challenge of hiring and retention.  Scheppers has more than 30 years of experience in security, and his team staffs nine global network and security operations centers that run 24/7/365. Throughout his career, Scheppers has witnessed the industry’s explosive growth firsthand. He was on the front lines of National Defense before Cybersecurity was even a fully developed concept. “When the cyber domain began growing in the late ’90s,” says Scheppers, “it wasn’t even called cybersecurity. There was just a bunch of IT professionals worried about keeping the IT department running. They didn’t think operationally. They just had to service desks, close tickets, and make emails work. Then, in the late \'90s and early 2000s, we had demonstrations of how easy it was to hack someone’s email. That was just the beginning.” He continues, “When I first started in the air force, I was an intelligence offer. In intelligence, you focus on what the adversary is doing, collect information, and analyze it. This is different from the IT department, that is mainly focused on keeping things running.” “In the intelligence team, our focus is the adversary. We needed to be constantly thinking strategically about how to combat the rise in cybercrime. And so, our team was perfectly positioned to transition into cybersecurity. I entered the Air Force as an intelligence officer and was the head of cybersecurity by the time I left. During this time, I watched the transformation of cyber into a critical warfighting domain. It was a crazy time of sick or swim. I am grateful to have been part of teams that led our national response to key cybersecurity events.” After Scheppers’ time of service in the government, he accepted a position in AT&T’s Cybersecurity department. Today, he ov]]> 2023-11-07T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/cybersecurity-hiring-and-retention-challenges-in-2023 www.secnews.physaphae.fr/article.php?IdArticle=8407185 False Hack,Cloud None 3.0000000000000000 Global Security Mag - Site de news francais Points de Vue]]> 2023-11-06T13:06:17+00:00 https://www.globalsecuritymag.fr/Proteger-les-cles-d-acces-Lecons-tirees-du-hack-des-cles-Azure.html www.secnews.physaphae.fr/article.php?IdArticle=8406610 False Hack None 2.0000000000000000 SecurityWeek - Security News Okta blâme le récent hack de son système de soutien sur un employé qui s'est connecté à un compte Google personnel sur un ordinateur portable géré par l'entreprise.

---

>Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop. ]]> 2023-11-03T15:31:05+00:00 https://www.securityweek.com/okta-hack-blamed-on-employee-using-personal-google-account-on-company-laptop/ www.secnews.physaphae.fr/article.php?IdArticle=8405890 False Hack None 3.0000000000000000 Recorded Future - FLux Recorded Future Un analyste corrompu des renseignements policiers a été emprisonné vendredi pour avoir fait irruption d'un ami criminel au sujet de l'accès des forces de l'ordre à la plate-forme de communication cryptée Entrochat.Natalie Mottram, 25 ans, a été arrêtée le 12 juin 2020. Elle a par la suite admis une faute dans la fonction publique, pervertissant le cours de la justice et un accès non autorisé à des documents informatiques et a été condamné

---

A corrupt police intelligence analyst was jailed on Friday for tipping off a criminal friend about law enforcement\'s access to the encrypted communications platform EncroChat. Natalie Mottram, 25, was arrested on June 12, 2020. She subsequently admitted misconduct in public office, perverting the course of justice and unauthorized access to computer material, and was sentenced]]> 2023-11-03T14:44:00+00:00 https://therecord.media/uk-police-intel-analyst-jailed-encrochat-tipoff www.secnews.physaphae.fr/article.php?IdArticle=8405353 False Hack,Legislation None 2.0000000000000000 SecurityWeek - Security News Commentaires de l'industrie sur le procès de la SEC contre Solarwinds et son CISO sur la cybersécurité et les pratiques de gestion des risques avant le hack massif qui a été révélé fin 2020.

---

>Industry commentary on the SEC lawsuit against SolarWinds and its CISO over cybersecurity and risk handling practices before the massive hack that came to light in late 2020.   ]]> 2023-11-03T10:38:00+00:00 https://www.securityweek.com/industry-reactions-to-sec-charging-solarwinds-and-its-ciso-feedback-friday/ www.secnews.physaphae.fr/article.php?IdArticle=8405893 False Hack None 2.0000000000000000 Bleeping Computer - Magazine Américain Okta says attackers who breached its customer support system last month gained access to files belonging to 134 customers, five of them later being targeted in session hijacking attacks with the help of stolen session tokens. [...]]]> 2023-11-03T10:18:26+00:00 https://www.bleepingcomputer.com/news/security/okta-breach-134-customers-exposed-in-october-support-system-hack/ www.secnews.physaphae.fr/article.php?IdArticle=8405351 False Hack None 2.0000000000000000 HackRead - Chercher Cyber Par waqas Un incident de cybersécurité impliquant apparemment une collaboration entre les Russes et les Américains ... Ceci est un article de HackRead.com Lire le post original: La paire russe chargée du piratage du système de taxi de l'aéroport JFK pendant plus de 2 ans

---

>By Waqas A cybersecurity incident apparently involving collaboration between Russians and Americans... This is a post from HackRead.com Read the original post: Russian Pair Charged with JFK Airport Taxi System Hack for Over 2 Years]]> 2023-11-01T18:27:48+00:00 https://www.hackread.com/russians-charged-jfk-airport-taxi-system-hack/ www.secnews.physaphae.fr/article.php?IdArticle=8404264 False Hack None 3.0000000000000000 TroyHunt - Blog Security SolarWinds misled public about security while hackers accessed network, SEC says.]]> 2023-10-31T19:43:20+00:00 https://arstechnica.com/?p=1980175 www.secnews.physaphae.fr/article.php?IdArticle=8403723 False Hack Solardwinds 2.0000000000000000 HackRead - Chercher Cyber deeba ahmed Les dégâts du hack Moveit émergent lentement. Ceci est un article de HackRead.com Lire le post original: Massive Moveit Hack: 630K + US Defense Officiel & # 8217;E-mails violés

---

By Deeba Ahmed The damage from the MOVEit hack is slowly emerging. This is a post from HackRead.com Read the original post: Massive MOVEit Hack: 630K+ US Defense Officials’ Emails Breached]]> 2023-10-31T18:34:14+00:00 https://www.hackread.com/moveit-hack-us-defense-officials-emails-breached/ www.secnews.physaphae.fr/article.php?IdArticle=8403668 False Hack None 2.0000000000000000 Recorded Future - FLux Recorded Future Un groupe de pirates pro-ukrainiens prétend avoir violé le système national de paiement des cartes de la Russie cette semaine et obtenu ses données utilisateur.Des militants du groupe DumpForums et de l'Ukrainian Cyber Alliance ont déclaré qu'ils ont défait un site Web du système de carte de paiement national (NSPK) et du gouvernement (NSPK) etaurait eu accès aux systèmes internes du consommateur

---

A group of pro-Ukrainian hackers claims to have breached Russia\'s national card payment system this week and obtained its user data. Activists from the DumpForums group and the Ukrainian Cyber Alliance said they defaced a website of the government-run National Payment Card System (NSPK) and reportedly gained access to the internal systems of the consumer]]> 2023-10-31T14:35:00+00:00 https://therecord.media/russia-mir-payment-system-attack-pro-ukraine-group www.secnews.physaphae.fr/article.php?IdArticle=8403526 False Hack None 3.0000000000000000 knowbe4 - cybersecurity services 30 octobre 2023 Le Wall Street Journal a annoncé que la Commission des États-Unis de sécurité et d'échange a poursuivi Solarwinds.Voici les premiers paragraphes et il y a un lien vers l'article WSJ complet en bas: "La société de logiciels & nbsp; victime de pirates liés à la Russie & nbsp; il y a plus de trois ans, alléguant que la société fraude les actionnaires par des actionnaires à plusieurs reprises par répétition par des actionnaires à plusieurs reprises par répétition par des actionnaires à plusieurs reprises à plusieurs reprises à plusieurs reprises par des actionnaires à plusieurs reprises par la firme à plusieurs reprises par les actionnaires à plusieurs reprises par à plusieurs reprises par des action à plusieurs reprises à plusieurs reprises à plusieurs reprises à plusieurs reprises à plusieurs reprises à plusieurs reprises par la firme francLes tromper sur ses cyber-vulnérabilités et la capacité des attaquants à pénétrer ses systèmes.

---

October 30, 2023 the Wall street Journal broke news that the United States Security and Exchange Commission sued Solarwinds. Here are the first few paragraphs and there is a link to the full WSJ article at the bottom : "the software company victimized by Russian-linked hackers over three years ago, alleging the firm defrauded shareholders by repeatedly misleading them about its cyber vulnerabilities and the ability of attackers to penetrate its systems.]]> 2023-10-31T14:24:03+00:00 https://blog.knowbe4.com/wsj-sec-sues-solarwinds-over-2020-hack-attributed-to-russians www.secnews.physaphae.fr/article.php?IdArticle=8403525 False Hack,Vulnerability Solardwinds 3.0000000000000000 Bleeping Computer - Magazine Américain Public exploit code is now available for the critical Cisco IOS XE vulnerability tracked as CVE-2023-20198 that was leveraged as a zero-day to hack tens of thousands of devices. [...]]]> 2023-10-30T23:09:43+00:00 https://www.bleepingcomputer.com/news/security/exploit-released-for-critical-cisco-ios-xe-flaw-many-hosts-still-hacked/ www.secnews.physaphae.fr/article.php?IdArticle=8403268 False Hack,Vulnerability,Threat None 3.0000000000000000 Bleeping Computer - Magazine Américain The U.S. Securities and Exchange Commission (SEC) today charged SolarWinds with defrauding investors by allegedly concealing cybersecurity defense issues before a December 2020 linked to APT29, the Russian Foreign Intelligence Service (SVR) hacking division. [...]]]> 2023-10-30T17:54:13+00:00 https://www.bleepingcomputer.com/news/security/sec-sues-solarwinds-for-misleading-investors-before-2020-hack/ www.secnews.physaphae.fr/article.php?IdArticle=8403150 False Hack APT 29,Solardwinds 3.0000000000000000 SecurityWeek - Security News La ville de Philadelphie dit que des informations personnelles, de santé et financières ont été volées dans une cyberattaque sur son environnement de messagerie.

---

>The City of Philadelphia says personal, health, and financial information was stolen in a cyberattack on its email environment. ]]> 2023-10-24T20:43:02+00:00 https://www.securityweek.com/personal-information-stolen-in-city-of-philadelphia-email-hack/ www.secnews.physaphae.fr/article.php?IdArticle=8399893 False Hack None 2.0000000000000000 Korben - Bloger francais 2023-10-24T07:00:00+00:00 https://korben.info/legend-super-mario-sauvez-royaume-champignon-hack-zelda-retrogaming.html www.secnews.physaphae.fr/article.php?IdArticle=8399675 False Hack None 2.0000000000000000 SecurityWeek - Security News Les pirates accèdent aux informations personnelles des clients Casio après avoir compromis le serveur pour une application Web éducative.

---

>Hackers access the personal information of Casio customers after compromising the server for an education web application. ]]> 2023-10-23T18:48:37+00:00 https://www.securityweek.com/casio-says-personal-information-accessed-in-web-application-server-hack/ www.secnews.physaphae.fr/article.php?IdArticle=8399448 False Hack None 2.0000000000000000 Recorded Future - FLux Recorded Future Les pirates ukrainiens ont collaboré avec les services de sécurité du pays, le SBU, pour enfreindre la plus grande banque privée de la Russie, une source au sein du département confirmé à des nouvelles futures enregistrées.La semaine dernière, deux groupes de pirates pro-ukrainiens, Kiborg et NLB, ont piraté Alfa-Bank et ont prétendu obtenir les données de plus de 30 millions de clients, y compris leurs noms, les dates

---

Ukrainian hackers collaborated with the country\'s security services, the SBU, to breach Russia\'s largest private bank, a source within the department confirmed to Recorded Future News. Last week, two groups of pro-Ukrainian hackers, KibOrg and NLB, hacked into Alfa-Bank and claimed to obtain the data of more than 30 million customers, including their names, dates]]> 2023-10-23T17:15:00+00:00 https://therecord.media/sbu-involved-in-alfa-bank-hack www.secnews.physaphae.fr/article.php?IdArticle=8399387 False Hack None 2.0000000000000000 Bleeping Computer - Magazine Américain Cisco has addressed the two vulnerabilities (CVE-2023-20198 and CVE-2023-20273) that hackers exploited to compromise tens of thousands of IOS XE devices over the past week. [...]]]> 2023-10-23T10:08:05+00:00 https://www.bleepingcomputer.com/news/security/cisco-patches-ios-xe-zero-days-used-to-hack-over-50-000-devices/ www.secnews.physaphae.fr/article.php?IdArticle=8399320 False Hack,Vulnerability None 3.0000000000000000 Bleeping Computer - Magazine Américain A group of cyber activists under the Ukrainian Cyber Alliance banner has hacked the servers of the Trigona ransomware gang and wiped them clean after copying all the information available. [...]]]> 2023-10-18T19:17:43+00:00 https://www.bleepingcomputer.com/news/security/ukrainian-activists-hack-trigona-ransomware-gang-wipe-servers/ www.secnews.physaphae.fr/article.php?IdArticle=8397477 False Ransomware,Hack None 4.0000000000000000 Checkpoint - Fabricant Materiel Securite Faits saillants: une cyber-activité accrue: divers groupes hacktivistes, s'alignant sur différents intérêts géopolitiques, ont intensifié leurs cyber opérations visant à influencer les récits et à perturber les entités en ligne associées à Israël.Régisse des attaques: les recherches sur les points de contrôle ont noté une augmentation de 18% des cyberattaques ciblant Israël récemment.Plus précisément, il y a une augmentation marquée des attaques contre le gouvernement / secteur militaire & # 8211;Une augmentation de 52% par rapport aux semaines précédant le 7 octobre. Diverses cyber-menaces: les cybermenaces sont multiformes, allant des attaques de déni de service distribuées (DDOS) par des groupes hacktivistes pour pirater et divulguer des activités contre les sites Web israéliens.Préoccupations et joueurs émergents: le [& # 8230;]

---

>Highlights: Increased Cyber Activity: Various hacktivist groups, aligning with different geopolitical interests, have intensified their cyber operations aiming to influence the narratives and disrupt online entities associated with Israel. Rise in attacks: Check Point Research noted an 18% rise in cyberattacks targeting Israel recently. Specifically, there’s a marked increase in attacks on the government/military sector – a 52% surge compared to the weeks leading up to October 7. Diverse Cyber Threats: The cyber threats are multifaceted, ranging from Distributed Denial of Service (DDoS) attacks by hacktivist groups to hack and leak activities against Israeli websites. Emerging Concerns and Players: The […] ]]> 2023-10-18T16:16:00+00:00 https://blog.checkpoint.com/security/the-iron-swords-war-cyber-perspectives-from-the-first-10-days-of-the-war-in-israel/ www.secnews.physaphae.fr/article.php?IdArticle=8397353 False Hack,General Information None 2.0000000000000000 HackRead - Chercher Cyber Par waqas La Fondom Foundation a reconnu la violation et mène actuellement une enquête après que les pirates ont réussi à voler plus de 550 000 $ en crypto-monnaie. Ceci est un article de HackRead.com Lire le post original: Fondation fantommes souffre de piratage de portefeuille via Google Chrome 0-jour Flaw

---

>By Waqas The Fantom Foundation has acknowledged the breach and is currently conducting an investigation after hackers managed to steal more than $550,000 in cryptocurrency. This is a post from HackRead.com Read the original post: Fantom Foundation Suffers Wallet Hack Via Google Chrome 0-Day Flaw]]> 2023-10-17T23:00:11+00:00 https://www.hackread.com/fantom-foundation-wallet-hack-google-chrome-0-day-flaw/ www.secnews.physaphae.fr/article.php?IdArticle=8396903 False Hack None 3.0000000000000000 SecurityWeek - Security News Cisco avertit les clients qu'une nouvelle vulnérabilité iOS XE Zero-day a suivi le CVE-2023-20198 est exploitée pour pirater des appareils.

---

>Cisco is warning customers that a new IOS XE zero-day vulnerability tracked as CVE-2023-20198 is being exploited to hack devices.  ]]> 2023-10-17T10:00:00+00:00 https://www.securityweek.com/cisco-devices-hacked-via-ios-xe-zero-day-vulnerability/ www.secnews.physaphae.fr/article.php?IdArticle=8396688 False Hack,Vulnerability None 2.0000000000000000 Kaspersky - Kaspersky Research blog We analyzed the data published by Cyber Av3ngers and found it to be sourced from older leaks by another hacktivist group called Moses Staff.]]> 2023-10-16T16:00:37+00:00 https://securelist.com/a-hack-in-hand-is-worth-two-in-the-bush/110794/ www.secnews.physaphae.fr/article.php?IdArticle=8396273 False Hack None 3.0000000000000000 The Register - Site journalistique Anglais Will players press start to continue with this outfit? Shadow, which hosts Windows PC gaming in the cloud among other services, has confirmed criminals stole a database containing customer data following a social-engineering attack against one of its employees.…]]> 2023-10-13T18:57:07+00:00 https://go.theregister.com/feed/www.theregister.com/2023/10/13/shadow_data_theft/ www.secnews.physaphae.fr/article.php?IdArticle=8395237 False Hack,Cloud None 3.0000000000000000 SecurityWeek - Security News Progress Software confirme que la SEC a lancé sa propre enquête sur le ransomware coûteux zéro-jours dans le logiciel de transfert de fichiers Moveit.

---

>Progress Software confirms the SEC has launched its own investigation into costly ransomware zero-days in the MOVEit file transfer software. ]]> 2023-10-12T16:39:44+00:00 https://www.securityweek.com/sec-investigating-progress-software-over-moveit-hack/ www.secnews.physaphae.fr/article.php?IdArticle=8394822 False Ransomware,Hack None 2.0000000000000000 SecurityWeek - Security News La compagnie aérienne espagnole Air Europa informe les clients que leurs informations sur la carte de paiement ont été volées à la suite d'une attaque de pirate.

---

>Spanish airline Air Europa is informing customers that their payment card information has been stolen as a result of a hacker attack. ]]> 2023-10-11T13:35:03+00:00 https://www.securityweek.com/payment-card-data-stolen-in-air-europa-hack/ www.secnews.physaphae.fr/article.php?IdArticle=8394318 False Hack None 3.0000000000000000 CyberWarzone - Cyber News The Cyber Av3ngers hacktivist group has claimed to have breached the MEKOROT national water company in Israel. The last couple]]> 2023-10-10T16:32:55+00:00 https://cyberwarzone.com/cyber-av3ngers-claim-israeli-mekorot-national-water-company-hack/ www.secnews.physaphae.fr/article.php?IdArticle=8393835 False Hack None 2.0000000000000000 Zataz - Magazine Francais de secu 2023-10-10T15:16:24+00:00 https://www.zataz.com/secsea-le-rendez-vous-ethical-hacking-du-sud-de-la-france/ www.secnews.physaphae.fr/article.php?IdArticle=8393818 False Hack,Conference None 3.0000000000000000 Recorded Future - FLux Recorded Future Les clients de la compagnie aérienne espagnole Air Europa ont été informés mardi par la société d'annuler leurs cartes de crédit à la suite d'une cyberattaque affectant son système de paiement en ligne.La société, basée sur l'île de Majorque, n'a pas annoncé le nombre de clients touchés ni lorsque l'attaque a eu lieu.Dans une déclaration a rapporté par Reuters, le

---

Customers of Spanish airline Air Europa were on Tuesday advised by the company to cancel their credit cards following a cyberattack affecting its online payment system. The company, based on the island of Mallorca, did not announce how many customers were affected nor when the attack took place. In a statement reported by Reuters, the]]> 2023-10-10T13:29:00+00:00 https://therecord.media/air-europa-cyberattack-payment-cards www.secnews.physaphae.fr/article.php?IdArticle=8393758 False Hack None 2.0000000000000000 SecurityWeek - Security News Vulnérabilité du plugin de compositeur TagDiv récemment corrigé exploité pour pirater des milliers de sites WordPress dans le cadre de la campagne d'injecteur de Balada.

---

>Recently patched TagDiv Composer plugin vulnerability exploited to hack thousands of WordPress sites as part of the Balada Injector campaign. ]]> 2023-10-09T15:04:08+00:00 https://www.securityweek.com/recently-patched-tagdiv-plugin-flaw-exploited-to-hack-thousands-of-wordpress-sites/ www.secnews.physaphae.fr/article.php?IdArticle=8393307 False Hack,Vulnerability None 3.0000000000000000 CyberWarzone - Cyber News In a startling revelation, shared with Cyberwarzone, the hacker group known as Cyber Av3ngers has claimed responsibility for a cyberattack]]> 2023-10-09T14:25:55+00:00 https://cyberwarzone.com/cyber-av3ngers-claims-responsibility-for-dorad-power-plant-hack-in-israel-what-you-need-to-know/ www.secnews.physaphae.fr/article.php?IdArticle=8393264 False Hack,Industrial None 4.0000000000000000 Zataz - Magazine Francais de secu 2023-10-09T11:06:32+00:00 https://www.zataz.com/piratage-casino/ www.secnews.physaphae.fr/article.php?IdArticle=8393106 False Hack None 2.0000000000000000 Bleeping Computer - Magazine Américain The District of Columbia Board of Elections (DCBOE) is currently probing a data leak involving an unknown number of voter records following breach claims from a threat actor known as RansomedVC. [...]]]> 2023-10-06T19:07:50+00:00 https://www.bleepingcomputer.com/news/security/dc-board-of-elections-confirms-voter-data-stolen-in-site-hack/ www.secnews.physaphae.fr/article.php?IdArticle=8392423 False Hack,Threat None 2.0000000000000000 SecurityWeek - Security News MGM Resorts a déclaré que les coûts d'un hack de ransomware perturbateur ont dépassé 110 millions de dollars, dont 10 millions de dollars en frais de nettoyage de conseil.

---

>MGM Resorts said costs from a disruptive ransomware hack has exceeded $110 million, including $10 million in one-time consulting cleanup fees. ]]> 2023-10-06T16:31:53+00:00 https://www.securityweek.com/mgm-resorts-says-ransomware-hack-cost-110-million/ www.secnews.physaphae.fr/article.php?IdArticle=8392335 False Ransomware,Hack None 2.0000000000000000 knowbe4 - cybersecurity services Ils sont là-bas, en regardant et en attendant une occasion de frapper;Les mauvais acteurs qui ont soigneusement recherché votre organisation afin de définir le piège parfait en utilisant des ressources publiques facilement trouvées.L'intelligence open source (OSINT) peut fournir des cybercriminels tout ce qu'ils doivent savoir pour cibler parfaitement vos utilisateurs en recueillant des données sur tout, des indices de mot de passe aux détails de la pile technologique, des comptes de carte bancaire / de crédit, des détails sur les réseaux sociaux et plus encore.Les technologies émergentes comme l'IA peuvent faciliter la collecte de cette intelligence.

---

They are out there, watching and waiting for an opportunity to strike; the bad actors who have carefully researched your organization in order to set the perfect trap using easily found public resources. Open-Source Intelligence (OSINT) can provide cybercriminals everything they need to know to perfectly target your users by gathering data on everything from password clues to tech stack details, banking/credit card accounts, social media details and more. Emerging technologies like AI can make gathering this intelligence even easier.]]> 2023-10-04T14:55:26+00:00 https://blog.knowbe4.com/osint-learn-methods-bad-actors-use-hack-your-organization www.secnews.physaphae.fr/article.php?IdArticle=8391452 False Hack None 2.0000000000000000 Bleeping Computer - Magazine Américain Apple released emergency security updates to patch a new zero-day security flaw exploited in attacks targeting iPhone and iPad users. [...]]]> 2023-10-04T14:19:21+00:00 https://www.bleepingcomputer.com/news/apple/apple-emergency-update-fixes-new-zero-day-used-to-hack-iphones/ www.secnews.physaphae.fr/article.php?IdArticle=8391555 False Hack None 2.0000000000000000 The Security Ledger - Blog Sécurité Episode 253: DevSecops les pires pratiques avec Tanya Janca de We Hack ... Lisez toute l'entrée ... & nbsp; & raquo; cliquez sur l'icône ci-dessous pour écouter.

---

Tanya Janca of the group We Hack Purple, talks with Security Ledger host Paul Roberts about the biggest security mistakes that DevSecOps teams make, and application development\'s “tragedy of the commons,” as more and more development teams lean on open source code. The post Episode 253: DevSecOps Worst Practices With Tanya Janca of We Hack...Read the whole entry... »Click the icon below to listen. ]]> 2023-10-04T12:01:00+00:00 https://feeds.feedblitz.com/~/797526818/0/thesecurityledger~Episode-DevSecOps-Worst-Practices-With-Tanya-Janca-of-We-Hack-Purple/ www.secnews.physaphae.fr/article.php?IdArticle=8391404 False Hack None 2.0000000000000000 Wired Threat Level - Security News Victims of the MOVEit breach continue to come forward. But the full scale of the attack is still unknown.]]> 2023-10-02T15:07:17+00:00 https://www.wired.com/story/moveit-breach-victims/ www.secnews.physaphae.fr/article.php?IdArticle=8390543 False Hack None 3.0000000000000000 SecurityWeek - Security News L'exploitation in-the-wild d'une vulnérabilité critique dans le serveur CI / CD de TeamCity a commencé peu de temps après la publication d'un correctif par les développeurs.

---

>In-the-wild exploitation of a critical vulnerability in the TeamCity CI/CD server started shortly after a patch was released by developers. ]]> 2023-10-02T09:30:00+00:00 https://www.securityweek.com/recently-patched-teamcity-vulnerability-exploited-to-hack-servers/ www.secnews.physaphae.fr/article.php?IdArticle=8390396 False Hack,Vulnerability None 1.00000000000000000000 HackRead - Chercher Cyber Par deeba ahmed Les pirates chinois ont de nouveau frappé! Ceci est un article de HackRead.com Lire le post original: Les pirates chinois ont volé 60 000 e-mails du Département d'État américain à Microsoft

---

>By Deeba Ahmed Chinese hackers have struck again! This is a post from HackRead.com Read the original post: Chinese Hackers Stole 60,000 US State Department Emails from Microsoft]]> 2023-09-29T15:28:03+00:00 https://www.hackread.com/chinese-hackers-us-state-dept-emails-microsoft/ www.secnews.physaphae.fr/article.php?IdArticle=8389532 False Hack None 3.0000000000000000 Bleeping Computer - Magazine Américain The North Korean \'Lazarus\' hacking group targeted employees of an aerospace company located in Spain with fake job opportunities to hack into the corporate network using a previously unknown \'LightlessCan\' backdoor. [...]]]> 2023-09-29T05:30:00+00:00 https://www.bleepingcomputer.com/news/security/lazarus-hackers-breach-aerospace-firm-with-new-lightlesscan-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8389428 False Malware,Hack APT 38 3.0000000000000000 SecurityWeek - Security News Le Département d'État américain a déclaré que les pirates ont pris environ 60 000 e-mails dans une attaque que Microsoft a blâmé à la Chine.

---

>The US State Department said that hackers took around 60,000 emails in an attack which Microsoft has blamed on China. ]]> 2023-09-29T02:10:52+00:00 https://www.securityweek.com/us-state-department-says-60000-emails-taken-in-alleged-chinese-hack/ www.secnews.physaphae.fr/article.php?IdArticle=8389324 False Hack None 2.0000000000000000 CyberWarzone - Cyber News Introduction Ever heard of the Dark Web but too scared to venture in? Don’t worry, you’re not alone. This guide]]> 2023-09-28T15:51:38+00:00 https://cyberwarzone.com/a-thorough-guide-to-safely-accessing-the-dark-web/ www.secnews.physaphae.fr/article.php?IdArticle=8389093 False Hack,Guideline None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Data security is in the headlines often, and it\'s almost never for a positive reason. Major breaches, new ways to hack into an organization\'s supposedly secure data, and other threats make the news because well, it\'s scary - and expensive.  Data breaches, ransomware and malware attacks, and other cybercrime might be pricey to prevent, but they are even more costly when they occur, with the]]> 2023-09-27T16:53:00+00:00 https://thehackernews.com/2023/09/new-survey-uncovers-how-companies-are.html www.secnews.physaphae.fr/article.php?IdArticle=8388299 False Ransomware,Malware,Hack None 3.0000000000000000 Dark Reading - Informationweek Branch A deceitful threat actor claims its biggest haul yet. But what, if any, Sony data does it actually have?]]> 2023-09-26T21:20:00+00:00 https://www.darkreading.com/attacks-breaches/suspicious-new-ransomware-group-claims-sony-hack www.secnews.physaphae.fr/article.php?IdArticle=8388127 False Ransomware,Hack,Threat None 3.0000000000000000 SecurityWeek - Security News Mixin Network suspend les dépôts et les retraits après que les pirates volent 200 millions de dollars d'actifs numériques de sa base de données centralisée.

---

>Mixin Network suspends deposits and withdrawals after hackers steal $200 million in digital assets from its centralized database. ]]> 2023-09-26T10:45:24+00:00 https://www.securityweek.com/200-million-in-cryptocurrency-stolen-in-mixin-network-hack/ www.secnews.physaphae.fr/article.php?IdArticle=8387959 False Hack None 3.0000000000000000 HackRead - Chercher Cyber Par deeba ahmed Un autre jour, un autre piratage de crypto faisant des cybercriminels multimillionnaires en un rien de temps, tout en laissant des investisseurs cryptographiques sans méfiance sans fonds. & # 8230; Ceci est un article de HackRead.com Lire le post original: Mixin Network arrête les services après 200 millions de dollars de crypto

---

>By Deeba Ahmed Another day, another crypto hack making cybercriminals multi-millionaires in no time, while leaving unsuspecting crypto investors without funds.… This is a post from HackRead.com Read the original post: Mixin Network Halts Services After $200M Crypto Hack]]> 2023-09-25T19:24:05+00:00 https://www.hackread.com/mixin-network-loses-200m-crypto-hack/ www.secnews.physaphae.fr/article.php?IdArticle=8387747 False Hack None 2.0000000000000000 HackRead - Chercher Cyber Par deeba ahmed Plateforme de gestion des données des élèves National Student Clearinghouse a confirmé Moveit Hack a affecté 900 écoles américaines. Ceci est un article de HackRead.com Lire le post original: 900 écoles américaines frappées par Moveit Hack, exposant les données des élèves

---

>By Deeba Ahmed Student Data Managing Platform National Student Clearinghouse Confirmed MOVEit Hack Affected 900 US Schools. This is a post from HackRead.com Read the original post: 900 U.S. Schools Hit by MOVEit Hack, Exposing Student Data]]> 2023-09-25T16:35:09+00:00 https://www.hackread.com/900-us-schools-moveit-hack-student-data-expose/ www.secnews.physaphae.fr/article.php?IdArticle=8387670 False Hack None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The decentralized finance network has suspended deposits and withdrawals after what could be one of the biggest cyber-attacks on cryptocurrency projects]]> 2023-09-25T14:00:00+00:00 https://www.infosecurity-magazine.com/news/web3-platform-mixin-200m-dollars/ www.secnews.physaphae.fr/article.php?IdArticle=8387608 False Hack None 2.0000000000000000 SecurityWeek - Security News Nearly 900 US schools are impacted by the MOVEit hack at the educational nonprofit National Student Clearinghouse. ]]> 2023-09-25T12:07:05+00:00 https://www.securityweek.com/900-us-schools-impacted-by-moveit-hack-at-national-student-clearinghouse/ www.secnews.physaphae.fr/article.php?IdArticle=8387589 False Hack None 2.0000000000000000 Bleeping Computer - Magazine Américain Mixin Network, an open-source, peer-to-peer transactional network for digital assets, has announced today on Twitter that deposits and withdrawals are suspended effective immediately due to a $200 million hack the platform suffered on Saturday. [...]]]> 2023-09-25T09:23:16+00:00 https://www.bleepingcomputer.com/news/security/mixin-network-suspends-operations-following-200-million-hack/ www.secnews.physaphae.fr/article.php?IdArticle=8387603 False Hack None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The three zero-day flaws addressed by Apple on September 21, 2023, were leveraged as part of an iPhone exploit chain in an attempt to deliver a spyware strain called Predator targeting former Egyptian member of parliament Ahmed Eltantawy between May and September 2023. "The targeting took place after Eltantawy publicly stated his plans to run for President in the 2024 Egyptian elections," the]]> 2023-09-23T11:42:00+00:00 https://thehackernews.com/2023/09/latest-apple-zero-days-used-to-hack.html www.secnews.physaphae.fr/article.php?IdArticle=8386991 False Hack None 3.0000000000000000 SecurityWeek - Security News Apple has patched 3 zero-day vulnerabilities that have likely been exploited by a spyware vendor to hack iPhones. ]]> 2023-09-22T09:36:00+00:00 https://www.securityweek.com/apple-patches-3-zero-days-likely-exploited-by-spyware-vendor-to-hack-iphones/ www.secnews.physaphae.fr/article.php?IdArticle=8386651 False Hack,Vulnerability None 2.0000000000000000 Global Security Mag - Site de news francais Interviews / primetime]]> 2023-09-20T22:30:00+00:00 https://www.globalsecuritymag.fr/Serge-Carpentier-SysDream-Hack-In-Paris-apporte-un-regard-neuf-et-avise-pour.html www.secnews.physaphae.fr/article.php?IdArticle=8385694 False Hack None 2.0000000000000000 The Register - Site journalistique Anglais Beijing accuses US of breaking into Huawei servers in 2009 The ongoing face-off between Washington and Beijing over technology and security issues has taken a new twist, with China accusing the US of hacking into the servers of Huawei in 2009 and conducting other cyber-attacks to steal critical data.…]]> 2023-09-20T17:06:10+00:00 https://go.theregister.com/feed/www.theregister.com/2023/09/20/huawei_china_claims/ www.secnews.physaphae.fr/article.php?IdArticle=8385937 False Hack None 2.0000000000000000 Dark Reading - Informationweek Branch This incident bears notable resemblance to an attack that occurred just last month affecting London\'s Metropolitan Police, raising concerns over UK cybersecurity safeguards for public safety.]]> 2023-09-15T18:00:00+00:00 https://www.darkreading.com/endpoint/greater-manchester-police-hack-third-party-supplier-fumble www.secnews.physaphae.fr/article.php?IdArticle=8383778 False Hack None 2.0000000000000000 TroyHunt - Blog Security Slot machines and hotel room key cards stopped working at MGM casinos on the Strip.]]> 2023-09-14T13:11:13+00:00 https://arstechnica.com/?p=1968329 www.secnews.physaphae.fr/article.php?IdArticle=8382684 False Hack None 4.0000000000000000 Recorded Future - FLux Recorded Future Cryptocurrency Exchange Coinex a confirmé qu'un pirate a volé des millions de dollars de crypto-monnaie lors d'une attaque mardi.L'échange mondial, fondé en 2017, n'a pas répondu aux demandes de commentaires mais a déclaré Dans un communiqué, ils ont détecté des «retraits anomalous»À partir de plusieurs portefeuilles utilisés pour contenir les actifs de la plate-forme.Une équipe d'investigation

---

Cryptocurrency exchange CoinEx confirmed that a hacker stole millions of dollars worth of cryptocurrency in an attack on Tuesday. The global exchange, founded in 2017, did not respond to requests for comment but said in a statement they detected “anomalous withdrawals” from several wallets that are used to hold the platform\'s assets. An investigative team]]> 2023-09-13T02:30:00+00:00 https://therecord.media/coinex-confirms-hack-after-31-million-allegedly-stolen www.secnews.physaphae.fr/article.php?IdArticle=8382090 False Hack None 3.0000000000000000 SecurityWeek - Security News APTS a exploité les vulnérabilités dans les VPN de Zoho ManageEngine et Fortinet pour pirater une organisation aérospatiale début janvier 2023.

---

>APTs exploited vulnerabilities in Zoho ManageEngine and Fortinet VPNs to hack an aerospace organization in early January 2023. ]]> 2023-09-08T09:13:29+00:00 https://www.securityweek.com/us-aeronautical-organization-hacked-via-zoho-fortinet-vulnerabilities/ www.secnews.physaphae.fr/article.php?IdArticle=8380391 False Hack,Vulnerability None 2.0000000000000000 Recorded Future - FLux Recorded Future Le Sénat de la Pologne a publié jeudi les résultats de l'enquête d'une commission sur l'utilisation des logiciels espions de Pegasus pour pirater un politicien de l'opposition en 2019, décrivant "les violations flagrantes des normes constitutionnelles".Appelant l'achat de Pegasus illégal en Pologne, la Commission a également révélé qu'elle y avait informé les procureurs du potentiel d'accusations pénales contre le courant

---

Poland\'s Senate on Thursday released the results of a commission\'s investigation into the use of Pegasus spyware to hack an opposition politician in 2019, describing "gross violations of constitutional standards.” Calling the purchase of Pegasus illegal in Poland, the commission also revealed it has notified prosecutors there of the potential for criminal charges against current]]> 2023-09-07T18:25:00+00:00 https://therecord.media/polish-senate-investigation-pegasus-spyware-election www.secnews.physaphae.fr/article.php?IdArticle=8380179 False Hack,Legislation None 3.0000000000000000 SecurityWeek - Security News Microsoft reveals how a crash dump from 2021 inadvertently exposed a key that Chinese cyberspies later leveraged to hack US government emails. ]]> 2023-09-06T19:45:46+00:00 https://www.securityweek.com/crash-dump-error-how-a-chinese-espionage-group-exploited-microsofts-errors/ www.secnews.physaphae.fr/article.php?IdArticle=8379804 False Hack None 4.0000000000000000 Recorded Future - FLux Recorded Future Un groupe de piratage basé en Chine a été en mesure d'attaquer les comptes de messagerie du gouvernement américain plus tôt cette année, car il a trouvé des informations sur une clé numérique après avoir compromis le compte d'entreprise d'un Microsoft Engineer \\, a rapporté mercredi la société.Essentiellement, un fichier qui aurait dû rester dans un réseau Microsoft isolé a trouvé son chemin au cours de

---

A China-based hacking group was able to attack U.S. government email accounts earlier this year because it found information about a digital key after compromising a Microsoft engineer\'s corporate account, the company reported Wednesday. In essence, a file that should have remained in an isolated Microsoft network found its way over the course of about]]> 2023-09-06T19:45:00+00:00 https://therecord.media/microsoft-details-outlook-hack-on-government-officials-china www.secnews.physaphae.fr/article.php?IdArticle=8379791 False Hack None 4.0000000000000000 InformationSecurityBuzzNews - Site de News Securite In a startling revelation, the UK’s Electoral Commission has admitted to failing a crucial cybersecurity test around the same time it fell victim to a significant cyber-attack. This breach potentially exposed the data of 40 million voters. Background of the Breach Last month, the Electoral Commission disclosed that “hostile actors” had infiltrated its systems, accessing […]]]> 2023-09-06T14:29:21+00:00 https://informationsecuritybuzz.com/electoral-commissions-cybersecurity-lapses-exposed-amidst-major-hack/?utm_source=rss&utm_medium=rss&utm_campaign=electoral-commissions-cybersecurity-lapses-exposed-amidst-major-hack www.secnews.physaphae.fr/article.php?IdArticle=8380097 False Hack None 2.0000000000000000 BBC - BBC News - Technology Whistleblower tells the BBC the election watchdog failed the government-backed Cyber Essentials test.]]> 2023-09-04T23:05:40+00:00 https://www.bbc.co.uk/news/technology-66709556?at_medium=RSS&at_campaign=KARANGA www.secnews.physaphae.fr/article.php?IdArticle=8378925 False Hack None 1.00000000000000000000 Wired Threat Level - Security News Plus: A major FBI botnet takedown, new Sandworm malware, a cyberattack on two major scientific telescopes-and more.]]> 2023-09-02T13:00:00+00:00 https://www.wired.com/story/poland-train-radio-attack-security-roundup/ www.secnews.physaphae.fr/article.php?IdArticle=8378090 False Hack None 2.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Le piratage apparent vient juste avant l'anniversaire d'un an de la mort de Mahsa Amini, la femme iranienne décédée en garde à vue.

---

>The apparent hack comes just ahead of the one-year anniversary of the death of Mahsa Amini, the Iranian woman who died in police custody. ]]> 2023-09-01T16:35:09+00:00 https://cyberscoop.com/iranian-hacking-group-hacked-app/ www.secnews.physaphae.fr/article.php?IdArticle=8377886 False Hack None 2.0000000000000000 Recorded Future - FLux Recorded Future La police polonaise a arrêté deux hommes soupçonnés d'avoir piraté le réseau de communication des chemins de fer nationaux.L'attaque a stoppé 20 trains à travers le pays et paralysé le trafic pendant des heures pendant le week-end, selon l'opérateur d'infrastructure ferroviaire.Les suspects, des citoyens polonais âgés de 24 et 29 ans, ont été arrêtés à Bialystok, dans l'est du pays, près de

---

Polish police have arrested two men suspected of hacking the national railway\'s communications network. The attack halted 20 trains across the country and paralyzed traffic for hours over the weekend, according to Poland\'s railway infrastructure operator. The suspects, who are Polish citizens aged 24 and 29, were arrested in the eastern city of Bialystok near]]> 2023-08-29T17:01:00+00:00 https://therecord.media/two-arrested-poland-railway-hack www.secnews.physaphae.fr/article.php?IdArticle=8376315 False Hack None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC (AP News). As IoT devices increase in popularity in homes, offices, and other settings, these labels allow consumers to be aware of their digital safety. The cybersecurity labeling program will mandate manufacturers of smart devices to meet certain cybersecurity standards before releasing their products into the market. Each smart device will be required to have a standardized cybersecurity label. Labels will serve as an indicator of the device’s security level and inform consumers about the device\'s compliance with security standards. Devices that meet the highest level of security will be awarded a "Cyber Trust Mark," indicating their adherence to the most stringent security measures. The program will be able to hold companies accountable for producing secure devices while also giving customers the information they need to make informed decisions while purchasing IoT devices. Examples of IoT devices include smart watches, home assistants, Ring cameras, thermostats, and smart appliances. New technologies such as these have grown increasingly more present in modern life. However, hackers have continued to exploit vulnerabilities in these devices, which compromise user privacy. These devices also allow hackers to gain entry to consumers\' larger networks. In the last quarter of 2022, there was a 98% increase in malware targeting IoT devices. New malware variants also spiked, rising 22% on the year (Tech Monitor). Compared to 2018, 2022 had more than 3 times the amount of IoT malware attacks (Statista). Economically motivated attacks have been on the rise, and a larger number of consumers\' personal devices are being breached through IoT devices on the same network. Hackers then hold users\' devices until they are paid a ransom in cryptocurrency to keep the transaction anonymous. This rise in cybersecurity attacks can be contributed to the fact that it has become easier than ever for hackers to target networks. With Raas (Ransomware as a Service) offerings, hackers don’t need any previous cybersecurity expertise, as they can buy software written by ransomware operators. Because IoT devices are often left ]]> 2023-08-28T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/bidens-iot-cybersecurity-initiative www.secnews.physaphae.fr/article.php?IdArticle=8375601 False Ransomware,Malware,Hack,Vulnerability None 2.0000000000000000 Recorded Future - FLux Recorded Future Le service de police métropolitain de Londres, responsable du maintien de l'ordre dans la capitale ainsi que dans plusieurs domaines spécialisés à l'échelle nationale, enquête sur un piratage informatique chez l'un de ses fournisseurs qui aurait pu révéler les détails des agents.Selon un porte-parole de la force, l'enquête a été lancée après qu'une entreprise chargée de l'impression de ses

---

The Metropolitan Police Service in London, responsible for policing in the capital as well as for several specialist areas nationally, is investigating a hack into one of its suppliers that may have exposed officers\' details. According to a spokesperson for the force, the investigation was prompted after a company which was responsible for printing its]]> 2023-08-27T23:55:00+00:00 https://therecord.media/metropolitan-police-data-leak-hackers-uk www.secnews.physaphae.fr/article.php?IdArticle=8375394 False Hack None 2.0000000000000000 Wired Threat Level - Security News The sabotage of more than 20 trains in Poland by apparent supporters of Russia was carried out with a simple “radio-stop” command anyone could broadcast with $30 in equipment.]]> 2023-08-27T16:06:34+00:00 https://www.wired.com/story/poland-train-radio-stop-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8375273 False Hack None 2.0000000000000000 SecurityWeek - Security News Près de 1 000 organisations et 60 millions d'individus sont touchés par le piratage MOVEit, et le gang du ransomware Cl0p divulgue des données volées.

---

>Nearly 1,000 organizations and 60 million individuals are impacted by the MOVEit hack, and the Cl0p ransomware gang is leaking stolen data. ]]> 2023-08-25T09:30:07+00:00 https://www.securityweek.com/nearly-1000-organizations-60-million-individuals-impacted-by-moveit-hack/ www.secnews.physaphae.fr/article.php?IdArticle=8374443 False Ransomware,Hack None 3.0000000000000000 SecurityWeek - Security News Rockwell Automation Thinmanager Thinserver Les vulnérabilités pourraient permettre aux attaquants distants de prendre le contrôle des serveurs et de pirater des HMI.

---

>Rockwell Automation ThinManager ThinServer vulnerabilities could allow remote attackers to  take control of servers and hack HMIs.  ]]> 2023-08-24T12:13:12+00:00 https://www.securityweek.com/rockwell-thinmanager-vulnerabilities-could-expose-industrial-hmis-to-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8374060 False Hack,Vulnerability,Industrial None 4.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The data breach is suspected to be linked to the Clop MOVEit hack]]> 2023-08-24T12:00:00+00:00 https://www.infosecurity-magazine.com/news/sensitive-data-10m-french/ www.secnews.physaphae.fr/article.php?IdArticle=8374041 False Data Breach,Hack None 3.0000000000000000 Techworm - News therecord qu'il a été gratté des informations de profil public, mais aucune violation ou piratage de données ne s'était produit. Ils ont ajouté qu'une enquête interne était en cours pour découvrir la nécessité de mesures de sécurité supplémentaires. Cependant, ils n'ont pas mentionné le fait que les adresses e-mail privées, qui ne sont pas publiques, faisaient également partie des données exposées. Récemment, l'ensemble de données d'utilisateur 2,6 millions de grattes avec toutes les informations a été publié sur une nouvelle version du forum de piratage violé pour 8 crédits de site, d'une valeur de 2,13 $, qui a été repéré pour la première fois par vx-underground . "Hello BreachForums Community, aujourd'hui, j'ai téléchargé le Scrape Duolingo pour que vous puissiez télécharger, merci d'avoir lu et apprécié!"lit un article sur le forum de piratage. Ces données ont été grattées en exploitant la vulnérabilité dans l'interface de programmation d'applications (API) de Duolingo, qui permet à quiconque de soumettre un nom d'utilisateur et de récupérer une sortie JSON comprenant des informations de profil public de l'utilisateur (nom, nom,e-mail, langues étudiées). L'API exposée est diffusée ouvertement et connue depuis au moins mars 2023. De plus, les chercheurs tweetent et documentant publiquement comment utiliser l'API. Selon VX-Underground, les pirates peuvent facilement exploiter ce défaut en soumettant une adresse e-mail dans l'API pour confirmer si elle est liée à un compte Duolingo valide.Ils avertissent que les données divulguées pourraient être utilisées pour le doxxing et peuvent également conduire à des attaques de phishing ciblées. BleepingComputer a confirmé que l'API est toujours accessible au public malgré le fait que Duolingo soit informé qu'il était ouvert en janvier 2023. Duolingo n'a pas encore répondu à la ]]> 2023-08-24T06:04:03+00:00 https://www.techworm.net/2023/08/hacker-dumps-data-million-duolingo-users.html www.secnews.physaphae.fr/article.php?IdArticle=8393059 False Data Breach,Hack,Vulnerability,Threat None 2.0000000000000000 Recorded Future - FLux Recorded Future Le FBI a attribué trois cyberattaques récentes sur les plateformes de crypto-monnaie au groupe de piratage APT38 du gouvernement nord-coréen - connu par de nombreux chercheurs sous le nom de Lazarus ouTRADERTRAITOR .Juin a vu trois incidents à la tête de titre impliquant des sociétés de crypto-monnaie: un 100 millions de dollars de pirate de portefeuille atomique le 2 juin , ainsi que deux attaques du 22 juin dans lesquelles les cybercriminels

---

The FBI has attributed three recent cyberattacks on cryptocurrency platforms to the North Korean government\'s APT38 hacking group - known by many researchers as Lazarus or TraderTraitor. June saw three headline-grabbing incidents involving cryptocurrency companies: a $100 million hack of Atomic Wallet on June 2, as well as two June 22 attacks in which cybercriminals]]> 2023-08-23T14:49:00+00:00 https://therecord.media/north-korea-lazarus-behind-crypto-heists www.secnews.physaphae.fr/article.php?IdArticle=8373688 False Hack APT 38,APT 38 2.0000000000000000 Bleeping Computer - Magazine Américain When a cyberattack like the 2023 MOVEit hack makes global news headlines, attention often focuses on the names of the affected organizations. This article from @Outpost24 overviews the Moveit hack and aims to draw some important actionable takeaways for your business. [...]]]> 2023-08-23T10:01:02+00:00 https://www.bleepingcomputer.com/news/security/the-moveit-hack-and-what-it-taught-us-about-application-security/ www.secnews.physaphae.fr/article.php?IdArticle=8373687 False Hack None 2.0000000000000000 Bleeping Computer - Magazine Américain A WinRar zero-day vulnerability tracked as CVE-2023-38831 was actively exploited to install malware when clicking on harmless files in an archive, allowing the hackers to breach online cryptocurrency trading accounts. [...]]]> 2023-08-23T09:53:26+00:00 https://www.bleepingcomputer.com/news/security/winrar-zero-day-exploited-since-april-to-hack-trading-accounts/ www.secnews.physaphae.fr/article.php?IdArticle=8373658 False Malware,Hack,Vulnerability None 2.0000000000000000 Global Security Mag - Site de news francais vulnérabilité de sécurité

---

The Threat Lurking in Data Centers – Hack Power Management Systems, Take All the Power By Sam Quinn, Jesse Chick, and Philippe Laulheret – August 12, 2023 - Security Vulnerability]]> 2023-08-22T13:28:58+00:00 https://www.globalsecuritymag.fr/The-Threat-Lurking-in-Data-Centers-Hack-Power-Management-Systems-Take-All-the.html www.secnews.physaphae.fr/article.php?IdArticle=8373110 False Hack,Threat None 2.0000000000000000 SecurityWeek - Security News A Brazilian hacker claims former president Bolsonaro asked him to hack into the voting system ahead of the 2022 election. ]]> 2023-08-21T10:49:50+00:00 https://www.securityweek.com/brazilian-hacker-claims-bolsonaro-asked-him-to-hack-into-the-voting-system-ahead-of-2022-vote/ www.secnews.physaphae.fr/article.php?IdArticle=8372692 False Hack None 4.0000000000000000