This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-06-01T20:46:37+00:00 www.secnews.physaphae.fr CVE Liste - Common Vulnerability Exposure 2022-08-29T18:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1663 www.secnews.physaphae.fr/article.php?IdArticle=6616323 False Spam,Threat None None SANS Institute - SANS est un acteur de defense et formation 2022-08-26T05:31:39+00:00 https://isc.sans.edu/diary/rss/28984 www.secnews.physaphae.fr/article.php?IdArticle=6536936 False Spam None None DarkTrace - DarkTrace: AI bases detection 2022-08-23T00:00:00+00:00 https://darktrace.com/blog/emotet-resurgence-cross-industry-campaign-analysis www.secnews.physaphae.fr/article.php?IdArticle=6481958 False Spam None 4.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET The Sender Policy Framework can't help prevent spam and phishing if you allow billions of IP addresses to send as your domain ]]> 2022-08-16T09:30:17+00:00 https://www.welivesecurity.com/2022/08/16/spoofed-email-passed-spf-check-inbox/ www.secnews.physaphae.fr/article.php?IdArticle=6355265 False Spam None None CVE Liste - Common Vulnerability Exposure 2022-08-15T11:21:39+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-35958 www.secnews.physaphae.fr/article.php?IdArticle=6341896 False Spam None 3.0000000000000000 Security Affairs - Blog Secu LogoKit – Threat actors leveraging Open Redirect Vulnerabilities popular in online services and apps to bypass spam filters in phishing campaigns. Resecurity, Inc. (USA), a Los Angeles-based cybersecurity company providing managed threat detection and response for Fortune 500’s, identified threat actors leveraging Open Redirect Vulnerabilities popular in online services and apps to bypass spam filters […] ]]> 2022-08-08T15:11:18+00:00 https://securityaffairs.co/wordpress/134141/hacking/logokit-phishing-open-redirect.html www.secnews.physaphae.fr/article.php?IdArticle=6203650 False Spam,Threat None None CVE Liste - Common Vulnerability Exposure 2022-08-08T14:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-35488 www.secnews.physaphae.fr/article.php?IdArticle=6204353 False Spam None None Malwarebytes Labs - MalwarebytesLabs Smishing attacks, or phishing attempts via SMS, are on the rise, and Americans are fighting off billions of spam messages each month. ]]> 2022-08-05T12:39:42+00:00 https://blog.malwarebytes.com/social-engineering/2022/08/fcc-warns-of-steep-rise-in-phishing-over-sms/ www.secnews.physaphae.fr/article.php?IdArticle=6142174 False Spam None None CISCO Talos - Cisco Research blog By Edmund Brumaghin, Azim Khodjibaev and Matt Thaxton, with contributions from Arnaud Zobec.Executive SummaryDark Utilities, released in early 2022, is a platform that provides full-featured C2 capabilities to adversaries.It is marketed as a means to enable remote access, command execution, distributed denial-of-service (DDoS) attacks and cryptocurrency mining operations on infected systems.Payloads provided by the platform support Windows, Linux and Python-based implementations and are hosted within the Interplanetary File System (IPFS), making them resilient to content moderation or law enforcement intervention.Since its initial release, we've observed malware samples in the wild leveraging it to facilitate remote access and cryptocurrency mining.What is "Dark Utilities?"In early 2022, a new C2 platform called "Dark Utilities" was established, offering a variety of services such as remote system access, DDoS capabilities and cryptocurrency mining. The operators of the service also established Discord and Telegram communities where they provide technical support and assistance for customers on the platform.Dark Utilities provides payloads consisting of code that is executed on victim systems, allowing them to be registered with the service and establish a command and control (C2) communications channel. The platform currently supports Windows, Linux and Python-based payloads, allowing adversaries to target multiple architectures without requiring significant development resources. During our analysis, we observed efforts underway to expand OS and system architecture support as the platform continues to see ongoing develo]]> 2022-08-04T08:00:13+00:00 http://blog.talosintelligence.com/2022/08/dark-utilities.html www.secnews.physaphae.fr/article.php?IdArticle=6123175 False Spam,Malware,Hack,Tool,Threat,Guideline APT 19 None CVE Liste - Common Vulnerability Exposure 2022-08-01T20:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31184 www.secnews.physaphae.fr/article.php?IdArticle=6083393 False Spam None 5.0000000000000000 CISCO Talos - Cisco Research blog By Caitlin Huey.For the first time in more than a year, ransomware was not the top threat Cisco Talos Incident Response (CTIR) responded to this quarter, as commodity malware surpassed ransomware by a narrow margin. This is likely due to several factors, including the closure of several ransomware groups, whether it be of their own volition or the actions of global law enforcement agencies and governments. Commodity malware was the top observed threat this quarter, a notable development given the general decrease in observations of attacks leveraging commodity trojans in CTIR engagements since 2020. These developments coincide with a general resurgence of certain email-based trojans in recent months, as law enforcement and technology companies have continued to attempt to disrupt and affect email-based malware threats like Emotet and Trickbot. This quarter featured malware such as the Remcos remote access trojan (RAT), Vidar infostealer, Redline Stealer and Qakbot (Qbot), a well-known banking trojan that in recent weeks, has been observed in new clusters of activity delivering a variety of payloads. TargetingThe top-targeted vertical continues to be telecommunications, following a trend where it was among the top targeted verticals in Q4 2021 and Q1 2022, closely followed by organizations in the education and health care sectors. Commodity malwareThis quarter saw a notable increase in commodity malware threats compared to previous quarters. Commodity]]> 2022-07-26T10:11:15+00:00 http://blog.talosintelligence.com/2022/07/quarterly-report-incident-response.html www.secnews.physaphae.fr/article.php?IdArticle=5951623 False Ransomware,Spam,Malware,Threat None None Graham Cluley - Blog Security 2022-07-19T15:13:21+00:00 https://grahamcluley.com/ec-council-university-comment-spam/ www.secnews.physaphae.fr/article.php?IdArticle=5826383 False Spam None 3.0000000000000000 Global Security Mag - Site de news francais Malwares]]> 2022-07-19T13:08:17+00:00 http://www.globalsecuritymag.fr/Stranger-scams-des-cybercriminels,20220719,128071.html www.secnews.physaphae.fr/article.php?IdArticle=5825774 False Spam None None Fortinet ThreatSignal - Harware Vendor 2022-07-07T08:10:19+00:00 https://fortiguard.fortinet.com/threat-signal-report/4660 www.secnews.physaphae.fr/article.php?IdArticle=5595941 False Ransomware,Spam None None AhnLab - Korean Security Firm According to Section 50 of the ACT ON PROMOTION OF INFORMATION AND COMMUNICATIONS NETWORK UTILIZATION AND INFORMATION PROTECTION, anyone who wishes to send promotional information for commercial purposes via electronic transmission media must receive explicit consent of the receiver in advance. Spam refers to promotional information sent or posted for commercial purposes through communications networks although it is unwanted by the user. This post will present the analysis of a program that sends messages automatically on a particular web portal.... ]]> 2022-07-01T05:48:14+00:00 https://asec.ahnlab.com/en/36184/ www.secnews.physaphae.fr/article.php?IdArticle=5667586 False Spam None None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Lockbit Ransomware Disguised as Copyright Claim E-mail Being Distributed (published: June 24, 2022) ASEC researchers have released their analysis of a recent phishing campaign, active since February 2022. The campaign aims to infect users with Lockbit ransomware, using the pretense of a copyright claim as the phishing lure. The phishing email directs the recipient to open the attached zip file which contains a pdf of the infringed material. In reality, the pdf is a disguised NSIS executable which downloads and installs Lockbit. The ransomware is installed onto the desktop for persistence through desktop change or reboot. Prior to data encryption, Lockbit will delete the volume shadow copy to prevent data recovery, in addition to terminating a variety of services and processes to avoid detection. Analyst Comment: Never click on suspicious attachments or run any executables from suspicious emails. Copyright infringement emails are a common phishing lure. Such emails will be straight forward to rectify if legitimate. If a copyright email is attempting to coerce you into opening attachments, such emails should be treated with extreme caution. MITRE ATT&CK: [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] Data Encrypted for Impact - T1486 | [MITRE ATT&CK] Impair Defenses - T1562 Tags: malware:Phishing, malware:Lockbit, Lockbit, Copyright, Ransomware There is More Than One Way To Sleep: Deep Dive into the Implementations of API Hammering by Various Malware Families (published: June 24, 2022) Researchers at Palo Alto Networks have released their analysis of new BazarLoader and Zloader samples that utilize API Hammering as a technique to evade sandbox detection. API Hammering makes use of a large volume of Windows API calls to delay the execution of malicious activity to trick sandboxes into thinking the malware is benign. Whilst BazarLoader has utilized the technique in the past, this new variant creates large loops of benign API using a new process. Encoded registry keys within the malware are used for the calls and the large loop count is created from the offset of the first null byte of the first file in System32 directory. Zloader uses a different form of API Hammering to evade sandbox detection. Hardcoded within Zloader are four large functions with many smaller functions within. Each function makes an input/output (I/O) call to mimic the behavior of many legitimate processes. Analyst Comment: Defense in depth is the best defense against sophisticated malware. The Anomali Platform can assist in detection of malware and Match anomalous activity from all telemetry sources to provide the complete picture of adversary activity within your network. MITRE ATT&CK: [MITRE ATT&CK] Virtualization/Sandbox Evasion - T1497 Tags: malware:BazarLoad]]> 2022-06-28T19:11:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-api-hammering-confuses-sandboxes-pirate-panda-wrote-in-nim-magecart-obfuscates-variable-names-and-more www.secnews.physaphae.fr/article.php?IdArticle=5436667 False Ransomware,Spam,Malware,Tool,Vulnerability,Threat APT 23,APT 28 None IT Security Guru - Blog Sécurité 2022-06-22T10:31:08+00:00 https://www.itsecurityguru.org/2022/06/22/new-phishing-attack-infects-devices-with-cobalt-strike/?utm_source=rss&utm_medium=rss&utm_campaign=new-phishing-attack-infects-devices-with-cobalt-strike www.secnews.physaphae.fr/article.php?IdArticle=5324558 True Spam,Malware,Threat None None CVE Liste - Common Vulnerability Exposure 2022-06-20T11:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1801 www.secnews.physaphae.fr/article.php?IdArticle=5298135 False Spam None 2.0000000000000000 Bleeping Computer - Magazine Américain 2022-06-18T10:06:03+00:00 https://www.bleepingcomputer.com/news/security/wave-of-matanbuchus-spam-is-infecting-devices-with-cobalt-strike/ www.secnews.physaphae.fr/article.php?IdArticle=5250503 False Spam,Malware None None Bleeping Computer - Magazine Américain 2022-06-18T10:06:03+00:00 https://www.bleepingcomputer.com/news/security/new-phishing-attack-infects-devices-with-cobalt-strike/ www.secnews.physaphae.fr/article.php?IdArticle=5265601 True Spam,Malware None 3.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET As the risk of receiving a malware-laden email increases, take a moment to consider how to spot attacks involving malicious spam ]]> 2022-06-17T16:00:25+00:00 https://www.welivesecurity.com/videos/how-spot-malicious-spam-week-security-tony-anscombe/ www.secnews.physaphae.fr/article.php?IdArticle=5225616 False Spam None None CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-06-13T02:00:00+00:00 https://www.csoonline.com/article/3250144/6-ways-hackers-will-use-machine-learning-to-launch-attacks.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=5130513 False Spam,Threat None 3.0000000000000000 Krebs on Security - Chercheur Américain 2022-06-11T00:04:22+00:00 https://krebsonsecurity.com/2022/06/adconion-execs-plead-guilty-in-federal-anti-spam-case/ www.secnews.physaphae.fr/article.php?IdArticle=5084764 False Spam,Guideline None None Malwarebytes Labs - MalwarebytesLabs 2022-06-10T15:49:40+00:00 https://blog.malwarebytes.com/scams/2022/06/whatsapp-spam-offers-up-bq-fathers-day-contest-2022/ www.secnews.physaphae.fr/article.php?IdArticle=5077292 False Spam None None CVE Liste - Common Vulnerability Exposure 2022-06-08T10:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1709 www.secnews.physaphae.fr/article.php?IdArticle=5040192 False Spam None None CVE Liste - Common Vulnerability Exposure 2022-06-08T10:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1569 www.secnews.physaphae.fr/article.php?IdArticle=5040171 False Spam None 5.0000000000000000 TroyHunt - Blog Security 2022-06-07T16:38:51+00:00 https://arstechnica.com/?p=1859437 www.secnews.physaphae.fr/article.php?IdArticle=5024646 False Spam None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-06-07T01:14:19+00:00 https://thehackernews.com/2022/06/researchers-warn-of-spam-campaign.html www.secnews.physaphae.fr/article.php?IdArticle=5020523 False Spam,Malware,Threat None None Ars Technica - Risk Assessment Security Hacktivism 2022-06-06T16:11:22+00:00 https://arstechnica.com/?p=1858401 www.secnews.physaphae.fr/article.php?IdArticle=5013717 False Spam None None knowbe4 - cybersecurity services Consumer Affairs reported on how big of a problem SMS phishing scams have become, and how it's about to get a lot worse. According to a recent FBI report, more than 320,000 Americans were targeted by these schemes in 2021, resulting in $44 billion in losses. Consumers on average get an average of 19.5 spam texts per month, over double the rate it was three years ago.]]> 2022-05-27T12:04:11+00:00 https://blog.knowbe4.com/44-billion-dollar-smishing-problem www.secnews.physaphae.fr/article.php?IdArticle=4837705 False Spam None None Ars Technica - Risk Assessment Security Hacktivism 2022-05-17T17:15:07+00:00 https://arstechnica.com/?p=1854604 www.secnews.physaphae.fr/article.php?IdArticle=4670552 False Spam None None SecurityWeek - Security News ]]> 2022-05-17T12:24:22+00:00 https://www.securityweek.com/musk-doubt-about-spam-accounts-could-scuttle-twitter-deal www.secnews.physaphae.fr/article.php?IdArticle=4667185 False Spam None None 01net. Actualites - Securite - Magazine Francais ]]> 2022-05-17T12:11:00+00:00 https://www.01net.com/actualites/twitter-replique-a-elon-musk-au-sujet-des-spams-et-explique-comment-il-lutte-contre-les-faux-comptes-2056270.html www.secnews.physaphae.fr/article.php?IdArticle=4664363 False Spam None None TroyHunt - Blog Security 2022-05-13T15:28:09+00:00 https://arstechnica.com/?p=1854158 www.secnews.physaphae.fr/article.php?IdArticle=4591730 False Spam None None GoogleSec - Firm Security Blog here. We're also making even more modules updatable directly through Google Play System Updates so we can automatically upgrade more system components and fix bugs, seamlessly, without you having to worry about it. We now have more than 30 components in Android that can be automatically updated through Google Play, including new modules in Android 13 for Bluetooth and ultra-wideband (UWB). Last year we talked about how the majority of vulnerabilities in major operating systems are caused by undefined behavior in programming languages like C/C++. Rust is an alternative language that provides the efficiency and flexibility required in advanced systems programming (OS, networking) but Rust comes with the added boost of memory safety. We are happy to report that Rust is being adopted in security critical parts of Android, such as our key management components and networking stacks. Hardening the platform doesn't just stop with continual improvements with memory safety and expansion of anti-exploitation techniques. It also includes hardening our API surfaces to provide a more secure experience to our end users. In Android 13 we implemented numerous enhancements to help mitigate potential vulnerabilities that app developers may inadvertently introduce. This includes making runtime receivers safer by allowing developers to specify whether a particular broadcast receiver in their app s]]> 2022-05-11T15:49:52+00:00 http://security.googleblog.com/2022/05/io-2022-android-13-security-and-privacy.html www.secnews.physaphae.fr/article.php?IdArticle=4593780 False Spam,Vulnerability None None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2022-05-11T12:13:51+00:00 https://threatpost.com/novel-phishing-trick-uses-weird-links-to-bypass-spam-filters/179587/ www.secnews.physaphae.fr/article.php?IdArticle=4577377 False Spam None 3.0000000000000000 CVE Liste - Common Vulnerability Exposure 2022-05-06T18:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27758 www.secnews.physaphae.fr/article.php?IdArticle=4557512 False Spam,Vulnerability None 5.0000000000000000 TechRepublic - Security News US 2022-05-04T15:01:01+00:00 https://www.techrepublic.com/article/phishers-taking-advantage-of-gmails-smtp-relay-service-to-impersonate-brands/ www.secnews.physaphae.fr/article.php?IdArticle=4543806 False Spam None None ZD Net - Magazine Info 2022-04-29T09:49:00+00:00 https://www.zdnet.com/article/vulnerable-plugins-default-configurations-plague-the-website-security-landscape/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=4520688 False Spam None None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Lazarus Targets Chemical Sector (published: April 14, 2022) In January 2022, Symantec researchers discovered a new wave of Operation Dream Job. This operation, attributed to the North Korea-sponsored group Lazarus, utilizes fake job offers via professional social media and email communications. With the new wave of attacks, Operation Dream Job switched from targeting the defense, government, and engineering sectors to targeting South Korean organizations operating within the chemical sector. A targeted user executes an HTM file sent via a link. The HTM file is copied to a DLL file to be injected into the legitimate system management software. It downloads and executes the final backdoor: a trojanized version of the Tukaani project LZMA Utils library (XZ Utils) with a malicious export added (AppMgmt). After the initial access, the attackers gain persistence via scheduled tasks, move laterally, and collect credentials and sensitive information. Analyst Comment: Organizations should train their users to recognize social engineering attacks including those posing as “dream job” proposals. Organizations facing cyberespionage threats should implement a defense-in-depth approach: layering of security mechanisms, redundancy, fail-safe defense processes. MITRE ATT&CK: [MITRE ATT&CK] Scheduled Task - T1053 | [MITRE ATT&CK] User Execution - T1204 | [MITRE ATT&CK] Windows Management Instrumentation - T1047 | [MITRE ATT&CK] Process Injection - T1055 | [MITRE ATT&CK] Valid Accounts - T1078 | [MITRE ATT&CK] Signed Binary Proxy Execution - T1218 | [MITRE ATT&CK] Credentials from Password Stores - T1555 Tags: Lazarus, Operation Dream Job, North Korea, source-country:KP, South Korea, target-country:KR, APT, HTM, CPL, Chemical sector, Espionage, Supply chain, IT sector Old Gremlins, New Methods (published: April 14, 2022) Group-IB researchers have released their analysis of threat actor OldGremlin’s new March 2022 campaign. OldGremlin favored phishing as an initial infection vector, crafting intricate phishing emails that target Russian industries. The threat actors utilized the current war between Russia and Ukraine to add a sense of legitimacy to their emails, with claims that users needed to click a link to register for a new credit card, as current ones would be rendered useless by incoming sanctions. The link leads users to a malicious Microsoft Office document stored within Dropbox. When macros are enabled, the threat actor’s new, custom backdoor, TinyFluff, a new version of their old TinyNode]]> 2022-04-19T15:00:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-raidforums-seized-sandworm-attacks-ukrainian-power-stations-north-korea-steals-chemical-secrets-and-more www.secnews.physaphae.fr/article.php?IdArticle=4477972 False Ransomware,Spam,Malware,Vulnerability,Threat,Guideline,Medical APT 38,APT 28 None CISCO Talos - Cisco Research blog 2022-04-14T11:00:00+00:00 http://blog.talosintelligence.com/2022/04/threat-source-newsletter-april-14-2022.html www.secnews.physaphae.fr/article.php?IdArticle=4449699 False Spam,Threat None None CVE Liste - Common Vulnerability Exposure 2022-04-11T15:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0949 www.secnews.physaphae.fr/article.php?IdArticle=4430025 False Spam,Guideline None None CVE Liste - Common Vulnerability Exposure 2022-03-25T12:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1064 www.secnews.physaphae.fr/article.php?IdArticle=4340571 False Spam None None CVE Liste - Common Vulnerability Exposure 2022-03-14T15:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0254 www.secnews.physaphae.fr/article.php?IdArticle=4278521 False Spam,Guideline None None SecurityWeek - Security News 2022-03-13T14:26:20+00:00 https://www.securityweek.com/filter-blocked-70000-emails-indiana-lawmakers-bill www.secnews.physaphae.fr/article.php?IdArticle=4272672 False Spam None None TechRepublic - Security News US 2022-03-09T20:48:00+00:00 https://www.techrepublic.com/article/chinese-hackers-attempted-phishing-on-emails-affiliated-with-us-government/ www.secnews.physaphae.fr/article.php?IdArticle=4251217 False Spam None None TechRepublic - Security News US 2022-03-04T17:23:01+00:00 https://www.techrepublic.com/article/picking-up-the-phone-still-might-be-the-best-way-to-do-business/ www.secnews.physaphae.fr/article.php?IdArticle=4227769 False Spam None None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2022-02-15T22:31:33+00:00 https://threatpost.com/squirrelwaffle-fraud-exchange-server-malspamming/178434/ www.secnews.physaphae.fr/article.php?IdArticle=4135809 False Spam None None knowbe4 - cybersecurity services [Heads Up] FBI Warns Against New Criminal QR Code Scams   Email not displaying? | CyberheistNews Vol 12 #07  |   Feb. 15th., 2022 [Heads Up] FBI Warns Against New Criminal QR Code Scams QR codes have been around for many years. While they were adopted for certain niche uses, they never did quite reach their full potential. They are a bit like Rick Astley in that regard, really popular for one song, but well after the boat had sailed. Do not get me wrong, Rick Astley achieved a lot. In recent years, he has become immortalized as a meme and Rick roller, but he could have been so much more. However, in recent years, with lockdown and the drive to keep things at arms length, QR codes have become an efficient way to facilitate contactless communications, or the transfer of offers without physically handing over a coupon. As this has grown in popularity, more people have become familiar with how to generate their own QR codes and how to use them as virtual business cards, discount codes, links to videos and all sorts of other things. QRime Codes As with most things, once they begin to gain a bit of popularity, criminals move in to see how they can manipulate the situation to their advantage. Recently, we have seen fake QR codes stuck to parking meters enticing unwitting drivers to scan the code, and hand over their payment details believing they were paying for parking, whereas they were actually handing over their payment information to criminals. The rise in QR code fraud resulted in the FBI releasing an advisory warning against fake QR codes that are being used to scam users. In many cases, a fake QR code will lead people to a website that looks like the intended legitimate site. So, the usual verification process of checking the URL and any other red flags apply. CONTINUED with links and 4 example malicious QR codes on the KnowBe4 blog: https://blog.knowbe4.com/qr-codes-in-the-time-of-cybercrime ]]> 2022-02-15T14:24:51+00:00 https://blog.knowbe4.com/cyberheistnews-vol-12-07-heads-up-fbi-warns-against-new-criminal-qr-code-scams www.secnews.physaphae.fr/article.php?IdArticle=4133418 False Ransomware,Data Breach,Spam,Malware,Threat,Guideline APT 43,APT 15 None IT Security Guru - Blog Sécurité 2022-02-14T11:52:32+00:00 https://www.itsecurityguru.org/2022/02/14/half-of-all-emails-in-2021-were-spam/?utm_source=rss&utm_medium=rss&utm_campaign=half-of-all-emails-in-2021-were-spam www.secnews.physaphae.fr/article.php?IdArticle=4124728 False Spam None None InfoSecurity Mag - InfoSecurity Magazine 2022-02-11T10:08:00+00:00 https://www.infosecurity-magazine.com/news/half-of-global-emails-were-spam-in/ www.secnews.physaphae.fr/article.php?IdArticle=4111311 False Spam None None Kaspersky - Kaspersky Research blog 2022-02-09T10:00:28+00:00 https://securelist.com/spam-and-phishing-in-2021/105713/ www.secnews.physaphae.fr/article.php?IdArticle=4098573 False Spam None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-01-28T03:10:59+00:00 https://thehackernews.com/2022/01/hackers-using-device-registration-trick.html www.secnews.physaphae.fr/article.php?IdArticle=4045485 False Spam None None Security Affairs - Blog Secu 2022-01-24T12:05:20+00:00 https://securityaffairs.co/wordpress/127108/malware/emotet-evasion-technique.html?utm_source=rss&utm_medium=rss&utm_campaign=emotet-evasion-technique www.secnews.physaphae.fr/article.php?IdArticle=4025218 False Spam,Malware,Threat None None ProofPoint - Firm Security 2022-01-10T14:54:48+00:00 https://www.proofpoint.com/us/newsroom/news/email-spam-breaking-through-again-heres-what-you-can-do-minimize-it www.secnews.physaphae.fr/article.php?IdArticle=3947922 False Spam None None knowbe4 - cybersecurity services Spam calls in the US spiked in October, according to Truecaller's annual Global Spam Report. The report observed that Truecaller customers in the US received 3,115,861 spam calls in October. The researchers note that a user in the US receives an average of 4.8 spam calls per month, totalling approximately 1.4 billion calls across the country every month.]]> 2021-12-20T16:56:12+00:00 https://blog.knowbe4.com/spam-calling-rates-spike www.secnews.physaphae.fr/article.php?IdArticle=3832950 False Spam None None Security Affairs - Blog Secu 2021-12-17T11:47:21+00:00 https://securityaffairs.co/wordpress/125725/malware/phorpiex-botnet-return.html?utm_source=rss&utm_medium=rss&utm_campaign=phorpiex-botnet-return www.secnews.physaphae.fr/article.php?IdArticle=3812885 False Spam,Threat None None CVE Liste - Common Vulnerability Exposure 2021-12-13T11:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24863 www.secnews.physaphae.fr/article.php?IdArticle=3788588 False Spam,Guideline None None TechRepublic - Security News US 2021-12-08T16:00:01+00:00 https://www.techrepublic.com/article/fight-back-against-spam-calls-with-this-subscription-to-the-robokiller-app/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=3763159 False Spam None None knowbe4 - cybersecurity services Researchers at MailGuard have observed a phishing campaign that's using phony “spam notification” emails that purport to come from Microsoft Office 365. The emails tell recipients that an important-looking email has been sent to their spam folder, and they'll need to click a link to view the supposed message.]]> 2021-12-08T15:47:28+00:00 https://blog.knowbe4.com/credential-harvesting-phishing-campaign-urges-review-of-spam www.secnews.physaphae.fr/article.php?IdArticle=3791151 False Spam None None Bleeping Computer - Magazine Américain 2021-12-05T11:07:37+00:00 https://www.bleepingcomputer.com/news/security/convincing-microsoft-phishing-uses-fake-office-365-spam-alerts/ www.secnews.physaphae.fr/article.php?IdArticle=3749394 False Spam None None CISCO Talos - Cisco Research blog 2021-12-03T07:46:29+00:00 http://blog.talosintelligence.com/2021/12/talos-takes-ep-79-emotets-back-with.html www.secnews.physaphae.fr/article.php?IdArticle=3742268 False Spam None None Bleeping Computer - Magazine Américain 2021-12-02T15:28:25+00:00 https://www.bleepingcomputer.com/news/security/twitter-removes-3-400-accounts-used-in-govt-propaganda-campaigns/ www.secnews.physaphae.fr/article.php?IdArticle=3739013 False Spam None None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Emotet malware is back and rebuilding its botnet via TrickBot (published: November 15, 2021) After Europol enforcement executed a takeover of the Emotet infrastructure in April 2021 and German law enforcement used this infrastructure to load a module triggering an uninstall of existing Emotet installs, new Emotet installs have been detected via initial infections with TrickBot. These campaigns and infrastructure appear to be rapidly proliferating. Once infected with Emotet, in addition to leveraging the infected device to send malspam, additional malware can be downloaded and installed on the victim device for various purposes, including ransomware. Researchers currently have not seen any spamming activity or any known malicious documents dropping Emotet malware besides from TrickBot. It is possible that Emotet is using Trickbot to rebuild its infrastructure and steal email chains it will use in future spam attacks. Analyst Comment: Phishing continues to be a preferred method for initial infection by many actors and malware families. End users should be cautious with email attachments and links, and organizations should have robust endpoint protections that are regularly updated. ***For Anomali ThreatStream Customers*** To assist in helping the community, especially with the online shopping season upon us, Anomali Threat Research has made available two, threat actor-focused dashboards: Mummy Spider and Wizard Spider, for Anomali ThreatStream customers. The Dashboards are preconfigured to provide immediate access and visibility into all known Mummy Spider and Wizard Spider indicators of compromise (IOCs) made available through commercial and open-source threat feeds that users manage on ThreatStream. MITRE ATT&CK: [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] Shared Modules - T1129 | [MITRE ATT&CK] Data Encrypted - T1022 | [MITRE ATT&CK] Ingress Tool Transfer - T1105 | [MITRE ATT&CK] Automated Collection - T1119 Tags: Emotet, Trickbot, phishing, ransomware Wind Turbine Giant Offline After Cyber Incident (published: November 22, 2021) The internal IT systems for Vestas Wind Systems, the world's largest manufacturer of wind turbines, have been hit by an attack. This attack does not appear to have affected their manufacturing or supply chain, and recovery of affected systems is underway, although a number of systems remain off as a precaution. The company has announced that some data has been compromised. The investigation of this incident is ongoing, but may have been a ransomware attack. The incidents of ransomware across the globe increased by near]]> 2021-11-23T20:30:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-apt-emotet-iran-redcurl-and-more www.secnews.physaphae.fr/article.php?IdArticle=3699453 False Ransomware,Spam,Malware,Tool,Vulnerability,Threat,Patching None None CISCO Talos - Cisco Research blog 2021-11-22T05:01:13+00:00 http://blog.talosintelligence.com/2021/11/emotet-back-from-the-dead.html www.secnews.physaphae.fr/article.php?IdArticle=3693220 False Spam,Malware,Threat,Guideline None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2021-11-22T03:47:12+00:00 https://thehackernews.com/2021/11/hackers-exploiting-proxylogon-and.html www.secnews.physaphae.fr/article.php?IdArticle=3692919 False Spam,Malware None None Bleeping Computer - Magazine Américain 2021-11-16T18:07:17+00:00 https://www.bleepingcomputer.com/news/security/here-are-the-new-emotet-spam-campaigns-hitting-mailboxes-worldwide/ www.secnews.physaphae.fr/article.php?IdArticle=3667925 False Spam,Malware None None CybeReason - Vendor blog In a recent blog post we discussed how today's more complex RansomOps attacks are more akin to stealthy APT-like operations than the old “spray and pray” mass email spam campaign of old, and how  there are multiple players from the larger Ransomware Economy at work, each with their own specializations. ]]> 2021-11-16T14:28:03+00:00 https://www.cybereason.com/blog/ransomops-detecting-complex-ransomware-operations www.secnews.physaphae.fr/article.php?IdArticle=3666590 False Ransomware,Spam None None Bleeping Computer - Magazine Américain 2021-11-15T15:04:23+00:00 https://www.bleepingcomputer.com/news/security/emotet-malware-is-back-and-rebuilding-its-botnet-via-trickbot/ www.secnews.physaphae.fr/article.php?IdArticle=3664572 True Spam,Malware None None Bleeping Computer - Magazine Américain 2021-11-15T15:04:23+00:00 https://www.bleepingcomputer.com/news/security/the-emotet-malware-is-back-and-rebuilding-its-botnet-via-trickbot/ www.secnews.physaphae.fr/article.php?IdArticle=3664190 False Spam,Malware None None InfoSecurity Mag - InfoSecurity Magazine 2021-11-15T09:22:00+00:00 https://www.infosecurity-magazine.com/news/fbi-fixes-misconfigured-server/ www.secnews.physaphae.fr/article.php?IdArticle=3662302 False Spam None None 01net. Actualites - Securite - Magazine Francais ]]> 2021-11-15T01:07:00+00:00 https://www.01net.com/actualites/il-a-humilie-le-fbi-en-utilisant-son-domaine-pour-envoyer-du-spam-2051142.html www.secnews.physaphae.fr/article.php?IdArticle=3663715 False Spam None 3.0000000000000000 Krebs on Security - Chercheur Américain 2021-11-13T22:46:53+00:00 https://krebsonsecurity.com/2021/11/hoax-email-blast-abused-poor-coding-in-fbi-website/ www.secnews.physaphae.fr/article.php?IdArticle=3657028 False Spam None None Security Affairs - Blog Secu 2021-11-13T22:35:26+00:00 https://securityaffairs.co/wordpress/124570/cyber-crime/fbi-hacked-email-server.html?utm_source=rss&utm_medium=rss&utm_campaign=fbi-hacked-email-server www.secnews.physaphae.fr/article.php?IdArticle=3657033 False Spam,Threat None None Bleeping Computer - Magazine Américain 2021-11-13T13:36:16+00:00 https://www.bleepingcomputer.com/news/security/fbi-system-hacked-to-email-urgent-warning-about-fake-cyberattacks/ www.secnews.physaphae.fr/article.php?IdArticle=3656201 False Spam None None Bleeping Computer - Magazine Américain 2021-11-11T16:34:07+00:00 https://www.bleepingcomputer.com/news/security/windows-10-app-installer-abused-in-bazarloader-malware-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=3646938 False Spam,Malware None None CVE Liste - Common Vulnerability Exposure 2021-11-08T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24731 www.secnews.physaphae.fr/article.php?IdArticle=3628939 False Spam,Guideline None None CVE Liste - Common Vulnerability Exposure 2021-11-08T18:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24647 www.secnews.physaphae.fr/article.php?IdArticle=3628926 False Spam None None SecurityWeek - Security News 2021-11-02T17:03:52+00:00 http://feedproxy.google.com/~r/securityweek/~3/tCzL94jYeMM/signal-working-improving-anti-spam-capabilities www.secnews.physaphae.fr/article.php?IdArticle=3599792 False Spam None None Bleeping Computer - Magazine Américain 2021-11-01T17:55:04+00:00 https://www.bleepingcomputer.com/news/security/signal-now-lets-you-report-and-block-spam-messages/ www.secnews.physaphae.fr/article.php?IdArticle=3595159 False Spam None None Kaspersky - Kaspersky Research blog 2021-11-01T12:00:26+00:00 https://securelist.com/spam-and-phishing-in-q3-2021/104741/ www.secnews.physaphae.fr/article.php?IdArticle=3592484 False Spam None None CISCO Talos - Cisco Research blog ]]> 2021-10-28T11:00:00+00:00 http://feedproxy.google.com/~r/feedburner/Talos/~3/iDauhXuw58U/threat-source-newsletter-oct-28-2021.html www.secnews.physaphae.fr/article.php?IdArticle=3577115 False Spam None None InfoSecurity Mag - InfoSecurity Magazine 2021-10-27T11:15:00+00:00 https://www.infosecurity-magazine.com/news/treasury-five-million-malicious/ www.secnews.physaphae.fr/article.php?IdArticle=3572068 False Spam,Malware None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2021-10-27T06:47:55+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/pmeezPR0KMA/hackers-using-squirrelwaffle-loader-to.html www.secnews.physaphae.fr/article.php?IdArticle=3572869 False Spam,Malware None None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2021-10-26T22:25:05+00:00 https://threatpost.com/squirrelwaffle-loader-malspams-packing-qakbot-cobalt-strike/175775/ www.secnews.physaphae.fr/article.php?IdArticle=3569590 False Spam,Malware None None CISCO Talos - Cisco Research blog ]]> 2021-10-26T05:01:17+00:00 http://feedproxy.google.com/~r/feedburner/Talos/~3/eqmCZvL59LU/squirrelwaffle-emerges.html www.secnews.physaphae.fr/article.php?IdArticle=3566166 False Spam,Malware None None CVE Liste - Common Vulnerability Exposure 2021-10-25T16:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37624 www.secnews.physaphae.fr/article.php?IdArticle=3561743 False Spam,Guideline None None InfoSecurity Mag - InfoSecurity Magazine 2021-10-22T08:31:00+00:00 https://www.infosecurity-magazine.com/news/over-80-brits-deluged-scam-calls/ www.secnews.physaphae.fr/article.php?IdArticle=3548025 False Spam None None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Harvester: Nation-State-Backed Group Uses New Toolset To Target Victims In South Asia (published: October 18, 2021) A new threat group dubbed ‘Harvester’ has been found attacking organizations in South Asia and Afghanistan using a custom toolset composed of both public and private malware. Given the nature of the targets, which include governments, IT and Telecom companies, combined with the information stealing campaign, there is a high likelihood that this group is Nation-State backed. The initial infection method is unknown, but victim machines are directed to a URL that checks for a local file (winser.dll). If it doesn’t exist, a redirect is performed for a VBS file to download and run; this downloads and installs the Graphon backdoor. The command and control (C2) uses legitimate Microsoft and CloudFront services to mask data exfiltration. Analyst Comment: Nation-state threat actors are continually evolving their tactics, techniques and tools to adapt and infiltrate victim governments and/or companies. Ensure that employees have a training policy that reflects education on only downloading programs or documents from known, trusted sources. It is also important to notify management and the proper IT department if you suspect malicous activity may be occurring. MITRE ATT&CK: [MITRE ATT&CK] Process Injection - T1055 | [MITRE ATT&CK] Process Discovery - T1057 Tags: Backdoor.Graphon, Cobalt Strike Beacon, Metasploit Attackers Are Taking Advantage of the Open-Source Service Interactsh for Malicious Purposes (published: October 14, 2021) Unit 42 researchers have observed active exploits related to an open-source service called Interactsh. This tool can generate specific domain names to help its users test whether an exploit is successful. It can be used by researchers - but also by attackers - to validate vulnerabilities via real-time monitoring on the trace path for the domain. Researchers creating a proof-of-concept (PoC) for an exploit can insert "Interactsh" to check whether the exploit is working, but the service could also be used to check if the PoC is working. The tool became publicly available on April 16, 2021, and the first attempts to abuse it were observed soon after, on April 18, 2021. Analyst Comment: As the landscape changes, researchers and attackers will often use the same tools in order to reach a goal. In this instance, Interact.sh can be used to show if an exploit will work. Dual-use tools are often under fire for being able to validate malicious code, with this being the latest example. If necessary, take precautions and block traffic with interact.sh attached to it within company networks. Tags: Interactsh, Exploits ]]> 2021-10-19T15:00:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-fin12-ramps-up-in-europe-interactsh-being-used-for-malicious-purposes-new-yanluowang-ransomware-and-more www.secnews.physaphae.fr/article.php?IdArticle=3531690 False Ransomware,Spam,Malware,Tool,Vulnerability,Threat,Patching,Guideline None None ZD Net - Magazine Info 2021-10-19T11:05:14+00:00 https://www.zdnet.com/article/fcc-mulls-over-new-rules-demanding-carriers-to-block-spam-texts-at-network-level/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=3531191 False Spam None 4.0000000000000000 CISCO Talos - Cisco Research blog ]]> 2021-10-15T08:07:16+00:00 http://feedproxy.google.com/~r/feedburner/Talos/~3/k-KNFNIWvSc/talos-takes-ep-73-ncsam-edition-fight.html www.secnews.physaphae.fr/article.php?IdArticle=3519685 False Spam None None CVE Liste - Common Vulnerability Exposure 2021-10-13T15:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34814 www.secnews.physaphae.fr/article.php?IdArticle=3510131 False Spam None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2021-10-11T20:02:40+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/0BjvD8hXvd0/ukraine-arrests-operator-of-ddos-botnet.html www.secnews.physaphae.fr/article.php?IdArticle=3504120 False Spam None 4.0000000000000000 Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Malicious PowerPoint Documents On The Rise (published: September 22, 2021) McAfee Labs researchers have observed a new phishing campaign that utilizes macro capabilities available in Microsoft PowerPoint. The sentiment used here is finance related themes such as purchase orders. In this campaign, the spam email comes with a PowerPoint file as an attachment. Upon opening the malicious attachment, the VBA macro executes to deliver variants of AgentTesla which is a well-known password stealer. Attackers use this remote access trojan (RAT) as MaaS (Malware-as-a-Service) to steal user credentials and other information from victims through screenshots, keylogging, and clipboard captures. Analyst Comment: Files that request content be enabled to properly view the document are often signs of a phishing attack. If such a file is sent to you via a known and trusted sender, that individual should be contacted to verify the authenticity of the attachment prior to opening. Thus, any such file attachment sent by unknown senders should be viewed with the utmost scrutiny, and the attachments should be avoided and properly reported to appropriate personnel. MITRE ATT&CK: [MITRE ATT&CK] Input Capture - T1056 | [MITRE ATT&CK] Remote Access Tools - T1219 Tags: AgentTesla, RAT, MaaS, Malware-as-a-Service, VBA macro, Banking And Finance Microsoft Exchange Autodiscover Bugs Leak 100K Windows credentials (published: September 22, 2021) According to researchers from Guardicore have found a bug in the implementation of the “Autodiscover'' protocol is causing Microsoft Exchange’s Autodiscovery feature to automatically configure a user's mail client, such as Microsoft Outlook, with their organization's predefined mail settings. This is causing Windows credentials to be sent to third-party untrusted websites. Researchers have identified that this incorrect implementation has leaked approximately 100,000 login names and passwords for Windows domains worldwide. Analyst Comment: Administrators are recommended to block TLD domains provided by researchers on github. https://github.com/guardicore/labs_campaigns/tree/master/Autodiscover. Even though most of the domains may not be malicious, adversaries can easily register and take them over. Also organisations are recommended to disable basic authentication. Tags: EU & UK, China Netgear SOHO Security Bug Allows RCE, Corporate Attacks (published: September 22, 2021) Researchers at Grimm discovered a high-severity security bug affecting several Netgear small office/home office (SOHO) routers could allow remote c]]> 2021-09-28T15:30:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-microsoft-exchange-autodiscover-bugs-leak-100k-windows-credentials-revil-ransomware-reemerges-after-shutdown-new-mac-malware-masquerades-as-iterm2-and-more www.secnews.physaphae.fr/article.php?IdArticle=3438959 False Ransomware,Spam,Malware,Vulnerability,Threat None None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2021-09-28T10:00:26+00:00 https://threatpost.com/credential-spear-phishing-uses-spoofed-zix-encrypted-email/175044/ www.secnews.physaphae.fr/article.php?IdArticle=3437552 False Spam None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2021-09-27T04:21:35+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/G7li3ub2TF4/how-does-dmarc-prevent-phishing.html www.secnews.physaphae.fr/article.php?IdArticle=3432888 False Spam Yahoo None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence CISA: Patch Zoho Bug Being Exploited by APT Groups (published: September 17, 2021) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert regarding a critical authentication bypass vulnerability, registered as “CVE-2021-4053,” that affects Zoho’s “ManageEngine ADSelfService Plus.” The vulnerability affects ManageEngine, a self-service password management and single sign-on solution from the online productivity vendor. The vulnerability is a Remote Code Execution (RCE) bypass vulnerability that could allow for remote code execution if exploited, according to the CISA. A successful exploitation of the vulnerability allows an actor to place webshells, which enable the adversary to conduct post-exploitation activities, such as compromising administrator credentials, lateral movement, and exfiltrating registry hives and Active Directory files. Zoho released a patch for this vulnerability on September 6, but CISA claimed that malicious actors might have been exploiting it as far back as August. Analyst Comment: Users should immediately apply the patch released by Zoho. Continuing usage of vulnerable applications will increase the likelihood that threat actors will attempt to exploit them, especially with open sources discussing the details of some vulnerabilities. These sources could allow some actors to create exploits to vulnerable software with malicious intent. MITRE ATT&CK: [MITRE ATT&CK] Unsecured Credentials - T1552 | [MITRE ATT&CK] Valid Accounts - T1078 Tags: APT, Bug, Vulnerability, Zoho Operation Layover: How We Tracked An Attack On The Aviation Industry to Five Years of Compromise (published: September 16, 2021) Cisco Talos, along with Microsoft researchers, have identified a spearphishing campaign targeting the aviation sector that has been targeting aviation for at least two years. The actors behind this campaign used email spoofing to masquerade as legitimate organizations. The emails contained an attached PDF file that included an embedded link, containing a malicious VBScript which would then drop Trojan payloads on a target machine. The malware was used to spy on victims as well as to exfiltrate data including credentials, screenshots, clipboard, and webcam data. The threat actor attributed to this campaign has also been linked to crypter purchases from online forums; his personal phone number and email addresses were revealed, although these findings have not been verified. The actor is located in Nigeria and is suspected of being active since at least 2013, due to IPs connected to hosts, domains, and the attacks at large originate from this country. Analyst Comment: Files that request content be enabled to properly view the document are often signs of a phishing attack. If such a file is sent to you via a]]> 2021-09-21T16:09:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-vermillion-strike-operation-layover-new-malware-uses-windows-subsystem-for-linux-and-more www.secnews.physaphae.fr/article.php?IdArticle=3407078 False Spam,Malware,Tool,Vulnerability,Threat None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2021-09-20T04:00:58+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/0xlymO1MaG4/a-new-wave-of-malware-attack-targeting.html www.secnews.physaphae.fr/article.php?IdArticle=3399349 False Spam,Malware,Threat APT-C-36 None Bleeping Computer - Magazine Américain 2021-09-19T12:58:30+00:00 https://www.bleepingcomputer.com/news/security/new-elon-musk-club-crypto-giveaway-scam-promoted-via-email/ www.secnews.physaphae.fr/article.php?IdArticle=3395075 False Spam None None SANS Institute - SANS est un acteur de defense et formation 2021-09-17T09:09:15+00:00 https://isc.sans.edu/diary/rss/27846 www.secnews.physaphae.fr/article.php?IdArticle=3383033 False Spam,Threat None None