www.secnews.physaphae.fr

www.secnews.physaphae.fr This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-10T12:33:55+00:00 www.secnews.physaphae.fr The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google déploie les protections d'IA à disque pour détecter les escroqueries dans Chrome et Android Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android Google on Thursday announced it\'s rolling out new artificial intelligence (AI)-powered countermeasures to combat scams across Chrome, Search, and Android. The tech giant said it will begin using Gemini Nano, its on-device large language model (LLM), to improve Safe Browsing in Chrome 137 on desktops. "The on-device approach provides instant insight on risky websites and allows us to offer]]> 2025-05-09T12:43:00+00:00 https://thehackernews.com/2025/05/google-rolls-out-on-device-ai.html www.secnews.physaphae.fr/article.php?IdArticle=8673565 False Mobile None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Google déploie une IA à périphérique pour contrecarrer les escroqueries sur Chrome et Android Google Deploys On-Device AI to Thwart Scams on Chrome and Android The tech giant plans to leverage its Gemini Nano LLM on-device to enhance scam detection on Chrome]]> 2025-05-09T12:00:00+00:00 https://www.infosecurity-magazine.com/news/google-ai-gemini-nano-scams-chrome/ www.secnews.physaphae.fr/article.php?IdArticle=8673660 False Mobile None None Zataz - Magazine Francais de secu Des téléphones piégés dès l\'achat : WhatsApp détourné pour voler des crypto-monnaies 2025-05-09T07:04:17+00:00 https://www.zataz.com/des-telephones-pieges-des-lachat-whatsapp-detourne-pour-voler-des-crypto-monnaies/ www.secnews.physaphae.fr/article.php?IdArticle=8673544 False Mobile None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Sonicwall patchs 3 défauts dans les appareils SMA 100 permettant aux attaquants d'exécuter du code comme racine SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root SonicWall has released patches to address three security flaws affecting SMA 100 Secure Mobile Access (SMA) appliances that could be fashioned to result in remote code execution. The vulnerabilities are listed below - CVE-2025-32819 (CVSS score: 8.8) - A vulnerability in SMA100 allows a remote authenticated attacker with SSL-VPN user privileges to bypass the path traversal checks and delete an]]> 2025-05-08T19:26:00+00:00 https://thehackernews.com/2025/05/sonicwall-patches-3-flaws-in-sma-100.html www.secnews.physaphae.fr/article.php?IdArticle=8673286 False Vulnerability,Mobile None 3.0000000000000000 GoogleSec - Firm Security Blog Utilisation de l'IA pour arrêter les escroqueries de support technologique dans Chrome Using AI to stop tech support scams in Chrome

Aperçu de la façon dont l'assistance LLM sur les appareils à l'atténuation des escroqueries fonctionne Lorsqu'un utilisateur navigue vers une page p]]> 2025-05-08T12:59:22+00:00 http://security.googleblog.com/2025/05/using-ai-to-stop-tech-support-scams-in.html www.secnews.physaphae.fr/article.php?IdArticle=8673329 False Malware,Legislation,Mobile None 3.0000000000000000 Krebs on Security - Chercheur Américain La société pakistanaise a expédié des analogues de fentanyl, des escroqueries à nous Pakistani Firm Shipped Fentanyl Analogs, Scams to US A Texas firm recently charged with conspiring to distribute synthetic opioids in the United States is at the center of a vast network of companies in the U.S. and Pakistan whose employees are accused of using online ads to scam westerners seeking help with trademarks, book writing, mobile app development and logo designs, a new investigation reveals.]]> 2025-05-07T22:22:48+00:00 https://krebsonsecurity.com/2025/05/pakistani-firm-shipped-fentanyl-analogs-scams-to-us/ www.secnews.physaphae.fr/article.php?IdArticle=8672965 False Mobile None 3.0000000000000000 Recorded Future - FLux Recorded Future Les Russes font face à des restrictions sur Internet mobiles massives avant le défilé du jour de la victoire Russians face massive mobile internet restrictions ahead of Victory Day parade The Kremlin said there were "restrictions for understandable reasons" on mobile internet service ahead of this year\'s Victory Day celebrations.]]> 2025-05-07T12:23:16+00:00 https://therecord.media/russia-internet-restrictions-victory-day www.secnews.physaphae.fr/article.php?IdArticle=8672760 False Mobile None 3.0000000000000000 ComputerWeekly - Computer Magazine Meta a attribué 167 millions de dollars en courte bataille avec des mercenaires spyware Meta awarded $167m in court battle with spyware mercenaries WhatsApp owner Meta is awarded millions of dollars in damages and compensation after its service was exploited by users of mercenary spyware developer NSO\'s infamous Pegasus mobile malware.]]> 2025-05-07T12:12:00+00:00 https://www.computerweekly.com/news/366623689/Meta-awarded-167m-in-court-battle-with-spyware-mercenaries www.secnews.physaphae.fr/article.php?IdArticle=8672855 False Malware,Mobile None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google corrige un défaut du système Android exploité activement en mai 2025 Mise à jour de sécurité Google Fixes Actively Exploited Android System Flaw in May 2025 Security Update Google has released its monthly security updates for Android with fixes for 46 security flaws, including one vulnerability that it said has been exploited in the wild. The vulnerability in question is CVE-2025-27363 (CVSS score: 8.1), a high-severity flaw in the System component that could lead to local code execution without requiring any additional execution privileges. "The most severe of]]> 2025-05-06T11:16:00+00:00 https://thehackernews.com/2025/05/google-fixes-actively-exploited-android.html www.secnews.physaphae.fr/article.php?IdArticle=8672163 False Vulnerability,Mobile None 3.0000000000000000 GB Hacker - Blog de reverseur Mise à jour de la sécurité Android - Une vulnérabilité RCE critique activement exploitée dans la nature Android Security Update -A Critical RCE Vulnerability Actively Exploited in the Wild Google a publié des correctifs de sécurité critiques pour les appareils Android pour aborder 57 vulnérabilités sur plusieurs sous-systèmes, y compris un défaut d'exécution de code distant activement exploité suivi comme CVE-2025-27363. Le bulletin de sécurité de mai 2025 confirme cette vulnérabilité de haute sévérité dans le composant système d'Android permet l'exécution de code local sans nécessiter de privilèges ou d'interaction utilisateur supplémentaires. Appareils exécutant Android 13 […]

>Google has released critical security patches for Android devices to address 57 vulnerabilities across multiple subsystems, including an actively exploited remote code execution flaw tracked as CVE-2025-27363. The May 2025 security bulletin confirms this high-severity vulnerability in Android’s System component enables local code execution without requiring additional privileges or user interaction. Devices running Android 13 […] ]]> 2025-05-06T10:50:53+00:00 https://gbhackers.com/a-critical-rce-vulnerability-actively-exploited-in-the-wild/ www.secnews.physaphae.fr/article.php?IdArticle=8672237 False Vulnerability,Mobile None 3.0000000000000000 ProofPoint - Cyber Firms Le kit Cogui Phish cible le Japon avec des millions de messages CoGUI Phish Kit Targets Japan with Millions of Messages 2025-05-06T10:46:28+00:00 https://www.proofpoint.com/us/blog/threat-insight/cogui-phish-kit-targets-japan-millions-messages www.secnews.physaphae.fr/article.php?IdArticle=8672606 False Malware,Tool,Threat,Mobile,Prediction None 3.0000000000000000 Bleeping Computer - Magazine Américain Google corrige un défaut Freetype exploité activement sur Android Google fixes actively exploited FreeType flaw on Android Google has released the May 2025 security updates for Android with fixes for 45 security flaws, including an actively exploited zero-click FreeType 2 code execution vulnerability. [...]]]> 2025-05-06T09:33:38+00:00 https://www.bleepingcomputer.com/news/security/google-fixes-actively-exploited-freetype-flaw-on-android/ www.secnews.physaphae.fr/article.php?IdArticle=8672310 False Vulnerability,Mobile None 3.0000000000000000 SecurityWeek - Security News Android Update Patchs Freetype Vulnérabilité exploitée comme zéro-jour Android Update Patches FreeType Vulnerability Exploited as Zero-Day La mise à jour de la sécurité d'Android \\ est en mai 2025 comprend des correctifs pour une vulnérabilité exploitée dans le moteur de rendu open source Freetype.

>Android\'s May 2025 security update includes patches for an exploited vulnerability in the FreeType open source rendering engine. ]]> 2025-05-06T08:54:44+00:00 https://www.securityweek.com/android-update-patches-freetype-vulnerability-exploited-as-zero-day/ www.secnews.physaphae.fr/article.php?IdArticle=8672186 False Vulnerability,Threat,Mobile None 3.0000000000000000 Global Security Mag - Site de news francais Multiples vulnérabilités dans Google Android (06 mai 2025) Vulnérabilités]]> 2025-05-06T02:00:00+00:00 https://www.globalsecuritymag.fr/multiples-vulnerabilites-dans-google-android-06-mai-2025.html www.secnews.physaphae.fr/article.php?IdArticle=8672279 False Mobile None 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Google adresse 1 Vulnérabilité activement exploitée dans la mise à jour de la sécurité Android de May \\ Google addresses 1 actively exploited vulnerability in May\\'s Android security update La mise à jour mensuelle de la sécurité Android couvre 47 vulnérabilités, y compris un défaut de haute sévérité dans la bibliothèque de logiciels Freetype largement utilisée.

>The monthly Android security update covers 47 vulnerabilities, including a high-severity defect in the widely used FreeType software library. ]]> 2025-05-05T21:54:48+00:00 https://cyberscoop.com/android-security-update-may-2025/ www.secnews.physaphae.fr/article.php?IdArticle=8672014 False Vulnerability,Mobile None 3.0000000000000000 GB Hacker - Blog de reverseur La chaîne d'attaque de Sonicboom permet aux pirates de contourner la connexion et de prendre le contrôle de l'administrateur SonicBoom Attack Chain Lets Hackers Bypass Login and Gain Admin Control Les chercheurs en cybersécurité ont découvert une nouvelle technique d'exploitation dangereuse, surnommée la «chaîne d'attaque de Sonicboom», qui permet aux pirates de contourner l'authentification et de saisir le contrôle administratif des appareils sur l'accès mobile sécurisé Sonicwall (SMA). Cette attaque tire parti d'une combinaison de vulnérabilités récemment divulguées, qui ont déjà été repérées dans des attaques réelles. La chaîne d'attaque de Sonicboom se rassemble essentiellement […]

>Cybersecurity researchers have uncovered a dangerous new exploitation technique, dubbed the “SonicBoom Attack Chain,” which allows hackers to bypass authentication and seize administrative control over SonicWall Secure Mobile Access (SMA) appliances. This attack leverages a combination of recently disclosed vulnerabilities, which have already been spotted in real-world attacks. The SonicBoom Attack Chain essentially stitches together […] ]]> 2025-05-05T07:53:07+00:00 https://gbhackers.com/sonicboom-attack-chain/ www.secnews.physaphae.fr/article.php?IdArticle=8671719 False Vulnerability,Mobile None 2.0000000000000000 Wired Threat Level - Security News L'Android Show, Rad Power \\'s New Edve The Android Show, Rad Power\\'s New Ebikes, and Yale\\'s ADT Smart Lock-Your Gear News of the Week Plus: Philips Norelco has an AI-powered shaver, and Wiz\'s Sync Box is an affordable synced lighting alternative for your TV.]]> 2025-05-03T10:00:00+00:00 https://www.wired.com/story/the-android-show-rad-powers-new-ebikes-and-yales-adt-smart-lock-your-gear-news-of-the-week/ www.secnews.physaphae.fr/article.php?IdArticle=8670959 False Mobile None 3.0000000000000000 SecurityWeek - Security News Dans d'autres nouvelles: la fuite de code source nullpoint, 17 500 $ pour l'iPhone Flaw, BreachForums In Other News: NullPoint Source Code Leak, $17,500 for iPhone Flaw, BreachForums Down Des histoires remarquables qui auraient pu glisser sous le radar: le code source du voleur nullpoint divulgué, le chercheur gagne 17 500 $ à Apple pour la vulnérabilité, BreachForums après l'exploitation zéro-jour par la police.

>Noteworthy stories that might have slipped under the radar: NullPoint Stealer source code leaked, researcher earns $17,500 from Apple for vulnerability, BreachForums down after zero-day exploitation by police. ]]> 2025-05-02T12:19:16+00:00 https://www.securityweek.com/in-other-news-nullpoint-source-code-leak-17500-for-iphone-flaw-breachforums-down/ www.secnews.physaphae.fr/article.php?IdArticle=8670569 False Vulnerability,Threat,Legislation,Mobile None 3.0000000000000000 Global Security Mag - Site de news francais IBM et la Scuderia Ferrari HP lancent une application mobile repensée pour amplifier l\'expérience des fans de Formule 1 dans le monde entier Marchés]]> 2025-05-02T08:42:17+00:00 https://www.globalsecuritymag.fr/ibm-et-la-scuderia-ferrari-hp-lancent-une-application-mobile-repensee-pour.html www.secnews.physaphae.fr/article.php?IdArticle=8670486 False Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Sonicwall confirme l'exploitation active des défauts affectant plusieurs modèles d'appareils SonicWall Confirms Active Exploitation of Flaws Affecting Multiple Appliance Models SonicWall has revealed that two now-patched security flaws impacting its SMA100 Secure Mobile Access (SMA) appliances have been exploited in the wild. The vulnerabilities in question are listed below - CVE-2023-44221 (CVSS score: 7.2) - Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to]]> 2025-05-01T11:52:00+00:00 https://thehackernews.com/2025/05/sonicwall-confirms-active-exploitation.html www.secnews.physaphae.fr/article.php?IdArticle=8670082 False Vulnerability,Mobile None 2.0000000000000000 GB Hacker - Blog de reverseur GPUAF: deux méthodes pour ranger les téléphones Android basés sur Qualcomm GPUAF: Two Methods to Root Qualcomm-Based Android Phones Les chercheurs en sécurité ont exposé des vulnérabilités critiques chez les pilotes de GPU Qualcomm, ce qui a un impact sur une vaste gamme d'appareils Android de marques comme Samsung, Honor, Xiaomi et Vivo. Ces exploits, centrés autour du défaut d'adresse GPU (GPUAF) primitif, ciblent les structures KGSL_MEM_ENTRY et Virtual Buffer Object (VBO). En tirant parti des conditions de course et des défauts de gestion de la mémoire, les attaquants peuvent réaliser […]

>Security researchers have exposed critical vulnerabilities in Qualcomm GPU drivers, impacting a vast array of Android devices from brands like Samsung, Honor, Xiaomi, and Vivo. These exploits, centered around the GPU Address Fault (GPUAF) primitive, target the kgsl_mem_entry and Virtual Buffer Object (VBO) structures. By leveraging race conditions and memory management flaws, attackers can achieve […] ]]> 2025-04-29T16:43:21+00:00 https://gbhackers.com/two-methods-to-root-qualcomm-based-android-phones/ www.secnews.physaphae.fr/article.php?IdArticle=8669547 False Vulnerability,Mobile None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google rapporte 75 jours zéro exploités en 2024 - 44% des produits de sécurité d'entreprise ciblés Google Reports 75 Zero-Days Exploited in 2024 - 44% Targeted Enterprise Security Products Google has revealed that it observed 75 zero-day vulnerabilities exploited in the wild in 2024, down from 98 in 2023. Of the 75 zero-days, 44% of them targeted enterprise products. As many as 20 flaws were identified in security software and appliances. "Zero-day exploitation of browsers and mobile devices fell drastically, decreasing by about a third for browsers and by about half for]]> 2025-04-29T15:41:00+00:00 https://thehackernews.com/2025/04/google-reports-75-zero-days-exploited.html www.secnews.physaphae.fr/article.php?IdArticle=8669431 False Vulnerability,Threat,Mobile None 2.0000000000000000 Bleeping Computer - Magazine Américain SK Telecom Cyberattack: remplacements SIM gratuits pour 25 millions de clients SK Telecom cyberattack: Free SIM replacements for 25 million customers South Korean mobile provider SK Telecom has announced free SIM card replacements to its 25 million mobile customers following a recent USIM data breach, but only 6 million cards are available through May. [...]]]> 2025-04-29T12:49:53+00:00 https://www.bleepingcomputer.com/news/security/sk-telecom-cyberattack-free-sim-replacements-for-25-million-customers/ www.secnews.physaphae.fr/article.php?IdArticle=8669552 False Data Breach,Mobile None 2.0000000000000000 Mandiant - Blog Sécu de Mandiant Bonjour 0 jours, mon vieil ami: une analyse d'exploitation du 2024 zéro-jour Hello 0-Days, My Old Friend: A 2024 Zero-Day Exploitation Analysis Résumé exécutif GoogleThreat Intelligence Group (GTIG) tracked 75 zero-day vulnerabilities exploited in the wild in 2024, a decrease from the number we identified in 2023 (98 vulnerabilities), but still an increase from 2022 (63 vulnerabilities). We divided the reviewed vulnerabilities into two main categories: end-user platforms and products (e.g., mobile devices, operating systems, and browsers) and enterprise-focused technologies, such as security software and appliances. Vendors continue to drive improvements that make some zero-day exploitation harder, demonstrated by both dwindling numbers across multiple categories and reduced observed attacks against previously popular targets. At the same time, commercial surveillance vendors (CSVs) appear to be increasing their operational security practices, potentially leading to decreased attribution and detection. We see zero-day exploitation targeting a greater number and wider variety of enterprise-specific technologies, although these technologies still remain a smaller proportion of overall exploitation when compared to end-user technologies. While the historic focus on the exploitation of popular end-user technologies and their users continues, the shift toward increased targeting of enterprise-focused products will require a wider and more diverse set of vendors to increase proactive security measures in order to reduce future zero-day exploitation attempts. Scope This report describes what Google Threat Intelligence Group (GTIG) knows about zero-day exploitation in 2024. We discuss how targeted vendors and exploited products drive trends that reflect threat actor goals and shifting exploitation approaches, and then closely examine several examples of zero-day exploitation from 2024 that demonstrate how actors use both historic and novel techniques to exploit vulnerabilities in targeted products. The following content leverages original research conducted by GTIG, combined with breach investigation findings and reporting from reliable open sources, though we cannot independently confirm the reports of every source. Research in this space is dynamic and the numbers may adjust due to the ongoing discovery of past incidents through digital forensic investigations. The numbers presented here reflect our best understanding of current data. GTIG defines a zero-day as a vulnerability that was maliciously exploited in the wild before a patch was made publicly available. GTIG acknowledges that the trends observed and discussed in this report are based on detected and disclosed zero-days. Our analysis represents exploitation tracked by GTIG but may not reflect all zero-day exploitation. aside_block Key Takeaways Zero-day exploitation continues to grow gradually. The 75 zero-day vulnerabilities exploited in 2024 follow a pattern that has emerged ]]> 2025-04-29T05:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/2024-zero-day-trends/ www.secnews.physaphae.fr/article.php?IdArticle=8669387 False Malware,Tool,Vulnerability,Threat,Patching,Mobile,Prediction,Cloud,Commercial APT 37 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine La moitié des appareils mobiles exécutent des systèmes d'exploitation obsolètes Half of Mobile Devices Run Outdated Operating Systems 50% of mobile devices run outdated operating systems, increasing vulnerability to cyber-attacks, according to the latest report from Zimperium]]> 2025-04-28T13:30:00+00:00 https://www.infosecurity-magazine.com/news/50-mobile-devices-run-outdated/ www.secnews.physaphae.fr/article.php?IdArticle=8669010 False Vulnerability,Mobile None 3.0000000000000000 Global Security Mag - Site de news francais Le mobile devient le vecteur d'attaque choisi pour les entreprises, les chercheurs de Zimperium trouvent Mobile Becomes The Chosen Attack Vector for Enterprises, Zimperium Researchers Find Rapports spéciaux

Mobile Becomes The Chosen Attack Vector for Enterprises, Zimperium Researchers Find Key Findings: ● Mobile continues to be the preferred vector for attackers ● Smishing has rapidly grown to comprise over two-thirds of mobile phishing attacks ● Vishing and Smishing tactics grew by 28% and 22%, respectively ● Over 25% of mobile devices can\'t upgrade to the latest OS versions ● Over 60% of iOS and up to 34% of Android apps lack basic code protection. ● Nearly 60% of iOS and 43% of Android apps vulnerable to PII data leakage - Special Reports]]> 2025-04-28T13:27:08+00:00 https://www.globalsecuritymag.fr/mobile-becomes-the-chosen-attack-vector-for-enterprises-zimperium-researchers.html www.secnews.physaphae.fr/article.php?IdArticle=8669006 False Mobile None 3.0000000000000000 Ars Technica - Risk Assessment Security Hacktivism Les défenses iOS et Android Juice Jacking sont triviales pour contourner depuis des années iOS and Android juice jacking defenses have been trivial to bypass for years New ChoiceJacking attack allows malicious chargers to steal data from phones.]]> 2025-04-28T11:00:59+00:00 https://arstechnica.com/security/2025/04/ios-and-android-juice-jacking-defenses-have-been-trivial-to-bypass-for-years/ www.secnews.physaphae.fr/article.php?IdArticle=8668968 False Mobile None 2.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET À quel point votre iPhone est-il vraiment sûr et sécurisé? How safe and secure is your iPhone really? Your iPhone isn\'t necessarily as invulnerable to security threats as you may think. Here are the key dangers to watch out for and how to harden your device against bad actors.]]> 2025-04-28T09:47:37+00:00 https://www.welivesecurity.com/en/mobile-security/how-safe-secure-iphone/ www.secnews.physaphae.fr/article.php?IdArticle=8669389 False Mobile None 2.0000000000000000 GB Hacker - Blog de reverseur La nouvelle vulnérabilité iOS pourrait brique les iPhones avec une seule ligne de code New iOS Vulnerability Could Brick iPhones with Just One Line of Code Un chercheur en sécurité a découvert une vulnérabilité critique dans iOS, le système d'exploitation mobile phare d'Apple. La faille, CVE-2025-24091, qui exploite le système de «notification Darwin» de longue date mais peu connu, permet à toute application de celles confinées par les restrictions de bac à sable généralement strictes d'Apple poussent l'ensemble de l'appareil dans un état de «restauration en cours» incontournable avec une seule ligne de code. […]

>A security researcher has uncovered a critical vulnerability in iOS, Apple’s flagship mobile operating system. The flaw, CVE-2025-24091, which leverages the long-standing but little-known “Darwin notification” system, allows any app-including those confined by Apple’s usually strict sandbox restrictions push the entire device into an inescapable “restore in progress” state with a single line of code. […] ]]> 2025-04-28T06:55:14+00:00 https://gbhackers.com/new-ios-vulnerability/ www.secnews.physaphae.fr/article.php?IdArticle=8668833 False Vulnerability,Mobile None 3.0000000000000000 Dark Reading - Informationweek Branch Applications mobiles: un puisard des problèmes de sécurité Mobile Applications: A Cesspool of Security Issues An analysis of more than a half-million mobile apps find encryption problems, privacy issues, and known vulnerabilities in third-party code. What can users and developers do?]]> 2025-04-25T17:57:59+00:00 https://www.darkreading.com/remote-workforce/mobile-applications-cesspool-security-issues www.secnews.physaphae.fr/article.php?IdArticle=8667773 False Vulnerability,Mobile None 3.0000000000000000 Checkpoint - Fabricant Materiel Securite Menaces mobiles croissantes: combler l'écart de sécurité dans la stratégie de l'appareil de votre organisation \\ Rising Mobile Threats: Closing the Security Gap in Your Organization\\'s Device Strategy À mesure que les menaces mobiles avancées deviennent plus répandues, il est crucial que les organisations comprennent que les appareils mobiles sont devenus des cibles importantes pour les cybercriminels. Avec la dépendance croissante à l'égard de la communication mobile et des travaux à distance des entreprises et des agences gouvernementales, les attaquants exploitent les logiciels espions, les schémas de phishing, les exploits en clic zéro et les menaces améliorées par l'IA pour accéder aux informations sensibles. Pour rester en sécurité, les organisations devraient adopter une position proactive en mettant en œuvre des stratégies Zero Trust Network Access (ZTNA), la prévention des menaces basée sur l'IA et la défense des menaces mobiles (MTD) pour protéger leurs ressources numériques. Certaines des principales préoccupations de sécurité pour les organisations concernant les appareils portables comme les smartphones, par opposition à […]

As advanced mobile threats become more prevalent, it’s crucial for organizations to understand that mobile devices have become significant targets for cyber criminals. With the growing reliance on mobile communication and remote work by both businesses and government agencies, attackers are exploiting spyware, phishing schemes, zero-click exploits, and AI-enhanced threats to access sensitive information. To remain secure, organizations should take a proactive stance by implementing zero trust network access (ZTNA), AI-based threat prevention, and mobile threat defense (MTD) strategies to safeguard their digital resources. Some of the leading security concerns for organizations regarding handheld devices like smartphones, as opposed to […] ]]> 2025-04-25T13:00:33+00:00 https://blog.checkpoint.com/securing-user-and-access/rising-mobile-threats-closing-the-security-gap-in-your-organizations-device-strategy/ www.secnews.physaphae.fr/article.php?IdArticle=8667676 False Threat,Mobile None 3.0000000000000000 Bleeping Computer - Magazine Américain Le fournisseur de mobiles MTN dit que la cyberattaque a compromis les données clients Mobile provider MTN says cyberattack compromised customer data African mobile giant MTN Group announced that a cybersecurity incident has compromised the personal information of some of its subscribers in certain countries. [...]]]> 2025-04-25T10:57:05+00:00 https://www.bleepingcomputer.com/news/security/mobile-provider-mtn-says-cyberattack-compromised-customer-data/ www.secnews.physaphae.fr/article.php?IdArticle=8667701 False Mobile None 2.0000000000000000 TroyHunt - Blog Security New Android Spyware cible le personnel militaire russe en première ligne New Android spyware is targeting Russian military personnel on the front lines Trojanized mapping app steals users\' locations, contacts, and more.]]> 2025-04-24T20:02:40+00:00 https://arstechnica.com/security/2025/04/russian-military-personnel-on-the-front-lines-targeted-with-new-android-spyware/ www.secnews.physaphae.fr/article.php?IdArticle=8667364 False Mobile None 3.0000000000000000 Dark Reading - Informationweek Branch Les logiciels malveillants Android alimentés par NFC permettent des liquidités instantanées NFC-Powered Android Malware Enables Instant Cash-Outs Researchers at security vendor Cleafy detailed a malware known as "SuperCard X" that uses the NFC reader on a victim\'s own phone to steal credit card funds instantly.]]> 2025-04-24T19:17:59+00:00 https://www.darkreading.com/threat-intelligence/nfc-android-malware-instant-cash-outs www.secnews.physaphae.fr/article.php?IdArticle=8667328 False Malware,Mobile None 3.0000000000000000 The Register - Site journalistique Anglais La quête alpine piégée sur la fous géolocate les soldats russes Booby-trapped Alpine Quest Android app geolocates Russian soldiers Back of the nyet! Russian soldiers are being targeted with an Android app specially altered to pinpoint their location and scan their phones for files, with the ability to exfiltrate sensitive documents if instructed.…]]> 2025-04-24T07:24:15+00:00 https://go.theregister.com/feed/www.theregister.com/2025/04/24/hacked_alpine_quest_android_app/ www.secnews.physaphae.fr/article.php?IdArticle=8667030 False Mobile None 3.0000000000000000 Zataz - Magazine Francais de secu Fuite massive chez Carrefour Mobile : des milliers de données personnelles en danger ? 2025-04-23T22:57:04+00:00 https://www.zataz.com/fuite-massive-chez-carrefour-mobile-des-milliers-de-donnees-personnelles-en-danger/ www.secnews.physaphae.fr/article.php?IdArticle=8666871 False Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Android Spyware déguisé en application de quête alpine cible les appareils militaires russes Android Spyware Disguised as Alpine Quest App Targets Russian Military Devices Cybersecurity researchers have revealed that Russian military personnel are the target of a new malicious campaign that distributes Android spyware under the guise of the Alpine Quest mapping software. "The attackers hide this trojan inside modified Alpine Quest mapping software and distribute it in various ways, including through one of the Russian Android app catalogs," Doctor Web said in an]]> 2025-04-23T17:52:00+00:00 https://thehackernews.com/2025/04/android-spyware-disguised-as-alpine.html www.secnews.physaphae.fr/article.php?IdArticle=8666646 False Mobile None 2.0000000000000000 HackRead - Chercher Cyber Comment effacer le stockage iPhone How to Clear iPhone Storage Free up space on your iPhone fast. Learn 5 proven ways to clear storage, remove clutter, and manage photos, apps, and files with no gimmicks, just results.]]> 2025-04-23T16:33:50+00:00 https://hackread.com/how-to-clear-iphone-storage/ www.secnews.physaphae.fr/article.php?IdArticle=8666737 False Mobile None 3.0000000000000000 Bleeping Computer - Magazine Américain L'armée russe ciblée par un nouveau malware Android caché dans l'application de cartographie Russian army targeted by new Android malware hidden in mapping app A new Android malware has been discovered hidden inside trojanized versions of the Alpine Quest mapping app, which is reportedly used by Russian soldiers as part of war zone operational planning. [...]]]> 2025-04-23T14:30:17+00:00 https://www.bleepingcomputer.com/news/security/russian-army-targeted-by-new-android-malware-hidden-in-mapping-app/ www.secnews.physaphae.fr/article.php?IdArticle=8666788 False Malware,Mobile None 3.0000000000000000 The Register - Site journalistique Anglais L'Inde obtient Google à déboucher Android et le Play Store sur les téléviseurs intelligents India gets Google to unbundle Android and the Play Store on Smart TVs Meanwhile, OpenAI expresses an interest in unbundling Chrome from Google Google has agreed to unbundle its Play Store and Android operating system in India, but only on smart TVs, and will also cough up a $2.4 million fine after being found to have breached competition law.…]]> 2025-04-23T02:30:08+00:00 https://go.theregister.com/feed/www.theregister.com/2025/04/23/india_google_antitrust_android_unbundling/ www.secnews.physaphae.fr/article.php?IdArticle=8666419 False Mobile None 2.0000000000000000 HackRead - Chercher Cyber Fausse application de cartographie de quêtes alpines a repéré l'espionnage des militaires russes Fake Alpine Quest Mapping App Spotted Spying on Russian Military Fake Alpine Quest app laced with spyware was used to target Russian military Android devices, stealing location data,…]]> 2025-04-22T21:26:10+00:00 https://hackread.com/fake-alpine-quest-mapping-app-spying-russian-military/ www.secnews.physaphae.fr/article.php?IdArticle=8666341 False Mobile None 3.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain Android améliore sa sécurité Android Improves Its Security Bientôt redémarrer eux-mêmes après s'être assis dans le ralenti pendant trois jours. Les iPhones ont cette fonctionnalité depuis un certain temps; C'est agréable de voir Google l'ajouter à leurs téléphones.

Android phones will soon reboot themselves after sitting idle for three days. iPhones have had this feature for a while; it’s nice to see Google add it to their phones.]]> 2025-04-22T16:03:17+00:00 https://www.schneier.com/blog/archives/2025/04/android-improves-its-security.html www.secnews.physaphae.fr/article.php?IdArticle=8666212 False Mobile None 3.0000000000000000 Bleeping Computer - Magazine Américain SK Telecom avertit les données USIM du client exposées dans l'attaque de logiciels malveillants SK Telecom warns customer USIM data exposed in malware attack South Korea\'s largest mobile operator, SK Telecom, is warning that a malware infection allowed threat actors to access sensitive USIM-related information for customers. [...]]]> 2025-04-22T14:26:59+00:00 https://www.bleepingcomputer.com/news/security/sk-telecom-warns-customer-usim-data-exposed-in-malware-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8666284 False Malware,Threat,Mobile None 2.0000000000000000 GB Hacker - Blog de reverseur Les vulnérabilités du routeur TP-Link permettent aux attaquants d'exécuter des commandes SQL malveillantes TP-Link Router Vulnerabilities Allow Attackers to Execute Malicious SQL Commands Les chercheurs en cybersécurité ont découvert des vulnérabilités critiques d'injection de SQL dans quatre modèles de routeurs TP-Link, permettant aux attaquants d'exécuter des commandes malveillantes, de contourner l'authentification et de détourner les dispositifs potentiellement. Les défauts, découverts par le chercheur, le vétéran entre février et mars 2025, mettent en évidence les risques de sécurité continus dans le matériel de réseautage largement utilisé. Les vulnérabilités ont un impact sur les routeurs d'entreprise et de consommation, y compris le Wi-Fi mobile […]

>Cybersecurity researchers have uncovered critical SQL injection vulnerabilities in four TP-Link router models, enabling attackers to execute malicious commands, bypass authentication, and potentially hijack devices. The flaws, discovered by researcher The Veteran between February and March 2025, highlight ongoing security risks in widely used networking hardware. The vulnerabilities impact both enterprise and consumer routers, including mobile Wi-Fi […] ]]> 2025-04-22T13:18:03+00:00 https://gbhackers.com/tp-link-router-vulnerabilities/ www.secnews.physaphae.fr/article.php?IdArticle=8666161 False Vulnerability,Mobile None 3.0000000000000000 ComputerWeekly - Computer Magazine Ofcom interdit la location des titres mondiaux à la répression de l'usurpation Ofcom bans leasing of Global Titles to crackdown on spoofing Telco regulator Ofcom is cracking down on a loophole being exploited by cyber criminals to access sensitive mobile data]]> 2025-04-22T07:06:00+00:00 https://www.computerweekly.com/news/366622808/Ofcom-bans-leasing-of-Global-Titles-to-crackdown-on-spoofing www.secnews.physaphae.fr/article.php?IdArticle=8666115 False Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Supercard X Android Malware permet une fraude ATM et POS sans contact via des attaques de relais NFC SuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay Attacks A new Android malware-as-a-service (MaaS) platform named SuperCard X can facilitate near-field communication (NFC) relay attacks, enabling cybercriminals to conduct fraudulent cashouts. The active campaign is targeting customers of banking institutions and card issuers in Italy with an aim to compromise payment card data, fraud prevention firm Cleafy said in an analysis. There is evidence to]]> 2025-04-21T20:43:00+00:00 https://thehackernews.com/2025/04/supercard-x-android-malware-enables.html www.secnews.physaphae.fr/article.php?IdArticle=8665729 False Malware,Mobile None 3.0000000000000000 Cyble - CyberSecurity Firm Rapport de vulnérabilité informatique: Dispositifs Fortinet Vulnérable à l'exploitation IT Vulnerability Report: Fortinet Devices Vulnerable to Exploit Overview Cyble\'s vulnerability intelligence unit examined 26 vulnerabilities and 14 dark web exploit claims in recent reports to clients and flagged 10 of the vulnerabilities as meriting high-priority attention by security teams. The vulnerabilities, which can lead to system compromise and data breaches, affect Fortinet products, WordPress plugins, Linux and Android systems, and more. The Top IT Vulnerabilities Here are some of the vulnerabilities highlighted by Cyble vulnerability intelligence researchers in recent reports. CVE-2022-42475, CVE-2023-27997, and CVE-2024-21762 are critical vulnerabilities in Fortinet FortiGate devices that have been actively exploited to gain unauthorized remote access. CVE-2022-42475 is a heap-based buffer overflow vulnerability in the SSL-VPN component that allows remote code execution, while the other two enable initial access and privilege escalation. Recently, Fortinet revealed that attackers exploited these vulnerabilities to gain initial access and then used a novel post-exploitation technique to maintain persistent read-only access even after patches were applied. This technique involves creating a symbolic link (symlink) in the SSL-VPN language files folder that connects the user file system to the root file system, allowing attackers to evade detection and continue accessing device configurations. CVE-2024-48887 is a critical unverified password change vulnerability in the Fortinet FortiSwitch GUI that could allow a remote, unauthenticated attacker to change adminis]]> 2025-04-21T12:33:13+00:00 https://cyble.com/blog/it-vulnerability-report-fortinet-devices-vulnerable-to-exploit/ www.secnews.physaphae.fr/article.php?IdArticle=8665658 False Tool,Vulnerability,Threat,Patching,Mobile None 3.0000000000000000 GB Hacker - Blog de reverseur Nouveau Android Supercard X MALWare utilise la technique de relais NFC pour les transactions POS et ATM New Android SuperCard X Malware Uses NFC-Relay Technique for POS & ATM Transactions A new malware strain known as SuperCard X has emerged, utilizing an innovative Near-Field Communication (NFC)-relay attack to execute unauthorized transactions at Point-of-Sale (POS) systems and Automated Teller Machines (ATMs). Detailed in a recent report by the Cleafy Threat Intelligence team, this Android-based malware has been identified as part of a sophisticated fraud campaign targeting […] ]]> 2025-04-19T12:51:08+00:00 https://gbhackers.com/new-android-supercard-x-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8664879 False Malware,Threat,Mobile None 2.0000000000000000 GB Hacker - Blog de reverseur Gorilla Android Malware intercepte les SMS pour voler des mots de passe uniques Gorilla Android Malware Intercepts SMS to Steal One-Time Passwords Dans un développement préoccupant dans l'écosystème Android, une nouvelle variante de logiciels malveillants connue sous le nom de «gorille» a été identifiée, ciblant principalement les informations financières et personnelles grâce à l'interception SMS. Écrit à Kotlin, le gorille semble être dans son enfance de développement, mais il présente déjà des mécanismes sophistiqués pour l'évasion, la persistance et l'extraction des données. Le code de Gorilla manque d'obscurcissement et […]

>In a concerning development within the Android ecosystem, a new malware variant known as “Gorilla” has been identified, primarily targeting financial and personal information through SMS interception. Written in Kotlin, Gorilla appears to be in its developmental infancy, yet it already showcases sophisticated mechanisms for evasion, persistence, and data extraction. Gorilla’s code lacks obfuscation and […] ]]> 2025-04-19T12:37:16+00:00 https://gbhackers.com/gorilla-android-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8664881 False Malware,Mobile None 3.0000000000000000 Bleeping Computer - Magazine Américain Nouveau malware Android vole vos cartes de crédit pour les attaques de relais NFC New Android malware steals your credit cards for NFC relay attacks A new malware-as-a-service (MaaS) platform named \'SuperCard X\' has emerged, targeting Android devices via NFC relay attacks that enable point-of-sale and ATM transactions using compromised payment card data. [...]]]> 2025-04-19T11:17:28+00:00 https://www.bleepingcomputer.com/news/security/supercard-x-android-malware-use-stolen-cards-in-nfc-relay-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8665015 False Malware,Mobile None 3.0000000000000000 GB Hacker - Blog de reverseur Spymax Android Spyware: Accès à distance complet pour surveiller toute activité SpyMax Android Spyware: Full Remote Access to Monitor Any Activity Les experts de l'intelligence des menaces de Perplexity ont découvert une variante avancée de la famille spyware spymax / spynote de logiciels spydromes Android, intelligemment déguisé en application officielle du bureau du procureur chinois (le bureau du procureur chinois (Procurateur). Ce maLicious Software visait les utilisateurs chinois en Chine continentale et à Hong Kong dans ce qui semble être une campagne de cyber-espionnage sophistiquée. Exploiter les services d'accessibilité Android […]

>Threat intelligence experts at Perplexity uncovered an advanced variant of the SpyMax/SpyNote family of Android spyware, cleverly disguised as the official application of the Chinese Prosecutor\'s Office (检察院). This malicious software was targeting Chinese-speaking users in mainland China and Hong Kong in what appears to be a sophisticated cyber espionage campaign. Exploiting Android Accessibility Services […] ]]> 2025-04-18T11:51:18+00:00 https://gbhackers.com/spymax-android-spyware-full-remote-access/ www.secnews.physaphae.fr/article.php?IdArticle=8664458 False Mobile None 2.0000000000000000 SecurityWeek - Security News Dans d'autres nouvelles: 4chan piraté, Android Auto-Reboot, Nemesis Admin chargé In Other News: 4chan Hacked, Android Auto-Reboot, Nemesis Admin Charged Des histoires remarquables qui auraient pu glisser sous le radar: 4chan piraté et une fonction de sécurité automatique à venir sur Android, administrateur iranien de Némésis chargé aux États-Unis.

>Noteworthy stories that might have slipped under the radar: 4chan hacked, auto-reboot security feature coming to Android, Iranian administrator of Nemesis charged in US. ]]> 2025-04-18T11:30:00+00:00 https://www.securityweek.com/in-other-news-4chan-hacked-android-auto-reboot-nemesis-admin-charged/ www.secnews.physaphae.fr/article.php?IdArticle=8664456 False Mobile None 3.0000000000000000 GB Hacker - Blog de reverseur 43% des 100 meilleures applications mobiles d'entreprise exposent des données sensibles aux pirates 43% of Top 100 Enterprise Mobile Apps Expose Sensitive Data to Hackers Une étude complète de ZLABS, l'équipe de recherche de Zimperium, a révélé que plus de 43% des 100 meilleures applications mobiles utilisées dans des environnements commerciaux contiennent de graves vulnérabilités qui exposent des données sensibles aux pirates potentiels. Cette constatation souligne le besoin urgent d'entreprises pour réévaluer leurs processus de vérification de leur application et améliorer les mesures de sécurité pour protéger […]

>A comprehensive study by zLabs, the research team at Zimperium, has found that over 43% of the top 100 mobile applications used in business environments contain severe vulnerabilities that expose sensitive data to potential hackers. This finding underscores the urgent need for enterprises to reassess their app vetting processes and enhance security measures to protect […] ]]> 2025-04-17T18:43:22+00:00 https://gbhackers.com/43-of-top-100-enterprise-mobile-apps/ www.secnews.physaphae.fr/article.php?IdArticle=8664173 False Vulnerability,Studies,Mobile None 3.0000000000000000 GB Hacker - Blog de reverseur Sécurité mobile - Risques émergents à l'ère BYOD Mobile Security – Emerging Risks in the BYOD Era La montée en puissance de Bring Your Own Device (BYOD) a révolutionné la flexibilité du lieu de travail, permettant aux employés d'utiliser des smartphones, des tablettes et des ordinateurs portables personnels pour des tâches professionnelles. Bien que ce changement réduit les coûts matériels et prend en charge les modèles de travail hybrides, il introduit des défis de sécurité complexes. Les cybercriminels ciblent de plus en plus les appareils personnels comme passerelles vers les réseaux d'entreprise, exploitant les vulnérabilités en fragmentation […]

>The rise of Bring Your Own Device (BYOD) policies has revolutionized workplace flexibility, enabling employees to use personal smartphones, tablets, and laptops for professional tasks. While this shift reduces hardware costs and supports hybrid work models, it introduces complex security challenges. Cybercriminals increasingly target personal devices as gateways to corporate networks, exploiting vulnerabilities in fragmented […] ]]> 2025-04-17T15:11:59+00:00 https://gbhackers.com/emerging-mobile-security-risks/ www.secnews.physaphae.fr/article.php?IdArticle=8664111 False Vulnerability,Mobile None 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber 35 pays utilisent des réseaux chinois pour transporter le trafic utilisateur mobile, posant des cyber-risques 35 countries use Chinese networks for transporting mobile user traffic, posing cyber risks An analysis from iVerify found U.S. allies on the list where mobile providers employ China-based networks. ]]> 2025-04-17T12:30:00+00:00 https://cyberscoop.com/35-countries-use-chinese-networks-for-transporting-mobile-user-traffic-posing-cyber-risks/ www.secnews.physaphae.fr/article.php?IdArticle=8664034 False Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Les drapeaux CISA ont activement exploité la vulnérabilité dans les appareils SONICWALL SMA CISA Flags Actively Exploited Vulnerability in SonicWall SMA Devices The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting SonicWall Secure Mobile Access (SMA) 100 Series gateways to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The high-severity vulnerability, tracked as CVE-2021-20035 (CVSS score: 7.2), relates to a case of operating system command injection]]> 2025-04-17T11:14:00+00:00 https://thehackernews.com/2025/04/cisa-flags-actively-exploited.html www.secnews.physaphae.fr/article.php?IdArticle=8663887 False Vulnerability,Mobile None 2.0000000000000000 The Register - Site journalistique Anglais La compétition Boffin lance un recours collectif contre Google UK sur la domination de la recherche Competition boffin launches class action against Google UK over search dominance Alleges £5B in harm caused by Android deals, anticompetitive actions A British academic has launched a class-action suit against Google, alleging abuse of its market dominance in online search caused £5 billion ($6.6 billion) of damage to advertisers.…]]> 2025-04-17T08:29:14+00:00 https://go.theregister.com/feed/www.theregister.com/2025/04/17/google_faces_uk_class_action/ www.secnews.physaphae.fr/article.php?IdArticle=8663944 False Mobile None 2.0000000000000000 GB Hacker - Blog de reverseur CISA Issues alerte sur la faille de Sonicwall étant activement exploitée CISA Issues Alert on SonicWall Flaw Being Actively Exploited L'Agence de sécurité de la cybersécurité et de l'infrastructure (CISA) a publié une alerte de sécurité critique après avoir confirmé l'exploitation active d'une vulnérabilité Sonicwall. La faille, documentée sous le nom de CVE-2021-20035, cible les appareils électroménagers SMA100 de Sonicwall \\ et a été ajouté au catalogue de vulnérabilités exploité connues de CISA \\. Aperçu de la vulnérabilité Cette vulnérabilité particulière se situe dans l'accès mobile Secure Secure (SMA) […]

>The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical security alert after confirming active exploitation of a SonicWall vulnerability. The flaw, documented as CVE-2021-20035, targets SonicWall\'s SMA100 series appliances and has been added to CISA\'s Known Exploited Vulnerabilities Catalog. Overview of the Vulnerability This particular vulnerability lies within the SonicWall Secure Mobile Access (SMA) […] ]]> 2025-04-17T05:53:02+00:00 https://gbhackers.com/cisa-issues-alert-on-sonicwall-flaw/ www.secnews.physaphae.fr/article.php?IdArticle=8663882 False Vulnerability,Mobile None 3.0000000000000000 Dark Reading - Informationweek Branch Téléphones Android pré-téléchargés avec des portefeuilles de cryptographie utilisateur cible de logiciels malveillants Android Phones Pre-Downloaded With Malware Target User Crypto Wallets The threat actors lace pre-downloaded applications with malware to steal cryptocurrency by covertly swapping users\' wallet addresses with their own.]]> 2025-04-16T20:57:30+00:00 https://www.darkreading.com/threat-intelligence/android-pre-downloaded-malware-crypto-wallets www.secnews.physaphae.fr/article.php?IdArticle=8664175 False Malware,Threat,Mobile None 3.0000000000000000 Dark Reading - Informationweek Branch Cloud, défauts de cryptographie dans les applications mobiles, fuite des données d'entreprise Cloud, Cryptography Flaws in Mobile Apps Leak Enterprise Data Cloud misconfigurations and cryptography flaws plague some of the top apps used in work environments, exposing organizations to risk and intrusion.]]> 2025-04-16T15:38:07+00:00 https://www.darkreading.com/endpoint-security/cloud-cryptography-flaws-mobile-apps-expose-enterprise-data www.secnews.physaphae.fr/article.php?IdArticle=8663614 False Mobile,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Téléphones Android chinois expédiés avec de faux WhatsApp, Applications télégrammes ciblant les utilisateurs de cryptographie Chinese Android Phones Shipped with Fake WhatsApp, Telegram Apps Targeting Crypto Users Cheap Android smartphones manufactured by Chinese companies have been observed pre-installed with trojanized apps masquerading as WhatsApp and Telegram that contain cryptocurrency clipper functionality as part of a campaign since June 2024. While using malware-laced apps to steal financial information is not a new phenomenon, the new findings from Russian antivirus vendor Doctor Web point to]]> 2025-04-16T13:04:00+00:00 https://thehackernews.com/2025/04/chinese-android-phones-shipped-with.html www.secnews.physaphae.fr/article.php?IdArticle=8663407 False Mobile None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine 92% des applications mobiles utilisées pour utiliser des méthodes cryptographiques non sécurisées 92% of Mobile Apps Found to Use Insecure Cryptographic Methods Study reveals 92% of mobile apps use insecure cryptographic methods, exposing millions to data risks]]> 2025-04-16T13:00:00+00:00 https://www.infosecurity-magazine.com/news/92-mobile-apps-insecure/ www.secnews.physaphae.fr/article.php?IdArticle=8663522 False Studies,Mobile None 3.0000000000000000 The Register - Site journalistique Anglais Le Japon sert à Google une commande de cesser et de s'abstenir sur ses offres de regroupement Android Japan serves Google a cease and desist order over its Android bundling deals Won\'t let the Big G require its apps and search to be installed on smartphones Japan\'s Fair Trade Commission yesterday ordered Google to stop doing deals that require manufacturers of Android handsets to include its apps.…]]> 2025-04-16T02:59:09+00:00 https://go.theregister.com/feed/www.theregister.com/2025/04/16/japan_google_monopoly_ruling/ www.secnews.physaphae.fr/article.php?IdArticle=8663314 False Mobile None 3.0000000000000000 TroyHunt - Blog Security Les téléphones Android se redémarreront bientôt après s'être assis inutilisé pendant 3 jours Android phones will soon reboot themselves after sitting unused for 3 days The latest Google update will make your phone more secure if you don\'t touch it]]> 2025-04-15T16:00:00+00:00 https://arstechnica.com/gadgets/2025/04/android-phones-will-soon-reboot-themselves-after-sitting-unused-for-3-days/ www.secnews.physaphae.fr/article.php?IdArticle=8663159 False Mobile None 3.0000000000000000 Bleeping Computer - Magazine Américain Google ajoute Android Auto-Reboot pour bloquer les extractions de données médico-légales Google adds Android auto-reboot to block forensic data extractions Google is rolling out a new security mechanism on Android devices that will automatically reboot locked, unused devices after three consecutive days of inactivity, restoring memory to an encrypted state. [...]]]> 2025-04-15T09:54:57+00:00 https://www.bleepingcomputer.com/news/security/google-adds-android-auto-reboot-to-block-forensic-data-extractions/ www.secnews.physaphae.fr/article.php?IdArticle=8663100 False Mobile None 3.0000000000000000 HackRead - Chercher Cyber Les logiciels malveillants préinstallés sur les téléphones Android bon marché vole la crypto via un faux whatsapp Pre-Installed Malware on Cheap Android Phones Steals Crypto via Fake WhatsApp Cheap Android phones with preinstalled malware use fake apps like WhatsApp to hijack crypto transactions and steal wallet recovery phrases.]]> 2025-04-14T18:57:25+00:00 https://hackread.com/pre-installed-malware-cheap-android-phones-crypto-fake-whatsapp/ www.secnews.physaphae.fr/article.php?IdArticle=8662802 False Malware,Mobile None 3.0000000000000000 Ars Technica - Risk Assessment Security Hacktivism La mise à jour Android 15 de Samsung \\ a été interrompue Samsung\\'s Android 15 update has been halted Samsung has stopped the Android 15 update due to unforeseen bugs.]]> 2025-04-14T16:50:57+00:00 https://arstechnica.com/gadgets/2025/04/samsungs-android-15-update-has-been-halted/ www.secnews.physaphae.fr/article.php?IdArticle=8662758 False Mobile None 4.0000000000000000 GB Hacker - Blog de reverseur Les pirates imitent la page d'installation de Google Chrome sur Google Play pour distribuer Android Malware Hackers Imitate Google Chrome Install Page on Google Play to Distribute Android Malware Les experts en cybersécurité ont mis au jour une cyber campagne complexe qui exploite des sites Web trompeurs qui se faisaient passer pour le Google Play Store pour distribuer des logiciels malveillants Android. Ces sites Web, hébergés dans des domaines nouvellement enregistrés, créent une façade de pages d'installation d'applications crédibles, des victimes séduisantes avec des téléchargements qui semblent légitimes, y compris des applications comme Google Chrome. Les sites sont conçus avec des fonctionnalités […]

>Cybersecurity experts have unearthed an intricate cyber campaign that leverages deceptive websites posing as the Google Play Store to distribute Android malware. These websites, hosted on newly registered domains, create a façade of credible application installation pages, enticing victims with downloads that appear legitimate, including apps like Google Chrome. The sites are engineered with features […] ]]> 2025-04-12T08:09:19+00:00 https://gbhackers.com/hackers-imitate-google-chrome-install-page-on-google-play/ www.secnews.physaphae.fr/article.php?IdArticle=8662024 False Malware,Mobile None 2.0000000000000000 TroyHunt - Blog Security La nouvelle barre de fond dynamique de Chrome donne aux sites Web un peu plus de place pour respirer Chrome\\'s new dynamic bottom bar gives websites a little more room to breathe Chrome for Android is getting a neat visual upgrade.]]> 2025-04-11T18:26:14+00:00 https://arstechnica.com/gadgets/2025/04/chrome-for-android-gets-edge-to-edge-ui-update/ www.secnews.physaphae.fr/article.php?IdArticle=8661832 False Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Spynote, Badbazaar, Moonshine Malware Target Android et les utilisateurs iOS via de fausses applications SpyNote, BadBazaar, MOONSHINE Malware Target Android and iOS Users via Fake Apps Cybersecurity researchers have found that threat actors are setting up deceptive websites hosted on newly registered domains to deliver a known Android malware called SpyNote. These bogus websites masquerade as Google Play Store install pages for apps like the Chrome web browser, indicating an attempt to deceive unsuspecting users into installing the malware instead. "The threat actor utilized a]]> 2025-04-11T13:43:00+00:00 https://thehackernews.com/2025/04/spynote-badbazaar-moonshine-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8661663 False Malware,Threat,Mobile None 3.0000000000000000 Dark Reading - Informationweek Branch 11 bogues trouvés dans l'application Android de chatte de perplexité AI \\ 11 Bugs Found in Perplexity AI\\'s Chatbot Android App Researchers characterize the company\'s artificial intelligence chatbot as less secure than ChatGPT and even DeepSeek.]]> 2025-04-11T13:00:00+00:00 https://www.darkreading.com/application-security/11-bugs-found-perplexity-chatbots-android-app www.secnews.physaphae.fr/article.php?IdArticle=8661730 False Mobile ChatGPT 3.0000000000000000 ProofPoint - Cyber Firms La surface d'attaque en expansion: Pourquoi les outils de collaboration sont la nouvelle ligne de front dans les cyberattaques The Expanding Attack Surface: Why Collaboration Tools Are the New Front Line in Cyberattacks 2025-04-11T03:44:16+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/collaboration-tools-new-front-line-cyberattacks www.secnews.physaphae.fr/article.php?IdArticle=8661883 False Malware,Tool,Threat,Mobile,Cloud None 4.0000000000000000 Global Security Mag - Site de news francais Multiples vulnérabilités dans Google Pixel (11 avril 2025) Vulnérabilités]]> 2025-04-11T02:00:00+00:00 https://www.globalsecuritymag.fr/multiples-vulnerabilites-dans-google-pixel-11-avril-2025.html www.secnews.physaphae.fr/article.php?IdArticle=8661745 True Mobile None 3.0000000000000000 Krebs on Security - Chercheur Américain Triade de phishing SMS basée en Chine Pivots aux banques China-based SMS Phishing Triad Pivots to Banks China-based purveyors of SMS phishing kits are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google. Until recently, the so-called “Smishing Triad” mainly impersonated toll road operators and shipping companies. But experts say these groups are now directly targeting customers of international financial institutions, while dramatically expanding their cybercrime infrastructure and support staff.]]> 2025-04-10T15:31:58+00:00 https://krebsonsecurity.com/2025/04/china-based-sms-phishing-triad-pivots-to-banks/ www.secnews.physaphae.fr/article.php?IdArticle=8661422 False Mobile None 3.0000000000000000 Recorded Future - FLux Recorded Future Le fournisseur de télécommunications sud-africains desservant 7,7 millions confirme la fuite de données après la cyberattaque South African telecom provider serving 7.7 million confirms data leak following cyberattack South Africa\'s fourth-largest mobile network operator, Cell C, has confirmed that its data was leaked on the dark web following a cyberattack last year.]]> 2025-04-10T13:15:52+00:00 https://therecord.media/south-african-telecom-provider-discloses-data-breach-ransomware www.secnews.physaphae.fr/article.php?IdArticle=8661396 False Mobile None 2.0000000000000000 Korben - Bloger francais Test d\'un SSD minuscule, compatible PC, Mac, Android, et même iPhone en MagSafe ! Lexar ES4, et il coche vraiment beaucoup de cases si vous cherchez de quoi stocker ou sauvegarder vos données. Ce SSD externe de 2 To tient dans la main, se fixe à un iPhone en MagSafe et balance des débits qui tiennent la route. On l'a testé, les vitesses sont bien là.]]> 2025-04-10T13:03:18+00:00 https://korben.info/test-dun-ssd-minuscule-compatible-pc-mac-android-et-meme-iphone-en-magsafe.html www.secnews.physaphae.fr/article.php?IdArticle=8661362 False Mobile None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Spynote malware cible les utilisateurs d'Android avec de fausses pages de lecture Google SpyNote Malware Targets Android Users with Fake Google Play Pages A new Android malware campaign uses fake Google Play pages to distribute the SpyNote Trojan]]> 2025-04-10T13:00:00+00:00 https://www.infosecurity-magazine.com/news/spynote-malware-targets-android/ www.secnews.physaphae.fr/article.php?IdArticle=8661375 False Malware,Mobile None 3.0000000000000000 Wired Threat Level - Security News Revue Google Pixel 9A: toujours le meilleur smartphone Google Pixel 9a Review: Still the Best Smartphone It might not look like a classic Pixel phone anymore, but this Android is still the best smartphone bargain.]]> 2025-04-10T13:00:00+00:00 https://www.wired.com/review/google-pixel-9a/ www.secnews.physaphae.fr/article.php?IdArticle=8661376 False Mobile None 2.0000000000000000 Korben - Bloger francais Transformez vos vieux smartphones en cluster Kubernetes 2025-04-10T06:51:49+00:00 https://korben.info/smartphones-cluster-kubernetes-postmarketos.html www.secnews.physaphae.fr/article.php?IdArticle=8661281 False Mobile None 3.0000000000000000 Smashing Security - Podcast Cyber 412: Signalgate est nul, et le dilemme de la quai 412: Signalgate sucks, and the quandary of quishing QR codes are being weaponised by scammers - so maybe think twice before scanning that parking meter. And in a blunder so dumb it makes autocorrect look smart, the White House explains how it leaked war plans on Signal because an iPhone mistook a journalist for a government insider. Plus! Don\'t miss our featured interview...]]> 2025-04-09T22:00:00+00:00 https://www.smashingsecurity.com/412-signalgate-sucks-and-the-quandary-of-quishing/ www.secnews.physaphae.fr/article.php?IdArticle=8661242 False Mobile None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine NCSC met en garde contre les logiciels espions ciblant la diaspora chinoise et taïwanaise NCSC Warns of Spyware Targeting Chinese and Taiwanese Diaspora The UK and allies have warned of new mobile spyware targeting Uyghur, Tibetan and Taiwanese communities]]> 2025-04-09T09:00:00+00:00 https://www.infosecurity-magazine.com/news/ncsc-spyware-chinese-taiwanese/ www.secnews.physaphae.fr/article.php?IdArticle=8661089 False Mobile None 3.0000000000000000 ComputerWeekly - Computer Magazine Problèmes de NCSC Avertissement sur le clair de lune chinois et les logiciels espions chinois et Badbazaar NCSC issues warning over Chinese Moonshine and BadBazaar spyware Two spyware variants are being used to target the mobile devices of persons of interest to Chinese intelligence, including individuals in the Taiwanese, Tibetan and Uyghur communities]]> 2025-04-08T19:01:00+00:00 https://www.computerweekly.com/news/366622023/NCSC-issues-warning-over-Chinese-Moonshine-and-BadBazaar-spyware www.secnews.physaphae.fr/article.php?IdArticle=8661028 False Mobile None 3.0000000000000000 Dark Reading - Informationweek Branch 2 bogues Android Zero-Day sous Exploit actif 2 Android Zero-Day Bugs Under Active Exploit Neither security issue requires user interaction; and one of the vulnerabilities was used to unlock a student activist\'s device in an attempt to install spyware.]]> 2025-04-08T16:17:21+00:00 https://www.darkreading.com/vulnerabilities-threats/android-zero-day-bugs-active-exploit www.secnews.physaphae.fr/article.php?IdArticle=8660988 False Vulnerability,Threat,Mobile None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Google publie une mise à jour Android avril pour aborder deux jours zéro Google Releases April Android Update to Address Two Zero-Days Google\'s latest Android update fixes 62 flaws, including two zero-days previously used in limited targeted attacks]]> 2025-04-08T15:45:00+00:00 https://www.infosecurity-magazine.com/news/android-update-address-two-zero/ www.secnews.physaphae.fr/article.php?IdArticle=8660971 False Mobile None 3.0000000000000000 SecurityWeek - Security News Android Update Patches deux vulnérabilités exploitées Android Update Patches Two Exploited Vulnerabilities La dernière mise à jour de sécurité d'Android \\ résout deux vulnérabilités du noyau exploitées, ainsi que des bogues de sévérité critique.

>Android\'s latest security update resolves two exploited Kernel vulnerabilities, as well as critical-severity bugs. ]]> 2025-04-08T10:10:00+00:00 https://www.securityweek.com/android-update-patches-two-exploited-vulnerabilities/ www.secnews.physaphae.fr/article.php?IdArticle=8660910 False Vulnerability,Mobile None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google publie une mise à jour Android pour corriger deux vulnérabilités activement exploitées Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities Google has shipped patches for 62 vulnerabilities, two of which it said have been exploited in the wild. The two high-severity vulnerabilities are listed below - CVE-2024-53150 (CVSS score: 7.8) - An out-of-bounds flaw in the USB sub-component of Kernel that could result in information disclosure CVE-2024-53197 (CVSS score: 7.8) - A privilege escalation flaw in the USB sub-component of Kernel]]> 2025-04-08T09:35:00+00:00 https://thehackernews.com/2025/04/google-releases-android-update-to-patch.html www.secnews.physaphae.fr/article.php?IdArticle=8660872 False Vulnerability,Mobile None 3.0000000000000000 Global Security Mag - Site de news francais Multiples vulnérabilités dans Google Android (08 avril 2025) Vulnérabilités]]> 2025-04-08T02:00:00+00:00 https://www.globalsecuritymag.fr/multiples-vulnerabilites-dans-google-android-08-avril-2025.html www.secnews.physaphae.fr/article.php?IdArticle=8660977 False Mobile None 3.0000000000000000 Checkpoint - Fabricant Materiel Securite Pourquoi la cybersécurité alimentée par l'IA est essentielle dans un monde hyperconnecté Why AI-Powered Cyber Security is Essential in a Hyperconnected World Dans le paysage numérique d'aujourd'hui, les limites du réseau d'entreprise se sont étendues bien au-delà du centre de données traditionnel. L'adoption rapide du cloud, du travail à distance, de l'IoT et des appareils mobiles a remodelé le fonctionnement des organisations et comment ils doivent se défendre contre les cyber-menaces. Dans ce monde hyperconnecté, la sécurité ne consiste plus simplement à protéger simplement les actifs sur site; Il nécessite une approche holistique et alimentée par AI pour sécuriser toute la surface d'attaque. Un récent rapport de Miercom reconnaît Check Point Infinity comme la principale plate-forme de cybersécurité alimentée par l'IA, soulignant sa capacité inégalée à protéger les entreprises modernes contre les cyber-menaces sophistiquées. Voici pourquoi la cybersécurité alimentée par AI […]

>In today\'s digital landscape, the boundaries of the corporate network have expanded far beyond the traditional data center. The rapid adoption of cloud, remote work, IoT, and mobile devices has reshaped how organizations operate-and how they must defend themselves against cyber threats. In this hyperconnected world, security is no longer about simply protecting on-premises assets; it requires a holistic, AI-powered approach to securing the entire attack surface. A recent report from Miercom recognizes Check Point Infinity as the leading AI-powered cyber security platform, underscoring its unmatched ability to protect modern enterprises from sophisticated cyber threats. Here\'s why AI-powered cyber security […] ]]> 2025-04-07T13:56:12+00:00 https://blog.checkpoint.com/security-operations/why-ai-powered-cyber-security-is-essential-in-a-hyperconnected-world/ www.secnews.physaphae.fr/article.php?IdArticle=8660738 False Mobile,Cloud None 3.0000000000000000 Bleeping Computer - Magazine Américain Google fixe Android Zero-Days exploité dans les attaques, 60 autres défauts Google fixes Android zero-days exploited in attacks, 60 other flaws Google has released patches for 62 vulnerabilities in Android\'s April 2025 security update, including two zero-days exploited in targeted attacks. [...]]]> 2025-04-07T13:55:51+00:00 https://www.bleepingcomputer.com/news/security/google-fixes-android-zero-days-exploited-in-attacks-60-other-flaws/ www.secnews.physaphae.fr/article.php?IdArticle=8660788 False Vulnerability,Mobile None 3.0000000000000000 Bleeping Computer - Magazine Américain Europcar Gitlab Breach expose des données de jusqu'à 200 000 clients Europcar GitLab breach exposes data of up to 200,000 customers A hacker breached the GitLab repositories of multinational car-rental company Europcar Mobility Group and stole source code for Android and iOS applications, as well as some personal information belonging to up to 200,000 users. [...]]]> 2025-04-04T10:07:21+00:00 https://www.bleepingcomputer.com/news/security/europcar-gitlab-breach-exposes-data-of-up-to-200-000-customers/ www.secnews.physaphae.fr/article.php?IdArticle=8660261 False Mobile None 3.0000000000000000 Dark Reading - Informationweek Branch Téléphones contrefaits transportant des logiciels malveillants Triada remaniés cachés Counterfeit Phones Carrying Hidden Revamped Triada Malware The malware, first discovered in 2016, has been updated over the years, and the latest version is now hiding in the firmware of counterfeit mobile phones.]]> 2025-04-03T16:17:45+00:00 https://www.darkreading.com/endpoint-security/counterfeit-phones-infected-triada-malware www.secnews.physaphae.fr/article.php?IdArticle=8660110 False Malware,Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Triada Malware préchargé sur des téléphones Android contrefaits infecte plus 2 600 appareils Triada Malware Preloaded on Counterfeit Android Phones Infects 2,600+ Devices Counterfeit versions of popular smartphone models that are sold at reduced prices have been found to be preloaded with a modified version of an Android malware called Triada. "More than 2,600 users in different countries have encountered the new version of Triada, the majority in Russia," Kaspersky said in a report. The infections were recorded between March 13 and 27, 2025. Triada is the]]> 2025-04-03T13:04:00+00:00 https://thehackernews.com/2025/04/triada-malware-preloaded-on-counterfeit.html www.secnews.physaphae.fr/article.php?IdArticle=8659988 False Malware,Mobile None 2.0000000000000000 Cisco - Security Firm Blog Mobile World Congress 2025: SOC dans le Network Operations Center Mobile World Congress 2025: SOC in the Network Operations Center Cisco is the sole supplier of network services to Mobile World Congress, expanding into security and observability, with Splunk.]]> 2025-04-03T12:00:43+00:00 https://blogs.cisco.com/security/mobile-world-congress-2025/ www.secnews.physaphae.fr/article.php?IdArticle=8660022 False Mobile None 3.0000000000000000 HackRead - Chercher Cyber Comment récupérer les photos supprimées d'un iPhone How to Recover Deleted Photos from an iPhone Accidentally deleted some photos from your iPhone? You\'re definitely not alone; most iPhone users have done it at…]]> 2025-04-02T23:48:24+00:00 https://hackread.com/how-to-recover-deleted-photos-from-an-iphone/ www.secnews.physaphae.fr/article.php?IdArticle=8659936 False Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) FIN7 déploie les systèmes de porte dérobée Anubis pour détourner les systèmes Windows via des sites SharePoint compromis FIN7 Deploys Anubis Backdoor to Hijack Windows Systems via Compromised SharePoint Sites The financially motivated threat actor known as FIN7 has been linked to a Python-based backdoor called Anubis (not to be confused with an Android banking trojan of the same name) that can grant them remote access to compromised Windows systems. "This malware allows attackers to execute remote shell commands and other system operations, giving them full control over an infected machine," Swiss]]> 2025-04-02T12:22:00+00:00 https://thehackernews.com/2025/04/fin7-deploys-anubis-backdoor-to-hijack.html www.secnews.physaphae.fr/article.php?IdArticle=8659770 False Malware,Threat,Mobile None 3.0000000000000000 Bleeping Computer - Magazine Américain Les appareils Android contrefaits trouvés préchargés avec Triada Malware Counterfeit Android devices found preloaded With Triada malware A new version of the Triada trojan has been discovered preinstalled on thousands of new Android devices, allowing threat actors to steal data as soon as they are set up. [...]]]> 2025-04-02T09:57:23+00:00 https://www.bleepingcomputer.com/news/security/counterfeit-android-devices-found-preloaded-with-triada-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8659836 False Malware,Threat,Mobile None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Mars 2025 Mises à jour du conseil en cybersécurité et activité de ransomware March 2025 Cybersecurity Consulting Updates and Ransomware Activity ici . Les menaces de cybersécurité ont augmenté en mars, avec des attaques, des violations et des vulnérabilités importantes, un impact sur les organisations du monde entier. Des augmentations de ransomwares aux défauts logiciels exploités, les entreprises ont été confrontées à un paysage difficile. Ce bref résume les problèmes les plus urgents et offre des étapes pratiques pour rester en sécurité. Nouvelles vulnérabilités entre les principaux fournisseurs Microsoft a publié des correctifs critiques pour Windows et des produits connexes, aborder les vulnérabilités d'exécution de code à distance dans les services de bureau à distance, le sous-système Windows pour Linux, DNS et Microsoft Office. Les questions activement exploitées dans les NTF, le sous-système du noyau, l'EXFAT et les conducteurs liés à l'USB ont soulevé des problèmes d'escalade de privilège. Meilleures pratiques: effectuer des analyses de vulnérabilité régulières et mettre en œuvre la gestion automatisée des correctifs pour réduire le temps d'exposition. Adobe, Apple et Google ont abordé des défauts de haute sévérité similaires sur des logiciels et des plateformes mobiles largement utilisés. Le flaw Webkit d'Apple et les zéro-jours Android de Google (CVE-2024-43093, CVE-2024-50302) ont tous deux été exploités activement. Meilleures pratiques: incluez la protection des points mobiles et des terminaux dans les évaluations des risques et assurez-vous que la formation à la sensibilisation des utilisateurs couvre les menaces basées sur les applications et basées sur le navigateur. Cisco, SAP, VMware et Palo Alto ont corrigé des vulnérabilités critiques dans les systèmes d'entreprise. Il convient de noter que la gestion de la mémoire de VMware zero-day (CVE-2025-22224) pourrait être exploitée à distance, et l'interface Web de Cisco (CVE-2025-22242) a activé l'exécution de commande via HTTP. Meilleures pratiques: segmenter l'architecture du réseau et mettre en œuvre des principes de confiance zéro pour limiter le mouvement latéral en cas de violation. CISA CONTINUTES CONTROMATION DES VULLÉRABILITÉS MISES À JOUR CATALOGUE CISA a ajouté plusieurs nouvelles vulnérabilités à son catalogue de vulnérabilités exploité connu, y compris: Cisco Small Business RV Routeurs (injection de commande) Serveur Hitachi Pentaho (exécution de code distant) Windows Win32k (Escalade des privilèges) Progress WhatsUp Gold (chemin de traverse) Ceux-ci ont un impact sur les secteurs des infrastructures critiques. Best Practice: Alignez les correctifs avec les mandats CISA KEV et maintenir les inventaires d'actifs qui relient les systèmes aux bases de données de vulnérabilité pour la hiérarchisation. Menaces répandues: ransomware et cyberattaques ransomware reste une menace dominante. en mars: CLOP a exploité CVE-2024-50623 dans des outils de transfert de fichiers CLEO, ciblant le commerce de détail, les finances et la logistique. RansomHub a compromis les systèmes non corrigés en utilisant des informations d'identification volées. Medusa (Spearwing) a déployé des tactiques d'extorsion à double. Aki]]> 2025-04-01T23:09:00+00:00 https://levelblue.com/blogs/security-essentials/march-2025-cybersecurity-consulting-updates-and-ransomware-activity www.secnews.physaphae.fr/article.php?IdArticle=8659820 False Ransomware,Tool,Vulnerability,Threat,Patching,Mobile,Medical,Technical None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Lucid PhaaS atteint 169 cibles dans 88 pays utilisant iMessage et RCS smithing Lucid PhaaS Hits 169 Targets in 88 Countries Using iMessage and RCS Smishing A new sophisticated phishing-as-a-service (PhaaS) platform called Lucid has targeted 169 entities in 88 countries using smishing messages propagated via Apple iMessage and Rich Communication Services (RCS) for Android. Lucid\'s unique selling point lies in its weaponizing of legitimate communication platforms to sidestep traditional SMS-based detection mechanisms. "Its scalable,]]> 2025-04-01T19:48:00+00:00 https://thehackernews.com/2025/04/lucid-phaas-hits-169-targets-in-88.html www.secnews.physaphae.fr/article.php?IdArticle=8659631 False Mobile None 3.0000000000000000 Reversemode - Blog de reverser Analyse cyber-physique des armes des systèmes de détection de destruction massive: Partie 1 - Darpa \\ 's Sigma Cyber-Physical Analysis of Weapons of Mass Destruction Detection Systems: Part 1 - DARPA\\'s SIGMA Introduction2. Practical Gamma Spectroscopy for Security Researchers3. SIGMA Network4. ConclusionsDisclaimerTo avoid any misunderstandings, I want to clarify that all the information in this post is based on open-source intelligence, publicly available documents, and reverse engineering. I have not attempted to compromise or replicate any potential attacks on internet-facing SIGMA systems. Instead, I conducted a simple, non-invasive reconnaissance phase, which involved accessing public websites, reviewing their source code, and examining generic endpoints to gather general information, such as system versions. A month before publishing this post, I gave a heads-up about it to those who needed to be informed.Introduction

This is the first part of a series on the cyber-physical analysis of weapons of mass destruction detection systems, focusing on technologies like CBRN networks and nuclear safeguards. These posts will cover how these systems integrate physical methods with cyber capabilities to counter potential threats. By analyzing both the hardware and software components, I aim to highlight the challenges and advancements in ensuring these systems function effectively in real-world scenarios, as well as some of the vulnerabilities, exploits, and security-related issues discovered during the research. Above all, the goal is to contribute to a better understanding of these systems and encourage critical thinking, especially in these challenging times.Thirty years ago, the Japanese apocalyptic cult \'Aum Shinrikyo\' managed to fabricate sarin gas in-house and released it in multiple trains during rush hour on the Tokyo subway system. The deadly nerve agent killed 14 people, injured over 1000, and caused severe health issues for thousands more. Initial reports only mentioned \'an explosion in the subway,\' causing the first 30 police officers who arrived at the scene to overlook the possibility of a chemical attack. As a result, they were exposed to and harmed by the sarin gas, which also delayed their ability to provide a timely and proper response to the other victims.Could a similar event happen today in a modern city? Probably yes, but at least in theory, it would be orders of magnitude harder for the perpetrators to achieve their goals. Even if they succeeded, the immediate aftermath (essentially the ability to mitigate the consequences), would (is expected to) be managed much more effectively, due to technological progress in countering Chemical, Biological, Radiological,]]> 2025-04-01T16:18:36+00:00 https://www.reversemode.com/2025/04/cyber-physical-analysis-of-weapons-of.html www.secnews.physaphae.fr/article.php?IdArticle=8659628 False Tool,Vulnerability,Threat,General Information,Legislation,Mobile,Prediction,Cloud,Commercial None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Apple a condamné une amende à 150 millions d'euros par le régulateur français pour des pratiques de consentement ATT discriminatoires Apple Fined €150 Million by French Regulator Over Discriminatory ATT Consent Practices Apple has been hit with a fine of €150 million ($162 million) by France\'s competition watchdog over the implementation of its App Tracking Transparency (ATT) privacy framework. The Autorité de la concurrence said it\'s imposing a financial penalty against Apple for abusing its dominant position as a distributor of mobile applications for iOS and iPadOS devices between April 26, 2021 and July 25,]]> 2025-04-01T11:17:00+00:00 https://thehackernews.com/2025/04/apple-fined-150-million-by-french.html www.secnews.physaphae.fr/article.php?IdArticle=8659536 False Mobile None 3.0000000000000000