This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-20T22:02:12+00:00 www.secnews.physaphae.fr CyberScoop - scoopnewsgroup.com special Cyber Alexey Bilyuchenko aurait également conspiré avec un Russe cherchant à être inclus dans un échange contre un journaliste américain emprisonné.

---

>Alexey Bilyuchenko is also alleged to have conspired with a Russian man seeking to be included in a swap for an imprisoned U.S. journalist. ]]> 2023-06-09T16:37:26+00:00 https://cyberscoop.com/doj-russian-nationals-mt-gox/ www.secnews.physaphae.fr/article.php?IdArticle=8343704 False Hack None 2.0000000000000000 Recorded Future - FLux Recorded Future Le ministère de la Justice accuse deux ressortissants russes d'être derrière le piratage de la tête du Mt. Gox, le plus grand échange de crypto-monnaie de 2010 à 2013. Vendredi, le DOJ a descendait les charges déposé en 2019 contre Alexey Bilyuchenko, 43 ans, et Aleksandr Verner, 29Les deux de voler 647 000 Bitcoins à Mt. Gox et de l'utiliser

---

The Justice Department is accusing two Russian nationals of being behind the headline-grabbing hack of Mt. Gox, the biggest cryptocurrency exchange from 2010 to 2013. On Friday, the DOJ unsealed charges filed in 2019 against 43-year-old Alexey Bilyuchenko and 29-year-old Aleksandr Verner, accusing the two of stealing 647,000 bitcoins from Mt. Gox and using it]]> 2023-06-09T16:30:00+00:00 https://therecord.media/mt-gox-stolen-bitcoin-indictment-russian-nationals www.secnews.physaphae.fr/article.php?IdArticle=8343709 False Hack None 2.0000000000000000 SecurityWeek - Security News Le piratage de Cl0p Cyber-Extortion Gang \\ du programme de transfert de fichiers Moveit populaire auprès des entreprises pourrait avoir un impact global généralisé.

---

>The Cl0p cyber-extortion gang\'s hack of the MOVEit file-transfer program popular with enterprises could have widespread global impact. ]]> 2023-06-08T01:13:25+00:00 https://www.securityweek.com/bbc-british-airways-novia-scotia-among-first-big-name-victims-in-global-supply-chain-hack/ www.secnews.physaphae.fr/article.php?IdArticle=8343210 False Hack None 2.0000000000000000 BHconsulting - Consulting Notre PDG Brian Honan parle à RT & Eacute;News Six One sur le récent hack Moveit.Regardez ici>

---

>Our CEO Brian Honan speaks to RTÉ News Six One about the recent MOVEit hack. Watch Here > ]]> 2023-06-07T14:05:09+00:00 https://bhconsulting.ie/moveit-hack/ www.secnews.physaphae.fr/article.php?IdArticle=8343037 False Hack None 2.0000000000000000 SecurityWeek - Security News The Clop ransomware gang issued "an ultimatum" companies targeted in a recent large-scale hack of payroll data ]]> 2023-06-07T13:27:56+00:00 https://www.securityweek.com/hackers-issue-ultimatum-over-payroll-data-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8343041 False Ransomware,Data Breach,Hack None 2.0000000000000000 Recorded Future - FLux Recorded Future Si les pirates s'ennuient ici sur Terre, ils auront bientôt la chance de tester leurs compétences dans l'espace.Le défi est le suivant: lors de la conférence Def Con Security à Las Vegas en août, ils devront pirater à distance le satellite Moonlighter, qui a été lancé avec succès dans l'espace plus tôt cette semaine.Moonlighter est une mini-satellite de 5 kilogrammes -

---

If hackers get bored here on Earth, they\'ll soon have the chance to test their skills in space. The challenge is this: during the DEF CON security conference in Las Vegas in August, they\'ll have to remotely hack the Moonlighter satellite, which successfully launched into space earlier this week. Moonlighter is a 5-kilogram mini-satellite -]]> 2023-06-06T19:20:00+00:00 https://therecord.media/new-satellite-enters-orbit-to-get-hacked www.secnews.physaphae.fr/article.php?IdArticle=8342700 False Hack,Conference None 4.0000000000000000 knowbe4 - cybersecurity services CyberheistNews Vol 13 #23  |   June 6th, 2023 [Wake-Up Call] It\'s Time to Focus More on Preventing Spear Phishing Fighting spear phishing attacks is the single best thing you can do to prevent breaches. Social engineering is involved in 70% to 90% of successful compromises. It is the number one way that all hackers and malware compromise devices and networks. No other initial root cause comes close (unpatched software and firmware is a distant second being involved in about 33% of attacks). A new, HUGE, very important, fact has been gleaned by Barracuda Networks which should impact the way that EVERYONE does security awareness training. Everyone needs to know about this fact and react accordingly. This is that fact: "...spear phishing attacks that use personalized messages... make up only 0.1% of all email-based attacks according to Barracuda\'s data but are responsible for 66% of all breaches." Let that sink in for a moment. What exactly is spear phishing? Spear phishing is when a social engineering attacker uses personal or confidential information they have learned about a potential victim or organization in order to more readily fool the victim into performing a harmful action. Within that definition, spear phishing can be accomplished in thousands of different ways, ranging from basic attacks to more advanced, longer-range attacks. [CONTINUED] at KnowBe4 blog:https://blog.knowbe4.com/wake-up-call-its-time-to-focus-more-on-preventing-spear-phishing [Live Demo] Ridiculously Easy Security Awareness Training and Phishing Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense. Join us TOMORROW, Wednesday, June 7, @ 2:00 PM (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing. Get a look at THREE NEW FEATURES and see how easy it is to train and phish your users. NEW! Executive Reports - Can create, tailor and deliver advanced executive-level reports NEW! KnowBe4 ]]> 2023-06-06T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-23-wake-up-call-its-time-to-focus-more-on-preventing-spear-phishing www.secnews.physaphae.fr/article.php?IdArticle=8342545 False Ransomware,Malware,Hack,Tool,Threat None 2.0000000000000000 SecurityWeek - Security News News Cybersecurity que vous avez peut-être manqué cette semaine: les logiciels espions utilisés par divers gouvernements, de nouvelles vulnérabilités, des produits de sécurité industrielle et des attaques de routeurs Linux.

---

>Cybersecurity news that you may have missed this week: the spyware used by various governments, new vulnerabilities, industrial security products, and Linux router attacks. ]]> 2023-06-03T11:00:00+00:00 https://www.securityweek.com/in-other-news-government-use-of-spyware-new-industrial-security-tools-japan-router-hack/ www.secnews.physaphae.fr/article.php?IdArticle=8341772 False Hack,Industrial None 2.0000000000000000 SecurityWeek - Security News Apple a nié avoir travaillé avec n'importe quel gouvernement pour ajouter des délais à ses produits après que la Russie a accusé la société d'avoir aidé les iPhones de piratage de la NSA.

---

>Apple has denied working with any government to add backdoors to its products after Russia accused the company of helping the NSA hack iPhones. ]]> 2023-06-02T09:47:24+00:00 https://www.securityweek.com/apple-denies-helping-us-government-hack-russian-iphones/ www.secnews.physaphae.fr/article.php?IdArticle=8341452 False Hack None 2.0000000000000000 SecurityWeek - Security News Une vulnérabilité zéro-jour dans le produit du logiciel de progression \\ Moveit Transfer a été exploitée pour pirater des organisations et voler leurs données.

---

>A zero-day vulnerability in Progress Software\'s MOVEit Transfer product has been exploited to hack organizations and steal their data. ]]> 2023-06-02T09:04:59+00:00 https://www.securityweek.com/zero-day-in-moveit-file-transfer-software-exploited-to-steal-data-from-organizations/ www.secnews.physaphae.fr/article.php?IdArticle=8341432 False Hack,Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A previously unknown advanced persistent threat (APT) is targeting iOS devices as part of a sophisticated and long-running mobile campaign dubbed Operation Triangulation that began in 2019. "The targets are infected using zero-click exploits via the iMessage platform, and the malware runs with root privileges, gaining complete control over the device and user data," Kaspersky said. The Russian]]> 2023-06-01T20:44:00+00:00 https://thehackernews.com/2023/06/new-zero-click-hack-targets-ios-users.html www.secnews.physaphae.fr/article.php?IdArticle=8341248 False Malware,Hack,Threat None 2.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber The hack and leak operation revealed Monday includes a trove of files related to Iranian President Ebrahim Raisi. ]]> 2023-05-31T20:36:49+00:00 https://cyberscoop.com/iranian-dissidents-presidential-hack/ www.secnews.physaphae.fr/article.php?IdArticle=8341022 False Hack None 2.0000000000000000 knowbe4 - cybersecurity services CyberheistNews Vol 13 #22  |   May 31st, 2023 [Eye on Fraud] A Closer Look at the Massive 72% Spike in Financial Phishing Attacks With attackers knowing financial fraud-based phishing attacks are best suited for the one industry where the money is, this massive spike in attacks should both surprise you and not surprise you at all. When you want tires, where do you go? Right – to the tire store. Shoes? Yup – shoe store. The most money you can scam from a single attack? That\'s right – the financial services industry, at least according to cybersecurity vendor Armorblox\'s 2023 Email Security Threat Report. According to the report, the financial services industry as a target has increased by 72% over 2022 and was the single largest target of financial fraud attacks, representing 49% of all such attacks. When breaking down the specific types of financial fraud, it doesn\'t get any better for the financial industry: 51% of invoice fraud attacks targeted the financial services industry 42% were payroll fraud attacks 63% were payment fraud To make matters worse, nearly one-quarter (22%) of financial fraud attacks successfully bypassed native email security controls, according to Armorblox. That means one in five email-based attacks made it all the way to the Inbox. The next layer in your defense should be a user that\'s properly educated using security awareness training to easily identify financial fraud and other phishing-based threats, stopping them before they do actual damage. Blog post with links:https://blog.knowbe4.com/financial-fraud-phishing [Live Demo] Ridiculously Easy Security Awareness Training and Phishing Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense. Join us Wednesday, June 7, @ 2:00 PM (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing. Get a look at THREE NEW FEATURES and see how easy it is to train and phish your users. ]]> 2023-05-31T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-22-eye-on-fraud-a-closer-look-at-the-massive-72-percent-spike-in-financial-phishing-attacks www.secnews.physaphae.fr/article.php?IdArticle=8340859 False Ransomware,Malware,Hack,Tool,Threat,Conference ChatGPT,ChatGPT,Uber,Guam 2.0000000000000000 Bleeping Computer - Magazine Américain CISA warned of a recently patched zero-day vulnerability exploited last week to hack into Barracuda Email Security Gateway (ESG) appliances. [...]]]> 2023-05-27T12:14:25+00:00 https://www.bleepingcomputer.com/news/security/cisa-warns-govt-agencies-of-recently-patched-barracuda-zero-day/ www.secnews.physaphae.fr/article.php?IdArticle=8339903 False Hack,Vulnerability None 2.0000000000000000 SecurityWeek - Security News Un botnet Mirai a exploité une vulnérabilité récemment corrigée suivie sous le nom de CVE-2023-28771 pour pirater de nombreux pare-feu zyxel.

---

>A Mirai botnet has been exploiting a recently patched vulnerability tracked as CVE-2023-28771 to hack many Zyxel firewalls. ]]> 2023-05-26T10:31:56+00:00 https://www.securityweek.com/zyxel-firewalls-hacked-by-mirai-botnet-via-recently-patched-vulnerability/ www.secnews.physaphae.fr/article.php?IdArticle=8339581 False Hack,Vulnerability None 2.0000000000000000 McAfee Labs - Editeur Logiciel Ce n'est que une ampoule intelligente.Pourquoi voudrait-on pirater cela?Grande question.Parce que ça arrive au cœur ...

---

> It\'s only a smart lightbulb. Why would anyone want to hack that?  Great question. Because it gets to the heart... ]]> 2023-05-25T19:31:34+00:00 https://www.mcafee.com/blogs/privacy-identity-protection/make-your-smart-home-a-secure-home-too-securing-your-iot-smart-home-devices/ www.secnews.physaphae.fr/article.php?IdArticle=8339536 False Hack None 2.0000000000000000 SecurityWeek - Security News Barracuda Networks avertit les clients du CVE-2023-2868, un jour nul exploité pour pirater certains appareils électroménagers (ESG). .

---

>Barracuda Networks is warning customers about CVE-2023-2868, a zero-day exploited to hack some Email Security Gateway (ESG) appliances. ]]> 2023-05-25T09:56:37+00:00 https://www.securityweek.com/zero-day-vulnerability-exploited-to-hack-barracuda-email-security-gateway-appliances/ www.secnews.physaphae.fr/article.php?IdArticle=8339294 False Hack,Vulnerability None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC providers are making a shift away from it. Cellular: A cellular network provides access to the Internet by transmitting data over the air. The network connects to cellular towers rather than cables in the ground.  While cellular internet has made huge technological advancements with the rollout of 5G, it still has its limitations. Cellular networks currently have lower speed tiers than many wired options – but this may change in the future. Fiber: Fiber optic internet uses a network of bundled strands of glass called fiber optic cables to deliver internet service through pulses of light. Fiber optics are the newest and most reliable type of internet connections. They also offer the highest speed options. Assessing the security of the connections A common way to assess a network is by measuring it against the CIA triad: Confidentiality, Integrity, and Availability. Among the different internet transport types, some are more secure than others because of the way they fulfill the three CIA requirements.  In other words, a secure network will have high levels of confidentiality, integrity, and availability. As of 2023, 5G wireless connections have security layer options and speeds that make them strong contenders in the networking market. However, wired connections are still the primary choice for businesses prioritizing their internet connections due to wired connection’s reliability and bandwidth availability. According to Lozanski, "while a cellular network solution is utilitarian for its mobility and flexibility, wired connections still offer an added layer of security because they will provide faster speeds and performance. A cellular connection can perform like a broadband connection with fluctuations throughout the day, but it won’t offer the same speeds.” Between the two wired connections mentioned, copper and fiber, there is not much competition. With speeds up to 1Tbps, fiber moves at the speed of light and offers availability and reliability that copper wired connections cannot provide.  However, the search for the most secure connection does not stop there. Even though fiber optic connections are made of glass and move at the speed of light, the way the connection is delivered may vary, and in turn offer different levels of security. The simplest way to break down this d]]> 2023-05-24T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/when-internet-security-is-a-requirement-look-to-dedicated-fiber www.secnews.physaphae.fr/article.php?IdArticle=8339032 False Hack,Prediction None 2.0000000000000000 Global Security Mag - Site de news francais rapports spéciaux / / affiche

---

Der im Mai veröffentlichte Halbjahresbericht 2022 des Nationalen Zentrums für Cybersicherheit (NCSC) zeigt insgesamt eine hohe Bedrohungslage besonders für KMU auf. Die Gefahr Opfer einer Ransomware-Infektion zu werden, ist nahezu gleichgeblieben, besonders die russischsprachige Gruppe Lockbit war aktiv und profitiert von ungepatchten Schwachstellen und fehlerhaften Konfigurationen – spätestens nach dem Royal Mail UK Hack hat die Gruppe die Aufmerksamkeit der westlichen Geheimdienste auf sich gezogen, was sich zukünftig nachteilig auf das Ransomware-Business auswirken dürfte. - Sonderberichte / affiche]]> 2023-05-23T13:45:45+00:00 https://www.globalsecuritymag.fr/Bericht-zu-Cyberattacken-2022-Schweizer-KMU-besonders-bedroht.html www.secnews.physaphae.fr/article.php?IdArticle=8338723 False Hack None 2.0000000000000000 knowbe4 - cybersecurity services CyberheistNews Vol 13 #21  |   May 23rd, 2023 [Double Trouble] 78% of Ransomware Victims Face Multiple Extortions in Scary Trend New data sheds light on how likely your organization will succumb to a ransomware attack, whether you can recover your data, and what\'s inhibiting a proper security posture. You have a solid grasp on what your organization\'s cybersecurity stance does and does not include. But is it enough to stop today\'s ransomware attacks? CyberEdge\'s 2023 Cyberthreat Defense Report provides some insight into just how prominent ransomware attacks are and what\'s keeping orgs from stopping them. According to the report, in 2023: 7% of organizations were victims of a ransomware attack 7% of those paid a ransom 73% were able to recover data Only 21.6% experienced solely the encryption of data and no other form of extortion It\'s this last data point that interests me. Nearly 78% of victim organizations experienced one or more additional forms of extortion. CyberEdge mentions threatening to publicly release data, notifying customers or media, and committing a DDoS attack as examples of additional threats mentioned by respondents. IT decision makers were asked to rate on a scale of 1-5 (5 being the highest) what were the top inhibitors of establishing and maintaining an adequate defense. The top inhibitor (with an average rank of 3.66) was a lack of skilled personnel – we\'ve long known the cybersecurity industry is lacking a proper pool of qualified talent. In second place, with an average ranking of 3.63, is low security awareness among employees – something only addressed by creating a strong security culture with new-school security awareness training at the center of it all. Blog post with links:https://blog.knowbe4.com/ransomware-victim-threats [Free Tool] Who Will Fall Victim to QR Code Phishing Attacks? Bad actors have a new way to launch phishing attacks to your users: weaponized QR codes. QR code phishing is especially dangerous because there is no URL to check and messages bypass traditional email filters. With the increased popularity of QR codes, users are more at ]]> 2023-05-23T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-21-double-trouble-78-percent-of-ransomware-victims-face-multiple-extortions-in-scary-trend www.secnews.physaphae.fr/article.php?IdArticle=8338709 False Ransomware,Hack,Tool,Vulnerability,Threat,Prediction ChatGPT 2.0000000000000000 The State of Security - Magazine Américain This one took a bit longer to read than most of the books we review, but that\'s entirely on me… everyone else finished it a while ago. This time around, we\'re looking at How to Hack Like a Legend: Breaking Windows by Sparc Flow. The No Starch Press page says that the book is “packed with interesting tricks, ingenious tips, and links to useful resources to give you a fast-paced, hands-on guide to penetrating and bypassing Microsoft security systems.” The content of the book is quite interesting, and it covers a number of topics including AMSI, Microsoft Advanced Threat Analytics, Kerberoasting...]]> 2023-05-23T03:22:09+00:00 https://www.tripwire.com/state-of-security/tripwirebookclub-how-hack-legend www.secnews.physaphae.fr/article.php?IdArticle=8338671 False Hack,Threat None 2.0000000000000000 The State of Security - Magazine Américain This one took a bit longer to read than most of the books we review, but that\'s entirely on me… everyone else finished it a while ago. This time around, we\'re looking at How to Hack Like a Legend: Breaking Windows by Sparc Flow. The No Starch Press page says that the book is “packed with interesting tricks, ingenious tips, and links to useful resources to give you a fast-paced, hands-on guide to penetrating and bypassing Microsoft security systems.” The content of the book is quite interesting, and it covers a number of topics including AMSI, Microsoft Advanced Threat Analytics, Kerberoasting...]]> 2023-05-23T03:22:09+00:00 http://www.tripwire.com/state-of-security/tripwirebookclub-how-hack-legend www.secnews.physaphae.fr/article.php?IdArticle=8339642 False Hack,Threat None 2.0000000000000000 Bleeping Computer - Magazine Américain Apple has addressed three new zero-day vulnerabilities exploited in attacks to hack into iPhones, Macs, and iPads. [...]]]> 2023-05-18T15:34:54+00:00 https://www.bleepingcomputer.com/news/apple/apple-fixes-three-new-zero-days-exploited-to-hack-iphones-macs/ www.secnews.physaphae.fr/article.php?IdArticle=8337736 False Hack None 2.0000000000000000 knowbe4 - cybersecurity services CyberheistNews Vol 13 #20  |   May 16th, 2023 [Foot in the Door] The Q1 2023\'s Top-Clicked Phishing Scams | INFOGRAPHIC KnowBe4\'s latest reports on top-clicked phishing email subjects have been released for Q1 2023. We analyze "in the wild" attacks reported via our Phish Alert Button, top subjects globally clicked on in phishing tests, top attack vector types, and holiday email phishing subjects. IT and Online Services Emails Drive Dangerous Attack Trend This last quarter\'s results reflect the shift to IT and online service notifications such as laptop refresh or account suspension notifications that can affect your end users\' daily work. Cybercriminals are constantly increasing the damage they cause to organizations by luring unsuspecting employees into clicking on malicious links or downloading fake attachments that seem realistic. Emails that are disguised as coming from an internal source, such as the IT department, are especially dangerous because they appear to come from a trusted place where an employee would not necessarily question it or be as skeptical. Building up your organization\'s human firewall by fostering a strong security culture is essential to outsmart bad actors. The report covers the following: Common "In-The-Wild" Emails for Q1 2023 Top Phishing Email Subjects Globally Top 5 Attack Vector Types Top 10 Holiday Phishing Email Subjects in Q1 2023 This post has a full PDF infographic you can download and share with your users:https://blog.knowbe4.com/q1-2023-top-clicked-phishing [New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blocklist Now there\'s a super easy way to keep malicious emails away from all your users through the power of the KnowBe4 PhishER platform! The new PhishER Blocklist feature lets you use reported messages to prevent future malicious email with the same sender, URL or attachment from reaching other users. Now you can create a unique list of blocklist entries and dramatically improve your Microsoft 365 email filters without ever leaving the PhishER console. Join us TOMORROW, Wednesday, May 17, @ 2:00 PM (ET) for a l]]> 2023-05-16T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-20-foot-in-the-door-the-q1-2023s-top-clicked-phishing-scams-infographic www.secnews.physaphae.fr/article.php?IdArticle=8336951 False Ransomware,Spam,Malware,Hack,Tool,Threat None 2.0000000000000000 SecurityWeek - Security News Australian enterprise software maker TechnologyOne said its internal Microsoft 365 system was compromised in a cyberattack. ]]> 2023-05-12T09:22:58+00:00 https://www.securityweek.com/australian-enterprise-software-maker-technologyone-resumes-trading-following-hack/ www.secnews.physaphae.fr/article.php?IdArticle=8335902 False Hack None 2.0000000000000000 Ars Technica - Risk Assessment Security Hacktivism Engineer tried to claim that the hack was an “unsanctioned security drill.”]]> 2023-05-11T17:59:43+00:00 https://arstechnica.com/?p=1938574 www.secnews.physaphae.fr/article.php?IdArticle=8335713 False Hack None 2.0000000000000000 Recorded Future - FLux Recorded Future Britain\'s National Crime Agency (NCA) won a major legal challenge on Thursday that had threatened to undermine thousands of arrests based on evidence gathered when French and Dutch police hacked the Encrochat messaging service. The Investigatory Powers Tribunal - the only court in the U.K. that can hear complaints about the intelligence services and the

---

Britain\'s National Crime Agency (NCA) won a major legal challenge on Thursday that had threatened to undermine thousands of arrests based on evidence gathered when French and Dutch police hacked the Encrochat messaging service. The Investigatory Powers Tribunal - the only court in the U.K. that can hear complaints about the intelligence services and the]]> 2023-05-11T13:20:00+00:00 https://therecord.media/nca-wins-encrochat-case-hacked-messaging-platform www.secnews.physaphae.fr/article.php?IdArticle=8335643 False Hack None 2.0000000000000000 SecurityWeek - Security News Claroty a divulgué les détails de 5 vulnérabilités qui peuvent être enchaînées dans un exploit permettant aux attaquants non authentifiés de pirater les routeurs Netgear.

---

>Claroty has disclosed the details of 5 vulnerabilities that can be chained in an exploit allowing unauthenticated attackers to hack Netgear routers. ]]> 2023-05-11T13:10:06+00:00 https://www.securityweek.com/details-disclosed-for-exploit-chain-that-allows-hacking-of-netgear-routers/ www.secnews.physaphae.fr/article.php?IdArticle=8335642 False Hack None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A U.K. national has pleaded guilty in connection with the July 2020 Twitter attack affecting numerous high-profile accounts and defrauding other users of the platform. Joseph James O\'Connor, who also went by the online alias PlugwalkJoe, admitted to "his role in cyberstalking and multiple schemes that involve computer hacking, including the July 2020 hack of Twitter," the U.S. Department of]]> 2023-05-10T16:20:00+00:00 https://thehackernews.com/2023/05/mastermind-behind-twitter-2020-hack.html www.secnews.physaphae.fr/article.php?IdArticle=8335186 False Hack None 2.0000000000000000 Recorded Future - FLux Recorded Future Un homme britannique a plaidé coupable à New York mardi à son rôle dans le piratage Twitter de juillet 2020, aux côtés de plusieurs autres cyber-infractions, notamment le vol de crypto-monnaie à travers des attaques d'échange de sim et de cyberterre un mineur.Joseph James O \\ 'Connor, 23 ans, a été extradé vers les États-Unis d'Espagne en avril.Il fait face à 77

---

A British man pleaded guilty in New York on Tuesday to his role in the Twitter hack of July 2020, alongside multiple other cyber offenses including stealing cryptocurrency through SIM swapping attacks and cyberstalking a minor. Joseph James O\'Connor, 23, was extradited to the United States from Spain in April. He faces up to 77]]> 2023-05-10T11:55:00+00:00 https://therecord.media/twitter-hack-guilty-plea-sim-swapping-cyberstalking www.secnews.physaphae.fr/article.php?IdArticle=8335196 False Hack None 2.0000000000000000 SecurityWeek - Security News Joseph James O \\ 'Connor a plaidé coupable pour son rôle dans des plans pour pirater les comptes Twitter de célébrités comme Barack Obama et Elon Musk.

---

>Joseph James O\'Connor pleaded guilty for his role in schemes to hack the Twitter accounts of celebrities like Barack Obama and Elon Musk. ]]> 2023-05-10T09:27:41+00:00 https://www.securityweek.com/twitter-celebrity-hacker-pleads-guilty-in-us/ www.secnews.physaphae.fr/article.php?IdArticle=8335119 False Hack None 2.0000000000000000 Zataz - Magazine Francais de secu 2023-05-10T09:18:04+00:00 https://www.zataz.com/hack-pour-ton-college/ www.secnews.physaphae.fr/article.php?IdArticle=8335121 False Hack None 2.0000000000000000 BBC - BBC News - Technology It was probably the most high-profile hack in social media history, hitting dozens of famous accounts.]]> 2023-05-09T23:51:49+00:00 https://www.bbc.co.uk/news/technology-65540901?at_medium=RSS&at_campaign=KARANGA www.secnews.physaphae.fr/article.php?IdArticle=8335042 False Hack None 2.0000000000000000 Recorded Future - FLux Recorded Future Le géant du stockage de données Western Digital a déclaré que les pirates ont volé une base de données contenant les informations personnelles des clients [lors d'une cyberattaque] (https://therecord.media/western-digital-cyberattack-data-abri) survenu le 26 mars.L'entreprise - qui a eu des revenus en 2022 d'environ 19 milliards de dollars et est surtout connu pour la marque Sandisk de disques durs portables et de cartes mémoire amovibles - a annoncé le piratage

---

Data storage giant Western Digital said hackers stole a database containing the personal information of customers [during a cyberattack](https://therecord.media/western-digital-cyberattack-data-breach) that occurred on March 26. The company - which had 2022 revenues of about $19 billion and is best known for the SanDisk brand of portable hard drives and removable memory cards - announced the hack]]> 2023-05-08T18:12:00+00:00 https://therecord.media/western-digital-stolen-data-hackers www.secnews.physaphae.fr/article.php?IdArticle=8334393 False Hack None 2.0000000000000000 BBC - BBC News - Technology Joseph Sullivan was convicted over covering up a security breach of 57 million user accounts in 2016.]]> 2023-05-05T15:41:29+00:00 https://www.bbc.co.uk/news/technology-65497186?at_medium=RSS&at_campaign=KARANGA www.secnews.physaphae.fr/article.php?IdArticle=8333803 False Hack Uber 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Brightline said the breach was due to a zero-day flaw in Fortra GoAnywhere MFT]]> 2023-05-04T16:30:00+00:00 https://www.infosecurity-magazine.com/news/brightline-hack-exposes-data/ www.secnews.physaphae.fr/article.php?IdArticle=8333522 False Hack None 2.0000000000000000 knowbe4 - cybersecurity services CyberheistNews Vol 13 #18  |   May 2nd, 2023 [Eye on AI] Does ChatGPT Have Cybersecurity Tells? Poker players and other human lie detectors look for "tells," that is, a sign by which someone might unwittingly or involuntarily reveal what they know, or what they intend to do. A cardplayer yawns when they\'re about to bluff, for example, or someone\'s pupils dilate when they\'ve successfully drawn a winning card. It seems that artificial intelligence (AI) has its tells as well, at least for now, and some of them have become so obvious and so well known that they\'ve become internet memes. "ChatGPT and GPT-4 are already flooding the internet with AI-generated content in places famous for hastily written inauthentic content: Amazon user reviews and Twitter," Vice\'s Motherboard observes, and there are some ways of interacting with the AI that lead it into betraying itself for what it is. "When you ask ChatGPT to do something it\'s not supposed to do, it returns several common phrases. When I asked ChatGPT to tell me a dark joke, it apologized: \'As an AI language model, I cannot generate inappropriate or offensive content,\' it said. Those two phrases, \'as an AI language model\' and \'I cannot generate inappropriate content,\' recur so frequently in ChatGPT generated content that they\'ve become memes." That happy state of easy detection, however, is unlikely to endure. As Motherboard points out, these tells are a feature of "lazily executed" AI. With a little more care and attention, they\'ll grow more persuasive. One risk of the AI language models is that they can be adapted to perform social engineering at scale. In the near term, new-school security awareness training can help alert your people to the tells of automated scamming. And in the longer term, that training will adapt and keep pace with the threat as it evolves. Blog post with links:https://blog.knowbe4.com/chatgpt-cybersecurity-tells [Live Demo] Ridiculously Easy Security Awareness Training and Phishing Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense. Join us TOMORROW, Wednesday, May 3, @ 2:00 PM (ET), for a live demonstration of how KnowBe4]]> 2023-05-02T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-18-eye-on-ai-does-chatgpt-have-cybersecurity-tells www.secnews.physaphae.fr/article.php?IdArticle=8332823 False Ransomware,Malware,Hack,Threat ChatGPT,ChatGPT 2.0000000000000000 Wired Threat Level - Security News The attackers were in thousands of corporate and government networks. They might still be there now. Behind the scenes of the SolarWinds investigation.]]> 2023-05-02T10:00:00+00:00 https://www.wired.com/story/the-untold-story-of-solarwinds-the-boldest-supply-chain-hack-ever/ www.secnews.physaphae.fr/article.php?IdArticle=8332750 False Hack None 2.0000000000000000 Ars Technica - Risk Assessment Security Hacktivism Hack affecting 836 subscribers, lasted for more than a month before it was discovered.]]> 2023-05-01T23:40:36+00:00 https://arstechnica.com/?p=1935885 www.secnews.physaphae.fr/article.php?IdArticle=8332670 False Data Breach,Hack None 2.0000000000000000 Recorded Future - FLux Recorded Future Des centaines de fonds de pension au Royaume-Uni ont été invités à vérifier si leurs clients ont été volés à la suite du piratage de Capita en mars.Capita, la plus grande entreprise d'externalisation du pays, détient des contrats pour administrer les systèmes de paiement pour les fonds de pension utilisés par plus de 4 millions de personnes en Grande-Bretagne.Le

---

Hundreds of pension funds in the United Kingdom have been told to check whether their clients\' data had been stolen as a result of the Capita hack in March. Capita, the country\'s largest outsourcing company, holds contracts to administer the payment systems for pension funds used by more than 4 million individuals in Britain. The]]> 2023-05-01T12:09:00+00:00 https://therecord.media/uk-pensions-regulator-capita-data-breach www.secnews.physaphae.fr/article.php?IdArticle=8332530 False Hack None 3.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain un hacker & # 8217; s esprit , est rempli d'histoires sur les systèmes de piratage riches et puissants, mais il était difficile de trouver des histoires de piratage par les moins puissants.Voici celui que je viens de trouver.Un Article Les grandes entreprises travaillent par inadvertance à un piratage d'employé pour éviter d'être licencié: Le logiciel & # 8230; Le logiciel effectue une analyse statistique lors des terminaisons pour voir si certains groupes sont affectés négativement, ont déclaré que ces revues peuvent découvrir d'autres problèmes.Sur une liste de candidats à la mise à pied, une entreprise pourrait constater qu'il est sur le point de licencier par inadvertance un employé qui a précédemment ouvert une plainte contre un gestionnaire & # 8212; une décision qui pourrait être considérée comme des représailles, a-t-elle dit ...

---

My latest book, A Hacker’s Mind, is filled with stories about the rich and powerful hacking systems, but it was hard to find stories of the hacking by the less powerful. Here’s one I just found. An article on how layoffs at big companies work inadvertently suggests an employee hack to avoid being fired: …software performs a statistical analysis during terminations to see if certain groups are adversely affected, said such reviews can uncover other problems. On a list of layoff candidates, a company might find it is about to fire inadvertently an employee who previously opened a complaint against a manager—a move that could be seen as retaliation, she said...]]> 2023-04-28T19:15:12+00:00 https://www.schneier.com/blog/archives/2023/04/hacking-the-layoff-process.html www.secnews.physaphae.fr/article.php?IdArticle=8331978 False Hack None 3.0000000000000000 Naked Security - Blog sophos When Doug says, "Happy Remote Code Execution Day, Duck"... it\'s irony. For the avoidance of all doubt :-)]]> 2023-04-27T16:55:18+00:00 https://nakedsecurity.sophos.com/2023/04/27/s3-ep132-proof-of-concept-lets-anyone-hack-at-will/ www.secnews.physaphae.fr/article.php?IdArticle=8331614 False Hack None 3.0000000000000000 knowbe4 - cybersecurity services CyberheistNews Vol 13 #16  |   April 18th, 2023 [Finger on the Pulse]: How Phishers Leverage Recent AI Buzz Curiosity leads people to suspend their better judgment as a new campaign of credential theft exploits a person\'s excitement about the newest AI systems not yet available to the general public. On Tuesday morning, April 11th, Veriti explained that several unknown actors are making false Facebook ads which advertise a free download of AIs like ChatGPT and Google Bard. Veriti writes "These posts are designed to appear legitimate, using the buzz around OpenAI language models to trick unsuspecting users into downloading the files. However, once the user downloads and extracts the file, the Redline Stealer (aka RedStealer) malware is activated and is capable of stealing passwords and downloading further malware onto the user\'s device." Veriti describes the capabilities of the Redline Stealer malware which, once downloaded, can take sensitive information like credit card numbers, passwords, and personal information like user location, and hardware. Veriti added "The malware can upload and download files, execute commands, and send back data about the infected computer at regular intervals." Experts recommend using official Google or OpenAI websites to learn when their products will be available and only downloading files from reputable sources. With the rising use of Google and Facebook ads as attack vectors experts also suggest refraining from clicking on suspicious advertisements promising early access to any product on the Internet. Employees can be helped to develop sound security habits like these by stepping them through monthly social engineering simulations. Blog post with links:https://blog.knowbe4.com/ai-hype-used-for-phishbait [New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blocklist Now there\'s a super easy way to keep malicious emails away from all your users through the power of the KnowBe4 PhishER platform! The new PhishER Blocklist feature lets you use reported messages to prevent future malicious email with the same sender, URL or attachment from reaching other users. Now you can create a unique list of blocklist entries and dramatically improve your Microsoft 365 email filters with]]> 2023-04-25T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-17-head-start-effective-methods-how-to-teach-social-engineering-to-an-ai www.secnews.physaphae.fr/article.php?IdArticle=8330904 False Spam,Malware,Hack,Threat ChatGPT,ChatGPT,APT 28 3.0000000000000000 InformationSecurityBuzzNews - Site de News Securite A fake giveaway fraud that resulted in the theft of more than $22.6K in cryptocurrency was promoted by attackers after their access to KuCoin’s Twitter account was compromised. The bitcoin trading and exchange platform has pledged to fully compensate victims for all losses resulting from the hack of its official Twitter handle, which has been […]]]> 2023-04-24T17:45:05+00:00 https://informationsecuritybuzz.com/kucoin-twitter-account-hacked-losses-crypto-scam/ www.secnews.physaphae.fr/article.php?IdArticle=8330681 False Hack None 2.0000000000000000 Wired Threat Level - Security News To protect its Confidential Computing cloud infrastructure and gain critical insights, Google leans on its relationships with chipmakers.]]> 2023-04-24T17:12:21+00:00 https://www.wired.com/story/intel-google-cloud-chip-security/ www.secnews.physaphae.fr/article.php?IdArticle=8330675 False Hack,Cloud None 3.0000000000000000 SecurityWeek - Security News La vulnérabilité critique trouvée dans INEA RTU peut être exploitée pour pirater à distance les appareils et provoquer des perturbations dans les organisations industrielles.

---

>Critical vulnerability found in Inea RTU can be exploited to remotely hack devices and cause disruption in industrial organizations. ]]> 2023-04-24T11:42:12+00:00 https://www.securityweek.com/critical-flaw-in-inea-ics-product-exposes-industrial-organizations-to-remote-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8330566 False Hack,Vulnerability,Industrial None 4.0000000000000000 Wired Threat Level - Security News Apple thwarts NSO\'s spyware, the rise of a GPT-4 black market, Russia targets Starlink internet connections, and more.]]> 2023-04-22T13:00:00+00:00 https://www.wired.com/story/car-hacker-theft-can-security-roundup/ www.secnews.physaphae.fr/article.php?IdArticle=8330222 False Hack None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Lazarus, the prolific North Korean hacking group behind the cascading supply chain attack targeting 3CX, also breached two critical infrastructure organizations in the power and energy sector and two other businesses involved in financial trading using the trojanized X_TRADER application. The new findings, which come courtesy of Symantec\'s Threat Hunter Team, confirm earlier suspicions that the]]> 2023-04-22T12:16:00+00:00 https://thehackernews.com/2023/04/lazarus-xtrader-hack-impacts-critical.html www.secnews.physaphae.fr/article.php?IdArticle=8330173 False Hack,Threat APT 38 2.0000000000000000 SecurityWeek - Security News 3CX Hack est la première attaque de chaîne d'approvisionnement en cascade connue, la violation commençant après qu'un employé a téléchargé un logiciel compromis d'une autre entreprise.

---

>3CX hack is the first known cascading supply chain attack, with the breach starting after an employee downloaded compromised software from a different firm. ]]> 2023-04-20T13:38:56+00:00 https://www.securityweek.com/cascading-supply-chain-attack-3cx-hacked-after-employee-downloaded-trojanized-app/ www.secnews.physaphae.fr/article.php?IdArticle=8329670 False Hack None 4.0000000000000000 Bleeping Computer - Magazine Américain An investigation into last month\'s 3CX supply chain attack discovered that it was caused by another supply chain compromise where suspected North Korean attackers breached the site of stock trading automation company Trading Technologies to push trojanized software builds. [...]]]> 2023-04-20T08:00:00+00:00 https://www.bleepingcomputer.com/news/security/3cx-hack-caused-by-trading-software-supply-chain-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8329654 False Hack None 3.0000000000000000 Dark Reading - Informationweek Branch The nation-stage threat group deployed custom malware on archaic versions of Cisco\'s router operating system. Experts warn that such attacks targeting network infrastructure are on the rise.]]> 2023-04-19T21:40:00+00:00 https://www.darkreading.com/attacks-breaches/russian-fancy-bear-apt-exploited-unpatched-cisco-routers-to-hack-us-eu-government-agencies www.secnews.physaphae.fr/article.php?IdArticle=8329462 False Malware,Hack,Threat APT 28 2.0000000000000000 BBC - BBC News - Technology People wishing to work with children or gain emigration visas are still facing long delays.]]> 2023-04-19T13:39:53+00:00 https://www.bbc.co.uk/news/technology-65324125?at_medium=RSS&at_campaign=KARANGA www.secnews.physaphae.fr/article.php?IdArticle=8329351 False Hack None 2.0000000000000000 SecurityWeek - Security News Les agences gouvernementales américaines et britanniques ont émis un avertissement conjoint pour le groupe russe APT28 ciblant les routeurs Cisco en exploitant une ancienne vulnérabilité.

---

>US and UK government agencies have issued a joint warning for Russian group APT28 targeting Cisco routers by exploiting an old vulnerability. ]]> 2023-04-19T09:03:31+00:00 https://www.securityweek.com/us-uk-russia-exploiting-old-vulnerability-to-hack-cisco-routers/ www.secnews.physaphae.fr/article.php?IdArticle=8329305 False Hack,Vulnerability APT 28 2.0000000000000000 knowbe4 - cybersecurity services CyberheistNews Vol 13 #16  |   April 18th, 2023 [Finger on the Pulse]: How Phishers Leverage Recent AI Buzz Curiosity leads people to suspend their better judgment as a new campaign of credential theft exploits a person\'s excitement about the newest AI systems not yet available to the general public. On Tuesday morning, April 11th, Veriti explained that several unknown actors are making false Facebook ads which advertise a free download of AIs like ChatGPT and Google Bard. Veriti writes "These posts are designed to appear legitimate, using the buzz around OpenAI language models to trick unsuspecting users into downloading the files. However, once the user downloads and extracts the file, the Redline Stealer (aka RedStealer) malware is activated and is capable of stealing passwords and downloading further malware onto the user\'s device." Veriti describes the capabilities of the Redline Stealer malware which, once downloaded, can take sensitive information like credit card numbers, passwords, and personal information like user location, and hardware. Veriti added "The malware can upload and download files, execute commands, and send back data about the infected computer at regular intervals." Experts recommend using official Google or OpenAI websites to learn when their products will be available and only downloading files from reputable sources. With the rising use of Google and Facebook ads as attack vectors experts also suggest refraining from clicking on suspicious advertisements promising early access to any product on the Internet. Employees can be helped to develop sound security habits like these by stepping them through monthly social engineering simulations. Blog post with links:https://blog.knowbe4.com/ai-hype-used-for-phishbait [New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blocklist Now there\'s a super easy way to keep malicious emails away from all your users through the power of the KnowBe4 PhishER platform! The new PhishER Blocklist feature lets you use reported messages to prevent future malicious email with the same sender, URL or attachment from reaching other users. Now you can create a unique list of blocklist entries and dramatically improve your Microsoft 365 email filters without ever leav]]> 2023-04-18T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-16-finger-on-the-pulse-how-phishers-leverage-recent-ai-buzz www.secnews.physaphae.fr/article.php?IdArticle=8328885 False Spam,Malware,Hack,Threat ChatGPT,ChatGPT,APT 28 3.0000000000000000 InformationSecurityBuzzNews - Site de News Securite Ransomware struck American payments company NCR datacenter, focusing on one of its data facilities in Aloha, Hawaii. A few days after beginning to look into a “problem” with its Aloha restaurant point-of-sale (PoS) product, the company disclosed the hack on Saturday. The warning states, “On April 13, we confirmed that the downtime was caused by […]]]> 2023-04-17T21:32:43+00:00 https://informationsecuritybuzz.com/ncr-datacenter-affected-massive-ransomware-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8328709 False Ransomware,Hack None 2.0000000000000000 Dark Reading - Informationweek Branch Learning how to break the latest AI models is important, but security researchers should also question whether there are enough guardrails to prevent the technology\'s misuse.]]> 2023-04-17T20:01:00+00:00 https://www.darkreading.com/remote-workforce/pentesters-need-to-hack-ai-question-its-existence www.secnews.physaphae.fr/article.php?IdArticle=8328689 False Hack None 2.0000000000000000 Recorded Future - FLux Recorded Future Le gouvernement de l'État australien de Tasmanie a confirmé vendredi «environ 150 000 personnes et entreprises» dans l'État insulaire ont été directement affectées par le piratage du produit de transfert de fichiers Goanywhere de Fortra \\.Dans [une mise à jour] (https://www.premier.tas.gov.au/site_resources_2015/additional_releases/update-on-cyber-investigation3) du ministre de la Science et de la technologie de l'État, Madeleine Ogilvie, The Tasmanian \'s Science, Madeleine Ogilvie, TasmanianLe gouvernement a déclaré qu'il continuait à enquêter sur le

---

The government of the Australian state of Tasmania confirmed on Friday “approximately 150,000 individuals and businesses” in the island state were directly affected by the hack of Fortra\'s GoAnywhere file transfer product. In [an update](https://www.premier.tas.gov.au/site_resources_2015/additional_releases/update-on-cyber-investigation3) from the state\'s minister for science and technology, Madeleine Ogilvie, the Tasmanian government said it is continuing to investigate the]]> 2023-04-14T12:17:00+00:00 https://therecord.media/tasmania-data-breach-clop-150000-affected www.secnews.physaphae.fr/article.php?IdArticle=8327763 False Ransomware,Hack None 2.0000000000000000 SecurityWeek - Security News Les systèmes d'irrigation ont été perturbés récemment en Israël dans une attaque qui montre à nouveau à quel point il est facile de pirater les systèmes de contrôle industriel (ICS).

---

>Irrigation systems were disrupted recently in Israel in an attack that once again shows how easy it is to hack industrial control systems (ICS). ]]> 2023-04-13T10:04:00+00:00 https://www.securityweek.com/irrigation-systems-in-israel-disrupted-by-hacker-attacks-on-ics/ www.secnews.physaphae.fr/article.php?IdArticle=8327384 False Hack,Industrial None 3.0000000000000000 knowbe4 - cybersecurity services CyberheistNews Vol 13 #15  |   April 11th, 2023 [The New Face of Fraud] FTC Sheds Light on AI-Enhanced Family Emergency Scams The Federal Trade Commission is alerting consumers about a next-level, more sophisticated family emergency scam that uses AI which imitates the voice of a "family member in distress." They started out with: "You get a call. There\'s a panicked voice on the line. It\'s your grandson. He says he\'s in deep trouble - he wrecked the car and landed in jail. But you can help by sending money. You take a deep breath and think. You\'ve heard about grandparent scams. But darn, it sounds just like him. How could it be a scam? Voice cloning, that\'s how." "Don\'t Trust The Voice" The FTC explains: "Artificial intelligence is no longer a far-fetched idea out of a sci-fi movie. We\'re living with it, here and now. A scammer could use AI to clone the voice of your loved one. All he needs is a short audio clip of your family member\'s voice - which he could get from content posted online - and a voice-cloning program. When the scammer calls you, he\'ll sound just like your loved one. "So how can you tell if a family member is in trouble or if it\'s a scammer using a cloned voice? Don\'t trust the voice. Call the person who supposedly contacted you and verify the story. Use a phone number you know is theirs. If you can\'t reach your loved one, try to get in touch with them through another family member or their friends." Full text of the alert is at the FTC website. Share with friends, family and co-workers:https://blog.knowbe4.com/the-new-face-of-fraud-ftc-sheds-light-on-ai-enhanced-family-emergency-scams A Master Class on IT Security: Roger A. Grimes Teaches Ransomware Mitigation Cybercriminals have become thoughtful about ransomware attacks; taking time to maximize your organization\'s potential damage and their payoff. Protecting your network from this growing threat is more important than ever. And nobody knows this more than Roger A. Grimes, Data-Driven Defense Evangelist at KnowBe4. With 30+ years of experience as a computer security consultant, instructor, and award-winning author, Roger has dedicated his life to making]]> 2023-04-11T13:16:54+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-15-the-new-face-of-fraud-ftc-sheds-light-on-ai-enhanced-family-emergency-scams www.secnews.physaphae.fr/article.php?IdArticle=8326650 False Ransomware,Data Breach,Spam,Malware,Hack,Tool,Threat ChatGPT,ChatGPT 2.0000000000000000 knowbe4 - cybersecurity services 2023-04-11T12:00:00+00:00 https://blog.knowbe4.com/free-tool-securitycoach-free-preview www.secnews.physaphae.fr/article.php?IdArticle=8326601 False Data Breach,Hack None 2.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Les déclarations du FBI et de l'ancien directeur de la ville d'Oldsmar indiquent ce qui s'est passé à l'usine peut ne pas avoir été l'œuvre d'un pirate extérieur.

---

>Statements from the FBI and former Oldsmar city manager indicate what happened at the plant may not have been the work of an outside hacker. ]]> 2023-04-10T18:34:05+00:00 https://cyberscoop.com/water-oldsmar-incident-cyberattack/ www.secnews.physaphae.fr/article.php?IdArticle=8326404 False Hack None 3.0000000000000000 Bleeping Computer - Magazine Américain The Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to patch two security vulnerabilities actively exploited in the wild to hack iPhones, Macs, and iPads. [...]]]> 2023-04-10T12:24:43+00:00 https://www.bleepingcomputer.com/news/security/cisa-orders-govt-agencies-to-update-iphones-macs-by-may-1st/ www.secnews.physaphae.fr/article.php?IdArticle=8326366 False Hack None 2.0000000000000000 The Register - Site journalistique Anglais 2023-04-10T08:28:05+00:00 https://go.theregister.com/feed/www.theregister.com/2023/04/10/who_me/ www.secnews.physaphae.fr/article.php?IdArticle=8326292 False Hack None 2.0000000000000000 Naked Security - Blog sophos A bug to hack your browser, then a bug to pwn the kernel... reported from the wild by Amnesty International.]]> 2023-04-08T01:20:44+00:00 https://nakedsecurity.sophos.com/2023/04/08/apple-issues-emergency-patches-for-spyware-style-0-day-exploits-update-now/ www.secnews.physaphae.fr/article.php?IdArticle=8325953 False Hack None 3.0000000000000000 Bleeping Computer - Magazine Américain Apple has released emergency security updates to address two new zero-day vulnerabilities exploited in attacks to compromise iPhones, Macs, and iPads. [...]]]> 2023-04-07T14:22:20+00:00 https://www.bleepingcomputer.com/news/apple/apple-fixes-two-zero-days-exploited-to-hack-iphones-and-macs/ www.secnews.physaphae.fr/article.php?IdArticle=8325888 False Hack None 2.0000000000000000 Zataz - Magazine Francais de secu 2023-04-07T14:20:59+00:00 https://www.zataz.com/les-jo-2024-ont-deja-debute-pour-les-hackers/ www.secnews.physaphae.fr/article.php?IdArticle=8325825 False Hack None 3.0000000000000000 Dark Reading - Informationweek Branch Your family\'s SUV could be gone in the night thanks to a headlight crack and hack attack.]]> 2023-04-07T13:00:00+00:00 https://www.darkreading.com/attacks-breaches/cybercriminals-can-steal-your-car-novel-iot-hack www.secnews.physaphae.fr/article.php?IdArticle=8325776 False Hack None 2.0000000000000000 SecurityWeek - Security News Un haut-parleur portable d'aspect innocent peut masquer un dispositif de piratage qui lance des attaques d'injection de Can, qui ont été utilisées pour voler des voitures.

---

>An innocent-looking portable speaker can hide a hacking device that launches CAN injection attacks, which have been used to steal cars. ]]> 2023-04-06T13:42:04+00:00 https://www.securityweek.com/thieves-use-can-injection-hack-to-steal-cars/ www.secnews.physaphae.fr/article.php?IdArticle=8325469 False Hack None 3.0000000000000000 Naked Security - Blog sophos Grab a message/Play it back/You\'ve just performed/A big phat hack...]]> 2023-04-05T18:49:18+00:00 https://nakedsecurity.sophos.com/2023/04/05/us-government-warning-what-if-anyone-could-open-your-garage-door/ www.secnews.physaphae.fr/article.php?IdArticle=8325466 False Hack None 2.0000000000000000 CVE Liste - Common Vulnerability Exposure GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to versions 9.5.13 and 10.0.7, a user with dashboard administration rights may hack the dashboard form to store malicious code that will be executed when other users will use the related dashboard. Versions 9.5.13 and 10.0.7 contain a patch for this issue.]]> 2023-04-05T18:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28852 www.secnews.physaphae.fr/article.php?IdArticle=8325243 False Hack None None knowbe4 - cybersecurity services CyberheistNews Vol 13 #14  |   April 4th, 2023 [Eyes on the Prize] How Crafty Cons Attempted a 36 Million Vendor Email Heist The details in this thwarted VEC attack demonstrate how the use of just a few key details can both establish credibility and indicate the entire thing is a scam. It\'s not every day you hear about a purely social engineering-based scam taking place that is looking to run away with tens of millions of dollars. But, according to security researchers at Abnormal Security, cybercriminals are becoming brazen and are taking their shots at very large prizes. This attack begins with a case of VEC – where a domain is impersonated. In the case of this attack, the impersonated vendor\'s domain (which had a .com top level domain) was replaced with a matching .cam domain (.cam domains are supposedly used for photography enthusiasts, but there\'s the now-obvious problem with it looking very much like .com to the cursory glance). The email attaches a legitimate-looking payoff letter complete with loan details. According to Abnormal Security, nearly every aspect of the request looked legitimate. The telltale signs primarily revolved around the use of the lookalike domain, but there were other grammatical mistakes (that can easily be addressed by using an online grammar service or ChatGPT). This attack was identified well before it caused any damage, but the social engineering tactics leveraged were nearly enough to make this attack successful. Security solutions will help stop most attacks, but for those that make it past scanners, your users need to play a role in spotting and stopping BEC, VEC and phishing attacks themselves – something taught through security awareness training combined with frequent simulated phishing and other social engineering tests. Blog post with screenshots and links:https://blog.knowbe4.com/36-mil-vendor-email-compromise-attack [Live Demo] Ridiculously Easy Security Awareness Training and Phishing Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense. Join us TOMORROW, Wednesday, April 5, @ 2:00 PM (ET), for a live demo of how KnowBe4 i]]> 2023-04-04T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-14-eyes-on-the-price-how-crafty-cons-attempted-a-36-million-vendor-email-heist www.secnews.physaphae.fr/article.php?IdArticle=8324667 False Ransomware,Malware,Hack,Threat ChatGPT,ChatGPT,APT 43 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The adversary behind the supply chain attack targeting 3CX deployed a second-stage implant specifically singling out a small number of cryptocurrency companies. Russian cybersecurity firm Kaspersky, which has been internally tracking the versatile backdoor under the name Gopuram since 2020, said it observed an increase in the number of infections in March 2023 coinciding with the 3CX breach.]]> 2023-04-04T09:24:00+00:00 https://thehackernews.com/2023/04/cryptocurrency-companies-targeted-in.html www.secnews.physaphae.fr/article.php?IdArticle=8324564 False Hack,Threat None 3.0000000000000000 Wired Threat Level - Security News North Korean hackers appear to have used the corrupted VoIP software to go after just a handful of crypto firms with "surgical precision."]]> 2023-04-03T18:03:55+00:00 https://www.wired.com/story/3cx-supply-chain-attack-north-korea-cryptocurrency-targets/ www.secnews.physaphae.fr/article.php?IdArticle=8324410 False Hack None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine It will be a resource for DoD organizations, vendors and security researchers]]> 2023-04-03T16:30:00+00:00 https://www.infosecurity-magazine.com/news/us-website-hack-pentagon-bug-bounty/ www.secnews.physaphae.fr/article.php?IdArticle=8324404 False Hack None 2.0000000000000000 InformationSecurityBuzzNews - Site de News Securite Capita has acknowledged that a cyberattack occurred last Friday. Many clients across the UK, including government organizations, experienced disruption due to the incident, which disrupted access to internal Microsoft Office 365 apps at the IT services and consultancy firm. In a statement sent to shareholders this morning, Capita stated that the hack did not compromise […]]]> 2023-04-03T16:04:36+00:00 https://informationsecuritybuzz.com/capita-cyberattack-microsoft-office-365-inaccessible/ www.secnews.physaphae.fr/article.php?IdArticle=8324382 False Hack None 3.0000000000000000 SecurityWeek - Security News Une vulnérabilité sévère dans le plugin Elementor Pro WordPress est exploitée pour injecter des logiciels malveillants en sites Web vulnérables.

---

>A severe vulnerability in the Elementor Pro WordPress plugin is being exploited to inject malware into vulnerable websites. ]]> 2023-04-03T13:47:40+00:00 https://www.securityweek.com/elementor-pro-plugin-vulnerability-exploited-to-hack-wordpress-websites/ www.secnews.physaphae.fr/article.php?IdArticle=8324366 False Malware,Hack,Vulnerability None 2.0000000000000000 SecurityWeek - Security News L'Europe, les États-Unis et l'Australie semblent être les plus touchées par le hack de chaîne d'approvisionnement 3CX, selon les données de deux sociétés de cybersécurité.

---

>Europe, the United States and Australia seem to be the most impacted by the 3CX supply chain hack, according to data from two cybersecurity firms. ]]> 2023-04-03T10:13:07+00:00 https://www.securityweek.com/europe-north-america-most-impacted-by-3cx-supply-chain-hack/ www.secnews.physaphae.fr/article.php?IdArticle=8324337 False Hack None 2.0000000000000000 Zataz - Magazine Francais de secu 2023-04-03T08:26:07+00:00 https://www.zataz.com/un-espace-google-utilise-par-un-pirate-informatique/ www.secnews.physaphae.fr/article.php?IdArticle=8324304 False Hack,Threat None 3.0000000000000000 Recorded Future - FLux Recorded Future L'attaque de la chaîne d'approvisionnement contre la société de téléphone d'entreprise 3CX a utilisé le code de piratage qui «correspond exactement» au malware maltraité précédemment dans les attaques par un groupe nord-coréen notoire, selon une nouvelle analyse.L'établissement de l'étendue des dommages causés par le pirat

---

The supply-chain attack on the enterprise phone company 3CX used hacking code that “exactly matches” malware previously seen in attacks by a notorious North Korean group, according to new analysis. Establishing the extent of the damage caused by the hack has been a priority for researchers after a number of cybersecurity businesses went public with]]> 2023-03-31T12:16:00+00:00 https://therecord.media/3cx-attack-north-korea-lazarus-group www.secnews.physaphae.fr/article.php?IdArticle=8323753 False Malware,Hack APT 38 2.0000000000000000 SecurityWeek - Security News Plusieurs sociétés de cybersécurité ont publié des articles de blog, des avis et des outils pour aider les organisations qui pourraient avoir été frappées par l'attaque de la chaîne d'approvisionnement 3CX.

---

>Several cybersecurity companies have published blog posts, advisories and tools to help organizations that may have been hit by the 3CX supply chain attack. ]]> 2023-03-31T11:15:07+00:00 https://www.securityweek.com/mandiant-investigating-3cx-hack-as-evidence-shows-attackers-had-access-for-months/ www.secnews.physaphae.fr/article.php?IdArticle=8323739 False Hack None 2.0000000000000000 Ars Technica - Risk Assessment Security Hacktivism Group tracked since 2021 exploits unpatched Zimbra servers to hack email accounts.]]> 2023-03-30T12:19:17+00:00 https://arstechnica.com/?p=1927817 www.secnews.physaphae.fr/article.php?IdArticle=8323457 False Hack None 3.0000000000000000 knowbe4 - cybersecurity services CyberheistNews Vol 13 #13  |   March 28th, 2023 [Eye Opener] How to Outsmart Sneaky AI-Based Phishing Attacks Users need to adapt to an evolving threat landscape in which attackers can use AI tools like ChatGPT to craft extremely convincing phishing emails, according to Matthew Tyson at CSO. "A leader tasked with cybersecurity can get ahead of the game by understanding where we are in the story of machine learning (ML) as a hacking tool," Tyson writes. "At present, the most important area of relevance around AI for cybersecurity is content generation. "This is where machine learning is making its greatest strides and it dovetails nicely for hackers with vectors such as phishing and malicious chatbots. The capacity to craft compelling, well-formed text is in the hands of anyone with access to ChatGPT, and that\'s basically anyone with an internet connection." Tyson quotes Conal Gallagher, CIO and CISO at Flexera, as saying that since attackers can now write grammatically correct phishing emails, users will need to pay attention to the circumstances of the emails. "Looking for bad grammar and incorrect spelling is a thing of the past - even pre-ChatGPT phishing emails have been getting more sophisticated," Gallagher said. "We must ask: \'Is the email expected? Is the from address legit? Is the email enticing you to click on a link?\' Security awareness training still has a place to play here." Tyson explains that technical defenses have become very effective, so attackers focus on targeting humans to bypass these measures. "Email and other elements of software infrastructure offer built-in fundamental security that largely guarantees we are not in danger until we ourselves take action," Tyson writes. "This is where we can install a tripwire in our mindsets: we should be hyper aware of what it is we are acting upon when we act upon it. "Not until an employee sends a reply, runs an attachment, or fills in a form is sensitive information at risk. The first ring of defense in our mentality should be: \'Is the content I\'m looking at legit, not just based on its internal aspects, but given the entire context?\' The second ring of defense in our mentality then has to be, \'Wait! I\'m being asked to do something here.\'" New-school security awareness training with simulated phishing tests enables your employees to recognize increasingly sophisticated phishing attacks and builds a strong security culture. Remember: Culture eats strategy for breakfast and is always top-down. Blog post with links:https://blog.knowbe4.com/identifying-ai-enabled-phishing ]]> 2023-03-28T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-13-eye-opener-how-to-outsmart-sneaky-ai-based-phishing-attacks www.secnews.physaphae.fr/article.php?IdArticle=8322503 False Ransomware,Malware,Hack,Tool,Threat,Guideline ChatGPT,ChatGPT 3.0000000000000000 Hacking Articles - Blog de Raj Chandel Summary Blackfield is a windows Active Directory machine and is considered as hard box by the hack the box. This box has various interesting vulnerabilities,]]> 2023-03-24T12:45:57+00:00 https://www.hackingarticles.in/blackfield-hackthebox-walkthrough/ www.secnews.physaphae.fr/article.php?IdArticle=8321223 False Hack None 2.0000000000000000 Recorded Future - FLux Recorded Future Le Fonds de protection contre les pensions du Royaume-Uni, l'un des plus grands propriétaires d'actifs de Grande-Bretagne, Gestion & Pound; 39 milliards, a confirmé qu'il avait été affecté par le piratage du service de transfert de fichiers populaire Goanywhere.Un grand nombre d'organisations ont confirmé ces derniers jours que les pirates avaient accédé à leurs données en relation avec l'incident, y compris [la ville de Toronto

---

The U.K. Pension Protection Fund, one of Britain\'s largest asset owners, managing £39 billion, has confirmed it has been affected by the hack of popular file transfer service GoAnywhere. A large number of organizations have confirmed in recent days that hackers had accessed their data in connection to the incident, including [the City of Toronto]]> 2023-03-24T12:10:00+00:00 https://therecord.media/uk-pension-protection-fund-clop-goanywhere-fortra www.secnews.physaphae.fr/article.php?IdArticle=8321231 False Hack None 3.0000000000000000 Global Security Mag - Site de news francais mise à jour malveillant

---

Following the news that former and current Australian employees of Rio Tinto may have had Personal data stolen by a cybercriminal group, Paul Brucciani Cyber Security Advisor at WithSecure explain. - Malware Update]]> 2023-03-23T16:57:08+00:00 https://www.globalsecuritymag.fr/Expert-comment-WithSecure-On-the-recent-Rio-Tinto-hack.html www.secnews.physaphae.fr/article.php?IdArticle=8320949 False Hack,General Information None 1.00000000000000000000 Dark Reading - Informationweek Branch Accidentally typing a password in the username field of the platform saves them to audit logs, to which threat actors can gain access and use to compromise enterprise services.]]> 2023-03-23T15:18:39+00:00 https://www.darkreading.com/endpoint/okta-post-exploit-method-exposes-user-passwords www.secnews.physaphae.fr/article.php?IdArticle=8320937 False Hack,Threat None 2.0000000000000000 01net. Actualites - Securite - Magazine Francais Des hackers ont découvert une faille de sécurité dans certains distributeurs automatiques de Bitcoin. En exploitant la brèche, ils ont volé 1,5 million de dollars en cryptomonnaies à l'insu du fabricant, General Bytes.]]> 2023-03-23T14:00:11+00:00 https://www.01net.com/actualites/bitcoin-pirates-depouille-distributeurs-automatiques-cryptos.html www.secnews.physaphae.fr/article.php?IdArticle=8320911 False Hack None 3.0000000000000000 Bleeping Computer - Magazine Américain A malicious Python package on PyPI uses Unicode as an obfuscation technique to evade detection while stealing and exfiltrating developers\' account credentials and other sensitive data from compromised devices. [...]]]> 2023-03-23T11:09:06+00:00 https://www.bleepingcomputer.com/news/security/python-info-stealing-malware-uses-unicode-to-evade-detection/ www.secnews.physaphae.fr/article.php?IdArticle=8320929 False Malware,Hack None 3.0000000000000000 InformationSecurityBuzzNews - Site de News Securite A notice has been issued by the National Basketball Association (NBA) to inform its fans about a data breach incident that resulted in the theft of certain personal information. An email titled “Notice of Cybersecurity Incident” to an unspecified number of fans informing them that an unauthorized third party had obtained their name and email […]]]> 2023-03-21T15:36:27+00:00 https://informationsecuritybuzz.com/nba-alerts-hack-third-party-service-provider/ www.secnews.physaphae.fr/article.php?IdArticle=8320246 False Data Breach,Hack None 2.0000000000000000 SecurityWeek - Security News Cryptocurrency ATM maker General Bytes discloses a security incident resulting in the theft of millions of dollars' worth of crypto-coins. ]]> 2023-03-20T14:35:48+00:00 https://www.securityweek.com/millions-stolen-in-hack-at-cryptocurrency-atm-manufacturer-general-bytes/ www.secnews.physaphae.fr/article.php?IdArticle=8319970 False Hack None 2.0000000000000000 Recorded Future - FLux Recorded Future The National Basketball Association (NBA) said it is contacting fans after an unnamed service provider was hacked. An NBA spokesperson did not respond to questions about what service provider was hacked and when, but told The Record that the league is now trying to help those affected. “We were recently made aware that an unauthorized]]> 2023-03-20T13:29:00+00:00 https://therecord.media/nba-third-party-service-provider-hacked www.secnews.physaphae.fr/article.php?IdArticle=8319938 False Hack None 2.0000000000000000 The Register - Site journalistique Anglais 2023-03-16T16:31:10+00:00 https://go.theregister.com/feed/www.theregister.com/2023/03/16/remarkable_launches_type_folio_keyboard/ www.secnews.physaphae.fr/article.php?IdArticle=8319162 False Hack,Tool None 2.0000000000000000 Bleeping Computer - Magazine Américain 2023-03-15T14:06:14+00:00 https://www.bleepingcomputer.com/news/security/hacker-selling-data-allegedly-stolen-in-us-marshals-service-hack/ www.secnews.physaphae.fr/article.php?IdArticle=8318860 False Hack,Threat None 4.0000000000000000 Recorded Future - FLux Recorded Future A Russian state-backed hacker group known as Nobelium is behind recent attempted cyberattacks on diplomatic entities and government agencies in the European Union, cybersecurity researchers say. In a campaign identified in early March, the hackers sent phishing emails with content related to diplomatic relations between Poland and the U.S., according to a report by cybersecurity]]> 2023-03-14T22:00:00+00:00 https://therecord.media/nobelium-apt29-cozy-bear-phishing-eu-ukraine www.secnews.physaphae.fr/article.php?IdArticle=8318651 False Hack APT 29 3.0000000000000000 Ars Technica - Risk Assessment Security Hacktivism 2023-03-14T20:09:54+00:00 https://arstechnica.com/?p=1924036 www.secnews.physaphae.fr/article.php?IdArticle=8318621 False Hack None 2.0000000000000000 01net. Actualites - Securite - Magazine Francais Un nouveau piratage secoue le monde des cryptomonnaies. En exploitant une faille de sécurité passée inaperçue pendant huit mois, des hackers ont pu voler 197 millions de dollars en monnaies numériques.]]> 2023-03-14T09:00:07+00:00 https://www.01net.com/actualites/hack-crypto-197-millions-dollars-voles-faille-tactique-bien-connue.html www.secnews.physaphae.fr/article.php?IdArticle=8318315 False Hack None 3.0000000000000000 SecurityWeek - Security News CISA has added vulnerabilities in Plex Media Server and VMware NSX-V to its Known Exploited Vulnerabilities catalog. ]]> 2023-03-13T14:32:01+00:00 https://www.securityweek.com/cisa-warns-of-plex-vulnerability-linked-to-lastpass-hack/ www.secnews.physaphae.fr/article.php?IdArticle=8318101 False Hack,Vulnerability LastPass,LastPass 3.0000000000000000 SecurityWeek - Security News Acronis said a single customer's account was compromised after a hacker leaked gigabytes of information on a cybercrime forum. ]]> 2023-03-10T09:30:00+00:00 https://www.securityweek.com/acronis-clarifies-hack-impact-following-data-leak/ www.secnews.physaphae.fr/article.php?IdArticle=8317196 False Hack None 2.0000000000000000 InformationSecurityBuzzNews - Site de News Securite 2023-03-09T21:19:11+00:00 https://informationsecuritybuzz.com/new-rise-chatgpt-scams-reported-fraudsters/ www.secnews.physaphae.fr/article.php?IdArticle=8317049 False Ransomware,Hack ChatGPT,ChatGPT 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine 2023-03-09T16:30:00+00:00 https://www.infosecurity-magazine.com/news/acer-confirms-unauthorized-access/ www.secnews.physaphae.fr/article.php?IdArticle=8316978 False Hack,Threat None 2.0000000000000000