This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-20T21:36:45+00:00 www.secnews.physaphae.fr CVE Liste - Common Vulnerability Exposure 2021-08-18T20:15:06+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1561 www.secnews.physaphae.fr/article.php?IdArticle=3251902 False Spam,Vulnerability None None Bleeping Computer - Magazine Américain 2021-08-13T14:02:01+00:00 https://www.bleepingcomputer.com/news/microsoft/microsoft-teams-will-alert-users-of-incoming-spam-calls/ www.secnews.physaphae.fr/article.php?IdArticle=3224390 False Spam None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine 2021-08-12T10:54:00+00:00 https://www.infosecurity-magazine.com/news/ncsc-launches-microsoft-office-365/ www.secnews.physaphae.fr/article.php?IdArticle=3216943 False Spam None None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2021-08-11T16:43:37+00:00 https://threatpost.com/friends-reunion-video-swindle/168583/ www.secnews.physaphae.fr/article.php?IdArticle=3211759 False Spam None None TechRepublic - Security News US 2021-08-06T13:55:20+00:00 https://www.techrepublic.com/article/phishing-continues-to-target-big-businesses-and-exploit-covid-19-fears-in-q2-2021/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=3183909 False Spam None None Kaspersky - Kaspersky Research blog 2021-08-05T10:00:45+00:00 https://securelist.com/spam-and-phishing-in-q2-2021/103548/ www.secnews.physaphae.fr/article.php?IdArticle=3177199 False Spam None None CVE Liste - Common Vulnerability Exposure 2021-08-03T19:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33320 www.secnews.physaphae.fr/article.php?IdArticle=3168559 False Spam None None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence BazaCall: Phony Call Centers Lead to Exfiltration and Ransomware (published: July 29, 2021) BazaCall campaigns have forgone malicious links or attachments in email messages in favor of phone numbers that recipients are misled into calling. Actual humans then provide the callers with step-by-step instructions for installing malware. The BazaLoader payload from these campaigns also gives a remote attacker hands-on-keyboard control on an affected user's device, which allows for a fast network compromise. The lack of obvious malicious elements in the delivery methods could render typical ways of detecting spam and phishing emails ineffective. Analyst Comment: All users should be informed of the risk phishing poses, and how to safely make use of email. They should take notice that a phone number sent to them can be fraudulent too. In the case of infection, the affected system should be wiped and reformatted, and if at all possible the ransom should not be paid. Implement a backup solution for your users to ease the pain of losing sensitive and important data. MITRE ATT&CK: [MITRE ATT&CK] User Execution - T1204 | [MITRE ATT&CK] Credential Dumping - T1003 | [MITRE ATT&CK] Data Encrypted for Impact - T1486 Tags: BazaCall, Bazaar, Ransomware Crimea “Manifesto” Deploys VBA Rat Using Double Attack Vectors (published: July 29, 2021) Hossein Jazi has identified a suspicious document named "Манифест". It downloads and executes two templates: one is macro-enabled and the other is an Internet Explorer exploit. While both techniques rely on template injection to drop a full-featured Remote Access Trojan, the IE exploit is an unusual discovery. Analyst Comment: Files that request content be enabled to properly view the document are often signs of a phishing attack. If such a file is sent to you via a known and trusted sender, that individual should be contacted to verify the authenticity of the attachment prior to opening. Thus, any such file attachment sent by unknown senders should be viewed with the utmost scrutiny, and the attachments should be avoided and properly reported to appropriate personnel. MITRE ATT&CK: [MITRE ATT&CK] User Execution - T1204 | [MITRE ATT&CK] Template Injection - T1221 | [MITRE ATT&CK] Scheduled Task - T1053 | [MITRE ATT&CK] Modify Registry - T1112 Tags: VBA, Russia, RAT, CVE-]]> 2021-08-03T15:00:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-lockbit-ransomware-phony-call-centers-lead-to-exfiltration-and-ransomware-vba-rat-using-double-attack-vectors-and-more www.secnews.physaphae.fr/article.php?IdArticle=3166543 False Ransomware,Data Breach,Spam,Malware,Threat,Guideline None None TroyHunt - Blog Security 2021-07-23T19:16:06+00:00 https://arstechnica.com/?p=1782571 www.secnews.physaphae.fr/article.php?IdArticle=3121893 False Spam None None Krebs on Security - Chercheur Américain 2021-07-20T21:30:00+00:00 https://krebsonsecurity.com/2021/07/spam-kingpin-peter-levashov-gets-time-served/ www.secnews.physaphae.fr/article.php?IdArticle=3102728 False Spam,Malware None None SecurityWeek - Security News 2021-07-20T21:01:10+00:00 http://feedproxy.google.com/~r/securityweek/~3/s2qCakhAx0Q/russian-hacker-levashov-sentenced-time-already-served www.secnews.physaphae.fr/article.php?IdArticle=3102741 False Spam None 2.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET 2021-07-20T12:00:39+00:00 http://feedproxy.google.com/~r/eset/blog/~3/CqnxXyuo20I/ www.secnews.physaphae.fr/article.php?IdArticle=3103773 False Spam None None Fortinet - Fabricant Materiel Securite ]]> 2021-07-19T00:00:00+00:00 http://feedproxy.google.com/~r/fortinet/blogs/~3/oBjBOLcPHw4/signed-sealed-and-delivered-signed-xll-file-delivers-buer-loader www.secnews.physaphae.fr/article.php?IdArticle=3100644 False Spam None None SecureMac - Security focused on MAC 2021-07-15T12:50:00+00:00 https://www.securemac.com/checklist/checklist-239-two-two-you www.secnews.physaphae.fr/article.php?IdArticle=3070727 False Spam None None Security Affairs - Blog Secu 2021-07-10T05:09:35+00:00 https://securityaffairs.co/wordpress/119928/cyber-crime/kaseya-warns-malspam-campaign.html?utm_source=rss&utm_medium=rss&utm_campaign=kaseya-warns-malspam-campaign www.secnews.physaphae.fr/article.php?IdArticle=3045877 False Ransomware,Spam,Malware,Threat None None SecurityWeek - Security News 2021-07-09T14:58:51+00:00 http://feedproxy.google.com/~r/securityweek/~3/--RU_8mDXAI/zloader-adopts-new-macro-related-delivery-technique-recent-attacks www.secnews.physaphae.fr/article.php?IdArticle=3043176 False Spam,Malware None None Bleeping Computer - Magazine Américain 2021-07-07T08:50:19+00:00 https://www.bleepingcomputer.com/news/security/fake-kaseya-vsa-security-update-backdoors-networks-with-cobalt-strike/ www.secnews.physaphae.fr/article.php?IdArticle=3032581 False Ransomware,Spam,Threat None None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Shutdown Kaseya VSA Servers Now Amidst Cascading REvil Attack Against MSPs, Clients (published: July 4, 2021) A severe ransomware attack reportedly took place against the popular remote monitoring and management (RMM) software tool Kaseya VSA. On July 2, 2021, Kaseya urged users to shut down their VSA servers to prevent them from being compromised. The company estimated that fewer than 40 of their customers worldwide were affected, but as some of them were managed service providers (MSPs), over 1,000 businesses were infected. The majority of known victims are in the US with some in Europe (Sweden) and New Zealand. The attackers exploited a zero-day vulnerability in Kaseya’s systems that the company was in the process of fixing. It was part of the administrative interface vulnerabilities in tools for system administration previously identified by Wietse Boonstra, a DIVD researcher. The REvil payload was delivered via Kaseya software using a custom dropper that dropped two files. A dropper opens an old but legitimate copy of Windows Defender (MsMpEng.exe) that then side loads and executes the custom malicious loader's export. The attack coincided with the start of the US Independence Day weekend, and has several politically-charged strings, such as “BlackLivesMatter” Windows registry key and “DTrump4ever” as a password. Analyst Comment: Kaseya VSA clients should safely follow the company’s recommendations as it advised shutting Kaseya VSA servers down, and is making new security updates available. Every organization should have a ransomware disaster recovery plan even if it is serviced by a managed service provider (MSP). MITRE ATT&CK: [MITRE ATT&CK] Data Encrypted for Impact - T1486 | [MITRE ATT&CK] Supply Chain Compromise - T1195 | [MITRE ATT&CK] DLL Side-Loading - T1073 Tags: REvil, Sodinokibi, Gandcrab, Leafroller, Kaseya VSA, ransomware, Ransomware-as-a- Service, zero-day, CVE-2021-30116, supply-chain, North America, USA, Sweden, New Zealand, MSP, RMM, schools IndigoZebra APT Continues To Attack Central Asia With Evolving Tools (published: July 1, 2021) Researchers from Check Point have identified the Afghan Government as the latest victim in a cyber espionage campaign by the suspected Chinese group ‘IndigoZebra’. This attack began in April when Afghan National Security Council (NSC) officials began to receive lure emails claiming to be from the President’s secretariat. These emails included a decoy file that would install the backdoor ‘BoxCaon’ on the system before reaching out to the Dropbox API to act as a C&C server. The attacker would then be able to fingerprint the machine and begin accessing files. I]]> 2021-07-06T15:05:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-thousands-attacked-as-revil-ransomware-hijacks-kaseya-vsa-leaked-babuk-locker-ransomware-builder-used-in-new-attacks-and-more www.secnews.physaphae.fr/article.php?IdArticle=3028191 False Ransomware,Spam,Malware,Tool,Vulnerability,Threat,Guideline APT 19,APT 10 None CISCO Talos - Cisco Research blog ]]> 2021-07-01T10:56:01+00:00 http://feedproxy.google.com/~r/feedburner/Talos/~3/f87NbMy251w/threat-source-newsletter-july-1-2021.html www.secnews.physaphae.fr/article.php?IdArticle=3007601 True Spam None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2021-06-30T05:56:11+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/kdy-4NIh4jE/webinar-how-cyber-attack-groups-are.html www.secnews.physaphae.fr/article.php?IdArticle=3000513 False Ransomware,Spam None None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Microsoft Signed a Malicious Netfilter Rootkit (published: June 25, 2021) Security researchers recently discovered a malicious netfilter driver that is signed by a valid Microsoft signing certificate. The files were initially thought to be a false positive due to the valid signing, but further inspection revealed that the malicious driver called out to a Chinese IP. Further research has analyzed the malware, dropper, and Command and Control (C2) commands. Microsoft is still investigating this incident, but has clarified that they did approve the signing of the driver. Analyst Comment: Malware signed by a trusted source is a threat vector that can be easily missed, as organizations may be tempted to not inspect files from a trusted source. It is important for organizations to have network monitoring as part of their defenses. Additionally, the signing certificate used was quite old, so review and/or expiration of old certificates could prevent this malware from running. MITRE ATT&CK: [MITRE ATT&CK] Code Signing - T1116 | [MITRE ATT&CK] Install Root Certificate - T1130 Tags: Netfilter, China Dell BIOSConnect Flaws Affect 30 Million Devices (published: June 24, 2021) Four vulnerabilities have been identified in the BIOSConnect tool distributed by Dell as part of SupportAssist. The core vulnerability is due to insecure/faulty handling of TLS, specifically accepting any valid wildcard certificate. The flaws in this software affect over 30 million Dell devices across 128 models, and could be used for Remote Code Execution (RCE). Dell has released patches for these vulnerabilities and currently there are no known actors scanning or exploiting these flaws. Analyst Comment: Any business or customer using Dell hardware should patch this vulnerability to prevent malicious actors from being able to exploit it. The good news is that Dell has addressed the issue. Patch management and asset inventories are critical portions of a good defense in depth security program. MITRE ATT&CK: [MITRE ATT&CK] Exploitation for Client Execution - T1203 | [MITRE ATT&CK] Exploitation for Privilege Escalation - T1068 | [MITRE ATT&CK] Peripheral Device Discovery - T1120 Tags: CVE-2021-21571, CVE-2021-21572, CVE-2021-21573, CVE-2021-21574, Dell, BIOSConnect Malicious Spam Campaigns Delivering Banking Trojans (published: June 24, 2021) Analysis from two mid-March 2021 spam campaignts revealed that th]]> 2021-06-29T16:29:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-microsoft-signs-malicious-netfilter-rootkit-ransomware-attackers-using-vms-fertility-clinic-hit-with-data-breach-and-more www.secnews.physaphae.fr/article.php?IdArticle=2996479 False Ransomware,Data Breach,Spam,Malware,Tool,Vulnerability,Threat,Patching APT 30 None TechRepublic - Security News US 2021-06-29T13:00:08+00:00 https://www.techrepublic.com/article/americans-lost-29-8-billion-to-phone-scams-in-the-past-year-study-finds/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=2995371 False Spam None None CVE Liste - Common Vulnerability Exposure 2021-06-28T14:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28585 www.secnews.physaphae.fr/article.php?IdArticle=2992253 False Spam,Vulnerability None None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2021-06-25T01:05:45+00:00 https://threatpost.com/spam-icedid-banking-trojan-variant/167250/ www.secnews.physaphae.fr/article.php?IdArticle=2979899 False Spam None None CISCO Talos - Cisco Research blog ]]> 2021-06-24T11:00:00+00:00 http://feedproxy.google.com/~r/feedburner/Talos/~3/XWJsCxzEAC4/threat-source-newsletter-june-24-2021.html www.secnews.physaphae.fr/article.php?IdArticle=2977906 False Spam None None Kaspersky - Kaspersky Research blog 2021-06-24T10:00:56+00:00 https://securelist.com/malicious-spam-campaigns-delivering-banking-trojans/102917/ www.secnews.physaphae.fr/article.php?IdArticle=2975361 False Spam None None Bleeping Computer - Magazine Américain 2021-06-19T09:45:00+00:00 https://www.bleepingcomputer.com/news/technology/tinder-spam-campaign-hides-handwritten-links-in-profile-images/ www.secnews.physaphae.fr/article.php?IdArticle=2952952 False Spam None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC magic links are in the air. They are becoming an intriguing means to strengthen digital security without inconveniencing users. This article discusses magic links, their magical function, and their potential benefits for a corporation. Magic links Magic links are authorized URLs that carry a token which grants accessibility to a particular user. They enable users to register or log in to a website, as well as make online transactions. When the user clicks on the URL, they get verified instantly. Magic links usually have a short life and are one-of-a-kind. Magic links form a digital authentication technique that can use both a passwordless and a multi-factor authentication system. Why use magic links In a digital world, magic links are useful in passwordless and multi-factor authentication. Passwordless authentication refers to a security system that doesn't use passwords. Users authenticate using a magic link, eliminating the need for passwords. They only require inputting an email address or contact number to get the URL to click. Multi-factor authentication (MFA) is a method of user authentication in various stages. Two or more authentication methods increase the steps the user must take. However, magic links provide the minimum complexity since users only need to click the URL to complete the procedure. How magic links work Magic links consist of three steps: On a sign-in page, the user inputs their email address. If the user has a registered email address, they will receive an email containing a magic link. To finish the sign-in cycle, the user selects and clicks the magic link. Conversely, at the time of registration, the user can also get a live link for authentication later on. This technique is comparable to a password reset process, in which a user receives a hidden link that enables them to update their password. Magic links function in the same way as password resets do, whereas the user doesn't need to type a password to navigate to their profile. Magic link security concerns One of several security issues users may face comes from the email provider. When email providers label magic link emails as spam, a significant email redirects to infrequently used spam folders. Users can require a link over a link without knowing they route to spam. The trick is to choose a reliable email provider with an IP address that traditional spam detection identifies as effective. Organizations can improve security of their magic links implementation. If an application delivers a magic link and the client seeks another, does the first link lapse? Users can become irritated if they have to click on several links to find the recent one. Magic links that expire leave the login process with minimal loopholes but give the user fewer options to sign in. Organizations need to consider this balance. Likewise, certain websites prevent users from utilizing magic links beyond the browser session in which the magic link was provided. When you close your window an]]> 2021-06-08T10:00:00+00:00 https://feeds.feedblitz.com/~/654216844/0/alienvault-blogs~Magic-in-Cybersecurity-Magic-links-to-replace-the-password www.secnews.physaphae.fr/article.php?IdArticle=2889600 False Spam None 4.0000000000000000 Bleeping Computer - Magazine Américain 2021-06-05T10:45:05+00:00 https://www.bleepingcomputer.com/news/security/massive-spam-campaign-promotes-online-casinos-with-misleading-emails/ www.secnews.physaphae.fr/article.php?IdArticle=2878780 False Spam,Guideline None None Fortinet - Fabricant Materiel Securite ]]> 2021-06-04T00:00:00+00:00 http://feedproxy.google.com/~r/fortinet/blogs/~3/OhDqfNDADRo/phishing-malware-hijacks-bitcoin-addresses-delivers-new-agent-tesla-variant www.secnews.physaphae.fr/article.php?IdArticle=2875811 False Spam,Malware None None Bleeping Computer - Magazine Américain 2021-05-30T14:55:43+00:00 https://www.bleepingcomputer.com/news/security/watch-out-these-unsubscribe-emails-only-lead-to-further-spam/ www.secnews.physaphae.fr/article.php?IdArticle=2860077 False Spam None None SANS Institute - SANS est un acteur de defense et formation 1] and now for the past several weeks I have been receiving spear-phishing emails that pretend to be coming from Microsoft Outlook to "Sign in to verify" my account, new terms of services, new version, etc. There also have been some reports this week about large ongoing spear-phishing campaign [2][3] worth reading. Here are some samples which always include a sense of urgency to login as soon as possible: ]]> 2021-05-29T17:18:41+00:00 https://isc.sans.edu/diary/rss/27472 www.secnews.physaphae.fr/article.php?IdArticle=2857498 False Spam None None Graham Cluley - Blog Security 2021-05-27T13:12:16+00:00 https://www.tripwire.com/state-of-security/featured/cryptocurrency-scam-attack-twitter-check-app-connections/ www.secnews.physaphae.fr/article.php?IdArticle=2846122 False Spam None None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2021-05-24T20:53:10+00:00 https://threatpost.com/american-express-fined-spam/166412/ www.secnews.physaphae.fr/article.php?IdArticle=2832446 False Spam None None InfoSecurity Mag - InfoSecurity Magazine 2021-05-24T10:00:00+00:00 https://www.infosecurity-magazine.com:443/news/amex-fined-sending-four-million/ www.secnews.physaphae.fr/article.php?IdArticle=2829960 False Spam None None Bleeping Computer - Magazine Américain 2021-05-23T10:00:00+00:00 https://www.bleepingcomputer.com/news/security/amex-fined-90-000-for-sending-4-million-spam-emails-in-a-year/ www.secnews.physaphae.fr/article.php?IdArticle=2828671 False Spam None None Schneier on Security - Chercheur Cryptologue Américain new banking trojan that is stealing financial information and crypto wallets. …the program can be delivered in a couple of ways­ — either via malicious links contained within spam emails, or through a trojanized app. Using these sneaky methods, trojan operators will implant the malware onto a target device, where it will install a sophisticated backdoor that “contains more than 100 commands and allows the attackers to steal online banking account credentials,” the researchers write. The backdoor has numerous commands built in to allow manipulation of a targeted individual, including keystroke loggers that allow for harvesting of personal login information. In some instances, the malware can allow criminals to commandeer a victim's crypto wallet, too...]]> 2021-05-20T14:13:26+00:00 https://www.schneier.com/blog/archives/2021/05/bizarro-banking-trojan.html www.secnews.physaphae.fr/article.php?IdArticle=2816562 False Spam,Malware None None Bleeping Computer - Magazine Américain 2021-05-20T12:02:40+00:00 https://www.bleepingcomputer.com/news/security/spammers-flood-pypi-with-pirated-movie-links-and-bogus-packages/ www.secnews.physaphae.fr/article.php?IdArticle=2816686 False Spam None None CVE Liste - Common Vulnerability Exposure 2021-05-17T17:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24295 www.secnews.physaphae.fr/article.php?IdArticle=2801329 False Spam,Vulnerability None None Graham Cluley - Blog Security 2021-05-13T13:54:57+00:00 https://www.tripwire.com/state-of-security/featured/muddy-waters-ofwat-received-20000-spam-and-phishing-emails/ www.secnews.physaphae.fr/article.php?IdArticle=2779760 False Spam None None Bleeping Computer - Magazine Américain 2021-05-07T05:00:00+00:00 https://www.bleepingcomputer.com/news/security/cuba-ransomware-partners-with-hancitor-for-spam-fueled-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=2751038 False Ransomware,Spam,Malware None None CVE Liste - Common Vulnerability Exposure 2021-05-06T13:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24245 www.secnews.physaphae.fr/article.php?IdArticle=2746408 False Spam,Guideline None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2021-05-05T06:51:24+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/rW9i6ktBYjQ/new-study-warns-of-security-threats.html www.secnews.physaphae.fr/article.php?IdArticle=2742244 False Spam None None Kaspersky - Kaspersky Research blog 2021-05-03T10:00:36+00:00 https://securelist.com/spam-and-phishing-in-q1-2021/102018/ www.secnews.physaphae.fr/article.php?IdArticle=2731738 False Spam None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2021-04-26T02:50:01+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/d1is2yvvbGA/emotet-malware-destroys-itself-today.html www.secnews.physaphae.fr/article.php?IdArticle=2694499 False Ransomware,Spam,Malware None None CVE Liste - Common Vulnerability Exposure 2021-04-21T12:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20501 www.secnews.physaphae.fr/article.php?IdArticle=2675706 False Spam,Vulnerability None None InformationSecurityBuzzNews - Site de News Securite 2021-04-16T14:58:31+00:00 https://informationsecuritybuzz.com/expert-comments/expert-reaction-on-research-that-coronavirus-triggering-surge-in-cyber-fraud/ www.secnews.physaphae.fr/article.php?IdArticle=2653374 False Spam None None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2021-04-12T18:12:04+00:00 https://threatpost.com/icedid-web-forms-google-urls/165347/ www.secnews.physaphae.fr/article.php?IdArticle=2626396 False Spam None None CISCO Talos - Cisco Research blog ]]> 2021-04-08T11:00:00+00:00 http://feedproxy.google.com/~r/feedburner/Talos/~3/QRCsoRr7mGA/threat-source-newsletter-april-8-2021.html www.secnews.physaphae.fr/article.php?IdArticle=2606358 False Spam None None SANS Institute - SANS est un acteur de defense et formation 2021-03-31T08:34:54+00:00 https://isc.sans.edu/diary/rss/27264 www.secnews.physaphae.fr/article.php?IdArticle=2565512 False Spam None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC reach $25 billion by 2024, a new Juniper report reveals — up from just $17 billion in 2020. Undoubtedly, cybersecurity should be a top priority for ecommerce owners. At the same time, accessibility is another pressing concern, with the need for websites to comply with the World Wide Web Consortium's Web Content Accessibility Guidelines (WCAG 2.0 AA). However, captchas — essential for making online shopping more secure — lack accessibility, while user-friendly input assistance potentially poses a security risk. Fortunately, it’s possible to make your ecommerce site accessible to customers with disabilities without compromising the strong security standards needed in this digital age. Importance of accessibility Ultimately, WCAG 2.0 AA compliance means that customers with either hearing or sight impairments, learning disabilities, or physical limitations will be able to visit your store. Your website will be compatible with the special software and assistive technologies these visitors may use to access and navigate it. Moreover, by making your ecommerce store accessible, you’ll inevitably reach a wider audience and increase conversions. The secure and streamlined checkout process — an important part of website accessibility — will give customers a faster and more appealing shopping experience. Again, this further boosts conversions, and customers will be more likely to want to repeat such a smooth and stress-free purchase. Best practices for site optimization and accessibility also go hand in hand. For example, images with descriptive text, site maps, breadcrumb links, alt text, and readability will all boost your site’s organic SEO equity. Ecommerce SEO will give you a competitive edge and place your site higher up in the search results. Alternatives to captcha Although captchas are important for strengthening website security, they’re typically inaccessible to people with disabilities who’re unable to clearly see and hear words, letters and numbers. Fortunately, alternative options can bolster security while maintaining accessibility. For example, if you use the captcha to verify that it’s a human visiting your site (and not a robot), try text and/or audio versions that clearly communicate the details of the captcha. So, this could mean including text that reads “type the word in the image” and an audio clip that announces “type the letters spoken in the audio.” Additionally, you can use other accessible alternatives, including human test questions, server-side spam filters, honeypot traps, and heuristic filters. Incorporating a combination of effective and reliable security options will ensure your ecommerce site remains accessible to people with disabilities without increasing the risk of security breaches. The issue of input assistance Input assistance is an essential feature that can help make your ecommerce site more accessible; it essentially works to help correct a customers' ]]> 2021-03-23T10:00:00+00:00 https://feeds.feedblitz.com/~/647417590/0/alienvault-blogs~Cybersecurity-and-accessibility-for-Ecommerce-platforms-Is-it-possible www.secnews.physaphae.fr/article.php?IdArticle=2521155 False Spam None None InformationSecurityBuzzNews - Site de News Securite 2021-03-17T15:09:39+00:00 https://informationsecuritybuzz.com/expert-comments/experts-perspective-on-hp-bromium-q4-rept-detection-not-stopping-newer-threats/ www.secnews.physaphae.fr/article.php?IdArticle=2496152 False Spam,Threat None None TroyHunt - Blog Security 2021-03-15T21:17:43+00:00 https://arstechnica.com/?p=1749815 www.secnews.physaphae.fr/article.php?IdArticle=2488399 False Spam None None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2021-03-11T18:58:10+00:00 https://threatpost.com/nanocore-rat-email-defenses-zipx/164701/ www.secnews.physaphae.fr/article.php?IdArticle=2469287 False Spam None None SANS Institute - SANS est un acteur de defense et formation 1] or DKIM[2] can be implemented to prevent spoofed emails to be sent from anywhere. If not these controls are not implemented, you may be the victim of spam campaigns that abuse your domain name or identity. The "good" point (if we can say this) is that all NDR messages will bounce to the official mail server that you manage. That&#;x26;#;39;s what happened with our reader, he saw many bounced messages for unknown email addresses. Here is an example: ]]> 2021-03-05T06:16:23+00:00 https://isc.sans.edu/diary/rss/27170 www.secnews.physaphae.fr/article.php?IdArticle=2437538 False Spam None None Hacker Republic - Site de news Hack fr OSINTviolencestalkingThe following lines are the result of collaborative work, under the leadership of Justin Seitz. There are many of us working together, including Heartbroken and Nanardon.

---

OSINT is an acronym for Open Source Intelligence. It's a set of investigative techniques, allowing information to be retrieved from so-called open sources. Used by journalists, by police or in cybersecurity, OSINT can help to find information but it can also be used to protect yourself from malicious people. Violences against people, especially against women increased and diversified. Harassment, raids, doxxing, revenge porn by video or by pictures, identity theft or school harassment, etc. How to react? How to prevent them? Our goal is to give you simple resources, without the needs for special knowledge. It doesn't substitute support groups, law enforcement, health professionals or lawyers. We trust you. You are not responsible. Facts and situations we will use to illustrate ours kits are criminally and civilly repressed. You are not alone.

---

The information provided in this article does not, and is not intended to, constitute legal advice; instead, all information, content, and materials available in this article are for general informational purposes only. Furthermore this article was written mainly in regards to French and European laws. Readers should consult their local laws and contact an attorney to obtain advice with respect to any particular legal matter.

---

When we talk about stalking, we mean watching or spying on someone remotely, using digital tools. We can distinguish two hypotheses: The case where the victim and the stalker know each other personally and intimately; The case where the victim does not personally know the person watching him/her online. It should be noted that this surveillance can go beyond the digital tools and also result in actions in real life.   Identify all the elements   The common point for both cases is the same as in the previous articles: before deleting anything, collect and archive all items. If you find spyware in your devices, make at least screenshots of the applications found, with all the technical details.   The known stalker   This is usually a person with whom the victim has had a very close relationship: former spouse or current spouse. We use the masculine by default, but victims can be of either sex, just as stalkers can be either male or female. Finally, this sit]]> 2021-02-16T01:40:28+00:00 https://www.hackersrepublic.org/culture-du-hacking/stalking-osint-en www.secnews.physaphae.fr/article.php?IdArticle=2357367 False Spam,Guideline None None Hacker Republic - Site de news Hack fr OSINTviolencesstalkingLes lignes qui suivent sont le résultat d'un travail collaboratif, sous l'impulsion de Justin Seitz. Nous sommes plusieurs à travailler ensemble, dont Heartbroken et Nanardon.

---

L'OSINT est l'acronyme d'Open Source Intelligence. Il s'agit d'un ensemble de techniques d'investigation, permettant de récupérer des informations à partir de sources dites ouvertes. Utilisé en sécurité informatique, dans les enquêtes de police et de journalistes, l'OSINT permet non seulement de récupérer des informations, mais aussi de se protéger contre des gens mal intentionnés. Les violences contre les personnes, en particulier les violences faites aux femmes, ont augmenté et se sont diversifiées. Harcèlement en ligne, raids numériques, divulgation de données personnelles, photomontages, revenge porn, usurpations d'identité, les faits sont multiples. Comment réagir si cela vous arrive ? Comment prévenir au maximum la survenance de ces faits ? Notre objectif est de vous fournir un kit clef en main, simple, à la portée technique de toutes les personnes concernées. Ces kits ne se substituent pas aux associations, aux forces de police, aux avocats ni aux professionnels de santé. Nous vous croyons. Vous n'êtes pas responsables de ce qui vous arrive. Les faits et les situations dont nous allons nous servir pour illustrer nos propos sont tous pénalement et civilement répréhensibles. Vous n'êtes pas seuls.  

---

Lorsque l'on parle de stalking, on désigne le fait de surveiller ou d'épier quelqu'un à distance, grâce aux outils numériques. On peut distinguer deux hypothèses : •    Le cas où la victime et le stalkeur se connaissent personnellement et intimement ; •    Le cas où la victime ne connaît pas personnellement la personne qui la surveille en ligne. À noter que cette surveillance peut déborder des outils numériques et se traduire également par des actions dans la vraie vie Relever tous les éléments Le point commun pour les deux cas évoqués est le même que dans les articles précédents : avant de supprimer quoi que ce soit, collectez et archivez tous les éléments. Si vous trouvez des logiciels espions dans vos appareils, faites a minima des captures d'écran des applications trouvées, avec tous les détails techniques. ]]> 2021-02-16T01:23:04+00:00 https://www.hackersrepublic.org/culture-du-hacking/stalking-osint www.secnews.physaphae.fr/article.php?IdArticle=2357368 False Spam None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC are the primary security concern for these professionals in 2021.  Organizations have good reason to be concerned about ransomware attacks. Not only are they highly effective, but often companies find that it is simply easier to pay the ransom than try to rectify the problem. This is far from the best solution as it encourages the criminals to continue their attacks, fails to provide any long-term sense of security for the organization, and may incur liability for the organization.  This article provides an overview of the rise of ransomware attacks and discusses how security professionals can prepare for and prevent attacks.  The anatomy of a ransomware attack Ransomware is essentially a virus that loads onto a user’s computer, where it scans connected drives for files that it then encrypts. The user is also typically locked out of their machine and can only view a screen showing how to make a ransom payment.  Ransomware attacks can take many forms, although the most common is to prevent a user from accessing encrypted files or using their machine until the ransom is paid (cryptocurrencies preferred). More malicious ransomware attacks threaten to release sensitive data to the internet broadly (doxware) or to delete data permanently.  Ransomware can reach a user’s machine using a number of vectors, the most common of which is a phishing attack. However, malicious websites or popups may also provide access for ransomware attacks. Ransomware attacks can also be directly injected into an organization’s network through unsecured network connections (i.e. if no VPN is used). Or, even more simply, criminals may simply use brute force to hack weak passwords and directly insert the ransomware themselves. Ransomware can also attack vulnerabilities in applications arising during the software development process. It is therefore important to use testing methods, such as static and dynamic application security testing (SAST/DAST), that identify these security vulnerabilities continuously while your applications are running.  The prevalence of ransomware attacks Overall ransomware constitutes a small portion of all malware attacks; however, they are also some of the most damaging forms of malware-based attacks as the financial and operational consequences can be devastating.  The FBI saw a 37% increase in the reporting of ransomware attacks from 2018-2019, and an associated increase of 147% in financial losses. Average ransom demands also soared, reaching nearly $200,000 by the end of 2019. And the total average business costs resulting from a ransomware attack (post-attack costs, lost business costs, new cybersecurity investments, etc.) reached nearly $4.5 million as of early 2020. Exacerbating the ransomware concern is the fact that cybercriminals are now offering ]]> 2021-02-15T11:00:00+00:00 https://feeds.feedblitz.com/~/644400928/0/alienvault-blogs~CISOs-report-that-ransomware-is-now-the-biggest-cybersecurity-concern-in www.secnews.physaphae.fr/article.php?IdArticle=2352779 False Ransomware,Spam,Malware,Hack None None Fortinet - Fabricant Materiel Securite ]]> 2021-02-12T00:00:00+00:00 http://feedproxy.google.com/~r/fortinet/blogs/~3/5TG7dx9iqKw/new-bazar-trojan-variant-is-being-spread-in-recent-phishing-campaign-part-I www.secnews.physaphae.fr/article.php?IdArticle=2337893 False Spam None None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2021-02-11T15:03:54+00:00 https://threatpost.com/various-malware-lurking-in-discord-app-to-target-gamers/163867/ www.secnews.physaphae.fr/article.php?IdArticle=2330994 False Spam,Malware None None TechRepublic - Security News US 2021-02-10T11:00:01+00:00 https://www.techrepublic.com/article/hit-block-caller-75-of-americans-were-targeted-by-scammers/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=2323889 False Spam None None Security Affairs - Blog Secu 2021-02-09T15:18:06+00:00 https://securityaffairs.co/wordpress/114388/security/nextgen-gallery-wordpress-flaws.html?utm_source=rss&utm_medium=rss&utm_campaign=nextgen-gallery-wordpress-flaws www.secnews.physaphae.fr/article.php?IdArticle=2318718 False Spam,Guideline None None ZD Net - Magazine Info 2021-02-09T05:30:03+00:00 https://www.zdnet.com/article/pypi-gitlab-dealing-with-spam-attacks/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=2316141 False Spam None None InfoSecurity Mag - InfoSecurity Magazine 2021-02-05T10:30:00+00:00 https://www.infosecurity-magazine.com:443/news/fca-240000-malicious-emails-q4-2020/ www.secnews.physaphae.fr/article.php?IdArticle=2298302 False Spam None None Anomali - Firm Blog Figure 1 – Screenshot of the Files in the EMA Vaccine Breach The publication of the EMA vaccine breach on RaidForums was taken down by forum administrators only to resurface on other platforms. Later, the EMA claimed that at least some of the leaked correspondence had “been manipulated by the perpetrators prior to publication in a way which could undermine trust in vaccines.”[4] 2. Non-targeted Adoption by Phishing Campaigns Below are three examples of COVID-19 vaccine-related phishing campaigns utilizing different delivery methods: email, SMS, and search engine traffic.  As COVID-19 vaccination is a newsworthy topic, it would be consistent with observed activity for so]]> 2021-02-02T23:04:00+00:00 https://www.anomali.com/blog/threat-actors-capitalize-on-covid-19-vaccine-news-to-run-campaigns-aws-abused-to-host-malicious-pdfs www.secnews.physaphae.fr/article.php?IdArticle=2286826 False Ransomware,Spam,Malware,Threat,Guideline None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2021-01-28T01:41:53+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/T2DuvLIIwjA/european-authorities-disrupt-emotet.html www.secnews.physaphae.fr/article.php?IdArticle=2258731 False Ransomware,Spam,Malware None None TechRepublic - Security News US 2021-01-26T17:59:36+00:00 https://www.techrepublic.com/article/how-to-quickly-block-spam-sms-in-android/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=2247544 False Spam None None Security Affairs - Blog Secu 2021-01-06T16:02:12+00:00 https://securityaffairs.co/wordpress/113088/cyber-crime/qnode-rat-attack.html?utm_source=rss&utm_medium=rss&utm_campaign=qnode-rat-attack www.secnews.physaphae.fr/article.php?IdArticle=2148160 False Spam None None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2021-01-01T11:00:04+00:00 https://threatpost.com/miserable-spam-year-2020/162566/ www.secnews.physaphae.fr/article.php?IdArticle=2139017 False Spam None None Security Affairs - Blog Secu 2020-12-26T14:27:33+00:00 https://securityaffairs.co/wordpress/112650/malware/december-emotet-redacted.html?utm_source=rss&utm_medium=rss&utm_campaign=december-emotet-redacted www.secnews.physaphae.fr/article.php?IdArticle=2128570 False Spam None None Bleeping Computer - Magazine Américain 2020-12-25T10:15:15+00:00 https://www.bleepingcomputer.com/news/security/fake-amazon-gift-card-emails-deliver-the-dridex-malware/ www.secnews.physaphae.fr/article.php?IdArticle=2127215 False Spam,Malware None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC increased cybersecurity vulnerability. With more aspects of the winter holidays relegated to online platforms this year, people everywhere are more susceptible to cyberattacks. Luckily, there are plenty of simple steps you can take to protect yourself from digital threats and online scams. But there is one particularly nefarious type of cyberattack that you might not be aware of. This is session hijacking. In this article, we will take a look at what session hijacking is, how the holidays make you extra vulnerable to this type of attack, and how to prevent it from happening to you. What is Session Hijacking? Let’s start with the terms. A session is the period of time when a user is actively accessing an application, website, or other online service. Each user session begins when you log into a website or app and ends when you log out of it. For example, when you type your username and password into a banking application, that begins your session on that online application. When you log into an online application, the server typically generates a temporary session cookie in your browser. This cookie tells your browser that you are logged in and have been authenticated on the server. Each temporary session cookie is marked by a unique session ID, or key. If a hacker is able to access your unique session ID, they can access your session. Session hijacking, also called “cookie hijacking”, can follow several patterns. One method, cross-site scripting, or XSS, essentially works like this. An attacker implants a script into the web server the victim is trying to access. The victim then authenticates their presence on the tampered-with server, creating a unique session ID that includes the attacker’s script. The server returns the page code with the attacker’s script to the victim, whose own browser enacts the script, sending the victim’s unique session cookie to the attacker. The attacker is then granted access to the user’s session, meaning they can witness any interaction taking place there and steal any sensitive information revealed in the session. Malvertising is another current “hot” technique that induces a victim to click on an ad infected with malicious code that snags the session ID, thus granting the hacker access to the victim’s unique session key. Here again, the victim is authenticated on the server and the hacker can hijack the victim’s session. All the attacker has to do is input the victim’s session ID on their own browser, tricking the server into reading the hacker’s browser connection as the victim’s already authenticated session. Holidays under threat The coronavirus pandemic has had many wide-ranging effects on all of us. One result of this global situation is the massive increase in cybersecurity vulnerability. Studies have shown precipitous rises in spam attempts, as opportunistic hackers seek to prey on widespread uncertainty. But the pandemic places cybersecurity at risk on another level as well. This year, the holidays have gone digital to an extent never seen bef]]> 2020-12-22T11:00:00+00:00 https://feeds.feedblitz.com/~/640590667/0/alienvault-blogs~Tis-the-season-for-session-hijacking-Heres-how-to-stop-it www.secnews.physaphae.fr/article.php?IdArticle=2120056 False Spam,Studies None None Checkpoint - Fabricant Materiel Securite 2020-12-09T11:00:52+00:00 https://blog.checkpoint.com/2020/12/09/november-2020s-most-wanted-malware-notorious-phorpiex-botnet-returns-as-most-impactful-infection/ www.secnews.physaphae.fr/article.php?IdArticle=2086580 False Ransomware,Spam,Threat None None Bleeping Computer - Magazine Américain 2020-12-02T17:10:46+00:00 https://www.bleepingcomputer.com/news/security/hmrc-phishing-scam-abuses-mail-service-to-bypass-spam-filters/ www.secnews.physaphae.fr/article.php?IdArticle=2073265 False Spam,Threat None None Bleeping Computer - Magazine Américain 2020-12-01T12:01:30+00:00 https://www.bleepingcomputer.com/news/microsoft/microsoft-teams-calling-gets-carplay-support-spam-id-service-more/ www.secnews.physaphae.fr/article.php?IdArticle=2070536 False Spam None None Malwarebytes Labs - MalwarebytesLabs We look at some of the more recent spam mails taking up space in mailboxes. Categories: CybercrimeSocial engineering Tags: emailmailphishphishingroundupspam (Read more...) ]]> 2020-11-30T11:11:07+00:00 https://blog.malwarebytes.com/cybercrime/2020/11/november-spam-roundup-stalkers-property-tips-porn-stern-words-and-paypal/ www.secnews.physaphae.fr/article.php?IdArticle=2067155 False Spam None None Kaspersky - Kaspersky Research blog 2020-11-12T10:00:54+00:00 https://securelist.com/spam-and-phishing-in-q3-2020/99325/ www.secnews.physaphae.fr/article.php?IdArticle=2030344 False Spam,Guideline None None Krebs on Security - Chercheur Américain 2020-11-09T04:58:19+00:00 https://krebsonsecurity.com/2020/11/body-found-in-canada-identified-as-neo-nazi-spam-king/ www.secnews.physaphae.fr/article.php?IdArticle=2024174 False Spam None None Security Affairs - Blog Secu 2020-10-31T16:39:09+00:00 https://securityaffairs.co/wordpress/110214/cyber-crime/emotet-halloween-themed-campaigns.html?utm_source=rss&utm_medium=rss&utm_campaign=emotet-halloween-themed-campaigns www.secnews.physaphae.fr/article.php?IdArticle=2006886 False Spam,Malware,Threat None None Wired Threat Level - Security News 2020-10-28T13:00:00+00:00 https://www.wired.com/story/among-us-hack www.secnews.physaphae.fr/article.php?IdArticle=2000520 False Spam None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC only become worse since the coronavirus pandemic began as hackers and cybercriminals have sought to take advantage of the chaos created by the situation. LokiBot is one such example. In this article, we will dive into what exactly LokiBot is and the threat it poses, the techniques that were used to deploy this malware, and then the steps you can take to remove it from an infected system. What is Lokibot? LokiBot was first released on underground forums for hackers to target Microsoft Android phones in early 2016. Since then, it has grown to become a much more widespread and dangerous threat than it originally was, as it has been widely distributed via torrent files and email spam (among other techniques) by low-to-mid level hackers targeting passwords. At this point, LokiBot is among the most prevalent forms of malware, and for 2020 has actually been the single most common form of malware used to attack command-and-control servers. LokiBot can infect computers and mobile devices alike by searching for locally installed applications. The malware then searches for credentials from the internal databases of those applications and attempts to extract them. LokiBot also comes with a keylogging feature that allows it to capture keystrokes in order to determine the passwords used for accounts that may not be stored in those internal databases as well. As a result of these capabilities, mobile applications, cryptocurrency wallets, emails, and browsers alike are all vulnerable to LokiBot. The good news is that LokiBot is far invincible. For example, storing your data in the cloud will be one of the best defense measures that you can make because your data will be stored encrypted, decentralized, and ultimately harder to obtain. How big of a threat does LokiBot pose? Even though LokiBot has become much more prominent than it once was, the real question that needs to be asked is: even though it’s common, how big of a threat actually is it? One of the biggest concerns with LokiBot isn’t just the fact that it can target everything from emails to cryptocurrency wallets, it’s also that it can create a backdoor to allow a hacker to install additional malicious software and steal information. LokiBot also makes use of a very simple codebase that makes it easy for lower level cybercriminals to use. If anything, it’s for this reason that it’s become so widely used. Furthermore, LokiBot utilizes methods to make it seem like nothing is hap]]> 2020-10-28T11:00:00+00:00 https://feeds.feedblitz.com/~/637811340/0/alienvault-blogs~LokiBot-Malware-What-it-is-and-how-to-respond-to-it www.secnews.physaphae.fr/article.php?IdArticle=2000278 False Spam,Malware,Threat None None We Live Security - Editeur Logiciel Antivirus ESET 2020-10-26T15:20:14+00:00 http://feedproxy.google.com/~r/eset/blog/~3/skyxVUHdOuA/ www.secnews.physaphae.fr/article.php?IdArticle=1998763 False Spam None None Wired Threat Level - Security News 2020-10-24T13:10:38+00:00 https://www.wired.com/story/donald-trump-twitter-password-china-vulnerabilities-among-us-security-news www.secnews.physaphae.fr/article.php?IdArticle=1994266 False Spam None None The State of Security - Magazine Américain Read More ]]> 2020-10-22T11:28:00+00:00 https://www.tripwire.com/state-of-security/security-data-protection/doj-says-iran-targeted-american-voters-with-threatening-emails/ www.secnews.physaphae.fr/article.php?IdArticle=1990726 False Spam None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC SMiShing is phishing that uses texting to lead you to fake websites and phone numbers that imitate real companies. This is a type of social engineering that fraudsters use to get personal information from you with malicious intent. Today, phishing is the number one security threat and the worst part is- when it comes to phishing attempts on a mobile device, it works! For example, according to Lookout, 56% of mobile users have received and tapped on a URL that bypassed existing layers of phishing defense. And on average, a user will click on approximately six phishing links from their mobile device each year. You may be asking yourself, how could someone be fooled by these? Part of the reason is the form factor of a mobile device which makes it harder for the user to spot these social engineering techniques. Another reason is we’re often in a hurry or distracted while using the mobile device. And finally, many people believe they are safer on their mobile device than traditional laptops and desktops which in today’s world may not be the case. Mobile device manufacturers, wireless carriers, and regulators have all been working closely together to curb the issues around SPAM and SMiShing. For example, AT&T monitors the network 24/7 and supports legislation to end text spam. Also, AT&T will never ask someone to send personal or account information via email or text message. But with many types of security efforts, combating social engineering attempts like SMiShing is a shared responsibility, and both the individual and business owners need to take measures to  help protect themselves and their data.   Defend yourself against SPAM and SMiShing AT&T is vigilant about protecting customers from unsolicited text message spam but there is no simple fix to block these. As individuals, we can all take certain steps to help  protect ourselves such as: If you are an AT&T customer, report them: Alert AT&T by forwarding the suspicious text to 7726 (SPAM) on your device. Messages forwarded to 7726 are free. They don't count toward your AT&T text plan. If you're not able to view the number, forward the entire message to abuse@att.net. On AT&T’s website: ]]> 2020-10-22T11:00:00+00:00 https://feeds.feedblitz.com/~/637389890/0/alienvault-blogs~SPAM-text-messages-vs-SMiShing-and-defending-against-it www.secnews.physaphae.fr/article.php?IdArticle=1990787 False Spam,Threat,Guideline None None IT Security Guru - Blog Sécurité 2020-10-22T10:27:03+00:00 https://www.itsecurityguru.org/2020/10/22/iran-blamed-for-voting-spam-emails/?utm_source=rss&utm_medium=rss&utm_campaign=iran-blamed-for-voting-spam-emails www.secnews.physaphae.fr/article.php?IdArticle=1990701 False Spam None None Security Affairs - Blog Secu 2020-10-19T09:41:19+00:00 https://securityaffairs.co/wordpress/109717/hacking/emotet-windows-update-attachment.html?utm_source=rss&utm_medium=rss&utm_campaign=emotet-windows-update-attachment www.secnews.physaphae.fr/article.php?IdArticle=1985446 False Spam,Malware,Threat None None Anomali - Firm Blog Defending Your Organization Against COVID-19 Cyber Attacks. In this webinar, AJ, and I describe COVID-19 attacks in January through March, the groups behind them, and key MITRE ATT&CK techniques being employed. We then discuss ways an organization can keep themselves safe from these types of attacks. Pandemic Background COVID-19 is a pandemic viral respiratory disease, originally identified in Wuhan, China in December 2019. At the time of the webinar, it had infected around 1.5 million people worldwide. Within the first month, cyber actors capitalized on the opportunity.  COVID Attack Timeline December 2019 - January 2020 At the end of December 2019, China alerted the World Health Organization (WHO) that there was an outbreak in Wuhan, China. Within a month, the first cyber events were being recorded. Around January 31, 2020, malicious emails (T1566.001) using the Emotet malware (S0367) and a phishing campaign (T1566.001) using LokiBot (S0447) were tied to TA542 alias Mummy Spider. Emotet, in particular, was prolific. It originally started as a banking Trojan, then evolved into a delivery mechanism for an initial payload that infected systems to download additional malware families such as TrickBot (S0266). Around this same time, there was a marked increase in the registration of domain names with COVID-19 naming conventions, a key indicator of an uptick in phishing campaigns. February 2020 In early February, the progression of adversaries using uncertainty about and thirst for information regarding the COVID-19 pandemic became apparent. New malware variants and malware families were reported employing coronavirus related content, including NanoCore RAT (S0336) and Parallax RAT, a newer remote-access Trojan, to infect unsuspecting users. Throughout February, cybercrime actors launched several phishing campaigns (T1566.001) to deliver information stealer AZORult (S0344). With worldwide government health agencies giving advice on cyber and physical health, threat actors aligned with nation-states such as Russia (Hades APT), China (Mustang Panda), and North Korea (Kimsuky - G0094) used this messaging to lure individuals to download and/or execute malicious files disguised as legitimate documents. These state-sponsored groups used convincing lures to impersonate organizations such as the United Nations (UN), the World Health Organization (WHO), and various public health government agencies to achieve short- and long-term national objectives. March 2020 In March, we observed a flurry of nation-state and cybercrime attributed malicious activity seeking to exploit the COVID-19 pandemic. Cybercrime actors distributed a range of malware families, including NanoCore (S0336), ]]> 2020-10-15T14:00:00+00:00 https://www.anomali.com/blog/covid-19-attacks-defending-your-organization www.secnews.physaphae.fr/article.php?IdArticle=2103277 False Ransomware,Spam,Malware,Threat APT 36 3.0000000000000000 IT Security Guru - Blog Sécurité 2020-10-14T10:28:18+00:00 https://www.itsecurityguru.org/2020/10/14/twitter-suspends-accounts-claiming-to-be-black-trump-supporters/?utm_source=rss&utm_medium=rss&utm_campaign=twitter-suspends-accounts-claiming-to-be-black-trump-supporters www.secnews.physaphae.fr/article.php?IdArticle=1976057 False Spam None None 01net. Actualites - Securite - Magazine Francais ]]> 2020-10-02T01:52:00+00:00 https://www.01net.com/actualites/avez-vous-ete-cible-par-le-virulent-malware-emotet-ce-service-en-ligne-vous-le-dira-1985201.html www.secnews.physaphae.fr/article.php?IdArticle=1951858 False Spam,Malware None None Security Affairs - Blog Secu 2020-10-01T20:00:41+00:00 https://securityaffairs.co/wordpress/109007/malware/have-i-been-emotet-service.html?utm_source=rss&utm_medium=rss&utm_campaign=have-i-been-emotet-service www.secnews.physaphae.fr/article.php?IdArticle=1950675 False Spam None None ZD Net - Magazine Info 2020-09-24T12:58:23+00:00 https://www.zdnet.com/article/ico-fines-profiteering-uk-firm-for-touting-coronavirus-products-over-spam-texts/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1936666 False Spam None None Security Affairs - Blog Secu 2020-09-24T07:01:03+00:00 https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html?utm_source=rss&utm_medium=rss&utm_campaign=emotet-europe-alerts www.secnews.physaphae.fr/article.php?IdArticle=1935966 False Spam None None ZD Net - Magazine Info 2020-09-18T17:16:00+00:00 https://www.zdnet.com/article/spammers-use-hexadecimal-ip-addresses-to-evade-detection/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1925543 False Spam None None InformationSecurityBuzzNews - Site de News Securite Emotet Malware Attacks – Why Are They So Successful?]]> 2020-09-17T16:15:54+00:00 https://www.informationsecuritybuzz.com/expert-comments/emotet-malware-attacks-why-are-they-so-successful/ www.secnews.physaphae.fr/article.php?IdArticle=1923363 False Spam,Malware None None Security Affairs - Blog Secu 2020-09-09T06:40:05+00:00 https://securityaffairs.co/wordpress/108060/malware/emotet-attacks-worldwide.html?utm_source=rss&utm_medium=rss&utm_campaign=emotet-attacks-worldwide www.secnews.physaphae.fr/article.php?IdArticle=1906544 False Spam None None SentinelOne (SecIntel) - Cyber Firms At Sentinel Labs, we have been closely tracking adversarial behavior as it pertains to COVID-19/Coronavirus. To date, we have observed a significant number of malware campaigns, spam campaigns, and outright…]]> 2020-09-04T22:18:43+00:00 https://www.sentinelone.com/labs/threat-intel-cyber-attacks-leveraging-the-covid-19-coronavirus-pandemic/ www.secnews.physaphae.fr/article.php?IdArticle=8388359 False Spam,Malware,Threat None 3.0000000000000000 AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC sharp increase in malicious activity related to COVID has taken the typical form of adversaries seeking to benefit financially, gain unauthorized access to networks for immediate and long-term strategic benefit, and spread misinformation with political agendas. Much of this is a direct result of the work from home (WFH) phenomenon. With organizations and businesses rapidly deploying systems and networks to support remote staff, criminals can’t help themselves. Increased security vulnerabilities have offered the opportunity to steal data, generate profits, and generally cause havoc. In one four-month period (January to April) some 907,000 spam messages, 737 incidents related to malware, and 48,000 malicious URLs – all related to COVID-19 – were detected by one of INTERPOL’s private sector partners. There are a number of other threats, though, that have also been caused by the pandemic but that are less visible. One of these is the increased vulnerability of industrial control systems. The threat The most up to date data on the vulnerability of industrial control systems, and how this has been affected by the pandemic, comes courtesy of the ICS Risk & Vulnerability Report, released this week by Claroty. This research contains an assessment of 365 ICS vulnerabilities published by the National Vulnerability Database (NVD) and 139 ICS advisories issued by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) during the first half of 2020, affecting 53 vendors. The findings are striking, and particularly so given how many systems engineers now work from home. Fully 70% of the vulnerabilities published by the NVD can be exploited remotely, while the most common potential impact is remote code execution, which is possible with 49% of the vulnerabilities. When combined with the fact that recent research has found that 83% of firms are simultaneously struggling to ensure the security of remote working systems, this is highly concerning. In practice, this means that if an organization’s remote working systems are insecure – which seems likely, given the difficulties that many have reported in recent months – then hackers may be granted an increased capability to remotely execute malicious code on industrial systems. The Impact The increased likelihood of this kind of attack should concern all organizations working with industrial control systems, but especially those companies employing centralized systems such as DCS, SCADA, or PLS. In recent years, these solutions have been used for networking previously discrete industrial systems together. While this has allowed organizations to dramatically increase their efficiency and productivity, it potentially leaves these systems open to laterally-deployed cyberattacks. This risk is compounded by a similarly worrying trend in international cyber warfare. Tho]]> 2020-09-02T11:00:00+00:00 https://feeds.feedblitz.com/~/634950206/0/alienvault-blogs~How-Covid-has-increased-vulnerabilities-in-Industrial-Control-Systems www.secnews.physaphae.fr/article.php?IdArticle=1894714 False Spam,Hack,Vulnerability,Guideline None None Security Affairs - Blog Secu 2020-08-30T13:09:17+00:00 https://securityaffairs.co/wordpress/107705/cyber-crime/emotet-botnet-red-dawn-template.html?utm_source=rss&utm_medium=rss&utm_campaign=emotet-botnet-red-dawn-template www.secnews.physaphae.fr/article.php?IdArticle=1889450 True Spam None None Global Security Mag - Site de news francais Points de Vue ]]> 2020-08-24T13:55:50+00:00 http://www.globalsecuritymag.fr/Comment-les-cybercriminels-ont,20200824,102052.html www.secnews.physaphae.fr/article.php?IdArticle=1879353 False Spam,Malware None None