This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-13T05:29:19+00:00 www.secnews.physaphae.fr AhnLab - Korean Security Firm L'équipe d'analyse mobile de Ahnlab & # 8217;amis à l'étranger ou partenaires romantiques.Ils exploitent ce lien pour solliciter de l'argent sous couvert d'investissements de crypto-monnaie.Une arnaque romantique est un type de fraude qui implique une manipulation émotionnelle pour solliciter de l'argent par divers moyens.Alors que les escroqueries romanes précédentes impliquaient principalement des demandes directes d'argent après avoir gagné de l'affection, les escroqueries actuelles ont élargi leur portée pour inclure de faux échanges de crypto-monnaie, des banques et des achats en ligne ...

---

AhnLab’s Mobile Analysis Team has confirmed cases of romance scams where perpetrators establish rapport by posing as overseas friends or romantic partners. They exploit this connection to solicit money under the guise of cryptocurrency investments. A romance scam is a type of fraud that involves emotional manipulation to solicit money through various means. While previous romance scams mostly involved direct requests for money after gaining affection, current scams have expanded their scope to include fake cryptocurrency exchanges, banks, and online shopping... ]]> 2024-05-13T01:48:46+00:00 https://asec.ahnlab.com/en/65370/ www.secnews.physaphae.fr/article.php?IdArticle=8498627 False Threat,Mobile None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The financially motivated threat actor known as FIN7 has been observed leveraging malicious Google ads spoofing legitimate brands as a means to deliver MSIX installers that culminate in the deployment of NetSupport RAT. "The threat actors used malicious websites to impersonate well-known brands, including AnyDesk, WinSCP, BlackRock, Asana, Concur, The Wall]]> 2024-05-11T12:59:00+00:00 https://thehackernews.com/2024/05/fin7-hacker-group-leverages-malicious.html www.secnews.physaphae.fr/article.php?IdArticle=8497683 False Threat None None Techworm - News Chrome Cette année. CVE-2024-4671 est A & # 8220; utilisateur après gratuit & # 8221;Vulnérabilité dans le composant visuel du navigateur, qui gère comment Chrome rend les pages Web. Ce nouvel exploit zéro-jour a été révélé après qu'un chercheur de sécurité anonyme l'a signalé à Google. La société a pris connaissance de ce problème très grave et a publié un patch. Quels sont les dégâts? Les pirates peuvent tirer parti de cet exploit pour effectuer l'exécution du code, voler des données ou écraser le système. Google a reconnu la nouvelle vulnérabilité dans son navigateur et a dit, & # 8220; il est conscient qu'un exploit pour CVE-2024-4671 existe dans la nature. & # 8221; C'est à ce sujet.Il n'a donné aucune clarification supplémentaire sur la raison de cet exploit et le nombre d'utilisateurs affectés par celui-ci. Avant cela, Google a corrigé trois vulnérabilités découvertes en mars dans un événement de piratage PWN2OWN et CVE-2024-0519 en janvier 2024. le Advisory a mentionné qu'une mise à jour a été publiée pour les utilisateurs de Windows et Mac.Puisqu'il y a deux canaux stables stables et étendus, les versions mises à jour sont différentes. Quelle mise à jour devez-vous télécharger? Les utilisateurs de la version stable doivent télécharger le 124.0.6367.201/.202 pour Mac et Windows et 124.0.6367.201 pour Linux. Pour la chaîne stable étendue, Google a publié la mise à jour 124.0.6367.201 pour Mac et Windows. Lorsqu'il sera disponible, Chrome Automatic Mises à jour téléchargera cette mise à jour, qui contient des correctifs pour l'exploit zéro jour.Google a indiqué que le déploiement pourrait prendre quelques jours / semaines pour se terminer. Vous pouvez également vérifier manuellement les mises à jour en tapant chrome: // Paramètres / aide dans la barre d'URL.Puis vérifier et télécharger la dernière mise à jour. Après cela, redémarrez le navigateur pour appliquer la mise à jour.

---

Google has identified and patched a fifth vulnerability in Chrome this year. CVE-2024-4671 is a “user after free” vulnerability in the browser’s Visuals component, which manages how Chrome renders web pages. This new zero-day exploit came to light after an anonymous security researcher reported it to Google. The company took cognizance of this highly severe issue and released a patch. What\'s the Damage? Hackers can leverage this exploit to perform code execution, steal data, or crash the system. Google acknowledged the new vulnerability in its browser and said, “It is aware that an exploit for CVE-2024-4671 exists in the wild.” That’s about it. It gave no further clarification on the reason behind this exploit and the number of users affected by it. Before this, Google patched three vulnerabilities discovered in March in a Pwn2Own hacking event and CVE-2024-0519 in January 2024. The advisory mentioned that an update has been issued for Windows and Mac users. Since there are two stable and extended stable channels, the updated versions are different. Which Update Should You Download? Stable]]> 2024-05-11T08:59:06+00:00 https://www.techworm.net/2024/05/google-discovers-patches-zero-day-exploit-chrome.html www.secnews.physaphae.fr/article.php?IdArticle=8497607 False Vulnerability,Threat None None Bleeping Computer - Magazine Américain ​Europol, the European Union\'s law enforcement agency, confirmed that its Europol Platform for Experts (EPE) portal was breached and is now investigating the incident after a threat actor claimed they stole For Official Use Only (FOUO) documents containing classified data. [...]]]> 2024-05-11T08:36:25+00:00 https://www.bleepingcomputer.com/news/security/europol-confirms-web-portal-breach-says-no-operational-data-stolen/ www.secnews.physaphae.fr/article.php?IdArticle=8497796 False Threat,Legislation None None RiskIQ - cyber risk firms (now microsoft) #### Targeted Industries - Information Technology ## Snapshot The Sysdig Threat Research Team released a report on a new attack termed LLMjacking, where exploited cloud credentials are used to target large language model (LLM) services. ## Description The credentials used in this attack were acquired from a system running a vulnerable version of Laravel ([CVE-2021-3129](https://security.microsoft.com/intel-explorer/cves/CVE-2021-3129/)). While attacks against LLM-based AI systems are often discussed in the context of prompt abuse and altering training data, this attack aimed to sell LLM access to other cybercriminals while the cloud account owner footed the bill. Upon initial access, attackers exfiltrated cloud credentials and penetrated the cloud environment to target local LLM models hosted by cloud providers. Sysdig researchers discovered evidence of a reverse proxy for LLMs being used, suggesting financial motivation or the extraction of LLM training data. Th]]> 2024-05-10T21:39:05+00:00 https://community.riskiq.com/article/344e58e5 www.secnews.physaphae.fr/article.php?IdArticle=8497469 False Threat,Cloud None None The Register - Site journalistique Anglais But China\'s the most technologically advanced Interview  China remains the biggest cyber threat to the US government, America\'s critical infrastructure, and its private-sector networks, the nation\'s intelligence community has assessed.…]]> 2024-05-10T21:01:07+00:00 https://go.theregister.com/feed/www.theregister.com/2024/05/10/iran_intel_analysis/ www.secnews.physaphae.fr/article.php?IdArticle=8497425 False Threat None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korean threat actor tracked as Kimsuky has been observed deploying a previously undocumented Golang-based malware dubbed Durian as part of highly-targeted cyber attacks aimed at South Korean cryptocurrency firms. "Durian boasts comprehensive backdoor functionality, enabling the execution of delivered commands, additional file downloads and exfiltration of files," Kaspersky&]]> 2024-05-10T20:24:00+00:00 https://thehackernews.com/2024/05/north-korean-hackers-deploy-new-golang.html www.secnews.physaphae.fr/article.php?IdArticle=8497283 False Malware,Threat None None RiskIQ - cyber risk firms (now microsoft) ## Snapshot The North Korean hacking group Kimsuky has been observed using sophisticated methods to conduct espionage activities, including the exploitation of social media platforms and system management tools.  **Microsoft tracks Kimsuky as Emerald Sleet. [Read more about Emerald Sleet here.](https://security.microsoft.com/intel-profiles/f1e214422dcaf4fb337dc703ee4ed596d8ae16f942f442b895752ad9f41dd58e)** ## Description The group has been using fake Facebook profiles to target individuals involved in North Korean human rights and security affairs, engaging with potential targets through friend requests and personal messages. This social engineering tactic is designed to build trust and lure the targets into a trap, eventually leading to the sharing of malicious links or documents. Additionally, Kimsuky has adopted Microsoft Management Console (MMC) files, disguised as innocuous documents, to execute malicious commands on victims\' systems. Once opened, these files can potentially allow the attackers to gain control over the system or exfiltrate sensitive information, ultimately establishing a command and control (C2) channel to manage the compromised systems remotely. The use of social media platforms like Facebook for initial contact and the deployment of system management tools for executing attacks represents a significant escalation in cyber threat tactics. These methods indicate a shift towards more stealthy and socially engineered attacks that can bypass conventional security measures. The recent activities of the Kimsuky group underscore the continuous evolution of cyber threat actors and the need for robust cyb]]> 2024-05-10T19:33:41+00:00 https://community.riskiq.com/article/6e7f4a30 www.secnews.physaphae.fr/article.php?IdArticle=8497417 False Tool,Threat None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Artificial intelligence (AI) is transforming cybersecurity, and those leading the charge are using it to outsmart increasingly advanced cyber threats. Join us for an exciting webinar, "The Future of Threat Hunting is Powered by Generative AI," where you\'ll explore how AI tools are shaping the future of cybersecurity defenses. During the session, Censys Security Researcher Aidan Holland will]]> 2024-05-10T18:22:00+00:00 https://thehackernews.com/2024/05/censysgpt-ai-powered-threat-hunting-for.html www.secnews.physaphae.fr/article.php?IdArticle=8497223 False Tool,Threat None None RiskIQ - cyber risk firms (now microsoft) ## Snapshot SocGholish (also known as FakeUpdates), a malware known for its stealth and the intricacy of its delivery mechanisms, is targeting enterprises with deceptive browser update prompts. ## Description As reported by eSentire, compromised legitimate websites serve as the infection vector, where malicious JavaScript code is injected to prompt users to download browser updates. The downloaded files contain SocGholish malware, initiating the infection process upon execution.  The script employs various techniques to avoid detection and evade analysis. First, it checks if the browser is being controlled by automation tools and terminates execution if detected. Subsequently, it scrutinizes if the browser window has undergone significant manipulation to determine if the environment is being monitored. Additionally, it inspects for specific WordPress cookies to halt further actions if the user is logged into a WordPress site. If none of these conditions apply, it establishes a mouse movement event listener, tr]]> 2024-05-10T16:50:08+00:00 https://community.riskiq.com/article/c5bf96a0 www.secnews.physaphae.fr/article.php?IdArticle=8497333 False Malware,Tool,Threat None None ZD Net - Magazine Info A new Chrome JavaScript security hole is nasty, so don\'t waste any time patching your systems.]]> 2024-05-10T16:17:00+00:00 https://www.zdnet.com/article/update-your-chrome-browser-asap-google-has-confirmed-a-zero-day-exploited-in-the-wild/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=8497339 False Vulnerability,Threat,Patching None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google on Thursday released security updates to address a zero-day flaw in Chrome that it said has been actively exploited in the wild. Tracked as CVE-2024-4671, the high-severity vulnerability has been described as a case of use-after-free in the Visuals component. It was reported by an anonymous researcher on May 7, 2024. Use-after-free bugs, which arise when a program]]> 2024-05-10T15:53:00+00:00 https://thehackernews.com/2024/05/chrome-zero-day-alert-update-your.html www.secnews.physaphae.fr/article.php?IdArticle=8497139 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Malicious Android apps masquerading as Google, Instagram, Snapchat, WhatsApp, and X (formerly Twitter) have been observed to steal users\' credentials from compromised devices. "This malware uses famous Android app icons to mislead users and trick victims into installing the malicious app on their devices," the SonicWall Capture Labs threat research team said in a recent report. The]]> 2024-05-10T15:51:00+00:00 https://thehackernews.com/2024/05/malicious-android-apps-pose-as-google.html www.secnews.physaphae.fr/article.php?IdArticle=8497141 False Malware,Threat,Mobile None 3.0000000000000000 Bleeping Computer - Magazine Américain The threat actor behind the recent Dell data breach revealed they scraped information of 49 million customer records using an partner portal API they accessed as a fake company. [...]]]> 2024-05-10T15:30:07+00:00 https://www.bleepingcomputer.com/news/security/dell-api-abused-to-steal-49-million-customer-records-in-data-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8497398 False Data Breach,Threat None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered a novel attack that employs stolen cloud credentials to target cloud-hosted large language model (LLM) services with the goal of selling access to other threat actors. The attack technique has been codenamed LLMjacking by the Sysdig Threat Research Team. "Once initial access was obtained, they exfiltrated cloud credentials and gained]]> 2024-05-10T13:11:00+00:00 https://thehackernews.com/2024/05/researchers-uncover-llmjacking-scheme.html www.secnews.physaphae.fr/article.php?IdArticle=8497059 False Threat,Cloud None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Well-funded cybercriminals are adopting more sophisticated techniques, creating a need for defenders to stay informed about the evolving threat landscape]]> 2024-05-10T11:10:00+00:00 https://www.infosecurity-magazine.com/news/experts-highlight-novel-cyber/ www.secnews.physaphae.fr/article.php?IdArticle=8497167 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Researchers have detailed a Virtual Private Network (VPN) bypass technique dubbed TunnelVision that allows threat actors to snoop on victim\'s network traffic by just being on the same local network. The "decloaking" method has been assigned the CVE identifier CVE-2024-3661 (CVSS score: 7.6). It impacts all operating systems that implement a DHCP client and has]]> 2024-05-09T23:25:00+00:00 https://thehackernews.com/2024/05/new-tunnelvision-attack-allows.html www.secnews.physaphae.fr/article.php?IdArticle=8496733 False Threat None 3.0000000000000000 Dark Reading - Informationweek Branch Researchers recently spotted the Spanish-speaking threat actor - with nearly 400 previous victims under its belt - in a new campaign in Latin America and Central Africa.]]> 2024-05-09T21:43:57+00:00 https://www.darkreading.com/cyberattacks-data-breaches/-the-mask-espionage-group-resurfaces-after-10-year-hiatus www.secnews.physaphae.fr/article.php?IdArticle=8496814 False Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-05-09T16:44:05+00:00 https://community.riskiq.com/article/1db83f2c www.secnews.physaphae.fr/article.php?IdArticle=8496697 False Malware,Vulnerability,Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Two recently disclosed security flaws in Ivanti Connect Secure (ICS) devices are being exploited to deploy the infamous Mirai botnet. That\'s according to findings from Juniper Threat Labs, which said the vulnerabilities CVE-2023-46805 and CVE-2024-21887 have been leveraged to deliver the botnet payload. While CVE-2023-46805 is an authentication bypass flaw,]]> 2024-05-09T16:34:00+00:00 https://thehackernews.com/2024/05/mirai-botnet-exploits-ivanti-connect.html www.secnews.physaphae.fr/article.php?IdArticle=8496525 False Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot Researchers at Zscaler have published a report about the evolution of HijackLoader, a malware loader, and its new evasion tactics. ## Description HijackLoader, also known as IDAT Loader, emerged in 2023 as a malware loader equipped with versatile modules for injecting and executing code. HijackLoader has modular architecture, an attribute that sets it apart from typical loaders.  Zscaler researchers analyzed a new HijackLoader variant that features upgraded evasion techniques. These enhancements aim to aid in the malware\'s stealth, prolonging its ability to evade detection. The latest version of HijackLoader introduces modules to bypass Windows Defender Antivirus, circumvent User Account Control (UAC), evade inline API hooking commonly used by security tools, and utilize process hollowing. HijackLoader\'s delivery mechanism involves utilizing a PNG image, decrypted and parsed to load the subsequent stage of the attack. HijackLoader has been observed serving as a delivery mechinism for various malware families, including Amadey, [Lumma Stealer](https://sip.security.microsoft.com/intel-profiles/33933578825488511c30b0728dd3c4f8b5ca20e41c285a56f796eb39f57531ad), Racoon Stealer v2, and Remcos RAT. ## Detections Microsoft Defender Antivirus detects threat components as the following malware: - [Trojan:Win32/HijackLoader](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win32/HijackLoader.AHJ!MTB&threatId=-2147058662) ## References [HijackLoader Updates](https://www.zscaler.com/blogs/security-research/hijackloader-updates). Zscaler (accessed 2024-05-09)]]> 2024-05-09T16:11:06+00:00 https://community.riskiq.com/article/8c997d7c www.secnews.physaphae.fr/article.php?IdArticle=8496698 False Malware,Tool,Threat None 3.0000000000000000 Checkpoint - Fabricant Materiel Securite Les chercheurs ont récemment identifié un pic dans les attaques AndroxGH0st, un Troie qui cible les plates-formes Windows, Mac et Linux, qui l'ont vu sauter directement à la deuxième place de la liste des logiciels malveillants.Pendant ce temps, Lockbit3 reste étroitement le premier groupe de ransomwares, malgré une réduction de sa prévalence, notre dernier indice de menace mondial pour avril 2024 SAW, les chercheurs ont révélé une augmentation significative de l'utilisation des attaques AndroxGH0st, le malware étant utilisé comme un outil pour voler des informations sensibles à l'aidebotnets.Parallèlement, Lockbit3 est resté le groupe de ransomware le plus répandu en avril, malgré une baisse de 55% de son taux de détection depuis le début [& # 8230;]

---

>Researchers recently identified a spike in Androxgh0st attacks, a Trojan that targets Windows, Mac and Linux platforms, which saw it jump straight into second place in the top malware list. Meanwhile, LockBit3 narrowly remains the top ransomware group, despite a reduction in its prevalence Our latest Global Threat Index for April 2024 saw researchers revealed a significant increase in the use of Androxgh0st attacks, with the malware being used as a tool for stealing sensitive information using botnets. Meanwhile, LockBit3 remained the most prevalent ransomware group in April, despite a 55% drop in its rate of detection since the beginning […] ]]> 2024-05-09T13:00:21+00:00 https://blog.checkpoint.com/security/april-2024s-most-wanted-malware-surge-in-androxgh0st-attacks-and-the-decline-of-lockbit3/ www.secnews.physaphae.fr/article.php?IdArticle=8496582 False Ransomware,Malware,Tool,Threat None 3.0000000000000000 Global Security Mag - Site de news francais revues de produits

---

Secureworks Brings AI-Powered Threat Prevention and Detection To The Network With Taegis NDR New solution empowers organizations to integrate their network with all security controls to mitigate risk - Product Reviews]]> 2024-05-09T11:58:39+00:00 https://www.globalsecuritymag.fr/secureworks-r-announced-the-release-of-secureworks-taegis-tm-ndr.html www.secnews.physaphae.fr/article.php?IdArticle=8496544 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Two security vulnerabilities have been discovered in F5 Next Central Manager that could be exploited by a threat actor to seize control of the devices and create hidden rogue administrator accounts for persistence. The remotely exploitable flaws "can give attackers full administrative control of the device, and subsequently allow attackers to create accounts on any F5 assets managed by the Next]]> 2024-05-09T11:41:00+00:00 https://thehackernews.com/2024/05/critical-f5-central-manager.html www.secnews.physaphae.fr/article.php?IdArticle=8496390 False Vulnerability,Threat None 3.0000000000000000 Bleeping Computer - Magazine Américain Dell is warning customers of a data breach after a threat actor claimed to have stolen information for approximately 49 million customers. [...]]]> 2024-05-09T11:21:59+00:00 https://www.bleepingcomputer.com/news/security/dell-warns-of-data-breach-49-million-customers-allegedly-affected/ www.secnews.physaphae.fr/article.php?IdArticle=8496646 False Data Breach,Threat None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Cyolo a annoncé un partenariat avec des dragos qui combine la visibilité et la détection de la menace OT avec un accès à distance sécurisé, la restauration ...

---

>Cyolo announced a partnership with Dragos that combines OT threat visibility and detection with secure remote access, catering... ]]> 2024-05-09T11:15:55+00:00 https://industrialcyber.co/news/cyolo-dragos-partner-to-unveil-holistic-secure-remote-access-offering-for-critical-infrastructure/ www.secnews.physaphae.fr/article.php?IdArticle=8496519 False Threat,Industrial None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Nozomi Networks and Mandiant, part of Google Cloud, announced Wednesday that they have expanded their global partnership to... ]]> 2024-05-09T11:09:44+00:00 https://industrialcyber.co/news/nozomi-mandiant-extend-alliance-to-boost-threat-detection-and-response-for-global-critical-infrastructure/ www.secnews.physaphae.fr/article.php?IdArticle=8496521 False Threat,Cloud None 3.0000000000000000 Global Security Mag - Site de news francais rapports spéciaux

---

Latest VIPRE Security Group Email Threat Trends Research Exposes Global Phishing and Malware Threat Landscape The US, UK, Ireland, and Japan emerge as the main source of spam; manufacturing, government, and IT sectors are most victimised; Pikabot top malware family - Special Reports]]> 2024-05-09T07:50:58+00:00 https://www.globalsecuritymag.fr/latest-vipre-security-group-email-threat-trends-research-exposes-global.html www.secnews.physaphae.fr/article.php?IdArticle=8496459 False Spam,Malware,Threat None 3.0000000000000000 ProofPoint - Cyber Firms 2024-05-09T06:00:11+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/tycoon-2fa-phishing-kit-mfa-bypass www.secnews.physaphae.fr/article.php?IdArticle=8496584 False Tool,Threat,Prediction,Cloud None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-05-09T00:49:06+00:00 https://community.riskiq.com/article/1f1ae96f www.secnews.physaphae.fr/article.php?IdArticle=8496261 False Ransomware,Malware,Tool,Threat,Prediction,Cloud None 3.0000000000000000 Dragos - CTI Society Les informations fournies ici proviennent de chasseurs d'adversaires et d'analystes de la cyber-menace de l'intelligence et des analystes qui effectuent des recherches sur l'adversaire ... Le post opérations du centre de données: les systèmes de refroidissement sontDes objectifs possibles pour la perturbation opérationnelle sont apparus pour la première fois sur dragos .

---

>Information provided here is sourced from Dragos OT Cyber Threat Intelligence adversary hunters and analysts who conduct research on adversary... The post Data Centre Operations: Cooling Systems Are Possible Targets for Operational Disruption  first appeared on Dragos.]]> 2024-05-08T23:00:00+00:00 https://www.dragos.com/blog/data-centre-operations-cooling-systems-are-possible-targets-for-operational-disruption/ www.secnews.physaphae.fr/article.php?IdArticle=8496186 False Threat,Industrial None 4.0000000000000000 Global Security Mag - Site de news francais revues de produits

---

SentinelOne® Redefines Cloud Security Company launches revolutionary CNAPP with unique Offensive Security Engine™ that thinks like a hacker to move beyond the theoretical and deliver Verified Exploit Paths™ - Product Reviews]]> 2024-05-08T21:28:20+00:00 https://www.globalsecuritymag.fr/sentinelone-launched-singularity-tm-cloud-native-security.html www.secnews.physaphae.fr/article.php?IdArticle=8496205 False Threat,Cloud None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot Juniper Threat Labs has reported that attackers are actively exploiting vulnerabilities in Ivanti Pulse Secure VPN appliances.  **Read more about Microsoft\'s coverage of [CVE-2023-46805 and CVE-2024-21887 here.](https://sip.security.microsoft.com/intel-profiles/cve-2023-46805)** ## Description The vulnerabilities, identified as CVE-2023-46805 and CVE-2024-21887, have been exploited to deliver the Mirai botnet, among other malware, posing a significant threat to network security worldwide. CVE-2023-46805 is a critical security flaw affecting Ivanti Connect Secure (ICS) and Ivanti Policy Secure gateways. This vulnerability allows remote attackers to bypass authentication mechanisms and gain unauthorized access to restricted resources. The second vulnerability, CVE-2024-21887, is a command injection flaw found in the web components of Ivanti Connect Secure and Ivanti Policy Secure. This vulnerability allows attackers to send specially crafted requests to execute arbitrary commands on the appliance. Attackers have used these vulnerabilities to deliver Mirai payloads through shell scripts.  Organizations using Ivanti Pulse Secure appliances are urged to apply the provided patches immediately and review their security posture to protect against these and future vulnerabilities. ## Recommendations As of January 31, 2024 Ivanti has released patches via the standard download portal for Ivanti Connect Secure (versions 9.1R14.4, 9.1R17.2, 9.1R18.3, 22.4R2.2 and 22.5R1.1) and ZTA version 22.6R1.3. Follow the [vendor\'s guide](https://forums.ivanti.com/s/article/How-to-The-Complete-Upgrade-Guide) to upgrade to a patched version. ## References "[Hackers Actively Exploiting Ivanti Pulse Secure Vulnerabilities](https://gbhackers.com/hackers-actively-exploiting/)" GBHackers. (Accessed 2024-05-08)]]> 2024-05-08T19:42:50+00:00 https://community.riskiq.com/article/2d95eb1b www.secnews.physaphae.fr/article.php?IdArticle=8496119 False Malware,Vulnerability,Threat None 3.0000000000000000 Bleeping Computer - Magazine Américain Zscaler says that they discovered an exposed "test environment" that was taken offline for analysis after rumors circulated that a threat actor was selling access to the company\'s systems. [...]]]> 2024-05-08T19:30:25+00:00 https://www.bleepingcomputer.com/news/security/zscaler-takes-test-environment-offline-after-rumors-of-a-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8496241 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A high-severity flaw impacting the LiteSpeed Cache plugin for WordPress is being actively exploited by threat actors to create rogue admin accounts on susceptible websites. The findings come from WPScan, which said that the vulnerability (CVE-2023-40000, CVSS score: 8.3) has been leveraged to set up bogus admin users with the names wpsupp‑user ]]> 2024-05-08T12:33:00+00:00 https://thehackernews.com/2024/05/hackers-exploiting-litespeed-cache-bug.html www.secnews.physaphae.fr/article.php?IdArticle=8495787 False Vulnerability,Threat None 2.0000000000000000 Kaspersky - Kaspersky Research blog As Anti-Ransomware Day approaches, Kaspersky shares insights into the ransomware threat landscape and trends in 2023, and recent anti-ransomware activities by governments and law enforcement.]]> 2024-05-08T10:00:40+00:00 https://securelist.com/state-of-ransomware-2023/112590/ www.secnews.physaphae.fr/article.php?IdArticle=8495815 False Ransomware,Threat,Legislation None 3.0000000000000000 ProofPoint - Cyber Firms 2024-05-08T06:00:27+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/spoofed-email-greater-impersonation-risk www.secnews.physaphae.fr/article.php?IdArticle=8495932 False Ransomware,Malware,Tool,Threat,Cloud None 3.0000000000000000 AhnLab - Korean Security Firm Ahnlab Security Intelligence Center (ASEC) a découvert des preuves d'une souche malveillante distribuée aux serveurs Web au sudLa Corée, conduisant les utilisateurs à un site de jeu illégal.Après avoir initialement infiltré un serveur Web Windows Information (IIS) des services d'information sur Internet (IIS) mal gérés en Corée, l'acteur de menace a installé la porte arrière de METERPRETRER, un outil de transfert de port et un outil de logiciel malveillant du module IIS.Ils ont ensuite utilisé ProCDump pour exfiltrater les informations d'identification du compte du serveur.Les modules IIS prennent en charge les fonctionnalités d'extension des serveurs Web tels que ...

---

AhnLab SEcurity intelligence Center (ASEC) has discovered evidence of a malware strain being distributed to web servers in South Korea, leading users to an illegal gambling site. After initially infiltrating a poorly managed Windows Internet Information Services (IIS) web server in Korea, the threat actor installed the Meterpreter backdoor, a port forwarding tool, and an IIS module malware tool. They then used ProcDump to exfiltrate account credentials from the server. IIS modules support expansion features of web servers such as... ]]> 2024-05-08T00:59:58+00:00 https://asec.ahnlab.com/en/65131/ www.secnews.physaphae.fr/article.php?IdArticle=8495572 False Malware,Tool,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The MITRE Corporation has offered more details into the recently disclosed cyber attack, stating that the first evidence of the intrusion now dates back to December 31, 2023. The attack, which came to light last month, singled out MITRE\'s Networked Experimentation, Research, and Virtualization Environment (NERVE) through the exploitation of two Ivanti Connect Secure zero-day]]> 2024-05-07T18:25:00+00:00 https://thehackernews.com/2024/05/china-linked-hackers-used-rootrot.html www.secnews.physaphae.fr/article.php?IdArticle=8495242 False Vulnerability,Threat None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial Dragos Inc. a annoncé un partenariat élargi avec CrowdStrike pour intégrer OT Threat Intelligence de la plate-forme Dragos dans ...

---

>Dragos Inc. announced an expanded partnership with CrowdStrike to integrate OT threat intelligence from the Dragos Platform into... ]]> 2024-05-07T16:42:00+00:00 https://industrialcyber.co/news/dragos-integrates-with-crowdstrike-falcon-next-gen-siem-for-threat-detection-in-ot-networks/ www.secnews.physaphae.fr/article.php?IdArticle=8495706 False Threat,Industrial None 3.0000000000000000 Checkpoint - Fabricant Materiel Securite Alors que les cybermenaces se développent rapidement, les entreprises peuvent faire confiance à un point de contrôle pour fournir des solutions accélérées de réseau et de cloud, en collaboration avec NVIDIA.En combinant l'expérience de Check Point \\ dans la prévention avancée des menaces avec les plates-formes informatiques accélérées de pointe de Nvidia \\, les entreprises peuvent obtenir la meilleure sécurité sur les réseaux les plus rapides.Vérifier la collaboration pluriannuelle de Point \\ avec NVIDIA s'étend sur trois domaines clés: Premièrement, la sécurisation de l'infrastructure de cloud AI propulsée par les unités de traitement des données Bluefield NVIDIA (DPU) pour aider les entreprises à développer et à déployer des applications généatives d'IA génératives.Deuxièmement, accélérer la sécurité du réseau en tirant parti de la plate-forme de réseautage NVIDIA ConnectX à haute vitesse pour l'inspection du pare-feu.Troisièmement, en utilisant des commutateurs intelligents [& # 8230;]

---

>As cyber threats expand rapidly, enterprises can trust Check Point to deliver accelerated network and cloud security solutions, in collaboration with NVIDIA. By combining Check Point\'s experience in advanced threat prevention with NVIDIA\'s cutting-edge accelerated computing platforms, enterprises can get the best security on the fastest networks. Check Point\'s multi-year collaboration with NVIDIA spans three key areas: First, securing the AI Cloud infrastructure powered by NVIDIA BlueField data processing units (DPUs) to help enterprises safely develop and deploy generative AI applications. Second, accelerating network security by leveraging the high-speed NVIDIA ConnectX networking platform for firewall inspection. Third, using intelligent switches […] ]]> 2024-05-07T16:32:56+00:00 https://blog.checkpoint.com/security/check-point-protects-enterprises-by-accelerating-security-for-networks-and-ai-cloud-infrastructure-in-collaboration-with-nvidia/ www.secnews.physaphae.fr/article.php?IdArticle=8495347 False Threat,Cloud None 3.0000000000000000 Global Security Mag - Site de news francais Produits]]> 2024-05-07T16:30:00+00:00 https://www.globalsecuritymag.fr/cloudflare-inc-annonce-cloudflare-for-unified-risk-posture.html www.secnews.physaphae.fr/article.php?IdArticle=8495262 False Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine A new report by Cato Networks found that exploiting old vulnerabilities in unpatched systems is one of threat actors\' favorite initial access vectors]]> 2024-05-07T16:22:00+00:00 https://www.infosecurity-magazine.com/news/log4j-top-exploited-vulnerabilities/ www.secnews.physaphae.fr/article.php?IdArticle=8495353 False Vulnerability,Threat None 3.0000000000000000 Global Security Mag - Site de news francais revues de produits

---

DoControl Unveils New Product Innovations: Identity Threat Detection and Response (ITDR) and SaaS Misconfigurations Management With these two groundbreaking capabilities, DoControl delivers a holistic SaaS Security Posture Management solution, safeguarding SaaS data, identities, connected apps, and configurations to mitigate sensitive data exposure and combat insider threats - Product Reviews]]> 2024-05-07T16:10:43+00:00 https://www.globalsecuritymag.fr/docontrol-introduces-identity-threat-detection-and-response.html www.secnews.physaphae.fr/article.php?IdArticle=8495368 False Threat,Cloud None 2.0000000000000000 Bleeping Computer - Magazine Américain The UK Government confirmed today that a threat actor recently breached the country\'s Ministry of Defence and gained access to part of the Armed Forces payment network. [...]]]> 2024-05-07T15:41:53+00:00 https://www.bleepingcomputer.com/news/security/uk-confirms-ministry-of-defence-payroll-data-exposed-in-data-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8495434 False Data Breach,Threat None 2.0000000000000000 IT Security Guru - Blog Sécurité Cyberison annonce la disponibilité de la défense de la menace mobile cyberéaison en réponse à l'augmentation des attaques sophistiquées d'appareils mobiles est apparu pour la première fois sur gourou de la sécurité informatique .

---

Cybereason has announced the availability of Cybereason Mobile Threat Defence, Powered by Zimperium. With the explosive growth in mobile devices and apps comes an ever-evolving attack surface. Research shows that 60% of endpoints accessing enterprise assets are through mobile devices, so threats to the attack surface aren’t slowing down. As we see continued growth toward […] The post Cybereason Announces the Availability of Cybereason Mobile Threat Defence in Response to Increases in Sophisticated Mobile Device Attacks first appeared on IT Security Guru. ]]> 2024-05-07T15:27:13+00:00 https://www.itsecurityguru.org/2024/05/07/cybereason-announces-the-availability-of-cybereason-mobile-threat-defence-in-response-to-increases-in-sophisticated-mobile-device-attacks/?utm_source=rss&utm_medium=rss&utm_campaign=cybereason-announces-the-availability-of-cybereason-mobile-threat-defence-in-response-to-increases-in-sophisticated-mobile-device-attacks www.secnews.physaphae.fr/article.php?IdArticle=8495311 False Threat,Mobile None 4.0000000000000000 Team Cymru - Equipe de Threat Intelligence User-friendly threat intelligence tool for IP and domain analysis If you are a SOC Analyst or Team Manager and are used to alert fatigue...]]> 2024-05-07T14:51:31+00:00 https://www.team-cymru.com/post/enhancing-soc-security-introducing-pure-signal-scout-insight www.secnews.physaphae.fr/article.php?IdArticle=8495275 False Tool,Threat None 3.0000000000000000 ProofPoint - Cyber Firms 2024-05-07T13:42:04+00:00 https://www.proofpoint.com/us/blog/security-awareness-training/qr-code-phishing-simulation www.secnews.physaphae.fr/article.php?IdArticle=8495238 False Tool,Vulnerability,Threat None 2.0000000000000000 IT Security Guru - Blog Sécurité Cyber Threat Research: les mauvaises pratiques de correction et les protocoles non cryptés continuent de hanter les entreprises Apparu pour la première fois sur gourou de la sécurité informatique .

---

Cato Networks, the SASE leader, today unveiled the findings of its inaugural Cato CTRL SASE Threat Report for Q1 2024. The report shows all organizations surveyed continue to run insecure protocols across their wide access networks (WAN), making it easier for cybercriminals to move across networks. Developed by Cato CTRL, the SASE leader\'s cyber threat intelligence […] The post Cyber Threat Research: Poor Patching Practices and Unencrypted Protocols Continue to Haunt Enterprises first appeared on IT Security Guru. ]]> 2024-05-07T13:34:29+00:00 https://www.itsecurityguru.org/2024/05/07/cyber-threat-research-poor-patching-practices-and-unencrypted-protocols-continue-to-haunt-enterprises/?utm_source=rss&utm_medium=rss&utm_campaign=cyber-threat-research-poor-patching-practices-and-unencrypted-protocols-continue-to-haunt-enterprises www.secnews.physaphae.fr/article.php?IdArticle=8495237 False Threat,Patching None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial La Fédération mondiale de la résilience (GRF) a annoncé lundi un nouveau partenariat avec HackNotice, un fournisseur de renseignements sur les menaces en temps réel ...

---

>Global Resilience Federation (GRF) announced on Monday a new partnership with HackNotice, a provider of real-time threat intelligence... ]]> 2024-05-07T13:15:10+00:00 https://industrialcyber.co/news/global-resilience-federation-hacknotice-partner-to-boost-cyber-intelligence-across-sectors/ www.secnews.physaphae.fr/article.php?IdArticle=8495247 False Threat None 2.0000000000000000 Kaspersky - Kaspersky Research blog The report provides vulnerability and exploit statistics, key trends, and analysis of interesting vulnerabilities discovered in Q1 2024.]]> 2024-05-07T10:00:39+00:00 https://securelist.com/vulnerability-report-q1-2024/112554/ www.secnews.physaphae.fr/article.php?IdArticle=8495122 False Vulnerability,Threat None 3.0000000000000000 Global Security Mag - Site de news francais revues de produits

---

Cequence Takes the Lead in Using Machine Learning to Tackle AI-Backed Attacks Enhancements to company\'s flagship Unified API Protection platform save 90% of security analysts\' time, enabling simultaneous threat hunting across multiple APIs - Product Reviews]]> 2024-05-07T07:30:27+00:00 https://www.globalsecuritymag.fr/cequence-announced-multiple-machine-learning-powered-advancements-to-its.html www.secnews.physaphae.fr/article.php?IdArticle=8495069 False Threat None 2.0000000000000000 Global Security Mag - Site de news francais Produits]]> 2024-05-07T07:20:11+00:00 https://www.globalsecuritymag.fr/f5-devoile-de-nouvelles-solutions-de-securite.html www.secnews.physaphae.fr/article.php?IdArticle=8495070 False Threat,Cloud None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Recorded Future\'s Alexander Leslie highlights the increasingly blurred lines between hacktivism, financial cybercrime and nation-state activities during the RSA Conference 2024]]> 2024-05-06T22:55:00+00:00 https://www.infosecurity-magazine.com/news/hacktivism-financial-gain-threat/ www.secnews.physaphae.fr/article.php?IdArticle=8494850 False Threat,Conference None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-05-06T19:54:46+00:00 https://community.riskiq.com/article/7c5aa156 www.secnews.physaphae.fr/article.php?IdArticle=8494794 False Malware,Vulnerability,Threat,Patching,Cloud APT 42 3.0000000000000000 ProofPoint - Cyber Firms 2024-05-06T17:05:52+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/malicious-links-stop-url-based-attacks-before-they-start www.secnews.physaphae.fr/article.php?IdArticle=8494490 False Ransomware,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-05-06T16:26:54+00:00 https://community.riskiq.com/article/157eab98 www.secnews.physaphae.fr/article.php?IdArticle=8494726 False Ransomware,Malware,Tool,Vulnerability,Threat None 2.0000000000000000 CybeReason - Vendor blog ]]> 2024-05-06T16:15:31+00:00 https://www.cybereason.com/blog/behind-closed-doors-the-rise-of-hidden-malicious-remote-access www.secnews.physaphae.fr/article.php?IdArticle=8494707 False Threat None 3.0000000000000000 MitnickSecurity - Former Hacker Services La récolte des diplômes, autrement connue sous le nom de compromis ou de vol d'identification des informations, peut être une cyber-menace très dévastatrice.Il se trouve également très réussi, comme sur 79% Les comptes d'entreprise ont été compromis par les acteurs de la menace utilisant des tactiques de récolte d'identification, telles que le phishing des informations d'identification.

---

Credential harvesting, otherwise known as credential compromising or credential theft, can be a highly devastating cyber threat. It also happens to be very successful, as over 79% of business accounts were compromised by threat actors using credential harvesting tactics, such as credential phishing.]]> 2024-05-06T14:31:18+00:00 https://www.mitnicksecurity.com/blog/credential-harvesting www.secnews.physaphae.fr/article.php?IdArticle=8494654 False Threat None 2.0000000000000000 Korben - Bloger francais 2024-05-06T14:14:36+00:00 https://korben.info/record-overclocking-9-ghz-raptor-lake-secrets-devoiles.html www.secnews.physaphae.fr/article.php?IdArticle=8494658 False Threat None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC ici . En 2022, j'ai fondé ma société de capital-investissement, Willjam Ventures, et depuis lors, nous avons tenu une expérience exceptionnelle à investir et à opérer les entreprises de cybersécurité de classe mondiale.Ce dernier investissement dans LevelBlue ne fait pas exception, ce qui témoigne de cet engagement.Nous sommes enthousiasmés par l'opportunité à venir pour LevelBlue.Ici & rsquo; s pourquoi: & # 9679; sa mission & ndash;pour simplifier la sécurité et faire de la cyber-résilience un résultat réalisable & ndash;est essentiel au succès des entreprises. Alors que les organisations continuent d'innover, des technologies telles que l'intelligence artificielle (IA) et le cloud computing créent un paysage de menace plus dynamique et élargi.Avec LevelBlue, les organisations n'ont plus besoin de sacrifier l'innovation avec la sécurité et le ndash;Ils réalisent les deux, avec confiance.Avec plus de 1 300 employés axés sur cette mission, LevelBlue propose des services de sécurité stratégiques, notamment des services de sécurité gérés primés, des conseils stratégiques expérimentés, des renseignements sur les menaces et des recherches révolutionnaires & ndash;Servir de conseiller de confiance pour les entreprises du monde entier. & # 9679; LevelBlue rassemble certains des esprits les plus talentueux et les plus brillants de la cybersécurité. Tout comme tout voyage, les organisations ne devraient pas se lancer dans leur voyage de cybersécurité seul.C'est là que LevelBlue entre en jeu. Chaque membre de notre équipe de conseil a en moyenne 15 ans d'expérience en cybersécurité, détenant les dernières certifications et connaissances en travaillant avec des organisations de différents types et tailles.Je suis également ravi d'être rejoint par Sundhar Annamalai, le président de LevelBlue, qui a plus de 20 ans d'expérience dans les services technologiques et l'exécution stratégique pour aider notre entreprise à de nouveaux sommets. & # 9679; La société a une histoire de longue date de la recherche de recherches à l'avenir et neutres. Les conseillers de confiance tiennent leurs clients informés sur les dernières tendances avant qu'elles ne se produisent, et c'est à cela que LevelBlue est le meilleur.Avec la plate-forme de renseignement sur les menaces de niveau Blue, ainsi que les rapports de recherche de l'industrie de l'entreprise (plus à venir sur ce blog), les clients peuvent rester en une étape avant les dernières cyber-menaces, tout en acquittent des informations précieuses sur la façon d'allouer correctement allouéRessources de cybersécurité. La cyber-résilience n'est pas facilement définie, et elle n'est pas facilement réalisable sans le soutien nécessaire.Les services de cybersécurité stratégiques de niveauBlue aideront à résoudre ce défi à une époque où il a le plus besoin.Nous avons la bonne équipe, la bonne technologie et au bon moment dans le temps & ndash;Je suis ravi pour le voyage à venir. Pour ceux de la conférence RSA, nous vous invitons à venir en savoir plus sur LevelBlue en visitant le stand # 6155 à Moscone North Expo.Nous sommes impatients de nous présenter à vous.

---

Today is a monumental day for the cybersecurity industry. Live from RSA Conference 2024, I’m excited to introduce LevelBlue – a joint venture with AT&T and WillJam Ventures, to form a new, standalone managed security services busines]]> 2024-05-06T14:05:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/introducing-levelblue-elevating-business-confidence-by-simplifying-security www.secnews.physaphae.fr/article.php?IdArticle=8496673 False Threat,Cloud,Conference None 3.0000000000000000 Global Security Mag - Site de news francais Produits]]> 2024-05-06T13:19:30+00:00 https://www.globalsecuritymag.fr/opentext-tm-annonce-de-nouvelles-solutions.html www.secnews.physaphae.fr/article.php?IdArticle=8494632 False Threat None 2.0000000000000000 Fortinet - Fabricant Materiel Securite In this report, we examine the cyberthreat landscape in 2H 2023 to identify trends and offer insights on what security professionals should know.]]> 2024-05-06T13:00:00+00:00 https://www.fortinet.com/blog/threat-research/key-findings-2h-2023-fortiguard-labs-threat-report www.secnews.physaphae.fr/article.php?IdArticle=8494624 False Threat None 3.0000000000000000 Checkpoint Research - Fabricant Materiel Securite Pour les dernières découvertes en cyberLes meilleures attaques et violations dans une déclaration conjointe avec l'Allemagne et l'OTAN, la République tchèque a découvert une campagne de cyber-espionnage par l'acteur affilié à l'État russe APT28.Ces cyberattaques ont ciblé les institutions tchèques utilisant une nouvelle vulnérabilité dans Microsoft [& # 8230;]

---

>For the latest discoveries in cyber research for the week of 29th April, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES In a joint statement with Germany and NATO, the Czech Republic uncovered a cyber espionage campaign by Russian state affiliated actor APT28. These cyber-attacks targeted Czech institutions using a new vulnerability in Microsoft […] ]]> 2024-05-06T11:21:36+00:00 https://research.checkpoint.com/2024/6th-may-threat-intelligence-report/ www.secnews.physaphae.fr/article.php?IdArticle=8494575 False Vulnerability,Threat APT 28 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial La Tchéche conjointement avec l'Allemagne, la Lituanie, la Pologne, la Slovaquie, la Suède, l'Union européenne, l'OTAN et les partenaires internationaux condamnent le ...

---

>The Czechia jointly with Germany, Lithuania, Poland, Slovakia, Sweden, the European Union, NATO, and international partners condemns the... ]]> 2024-05-06T11:07:37+00:00 https://industrialcyber.co/critical-infrastructure/russian-apt28-hackers-exploit-outlook-flaw-to-target-czech-german-polish-organizations/ www.secnews.physaphae.fr/article.php?IdArticle=8494573 False Threat APT 28 4.0000000000000000 Global Security Mag - Site de news francais Produits]]> 2024-05-06T09:20:57+00:00 https://www.globalsecuritymag.fr/eset-etend-sa-gamme-de-services-manages-mdr-aux-pme-et-aux-grandes-entreprises.html www.secnews.physaphae.fr/article.php?IdArticle=8494523 False Threat,Mobile None 2.0000000000000000 ProofPoint - Firm Security 2024-05-06T09:04:02+00:00 https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-sets-new-industry-standard-with-adaptive-threat-protection-capabilities www.secnews.physaphae.fr/article.php?IdArticle=8495517 False Threat None 2.0000000000000000 Global Security Mag - Site de news francais Produits]]> 2024-05-06T08:49:27+00:00 https://www.globalsecuritymag.fr/cybereason-annonce-la-disponibilite-de-cybereason-mobile-threat-defense.html www.secnews.physaphae.fr/article.php?IdArticle=8494497 False Threat,Mobile None 2.0000000000000000 ProofPoint - Cyber Firms 2024-05-06T07:54:03+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/genai-powering-latest-surge-modern-email-threats www.secnews.physaphae.fr/article.php?IdArticle=8494488 False Ransomware,Data Breach,Tool,Vulnerability,Threat ChatGPT 3.0000000000000000 ProofPoint - Cyber Firms 2024-05-06T05:52:32+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/email-security-now-redefined-adaptive-threat-protection-capabilities www.secnews.physaphae.fr/article.php?IdArticle=8494489 False Ransomware,Malware,Threat,Conference None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Les environnements industriels sont confrontés à une menace croissante des logiciels malveillants et des attaques de ransomwares, posant des risques importants à l'infrastructure critique, à la fabrication ...

---

>Industrial environments face a growing threat from malware and ransomware attacks, posing significant risks to critical infrastructure, manufacturing... ]]> 2024-05-05T06:13:39+00:00 https://industrialcyber.co/features/growing-threat-of-malware-and-ransomware-attacks-continues-to-put-industrial-environments-at-risk/ www.secnews.physaphae.fr/article.php?IdArticle=8493927 False Ransomware,Malware,Threat,Industrial None 3.0000000000000000 SkullSecurity - Blog Sécu cant-give-in, cant-give-in-secure, and cant-give-in-securer are to learn how to exploit and debug compiled code that\'s loaded as a CGI module. You might think that\'s unlikely, but a surprising number of enterprise applications (usually hardware stuff - firewalls, network “security” appliances, stuff like that) is powered by CGI scripts. You never know! This challenge was inspired by one of my co-workers at GreyNoise asking how to debug a CGI script. I thought it\'d be cool to make a multi-challenge series in case others didn\'t know! This write-up is intended to be fairly detailed, to help new players understand their first stack overflow! Part 1: cant-give-in The vulnerability First, let\'s look at the vuln! All three challenges have pretty similar vulnerabilities, but here\'s what the first looks like: char *strlength = getenv("CONTENT_LENGTH"); if(!strlength) { printf("ERROR: Please send data!"); exit(0); } int length = atoi(strlength); read(fileno(stdin), data, length); if(!strcmp(data, "password=MyCoolPassword")) { printf("SUCCESS: authenticated successfully!"); } else { printf("ERROR: Login failed!"); } The way CGI works - a fact that I\'d forgotten since learning Perl like 20 years ago - is that the headers are processed by Apache and sent to the script as environmental variables, and the body (ie, POST data) is sent on stdin. In that script, we read the Content-Length from a variable, then read that many bytes of the POST body into a static buffer. That\'s a fairly standard buffer overflow, with the twist that it\'s in a CGI application! We can demonstrate the issue pretty easily by running the CGI directly (I\'m using dd to produce 200 characters without cluttering up the screen): ]]> 2024-05-05T00:00:00+00:00 https://www.skullsecurity.org/bsidessf-2024/ctfs/2024/05/05/cant-give-in.html www.secnews.physaphae.fr/article.php?IdArticle=8494287 False Tool,Vulnerability,Threat None 3.0000000000000000 SkullSecurity - Blog Sécu turing-complete, turing-incomplete, and turing-incomplete64 from the BSides San Francisco 2024 CTF! turing-complete is a 101-level reversing challenge, and turing-incomplete is a much more difficult exploitation challenge with a very similar structure. turing-incomplete64 is a 64-bit version of turing-incomplete, which isn\'t necessarily harder, but is different. Let\'s look at the levels! turing-complete My ideas doc said “Turing Machine?” from a long time ago. I don\'t really remember what I was thinking, but what I decided was to make a simple reversing challenge with a finite tape and 4 operations - go left, go right, read, and write. All commands and responses are binary (1s and 0s), which is hinted at by the instructions being a series of binary bits. The actual main loop, in C, is quite simple: uint8_t tape[128]; // ...write the flag to the tape... for(;;) { uint8_t a = r(); if(a == 2) break; uint8_t b = r(); if(b == 2) break; if(a == 0 && b == 0) { ptr++; } else if(a == 0 && b == 1) { ptr--; } else if(a == 1 && b == 0) { printf("%08b", ]]> 2024-05-05T00:00:00+00:00 https://www.skullsecurity.org/bsidessf-2024/ctfs/2024/05/05/turing-complete.html www.secnews.physaphae.fr/article.php?IdArticle=8494291 False Threat None 3.0000000000000000 SkullSecurity - Blog Sécu Safer Streets. I apparently wrote this in more “note to self” style, not blog style, so enjoy! First, browse the application. You should be able to create an error: $ curl \'http://localhost:8080/display?name=test\' Error in script /app/server.rb: No such file or directory @ rb_sysopen - /app/data/test Note that has a image/jpeg content-type, so it might confuse the browser. That issue grants access to two primitives: a) Read any file via path traversal b) The full path to the server For example: $ curl -s \'http://localhost:8080/display?name=../server.rb\' | head -n20 require \'json\' require \'sinatra\' require \'pp\' require \'singlogger\' require \'open3\' ::SingLogger.set_level_from_string(level: ENV[\'log_level\'] || \'debug\') LOGGER = ::SingLogger.instance() # Ideally, we set all these in the Dockerfile set :bind, ENV[\'HOST\'] || \'0.0.0.0\' set :port, ENV[\'PORT\'] || \'8080\' SAFER_STREETS_PATH = ENV[\'SAFER_STREETS\'] || \'/app/safer-streets\' SCRIPT = File.expand_path(__FILE__) LOGGER.info("Checking for required binaries...") if File.exist?(SAFER_STREETS_PATH) LOGGER.info("* Found `safer-streets` binary: #{ SAFER_STREETS_PATH }") [...] You can grab the safer-streets binary as well: $ curl -s \'http://localhost:8080/display?name=../../../app/safer-streets\' | file - /dev/stdin: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=fa512a55e0fbc8c4ad80483379826183f29ce161, for GNU/Linux 3.2.0, with debug_info, not stripped Inspecting the Ruby code shows an shell-injection issue if you control the output of safer-streets: system("/usr/bin/report-infraction --node=\'#{result[\'node\']}\' --img=\'#{photo}\'") You can reverse or mess with the binary to dis]]> 2024-05-05T00:00:00+00:00 https://www.skullsecurity.org/bsidessf-2024/ctfs/2024/05/05/safer-streets.html www.secnews.physaphae.fr/article.php?IdArticle=8494289 False Threat None 3.0000000000000000 Techworm - News hackers russes ne ralentissent pas dans les cyberattaques. L'attaque présumée s'est produite contre le Parti social-démocrate (SPD).Leurs comptes de messagerie ont été compromis dans l'attaque. Cette saga de piratage a commencé il y a plus de deux ans pendant la guerre russe-Ukraine et elle a progressivement augmenté au cours du temps. comment il a commencé Un groupe appelé APT28, également connu sous le nom de Fancy Bear, qui aurait des liens avec le gouvernement russe, a été accusé d'avoir fait de nombreuses cyberattaques partout dans le monde, y compris en Allemagne et quelques entités tchèques. Ils ont trouvé un Vulnérabilité Dans Microsoft Outlook et l'utiliser pour entrer dans les e-mails SPD. La vulnérabilité, un CVE-2023-23397 zéro-jour, est un bogue d'escalade de privilège essentiel dans Outlook qui pourrait permettre aux attaquants d'accéder aux hachages net-ntlmv2, puis de les utiliser pour s'authentifier à l'aide d'une attaque de relais. Le gouvernement allemand dit que non seulement le SPD mais aussi les entreprises allemandes en défense et en aérospatiale. Il comprenait également des objectifs de technologie de l'information, ainsi que des choses liées à la guerre en Ukraine. Ces cyberattaques ont commencé vers mars 2022, après que la Russie ait envahi l'Ukraine. Le gouvernement allemand a allégué que le service de renseignement militaire de la Russie, Gru, était derrière ces attaques. Ils ont même convoqué un diplomate russe en réponse à ces accusations. La Russie a nié les allégations La Russie a nié les allégations et appelé les accusations comme & # 8220; non fondée et sans fondement & # 8221;. Le gouvernement dirigé par Poutine a nié des cyber-incidences similaires aux actes parrainés par l'État dans le passé. L'Occident a été rigide dans son récit de l'implication de la Russie dans les cyberattaques depuis des décennies maintenant. pas le premier rodéo Récemment, le ministre australien des Affaires étrangères a rejoint d'autres pays en disant que l'APT28, qui serait lié à la Russie, était derrière certaines cyberattaques. Ce n'est pas la première fois que les pirates russes sont accusés d'espionnage de l'Allemagne. En 2020, Angela Merkel, qui était la chancelière de l'Allemagne à l'époque, a accusé la Russie de l'espionner. Un incident majeur imputé aux pirates russes a été en 2015 lorsqu'ils ont attaqué le Parlement de l'Allemagne, ce qui l'a fait fermer pendant des jours. ]]> 2024-05-04T21:52:07+00:00 https://www.techworm.net/2024/05/russian-cyberattack-germany-czechoslovakia.html www.secnews.physaphae.fr/article.php?IdArticle=8493664 False Hack,Vulnerability,Threat APT 28 3.0000000000000000 Bleeping Computer - Magazine Américain The Iranian state-backed threat actor tracked as APT42 is employing social engineering attacks, including posing as journalists, to breach corporate networks and cloud environments of Western and Middle Eastern targets. [...]]]> 2024-05-04T10:17:34+00:00 https://www.bleepingcomputer.com/news/security/iranian-hackers-pose-as-journalists-to-push-backdoor-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8493646 False Malware,Threat,Cloud APT 42 3.0000000000000000 Techworm - News a dit , & # 8220; Les implications de ce modèle de vulnérabilité incluent l'exécution de code arbitraire et le vol de jeton, selon une implémentation d'application. & # 8221; Il a ajouté: «L'exécution de code arbitraire peut fournir à un acteur de menace un contrôle total sur le comportement d'une application.Pendant ce temps, le vol de jeton peut fournir à un acteur de menace un accès aux comptes et aux données sensibles de l'utilisateur. » La découverte a affecté plusieurs applications vulnérables dans le Google Play Store, représentant plus de quatre milliards d'installations. Deux des applications trouvées vulnérables au problème comprenaient le gestionnaire de fichiers Xiaomi Inc. (com.mi. Android.globalFileExplorer), qui compte plus de 1 milliard d'installations, et WPS Office (CN.WPS.MOFFICE_ENG), qui a plus que500 millions de téléchargements. Le système d'exploitation Android applique l'isolement en attribuant à chaque application ses propres données et espace mémoire dédiées, en particulier le composant du fournisseur de contenu et sa classe \\ 'fileprovider \', qui facilite les données sécurisées et le partage de fichiers avec d'autres applications installées. Lorsqu'il est implémenté de manière incorrecte, il pourrait introduire des vulnérabilités qui pourraient permettre de contourner les restrictions de lecture / écriture dans le répertoire personnel d'une application. & # 8220; Ce modèle basé sur les fournisseurs de contenu fournit un mécanisme de partage de fichiers bien défini, permettant à une application de service de partager ses fichiers avec d'autres applications de manière sécurisée avec un contrôle à grain fin, & # 8221;Valsamaras noté. & # 8220; Cependant, nous avons fréquemment rencontré des cas où l'application consommatrice ne valide pas le contenu du fichier qu'il reçoit et, le plus préoccupant, il utilise le nom de fichier fourni par la demande de service pour mettre en cache le reçueFichier dans le répertoire de données interne de l'application consommatrice. & # 8221; L'exécution du code malveillant peut être obtenue en permettant à un acteur de menace d'avoir le contrôle total sur le comportement d'une application et de la faire communiquer avec un serveur sous leur contrôle pour accéder aux données sensibles. Dans le cadre de la politique de divulgation responsable de Microsoft \\, la société a partagé ses conclusions avec les développeurs d'applications Android qui ont été affectées par Dirty Stream.Par exemple, les équipes de sécurité de Xiaomi, Inc. et WPS ont déjà enquêté et résolu le problème. Cependant, la société estime que davantage de demandes pourraient être affectées et probablement compromises en raison de la même faiblesse de sécurité.Par conséquent, il recommande que tous les développeurs analysent ses recherches et s'assurent que leurs produits ne sont pas affectés. & # 8220; Nous prévoyons que le modèle de vulnérabilité pourrait être trouvé dans d'autres applications.Nous partageons cette recherche afin que les développeurs et les éditeurs puissent vérifier leurs applications pour des problèmes similaires, réparer ]]> 2024-05-03T22:08:47+00:00 https://www.techworm.net/2024/05/billion-android-vulnerable-apps-installed.html www.secnews.physaphae.fr/article.php?IdArticle=8493097 False Vulnerability,Threat,Mobile None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot Researchers at Zscaler have published a report about the evolution of ZLoader, a modular banking trojan, and its new evasion tactics. Check out Microsoft\'s write-up on ZLoader [here](https://sip.security.microsoft.com/intel-profiles/cbcac2a1de4e52fa5fc4263829d11ba6f2851d6822569a3d3ba9669e72aff789). ## Description ZLoader, also known as Terdot, DELoader, or Silent Night, is a modular Trojan derived from leaked ZeuS source code. After nearly two years of absence, ZLoader resurfaced in September 2023 with a new version incorporating changes to its obfuscation methods, domain generation algorithm (DGA), and network communication. Recently, it has reintroduced an anti-analysis mechanism reminiscent of the original ZeuS 2.x code. This feature limits ZLoader\'s binary execution to the infected system, a trait that had been abandoned by many malware strains derived from the leaked source code until this recent development. ## Detections Microsoft Defender Antivirus detects threat components as the following malware: - Trojan:Win64/ZLoader - Trojan:Win32/ZLoader ## References [ZLoader Learns Old Tricks](https://www.zscaler.com/blogs/security-research/zloader-learns-old-tricks#indicators-of-compromise--iocs-). Zscaler (accessed (2024-05-03) [ZLoader](https://sip.security.microsoft.com/intel-profiles/cbcac2a1de4e52fa5fc4263829d11ba6f2851d6822569a3d3ba9669e72aff789). Microsoft (accessed 2024-05-03) # ZLZLoaderoader]]> 2024-05-03T21:17:42+00:00 https://community.riskiq.com/article/0d7c21ec www.secnews.physaphae.fr/article.php?IdArticle=8493230 False Malware,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot FortiGuard Labs has identified the emergence of the "Goldoon" botnet, which targets D-Link devices by exploiting the CVE-2015-2051 vulnerability. This allows attackers to gain complete control of vulnerable systems and launch further attacks, including distributed denial-of-service (DDoS). ## Description The botnet\'s initial infiltration involves the exploitation of CVE-2015-2051 to download a file "dropper" from a specific URL, which then downloads the botnet file using an XOR key to decrypt specific strings. The "dropper" script is programmed to automatically download, execute, and clean up potentially malicious files across various Linux system architectures. After execution, the script removes the executed file and then deletes itself to erase any trace of its activity. Once executed, Goldoon establishes a persistent connection with its Command and Control (C2) server and waits for commands to launch related behaviors, including various denial-of-service attacks. The malware contains 27 different methods related to various attacks, posing a significant threat to affected organizations. These methods include ICMP Flooding, TCP Flooding, UDP Flooding, DNS Flooding, HTTP Bypass, HTTP Flooding, and Minecraft DDoS Attack. ## References "[New Goldoon Botnet Targeting D-Link Devices](https://www.fortinet.com/blog/threat-research/new-goldoon-botnet-targeting-d-link-devices)" FortiGuard Labs. (Accessed 2024-05-03)]]> 2024-05-03T20:21:03+00:00 https://community.riskiq.com/article/de08653e www.secnews.physaphae.fr/article.php?IdArticle=8493201 False Malware,Vulnerability,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot Cybersecurity professionals at GBHackers have discovered a series of cyberattacks targeting poorly managed Microsoft SQL (MS-SQL) servers to install Mallox Ransomware on systems. **Read more about Microsoft\'s coverage for [Mallox Ransomware here.](https://sip.security.microsoft.com/intel-profiles/7fbe39c998c8a495a1652ac6f8bd34852c00f97dc61278cafc56dca1d443131e)** ## Description The threat actor group\'s modus operandi involves exploiting vulnerabilities in improperly managed MS-SQL servers. By employing brute force and dictionary attacks, the attackers gain unauthorized access, primarily targeting the SA (System Administrator) account.  Once inside, they deploy the Remcos Remote Access Tool (RAT) to take control of the infected system. Remcos RAT, initially used for system breach and control, has been repurposed by attackers for malicious activities, featuring capabilities such as keylogging, screenshot capture, and control over webcams and microphones.  Additionally, a custom-made remote screen control malware is deployed, allowing attackers to gain access to the infected system using the AnyDesk ID obtained from the command and control server. Mallox ransomware, known for targeting MS-SQL servers, was then installed to encrypt the system.  Mallox ransomware, utilizes AES-256 and SHA-256 encryption algorithms, appending a ".rmallox" extension to encrypted files. The attack patterns observed in this campaign bear a striking resemblance to ]]> 2024-05-03T20:14:15+00:00 https://community.riskiq.com/article/f5f3ecc6 www.secnews.physaphae.fr/article.php?IdArticle=8493202 False Ransomware,Malware,Tool,Vulnerability,Threat,Technical None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In today\'s rapidly evolving digital landscape, the threat of Distributed Denial of Service (DDoS) attacks looms more significant than ever. As these cyber threats grow in sophistication, understanding and countering them becomes crucial for any business seeking to protect its online presence. To address this urgent need, we are thrilled to announce our upcoming webinar, "Uncovering Contemporary]]> 2024-05-03T18:23:00+00:00 https://thehackernews.com/2024/05/expert-led-webinar-learn-latest-ddos.html www.secnews.physaphae.fr/article.php?IdArticle=8492990 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors have been increasingly weaponizing Microsoft Graph API for malicious purposes with the aim of evading detection. This is done to "facilitate communications with command-and-control (C&C) infrastructure hosted on Microsoft cloud services," the Symantec Threat Hunter Team, part of Broadcom, said in a report shared with The Hacker News.]]> 2024-05-03T18:05:00+00:00 https://thehackernews.com/2024/05/hackers-increasingly-abusing-microsoft.html www.secnews.physaphae.fr/article.php?IdArticle=8492991 False Malware,Threat,Cloud None 3.0000000000000000 Dark Reading - Informationweek Branch Patch now: Cyberattackers are exploiting CVE-2023-7028 (CVSS 10) to take over and lock users out of GitLab accounts, steal source code, and more.]]> 2024-05-03T16:19:34+00:00 https://www.darkreading.com/application-security/critical-gitlab-bug-exploit-account-takeover-cisa www.secnews.physaphae.fr/article.php?IdArticle=8493077 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. government on Thursday published a new cybersecurity advisory warning of North Korean threat actors\' attempts to send emails in a manner that makes them appear like they are from legitimate and trusted parties. The joint bulletin was published by the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Department of State. "The]]> 2024-05-03T15:07:00+00:00 https://thehackernews.com/2024/05/nsa-fbi-alert-on-n-korean-hackers.html www.secnews.physaphae.fr/article.php?IdArticle=8492888 False Threat None 2.0000000000000000 Bleeping Computer - Magazine Américain ​NATO and the European Union, with international partners, formally condemned a long-term cyber espionage campaign against European countries conducted by the Russian threat group APT28. [...]]]> 2024-05-03T11:47:35+00:00 https://www.bleepingcomputer.com/news/security/nato-and-eu-condemn-russias-cyberattacks-against-germany-czechia/ www.secnews.physaphae.fr/article.php?IdArticle=8493049 False Threat APT 28 3.0000000000000000 Techworm - News KB503441 (sur Windows 10) et kb5034440 (sur Windows 11) Dans l'environnement de récupération de Windows (winre). Cependant, l'installation de la mise à jour KB5034441 a commencé à afficher le message d'erreur & # 8220; 0x80070643 & # 8211;Error_install_failure & # 8221;, qui indiquait une taille de partition Winre insuffisante. Les appareils & # 8220; tentant d'installer la mise à jour de l'environnement de récupération de Windows de janvier 2024 (KB5034441) peuvent afficher une erreur liée à la taille de la partition de l'environnement de récupération.Nous travaillons sur une résolution et fournirons une mise à jour dans une version à venir, & # 8221;Microsoft a déclaré dans une mise à jour du tableau de bord Health Windows en janvier 2024. La société a même confirmé que les appareils Windows sans environnement de récupération configurés n'ont pas besoin d'installer la mise à jour KB5034441 et peuvent ignorer l'erreur. Cependant, Microsoft a maintenant reconnu que, au moins sur Windows 10, une résolution automatique pour ce problème n'a pas été disponible dans une future mise à jour Windows, et la seule façon de résoudre ce problème est de terminer l'installation manuellement. Dans une mise à jour du tableau de bord Health Windows, Microsoft.-2024-windows-re-update-might-fail-to-install "data-wpel-link =" external "rel =" nofollow nopenner noreferrer "> dit : Résolution : La résolution automatique de ce numéro sera disponible dans une future mise à jour Windows.Des étapes manuelles sont nécessaires pour terminer l'installation de cette mise à jour sur les appareils qui connaissent cette erreur. La partition Winre nécessite 250 mégaoctets d'espace libre.Les appareils qui n'ont pas d'espace libre suffisant devront augmenter la taille de la partition via une action manuelle.Pour obtenir des conseils sur la réalisation de ce changement, passez en revue les ressources suivantes: Un script de code peut être utilisé pour étendre la taille de partition.Un exemple de script a été fourni dans la documentation pour ajouter un package de mise à jour à Winre.Voir étendez la partition de Windows re . Les conseils pour modifier manuellement la taille de la partition Winre peuvent en outre être trouvés dans KB5028997: Instructions pour redimensionner manuellement votre partition pour installer la mise à jour Winre. L'achèvement de ces étapes manuelles permettra à l'installation de cette mise à jour de réussir.

---

On January]]> 2024-05-02T21:51:39+00:00 https://www.techworm.net/2024/05/microsoft-fix-windows-10-kb5034441-0x80070643-error.html www.secnews.physaphae.fr/article.php?IdArticle=8492515 False Vulnerability,Threat TYPEFRAME 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot Infoblox published an analysis of a threat actor group dubbed Muddling Meerkat, suspected to be a nation-state actor affiliated with China, conducting sophisticated and long-running operations through the Domain Name System (DNS). ## Description Muddling Meerkat\'s approach centers around hijacking internet traffic through sophisticated DNS manipulation techniques, primarily by generating an extensive volume of DNS queries distributed widely via open DNS resolvers. This tactic allows them to exert control over internet traffic, directing it according to their objectives. Unlike conventional denial-of-service attacks aimed at causing service disruptions, Muddling Meerkat\'s primary goal appears to be the manipulation and redirection of internet traffic, highlighting a strategic rather than disruptive motive. Their activities, which began at least as early as October 2019, demonstrate a sustained and methodical approach by the group. The level of expertise displayed in DNS manipulation indicates a profound understanding of network infrastructure and DNS protocols, reflecting a sophisticated and well-re]]> 2024-05-02T19:30:20+00:00 https://community.riskiq.com/article/b6049233 www.secnews.physaphae.fr/article.php?IdArticle=8492593 False Threat None 3.0000000000000000 Techworm - News cve-2023-7028 (Score CVSS: 10) permet à un acteur de menace de déclencher des e-mails de réinitialisation du mot de passe à envoyer des adresses e-mail arbitraires et non vérifiées, en fin de compte de reprise du compte sans interaction utilisateur. De plus, l'exploitation réussie de la vulnérabilité pourrait également conduire à des attaques de chaîne d'approvisionnement en insérant du code malveillant dans des environnements CI / CD (intégration continue / déploiement continu). Bien que ceux qui ont l'authentification à deux facteurs (2FA) activé sont vulnérables à la réinitialisation du mot de passe, ils ne sont cependant pas vulnérables à la prise de contrôle des comptes, car leur deuxième facteur d'authentification est requis pour se connecter. Par conséquent, il est essentiel de patcher les systèmes où les comptes ne sont pas protégés par cette mesure de sécurité supplémentaire. Le bogue CVE-2023-7028 découvert dans Gitlab Community Edition (CE) et Enterprise Edition (EE) affectent toutes les versions de 16.1 avant 16.1.6, 16.2 avant 16.2.9, 16.3 avant 16.3.7, 16.4Avant 16.4.5, 16.5 avant 16.5.6, 16.6 avant 16.6.4 et 16.7 avant 16.7.2. La faille a été traitée dans les versions Gitlab 16.7.2, 16.6.4 et 16.5.6, et les correctifs ont été recouverts aux versions 16.1.6, 16.2.9 et 16.3.7. gitLab a a dit Il n'a détecté aucun abus de vulnérabilité CVE-2023-7028 sur les plateformes gérées parGitLab, y compris Gitlab.com et GitLab Dédié des instances. Cependant, le service de surveillance des menaces, la ShadowServer Foundation, a trouvé plus de 5 300 cas de serveurs Gitlab exposés à des attaques de rachat de compte zéro clique en janvier (les correctifs de sécurité de la semaine ont été publiés), un nombre qui n'a diminué que de 55 seulement 55% à partir de mardi. La CISA a confirmé que la vulnérabilité CVE-2023-7028 était activement exploitée dans les attaques et a demandé aux agences fédérales américaines de sécuriser leurs systèmes jusqu'au 22 mai 2024, ou de supprimer l'utilisation du produit si les atténuations ne sont pas disponibles. ]]> 2024-05-02T19:13:15+00:00 https://www.techworm.net/2024/05/hackers-reset-gitlab-password-email.html www.secnews.physaphae.fr/article.php?IdArticle=8492431 False Ransomware,Vulnerability,Threat None 3.0000000000000000 Global Security Mag - Site de news francais nouvelles commerciales

---

Guardz Partners with SuperOps to Offer MSPs Optimized Cybersecurity for their SMB Clients SuperOps and Guardz are safeguarding MSPs and fortifying businesses amidst the alarming cybersecurity threat surge - Business News]]> 2024-05-02T18:28:56+00:00 https://www.globalsecuritymag.fr/guardz-partners-with-superops.html www.secnews.physaphae.fr/article.php?IdArticle=8492564 False Threat None 1.00000000000000000000 Dark Reading - Informationweek Branch Threat actor dropped in to Dropbox Sign production environment and accessed emails, passwords, and other PII, along with APIs, OAuth, and MFA info.]]> 2024-05-02T18:05:03+00:00 https://www.darkreading.com/application-security/dropbox-breach-exposes-customer-credentials-authentication-data www.secnews.physaphae.fr/article.php?IdArticle=8492545 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cloud storage services provider Dropbox on Wednesday disclosed that Dropbox Sign (formerly HelloSign) was breached by unidentified threat actors, who accessed emails, usernames, and general account settings associated with all users of the digital signature product. The company, in a filing with the U.S. Securities and Exchange Commission (SEC), said it became aware of the "]]> 2024-05-02T15:49:00+00:00 https://thehackernews.com/2024/05/dropbox-discloses-breach-of-digital.html www.secnews.physaphae.fr/article.php?IdArticle=8492326 False Threat,Cloud None 3.0000000000000000 Wired Threat Level - Security News Outabox, an Australian firm that scanned faces for bars and clubs, suffered a breach that shows the problems with giving companies your biometric data.]]> 2024-05-02T15:24:21+00:00 https://www.wired.com/story/outabox-facial-recognition-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8492464 False Threat None 4.0000000000000000 IndustrialCyber - cyber risk firms for industrial Les agences mondiales de cybersécurité émettent une alerte critique concernant la menace immédiate pour les systèmes de technologie opérationnelle (OT) posés par ...

---

>Global cybersecurity agencies issue a critical alert regarding the immediate threat to operational technology (OT) systems posed by... ]]> 2024-05-02T12:18:16+00:00 https://industrialcyber.co/cisa/global-cybersecurity-agencies-issue-alert-on-threat-to-ot-systems-from-pro-russia-hacktivist-activity/ www.secnews.physaphae.fr/article.php?IdArticle=8492381 False Threat,Industrial None 4.0000000000000000 The Security Ledger - Blog Sécurité

---

Host Paul Roberts speaks with Jim Broome, the CTO and President of DirectDefense about the evolution of cybersecurity threats and how technologies like AI are reshaping the cybersecurity landscape and the work of defenders and Managed Security Service Providers (MSSPs). The post Spotlight Podcast: How AI Is Reshaping The Cyber Threat Landscape...Read the whole entry... »Click the icon below to listen. ]]> 2024-05-02T11:03:00+00:00 https://feeds.feedblitz.com/~/891365939/0/thesecurityledger~Spotlight-Podcast-How-AI-Is-Reshaping-The-Cyber-Threat-Landscape/ www.secnews.physaphae.fr/article.php?IdArticle=8492352 False Threat None 2.0000000000000000 The State of Security - Magazine Américain With cybersecurity, the digital battlegrounds stretch across the vast expanse of the internet. On the one side, we have increasingly sophisticated and cunning adversaries. On the other, skilled cybersecurity practitioners who are desperate to protect their companies\' assets at all costs. One fundamental truth rings clear: it\'s an ongoing and relentless battle of wits. Much like modern-day mercenaries, bad actors are armed with an arsenal of sophisticated tools and threats , continually looking for any chinks in the security armor to exploit. Their objectives range from financial gain and fraud...]]> 2024-05-02T03:20:36+00:00 https://www.tripwire.com/state-of-security/cybersecurity-battle-wits www.secnews.physaphae.fr/article.php?IdArticle=8492267 False Tool,Threat None 2.0000000000000000 Techworm - News avertir dans un article de blog . «La seiche est en attente, reniflant passivement les paquets, n'agissant que lorsqu'il est déclenché par un ensemble de règles prédéfini.Le renifleur de paquets utilisé par la seiche a été conçu pour acquérir du matériel d'authentification, en mettant l'accent sur les services publics basés sur le cloud. » ]]> 2024-05-01T23:25:26+00:00 https://www.techworm.net/2024/05/malware-target-router-steal-password.html www.secnews.physaphae.fr/article.php?IdArticle=8491968 False Malware,Threat,Cloud,Technical APT 32 4.0000000000000000 Palo Alto Network - Site Constructeur Michael Sikorski, who leads Threat Intelligence and Engineering, shares predictions on AI\'s near and long-term implications for cyberattacks and defense. ]]> 2024-05-01T21:59:02+00:00 https://www.paloaltonetworks.com/blog/2024/05/ais-offensive-defensive-impacts/ www.secnews.physaphae.fr/article.php?IdArticle=8492047 False Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-05-01T20:56:45+00:00 https://community.riskiq.com/article/e27d7355 www.secnews.physaphae.fr/article.php?IdArticle=8492041 False Ransomware,Malware,Tool,Threat None 2.0000000000000000 Techworm - News 2024-05-01T20:17:03+00:00 https://www.techworm.net/2024/05/google-bounty-rce-bugs-android-apps.html www.secnews.physaphae.fr/article.php?IdArticle=8491889 False Malware,Vulnerability,Threat,Mobile,Cloud None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-05-01T19:46:49+00:00 https://community.riskiq.com/article/ddb0878a www.secnews.physaphae.fr/article.php?IdArticle=8492016 False Tool,Vulnerability,Threat,Studies,Mobile,Technical None 3.0000000000000000