www.secnews.physaphae.fr

www.secnews.physaphae.fr This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-13T18:55:13+00:00 www.secnews.physaphae.fr Zimperium - cyber risk firms for mobile Papet des vulnérabilités à fort impact: une rétrospective sur webp cve Patching High Impact Vulnerabilities: A Retrospective on WebP CVE Dans ce blog, nous nous plongeons dans les défis à multiples facettes de la mise à jour des logiciels en toute sécurité et efficacement, en particulier lorsque des vulnérabilités à fort impact sont en jeu.

>In this blog, we delve into the multifaceted challenges of updating software safely and efficiently, particularly when high-impact vulnerabilities are at stake. ]]> 2024-05-13T13:00:00+00:00 https://www.zimperium.com/blog/patching-high-impact-vulnerabilities-a-retrospective-on-webp-cve/ www.secnews.physaphae.fr/article.php?IdArticle=8498897 False Vulnerability,Patching None None ZD Net - Magazine Info Mettez à jour votre navigateur Chrome dès que possible.Google a confirmé un jour zéro exploité dans la nature Update your Chrome browser ASAP. Google has confirmed a zero-day exploited in the wild A new Chrome JavaScript security hole is nasty, so don\'t waste any time patching your systems.]]> 2024-05-10T16:17:00+00:00 https://www.zdnet.com/article/update-your-chrome-browser-asap-google-has-confirmed-a-zero-day-exploited-in-the-wild/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=8497339 False Vulnerability,Threat,Patching None None IT Security Guru - Blog Sécurité Recherche de cyber-menaces: les mauvaises pratiques de correction et les protocoles non cryptés continuent de hanter les entreprises Cyber Threat Research: Poor Patching Practices and Unencrypted Protocols Continue to Haunt Enterprises Cyber Threat Research: les mauvaises pratiques de correction et les protocoles non cryptés continuent de hanter les entreprises Apparu pour la première fois sur gourou de la sécurité informatique .

Cato Networks, the SASE leader, today unveiled the findings of its inaugural Cato CTRL SASE Threat Report for Q1 2024. The report shows all organizations surveyed continue to run insecure protocols across their wide access networks (WAN), making it easier for cybercriminals to move across networks. Developed by Cato CTRL, the SASE leader\'s cyber threat intelligence […] The post Cyber Threat Research: Poor Patching Practices and Unencrypted Protocols Continue to Haunt Enterprises first appeared on IT Security Guru. ]]> 2024-05-07T13:34:29+00:00 https://www.itsecurityguru.org/2024/05/07/cyber-threat-research-poor-patching-practices-and-unencrypted-protocols-continue-to-haunt-enterprises/?utm_source=rss&utm_medium=rss&utm_campaign=cyber-threat-research-poor-patching-practices-and-unencrypted-protocols-continue-to-haunt-enterprises www.secnews.physaphae.fr/article.php?IdArticle=8495237 False Threat,Patching None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) Uncharmed: les opérations APT42 de l'Iran démêle Uncharmed: Untangling Iran\\'s APT42 Operations 2024-05-06T19:54:46+00:00 https://community.riskiq.com/article/7c5aa156 www.secnews.physaphae.fr/article.php?IdArticle=8494794 False Malware,Vulnerability,Threat,Patching,Cloud APT 42 3.0000000000000000 Dark Reading - Informationweek Branch GPT-4 peut exploiter la plupart des vulnes simplement en lisant les avis de menace GPT-4 Can Exploit Most Vulns Just by Reading Threat Advisories Existing AI technology can allow hackers to automate exploits for public vulnerabilities in minutes flat. Very soon, diligent patching will no longer be optional.]]> 2024-04-18T20:23:46+00:00 https://www.darkreading.com/threat-intelligence/gpt-4-can-exploit-most-vulns-just-by-reading-threat-advisories www.secnews.physaphae.fr/article.php?IdArticle=8484931 False Vulnerability,Threat,Patching None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Introduction à l'analyse de la composition logicielle et comment sélectionner un outil SCA Introduction to Software Composition Analysis and How to Select an SCA Tool Apache Log4j library vulnerability, which posed serious security risks. And this is not an isolated incident. Using open-source software necessitates thorough Software Composition Analysis (SCA) to identify these security threats. Organizations must integrate SCA tools into their development workflows while also being mindful of their limitations. Why SCA Is Important Open-source components have become crucial to software development across various industries. They are fundamental to the construction of modern applications, with estimates suggesting that up to 96% of the total code bases contain open-source elements. Assembling applications from diverse open-source blocks presents a challenge, necessitating robust protection strategies to manage and mitigate risks effectively. Software Composition Analysis is the process of identifying and verifying the security of components within software, especially open-source ones. It enables development teams to efficiently track, analyze, and manage any open-source element integrated into their projects. SCA tools identify all related components, including libraries and their direct and indirect dependencies. They also detect software licenses, outdated dependencies, vulnerabilities, and potential exploits. Through scanning, SCA creates a comprehensive inventory of a project\'s software assets, offering a full view of the software composition for better security and compliance management. Although SCA tools have been available for quite some time, the recent open-source usage surge has cemented their importance in application security. Modern software development methodologies, such as DevSecOps, emphasize the need for SCA solutions for developers. The role of security officers is to guide and assist developers in maintaining security across the Software Development Life Cycle (SDLC), ensuring that SCA becomes an integral part of creating secure software. Objectives and Tasks of SCA Tools Software Composition Analysis broadly refers to security methodologies and tools designed to scan applications, typically during development, to identify vulnerabilities and software license issues. For effective management of open-source components and associated risks, SCA solutions help navigate several tasks: 1) Increasing Transparency A developer might incorporate various open-source packages into their code, which in turn may depend on additional open-source packages unknown to the developer. These indirect dependencies can extend several levels deep, complicating the understanding of exactly which open-source code the application uses. Reports indicate that 86% of vulnerabilities in node.js projects stem from transitive (indirect) dependencies, w]]> 2024-04-17T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/introduction-to-software-composition-analysis-and-how-to-select-an-sca-tool www.secnews.physaphae.fr/article.php?IdArticle=8484209 False Tool,Vulnerability,Threat,Patching,Prediction,Cloud,Commercial None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC 10 stratégies pour fortifier la sécurité du système SCADA 10 Strategies to Fortify SCADA System Security sophisticated cyberattack, targeting its SCADA system at a key booster station. This station, crucial for regulating water pressure across Raccoon and Potter townships in Beaver County, experienced a temporary loss of communication, triggering an immediate investigation. Upon closer examination, the technicians discovered a clear indication of a cyberattack: a message declaring, "You have been hacked." This startling discovery led to the swift activation of manual control systems, ensuring that water quality and supply remained unaffected despite the breach. The hacked device operated on a separate network, distinct from the main corporate systems. This separation helped to limit the breach\'s impact and prevented it from affecting other essential parts of the infrastructure. The hackers, identified as being affiliated with an Iranian group, specifically targeted this equipment due to its Israeli-made components. This choice of target was part of a broader strategy, as similar devices are commonly used in water utility stations both in the US and internationally, hinting at the potential for more widespread attacks. The incident drew significant attention from US legislators, who expressed concerns about the vulnerability of the nation\'s critical infrastructure to such cyberattacks. The breach underscored the urgent need for enhanced cybersecurity measures across similar utilities, especially those with limited resources and exposure to international conflicts. Investigations by the Federal Bureau of Investigation and the Pennsylvania State Police were launched to examine the specifics of the attack. The cybersecurity community pointed out that industrial control systems, like the SCADA system breached at MWAA, often have inherent security weaknesses, making them susceptible to such targeted attacks. The following discussion on SCADA defense strategies aims to address these challenges, proposing measures to fortify these vital systems against potential cyberattacks and ensuring the security and reliability of essential public utilities. How to Enhance SCADA System Security? The breach at the MWAA sharply highlights the inherent vulnerabilities in SCADA systems, a crucial component of our critical infrastructure. In the wake of this incident, it\'s imperative to explore robust SCADA defense strategies. These strategies are not mere recommendations but essential steps towards safeguarding our essential public utilities from similar threats. 1. Network Segmentation: This strategy involves creating \'zones\' within the SCADA network, each with its own specific security controls. This could mean separating critical control systems from the rest of the network, or dividing a large system into smaller, more manageable segments. Segmentation often includes implementing demilitarized zones (DMZs) between the corporate and control networks. This reduces the risk of an attacker being able to move laterally across the network and access sensitive areas after breaching a less secure section. 2. Access Control and Authentication: Beyond basic measures, access control in SCADA systems should involve a comprehensive management of user privileges. This could include role-based access controls, where users are granted access rights depending on their job function, and time-based access controls, limiting access to certain times for specific users. Strong authentication methods also ]]> 2024-04-08T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/10-strategies-to-fortify-scada-system-security www.secnews.physaphae.fr/article.php?IdArticle=8478096 False Vulnerability,Threat,Patching,Legislation,Industrial None 4.0000000000000000 Nextron - Blog Secu Protéger votre entreprise: aborder la crise de la vulnérabilité de Microsoft Exchange Protecting Your Business: Addressing the Microsoft Exchange Vulnerability Crisis Découvrez comment sauvegarder votre entreprise à partir de la crise de vulnérabilité en cours Microsoft Exchange mise en évidence par l'Office fédéral allemand pour la sécurité de l'information (BSI).Découvrez les avertissements critiques, l'importance du correctif et comment les évaluations automatisées des compromis avec Thor Cloud Lite peuvent fortifier votre stratégie de cybersécurité.

>Discover how to safeguard your business from the ongoing Microsoft Exchange vulnerability crisis highlighted by the German Federal Office for Information Security (BSI). Learn about critical warnings, the importance of patching, and how automated compromise assessments with THOR Cloud Lite can fortify your cybersecurity strategy. ]]> 2024-04-03T14:31:53+00:00 https://www.nextron-systems.com/2024/04/03/microsoft-exchange-vulnerability-crisis/ www.secnews.physaphae.fr/article.php?IdArticle=8475747 False Vulnerability,Patching,Cloud None 3.0000000000000000 Dark Reading - Informationweek Branch Les bogues IOS de Cisco permettent des attaques DOS non authentifiées et distantes Cisco IOS Bugs Allow Unauthenticated, Remote DoS Attacks Several Cisco products, including IOS, IOS XE, and AP software, need patching against various high-risk security vulnerabilities.]]> 2024-03-28T21:15:17+00:00 https://www.darkreading.com/application-security/cisco-ios-bugs-unauthenticated-remote-dos-attacks www.secnews.physaphae.fr/article.php?IdArticle=8472251 False Vulnerability,Patching None 2.0000000000000000 HackRead - Chercher Cyber La CISA invite à corriger la vulnérabilité Microsoft SharePoint (CVE-2023-24955) CISA Urges Patching Microsoft SharePoint Vulnerability (CVE-2023-24955) Par deeba ahmed Flaw Critical Microsoft SharePoint Exploited: Patch Now, Cisa Insigne! Ceci est un article de HackRead.com Lire la publication originale: La CISA invite à corriger la vulnérabilité Microsoft SharePoint (CVE-2023-24955)

>By Deeba Ahmed Critical Microsoft SharePoint Flaw Exploited: Patch Now, CISA Urges! This is a post from HackRead.com Read the original post: CISA Urges Patching Microsoft SharePoint Vulnerability (CVE-2023-24955)]]> 2024-03-28T17:24:22+00:00 https://www.hackread.com/cisa-microsoft-sharepoint-vulnerability-cve-2023-24955/ www.secnews.physaphae.fr/article.php?IdArticle=8472154 False Vulnerability,Patching None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) La nouvelle conduite de l'agent Tesla \\: la montée d'un nouveau chargeur Agent Tesla\\'s New Ride: The Rise of a Novel Loader [Consultez la rédaction de Microsoft \\ sur les informationsStealiers ici.] (Https://sip.security.microsoft.com/intel-profiles/2296d491ea381b532b24f2575f9418d4b6723c17b8a1f507d20c2140a75d16d6) #### URL de référence (s) 1. https://www.trustwave.com/en-us/Ressources / blogs / spiderLabs-blog / agent-teslas-new-ride-the-ramen-of-a-novel-chargedeur / #### Date de publication 26 mars 2024 #### Auteurs) Bernard Bautista

#### Description SpiderLabs identified a phishing email on March 8, 2024, with an attached archive that included a Windows executable disguised as a fraudulent bank payment. This action initiated an infection chain culminating in the deployment of Agent Tesla. The loader is compiled with .NET and uses obfuscation and packing techniques to evade detection. It also exhibits polymorphic behavior with distinct decryption routines, making it difficult for traditional antivirus systems to detect. The loader uses methods like patching to bypass Antimalware Scan Interface (AMSI) detection and dynamically load payloads, ensuring stealthy execution and minimizing traces on disk. > [Check out Microsoft\'s write-up on Information Stealers here.](https://sip.security.microsoft.com/intel-profiles/2296d491ea381b532b24f2575f9418d4b6723c17b8a1f507d20c2140a75d16d6) #### Reference URL(s) 1. https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/agent-teslas-new-ride-the-rise-of-a-novel-loader/ #### Publication Date March 26, 2024 #### Author(s) Bernard Bautista ]]> 2024-03-27T19:14:21+00:00 https://community.riskiq.com/article/5ffaa8a4 www.secnews.physaphae.fr/article.php?IdArticle=8471583 False Patching None 3.0000000000000000 ProofPoint - Cyber Firms ProofPoint révèle la technique PIVOT par un groupe d'attaquant TA577: Cibler Windows NTLM Proofpoint Discloses Technique Pivot by Attacker Group TA577: Targeting Windows NTLM 2024-03-26T06:00:09+00:00 https://www.proofpoint.com/us/blog/identity-threat-defense/ta577-attack-ntlm-vulnerability www.secnews.physaphae.fr/article.php?IdArticle=8470829 False Malware,Threat,Patching None 3.0000000000000000 ProofPoint - Cyber Firms Proofpoint Discloses Technique Pivot by Attacker Group TA577: Targeting Windows NTLM 2024-03-26T06:00:09+00:00 https://www.proofpoint.com/us/blog/identity-threat-defense/ta577-attack-ntlm www.secnews.physaphae.fr/article.php?IdArticle=8471384 False Malware,Threat,Patching None 3.0000000000000000 Global Security Mag - Site de news francais Tanium et Orange Cyberdefense lancent l\'offre Xtended Produits]]> 2024-03-25T13:35:39+00:00 https://www.globalsecuritymag.fr/tanium-et-orange-cyberdefense-lancent-l-offre-xtended.html www.secnews.physaphae.fr/article.php?IdArticle=8470357 False Patching None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) GitHub lance l'outil AutoFix alimenté par AI pour aider les développeurs à patcher des défauts de sécurité GitHub Launches AI-Powered Autofix Tool to Assist Devs in Patching Security Flaws GitHub on Wednesday announced that it\'s making available a feature called code scanning autofix in public beta for all Advanced Security customers to provide targeted recommendations in an effort to avoid introducing new security issues. "Powered by GitHub Copilot and CodeQL, code scanning autofix covers more than 90% of alert types in JavaScript, Typescript, Java, and]]> 2024-03-21T16:00:00+00:00 https://thehackernews.com/2024/03/github-launches-ai-powered-autofix-tool.html www.secnews.physaphae.fr/article.php?IdArticle=8467865 False Tool,Patching None 2.0000000000000000 Dark Reading - Informationweek Branch Les émirats arabes unis sont des faces de cyber-risque intensifiés United Arab Emirates Faces Intensified Cyber-Risk The UAE leads the Middle East in digital-transformation efforts, but slow patching and legacy technology continue to thwart its security posture.]]> 2024-03-21T05:00:00+00:00 https://www.darkreading.com/cyber-risk/united-arab-emirates-faces-intensified-cyber-risk www.secnews.physaphae.fr/article.php?IdArticle=8467690 False Patching None 3.0000000000000000 The Register - Site journalistique Anglais Plus de 133 000 appareils Fortinet toujours vulnérables au bogue critique âgé d'un mois More than 133,000 Fortinet appliances still vulnerable to month-old critical bug A huge attack surface for a vulnerability with various PoCs available The volume of Fortinet boxes exposed to the public internet and vulnerable to a month-old critical security flaw in FortiOS is still extremely high, despite a gradual increase in patching.…]]> 2024-03-18T19:00:10+00:00 https://go.theregister.com/feed/www.theregister.com/2024/03/18/more_than_133000_fortinet_appliances/ www.secnews.physaphae.fr/article.php?IdArticle=8466218 False Vulnerability,Patching None 2.0000000000000000 Recorded Future - FLux Recorded Future Exploitation de la vulnérabilité de Jet-Brains met en évidence le débat sur \\ 'Patching silencieux \\' JetBrains vulnerability exploitation highlights debate over \\'silent patching\\'

Le géant des logiciels tchèques Jet-Brains a critiqué la société de sécurité Rapid7 cette semaine après une dispute sur deux vulnérabilités récemment découvertes .Dans un article de blog publié lundi,JetBrains a attribué le compromis de plusieurs serveurs de clients à la décision de Rapid7 \\ de divulguer des informations détaillées sur les vulnérabilités.«Après la divulgation complète, nous avons commencé à entendre des clients qui

Czech software giant JetBrains harshly criticized security company Rapid7 this week following a dispute over two recently-discovered vulnerabilities. In a blog post published Monday, JetBrains attributed the compromise of several customers\' servers to Rapid7\'s decision to release detailed information on the vulnerabilities. “After the full disclosure was made, we started hearing from some customers who]]> 2024-03-12T21:23:32+00:00 https://therecord.media/jetbrains-rapid7-silent-patching-dispute www.secnews.physaphae.fr/article.php?IdArticle=8462846 False Vulnerability,Patching None 2.0000000000000000 Mandiant - Blog Sécu de Mandiant Placer dans Dalvik: un aperçu des fichiers dex Delving into Dalvik: A Look Into DEX Files jeb décompulier qui permettent une identification et un correctif rapides du code dans les applications Android, mais nous avons constaté que la possibilité de faire de même avec la statique gratuite

During the analysis of a banking trojan sample targeting Android smartphones, Mandiant identified the repeated use of a string obfuscation mechanism throughout the application code. To fully analyze and understand the application\'s functionality, one possibility is to manually decode the strings in each obfuscated method encountered, which can be a time-consuming and repetitive process. Another possibility is to use paid tools such as JEB decompiler that allow quick identification and patching of code in Android applications, but we found that the ability to do the same with free static]]> 2024-03-06T17:30:00+00:00 https://www.mandiant.com/resources/blog/dalvik-look-into-dex-files www.secnews.physaphae.fr/article.php?IdArticle=8460144 False Tool,Patching,Mobile None 2.0000000000000000 Global Security Mag - Site de news francais Plus des deux tiers des décideurs de la sécurité informatique signalent une augmentation des budgets de la cybersécurité pour 2024 Over two-thirds of IT security decision-makers report an increase in cybersecurity budgets for 2024 rapports spéciaux

Over two-thirds of IT security decision-makers report an increase in cybersecurity budgets for 2024 Infosecurity Europe opens registration for 2024 with cyber investment a significant talking point as organisations address security spend • 69% of surveyed IT decision-makers cite that they have seen, or will see, their cybersecurity budgets increase between 10-100% in 2024. • Almost one in five (19%) of those surveyed are seeing or are expecting to see budgets increase between 30-49% over the coming year. • Whilst 15% of IT decision-makers highlight that their security budgets had decreased, or will, in 2024. • Cloud security and incident response will see the highest injection, followed by MSSP outsourcing and antivirus, education and training, managed detection and patching. - Special Reports]]> 2024-02-20T16:14:57+00:00 https://www.globalsecuritymag.fr/over-two-thirds-of-it-security-decision-makers-report-an-increase-in.html www.secnews.physaphae.fr/article.php?IdArticle=8452805 False Patching None 2.0000000000000000 Dark Reading - Informationweek Branch Ivanti obtient de mauvaises notes pour la réponse aux incidents cyber-incidents Ivanti Gets Poor Marks for Cyber Incident Response Cascading critical CVEs, cyberattacks, and delayed patching are plaguing Ivanti VPNs, and forcing cybersecurity teams to scramble for solutions. Researchers are unimpressed.]]> 2024-02-13T16:28:37+00:00 https://www.darkreading.com/cloud-security/ivanti-poor-marks-cyber-incident-response www.secnews.physaphae.fr/article.php?IdArticle=8449637 False Patching None 3.0000000000000000 Fortinet - Fabricant Materiel Securite L'importance du correctif: une analyse de l'exploitation des vulnérabilités des jours The Importance of Patching: An Analysis of the Exploitation of N-Day Vulnerabilities An analysis of the exploitation of resolved N-Day Fortinet vulnerabilities by an unknown actor.]]> 2024-02-07T17:15:00+00:00 https://www.fortinet.com/blog/psirt-blogs/importance-of-patching-an-analysis-of-the-exploitation-of-n-day-vulnerabilities www.secnews.physaphae.fr/article.php?IdArticle=8447746 False Vulnerability,Patching None 2.0000000000000000 GoogleSec - Firm Security Blog Échelle de sécurité avec l'IA: de la détection à la solution Scaling security with AI: from detection to solution Safer AI Framework (SAIF), is using AI itself to automate and streamline routine and manual security tasks, including fixing security bugs. Last year we wrote about our experiences using LLMs to expand vulnerability testing coverage, and we\'re excited to share some updates. Today, we\'re releasing our fuzzing framework as a free, open source resource that researchers and developers can use to improve fuzzing\'s bug-finding abilities. We\'ll also show you how we\'re using AI to speed up the bug patching process. By sharing these experiences, we hope to spark new ideas and drive innovation for a stronger ecosystem security.Update: AI-powered vulnerability discoveryLast August, we announced our framework to automate manual aspects of fuzz testing (“fuzzing”) that often hindered open source maintainers from fuzzing their projects effectively. We used LLMs to write project-specific code to boost fuzzing coverage and find more vulnerabilities. Our initial results on a subset of projects in our free OSS-Fuzz service]]> 2024-01-31T13:07:18+00:00 http://security.googleblog.com/2024/01/scaling-security-with-ai-from-detection.html www.secnews.physaphae.fr/article.php?IdArticle=8445278 False Vulnerability,Patching,Cloud None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Cybersécurité pour les systèmes de contrôle industriel: meilleures pratiques Cybersecurity for Industrial Control Systems: Best practices exposed to cybersecurity threats. In 2022, there was a 2,000% increase in adversarial reconnaissance targeting Modbus/TCP port 502 — a widely-used industrial protocol — allowing malicious actors to exploit vulnerabilities in operational technology systems. Fortunately, by taking steps to improve and maintain ICS cybersecurity, manufacturers can successfully reduce the attack surface of their critical infrastructure and keep threats (including phishing, denial-of-service attacks, ransomware, and malware) at bay. ICS cyberattacks on the rise ICS cyberattacks are on the rise, with almost 27% of ICS systems affected by malicious objects in the second quarter of 2023, data from Kaspersky reveals. Cyberattacks have the power to devastate ICS systems, damage equipment and infrastructure, disrupt business, and endanger health and safety. For example, the U.S. government has warned of a malware strain called Pipedream: “a modular ICS attack framework that contains several components designed to give threat actors control of such systems, and either disrupt the environment or disable safety controls”. Although Pipedream has the ability to devastate industrial systems, it fortunately hasn’t yet been used to that effect. And, last year, a notorious hacking group called Predatory Sparrow launched a cyberattack on an Iranian steel manufacturer, resulting in a serious fire. In addition to causing equipment damage, the hackers caused a malfunctioning foundry to start spewing hot molten steel and fire. This breach only highlights the importance of safety protocols in the manufacturing and heavy industry sectors. By leveraging the latest safety tech and strengthening cybersecurity, safety, security, and operational efficiency can all be improved. Segment networks By separating critical systems from the internet and other non-critical systems, network segmentation plays a key role in improving ICS cybersecurity. Network segmentation is a security practice that divides a network into smaller, distinct subnetworks based on security level, functionality, or access control, for example. As a result, you can effectively prevent attacker lateral movement within your network — this is a common way hackers disguise themselves as legitimate users and their activities as expected traffic, making it hard to spot this method. Network segmentation also lets you create tailored and unique security policies and controls for each segment based on their defined profile. Each individual segment is therefore adequately protected. And, since network segmentation also provides you with increased visibility in terms of network activity, you’re also better able to spot and respond to problems with greater speed and efficiency. When it comes to ]]> 2024-01-26T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/cybersecurity-for-industrial-control-systems-best-practices www.secnews.physaphae.fr/article.php?IdArticle=8443348 False Ransomware,Malware,Vulnerability,Threat,Patching,Industrial None 3.0000000000000000 ProofPoint - Cyber Firms Types de menaces et d'attaques d'identité que vous devez être consciente Types of Identity Threats and Attacks You Should Be Aware Of 2024-01-22T06:00:26+00:00 https://www.proofpoint.com/us/blog/identity-threat-defense/types-identity-threats-attacks www.secnews.physaphae.fr/article.php?IdArticle=8441709 False Malware,Vulnerability,Threat,Patching,Technical None 2.0000000000000000 HackRead - Chercher Cyber Les défauts critiques «Pixiefail» exposent des millions d'appareils aux cyberattaques Critical “PixieFail” Flaws Expose Millions of Devices to Cyberattacks deeba ahmed QuarksLab découvre "Pixiefail" Vulnérabilités: les défauts critiques dans le code UEFI open source nécessitent un correctif immédiat. Ceci est un article de HackRead.com Lire le post original: Critical & # 8220; Pixiefail & # 8221;Les défauts exposent des millions d'appareils aux cyberattaques

By Deeba Ahmed Quarkslab Discovers "PixieFail" Vulnerabilities: Critical Flaws in Open Source UEFI Code Require Immediate Patching. This is a post from HackRead.com Read the original post: Critical “PixieFail” Flaws Expose Millions of Devices to Cyberattacks]]> 2024-01-19T12:32:42+00:00 https://www.hackread.com/critical-pixiefail-flaws-expose-devices-cyberattack/ www.secnews.physaphae.fr/article.php?IdArticle=8440638 False Vulnerability,Patching None 3.0000000000000000 Dark Reading - Informationweek Branch Les entreprises nigérianes sont confrontées à un ransomware croissant en tant que commerce Nigerian Businesses Face Growing Ransomware-as-a-Service Trade Infosec advocacy group warns that poor patching practices and reliance on cracked software increases risk.]]> 2024-01-19T11:00:00+00:00 https://www.darkreading.com/cyberattacks-data-breaches/nigerian-businesses-face-growing-ransomware-as-a-service-trade www.secnews.physaphae.fr/article.php?IdArticle=8440601 False Patching None 3.0000000000000000 TroyHunt - Blog Security Une nouvelle attaque vole des secrets AI des GPU fabriqués par Apple, AMD et Qualcomm New attack steals AI secrets from GPUs made by Apple, AMD, and Qualcomm Patching all affected devices, which include some Macs and iPhones, may be tough.]]> 2024-01-17T18:15:00+00:00 https://arstechnica.com/?p=1996672 www.secnews.physaphae.fr/article.php?IdArticle=8439987 False Patching None 3.0000000000000000 Dark Reading - Informationweek Branch L'Afrique, le Moyen-Orient dirige les pairs en cybersécurité, mais lame à l'échelle mondiale Africa, Middle East Lead Peers in Cybersecurity, But Lag Globally Both regions score above average compared to similar sized economies, but investing in updated technologies and patching processes would help cyber resilience globally.]]> 2024-01-16T18:00:00+00:00 https://www.darkreading.com/application-security/africa-middle-east-lead-peers-cybersecurity-lag-globally www.secnews.physaphae.fr/article.php?IdArticle=8439623 False Patching None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft désactive le protocole d'installation de l'application MSIX largement utilisée dans les attaques de logiciels malveillants Microsoft Disables MSIX App Installer Protocol Widely Used in Malware Attacks Microsoft on Thursday said it\'s once again disabling the ms-appinstaller protocol handler by default following its abuse by multiple threat actors to distribute malware. “The observed threat actor activity abuses the current implementation of the ms-appinstaller protocol handler as an access vector for malware that may lead to ransomware distribution,” the Microsoft Threat Intelligence]]> 2023-12-29T10:46:00+00:00 https://thehackernews.com/2023/12/microsoft-disables-msix-app-installer.html www.secnews.physaphae.fr/article.php?IdArticle=8430625 False Ransomware,Malware,Threat,Patching None 4.0000000000000000 Recorded Future - FLux Recorded Future La surveillance insouciante des serveurs SSH Linux dessine des cryptomineurs, des bots DDOS Careless oversight of Linux SSH servers draws cryptominers, DDoS bots

Les cybercriminels ciblent les serveurs Linux SSH mal gérés pour installer des logiciels malveillants pour la cryptomiminage ou l'effort d'attaques distribuées au déni de service, ont révélé des chercheurs.Selon un rapport de AHNLAB publié cette semaine, une mauvaise gestion des mots de passe et un correctif de vulnérabilité laxiste peuvent permettre aux pirates d'exploiter les serveurs pour la cybercriminalité.Les serveurs SSH offrent un accès à distance sécurisé à un

Cybercriminals are targeting poorly managed Linux SSH servers to install malware for cryptomining or carrying out distributed denial-of-service attacks, researchers have found. According to a report by AhnLab released this week, bad password management and lax vulnerability patching can allow hackers to exploit the servers for cybercrime. SSH servers provide secure remote access to a]]> 2023-12-28T13:27:00+00:00 https://therecord.media/linux-ssh-servers-cryptomining-ddos-bots www.secnews.physaphae.fr/article.php?IdArticle=8430291 False Malware,Vulnerability,Threat,Patching None 2.0000000000000000 Dark Reading - Informationweek Branch Google libère le huitième patch zéro-jour de 2023 pour Chrome Google Releases Eighth Zero-Day Patch of 2023 for Chrome CVE-2023-7024, exploited in the wild prior to patching, is a Chrome vulnerability that allows remote code execution within the browser\'s WebRTC component.]]> 2023-12-22T18:00:00+00:00 https://www.darkreading.com/cloud-security/google-eighth-zero-day-patch-2023-chrome www.secnews.physaphae.fr/article.php?IdArticle=8427494 False Vulnerability,Threat,Patching None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Violations de données: analyse approfondie, stratégies de récupération et meilleures pratiques Data breaches: In-depth analysis, recovery strategies, and best practices insider threats contribute significantly to data breaches. Third-party incidents: Weaknesses in the security protocols of third-party vendors or service providers can expose organizations to the risk of data breaches. Learnings acquired Rapid detection and response: The criticality of swift detection and response cannot be overstated. Delayed identification prolongs the impact and complicates the recovery process. Comprehensive incident response: Organizations must establish a robust incident response plan, encompassing communication strategies, legal considerations, and meticulous technical remediation steps. Regulatory compliance: Adherence to regulatory requirements and industry standards is not only essential for legal compliance but is also a fundamental aspect of maintaining trust and credibility. Employee training: Ongoing training initiatives that elevate employees\' awareness of security threats and best practices play a pivotal role in preventing data breaches. Continuous security audits: Regular security audits and assessments serve as proactive measures, identifying vulnerabilities before they can be exploited. Best practices for recovery Detailed incident communication: Provide a comprehensive and transparent communication plan, detailing the incident\'s scope, impact, and the organization\'s proactive steps for resolution. Stakeholder engagement: Engage with stakeholders, including customers, employees, and regulatory bodies. Keep them informed about the incident\'s progress and the measures being taken for recovery. Comprehensive cyber insurance coverage: Cyber insurance can be a strategic asset, covering a range of costs related to the incident, including investigation, legal proceedings, and potential regulatory fines. Strengthen cybersecurity measures: Advanced threat detection: Implement advanced threat detection mechanisms that can identify anomalous behavior and potential threats in real-time. Encryption and access controls: Enhance data protection by implementing robust encryption protocols and access controls, limiting unauthorized access to sensitive information. Regular system updates: Maintain an agile cybersecurity posture by regularly updating and patching systems to address known vulnerabilities. Law enforcement partnership: Collaborate with law enforcement agencies and relevant authorities, leveraging their expertise to aid in the investigation and apprehension of cybercriminals. Legal counsel engagement: Engage legal counsel to navigate the legal intricacies associated with the breach, ensuring compliance with regulations and m]]> 2023-12-21T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/data-breaches-in-depth-analysis-recovery-strategies-and-best-practices www.secnews.physaphae.fr/article.php?IdArticle=8426694 False Ransomware,Data Breach,Vulnerability,Threat,Patching,Technical None 2.0000000000000000 Checkpoint - Fabricant Materiel Securite Rencontrez le nouveau CloudGuard: gestion des risques en action Meet the new CloudGuard: Risk Management in Action Une CVE critique ou une vulnérabilité et une exposition communes sont identifiées chaque jour.Les équipes de sécurité doivent planifier les mesures (stratégies d'atténuation) prises pour réduire les effets nocifs d'un CVE, afin de s'assurer que les applications qu'ils gèrent restent en sécurité alors que la disponibilité des entreprises n'est pas affectée, et les développeurs peuvent continuer avec leurs activités quotidiennes.Check Point CloudGuard transforme le flux de travail de l'équipe de sécurité en transitionnant une situation frustrante et chronophage en une liste facilement gérée et bien résolue des actifs de haute priorité basés sur le contexte de l'environnement cloud spécifique.Ensuite, les efforts de correction peuvent être exécutés progressivement, offrant à la fois des affaires plus élevées [& # 8230;]

>A critical CVE or Common Vulnerability and Exposure is identified every day. Security teams need to plan the measures (mitigation strategies) taken to reduce the harmful effects of a CVE, to ensure that the applications they are managing remain secure while business availability is not affected, and developers can continue with their day-to-day activities. Check Point CloudGuard transforms the workflow of the security team by transitioning a frustrating, time-consuming situation into an easily managed and well-triaged list of high-priority assets based on the context of the specific cloud environment. Then, patching efforts can be executed gradually, offering both higher business […] ]]> 2023-12-12T13:00:24+00:00 https://blog.checkpoint.com/securing-the-cloud/meet-the-new-cloudguard-risk-management-in-action/ www.secnews.physaphae.fr/article.php?IdArticle=8421531 False Vulnerability,Patching,Cloud None 3.0000000000000000 Dark Reading - Informationweek Branch Dangereux exploit activemq apache permet de contourner EDR furtif Dangerous Apache ActiveMQ Exploit Allows Stealthy EDR Bypass There\'s no time to waste: For organizations on the fence about patching the critical bug in ActiveMQ, the new proof-of-concept exploit should push them towards action.]]> 2023-11-16T22:45:00+00:00 https://www.darkreading.com/application-security/dangerous-apache-activemq-exploit-edr-bypass www.secnews.physaphae.fr/article.php?IdArticle=8413104 False Threat,Patching None 2.0000000000000000 Soc Radar - Blog spécialisé SOC Critique CVE-2023-34060 Vulnérabilité dans VMware Cloud Director Appliance: CISA conseille des correctifs immédiats Critical CVE-2023-34060 Vulnerability in VMware Cloud Director Appliance: CISA Advises Immediate Patching VMware recently issued an advisory (VMSA-2023-0026) regarding a critical authentication bypass vulnerability in its VMware... ]]> 2023-11-15T11:30:00+00:00 https://socradar.io/critical-cve-2023-34060-vulnerability-in-vmware-cloud-director-appliance-cisa-advises-immediate-patching/ www.secnews.physaphae.fr/article.php?IdArticle=8412318 False Vulnerability,Patching,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Alerte: \\ 'Effluence \\' Backdoor persiste malgré le patchage des serveurs de confluence atlassienne Alert: \\'Effluence\\' Backdoor Persists Despite Patching Atlassian Confluence Servers Cybersecurity researchers have discovered a stealthy backdoor named Effluence that\'s deployed following the successful exploitation of a recently disclosed security flaw in Atlassian Confluence Data Center and Server. "The malware acts as a persistent backdoor and is not remediated by applying patches to Confluence," Aon\'s Stroz Friedberg Incident Response Services said in an analysis published]]> 2023-11-10T14:28:00+00:00 https://thehackernews.com/2023/11/alert-effluence-backdoor-persists.html www.secnews.physaphae.fr/article.php?IdArticle=8408992 False Malware,Patching None 2.0000000000000000 Dark Reading - Informationweek Branch CVSS 4.0 offre beaucoup plus de contexte de correction CVSS 4.0 Offers Significantly More Patching Context The latest vulnerability severity scoring system addresses gaps in the previous version; here\'s how to get the most out of it.]]> 2023-11-07T20:40:00+00:00 https://www.darkreading.com/operations/mileage-orgs-will-get-from-cvss-4-0-will-vary www.secnews.physaphae.fr/article.php?IdArticle=8407463 False Vulnerability,Patching None 3.0000000000000000 Global Security Mag - Site de news francais LogPoint améliore la sécurité critique (BCS) Logpoint enhances Business-Critical Security (BCS) revues de produits

Logpoint enhances Business-Critical Security (BCS) solution with automation capabilities to simplify patching SAP systems • Logpoint\'s new Vulnerability Monitoring Analyzer helps organizations automate and simplify vulnerability management in SAP systems. • Organizations can get a complete overview and ease prioritization of security-critical patches. - Product Reviews]]> 2023-11-07T08:40:50+00:00 https://www.globalsecuritymag.fr/Logpoint-enhances-Business-Critical-Security-BCS.html www.secnews.physaphae.fr/article.php?IdArticle=8407119 False Vulnerability,Patching None 2.0000000000000000 Dark Reading - Informationweek Branch Exploit de bogues atlassian critique maintenant disponible;Patchage immédiat nécessaire Critical Atlassian Bug Exploit Now Available; Immediate Patching Needed In-the-wild exploit activity from dozens of cyberattacker networks is ramping up for the security vulnerability in Confluence, tracked as CVE-2023-22518.]]> 2023-11-03T21:51:00+00:00 https://www.darkreading.com/attacks-breaches/critical-atlassian-bug-exploit-immediate-patching www.secnews.physaphae.fr/article.php?IdArticle=8405538 False Vulnerability,Threat,Patching None 2.0000000000000000 Dark Reading - Informationweek Branch Microsoft fait ses débuts sur le programme BUG Bounty, offre 15 000 $ Microsoft Debuts AI Bug-Bounty Program, Offers $15K The goal of the program is to uncover critical or important vulnerabilities within the AI-powered Bing program.]]> 2023-10-13T17:20:00+00:00 https://www.darkreading.com/vulnerabilities-threats/microsoft-debuts-ai-bug-bounty-program-offers-15k www.secnews.physaphae.fr/article.php?IdArticle=8395223 False Vulnerability,Patching None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft publie des correctifs d'octobre 2023 pour 103 défauts, y compris 2 exploits actifs Microsoft Releases October 2023 Patches for 103 Flaws, Including 2 Active Exploits Microsoft has released its Patch Tuesday updates for October 2023, addressing a total of 103 flaws in its software, two of which have come under active exploitation in the wild. Of the 103 flaws, 13 are rated Critical and 90 are rated Important in severity. This is apart from 18 security vulnerabilities addressed in its Chromium-based Edge browser since the second Tuesday of September. The two]]> 2023-10-11T12:30:00+00:00 https://thehackernews.com/2023/10/microsoft-releases-october-2023-patches.html www.secnews.physaphae.fr/article.php?IdArticle=8394211 False Patching None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Apple Patches deux jours zéro exploités dans les attaques de pégase Apple Patches Two Zero-Days Exploited in Pegasus Attacks Users of iOS devices urged to enable lockdown mode]]> 2023-09-08T08:30:00+00:00 https://www.infosecurity-magazine.com/news/apple-patches-two-zerodays-pegasus/ www.secnews.physaphae.fr/article.php?IdArticle=8380360 False Patching,Mobile None 2.0000000000000000 Soc Radar - Blog spécialisé SOC Vulnérabilités critiques de contournement de l'authentique: Sonicwall demande des correctifs immédiats pour les GM / analytiques Critical Auth Bypass Vulnerabilities: SonicWall Urges Immediate Patching for GMS/Analytics SonicWall has issued an urgent security notice regarding critical vulnerabilities impacting their Global Management System... ]]> 2023-07-13T00:55:02+00:00 https://socradar.io/critical-auth-bypass-vulnerabilities-sonicwall-urges-immediate-patching-for-gms-analytics/ www.secnews.physaphae.fr/article.php?IdArticle=8355633 False Patching None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Une autre faille SQLI non authentifiée critique découverte dans le logiciel de transfert Moveit Another Critical Unauthenticated SQLi Flaw Discovered in MOVEit Transfer Software Progress Software has announced the discovery and patching of a critical SQL injection vulnerability in MOVEit Transfer, popular software used for secure file transfer. In addition, Progress Software has patched two other high-severity vulnerabilities. The identified SQL injection vulnerability, tagged as CVE-2023-36934, could potentially allow unauthenticated attackers to gain unauthorized]]> 2023-07-07T19:31:00+00:00 https://thehackernews.com/2023/07/another-critical-unauthenticated-sqli.html www.secnews.physaphae.fr/article.php?IdArticle=8353388 False Vulnerability,Patching None 3.0000000000000000 CVE Liste - Common Vulnerability Exposure CVE-2023-36469 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile and notification settings can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. This has been patched in XWiki 14.10.6 and 15.2RC1. Users are advised to update. As a workaround the main security fix can be manually applied by patching the affected document `XWiki.Notifications.Code.NotificationRSSService`. This will break the link to the differences, though as this requires additional changes to Velocity templates as shown in the patch. While the default template is available in the instance and can be easily patched, the template for mentions is contained in a `.jar`-file and thus cannot be fixed without replacing that jar.]]> 2023-06-29T21:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36469 www.secnews.physaphae.fr/article.php?IdArticle=8350814 False Patching None None Dark Reading - Informationweek Branch NSA: Black Lotus Bootkit Patching n'empêchera pas les compromis NSA: BlackLotus BootKit Patching Won\\'t Prevent Compromise It\'s unclear why the NSA issued in-depth mitigation guidance for the software boot threat now, but orgs should take steps to harden their environments.]]> 2023-06-23T20:44:00+00:00 https://www.darkreading.com/vulnerabilities-threats/nsa-blacklotus-bootkit-patchings-prevent-compromise www.secnews.physaphae.fr/article.php?IdArticle=8348650 False Threat,Patching None 2.0000000000000000 The Register - Site journalistique Anglais Pour tuer les logiciels malveillants BlackLotus, le patch est un bon début, mais ... To kill BlackLotus malware, patching is a good start, but... ...that alone \'could provide a false sense of security,\' NSA warns in this handy free guide for orgs BlackLotus, the malware capable of bypassing Secure Boot protections and compromising Windows computers, has caught the ire of the NSA, which today published a guide to help organizations detect and prevent infections of the UEFI bootkit.…]]> 2023-06-22T21:48:15+00:00 https://go.theregister.com/feed/www.theregister.com/2023/06/22/blacklotus_nsa_guide/ www.secnews.physaphae.fr/article.php?IdArticle=8348262 False Malware,Patching None 3.0000000000000000 Veracode - Application Security Research, News, and Education Blog L'art de réduire la dette de sécurité en 3 étapes clés The Art of Reducing Security Debt In 3 Key Steps Introduction In the ever-evolving landscape of digital threats and cybersecurity challenges, organizations face a significant burden known as security debt. Just like financial debt, security debt accrues when organizations compromise security measures in favor of convenience, speed, or cost-cutting measures. Over time, this accumulated debt can pose serious risks to the organization\'s data, reputation, and overall stability. However, with a strategic approach and a commitment to proactive security practices, organizations can effectively reduce their security debt. In this blog post, we will explore the art of reducing security debt in three key steps, enabling organizations to strengthen their security posture and safeguard their valuable assets. Step 1: Assess and Prioritize Security Risks The first step in reducing security debt is to conduct a thorough assessment of your organization\'s security risks. This involves identifying vulnerabilities, evaluating existing security…]]> 2023-06-20T14:45:25+00:00 https://www.veracode.com/blog/intro-appsec/art-reducing-security-debt-3-key-steps www.secnews.physaphae.fr/article.php?IdArticle=8347442 False Patching,Guideline None 2.0000000000000000 knowbe4 - cybersecurity services CyberheistNews Vol 13 # 24 [Le biais de l'esprit \\] le prétexage dépasse désormais le phishing dans les attaques d'ingénierie sociale CyberheistNews Vol 13 #24 [The Mind\\'s Bias] Pretexting Now Tops Phishing in Social Engineering Attacks

CyberheistNews Vol 13 #24 | June 13th, 2023 [The Mind\'s Bias] Pretexting Now Tops Phishing in Social Engineering Attacks The New Verizon DBIR is a treasure trove of data. As we will cover a bit below, Verizon reported that 74% of data breaches Involve the "Human Element," so people are one of the most common factors contributing to successful data breaches. Let\'s drill down a bit more in the social engineering section. They explained: "Now, who has received an email or a direct message on social media from a friend or family member who desperately needs money? Probably fewer of you. This is social engineering (pretexting specifically) and it takes more skill. "The most convincing social engineers can get into your head and convince you that someone you love is in danger. They use information they have learned about you and your loved ones to trick you into believing the message is truly from someone you know, and they use this invented scenario to play on your emotions and create a sense of urgency. The DBIR Figure 35 shows that Pretexting is now more prevalent than Phishing in Social Engineering incidents. However, when we look at confirmed breaches, Phishing is still on top." A social attack known as BEC, or business email compromise, can be quite intricate. In this type of attack, the perpetrator uses existing email communications and information to deceive the recipient into carrying out a seemingly ordinary task, like changing a vendor\'s bank account details. But what makes this attack dangerous is that the new bank account provided belongs to the attacker. As a result, any payments the recipient makes to that account will simply disappear. BEC Attacks Have Nearly Doubled It can be difficult to spot these attacks as the attackers do a lot of preparation beforehand. They may create a domain doppelganger that looks almost identical to the real one and modify the signature block to show their own number instead of the legitimate vendor. Attackers can make many subtle changes to trick their targets, especially if they are receiving many similar legitimate requests. This could be one reason why BEC attacks have nearly doubled across the DBIR entire incident dataset, as shown in Figure 36, and now make up over 50% of incidents in this category. Financially Motivated External Attackers Double Down on Social Engineering Timely detection and response is crucial when dealing with social engineering attacks, as well as most other attacks. Figure 38 shows a steady increase in the median cost of BECs since 2018, now averaging around $50,000, emphasizing the significance of quick detection. However, unlike the times we live in, this section isn\'t all doom and ]]> 2023-06-13T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-24-the-minds-bias-pretexting-now-tops-phishing-in-social-engineering-attacks www.secnews.physaphae.fr/article.php?IdArticle=8344804 False Spam,Malware,Vulnerability,Threat,Patching ChatGPT,ChatGPT,APT 43,APT 37,Uber 2.0000000000000000 CVE Liste - Common Vulnerability Exposure CVE-2023-34100 Contiki-NG is an open-source, cross-platform operating system for IoT devices. When reading the TCP MSS option value from an incoming packet, the Contiki-NG OS does not verify that certain buffer indices to read from are within the bounds of the IPv6 packet buffer, uip_buf. In particular, there is a 2-byte buffer read in the module os/net/ipv6/uip6.c. The buffer is indexed using \'UIP_IPTCPH_LEN + 2 + c\' and \'UIP_IPTCPH_LEN + 3 + c\', but the uip_buf buffer may not have enough data, resulting in a 2-byte read out of bounds. The problem has been patched in the "develop" branch of Contiki-NG, and is expected to be included in release 4.9. Users are advised to watch for the 4.9 release and to upgrade when it becomes available. There are no workarounds for this vulnerability aside from manually patching with the diff in commit `cde4e9839`.]]> 2023-06-09T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34100 www.secnews.physaphae.fr/article.php?IdArticle=8343766 False Vulnerability,Patching None None Krebs on Security - Chercheur Américain Barracuda demande de remplacer - pas de correction - ses passerelles de sécurité par e-mail Barracuda Urges Replacing - Not Patching - Its Email Security Gateways It\'s not often that a zero-day vulnerability causes a network security vendor to urge customers to physically remove and decommission an entire line of affected hardware -- as opposed to just applying software updates. But experts say that is exactly what transpired this week with Barracuda Networks, as the company struggled to combat a sprawling malware threat which appears to have undermined its email security appliances in such a fundamental way that they can no longer be safely updated with software fixes.]]> 2023-06-08T20:17:06+00:00 https://krebsonsecurity.com/2023/06/barracuda-urges-replacing-not-patching-its-email-security-gateways/ www.secnews.physaphae.fr/article.php?IdArticle=8343399 False Malware,Vulnerability,Threat,Patching None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Les pare-feu zyxel sont attaqués!Rattuage urgent requis Zyxel Firewalls Under Attack! Urgent Patching Required The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday placed two recently disclosed flaws in Zyxel firewalls to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities, tracked as CVE-2023-33009 and CVE-2023-33010, are buffer overflow vulnerabilities that could enable an unauthenticated attacker to cause a]]> 2023-06-06T09:46:00+00:00 https://thehackernews.com/2023/06/zyxel-firewalls-under-attack-urgent.html www.secnews.physaphae.fr/article.php?IdArticle=8342380 False Patching None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Trois façons dont l'agro-industrie peut protéger les actifs vitaux des cyberattaques Three ways agribusinesses can protect vital assets from cyberattacks irrigation systems and wastewater treatment plants in Israel. The attack was part of an annual "hacktivist" campaign, and it temporarily disabled automated irrigation systems on about a dozen farms in the Jordan Valley. The attack also disrupted wastewater treatment processes at the Galil Sewage Corporation. In addition, in June 2022, six grain cooperatives in the US were hit by a ransomware attack during the fall harvest, disrupting their seed and fertilizer supplies. Adding to this growing list, a leading US agriculture firm also fell victim to a cyberattack the same year, which affected operations at several of its production facilities. These incidents highlight the pressing need for improved cybersecurity in the agricultural sector and underscore the challenges and risks this sector faces compared to others. As outlined in a study, “Various technologies are integrated into one product to perform specific agricultural tasks.” An example provided is that of an irrigation system which "has smart sensors/actuators, communication protocols, software, traditional networking devices, and human interaction." The study further elaborates that these complex systems are often outsourced from diverse vendors for many kinds of environments and applications. This complexity “increases the attack surface, and cyber-criminals can exploit vulnerabilities to compromise one or other parts of the agricultural application.” However, the situation is far from hopeless. By taking decisive action, we can significantly strengthen cybersecurity in the agricultural sector. Here are three strategies that pave the way toward a more secure future for the farming industry: 1. Strengthening password practices Weak or default passwords are an easily avoidable security risk that can expose vital assets in the agricultural sector to cyber threats. Arguably, even now, people have poor habits when it comes to password security. As per the findings of a survey conducted by GoodFirms: A significant percentage of people - 62.9%, to be exact - update their passwords only when prompted. 45.7% of people admitted to using the same password across multiple platforms or applications. More than half of the people had shared their passwords with others, such as colleagues, friends, or family members, raising the risk of unauthorized access. A surprising 35.7% of respondents reported keeping a physical record of their passwords on paper, sticky notes, or in planners. These lax password practices have had tangible negative impacts, with 30% of users experiencing security breaches attributable to weak passwords. Hackers can use various methods, such as brute force attacks or phishing attacks, to guess or obtain weak passwords and access sensitive inf]]> 2023-06-05T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/how-agribusinesses-protect-vital-assets-from-cyberattacks www.secnews.physaphae.fr/article.php?IdArticle=8342199 False Ransomware,Tool,Vulnerability,Patching None 2.0000000000000000 Vuln GCP - FLux Vuln GoogleCloudPlatform GCP-2023-007 2023-06-02T20:21:30+00:00 https://cloud.google.com/support/bulletins/index#GCP-2023-001 www.secnews.physaphae.fr/article.php?IdArticle=8341646 False Vulnerability,Patching,Cloud None 3.0000000000000000 Dark Reading - Informationweek Branch Ce que les RSR d'Apple \\ révèlent sur la gestion des patchs Mac What Apple\\'s RSRs Reveal About Mac Patch Management Apple\'s Rapid Security Response updates are designed to patch critical security vulnerabilities, but how much good can they do when patching is a weeks-long process?]]> 2023-05-31T19:00:00+00:00 https://www.darkreading.com/endpoint/what-apple-rsrs-reveal-about-mac-patch-management www.secnews.physaphae.fr/article.php?IdArticle=8340985 False Patching None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Naviguer dans le monde complexe de la conformité à la cybersécurité Navigating the complex world of Cybersecurity compliance firewalls, antivirus, access management and data backup policies, etc. Cybersecurity regulations and standards Compliance requirements vary depending on the industry, the type of data being protected, and the jurisdiction in which the organization operates. There are numerous cybersecurity regulations and standards; some of the most common include the following: General Data Protection Regulation (GDPR) The GDPR is a regulation implemented by the European Union that aims to protect the privacy and personal data of EU citizens. It applies to all organizations that process the personal data of EU citizens, regardless of where the organization is based. Payment Card Industry Data Security Standard (PCI DSS) This standard is administered by the Payment Card Industry Security Standards Council (PCI SSC). It applies to any organization that accepts credit card payments. The standard sets guidelines for secure data storage and transmission, with the goal of minimizing credit card fraud and better controlling cardholders\' data. Health Insurance Portability and Accountability Act (HIPAA) HIPAA is a U.S. law that regulates the handling of protected health information (PHI). It applies to healthcare providers, insurance companies, and other organizations that handle PHI. ISO/IEC 27001 ISO/IEC 27001 is an international standard that provides a framework for information security management systems (ISMS). It outlines best practices for managing and protecting sensitive information. NIST Cybersecurity Framework The NIST Cybersecurity Framework is a set of guidelines developed by the U.S. National Institute of Standards and Technology. It provides a framework for managing cybersecurity risk and is widely used by organizations in the U.S. Importance of cybersecurity compliance Compliance with relevant cybersecurity regulations and standards is essential for several reasons. First, it helps organizations follow best practices to safeguard sensitive data. Organizations put controls, tools, and processes in place to ensure safe operations and mitigate various risks. This helps to decrease the likelihood of a successful cyber-attack. Next, failure to comply with regulations can result in fines and legal action. For example, under GDPR compliance, organizations can be fined up to ]]> 2023-05-17T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/navigating-the-complex-world-of-cybersecurity-compliance www.secnews.physaphae.fr/article.php?IdArticle=8337298 False Vulnerability,Patching None 2.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain Micro-Star International Signing Key volée Micro-Star International Signing Key Stolen Stolen Le mois dernier. Cela soulève la possibilité que la clé divulguée puisse éliminer les mises à jour qui infecteraient les régions de la plupart des Nether de l'ordinateur sans déclencher un avertissement.Pour aggraver les choses, a déclaré Matrosov, MSI n'a pas un processus de correction automatisé comme Dell, HP et de nombreux fabricants de matériel plus grands.Par conséquent, MSI ne fournit pas le même type de capacités de révocation clés. La livraison d'une charge utile signée n'est pas aussi simple que tout cela.& # 8220; obtenir le type de contrôle requis pour compromettre un système de construction de logiciels est généralement un événement non trivial qui nécessite beaucoup de compétences et peut-être de la chance. & # 8221;Mais ça est devenu beaucoup plus facile ...

Micro-Star International—aka MSI—had its UEFI signing key stolen last month. This raises the possibility that the leaked key could push out updates that would infect a computer’s most nether regions without triggering a warning. To make matters worse, Matrosov said, MSI doesn’t have an automated patching process the way Dell, HP, and many larger hardware makers do. Consequently, MSI doesn’t provide the same kind of key revocation capabilities. Delivering a signed payload isn’t as easy as all that. “Gaining the kind of control required to compromise a software build system is generally a non-trivial event that requires a great deal of skill and possibly some luck.” But it just got a whole lot easier...]]> 2023-05-15T11:18:10+00:00 https://www.schneier.com/blog/archives/2023/05/micro-star-international-signing-key-stolen.html www.secnews.physaphae.fr/article.php?IdArticle=8336585 False Patching None 3.0000000000000000 GoogleSec - Firm Security Blog Célébrer SLSA v1.0: sécuriser la chaîne d'approvisionnement des logiciels pour tout le monde Celebrating SLSA v1.0: securing the software supply chain for everyone announced the release of SLSA v1.0, a framework that helps secure the software supply chain. Ten years of using an internal version of SLSA at Google has shown that it\'s crucial to warding off tampering and keeping software secure. It\'s especially gratifying to see SLSA reaching v1.0 as an open source project-contributors have come together to produce solutions that will benefit everyone. SLSA for safer supply chains Developers and organizations that adopt SLSA will be protecting themselves against a variety of supply chain attacks, which have continued rising since Google first donated SLSA to OpenSSF in 2021. In that time, the industry has also seen a U.S. Executive Order on Cybersecurity and the associated NIST Secure Software Development Framework (SSDF) to guide national standards for software used by the U.S. government, as well as the Network and Information Security (NIS2) Directive in the European Union. SLSA offers not only an onramp to meeting these standards, but also a way to prepare for a climate of increased scrutiny on software development practices. As organizations benefit from using SLSA, it\'s also up to them to shoulder part of the burden of spreading these benefits to open source projects. Many maintainers of the critical open source projects that underpin the internet are volunteers; they cannot be expected to do all the work when so many of the rewards of adopting SLSA roll out across the supply chain to benefit everyone. Supply chain security for all That\'s why beyond contributing to SLSA, we\'ve also been laying the foundation to integrate supply chain solutions directly into the ecosystems and platforms used to create open source projects. We\'re also directly supporting open source maintainers, who often cite lack of time or resources as limiting factors when making security improvements to their projects. Our Open Source Security Upstream Team consists of developers who spend 100% of their time contributing to critical open source projects to make security improvements. For open source developers who choose to adopt SLSA on their own, we\'ve funded the Secure Open Source Rewards Program, which pays developers directly for these types of security improvements. Currently, open source developers who want to secure their builds can use the free SLSA L3 GitHub Builder, which requires only a one-time adjustment to the traditional build process implemented through GitHub actions. There\'s also the SLSA Verifier tool for software consumers. Users of npm-or Node Package Manager, the world\'s largest software repository-can take advantage of their recently released beta SLSA integration, which streamlines the process of creating and verifying SLSA provenance through the npm command line interface. We\'re also supporting the integration of Sigstore into many major]]> 2023-04-26T11:00:21+00:00 http://security.googleblog.com/2023/04/celebrating-slsa-v10-securing-software.html www.secnews.physaphae.fr/article.php?IdArticle=8331269 False Tool,Patching None 2.0000000000000000 The State of Security - Magazine Américain Équipe de recherche sur l'exposition à la vulnérabilité de Tripwire \\ (VERT): ce que vous devez savoir Tripwire\\'s Vulnerability Exposure Research Team (VERT): What you need to know Each month, at the State of Security, we publish a range of content provided by VERT. Whether it\'s a round-up of all the latest cybersecurity news, our Patch Priority Index that helps guide administrators on what they should be patching , a book review, general musings from the team, or most notability our Patch Tuesday round-up. VERT is helping organizations stay abreast of the cybersecurity environment. VERT has a long history, and has continued to provide actionable information to help keep organizations safe. Since you may not be familiar with the VERT mission, we recently spoke with Tyler...]]> 2023-04-13T03:00:46+00:00 https://www.tripwire.com/state-of-security/tripwires-vulnerability-exposure-research-team-vert-what-you-need-know www.secnews.physaphae.fr/article.php?IdArticle=8327350 False Vulnerability,Patching None 2.0000000000000000 The State of Security - Magazine Américain Vert lit tout à ce sujet - Cybersecurity News 27 mars 2023 [VERT Reads All About It - Cybersecurity News March 27, 2023] The Tripwire Vulnerability Exposure and Research Team (VERT) keeps its finger on the cybersecurity pulse. Check out some of the stories that stood out for us recently: WordPress forced the patching of WooCommerce Plugin The WooCommerce Plugin is subject to a privilege escalation vulnerability where an unauthenticated attacker could gain admin access to vulnerable stores. This vulnerability allows attackers to impersonate administrators and take over vulnerable websites. At this point, the vulnerability was not publicly exploited on the internet. Admins that host their own installation of...]]> 2023-03-27T05:38:59+00:00 https://www.tripwire.com/state-of-security/vert-reads-all-about-it-cybersecurity-news-march-27-2023 www.secnews.physaphae.fr/article.php?IdArticle=8322044 False Vulnerability,Patching None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Italian agency warns ransomware targets known VMware vulnerability issued a warning regarding a VMware vulnerability discovered two years ago. Many organizations hadn’t yet patched the issue and became the victims of a new ransomware called ZCryptor. The malicious software wreaked havoc on Italian and European businesses by encrypting users’ files and demanding payment for the data to be unencrypted. The ACN urges VMware users to ensure their systems are backed up and updated with the most recent security patches available. With ransomware on the rise, it’s crucial that businesses take the necessary steps to protect their data and applications. ESXiArgs ransomware attacks Ransomware is a type of malware or malicious software that enables unauthorized users to restrict access to an organization’s files, systems, and networks. But it doesn’t stop there. In exchange for the keys to the kingdom, attackers will typically require a large sum in the form of cryptocurrency. There are many ways that ransomware is executed on a target system. In this case, the attacker infiltrated VMware’s ESXi hypervisor code and held entire servers for ransom. According to reports most victims were required to pay almost $50,000 USD in Bitcoin to restore access to entire business systems. The nature of these attacks lead experts to believe that this is not the work of ransomware gangs, and is more likely being executed by a smaller group of threat actors. But that doesn’t mean the damage was any less alarming. Exploiting known vulnerabilities Hackers were able to infect over 2000 machines in only twenty-four hours on a Friday afternoon before the start of the weekend. But how were they able to work so fast? As soon as software developers and providers publish fixes for specific vulnerabilities, threat actors are already beginning their plan of attack. Fortunately, the ESXiArgs vulnerability was patched two years ago (CVE-2021-21974.) Organizations that have not run this patch are at risk of becoming a victim of the latest ransomware. Unfortunately, Florida’s Supreme Court, the Georgia Institute of Technology, Rice University, and many schools across Hungary and Slovakia have also become victims of this newest ransomware attack. CISA guidance for affected systems The US Cybersecurity and Infrastructure Security Agency (CISA) issued recovery guidance for the 3,800 servers around the world affected by the ESXiArgs ransomware attacks: Immediately update all servers to the latest VMware ESXi version. Disable Service Location Protocol (SLP) to harden the hypervisor. Make sure the ESXi hypervisor is never exposed to the public internet. The CISA also offers a script on its GitHub page to reconstruct virtual machine metadata from unaffected virtual disks. What organi]]> 2023-03-20T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/italian-agency-warns-ransomware-targets-known-vmware-vulnerability www.secnews.physaphae.fr/article.php?IdArticle=8319880 False Ransomware,Malware,Vulnerability,Threat,Patching,Guideline None 3.0000000000000000 CVE Liste - Common Vulnerability Exposure CVE-2023-27486 2023-03-08T19:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27486 www.secnews.physaphae.fr/article.php?IdArticle=8316784 False Patching None None Anomali - Firm Blog Transforming Threat Data into Actionable Intelligence 2023-02-09T09:45:00+00:00 https://www.anomali.com/blog/transforming-threat-datainto-actionable-intelligence www.secnews.physaphae.fr/article.php?IdArticle=8308493 False Malware,Threat,Patching,Guideline None 3.0000000000000000 The State of Security - Magazine Américain Tripwire Patch Priority Index for January 2023 2023-02-07T04:44:45+00:00 https://www.tripwire.com/state-of-security/tripwire-patch-priority-index-january-2023 www.secnews.physaphae.fr/article.php?IdArticle=8307866 True Patching None 2.0000000000000000 Dragos - CTI Society New Knowledge Pack Released (KP-2023-001) Includes characterizations for GOOSE, SNMP, and IEC 61850 traffic. Detections included for Moxa and DirectLogic. Playbooks added for Metasploit and Sliver C2. The post New Knowledge Pack Released (KP-2023-001) first appeared on Dragos.]]> 2023-02-06T21:03:19+00:00 https://www.dragos.com/blog/new-knowledge-pack-released-kp-2023-001/ www.secnews.physaphae.fr/article.php?IdArticle=8307637 True Patching None 3.0000000000000000 Dark Reading - Informationweek Branch Patching & Passwords Lead the Problem Pack for Cyber-Teams 2023-02-06T19:18:00+00:00 https://www.darkreading.com/cloud/patching-passwords-problem-pack-cyber-teams www.secnews.physaphae.fr/article.php?IdArticle=8307625 False Patching None 3.0000000000000000 CSO - CSO Daily Dashboard Why you might not be done with your January Microsoft security patches CVE-2022-41099, the BitLocker Security Feature Bypass Vulnerability. If you've already deployed the November or later security updates to your network and have done nothing else, you aren't done with the evaluation of this update.To read this article in full, please click here]]> 2023-02-01T02:00:00+00:00 https://www.csoonline.com/article/3686692/why-you-might-not-be-done-with-your-january-microsoft-security-patches.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8306143 False Patching None 3.0000000000000000 CSO - CSO Daily Dashboard Why it\'s time to review your on-premises Microsoft Exchange patch status To read this article in full, please click here]]> 2023-01-18T02:00:00+00:00 https://www.csoonline.com/article/3685671/why-its-time-to-review-your-on-premises-microsoft-exchange-patch-status.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8302193 False Tool,Vulnerability,Patching None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC IT/OT convergence and Cybersecurity best practices survey presented by Veracode in 2022, more than 75% of all software applications have security flaws that can serve as a gateway to larger environments. With the spread of industrial IT (Information Technology) / OT (Operational Technology) integration, it means that almost every infrastructure is in possible danger of cyberattacks. The two sides of the IT/OT convergence coin Industrial IT/OT convergence has been accelerated by the advantages it offers to the sector. These advantages have made production faster, cheaper, and more automated. The convergence has been advancing at such a pace that the flipside of its use has never been given serious thought until recently. With the obvious advantages, challenges have surfaced as well. The need for a comprehensive solution has already appeared in recent years, but until this day, best practices are routine. Best practices for IT/OT converged environment During the years of broad-scale IT/OT implementation, operational and cybersecurity experience has been gathered. This serves as the basis for industrial best practices and their practical implementation, which ranges from recommendations to practical steps. Regulations. Industrial regulations and legislation should set standards. Though there are some governmental initiatives – like Executive Order 14028 – for building an overall framework, the bottom-to-top need has already surfaced. CIS Controls (Critical Security Controls) Version 8 is one of those comprehensive cybersecurity bottom-to-top frameworks that are the most often referred to by legal, regulatory, and policy bodies. CIS has been developed by the global IT community to set up practical cybersecurity measures. Each version is an evolution of the previous, so it is constantly evolving as practice, and technological advancement require it. Zero Trust. In every critical infrastructure, the basic approach should be the “zero trust principle.” According to this notion, entering data, and exiting data, users, and context should be treated with the highest distrust. Risk-based approach. It is a strategy that assesses hardware and software status to prevent cybersecurity risks and mitigate possible consequences of a breach. The process has several compliance points. These include device version and patching date checkup, finding security and safety issues, and revealing the exploitation history of applied devices. The strategy is only effective if it is completed with constant threat monitoring. In this case, operators are aware of system vulnerabilities if there is no or a delayed system update. ]]> 2023-01-17T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/it-ot-convergence-and-cybersecurity-best-practices www.secnews.physaphae.fr/article.php?IdArticle=8301770 False Vulnerability,Threat,Patching,Industrial None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Patch where it Hurts: Effective Vulnerability Management in 2023 2023-01-12T15:10:00+00:00 https://thehackernews.com/2023/01/patch-where-it-hurts-effective.html www.secnews.physaphae.fr/article.php?IdArticle=8300494 False Vulnerability,Patching None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Are WE the firewall? Kick Start your Security Culture Communicate expectations Once we have buy-in, it's time to communicate. What good is a cybersecurity policy if the people expected to follow it do not understand who, what, why, and how? The idea of sticking with "the policy states" only goes so far. Policies should be developed with the audience in mind, covering: Purpose – why is the policy needed?]]> 2023-01-12T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/are-we-the-firewall www.secnews.physaphae.fr/article.php?IdArticle=8300507 False Threat,Patching,Guideline None 2.0000000000000000 SC Magazine - Magazine CISA: Immediate patching for Lorenz ransomware-exploited Exchange flaw needed 2023-01-11T23:24:46+00:00 https://www.scmagazine.com/brief/ransomware/cisa-immediate-patching-for-lorenz-ransomware-exploited-exchange-flaw-needed www.secnews.physaphae.fr/article.php?IdArticle=8300453 False Patching None 2.0000000000000000 Global Security Mag - Site de news francais Tanium comments on patching and its necessities Opinion]]> 2023-01-11T20:05:32+00:00 https://www.globalsecuritymag.fr/Tanium-comments-on-patching-and-its-necessities.html www.secnews.physaphae.fr/article.php?IdArticle=8300265 False Ransomware,Patching None 2.0000000000000000 Dark Reading - Informationweek Branch Rackspace Ransomware Incident Highlights Risks of Relying on Mitigation Alone 2023-01-09T20:33:00+00:00 https://www.darkreading.com/vulnerabilities-threats/rackspace-ransomware-incident-highlights-risks-mitigation-alone www.secnews.physaphae.fr/article.php?IdArticle=8299318 False Ransomware,Patching None 2.0000000000000000 Anomali - Firm Blog Anomali Cyber Watch: Machine Learning Toolkit Targeted by Dependency Confusion, Multiple Campaigns Hide in Google Ads, Lazarus Group Experiments with Bypassing Mark-of-the-Web Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence PyTorch Discloses Malicious Dependency Chain Compromise Over Holidays (published: January 1, 2023) Between December 25th and December 30th, 2022, users who installed PyTorch-nightly were targeted by a malicious library. The malicious torchtriton dependency on PyPI uses the dependency confusion attack by having the same name as the legitimate one on the PyTorch repository (PyPI takes precedence unless excluded). The actor behind the malicious library claims that it was part of ethical research and that he alerted some affected companies via HackerOne programs (Facebook was allegedly alerted). At the same time the library’s features are more aligned with being a malware than a research project. The code is obfuscated, it employs anti-VM techniques and doesn’t stop at fingerprinting. It exfiltrates passwords, certain files, and the history of Terminal commands. Stolen data is sent to the C2 domain via encrypted DNS queries using the wheezy[.]io DNS server. Analyst Comment: The presence of the malicious torchtriton binary can be detected, and it should be uninstalled. PyTorch team has renamed the 'torchtriton' library to 'pytorch-triton' and reserved the name on PyPI to prevent similar attacks. Opensource repositories and apps are a valuable asset for many organizations but adoption of these must be security risk assessed, appropriately mitigated and then monitored to ensure ongoing integrity. MITRE ATT&CK: [MITRE ATT&CK] T1195.001 - Supply Chain Compromise: Compromise Software Dependencies And Development Tools | [MITRE ATT&CK] T1027 - Obfuscated Files Or Information | [MITRE ATT&CK] Picus: The System Information Discovery Technique Explained - MITRE ATT&CK T1082 | [MITRE ATT&CK] T1003.008 - OS Credential Dumping: /Etc/Passwd And /Etc/Shadow | [MITRE ATT&CK] T1041 - Exfiltration Over C2 Channel Tags: Dependency confusion, Dependency chain compromise, PyPI, PyTorch, torchtriton, Facebook, Meta AI, Exfiltration over DNS, Linux Linux Backdoor Malware Infects WordPress-Based Websites (published: December 30, 2022) Doctor Web researchers have discovered a new Linux backdoor that attacks websites based on the WordPress content management system. The latest version of the backdoor exploits 30 vulnerabilities in outdated versions of WordPress add-ons (plugins and themes). The exploited website pages are injected with a malicious JavaScript that intercepts all users clicks on the infected page to cause a malicious redirect. Analyst Comment: Owners of WordPress-based websites should keep all the components of the platform up-to-date, including third-party add-ons and themes. Use ]]> 2023-01-04T16:30:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-machine-learning-toolkit-targeted-by-dependency-confusion-multiple-campaigns-hide-in-google-ads-lazarus-group-experiments-with-bypassing-mark-of-the-web www.secnews.physaphae.fr/article.php?IdArticle=8297872 False Malware,Tool,Vulnerability,Threat,Patching,Medical APT 38,LastPass 2.0000000000000000 Anomali - Firm Blog Anomali Cyber Watch: APT5 Exploited Citrix Zero-Days, Azov Data Wiper Features Advanced Anti-Analysis Techniques, Inception APT Targets Russia-Controlled Territories, and More Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence APT5: Citrix ADC Threat Hunting Guidance (published: December 13, 2022) On December 13, 2022, the US National Security Agency published a report on the ongoing exploitation of Citrix products. Citrix confirmed that this critical remote code execution vulnerability (CVE-2022-27518, CTX474995) affects Citrix Application Delivery Controller™ (Citrix ADC) and Citrix Gateway versions: 12.1 and 13.0 before 13.0-58.32. Active exploitation of the CVE-2022-27518 zero-day was attributed to China-sponsored APT5 (Keyhole Panda, Manganese, UNC2630) and its custom Tricklancer malware. Analyst Comment: All customers using the affected builds are urged to install the current build or upgrade to the newest version (13.1 or newer) immediately. Anomali Platform has YARA signatures for the Tricklancer malware, network defenders are encouraged to follow additional NSA hunting suggestions (LINK). Check md5 hashes for key executables of the Citrix ADC appliance. Analyze your off-device logs: look for gaps and mismatches in logs, unauthorized modification of user permissions, unauthorized modifications to the crontab, and other known signs of APT5’s activities. MITRE ATT&CK: [MITRE ATT&CK] Exploit Public-Facing Application - T1190 Tags: actor:APT5, actor:UNC2630, actor:Manganese, actor:Keyhole Panda, CVE-2022-27518, CTX474995, Citrix ADC, Citrix Gateway, Zero-day, China, source-country:CN Linux Cryptocurrency Mining Attacks Enhanced via CHAOS RAT (published: December 12, 2022) In November 2022, a new cryptojacking campaign was detected by Trend Micro researchers. Unlike previously-recorded campaigns that aim at installing a cryptomining software, this one is utilizing a remote access trojan (RAT): a Linux-targeting version of the open-source Chaos RAT. This Go-based RAT is multi-functional and has the ability to download additional files, run a reverse shell, and take screenshots. Analyst Comment: Implement timely patching and updating to your systems. Monitor for a sudden increase in resource utilization, track open ports, and check the usage of and changes made to DNS routing. MITRE ATT&CK: [MITRE ATT&CK] External Remote Services - T1133 | [MITRE ATT&CK] Network Service Scanning - T1046 | [MITRE ATT&CK] Command and Scripting Interpreter - T1059 | [MITRE ATT&CK] Scheduled Task - T1053 | [MITRE ATT&CK] Screen Capture - T1113 | [MITRE ATT&CK] Remote Access Tools - T12]]> 2022-12-20T20:46:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-apt5-exploited-citrix-zero-days-azov-data-wiper-features-advanced-anti-analysis-techniques-inception-apt-targets-russia-controlled-territories-and-more www.secnews.physaphae.fr/article.php?IdArticle=8295338 False Malware,Tool,Vulnerability,Threat,Patching,Prediction APT 5 3.0000000000000000 CSO - CSO Daily Dashboard BrandPost: Why a Culture of Awareness and Accountability Is Essential to Cybersecurity To read this article in full, please click here]]> 2022-12-19T14:51:00+00:00 https://www.csoonline.com/article/3683789/why-a-culture-of-awareness-and-accountability-is-essential-to-cybersecurity.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8292910 False Patching None 2.0000000000000000 Global Security Mag - Site de news francais Action1 Launches Continuous Patch Compliance with Automated Remediation of Security Vulnerabilities Product Reviews]]> 2022-12-15T14:06:47+00:00 https://www.globalsecuritymag.fr/Action1-Launches-Continuous-Patch-Compliance-with-Automated-Remediation-of.html www.secnews.physaphae.fr/article.php?IdArticle=8291582 False Patching None 2.0000000000000000 CrowdStrike - CTI Society CrowdStrike Services Helps Organizations Prioritize Patching Vulnerabilities with CrowdStrike Falcon Spotlight 2022-12-13T22:29:24+00:00 http://provinggrounds.cs.sys/blog/how-to-leverage-crowdstrike-falcon-spotlight-to-prioritize-vulnerabilities/ www.secnews.physaphae.fr/article.php?IdArticle=8291608 False Patching None 2.0000000000000000 CSO - CSO Daily Dashboard Microsoft\'s rough 2022 security year in review CVE-2022-21846). It raises the question for anyone still with an on-premises Exchange Server: Do you have the expertise to keep it safe especially if you are targeted? Exchange 2019 is the only version under mainstream support at this time. If you are still running Exchange Server 2013, it reaches end of support on April 11, 2023. Your window of opportunity to make an easy transition is closing. Migrate to Exchange online or on-premises Exchange 2019 or consider a different email platform completely.To read this article in full, please click here]]> 2022-12-08T02:00:00+00:00 https://www.csoonline.com/article/3682082/microsofts-rough-2022-security-year-in-review.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8289025 False Vulnerability,Patching None 5.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Cyberattacks could worsen the global energy crisis managing the demands and keeping energy reserves. The EU (European Union) also accelerated the work to improve critical infrastructure defence and resilience. This energy crisis is the outcome of Russia’s war in Ukraine (attacks on pipelines to disrupt the supply chain) and strict Russian policies towards European countries. Cyberattacks on the energy sector In addition to the physical challenges, the growing cyberattacks on the energy sector could worsen the energy crisis. According to Energy Security Sentinel, thirteen cyberattacks targeted energy infrastructure this year, making it the highest number of annual attacks over the last six years. Oil and electricity were the most vulnerable infrastructure, followed by gas and shipping. The cyberattacks don’t only target critical European infrastructure. In 2021, the Colonial Pipeline in the United States was affected by the ransomware attack, which caused authorities to declare a regional emergency in 17 states and Washington, D.C. The same year, Saudi Aramco – Saudi Arabia’s state oil giant, came under cyberattack. In that case, the hackers asked for $50m extortion money. Why is the energy sector is a target for cyberattacks? The energy sector is a lucrative target for financially motivated cybercriminals; they know the companies tend to be financially sound and can pay the heavy ransom to keep their operations running. The economic activities of a country also rely on the energy sector; thus, a disruption can cause substantial damage. For example, a six-hour winter black-out in France could result in damages totalling over €1.5 billion ($.1.7 billion). It motivates state-sponsored hackers to target the opponent’s critical infrastructure to achieve political outcomes. Despite the critical nature of the industry, the energy infrastructure is particularly vulnerable for three primary reasons: Large attack surface Lack of skilled professionals Digitalization and integration Large attack surface Attack surface refers to all the possible entry points into any system. The energy sector has a broad attack surface. Their attack surface includes distribution networks, supply chains, partners, powerlines, smart meters and so on. Generally, organizations don’t have the capability to monitor or tag their assets, which increases the risk and can leave unprotected doors of entry. Lack of skilled professionals People working in critical infrastructure are typically not equipped with the skills required to protect the infrastructure from cyberattacks. Even organizations investing in security products and solutions face the human resource problem, which makes them vulnerable. Interestingly, the public and private sectors are joining forces to overcome the skilled profe]]> 2022-12-07T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/cyberattacks-could-worsen-the-global-energy-crisis www.secnews.physaphae.fr/article.php?IdArticle=8288625 False Patching,Guideline None 4.0000000000000000 Ars Technica - Risk Assessment Security Hacktivism Google says Google should do a better job of patching Android phones 2022-11-28T18:23:25+00:00 https://arstechnica.com/?p=1900202 www.secnews.physaphae.fr/article.php?IdArticle=8273603 False Patching None 3.0000000000000000 CSO - CSO Daily Dashboard How to reset a Kerberos password and get ahead of coming updates regular reset of the KRBTGT account password. If you've followed my advice, you are already one step ahead of the side effects caused by the November updates that introduced Kerberos changes.While many of you may be waiting to install the “fixed” versions of the updates that deal with the introduced authentication issues, or you may wish to install the out-of-band updates that will fix the side effects, there are more steps to do this patching month and in the months ahead.To read this article in full, please click here]]> 2022-11-23T02:00:00+00:00 https://www.csoonline.com/article/3680512/how-to-reset-a-kerberos-password-and-get-ahead-of-coming-updates.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8177699 False Patching None 4.0000000000000000 Fortinet ThreatSignal - Harware Vendor Joint CyberSecurity Advisory on a U.S. Federal Agency Breached by Iranian Threat Actors 2022-11-21T22:06:09+00:00 https://fortiguard.fortinet.com/threat-signal-report/4887 www.secnews.physaphae.fr/article.php?IdArticle=8156662 False Tool,Vulnerability,Threat,Patching None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Stories from the SOC: Fortinet authentication bypass observed in the wild AT&T Managed Extended Detection and Response (MXDR) customer was involved in a true positive compromise that was discovered through a threat hunt initiated off an Intrusion Protection System (IPS) alert from Fortinet. With coordination between customer and MXDR and the customer’s network and security teams, the threat was remediated and contained, and the vulnerable devices were patched. Investigation The initial investigation began during a tactical check-in with the customer, who mentioned an investigation regarding an IPS detection for two IP addresses that were attempting the authentication bypass exploit. Fortinet problem found

If we pivot to the event, we can see Fortinet created detections for potentially unauthorized API requests to the cmdb filepath. investigating event

Through Fortinet’s advisory on the vulnerability, we learned that potential malicious activity would originate from a user Local_Process_Access and would utilize the Node.js or Report Runner interface. Reports indicate that some of the handlers for API connections check certain conditions, including IP address being a loopback address and User-Agent being either Report Runner or Node.js. Off that information, we’re able to turn our attention to potential true positives that weren’t picked up by the IPS. Doing a quick filter on the Local_Process_Access user produced some interesting events: Fortinet 3

This doesn’t look good. The first event we can see the attacker manage to successfully download the Local Certificate:

This allows the attacker to see certificate information such as email address for the certificate owner, IP address of the Fortigate, company name, location where the Fortigate was installed, and other sensitive details. These local certificates a generated and provided to the Certificate Authority (CA) for environment trust. Shortly after, the attacker managed to download the system config of the Fortigate:

Finally, a few hours later they managed to upload a script and run it to create a super_admin user: super user

This is where the observable activity ended from the Local_Process_User and newly created admin account. Remediation began at this point. Response After discovery of the administrator account, a network administrator was urgently contacted and was able to remove the account. During the remediation process, the network administrator observed that the management port’s external interface had HTTPS open, which is likely how the attacker gained the initial foothold. It’s believed the super_admin account that was c]]> 2022-11-14T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/stories-from-the-soc-fortinet-authentication-bypass-observed-in-the-wild www.secnews.physaphae.fr/article.php?IdArticle=8007249 False Vulnerability,Threat,Patching None None CSO - CSO Daily Dashboard Why it\'s time to review your Microsoft patch management options aware of the issue but has not given any estimated time for a fix. WSUS has not been updated in years. If you are considering using WSUS as your go-to patching platform, budget for a subscription to WSUS Automated Maintenance, which includes scripts and routines to optimize WSUS.To read this article in full, please click here]]> 2022-11-09T02:00:00+00:00 https://www.csoonline.com/article/3679248/why-its-time-to-review-your-microsoft-patch-management-options.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7902718 False Patching None None AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC AT&T Cybersecurity Insights Report: Focus Energy and Utilities AT&T Cybersecurity Insights Report: Focus on Energy and Utilities shows that technologists in these organizations are called upon by the business to roll out edge use cases such as remote-control operations, self-healing assets, and intelligent grid management. At the same time, they must ensure these deployments are done with cybersecurity as a central component, as the impact of attacks against this vertical's edge-connected assets could have drastic consequences for companies tasked with delivering the most vital resources for modern living. Rapid rate of energy and utility innovation One of the key areas examined by the AT&T Cybersecurity Insights Report is the rate of adoption of edge computing, the use cases in play, and their stage of maturity. This was tracked across six major sectors. This latest industry report dives into the trends for companies that provide services and resources such as electricity, oil and gas, water, and sewer. The study shows that some 77% of energy and utilities respondents worldwide are planning to implement, have partially implemented, or have fully implemented an edge use case. The study dug into nine industry-specific use cases and examined their stage of adoption across the energy and utilities sector. Combining the mid-stage and mature stage adoption rates reveals that the use of edge computing in infrastructure leak detection has the highest combined adoption maturity (82%) among survey respondents. Some examples of how this looks in action includes using sensors to gauge the flow of water in a municipal water system and using the low latency of edge connections to monitor that data in real time for drops or spikes in pressure that could indicate the need for preventive maintenance or immediate servicing of equipment. This is of course a single example in a broad range of use cases currently under exploration in this sector. Edge computing has opened up tremendous opportunities for energy and utilities companies to solve tough problems across the entire value chain, including the safe acquisition of energy supplies on the front end of the supply chain, the proper monitoring of consumption of energy and resources on the back end, and the efficient use of facilities and equipment to run the functions between the two phases. Some additional examples most commonly cited were: Remote control operations Geographic infrastructure exploration, discovery, and management Connected field services Intelligent grid management Interestingly, in spite of many energy companies engaged in proof-of-concept and insulated projects, overall the sector's rate of mature adoption was the least prevalent compared to all other sectors, sitting at about 40%. Survey analysis indicates this isn't from a lack of interest, but instead a product of the justifiably cautious nature of this industry, which keeps safety and availability top of mind. The fact that this market segment had the highest level of adoption in mid-stage compared to other industries offers a clue that these companies are all-in on edge deployments but taking their time considering and account]]> 2022-11-02T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/att-cybersecurity-insights-report-focus-energy-and-utilities www.secnews.physaphae.fr/article.php?IdArticle=7779568 False Ransomware,Vulnerability,Threat,Patching,Guideline None None InfoSecurity Mag - InfoSecurity Magazine OpenSSL Security Advisory Downgraded to High Severity 2022-11-02T09:30:00+00:00 https://www.infosecurity-magazine.com/news/openssl-security-advisory/ www.secnews.physaphae.fr/article.php?IdArticle=7779488 False Patching None None ZD Net - Magazine Info OpenSSL dodges a security bullet 2022-11-01T21:21:06+00:00 https://www.zdnet.com/article/openssl-dodges-a-security-bullet/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=7769718 False Vulnerability,Patching None None Schneier on Security - Chercheur Cryptologue Américain Apple Only Commits to Patching Latest OS Version only commits to fully patching the latest version of its OS, even though it claims to support older versions. From ArsTechnica: In other words, while Apple will provide security-related updates for older versions of its operating systems, only the most recent upgrades will receive updates for every security problem Apple knows about. Apple currently provides security updates to macOS 11 Big Sur and macOS 12 Monterey alongside the newly released macOS Ventura, and in the past, it has released security updates for older iOS versions for devices that can’t install the latest upgrades...]]> 2022-10-31T11:29:11+00:00 https://www.schneier.com/blog/archives/2022/10/apple-only-commits-to-patching-latest-os-version.html www.secnews.physaphae.fr/article.php?IdArticle=7753859 False Patching None None Checkpoint - Fabricant Materiel Securite OpenSSL Gives Heads Up to Critical Vulnerability Disclosure, Check Point Alerts Organizations to Prepare Now 30/10/2022 Highlights: The OpenSSL project, the very basic element of the secured internet we all know, announced patching a critical severity security vulnerability While details are yet to be shared, organizations are called to remain alerted and prepare to patch and update systems this coming Tuesday, November 1st Because OpenSSL is so widely used, The… ]]> 2022-10-30T11:10:13+00:00 https://blog.checkpoint.com/2022/10/30/openssl-gives-heads-up-to-critical-vulnerability-disclosure-check-point-alerts-organizations-to-prepare-now/ www.secnews.physaphae.fr/article.php?IdArticle=7736753 False Vulnerability,Patching None None SANS Institute - SANS est un acteur de defense et formation Upcoming Critical OpenSSL Vulnerability: What will be Affected?, (Thu, Oct 27th) 2022-10-27T14:06:50+00:00 https://isc.sans.edu/diary/rss/29192 www.secnews.physaphae.fr/article.php?IdArticle=7704327 False Vulnerability,Patching None None AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC 11 Cybersecurity investments you can make right now new compliance requirement in many industries, including healthcare, finance, and retail. In the event of a data breach, companies are often required to notify their customers and partners, which can be costly. Cyber insurance can help cover these expenses. Employee training Employees are often the weakest link in a company's cybersecurity defenses. They may not be aware of the latest cyber threats or how to protect themselves from them. That's why it's important to provide employees with regular training on cybersecurity risks and best practices. There are many different types of employee training programs available, ranging from in-person seminars to online courses. Some companies even offer financial incentives for employees who complete training programs. In the remote work era, employee education also increasingly means arming remote workers with knowledge that will keep company data safe while they are working on networks that might not be well secured. This is especially the case if you know people are connecting via public networks at cafes, co-working spaces, and airports. Endpoint security Endpoints are the devices that connect to a network, such as laptops, smartphones, and tablets. They are also a common entry point for cyber-attacks. That's why it's important to invest in endpoint security, which includes solutions such as antivirus software, firewalls, and encryption. You can invest in endpoint security by purchasing it from a vendor or by implementing it yourself. There are also many free and open-source solutions available. Make sure you test any endpoint security solution before deploying it in your environment. Identity and access management Identity and access management (IAM) is a process for managing user identities and permissions. It can be used to control who has access to what data and resources, and how they can use them. IAM solutions often include features such as Single Sign-On (SSO), which allows users to access multiple applications with one set of credentials, and two-factor authentication (2FA), which adds an extra layer of security. IAM solutions can be deployed on-premises or in the cloud. They can also be integrated with other security solutions, such as firewalls and intrusion detection systems. Intrusion detection and prevention Intrusion detection and prevention systems (IDPS) are designed to detect and prevent cyber-attacks. They work by monitoring network traffic for suspicious activity and blocking or flagging it as needed. IDPS solutions can be deployed on-premises or in the cloud. There are many different types of IDPS solutions available, ranging from simple network-based solutions to more sophisticated host-based ones. Make sure you choose a solution that is right for your environment and needs. Security information and event management Security information and event management (SIEM) solutions are designed to collect and analyze data from a variety of security ]]> 2022-10-27T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/11-cybersecurity-investments-you-can-make-right-now www.secnews.physaphae.fr/article.php?IdArticle=7700503 False Data Breach,Spam,Malware,Vulnerability,Patching None None Malwarebytes Labs - MalwarebytesLabs Third-party application patching: Everything you need to know for your business Categories: BusinessIn this post, we cover the importance of third-party application patching and the challenges it can solve for your organization. (Read more...) ]]> 2022-10-20T16:00:00+00:00 https://www.malwarebytes.com/blog/business/2022/10/third-party-application-patching-everything-you-need-to-know-for-your-business www.secnews.physaphae.fr/article.php?IdArticle=7593763 False Patching None None CrowdStrike - CTI Society October 2022 Patch Tuesday: 13 Critical CVEs, One Actively Exploited Bug, ProxyNotShell Still Unpatched 2022-10-13T20:48:10+00:00 https://www.crowdstrike.com/blog/patch-tuesday-analysis-october-2022/ www.secnews.physaphae.fr/article.php?IdArticle=7673577 False Patching None None Global Security Mag - Site de news francais Canonical lance Ubuntu Pro pour accroître la protection et la sécurité de l\'Open Source Produits]]> 2022-10-06T08:11:34+00:00 http://www.globalsecuritymag.fr/Canonical-lance-Ubuntu-Pro-pour,20221006,130830.html www.secnews.physaphae.fr/article.php?IdArticle=7316899 False Patching None None Dark Reading - Informationweek Branch Aunalytics Launches Security Patching Platform as a Service 2022-09-29T23:56:38+00:00 https://www.darkreading.com/vulnerabilities-threats/aunalytics-launches-security-patching-platform-as-a-service www.secnews.physaphae.fr/article.php?IdArticle=7211273 False Patching None None Fortinet ThreatSignal - Harware Vendor Joint CyberSecurity Alert (AA22-264A) Iranian Threat Actors Targeting Albania 2022-09-22T14:21:04+00:00 https://fortiguard.fortinet.com/threat-signal-report/4767 www.secnews.physaphae.fr/article.php?IdArticle=7068471 False Ransomware,Vulnerability,Threat,Patching None None Dark Reading - Informationweek Branch Popular IoT Cameras Need Patching to Fend Off Catastrophic Attacks 2022-09-15T19:00:00+00:00 https://www.darkreading.com/attacks-breaches/popular-iot-cameras-patching-catastrophic-attacks www.secnews.physaphae.fr/article.php?IdArticle=6914239 False Patching None None