This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-10T02:08:00+00:00 www.secnews.physaphae.fr Global Security Mag - Site de news francais rapports spéciaux

---

Latest VIPRE Security Group Email Threat Trends Research Exposes Global Phishing and Malware Threat Landscape The US, UK, Ireland, and Japan emerge as the main source of spam; manufacturing, government, and IT sectors are most victimised; Pikabot top malware family - Special Reports]]> 2024-05-09T07:50:58+00:00 https://www.globalsecuritymag.fr/latest-vipre-security-group-email-threat-trends-research-exposes-global.html www.secnews.physaphae.fr/article.php?IdArticle=8496459 False Spam,Malware,Threat None None McAfee Labs - Editeur Logiciel Rédigé par Yashvi Shah et Preksha Saxena Asyncrat, également connu comme & # 8220; Trojan à accès à distance asynchrone, & # 8221;représente un malware très sophistiqué ...

---

> Authored by Yashvi Shah and Preksha Saxena AsyncRAT, also known as “Asynchronous Remote Access Trojan,” represents a highly sophisticated malware... ]]> 2024-05-08T18:14:14+00:00 https://www.mcafee.com/blogs/other-blogs/mcafee-labs/from-spam-to-asyncrat-tracking-the-surge-in-non-pe-cyber-threats/ www.secnews.physaphae.fr/article.php?IdArticle=8496073 False Spam,Malware None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot JFrog Security Research has discovered three large-scale malware campaigns that targeted Docker Hub, planting millions of "imageless" repositories with malicious metadata. ## Description Docker Hub is a platform that delivers many functionalities to developers, presenting numerous opportunities for development, collaboration, and distribution of Docker images. Currently, it is the number one container platform of choice for developers worldwide. Yet, a significant concern arises when considering the content of these public repositories. The research reveals that nearly 20% of these public repositories actually hosted malicious content.  These repositories do not contain container images but instead contain metadata that is malicious. The content ranged from simple spam that promotes pirated content, to extremely malicious entities such as malware and phishing sites, uploaded by automatically generated accounts. Prior to this publication, the JFrog research team disclosed all findings to the Docker security team, including 3.2M repositories that were suspected as hosting malicious or unwanted content. The Docker security team quickly removed all of the malicious and unwanted repositories from Docker Hub ## Recommendations JFrog Security Research reccommends Users should prefer using Docker images that are marked in Docker Hub as “Trusted Content”. ## References ["JFrog Security Research Discovers Coordinated Attacks on Docker Hub that Planted Millions of Malicious Repositories"](https://jfrog.com/blog/attacks-on-docker-with-millions-of-malicious-repositories-spread-malware-and-phishing-scams/#new_tab) JFrog. (Accessed 2024-05-07)]]> 2024-05-07T20:14:06+00:00 https://community.riskiq.com/article/64465418 www.secnews.physaphae.fr/article.php?IdArticle=8495482 False Spam,Malware None 3.0000000000000000 SlashNext - Cyber Firm Slashnext a présenté un service révolutionnaire, Slashnext Gen Ai pour Spam et Graymail, cette semaine.Ce service est le premier du genre à utiliser un modèle de grande langue (LLM) génératif pour la détection et le filtrage du spam et de Graymail.Il offre une précision et une précision inégalées avec des taux de faux positifs presque nuls, ce qui améliore considérablement la productivité des utilisateurs et [& # 8230;] Le post slashnext présente la génération AI pour le spam et Graymail slashnext .

---

>SlashNext introduced a groundbreaking service, SlashNext Gen AI for Spam and Graymail, this week. This service is the first of its kind to use a generative AI large language model (LLM) for detecting and filtering spam and graymail. It delivers unparalleled accuracy and precision with near-zero false positive rates, which significantly enhances user productivity and […] The post SlashNext Introduces Gen AI for Spam and Graymail first appeared on SlashNext.]]> 2024-05-02T23:22:03+00:00 https://slashnext.com/blog/slashnext-introduces-gen-ai-for-spam-and-graymail/ www.secnews.physaphae.fr/article.php?IdArticle=8493044 False Spam None 2.0000000000000000 Global Security Mag - Site de news francais revues de produits

---

SlashNext Sets New Email Security Standards with GenAI Spam and Graymail Detection New advanced Spam and Graymail Service provides significant reduction in unwanted emails while dramatically improving user productivity - Product Reviews]]> 2024-05-01T14:53:57+00:00 https://www.globalsecuritymag.fr/slashnex-launches-slashnext-genai-for-spam-and-graymai.html www.secnews.physaphae.fr/article.php?IdArticle=8491871 False Spam None 1.00000000000000000000 InfoSecurity Mag - InfoSecurity Magazine According to JFrog, approximately 25% of all repositories lack useful functionality and serve as vehicles for spam and malware]]> 2024-04-30T13:30:00+00:00 https://www.infosecurity-magazine.com/news/malicious-containers-found-docker/ www.secnews.physaphae.fr/article.php?IdArticle=8491277 False Spam,Malware None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-04-26T19:12:08+00:00 https://community.riskiq.com/article/2641df15 www.secnews.physaphae.fr/article.php?IdArticle=8489234 False Ransomware,Spam,Malware,Tool,Threat,Industrial,Cloud None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-04-15T15:15:00+00:00 https://community.riskiq.com/article/c2035b32 www.secnews.physaphae.fr/article.php?IdArticle=8482834 False Ransomware,Spam,Malware,Tool,Threat,Prediction None 2.0000000000000000 HackRead - Chercher Cyber Par waqas Ici \\ est une liste mise à jour de cinq plugins CAPTCHA efficaces pour WordPress qui peuvent aider à améliorer la sécurité de votre site Web en empêchant les activités de spam et de bot: Ceci est un article de HackRead.com Lire le message original: 5 meilleurs plugins captcha pour les sites Web WordPress

---

>By Waqas Here\'s an updated list of five effective CAPTCHA plugins for WordPress that can help enhance the security of your website by preventing spam and bot activities: This is a post from HackRead.com Read the original post: 5 Best CAPTCHA Plugins for WordPress Websites]]> 2024-04-12T13:09:21+00:00 https://www.hackread.com/5-best-captcha-plugins-for-wordpress-websites/ www.secnews.physaphae.fr/article.php?IdArticle=8480748 False Spam None 2.0000000000000000 ProofPoint - Cyber Firms 2024-04-12T06:00:03+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/defeating-malicious-application-creation-attacks www.secnews.physaphae.fr/article.php?IdArticle=8480713 False Spam,Malware,Tool,Threat,Cloud APT 29 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-04-08T15:09:15+00:00 https://community.riskiq.com/article/974639f2 www.secnews.physaphae.fr/article.php?IdArticle=8478203 False Ransomware,Spam,Malware,Tool,Threat,Cloud APT 41 3.0000000000000000 Krebs on Security - Chercheur Américain Roughly nine years ago, KrebsOnSecurity profiled a Pakistan-based cybercrime group called "The Manipulaters," a sprawling web hosting network of phishing and spam delivery platforms. In January 2024, The Manipulaters pleaded with this author to unpublish previous stories about their work, claiming the group had turned over a new leaf and gone legitimate. But new research suggests that while they have improved the quality of their products and services, these nitwits still fail spectacularly at hiding their illegal activities.]]> 2024-04-03T13:16:25+00:00 https://krebsonsecurity.com/2024/04/the-manipulaters-improve-phishing-still-fail-at-opsec/ www.secnews.physaphae.fr/article.php?IdArticle=8475228 False Spam None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Description ESET research shares insights into AceCryptor, one of the most popular and prevalent cryptors-as-a-service (CaaS) in the second half of 2023, with a focus on Rescoms campaigns in European countries. Even though well known by security products, AceCryptor\'s prevalence is not showing indications of decline: on the contrary, the number of attacks significantly increased due to the Rescoms campaigns. The threat actor behind those campaigns in some cases abused compromised accounts to send spam emails in order to make them look as credible as possible. The goal of the spam campaigns was to obtain credentials stored in browsers or email clients, which in case of a successful compromise would open possibilities for further attacks. #### Reference URL(s) 1. https://www.welivesecurity.com/en/eset-research/rescoms-rides-waves-acecryptor-spam/ #### Publication Date March 20, 2024 #### Author(s) Jakub Kaloč ]]> 2024-04-01T20:02:08+00:00 https://community.riskiq.com/article/e3595388 www.secnews.physaphae.fr/article.php?IdArticle=8474239 False Spam,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-04-01T13:51:22+00:00 https://community.riskiq.com/article/0bb98406 www.secnews.physaphae.fr/article.php?IdArticle=8474062 False Ransomware,Spam,Malware,Tool,Vulnerability,Threat,Mobile,Cloud None 2.0000000000000000 Dark Reading - Informationweek Branch A majority of enterprises that employ cloud-based email spam filtering services are potentially at risk, thanks to a rampant tendency to misconfigure them.]]> 2024-03-29T18:56:16+00:00 https://www.darkreading.com/cloud-security/cloud-email-filtering-bypass-attack www.secnews.physaphae.fr/article.php?IdArticle=8472732 False Spam,Cloud None 4.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-03-25T13:28:48+00:00 https://community.riskiq.com/article/95f9e604 www.secnews.physaphae.fr/article.php?IdArticle=8470186 False Ransomware,Spam,Malware,Tool,Vulnerability,Threat None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC up for grabs by the other side, and can (and will) arm them to launch attacks of unprecedented sophistication and elusiveness, the likes of which we’ve thankfully never seen up to now. How do we wield this impressive technology to fortify our defenses, while preventing it from falling into the wrong hands? Can such a thing even be accomplished? Join me below as we take a closer look at how AI’s rapid rise is changing the landscape of cybersecurity. AI as a Defense Tool AI is a reliable navigator for charting the digital deluge—it has the ability to handle vast quantities of information rapidly on a level that no human could ever hope to match. It doesn’t take a huge leap to come to the conclusion that those capabilities can very easily be leveraged for defense. Automated Threat Detection Think of AI as the ever-watchful eye, tirelessly scanning the horizon for signs of trouble in the vast sea of data. Its capability to detect threats with speed and precision beyond human ken is our first line of defense against the shadows that lurk in the network traffic, camouflaged in ordinary user behavior, or embedded within the seemingly benign activities of countless applications. AI isn’t just about spotting trouble; it’s about understanding it. Through machine learning, it constructs models that learn from the DNA of malware, enabling it to recognize new variants that bear the hallmarks of known threats. This is akin to recognizing an enemy’s tactics, even if their strategy evolves. All of what I’ve said also here applies to incident response—with AI’s ability to automatically meet threats head-on making a holistic cybersecurity posture both easier to achieve and less resource-intensive for organizations of all sizes. Predictive Analytics By understanding the patterns and techniques used in previous breaches, AI models can predict where and how cybercriminals might strike next. This foresight enables organizations to reinforce their defenses before an attack occurs, transforming cybersecurity from a reactive discipline into a proactive strategy that helps prevent breaches rather than merely responding to them. The sophistication of predictive analytics lies in its use of diverse data sources, including threat intelligence feeds, anomaly detection reports, and global cybersecurity trends. This comprehensive view allows AI systems to identify correlations and causations that might elude human analysts. Phishing Detection and Email Filtering AI has stepped up as a pivotal ally in the ongoing skirmish against phishing and other forms of social engineering attacks, which too often lay the groundwork for more invasive security breaches. Through meticulous analysis of email content, context, and even the]]> 2024-03-25T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/decoding-the-cybersecurity-implications-of-ais-rapid-advancement www.secnews.physaphae.fr/article.php?IdArticle=8470065 False Spam,Tool,Vulnerability,Threat,Prediction,Technical Deloitte 2.0000000000000000 Bleeping Computer - Magazine Américain Google\'s new AI-powered \'Search Generative Experience\' algorithms recommend scam sites that redirect visitors to unwanted Chrome extensions, fake iPhone giveaways, browser spam subscriptions, and tech support scams. [...]]]> 2024-03-25T07:32:16+00:00 https://www.bleepingcomputer.com/news/google/googles-new-ai-search-results-promotes-sites-pushing-malware-scams/ www.secnews.physaphae.fr/article.php?IdArticle=8470225 False Spam,Malware,Mobile None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have detected a new wave of phishing attacks that aim to deliver an ever-evolving information stealer referred to as StrelaStealer. The campaigns impact more than 100 organizations in the E.U. and the U.S., Palo Alto Networks Unit 42 researchers said in a new report published today. "These campaigns come in the form of spam emails with attachments that eventually]]> 2024-03-22T19:38:00+00:00 https://thehackernews.com/2024/03/new-strelastealer-phishing-attacks-hit.html www.secnews.physaphae.fr/article.php?IdArticle=8468556 False Spam None 3.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET The second half of 2023 saw massive growth in AceCryptor-packed malware spreading in the wild, including courtesy of multiple spam campaigns where AceCryptor packed the Rescoms RAT]]> 2024-03-22T12:21:34+00:00 https://www.welivesecurity.com/en/videos/acecryptor-attacks-europe-week-security-tony-anscombe/ www.secnews.physaphae.fr/article.php?IdArticle=8469364 False Spam,Malware None 2.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET Insight into ESET telemetry statistics about AceCryptor in H2 2023 with a focus on Rescoms campaigns in European countries]]> 2024-03-20T10:30:00+00:00 https://www.welivesecurity.com/en/eset-research/rescoms-rides-waves-acecryptor-spam/ www.secnews.physaphae.fr/article.php?IdArticle=8467946 False Spam None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-03-18T13:23:03+00:00 https://community.riskiq.com/article/54f79303 www.secnews.physaphae.fr/article.php?IdArticle=8466085 False Ransomware,Spam,Malware,Tool,Threat,Prediction None 3.0000000000000000 Kaspersky - Kaspersky Research blog This report contains spam and phishing statistics for 2023, along with descriptions of the main trends, among these artificial intelligence, instant messaging phishing, and multilingual BEC attacks.]]> 2024-03-07T10:00:53+00:00 https://securelist.com/spam-phishing-report-2023/112015/ www.secnews.physaphae.fr/article.php?IdArticle=8460239 False Spam,Studies None 4.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-03-06T01:05:06+00:00 https://community.riskiq.com/article/1fe95f7f www.secnews.physaphae.fr/article.php?IdArticle=8459610 False Ransomware,Spam,Malware,Tool,Threat,Legislation,Medical None 4.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Description Talos has observed a phishing spam campaign targeting potential victims in Mexico, luring users to download a new obfuscated information stealer Talos is calling TimbreStealer, which has been active since at least November 2023. It contains several embedded modules used for orchestration, decryption and protection of the malware binary. This threat actor was observed distributing TimbreStealer via a spam campaign using Mexican tax-related themes starting in at least November 2023. The threat actor has previously used similar tactics, techniques and procedures (TTPs) to distribute a banking trojan known as “Mispadu.” #### Reference URL(s) 1. https://blog.talosintelligence.com/timbrestealer-campaign-targets-mexican-users/ #### Publication Date February 27, 2024 #### Author(s) Guilherme Venere Jacob Finn Tucker Favreau Jacob Stanfill James Nutland ]]> 2024-02-27T20:31:31+00:00 https://community.riskiq.com/article/b61544ba www.secnews.physaphae.fr/article.php?IdArticle=8456070 False Spam,Malware,Threat None 2.0000000000000000 HackRead - Chercher Cyber deeba ahmed Alerte de détournement de marque: Guardio révèle des acteurs malveillants utilisant des marques de confiance pour le phishing. Ceci est un article de HackRead.com Lire le post original: Resurrecads Attaque les noms de marque des hijacks, répartit le spam via & # 8216; subdomalie & # 8217;

---

By Deeba Ahmed Brand Hijacking Alert: Guardio Reveals Malicious Actors Using Trusted Brands for Phishing. This is a post from HackRead.com Read the original post: ResurrecAds Attack Hijacks Brand Names, Spreads Spam Via ‘SubdoMailing’]]> 2024-02-27T12:57:00+00:00 https://www.hackread.com/resurrecads-attack-hijack-brand-spam-subdomailing/ www.secnews.physaphae.fr/article.php?IdArticle=8455860 False Spam None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) More than 8,000 subdomains belonging to legitimate brands and institutions have been hijacked as part of a sophisticated distribution architecture for spam proliferation and click monetization. Guardio Labs is tracking the coordinated malicious activity, which has been ongoing since at least September 2022, under the name SubdoMailing. The emails range from "counterfeit package delivery alerts]]> 2024-02-26T19:40:00+00:00 https://thehackernews.com/2024/02/8000-subdomains-of-trusted-brands.html www.secnews.physaphae.fr/article.php?IdArticle=8455427 False Spam None 3.0000000000000000 AhnLab - Korean Security Firm Nos vies sont connectées au monde numérique qui nous fournit de nombreux services publics et divertissements, mais parfois il se présentenous avec des rencontres indésirables.Les fraudes et escroqueries en ligne sont des exemples de telles rencontres.Les vagues d'e-mails de spam publicitaires commerciaux que nous recevons ne sont pas très dérangeants, mais les escroqueries en ligne sont plutôt très sérieuses.L'escroquerie en ligne est une cybercriminalité grave qui inflige des dommages à long terme financièrement et psychologiquement, et laisse d'énormes cicatrices aux victimes & # 8217;vies.Lorsque les entreprises sont affectées ...

---

Our lives are connected to the digital world that provides us with numerous utilities and entertainment, but sometimes it presents us with undesirable encounters. Online frauds and scams are examples of such encounters. Waves of commercial advertisement spam emails we receive are not much of a bother, but online scams are rather very serious. Online scamming is a serious cybercrime that inflicts long-term damage both financially and psychologically, and leaves tremendous scars on the victims’ lives. When companies are affected... ]]> 2024-02-23T02:02:05+00:00 https://asec.ahnlab.com/en/61976/ www.secnews.physaphae.fr/article.php?IdArticle=8453922 False Spam,Commercial None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have unearthed a new influence operation targeting Ukraine that leverages spam emails to propagate war-related disinformation. The activity has been linked to Russia-aligned threat actors by Slovak cybersecurity company ESET, which also identified a spear-phishing campaign aimed at a Ukrainian defense company in October 2023 and a European Union agency in November 2023]]> 2024-02-21T11:31:00+00:00 https://thehackernews.com/2024/02/russian-hackers-target-ukraine-with.html www.secnews.physaphae.fr/article.php?IdArticle=8453047 False Spam,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Description SentinelOne researchers have discovered a new Python script called SNS Sender that uses AWS Simple Notification Service (SNS) to send bulk SMS messages for the purpose of spamming phishing links, also known as Smishing. This is the first script observed using AWS SNS, and it is believed that the actor behind this tool is using cloud services to send bulk SMS phishing messages. The script author is known by the alias ARDUINO_DAS and is prolific in the phish kit scene. The script requires a list of phishing links named links.txt in its working directory. SNS Sender also takes several arguments that are entered as input: a text file containing a list of AWS access keys, secrets, and region delimited by a colon; a text file containing a list of phone numbers to target; a sender ID, similar to a display name for a message; and the message content. The script replaces any occurrences of the string in the message content variable with a URL from the links.txt file, which weaponizes the message as a phishing SMS. The actor behind this tool has been linked to many phishing kits used to target victims\' personally identifiable information (PII) and payment card details under the guise of a message from the United States Postal Service (USPS) regarding a missed package delivery. #### Reference URL(s) 1. https://www.sentinelone.com/labs/sns-sender-active-campaigns-unleash-messaging-spam-through-the-cloud/ #### Publication Date February 15, 2024 #### Author(s) Alex Delamotte ]]> 2024-02-16T20:41:12+00:00 https://community.riskiq.com/article/262fc193 www.secnews.physaphae.fr/article.php?IdArticle=8451105 False Spam,Tool,Cloud None 3.0000000000000000 SentinelOne (Crimeware) - Cyber Firms Threat actors leverage cloud services to conduct massive smishing campaign through AWS Simple Notification Service.]]> 2024-02-15T13:55:32+00:00 https://www.sentinelone.com/labs/sns-sender-active-campaigns-unleash-messaging-spam-through-the-cloud/ www.secnews.physaphae.fr/article.php?IdArticle=8450416 False Spam,Threat,Cloud None 3.0000000000000000 Techworm - News Dans un rapport publié cette semaine . & # 8220; Nous avons déjà signalé cette technique à Google et ils travaillent déjà sur la mise en œuvre d'atténuations pour empêcher ce type d'exécution automatique dans une future version Android. & # 8221; Afin de tromper l'utilisateur, le malware se déguise en application légitime, faisant souvent semblant d'être le navigateur Web Google Chrome.Il utilise des chaînes Unicode dans les noms d'applications pour l'obscurcissement, qui lui permet ensuite de rechercher des autorisations risquées sur l'appareil, comme l'envoi et l'accès au contenu SMS, et pour toujours s'exécuter en arrière. De plus, la fausse application Chrome demande également aux utilisateurs s'ils souhaitent le définir en tant qu'application SMS par défaut sous le prétexte que cela aidera à empêcher le spam. En outre, le malware utilise également des messages de phishing, dont le contenu est extrait du champ bio (ou description) à partir de profils frauduleux Pinterest, qui sont ensuite envoyés aux smartphones infectés pour échapper à la détection par le logiciel antivirus. Si le malware n'est pas en mesure d'accéder à Pinterest, il utilise alors des messages de phishing codés en dur qui informent les victimes potentielles qu'il y a quelque chose de louche avec leur compte bancaire et qu'ils doivent prendre des mesures immédiates. Les chercheurs de McAfee \\ ont noté que certains messages contextuels malveillants demandaient des autorisations en anglais, coréen, français, japonais, allemand et hindi, ce qui indique également des cibles actuelles de Xloader.Ils croient qu'en plus du Japon, le malware cible également les utilisateurs d'Android en Corée du Sud, en France, en Allemagne et en Inde. Pour rester protégé contre les logiciels malveillants Xloader, il est conseillé aux utilisateurs de ne pas lacharger les applications ou d'ouvrir des URL courtes dans les messages texte et d'être très prudents tout en accordant des autorisations aux applications qu'ils installent.Limitez également le nombre d'applications installées sur votre téléphone Android et installez les applications uniquement à partir de développeurs réputés. En outre, activez Google Play Protect sur votre smartphone Android afin]]> 2024-02-10T22:35:42+00:00 https://www.techworm.net/2024/02/android-xloader-malware-automatic.html www.secnews.physaphae.fr/article.php?IdArticle=8448724 False Spam,Malware,Threat,Mobile None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC through web scraping API, surveys, as part of your day-to-day operations, etc., the data you collect needs powerful safeguards. AI can help by classifying and automatically encrypting it. Access control is another process you can automate, as is compliance with data protection laws like the GDPR.]]> 2024-02-06T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/ai-in-cybersecurity-8-use-cases-that-you-need-to-know www.secnews.physaphae.fr/article.php?IdArticle=8447230 False Spam,Malware,Tool,Threat None 2.0000000000000000 Checkpoint - Fabricant Materiel Securite Les cybercriminels utilisent officiellement l'IA génératrice pour les campagnes de spam, les services d'identité et les services de vérification des médias sociaux: & # 8211;L'IA générative en tant qu'outil de cybercriminalité: les cybercriminels utilisent de plus en plus l'IA génératrice pour les cybercrimes sophistiqués, notamment une usurpation d'identité des médias sociaux, des campagnes de spam et des services de vérification KYC.& # 8211;Plateformes de chamage noir alimenté par AI: la montée des plateformes axées sur l'IA pour créer et gérer de faux comptes de médias sociaux, offrant des services pour automatiser la génération de contenu et l'activité des comptes à des fins illicites.& # 8211;Évolution des fraudes du spam et de KYC: l'intégration de l'IA dans les services de spam pour contourner les contrôles de sécurité et dans les services de vérification KYC pour créer de faux documents d'identification, ce qui signifie un nouveau niveau de [& # 8230;]

---

>Cybercriminals Officially Utilize Generative AI for Spam Campaigns, Social Media Impersonation and Verification Services Highlights: – Generative AI as a Cybercrime Tool: Cybercriminals are increasingly using generative AI for sophisticated cybercrimes, including social media impersonation, spam campaigns, and KYC verification services. – AI-Powered Black-Hat Platforms: The rise of AI-driven platforms for creating and managing fake social media accounts, offering services to automate content generation and account activity for illicit purposes. – Evolution of Spam and KYC Frauds: The integration of AI in spam services to bypass security controls and in KYC verification services for creating fake identification documents, signifying a new level of […] ]]> 2024-02-01T14:00:51+00:00 https://blog.checkpoint.com/research/generative-ai-is-the-pride-of-cybercrime-services/ www.secnews.physaphae.fr/article.php?IdArticle=8445590 False Spam,Tool None 3.0000000000000000 ProofPoint - Cyber Firms Réponse cible> Réponse de l'acteur avec web.app URL> Redirection> zip> lnk> syncappvpublishingServer.vbs lolbas> PowerShell> mshta exécute HTA à partir de l'URL> PowerShell cryptée> Obfuscated PowerShell> Télécharger et exécuter l'exe exe Les campagnes de 2024 de TA576 \\ sont notables car il s'agit du premier point de preuve a observé que l'acteur livrant Parallax Rat.De plus, la chaîne d'attaque de l'acteur \\ à l'aide de techniques LOLBAS et de plusieurs scripts PowerShell est nettement différente des campagnes précédemment observées qui ont utilisé des URL pour zipper les charges utiles JavaScript ou des documents Microsoft Word en macro. Attribution TA576 est un acteur de menace cybercriminale.ProofPoint a suivi TA576 depuis 2018 via des techniques de création de courriels de spam, une utilisation des logiciels malveillants, des techniques de livraison de logiciels malveillants et d'autres caractéristiques.Cet acteur utilise des leurres d'impôt contenant des caractéristiques et des thèmes similaires pendant la saison fiscale américaine pour livrer et installer des rats.Les objectifs de suivi de Ta576 \\ sont inconnus.Bien que les secteurs les plus fréquemment observés ciblés incluent les entités comptables et financières, Proof Point a également observé le ciblage des industries connexes telles que le légal. Pourquoi est-ce important Les campagnes annuelles sur le thème de l'impôt de TA576 \\ servent de rappel récurrent que les acteurs des menaces de cybercri]]> 2024-01-30T05:00:16+00:00 https://www.proofpoint.com/us/blog/threat-insight/security-brief-tis-season-tax-hax www.secnews.physaphae.fr/article.php?IdArticle=8444774 False Spam,Malware,Threat,Prediction None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC AT&T Cybersecurity Alien Labs reviewed the big events of 2023 and how malware morphed this year to try new ways to breach and wreak havoc. This year\'s events kept cybersecurity experts on their toes, from expanding malware variants to introducing new threat actors and attack techniques. Here are some of the most compelling developments, highlighting malware\'s evolving capabilities and the challenges defenders face. Highlights of the year: Emerging trends and notable incidents As the year unfolded, several trends and incidents left an indelible mark on the cybersecurity landscape: Exploiting OneNote for malicious payloads Cybercriminals leveraged Microsoft OneNote to deliver many malicious payloads to victims, including Redline, AgentTesla, Quasar RAT, and others. This previously underutilized Office program became a favored tool due to its low suspicion and widespread usage. SEO poisoning and Google Ads Malicious actors resorted to SEO poisoning tactics, deploying phishing links through Google Ads to deceive unsuspecting victims. These links led to cloned, benign web pages, avoiding Google\'s detection and remaining active for extended periods. Prominent malware families, including Raccoon Stealer and IcedID, capitalized on this strategy. Exploiting geopolitical events Cybercriminals exploited the geopolitical climate, particularly the Middle East conflict, as a lure for their attacks. This trend mirrored the previous year\'s Ukraine-related phishing campaigns and crypto scams. APTs: State-sponsored espionage continues to present challenges Advanced Persistent Threats (APTs) continued to pose a significant threat in 2023: Snake: CISA reported on the Snake APT, an advanced cyber-espionage tool associated with the Russian Federal Security Service (FSB). This malware had been in use for nearly two decades. Volt Typhoon: A campaign targeting critical infrastructure organizations in the United States was attributed to Volt Typhoon, a state-sponsored actor based in China. Their focus lay on espionage and information gathering. Storm-0558: This highly sophisticated intrusion campaign, orchestrated by the Storm-0558 APT from China, infiltrated the email accounts of approximately 25 organizations, including government agencies. Ransomware\'s relentless rise Ransomware remained a prevalent and lucrative threat throughout the year: Cuba and Snatch: Ransomware groups like Cuba and Snatch targeted critical infrastructure in the United States, causing concern for national security. ALPHV/BlackCat: Beyond SEO poisoning, this group compromised the computer systems of Caesar and MGM casinos. They also resorted to filing complaints with the US Securities and Exchange Commission (SEC) against their victims, applying additional pressure to pay ransoms. Exploiting new vulnerabilities: Cybercriminals wasted no time exploiting newly discovered vulnerabilities, such as CVE-2023-22518 in Atlassian\'s Confluence, CVE-2023-4966 (Citrix bleed), and others. These vulnerabilities became gateways for ransomware attacks. Evolving ransom]]> 2024-01-25T11:00:00+00:00 https://cybersecurity.att.com/blogs/labs-research/the-dark-side-of-2023-cybersecurity-malware-evolution-and-cyber-threats www.secnews.physaphae.fr/article.php?IdArticle=8442915 False Ransomware,Spam,Malware,Tool,Vulnerability,Threat,Prediction Guam 3.0000000000000000 ProofPoint - Cyber Firms 2024-01-23T15:29:37+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/more-one-quarter-global-2000-are-not-ready-upcoming-stringent-email www.secnews.physaphae.fr/article.php?IdArticle=8442630 False Spam,Tool,Threat,Cloud,Technical None 3.0000000000000000 Incogni - Blog Sécu de la société incogni, spécialisé en protection de la vie privé Pourquoi est-ce que je reçois autant d'appels de spam?(& # 038; comment les arrêter) Lire la suite "

---

… Why am I getting so many spam calls? (& how to stop them) Read More "]]> 2024-01-23T15:07:04+00:00 https://blog.incogni.com/why-getting-many-spam-calls/ www.secnews.physaphae.fr/article.php?IdArticle=8442146 False Spam None 2.0000000000000000 ProofPoint - Cyber Firms PDF > OneDrive URL > JavaScript > MSI / VBS (WasabiSeed) > MSI (Screenshotter). The attack chain was similar to the last documented email campaign using this custom toolset observed by Proofpoint on March 20, 2023. The similarities helped with attribution. Specifically, TA571 spam service was similarly used, the WasabiSeed downloader remained almost the same, and the Screenshotter scripts and components remained almost the same. (Analyst Note: While Proofpoint did not initially associate the delivery TTPs with TA571 in our first publication on TA866, subsequent analysis attributed the malspam delivery of the 2023 campaigns to TA571, and subsequent post-exploitation activity to TA866.)  One of the biggest changes in this campaign from the last observed activity was the use of a PDF attachment containing a OneDrive link, which was completely new. Previous campaigns used macro-enabled Publisher attachments or 404 TDS URLs directly in the email body.  Screenshot of “TermServ.vbs” WasabiSeed script whose purpose is to execute an infinite loop, reaching out to C2 server and attempting to download and run an MSI file (empty lines were removed from this script for readability).  Screenshot of “app.js”, one of the components of Screenshotter. This file runs “snap.exe”, a copy of legitimate IrfanView executable, (also included inside the MSI) to save a desktop screenshot as “gs.jpg”.  Screenshot of “index.js”, another Screenshotter component. This code is responsible for uploading the desktop screenshot ”gs.jpg” to the C2 server.  Attribution  There are two threat actors involved in the observed campaign. Proofpoint tracks the distribution service used to deliver the malicious PDF as belonging to a threat actor known as TA571. TA571 is a spam distributor, and this actor sends high volume spam email campaigns to deliver and install a variety malware for their cybercriminal customers.  Proofpoint tracks the post-exploitation tools, specifically the JavaScript, MSI with WasabiSeed components, and MSI with Screenshotter components as belonging to TA866. TA866 is a threat actor previously documented by Proofpoint and colleagues in [1][2] and [3]. TA866 is known to engage in both crimeware and cyberespionage activity. This specific campaign appears financially motivated.  Proofpoint assesses that TA866 is an organized actor able to perform well thought-out attacks at scale based on their availability of custom tools, and ability and connections to purchase tools and services from other actors.  Why it matters  The following are notable characteristics of TA866\'s return to email threat data:  TA866 email campaigns have been missing from the landscape for over nine months (although there are indications that the actor was meanwhile ]]> 2024-01-18T05:00:52+00:00 https://www.proofpoint.com/us/blog/threat-insight/security-brief-ta866-returns-large-email-campaign www.secnews.physaphae.fr/article.php?IdArticle=8440209 False Spam,Malware,Tool,Threat None 2.0000000000000000 Incogni - Blog Sécu de la société incogni, spécialisé en protection de la vie privé 2024-01-17T14:10:08+00:00 https://blog.incogni.com/spam-area-codes/ www.secnews.physaphae.fr/article.php?IdArticle=8439919 False Spam None 2.0000000000000000 HackRead - Chercher Cyber Par waqas Si vous êtes un client Hellofresh, vous recevrez probablement moins de courriels marketing et de SMS en raison de l'amende imposée & # 8230; Ceci est un article de HackRead.com Lire le post original: Hellofresh a été condamné à une amende et à Pound; 140 000 pour 80 millions de messages de spam

---

>By Waqas If you’re a HelloFresh customer, you’ll likely receive fewer marketing emails and texts due to the fine imposed… This is a post from HackRead.com Read the original post: HelloFresh Fined £140,000 for 80 Million Spam Messages]]> 2024-01-15T13:03:00+00:00 https://www.hackread.com/hellofresh-fined-80-million-spam-messages/ www.secnews.physaphae.fr/article.php?IdArticle=8439222 False Spam None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The ICO has fined HelloFresh £140,000 for breaking privacy laws with a spam marketing campaign]]> 2024-01-15T09:30:00+00:00 https://www.infosecurity-magazine.com/news/hellofresh-fined-140k-80-million/ www.secnews.physaphae.fr/article.php?IdArticle=8439169 False Spam None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Description The Water Curupira intrusion set, known for using the Black Basta ransomware, has been using Pikabot, a loader malware similar to Qakbot, in spam campaigns throughout 2023. Pikabot is a multi-stage malware with a loader and core module within the same file, as well as a decrypted shellcode that decrypts another DLL file from its resources. The malware gains initial access to its victim\'s machine through spam emails containing an archive or a PDF attachment. The emails employ thread-hijacking, a technique where malicious actors use existing email threads and create emails that look like they were meant to be part of the thread to trick recipients into believing that they are legitimate. #### Reference URL(s) 1. https://www.trendmicro.com/en_us/research/24/a/a-look-into-pikabot-spam-wave-campaign.html #### Publication Date January 10, 2024 #### Author(s) Trend Micro Research ]]> 2024-01-10T21:33:16+00:00 https://community.riskiq.com/article/ebaeeb6c www.secnews.physaphae.fr/article.php?IdArticle=8437643 False Ransomware,Spam,Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A threat actor called Water Curupira has been observed actively distributing the PikaBot loader malware as part of spam campaigns in 2023. “PikaBot\'s operators ran phishing campaigns, targeting victims via its two components - a loader and a core module - which enabled unauthorized remote access and allowed the execution of arbitrary commands through an established connection with]]> 2024-01-09T21:31:00+00:00 https://thehackernews.com/2024/01/alert-water-curupira-hackers-actively.html www.secnews.physaphae.fr/article.php?IdArticle=8437215 False Spam,Malware,Threat None 2.0000000000000000 TrendLabs Security - Editeur Antivirus Pikabot is a loader with similarities to Qakbot that was used in spam campaigns during most of 2023. Our blog entry provides a technical analysis of this malware.]]> 2024-01-09T00:00:00+00:00 https://www.trendmicro.com/en_us/research/24/a/a-look-into-pikabot-spam-wave-campaign.html www.secnews.physaphae.fr/article.php?IdArticle=8437097 False Spam,Malware,Technical None 2.0000000000000000 Krebs on Security - Chercheur Américain In 2020, the United States brought charges against four men accused of building a bulletproof hosting empire that once dominated the Russian cybercrime industry and supported multiple organized cybercrime groups. All four pleaded guilty to conspiracy and racketeering charges. But there is a fascinating and untold backstory behind the two Russian men involved, who co-ran Russia\'s most popular spam forum for years.]]> 2024-01-08T17:57:55+00:00 https://krebsonsecurity.com/2024/01/meet-ika-sal-the-bulletproof-hosting-duo-from-hell/ www.secnews.physaphae.fr/article.php?IdArticle=8436731 False Spam None 4.0000000000000000 Incogni - Blog Sécu de la société incogni, spécialisé en protection de la vie privé Comment arrêter les textes de spam sur Android & # 038;iPhone Lire la suite "

---

… How to stop spam texts on Android & iPhone Read More "]]> 2024-01-08T13:44:29+00:00 https://blog.incogni.com/stop-spam-texts/ www.secnews.physaphae.fr/article.php?IdArticle=8436612 False Spam,Mobile None 2.0000000000000000 Incogni - Blog Sécu de la société incogni, spécialisé en protection de la vie privé 2024-01-08T13:35:45+00:00 https://blog.incogni.com/stop-spam-emails/ www.secnews.physaphae.fr/article.php?IdArticle=8436613 False Spam Yahoo 1.00000000000000000000 Incogni - Blog Sécu de la société incogni, spécialisé en protection de la vie privé comment arrêter les appels de spam & # 038;Robocalls: un guide complet Lire la suite "

---

… How to stop spam calls & robocalls: a complete guide Read More "]]> 2024-01-08T13:17:13+00:00 https://blog.incogni.com/stop-spam-calls/ www.secnews.physaphae.fr/article.php?IdArticle=8436614 False Spam None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC from toasters to smart fridges, can unwittingly be enlisted as footsoldiers in a digital army with the potential to bring down even corporate giants. This insidious force operates in silence, escaping the notice of even the most vigilant users. A recent report by Nokia shows that criminals are now using these devices more to orchestrate their attacks. In fact, cyber attacks targeting IoT devices are expected to double by 2025, further muddying the already murky waters. Let us go to the battlements of this siege, and we’ll tackle the topic in more depth. What is a botnet? Derived from the words “robot” and "network.", a botnet refers to a group of devices that have been infected with malicious software. Once infected, these devices are controlled remotely by a central server and are often used to carry out malicious activities such as cyber attacks, espionage, financial fraud, spam email campaigns, stealing sensitive information, or simply the further propagation of malware. How does a botnet attack work? A botnet attack begins with the infection of individual devices. Cybercriminals use various tactics to compromise these devices, such as sending malicious emails, exploiting software vulnerabilities, or tricking users into downloading malware. Everyday tech is notoriously prone to intrusion. The initial stages of building a botnet are often achieved with deceptively simple yet elegant tactics. Recently, a major US energy company fell prey to one such attack, owing to hundreds of phishing emails. By using QR code generators, the attacks combined two seemingly benign elements into a campaign that hit manufacturing, insurance, technology, and financial services companies, apart from the aforementioned energy companies. This new attack vector is now being referred to as Quishing — and unfortunately, it’s only going to become more prevalent. Once a device has been compromised, it becomes part of the botnet. The cybercriminal gains control over these infected devices, which are then ready to follow the attacker\'s commands. The attacker is then able to operate the botnet from a central command-and-control server to launch various types of attacks. Common ones include: Distributed denial-of-service (DDoS). The botnet floods a target website or server with overwhelming traffic, causing it to become inaccessible to legitimate users. Spam emails. Bots can be used to send out massive volumes of spam emails, often containing phishing scams or malware. Data theft. Botnets can steal sensitive information, such as login credentials or personal data, from the infected devices. Propagation. S]]> 2024-01-08T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/the-botnet-siege-how-your-toaster-could-topple-a-corporation www.secnews.physaphae.fr/article.php?IdArticle=8436534 False Ransomware,Spam,Malware,Vulnerability,Threat None 2.0000000000000000 Korben - Bloger francais 2024-01-07T08:00:00+00:00 https://korben.info/lutter-contre-spams-signal-spam-application-mobile-extension-messagerie.html www.secnews.physaphae.fr/article.php?IdArticle=8436019 False Spam None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Description The UAC-0050 threat group has been found to be using an advanced strategy that allows for a more clandestine data transfer channel, effectively circumventing detection mechanisms employed by Endpoint Detection and Response (EDR) and antivirus systems. The group\'s weapon of choice is RemcosRAT, a notorious malware for remote surveillance and control, which has been at the forefront of its espionage arsenal. However, in their latest operational twist, the UAC-0050 group has integrated a pipe method for interprocess communication, showcasing their advanced adaptability. The initial attack vector is yet to be pinpointed, though indications lean towards phishing or spam emails. The LNK file is responsible for initiating the download of an HTA file. Within this HTA file lies a VBS script that, upon execution, triggers a PowerShell script. This PowerShell script endeavors to download a malicious payload (word_update.exe) from a server. Upon launching, word_update.exe executes cmd.exe and shares malicious data through a pipe. Consequently, it leads to the launch of explorer.exe with the malicious RemcosRAT residing in the memory of explorer.exe. The Remcos version identified is 4.9.2 Pro, and it has successfully gathered information about the victim, including the computer name and username. RemcosRAT removes cookies and login data from the following browsers: Internet Explorer, Firefox, and Chrome. #### Reference URL(s) 1. https://www.uptycs.com/blog/remcos-rat-uac-0500-pipe-method #### Publication Date January 4, 2024 #### Author(s) Uptycs Threat Research ]]> 2024-01-04T22:13:12+00:00 https://community.riskiq.com/article/51acab90 www.secnews.physaphae.fr/article.php?IdArticle=8434737 False Spam,Malware,Threat None 2.0000000000000000 Bleeping Computer - Magazine Américain A new Python project called \'Wall of Flippers\' detects Bluetooth spam attacks launched by Flipper Zero and Android devices. [...]]]> 2023-12-23T10:09:18+00:00 https://www.bleepingcomputer.com/news/security/wall-of-flippers-detects-flipper-zero-bluetooth-spam-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8428022 False Spam,Mobile None 2.0000000000000000 ProofPoint - Cyber Firms 2023-12-14T07:44:10+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/i-broke-my-phone-update-new-developments-conversational-attacks-mobile www.secnews.physaphae.fr/article.php?IdArticle=8422695 False Spam,Threat,Mobile,Prediction None 3.0000000000000000 Recorded Future - FLux Recorded Future Le sénateur Ron Wyden (D-Ore.) A averti mercredi dans une lettre au ministère de la Justice que les gouvernements espèrent les utilisateurs d'Apple et Google pour les smartphones via des notifications push mobiles.Le sénateur, qui est depuis longtemps un défenseur de la vie privée, a déclaré que son bureau avait reçu un conseil sur la pratique l'année dernière et a demandé plus d'informations sur le

---

Sen. Ron Wyden (D-Ore.) warned in a letter to the Department of Justice on Wednesday that governments are spying on Apple and Google smartphone users through mobile push notifications. The senator, who has long been a privacy advocate, said his office received a tip about the practice last year, and sought more information on the]]> 2023-12-06T18:30:00+00:00 https://therecord.media/wyden-warns-of-governments-spying-on-apple-google-users-through-push-notifications www.secnews.physaphae.fr/article.php?IdArticle=8419648 False Spam,Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google has revealed a new multilingual text vectorizer called RETVec (short for Resilient and Efficient Text Vectorizer) to help detect potentially harmful content such as spam and malicious emails in Gmail. "RETVec is trained to be resilient against character-level manipulations including insertion, deletion, typos, homoglyphs, LEET substitution, and more," according to the project\'s]]> 2023-11-30T18:38:00+00:00 https://thehackernews.com/2023/11/google-unveils-retvec-gmails-new.html www.secnews.physaphae.fr/article.php?IdArticle=8418069 False Spam None 3.0000000000000000 ProofPoint - Cyber Firms Proofpoint has made more investments in our Aegis threat protection platform this year that can help support our federal agency customer]]> 2023-11-30T07:23:34+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/enhancements-federal-solutions www.secnews.physaphae.fr/article.php?IdArticle=8418095 False Ransomware,Spam,Malware,Vulnerability,Threat,Industrial,Cloud,Commercial None 2.0000000000000000 GoogleSec - Firm Security Blog RETVec (Resilient & Efficient Text Vectorizer) that helps models achieve state-of-the-art classification performance and drastically reduces computational cost. Today, we\'re sharing how RETVec has been used to help protect Gmail inboxes.Strengthening the Gmail Spam Classifier with RETVecFigure 1. RETVec-based Gmail Spam filter improvements.]]> 2023-11-29T12:00:03+00:00 http://security.googleblog.com/2023/11/improving-text-classification.html www.secnews.physaphae.fr/article.php?IdArticle=8418787 False Spam,Mobile None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Truecaller warns malicious calls make up the majority]]> 2023-11-28T11:00:00+00:00 https://www.infosecurity-magazine.com/news/americans-two-billion-spam-calls/ www.secnews.physaphae.fr/article.php?IdArticle=8417470 False Spam None 2.0000000000000000 Kaspersky - Kaspersky Research blog As Black Friday approaches, Kaspersky analyzes phishing and spam activity around major sales events, and reviews statistics on online shopping threats in 2023.]]> 2023-11-20T10:00:27+00:00 https://securelist.com/black-friday-cyberthreat-report-2023/111076/ www.secnews.physaphae.fr/article.php?IdArticle=8414771 False Spam None 2.0000000000000000 Recorded Future - FLux Recorded Future Les cybercriminels ont conçu une façon créative de tenter d'escroquer l'argent des gens: ils utilisent une fonctionnalité de quiz Google Forms pour générer des messages de spam, ont trouvé des chercheurs.La maltraitance de Google Forms - une partie de la suite de l'espace de travail gratuit de la société \\ a été suivie pour plusieurs années , mais l'utilisation d'une fonctionnalité spécifique dans les quiz

---

Cybercriminals have devised a creative way to attempt to scam money from people: They use a feature of Google Forms quizzes to generate spam messages, researchers found. Abuse of Google Forms - part of the company\'s free Workspace suite - has been tracked for several years, but the use of a specific feature within quizzes]]> 2023-11-13T20:22:00+00:00 https://therecord.media/cryptocurrency-scam-uses-google-quiz-messages www.secnews.physaphae.fr/article.php?IdArticle=8411269 False Spam None 3.0000000000000000 ProofPoint - Cyber Firms 2023-11-13T06:18:08+00:00 https://www.proofpoint.com/us/blog/engineering-insights/enabling-realtime-spam-signature-updates www.secnews.physaphae.fr/article.php?IdArticle=8411687 False Spam,Cloud,Technical None 3.0000000000000000 ProofPoint - Cyber Firms 2023-11-09T07:02:10+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/power-simplicity-elevating-your-security-experience www.secnews.physaphae.fr/article.php?IdArticle=8408572 False Ransomware,Spam,Tool,Threat,Cloud None 2.0000000000000000 Korben - Bloger francais 2023-11-08T08:44:06+00:00 https://korben.info/exploiter-esp32-pour-envoyer-notifications-ble-continues-sur-iphone.html www.secnews.physaphae.fr/article.php?IdArticle=8407764 False Spam None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Description McAfee Labs has observed a recent AsyncRAT campaign being distributed through a malicious HTML file. This entire infection strategy employs a range of file types, including PowerShell, Windows Script File (WSF), VBScript (VBS), and more, in order to bypass antivirus detection measures. A recipient receives a spam email containing a nefarious web link. When accessed, this link triggers the download of an HTML file. Within this HTML file, an ISO file is embedded, and this ISO image file harbors a WSF (Windows Script File). The WSF file subsequently establishes connections with various URLs and proceeds to execute multiple files in formats such as PowerShell, VBS (VBScript), and BAT. These executed files are employed to carry out a process injection into RegSvcs.exe, a legitimate Microsoft .NET utility. This manipulation of RegSvcs.exe allows the attacker to covertly hide their activities within a trusted system application. #### Reference URL(s) 1. https://www.mcafee.com/blogs/other-blogs/mcafee-labs/unmasking-asyncrat-new-infection-chain/ #### Publication Date November 3, 2023 #### Author(s) McAfee Labs Vignesh Dhatchanamoorthy Lakshya Mathur ]]> 2023-11-07T21:33:55+00:00 https://community.riskiq.com/article/2f8526bf www.secnews.physaphae.fr/article.php?IdArticle=8407508 False Spam None 3.0000000000000000 LogPoint - Blog Secu Les faits rapides sont la forme la plus courante de cybercriminalité, avec environ 3,4 milliards de courriels de spam envoyés chaque jour. Les attaques ont dépensé 200 $ à 1000 $ par jour pour mener des campagnes de phishing.Au cours des six derniers mois, on pense que les utilisateurs ont déclaré que le phishing tentait que 11,3% du temps.Google bloque environ 100 millions de courriels de phishing chaque jour.[...]

---

>Fast FactsPhishing is the most common form of cybercrime, with an estimated 3.4 billion spam emails sent every day.Attackers spent $200-$1000 per day to carry out phishing campaigns. Over the past six months, it is thought that users reported phishing attempts only 11.3% of the time. Google blocks around 100 million phishing emails every day.  [...] ]]> 2023-11-06T10:58:30+00:00 https://www.logpoint.com/fr/blog/email-investigation-and-response-using-logpoint/ www.secnews.physaphae.fr/article.php?IdArticle=8409042 False Spam None 3.0000000000000000 CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Highfivery LLC Zero Spam for WordPress allows SQL Injection.This issue affects Zero Spam for WordPress: from n/a through 5.4.4.]]> 2023-11-03T17:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32121 www.secnews.physaphae.fr/article.php?IdArticle=8405468 False Spam,Vulnerability None None Bleeping Computer - Magazine Américain Recent Flipper Zero Bluetooth spam attacks have now been ported to an Android app, allowing a much larger number of devices to implement these annoying spam alerts. [...]]]> 2023-10-31T16:06:19+00:00 https://www.bleepingcomputer.com/news/security/flipper-zero-bluetooth-spam-attacks-ported-to-new-android-app/ www.secnews.physaphae.fr/article.php?IdArticle=8403700 False Spam None 2.0000000000000000 ProofPoint - Cyber Firms 2023-10-30T07:40:00+00:00 https://www.proofpoint.com/us/blog/threat-insight/security-brief-ta571-delivers-icedid-forked-loader www.secnews.physaphae.fr/article.php?IdArticle=8402897 False Ransomware,Spam,Malware,Threat None 3.0000000000000000 Bleeping Computer - Magazine Américain A custom Flipper Zero firmware called \'Xtreme\' has added a new feature to perform Bluetooth spam attacks on Android and Windows devices. [...]]]> 2023-10-25T14:54:44+00:00 https://www.bleepingcomputer.com/news/security/flipper-zero-can-now-spam-android-windows-users-with-bluetooth-alerts/ www.secnews.physaphae.fr/article.php?IdArticle=8400549 False Spam None 2.0000000000000000 Dark Reading - Informationweek Branch Users could hold up to five SIM cards previously, but now they can only have two; it\'s a move that the government says is intended to cut down mobile spam levels.]]> 2023-10-20T18:05:00+00:00 https://www.darkreading.com/dr-global/sim-card-ownership-slashed-in-burkina-faso www.secnews.physaphae.fr/article.php?IdArticle=8398334 False Spam,Legislation None 3.0000000000000000 Zataz - Magazine Francais de secu 2023-10-19T15:03:42+00:00 https://www.zataz.com/piotr-severa-levashov-le-roi-du-spam-sort-un-livre/ www.secnews.physaphae.fr/article.php?IdArticle=8397746 False Spam None 3.0000000000000000 GoogleSec - Firm Security Blog accelerated existing mobile habits – with app categories like finance growing 25% year-over-year and users spending over 100 billion hours in shopping apps. It\'s now even more important that data is protected so that bad actors can\'t access the information. Powering up Google Play Protect Google Play Protect is built-in, proactive protection against malware and unwanted software and is enabled on all Android devices with Google Play Services. Google Play Protect scans 125 billion apps daily to help protect you from malware and unwanted software. If it finds a potentially harmful app, Google Play Protect can take certain actions such as sending you a warning, preventing an app install, or disabling the app automatically. To try and avoid detection by services like Play Protect, cybercriminals are using novel malicious apps available outside of Google Play to infect more devices with polymorphic malware, which can change its identifiable features. They\'re turning to social engineering to trick users into doing something dangerous, such as revealing confidential information or downloading a malicious app from ephemeral sources – most commonly via links to download malicious apps or downloads directly through messaging apps. For this reason, Google Play Protect has always also offered users protection outside of Google Play. It checks your device for potentially harmful apps regardless of the install source when you\'re online or offline as well. Previously, when installing an app, Play Protect conducted a real-time check and warned users when it identified an app known to be malicious from existing scanning intelligence or was identified as suspicious from our on-device machine learning, similarity comparisons, and other techniques that we are always evolving. Today, we are making Google Play Protect\'s security capabilities even more powerful with real-time scanning at the code-level to combat novel malicious apps. Google Play Protect will now recommend a real-time app scan when installing apps that have never been scanned before to help detect emerging threats. Scanning will extract important signals from the app and send them to the Play Protect backend infrastructure for a code-level evaluation. Once the real-time analysis is complete, users will get a result letting them know if the app looks safe to install or if the scan determined the app is potentially harmful. This enhancement will help better protect users against malicious polymorphic apps that leverage various methods, such as AI, to be altered to avoid detection. Our security protections and machine learning algorithms learn from each app ]]> 2023-10-18T12:00:27+00:00 http://security.googleblog.com/2023/10/enhanced-google-play-protect-real-time.html www.secnews.physaphae.fr/article.php?IdArticle=8398646 False Spam,Malware None 2.0000000000000000 AhnLab - Korean Security Firm InfostEllers, qui volent les informations d'identification du compte utilisateur enregistrées dans les navigateurs Web ou les clients de messagerie, constituent la majorité des attaques ciblées ciblant les ciblage des attaquesutilisateurs généraux ou d'entreprise.Les informations connexes ont été partagées via le blog ASEC en décembre de l'année dernière.[1] Bien que la méthode de distribution des logiciels malveillants nommés diffère légèrement en fonction de leurs principales caractéristiques, les logiciels malveillants de type infoséaler utilisent généralement des sites malveillants déguisés en pages pour télécharger des programmes légitimes comme voie de distribution.Ils sont également activement distribués via des pièces jointes de spam ou MS ...

---

Infostealers, which steal user account credentials saved in web browsers or email clients, constitute the majority of attacks targeting general or corporate users. Related information was shared through the ASEC Blog in December of last year. [1] While the distribution method for the named malware differs slightly depending on their main features, Infostealer-type malware typically uses malicious sites disguised as pages for downloading legitimate programs as their distribution route. They are also actively distributed through spam email attachments or MS... ]]> 2023-10-18T05:55:43+00:00 https://asec.ahnlab.com/en/57883/ www.secnews.physaphae.fr/article.php?IdArticle=8397098 False Spam,Malware None 3.0000000000000000 ProofPoint - Cyber Firms 2023-10-11T17:00:26+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/google-and-yahoo-set-new-email-authentication-requirements www.secnews.physaphae.fr/article.php?IdArticle=8394335 False Spam,Threat Yahoo 2.0000000000000000 AhnLab - Korean Security Firm Ahnlab Security Emergency Response Center (ASEC) a repéré l'agenttesla infosterun fichier de chauve-souris malveillant.Lorsque le fichier BAT est exécuté, il utilise la méthode inférieure pour exécuter AgentTesla (EXE) sans créer le fichier sur le PC de l'utilisateur.Ce billet de blog fournira une explication du processus de distribution, de l'e-mail de spam au binaire final (AgentTesla), ainsi que des techniques connexes.La figure 1 montre le corps de l'e-mail de spam distribuant ...

---

AhnLab Security Emergency response Center (ASEC) spotted the AgentTesla Infostealer being distributed through an email in the form of a malicious BAT file. When the BAT file is executed, it employs the fileless method to run AgentTesla (EXE) without creating the file on the user’s PC. This blog post will provide an explanation of the distribution process, from the spam email to the final binary (AgentTesla), along with related techniques. Figure 1 shows the body of the spam email distributing... ]]> 2023-10-10T04:36:49+00:00 https://asec.ahnlab.com/en/57546/ www.secnews.physaphae.fr/article.php?IdArticle=8393474 False Spam None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Despite the disruption to its infrastructure, the threat actors behind the QakBot malware have been linked to an ongoing phishing campaign since early August 2023 that led to the delivery of Ransom Knight (aka Cyclops) ransomware and Remcos RAT. This indicates that “the law enforcement operation may not have impacted Qakbot operators\' spam delivery infrastructure but rather only their]]> 2023-10-05T18:48:00+00:00 https://thehackernews.com/2023/10/qakbot-threat-actors-still-in-action.html www.secnews.physaphae.fr/article.php?IdArticle=8391856 False Ransomware,Spam,Malware,Threat None 2.0000000000000000 Recorded Future - FLux Recorded Future Deux des plus grands fournisseurs de courriels du monde ont déclaré mardi qu'ils prendraient plusieurs nouvelles mesures pour freiner les expéditeurs en vrac et empêcher le spam.Dans son annonce , Yahoo a noté que de nombreux expéditeurs en vrac ne se déroulent pas \\ 't.des systèmes correctement, ce qui peut conduire à des «acteurs malveillants» qui les exploitent non détectés.Au cours du premier trimestre de 2024, Yahoo a déclaré

---

Two of the world\'s largest email providers said Tuesday that they will take several new steps to rein in bulk senders and prevent spam. In its announcement, Yahoo noted that many bulk senders don\'t set systems up properly, which can lead to “malicious actors” exploiting them undetected. Across the first quarter of 2024, Yahoo said]]> 2023-10-03T21:09:00+00:00 https://therecord.media/google-yahoo-crack-down-on-spam www.secnews.physaphae.fr/article.php?IdArticle=8391155 False Spam Yahoo 3.0000000000000000 Bleeping Computer - Magazine Américain Google will introduce new sender guidelines in February to bolster email security against phishing and malware delivery by mandating bulk senders to authenticate their emails and adhere to stricter spam thresholds [...]]]> 2023-10-03T14:41:16+00:00 https://www.bleepingcomputer.com/news/security/google-to-bolster-phishing-and-malware-delivery-defenses-in-2024/ www.secnews.physaphae.fr/article.php?IdArticle=8391099 False Spam,Malware None 3.0000000000000000 Incogni - Blog Sécu de la société incogni, spécialisé en protection de la vie privé 2023-09-08T06:57:54+00:00 https://blog.incogni.com/stop-spam-calls-on-iphone/ www.secnews.physaphae.fr/article.php?IdArticle=8381160 False Spam None 2.0000000000000000 Checkpoint Research - Fabricant Materiel Securite Pour les dernières découvertes de cyber-recherche pour la semaine du 4 septembre, veuillez télécharger nos principales attaques de menace_ingence et violation de l'opération annoncée par le FBI & # 8216; Duck Hunt & # 8217;Démontage du fonctionnement des logiciels malveillants Qakbot (QBOT) qui est actif depuis au moins 2008. Qakbot est connu pour infecter les victimes via des e-mails de spam avec des pièces jointes malveillantes et [& # 8230;]

---

>For the latest discoveries in cyber research for the week of 4th September, please download our Threat_Intelligence Bulletin TOP ATTACKS AND BREACHES The FBI announced operation ‘Duck Hunt’ dismantling the Qakbot (Qbot) malware operation that is active since at least 2008. Qakbot has been known to infect victims via spam emails with malicious attachments and […] ]]> 2023-09-04T14:56:36+00:00 https://research.checkpoint.com/2023/4th-september-threat-intelligence-report/ www.secnews.physaphae.fr/article.php?IdArticle=8378780 False Spam,Malware,Threat None 2.0000000000000000 AhnLab - Korean Security Firm Ahnlab Security Emergency Response Center (ASEC) a découvert une campagne de phishing qui se propage par des e-mails de spam et exécute unFichier PE (EXE) sans créer le fichier dans le PC utilisateur.La pièce jointe malveillante dans l'extension HTA exécute finalement des souches de logiciels malveillants tels que AgentTesla, Remcos et Limerat.Ce billet de blog expliquera le flux du processus de distribution du courrier de spam au binaire final, ainsi que les techniques utilisées. & # 160;La figure 1 montre le texte principal du courrier du spam ...

---

AhnLab Security Emergency response Center (ASEC) has discovered a phishing campaign that propagates through spam mails and executes a PE file (EXE) without creating the file into the user PC. The malware attachment in the hta extension ultimately executes malware strains such as AgentTesla, Remcos, and LimeRAT. This blog post will explain the distribution process flow from the spam mail to the final binary, as well as the techniques employed.  Figure 1 shows the main text of the spam mail... ]]> 2023-09-04T02:37:05+00:00 https://asec.ahnlab.com/en/56512/ www.secnews.physaphae.fr/article.php?IdArticle=8378513 False Spam,Malware None 3.0000000000000000 Checkpoint - Fabricant Materiel Securite Le 29 août 2023, le FBI a annoncé avoir démantelé l'opération multinationale de piratage informatique et de ransomware Qakbot (également appelée Qbot), qui a touché 700 000 ordinateurs dans le monde - ;y compris les institutions financières, les entrepreneurs gouvernementaux et les fabricants de dispositifs médicaux.Le malware Qakbot a infecté les victimes via des courriers indésirables contenant des pièces jointes et des liens malveillants.Il a également servi de plateforme aux opérateurs de ransomwares.Une fois infecté, l'ordinateur des victimes est devenu partie intégrante du réseau de zombies plus vaste de Qakbot, infectant encore plus de victimes.Check Point Research (CPR) suit Qakbot et ses opérations depuis des années.Cette année, Qakbot a été souligné dans le rapport de sécurité de mi-année 2023 comme […]

---

>On August 29, 2023, the FBI announced it dismantled the Qakbot (also referred to as Qbot) multinational cyber hacking and ransomware operation, impacting 700,000 computers around the world – including financial institutions, government contractors and medical device manufacturers. The Qakbot malware infected victims via spam emails with malicious attachments and links. It also served as a platform for ransomware operators. Once infected, the victims\' computer became part of Qakbot\'s larger botnet operation, infecting even more victims. Check Point Research (CPR) has tracked Qakbot and its operations for years. This year, Qakbot was highlighted in the 2023 Mid-Year Security Report as […] ]]> 2023-08-29T20:45:45+00:00 https://blog.checkpoint.com/security/check-point-shares-analysis-of-qakbot-malware-group/ www.secnews.physaphae.fr/article.php?IdArticle=8376417 False Ransomware,Spam,Malware,Medical None 2.0000000000000000 Incogni - Blog Sécu de la société incogni, spécialisé en protection de la vie privé 2023-08-25T08:08:24+00:00 https://blog.incogni.com/report-spam-text/ www.secnews.physaphae.fr/article.php?IdArticle=8374409 False Spam None 2.0000000000000000 CVE Liste - Common Vulnerability Exposure 2023-08-23T14:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32497 www.secnews.physaphae.fr/article.php?IdArticle=8373710 False Spam,Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-08-23T14:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32496 www.secnews.physaphae.fr/article.php?IdArticle=8373709 False Spam,Vulnerability None None InfoSecurity Mag - InfoSecurity Magazine Credit reporting firm accused of sending millions of unwanted emails]]> 2023-08-23T09:00:00+00:00 https://www.infosecurity-magazine.com/news/experian-pays-650000-settle-spam/ www.secnews.physaphae.fr/article.php?IdArticle=8373556 False Spam None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC SentinelOne in 2021 and Microsoft in 2022. As stated in Microsoft’s report on UpdateAgent, a malware delivering AdLoad through drive-by compromise, AdLoad redirected users’ traffic through the adware operators’ servers, injecting advertisements and promotions into webpages and search results with a Person-in-The-Middle (PiTM) attack. These two previous campaigns, together with the campaign described in this blog, support the theory that AdLoad could be running a pay-per-Install campaign in the infected systems. The main purpose of the malware has always been to act as a downloader for subsequent payloads. It has been identified delivering a wide range of payloads (adware, bundleware, PiTM, backdoors, proxy applications, etc.) every few months to a year, sometimes conveying different payloads depending on the system settings such as geolocation, device make and model, operating system version, or language settings, as reported by SentinelOne. In all observed samples, regardless of payload, they report an Adload server during execution on the victim’s system. This beacon (analyzed later in Figure 3 & 4) includes system information in the user agent and the body, without any relevant response aside from a 200 HTTP response code. This activity probably represents AdLoad\'s method of keeping count of the number of infected systems, supporting the pay-per-Install scheme. AT&T Alien Labs™ has observed similar activity in our threat analysis systems throughout the last year, with the AdLoad malware being installed in the infected systems. However, Alien Labs is now observing a previously unreported payload being delivered to the victims. The payload corresponds to a proxy application, converting its targets into proxy exit nodes after infection. As seen in Figure 1, the threat actors behind this campaign have been very active since the beginning of 2022. Figure 1. Histogram of AdLoad samples identified by Alien Labs. The vast numb]]> 2023-08-10T10:00:00+00:00 https://cybersecurity.att.com/blogs/labs-research/mac-systems-turned-into-proxy-exit-nodes-by-adload www.secnews.physaphae.fr/article.php?IdArticle=8368296 False Spam,Malware,Threat,Cloud APT 32 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC As we go about our daily lives, whether that be shopping with the family, enjoying dinner at a restaurant, finding our gate at the airport, or even watching TV, we find ourselves more and more often encountering the QR code. These black-and-white checkerboards of sorts have gained a reputation for being a fast and convenient way of obtaining information via our smartphones while at the same time contributing to environmental conservation, as they allow businesses such as retailers and restaurants to print fewer paper menus or flyers. But before you whip out that phone and activate your camera, you should be aware that these seemingly innocuous QR codes can also be used for purposes you aren’t anticipating. Adversaries can also abuse them to steal your money, identity, or other data.  In fact, the term in the cybersecurity industry for attacks that leverage QR codes as a means of delivery is “quishing.” Although this may sound cute, the intentions behind these intrusions are, in reality, quite sinister. A brief history of the QR code While it may seem like we have only been interacting with QR codes over the past several years, they were in fact invented almost 30 years ago in 1994 by a Japanese company called Denso Wave, a subsidiary of Toyota Motor Corporation, for the purposes of tracking automotive parts in the assembly process. QR stands for “quick response” and is a sophisticated type of bar code that utilizes a square pattern containing even smaller black and white squares that represent numbers, letters, or even non-Latin scripts which can be scanned into a computer system. Have you ever noticed that there are larger black and white squares in just three of the corners of a QR code? Their purpose is to allow a scanning device to determine the code’s orientation, regardless of how it may be turned. The use of QR codes has expanded considerably since 1994. They have become a favored means for businesses to circulate marketing collateral or route prospects to web forms, and other even more creative uses have also been cultivated. Instead of printing resource-consuming user manuals, manufacturers may direct their consumers to web-hosted versions that can be reached by scanning codes printed on the packaging materials. Event venues print QR codes on tickets that can be scanned upon entry to verify validity, and museums post signs next to exhibits with QR codes for visitors to obtain more information. During the COVID-19 pandemic, the use of QR codes accelerated as organizations sought to create contactless methods of doing business. The dangers that lie beneath QR codes don’t appear to be going away anytime soon. The speed, and versatility they offer is hard to deny. However, any hacker worth their salt understands that the most effective attacks leverage social engineering to prey upon human assumptions or habits. We’ve become accustomed to scanning QR codes to quickly transact or to satisfy our sense of curiosity, but this convenience can come at a cost. There are several websites that make it incredibly simple and low cost (or free) for cybercriminals to generate QR codes, which they can use to do any of the following: Open a spoofed web page – Upon scanning the QR code, your browser will open a fake web page that appears to be a legitimate business, such as a bank or e-commerce site, where you are requested to provide login credentials or payment data, also known as a phishing attack. It is also possible that this site contains links to malware. Recommend an unscrupulous app – You will be directed to a particular app on the Apple App or Google Play Store and given the option to download the app to your mobile device. These apps can contain malware that installs additi]]> 2023-08-07T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/what-may-be-lurking-behind-that-qr-code www.secnews.physaphae.fr/article.php?IdArticle=8366831 False Spam,Malware,Threat,Cloud None 3.0000000000000000 GoogleSec - Firm Security Blog long put security first. There\'s the more visible security features you might interact with regularly, like spam and phishing protection, as well as less obvious integrated security features, like daily scans for malware. For example, Android Verified Boot strives to ensure all executed code comes from a trusted source, rather than from an attacker or corruption. And with attacks on software and mobile devices constantly evolving, we\'re continually strengthening these features and adding transparency into how Google protects users. This blog post peeks under the hood of Pixel Binary Transparency, a recent addition to Pixel security that puts you in control of checking if your Pixel is running a trusted installation of its operating system. Supply Chain Attacks & Binary TransparencyPixel Binary Transparency responds to a new wave of attacks targeting the software supply chain-that is, attacks on software while in transit to users. These attacks are on the rise in recent years, likely in part because of the enormous impact they can have. In recent years, tens of thousands of software users from Fortune 500 companies to branches of the US government have been affected by supply chain attacks that targeted the systems that create software to install a backdoor into the code, allowing attackers to access and steal customer data. ]]> 2023-08-04T13:50:22+00:00 http://security.googleblog.com/2023/08/pixel-binary-transparency-verifiable.html www.secnews.physaphae.fr/article.php?IdArticle=8365763 False Spam None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC rising volume of email fatigue, which can lead to less vigilance and increased vulnerability. Regrettably, email protection software does not fully safeguard against phishing due to the inevitable human factor involved. Indeed, there is a reason why social engineering continues to be a preferred strategy for cybercriminals - its effectiveness is exceptional. Many organizations are already conducting training sessions and rolling out specialized programs to enhance employee awareness about phishing. These programs are not just theoretical but also offer hands-on experience, allowing employees to interact with possible threats in real-world scenarios. For this, companies often use simulated phishing attacks, which are a vital part of their awareness programs. Some businesses manage these cyber exercises internally through their information security teams, while others enlist the help of service providers. However, these training sessions and mock phishing exercises are not without their flaws. At times, technical issues can disrupt the process. In other instances, the problem lies with the employees who may exhibit apathy, failing to fully engage in the process. There are indeed numerous ways in which problems can arise during the implementation of these programs. Email messages caught by technical means of protection It is standard practice for most companies to operate various email security systems, like Secure Email Gateway, DMARC, SPF, DKIM tools, sandboxes, and various antivirus software. However, the goal of simulated phishing within security awareness training is to test people, not the effectiveness of technical protective tools. Consequently, when initiating any project, it is crucial to adjust the protection settings so your simulated phishing emails can get through. Do not forget to tweak all tools of email protection at all levels. It is important to establish appropriate rules across all areas. By tweaking the settings, I am certainly not suggesting a total shutdown of the information security system - that would be unnecessary. When sending out simulated phishing emails, it is important to create exceptions for the IP addresses and domains that these messages come from, adding them to an allowlist. After making these adjustments, conduct a test run to ensure the emails are not delayed in a sandbox, diverted to junk folders, or flagged as spam in the Inbox. For the training sessions to be effective and yield accurate statistics, there should be no issues with receiving these training emails, such as blocking, delays, or labeling them as spam. Reporting phishing Untrained employees often become victims of phishing, but those who are prepared, do more than just skip and delete suspicious messages; they report them to their company\'s]]> 2023-07-26T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/how-to-improve-employee-phishing-awareness www.secnews.physaphae.fr/article.php?IdArticle=8361790 False Spam,Malware,Tool None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC energy sector, which powers our modern society - from homes and businesses to critical infrastructure and national defense systems, finds itself under the growing threat of cyberattacks. With the energy sector\'s growing dependence on digital technologies and interconnectivity, the attack surface for cybercriminals has expanded. This situation is further complicated by incidents such as the SolarWinds and Colonial Pipeline attacks years ago, which compromised numerous value chains, along with recent escalations in cyber threats. These circumstances highlight the urgent need for a robust and proactive cybersecurity strategy in the energy sector. Why the energy sector is vulnerable According to McKinsey, the energy sector is particularly vulnerable to cyber threats due to several characteristics that amplify the risk and impact of attacks against utilities: The threat landscape has expanded, with nation-state actors, sophisticated players, cybercriminals, and hacktivists targeting infrastructure providers. This diverse range of threat actors poses varying levels of sophistication and potential disruptions to electric power and gas operations. The geographically distributed nature of organizations\' infrastructure further complicates cybersecurity efforts. Maintaining visibility across both information technology (IT) and operational technology (OT) systems becomes challenging, not only within utility-controlled sites but also in consumer-facing devices that may contain cyber vulnerabilities, thereby compromising revenue or the overall security of the grid. The organizational complexity of the energy sector exposes vulnerabilities to cyberattacks. Utilities often rely on multiple business units responsible for different aspects of energy generation, transmission, and distribution. This diversity introduces separate IT and OT policy regimes, making it difficult to ensure the network\'s overall security. To illustrate the potential impact across the entire value chain, it\'s worth noting that electric organizations, in particular, could face cyber threats capable of disrupting various stages, including generation, transmission, distribution, and network segments. Generation stage: Potential disruptions in this stage could stem from service interruptions and ransomware attacks targeting power plants and clean-energy generators. The primary vulnerabilities lie in legacy generation systems and clean-energy infrastructure that were not originally designed with cybersecurity in mind. Transmission stage: The large-scale disruption of power to consumers could occur through remote disconnection of services. This is possible due to physical security weaknesses that allow unauthorized access to grid control systems, leading to potential disruptions. Distribution stage: Disruptions at substations could result in regional service loss and customer disruptions. The root cause of such disruptions can be traced back to distributed power systems and the limited security built into Supervisory Control and Data Acquisition (SCADA) systems. Network stage: Cyber threats at this stage could lead to the theft of customer information, fraudulent activities, and service disruptions. These threats are driven by the extensive attack surface presented by Internet of Things (IoT) devices, including smart meters and electric vehicles. Recommendations for enhancing cybersecurity in the energy Sector To further strengthen cybersecurity practices in the ene]]> 2023-07-20T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/protecting-energy-infrastructure-from-cyberattacks www.secnews.physaphae.fr/article.php?IdArticle=8359293 False Ransomware,Spam,Vulnerability,Threat,Prediction None 4.0000000000000000 Silicon - Site de News Francais 2023-07-18T09:49:32+00:00 https://www.silicon.fr/pinterest-detection-anomalies-470122.html www.secnews.physaphae.fr/article.php?IdArticle=8358178 False Spam None 3.0000000000000000 AhnLab - Korean Security Firm netsupport rat est utilisé par divers acteurs de menace.Ceux-ci sont distribués par des e-mails de spam et des pages de phishing déguisées en documents tels que des factures, des documents d'expédition et des commandes d'achat).La distribution via des pages de phishing a été couverte sur ce blog dans le passé.[1] Ahnlab Security Emergency Response Center (ASEC) a découvert que le rat Netsupport était distribué via un e-mail de phishing de lance qui a récemment été en circulation.Ce message couvrira le flux d'action de sa distribution via des e-mails de phishing et son ...

---

NetSupport RAT is being used by various threat actors. These are distributed through spam emails and phishing pages disguised as documents such as Invoices, shipment documents, and PO (purchase orders). Distribution via phishing pages has been covered on this Blog in the past. [1] AhnLab Security Emergency response Center(ASEC) discovered NetSupport RAT being distributed via a spear phishing email that has recently been in circulation. This post will cover the action flow from its distribution via phishing emails and its... ]]> 2023-07-06T23:15:00+00:00 https://asec.ahnlab.com/en/55146/ www.secnews.physaphae.fr/article.php?IdArticle=8353188 False Spam,Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Every website owner or webmaster grapples with the issue of spam on their website forms. The volume of spam can be so overwhelming that finding useful information within it becomes quite challenging. What exacerbates this issue is that spam can populate your public pages, appearing in comments and reviews. You likely understand how this can damage your website\'s reputation, affect search results]]> 2023-07-03T17:00:00+00:00 https://thehackernews.com/2023/07/improve-your-security-wordpress-spam.html www.secnews.physaphae.fr/article.php?IdArticle=8351801 False Spam None 2.0000000000000000 knowbe4 - cybersecurity services CyberheistNews Vol 13 #26  |   June 27th, 2023 [Eyes Open] The FTC Reveals the Latest Top Five Text Message Scams The U.S. Federal Trade Commission (FTC) has published a data spotlight outlining the most common text message scams. Phony bank fraud prevention alerts were the most common type of text scam last year. "Reports about texts impersonating banks are up nearly tenfold since 2019 with median reported individual losses of $3,000 last year," the report says. These are the top five text scams reported by the FTC: Copycat bank fraud prevention alerts Bogus "gifts" that can cost you Fake package delivery problems Phony job offers Not-really-from-Amazon security alerts "People get a text supposedly from a bank asking them to call a number ASAP about suspicious activity or to reply YES or NO to verify whether a transaction was authorized. If they reply, they\'ll get a call from a phony \'fraud department\' claiming they want to \'help get your money back.\' What they really want to do is make unauthorized transfers. "What\'s more, they may ask for personal information like Social Security numbers, setting people up for possible identity theft." Fake gift card offers took second place, followed by phony package delivery problems. "Scammers understand how our shopping habits have changed and have updated their sleazy tactics accordingly," the FTC says. "People may get a text pretending to be from the U.S. Postal Service, FedEx, or UPS claiming there\'s a problem with a delivery. "The text links to a convincing-looking – but utterly bogus – website that asks for a credit card number to cover a small \'redelivery fee.\'" Scammers also target job seekers with bogus job offers in an attempt to steal their money and personal information. "With workplaces in transition, some scammers are using texts to perpetrate old-school forms of fraud – for example, fake \'mystery shopper\' jobs or bogus money-making offers for driving around with cars wrapped in ads," the report says. "Other texts target people who post their resumes on employment websites. They claim to offer jobs and even send job seekers checks, usually with instructions to send some of the money to a different address for materials, training, or the like. By the time the check bounces, the person\'s money – and the phony \'employer\' – are long gone." Finally, scammers impersonate Amazon and send fake security alerts to trick victims into sending money. "People may get what looks like a message from \'Amazon,\' asking to verify a big-ticket order they didn\'t place," the FTC says. "Concerned ]]> 2023-06-27T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-26-eyes-open-the-ftc-reveals-the-latest-top-five-text-message-scams www.secnews.physaphae.fr/article.php?IdArticle=8349704 False Ransomware,Spam,Malware,Hack,Tool,Threat ChatGPT,ChatGPT,APT 15,APT 28,FedEx 2.0000000000000000 SlashNext - Cyber Firm Un nouvel avertissement de Verizon de la montée en puissance des smirs, des messages texte et des escroqueries par texte et du FBI signalent 10,3 milliards de dollars de fraude sur Internet l'année dernière, les CISO sont de plus en plus préoccupés par les menaces mobiles ciblant les employés et l'impact sur leur organisation.La montée en puissance du smirage, des messages texte de spam et des escroqueries par texte.Dans une enquête récente [& # 8230;] Le post CISOS de plus en plus préoccupé par les menaces mobiles : //slashnext.com "> slashnext .

---

>A new warning from Verizon about the rise of smishing, spam text messages and text scams and the FBI reporting $10.3 billion in internet fraud last year, CISOs are increasingly concerned about mobile threats targeting employees and the impact to their organization.  The rise of smishing, spam text messages and text scams.  In recent survey […] The post CISOs Increasingly Concerned About Mobile Threats first appeared on SlashNext.]]> 2023-06-23T21:30:46+00:00 https://slashnext.com/blog/cisos-increasingly-concerned-about-mobile-threats/ www.secnews.physaphae.fr/article.php?IdArticle=8386745 False Spam APT 15 2.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain récolte Données de livraison UPS réelles d'un outil de suivi canadien pour son phishing sms.

---

I get UPS phishing spam on my phone all the time. I never click on it, because it’s so obviously spam. Turns out that hackers have been harvesting actual UPS delivery data from a Canadian tracking tool for its phishing SMSs.]]> 2023-06-23T14:55:41+00:00 https://www.schneier.com/blog/archives/2023/06/ups-data-harvested-for-sms-phishing-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=8348531 False Spam,Tool None 2.0000000000000000 knowbe4 - cybersecurity services CyberheistNews Vol 13 #25  |   June 20th, 2023 [Fingerprints All Over] Stolen Credentials Are the No. 1 Root Cause of Data Breaches Verizon\'s DBIR always has a lot of information to unpack, so I\'ll continue my review by covering how stolen credentials play a role in attacks. This year\'s Data Breach Investigations Report has nearly 1 million incidents in their data set, making it the most statistically relevant set of report data anywhere. So, what does the report say about the most common threat actions that are involved in data breaches? Overall, the use of stolen credentials is the overwhelming leader in data breaches, being involved in nearly 45% of breaches – this is more than double the second-place spot of "Other" (which includes a number of types of threat actions) and ransomware, which sits at around 20% of data breaches. According to Verizon, stolen credentials were the "most popular entry point for breaches." As an example, in Basic Web Application Attacks, the use of stolen credentials was involved in 86% of attacks. The prevalence of credential use should come as no surprise, given the number of attacks that have focused on harvesting online credentials to provide access to both cloud platforms and on-premises networks alike. And it\'s the social engineering attacks (whether via phish, vish, SMiSh, or web) where these credentials are compromised - something that can be significantly diminished by engaging users in security awareness training to familiarize them with common techniques and examples of attacks, so when they come across an attack set on stealing credentials, the user avoids becoming a victim. Blog post with links:https://blog.knowbe4.com/stolen-credentials-top-breach-threat [New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blocklist Now there\'s a super easy way to keep malicious emails away from all your users through the power of the KnowBe4 PhishER platform! The new PhishER Blocklist feature lets you use reported messages to prevent future malicious email with the same sender, URL or attachment from reaching other users. Now you can create a unique list of blocklist entries and dramatically improve your Microsoft 365 email filters without ever l]]> 2023-06-20T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-25-fingerprints-all-over-stolen-credentials-are-the-no1-root-cause-of-data-breaches www.secnews.physaphae.fr/article.php?IdArticle=8347292 False Ransomware,Data Breach,Spam,Malware,Hack,Vulnerability,Threat,Cloud ChatGPT,ChatGPT 2.0000000000000000 Incogni - Blog Sécu de la société incogni, spécialisé en protection de la vie privé comment arrêter les e-mails de spam sur iPhone Lire la suite "

---

> How to stop spam emails on iPhone Read More "]]> 2023-06-16T11:20:51+00:00 https://blog.incogni.com/stop-spam-emails-iphone/ www.secnews.physaphae.fr/article.php?IdArticle=8347352 False Spam None 2.0000000000000000