This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-19T02:36:28+00:00 www.secnews.physaphae.fr Korben - Bloger francais 2024-05-17T22:18:40+00:00 https://korben.info/ia-raisonne-humain-mit-lilo-ada-lga.html www.secnews.physaphae.fr/article.php?IdArticle=8501930 False Tool None None RiskIQ - cyber risk firms (now microsoft) 2024-05-17T19:54:33+00:00 https://community.riskiq.com/article/ce0bf000 www.secnews.physaphae.fr/article.php?IdArticle=8501845 False Ransomware,Tool,Threat None None RiskIQ - cyber risk firms (now microsoft) 2024-05-17T19:11:34+00:00 https://community.riskiq.com/article/86a682a8 www.secnews.physaphae.fr/article.php?IdArticle=8501846 False Malware,Tool,Threat,Technical None None Korben - Bloger francais Suite]]> 2024-05-17T08:00:00+00:00 https://korben.info/surfshark-one-chien-de-garde.html www.secnews.physaphae.fr/article.php?IdArticle=8501502 False Tool None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-05-16T19:51:14+00:00 https://community.riskiq.com/article/95ff5bf6 www.secnews.physaphae.fr/article.php?IdArticle=8501182 True Ransomware,Spam,Malware,Tool,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch When abused by threat actors with sophisticated social-engineering chops, remote-access tools demand that enterprises remain sharp in both defense strategy and employee-awareness training.]]> 2024-05-16T13:31:01+00:00 https://www.darkreading.com/threat-intelligence/windows-quick-assist-anchors-black-basta-ransomware www.secnews.physaphae.fr/article.php?IdArticle=8500971 False Ransomware,Tool,Threat None 2.0000000000000000 ProofPoint - Cyber Firms 2024-05-16T12:03:39+00:00 https://www.proofpoint.com/us/blog/threat-insight/security-brief-artificial-sweetener-sugargh0st-rat-used-target-american www.secnews.physaphae.fr/article.php?IdArticle=8500792 False Malware,Tool,Vulnerability,Threat None 3.0000000000000000 Sekoia - Cyber Firms Le marché des services de sécurité gérés fleurit.Statista déclare qu'il est prévu d'atteindre 65,53 milliards de dollars américains en 2028. Bien que ces prévisions semblent prometteuses, les MSSP sont toujours en concurrence et recherchent les bons outils pour gérer plusieurs clients et améliorer leurs offres.Avec la plate-forme multi-locataire Sekoia SOC, les MSSP peuvent centraliser la gestion, s'intégrer à n'importe quelle infrastructure et [& # 8230;] la publication Suivante comment responsabiliserL'activité MSSP avec la plate-forme SoC Sekoia? est un article de blog Sekoia.io .

---

>The managed security service market is blooming. Statista states it’s projected to reach 65.53 billion U.S. dollars in 2028. Although this forecast looks promising, MSSPs still compete and seek the right tools to manage multiple clients and enhance their offerings. With the multi-tenant Sekoia SOC platform, MSSPs can centralize management, integrate with any infrastructure, and […] La publication suivante How to ​​empower the MSSP business with the Sekoia SOC platform? est un article de Sekoia.io Blog.]]> 2024-05-16T09:35:21+00:00 https://blog.sekoia.io/how-to-empower-the-mssp-business-with-the-sekoia-soc-platform/ www.secnews.physaphae.fr/article.php?IdArticle=8500827 False Tool None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Microsoft Threat Intelligence team said it has observed a threat it tracks under the name Storm-1811 abusing the client management tool Quick Assist to target users in social engineering attacks. "Storm-1811 is a financially motivated cybercriminal group known to deploy Black Basta ransomware," the company said in a report published on May 15, 2024. The]]> 2024-05-16T08:46:00+00:00 https://thehackernews.com/2024/05/cybercriminals-exploiting-microsofts.html www.secnews.physaphae.fr/article.php?IdArticle=8500658 False Ransomware,Tool,Threat None 2.0000000000000000 Korben - Bloger francais 2024-05-16T07:00:00+00:00 https://korben.info/planka-solution-open-source-elegante-suivi-projet.html www.secnews.physaphae.fr/article.php?IdArticle=8500765 False Tool None 3.0000000000000000 AhnLab - Korean Security Firm Ahnlab Security Intelligence Center (ASEC) a récemment découvert les attaquants de Vipersoftx utilisant Tesseract pour exfiltrat les utilisateurs & # 8217;Fichiers d'image.Vipersoftx est une souche malveillante responsable de la résidence sur les systèmes infectés et de l'exécution des attaquants & # 8217;commandes ou voler des informations liées à la crypto-monnaie.Le logiciel malveillant nouvellement découvert cette fois utilise le moteur OCR open-source Tesseract.Tesseract extrait des textes d'images utilisant des techniques d'apprentissage en profondeur.Le malware utilisé dans l'attaque lit les images stockées sur les systèmes infectés et extrait les chaînes à l'aide de l'outil Tesseract.Si le ...

---

AhnLab SEcurity intelligence Center (ASEC) has recently discovered ViperSoftX attackers using Tesseract to exfiltrate users’ image files. ViperSoftX is a malware strain responsible for residing on infected systems and executing the attackers’ commands or stealing cryptocurrency-related information. The malware newly discovered this time utilizes the open-source OCR engine Tesseract. Tesseract extracts texts from images using deep learning techniques. The malware used in the attack reads images stored on the infected systems and extracts strings using the Tesseract tool. If the... ]]> 2024-05-16T01:02:40+00:00 https://asec.ahnlab.com/en/65426/ www.secnews.physaphae.fr/article.php?IdArticle=8500578 False Malware,Tool None 3.0000000000000000 TrendLabs Security - Editeur Antivirus This report describes how Waterbear and Deuterbear - two of the tools in Earth Hundun\'s arsenal - operate, based on a campaign from 2024.]]> 2024-05-16T00:00:00+00:00 https://www.trendmicro.com/en_us/research/24/e/earth-hundun-2.html www.secnews.physaphae.fr/article.php?IdArticle=8500735 False Tool None 3.0000000000000000 Techworm - News Alors que le FBI passe par les données backend, les internautes peuvent contacter l'agence s'ils ont des informations sur l'activité cybercriminale sur BreachForums. Le FBI a réussi la crise avec l'aide du ministère de la Justice et des partenaires internationaux. Site Web de BreachForums saisi Le site Web indique que le FBI a désormais un contrôle sur les données backend de site Web.Cela signifie que le bureau d'enquête a accès à toutes les transactions effectuées via le forum de piratage. Le site Web de BreachForum affiche désormais des logos de plusieurs organismes d'application de la loi, notamment le DOJ, la police néo-zélandaise, la police fédérale australienne, l'agence nationale de crime, etc. Il a également utilisé la photo de profil du site Web de deux administrateurs, Baphomet et Shinyhunters, pour faire allusion au fait qu'ils seront bientôt derrière les barreaux. Le FBI a également eu accès au canal télégramme, et le message de saisie est envoyé à partir du compte de l'administration. La page d'enquête du FBI contient également un formulaire de contact que les victimes peuvent utiliser. L'agence d'application de la loi a également demandé aux internautes de fournir des informations pour aider l'enquête contre BreachForums V2, BreachForums v1 ou RaidForums. sur BreachForums ]]> 2024-05-15T22:36:39+00:00 https://www.techworm.net/2024/05/fbi-seizes-breachforums-europol-data-breach.html www.secnews.physaphae.fr/article.php?IdArticle=8500353 False Tool,Legislation None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-05-15T20:41:19+00:00 https://community.riskiq.com/article/4782de66 www.secnews.physaphae.fr/article.php?IdArticle=8500488 False Ransomware,Malware,Tool,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-05-15T20:23:43+00:00 https://community.riskiq.com/article/6c0c8997 www.secnews.physaphae.fr/article.php?IdArticle=8500489 False Malware,Tool,Threat,Prediction None 3.0000000000000000 Wired Threat Level - Security News Google is introducing new AI-powered safety tools in Android 15 that can lock down your phone if thieves nab it.]]> 2024-05-15T17:00:00+00:00 https://www.wired.com/story/android-15-theft-detection-lock/ www.secnews.physaphae.fr/article.php?IdArticle=8500324 False Tool,Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) While cloud adoption has been top of mind for many IT professionals for nearly a decade, it\'s only in recent months, with industry changes and announcements from key players, that many recognize the time to make the move is now. It may feel like a daunting task, but tools exist to help you move your virtual machines (VMs) to a public cloud provider – like Microsoft Azure]]> 2024-05-15T16:25:00+00:00 https://thehackernews.com/2024/05/its-time-to-master-lift-shift-migrating.html www.secnews.physaphae.fr/article.php?IdArticle=8500129 False Tool,Cloud None 3.0000000000000000 Global Security Mag - Site de news francais Investigations]]> 2024-05-15T14:57:21+00:00 https://www.globalsecuritymag.fr/etude-cisco-les-developpeurs-passent-plus-de-temps-a-lutter-contre-les.html www.secnews.physaphae.fr/article.php?IdArticle=8500264 False Tool None 3.0000000000000000 Korben - Bloger francais 2024-05-15T14:17:14+00:00 https://korben.info/project-idx-ide-nouvelle-generation-google-beta-publique.html www.secnews.physaphae.fr/article.php?IdArticle=8500296 False Tool None 3.0000000000000000 GoogleSec - Firm Security Blog theft protection features to help keep your device and data safe in the case of theft, we\'re also focusing increasingly on providing additional protections against mobile financial fraud and scams. Today, we\'re announcing more new fraud and scam protection features coming in Android 15 and Google Play services updates later this year to help better protect users around the world. We\'re also sharing new tools and policies to help developers build safer apps and keep their users safe. Google Play Protect live threat detection Google Play Protect now scans 200 billion Android apps daily, helping keep more than 3 billion users safe from malware. We are expanding Play Protect\'s on-device AI capabilities with Google Play Protect live threat detection to improve fraud and abuse detection against apps that try to cloak their actions. With live threat detection, Google Play Protect\'s on-device AI will analyze additional behavioral signals related to the use of sensitive permissions and interactions with other apps and services. If suspicious behavior is discovered, Google Play Protect can send the app to Google for additional review and then warn users or disable the app if malicious behavior is confirmed. The detection of suspicious behavior is done on device in a privacy preserving way through Private Compute Core, which allows us to protect users without collecting data. Google Pixel, Honor, Lenovo, Nothing, OnePlus, Oppo, Sharp, Transsion, and other manufacturers are deploying live threat detection later this year. Stronger protections against fraud and scams We\'re also bringing additional protections to fight fraud and scams in Android 15 with two key enhancements to safeguard your information and privacy from bad apps: Protecting One-time Passwords from Malware: With the exception of a few types of apps, such as wearable companion apps, one-time passwords are now hidden from notifications, closing a common attack vector for fraud and spyware. Expanded Restricted Settings: To help protect more sensitive permissions that are commonly abused by fraudsters, we\'re expanding Android 13\'s restricted settings, which require additional user approval to enable permissions when installing an app from an Internet-sideloading source (web browsers, messaging apps or file managers). We are continuing to develop new, AI-powered protections,]]> 2024-05-15T12:59:21+00:00 http://security.googleblog.com/2024/05/io-2024-whats-new-in-android-security.html www.secnews.physaphae.fr/article.php?IdArticle=8500367 False Malware,Tool,Threat,Mobile,Cloud None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Google DeepMind\'s SynthID can now be used to watermark AI-generated images, audio, text and video]]> 2024-05-15T12:00:00+00:00 https://www.infosecurity-magazine.com/news/google-synthid-ai-text/ www.secnews.physaphae.fr/article.php?IdArticle=8500170 False Tool None 2.0000000000000000 ProofPoint - Cyber Firms 2024-05-15T06:00:25+00:00 https://www.proofpoint.com/us/blog/security-awareness-training/why-nudge-theory-alone-wont-save-cybersecurity www.secnews.physaphae.fr/article.php?IdArticle=8500260 False Malware,Tool None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot The joint Cybersecurity Advisory (CSA) released by the FBI, CISA, HHS, and MS-ISAC provides detailed information on the Black Basta ransomware variant, a ransomware-as-a-service (RaaS) that has targeted critical infrastructure sectors, including healthcare. ## Description Black Basta affiliates gain initial access through techniques such as phishing, exploiting vulnerabilities, and abusing valid credentials. Once inside the victim\'s network, they employ a double-extortion model, encrypting systems and exfiltrating data. The threat actors use various tools for network scanning, reconnaissance, lateral movement, privilege escalation, exfiltration, and encryption, including SoftPerfect network scanner, BITSAdmin, PsExec, RClone, and Mimikatz. The Black Basta ransomware variant, operating as a RaaS, has impacted over 500 organizations globally as of May 2024, primarily gaining initial access through spearphishing, exploiting known vulnerabilities, and abusing valid credentials. The ransom notes do not generally include an initial ransom demand or payment instructions, but instead provide victims with a unique code and instruct them to contact the ransomware group via a .onion URL reachable through the Tor browser. The advisory urges critical infrastructure organizations, especially those in the Healthcare and Public Health (HPH) Sector, to apply recommended mitigations to reduce the likelihood of compromise from Black Basta and other ransomware attacks, and victims of ransomware are encouraged to report the incident to their local FBI field office or CISA. ## References ["#StopRansomware: Black Basta"](https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-131a) CISA. (Accessed 2024-05-13)]]> 2024-05-14T20:40:25+00:00 https://community.riskiq.com/article/f32fd613 www.secnews.physaphae.fr/article.php?IdArticle=8499814 False Ransomware,Tool,Vulnerability,Threat,Medical None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-05-14T20:34:29+00:00 https://community.riskiq.com/article/5b5aaff4 www.secnews.physaphae.fr/article.php?IdArticle=8499815 False Ransomware,Spam,Malware,Tool,Vulnerability,Threat None 3.0000000000000000 Wired Threat Level - Security News It was AI all day at Google\'s developer keynote. The company showed off new AI-powered chatbot tools, new search capabilities, and a bunch of machine intelligence upgrades for Android.]]> 2024-05-14T20:33:27+00:00 https://www.wired.com/story/everything-google-announced-at-io-2024/ www.secnews.physaphae.fr/article.php?IdArticle=8499794 False Tool,Mobile None 3.0000000000000000 Veracode - Application Security Research, News, and Education Blog The Role of DAST in Modern DevSecOps Practices In the swiftly evolving landscape of AI-driven software development, DevSecOps helps strengthen application security and quality. Dynamic Application Security Testing (DAST) is a key tool that helps scale your DevSecOps program by facilitating continuous and accurate security tests on running applications. DAST simulates real-world attacks, enabling you to identify security weaknesses and evaluate your application\'s defenses in response to actual attacks. Let\'s explore some actionable best practices to leverage DAST effectively and strengthen your DevSecOps initiatives. Seamless Integration into CI/CD Pipelines Incorporating DAST scans right into your continuous integration and delivery (CI/CD) pipelines helps detect runtime vulnerabilities earlier in your development process. This integration allows for automatic security testing, with every code update, giving developers immediate feedback. Catching vulnerabilities early means less…]]> 2024-05-14T13:58:40+00:00 https://www.veracode.com/blog/secure-development/scaling-devsecops-dynamic-application-security-testing-dast www.secnews.physaphae.fr/article.php?IdArticle=8499782 False Tool,Vulnerability None 2.0000000000000000 Checkpoint - Fabricant Materiel Securite Vulnérabilité accrue: la recherche sur les points de contrôle a identifié un modèle de comportement inhabituel impliquant l'exploitation du PDF, ciblant principalement les utilisateurs du lecteur Foxit PDF.Cet exploit déclenche des avertissements de sécurité qui pourraient tromper les utilisateurs sans méfiance dans l'exécution de commandes nuisibles, exploitant la psychologie humaine pour manipuler les utilisateurs pour donner accidentellement accès à des informations sensibles à l'e-crime à l'espionnage: la recherche sur le point de contrôle a observé des variantes de cet exploit étant activement utilisées dans la nature,Levier par divers acteurs de menace pour le crime électronique à l'espionnage et a étudié trois fichiers PDF dans les cas en profondeur sont devenus une partie intégrante de la communication numérique moderne.Les PDF ont évolué en un format standard pour [& # 8230;]

---

>Heightened vulnerability: Check Point Research has identified an unusual pattern of behavior involving PDF exploitation, mainly targeting users of Foxit PDF Reader. This exploit triggers security warnings that could deceive unsuspecting users into executing harmful commands, exploiting human psychology to manipulate users into accidentally providing access to sensitive information E-Crime to Espionage: Check Point Research has observed variants of this exploit being actively utilized in the wild, leveraged by various threat actors for e-crime to espionage and investigated three in depth-cases PDF files have become an integral part of modern digital communication. PDFs have evolved into a standard format for […] ]]> 2024-05-14T13:00:47+00:00 https://blog.checkpoint.com/research/foxit-pdf-reader-flawed-design-hidden-dangers-lurking-in-common-tools/ www.secnews.physaphae.fr/article.php?IdArticle=8499565 False Tool,Vulnerability,Threat None 3.0000000000000000 Silicon - Site de News Francais 2024-05-14T11:09:32+00:00 https://www.silicon.fr/avis-expert/le-mssp-ad-un-formidable-outil-pour-securiser-son-active-directory-efficacement www.secnews.physaphae.fr/article.php?IdArticle=8499508 False Tool None 3.0000000000000000 Korben - Bloger francais 2024-05-14T11:00:00+00:00 https://korben.info/rooms-cree-des-mondes-3d-etonnants-gratuitement.html www.secnews.physaphae.fr/article.php?IdArticle=8499505 False Tool None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Global unrest, emerging technologies, and economic downturn all contribute to persistently high cybercrime rates and a dire need for organizations of all types to improve their security posture. There are standard ways of achieving a solid security posture that most of us will already be aware of: awareness training, regular patch management, and robust authentication methods are some examples. But in the face of increasingly frequent and sophisticated attacks, many traditional security methods are fast becoming inadequate. But this fact is no reason to panic. Tools and technologies are available that stand as a bulwark against an onslaught of both internal and external threats. The most important of these is Data Detection and Response (DDR). Please keep reading to learn more about DDR, how it can bolster your security posture, and what threats it can mitigate. What is Data Detection and Response? Data Detection and Response (DDR) is a cybersecurity solution that identifies and responds to security incidents within an organization’s IT environment. These solutions monitor data and user activity around the clock to identify and mitigate potential threats that have already penetrated the network. How Can Data Detection and Response Bolster Your Security Posture? Preventing data exfiltration is DDR’s most important function and can go a long way to bolstering your security posture. By classifying data based on its content and lineage, DDR solutions build a picture of an organization’s enterprise environment, identify the data most at risk, and establish what constitutes normal behavior. The solution can identify and act on any anomalous behavior by doing so. For example, an employee attempting to download sensitive financial information to their personal account would be deemed anomalous behavior, and the solution would either notify the security team or act to prevent the exfiltration, depending on how sophisticated the solution is. But it’s worth looking a little deeper at what we mean by classifying data: Lineage - Data lineage refers to the historical record of data as it moves through various stages of its lifecycle, including its origins, transformations, and destinations. It tracks data flow from its source systems to its consumption points, providing insights into how data is created, manipulated, and used within an organization. Content - Data classification by content involves categorizing data based on its inherent characteristics, attributes, and meaning within a specific business context or domain. It considers data type, sensitivity, importance, and relevance to business processes or analytical requirements. This distinction is important because some DDR solutions only classify data by content, which can result in false positives. To expand upon the previous example, a DDR solution classifying data by content alone would only know that an employee was trying to download a spreadsheet full of numbers, not that the spreadsheet contained financial data; this means that even if the spreadsheet contained personal, non-sensitive data, the solution would flag this to security team]]> 2024-05-14T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/how-ddr-can-bolster-your-security-posture www.secnews.physaphae.fr/article.php?IdArticle=8499447 False Ransomware,Malware,Tool,Vulnerability,Threat None 3.0000000000000000 Silicon - Site de News Francais 2024-05-14T09:09:52+00:00 https://www.silicon.fr/avis-expert/de-lusage-vertueux-de-lia-les-10-atouts-essentiels-des-outils-de-securite-bases-sur-lia www.secnews.physaphae.fr/article.php?IdArticle=8499444 False Tool None 2.0000000000000000 ProofPoint - Cyber Firms 2024-05-14T06:00:46+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/impersonation-attacks-target-supply-chain www.secnews.physaphae.fr/article.php?IdArticle=8499611 False Ransomware,Data Breach,Tool,Vulnerability,Threat ChatGPT 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-05-13T13:30:14+00:00 https://community.riskiq.com/article/fd207107 www.secnews.physaphae.fr/article.php?IdArticle=8498946 False Spam,Malware,Tool,Vulnerability,Threat,Cloud APT 42 2.0000000000000000 The State of Security - Magazine Américain It\'s the fifth requirement in CIS Control 1 : Use a passive asset discovery tool. Sounds simple enough. But what does it mean? And what, specifically, makes it so important that it became one of the first five requirements of the widely applied CIS Controls used by so many organizations to establish their most basic levels of cyber hygiene? The usefulness of passive asset discovery and the importance of finding the right passive asset discovery tool are the subjects of today\'s blog. What Is Asset Discovery? Asset discovery is the ability to provide visibility of all devices located within an...]]> 2024-05-13T04:31:34+00:00 https://www.tripwire.com/state-of-security/what-passive-asset-discovery www.secnews.physaphae.fr/article.php?IdArticle=8498817 False Tool None 3.0000000000000000 Korben - Bloger francais 2024-05-12T19:34:31+00:00 https://korben.info/codefont-trouver-police-parfaite-editeur-code.html www.secnews.physaphae.fr/article.php?IdArticle=8498514 False Tool,Legislation None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot The North Korean hacking group Kimsuky has been observed using sophisticated methods to conduct espionage activities, including the exploitation of social media platforms and system management tools.  **Microsoft tracks Kimsuky as Emerald Sleet. [Read more about Emerald Sleet here.](https://security.microsoft.com/intel-profiles/f1e214422dcaf4fb337dc703ee4ed596d8ae16f942f442b895752ad9f41dd58e)** ## Description The group has been using fake Facebook profiles to target individuals involved in North Korean human rights and security affairs, engaging with potential targets through friend requests and personal messages. This social engineering tactic is designed to build trust and lure the targets into a trap, eventually leading to the sharing of malicious links or documents. Additionally, Kimsuky has adopted Microsoft Management Console (MMC) files, disguised as innocuous documents, to execute malicious commands on victims\' systems. Once opened, these files can potentially allow the attackers to gain control over the system or exfiltrate sensitive information, ultimately establishing a command and control (C2) channel to manage the compromised systems remotely. The use of social media platforms like Facebook for initial contact and the deployment of system management tools for executing attacks represents a significant escalation in cyber threat tactics. These methods indicate a shift towards more stealthy and socially engineered attacks that can bypass conventional security measures. The recent activities of the Kimsuky group underscore the continuous evolution of cyber threat actors and the need for robust cyb]]> 2024-05-10T19:33:41+00:00 https://community.riskiq.com/article/6e7f4a30 www.secnews.physaphae.fr/article.php?IdArticle=8497417 False Tool,Threat None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Artificial intelligence (AI) is transforming cybersecurity, and those leading the charge are using it to outsmart increasingly advanced cyber threats. Join us for an exciting webinar, "The Future of Threat Hunting is Powered by Generative AI," where you\'ll explore how AI tools are shaping the future of cybersecurity defenses. During the session, Censys Security Researcher Aidan Holland will]]> 2024-05-10T18:22:00+00:00 https://thehackernews.com/2024/05/censysgpt-ai-powered-threat-hunting-for.html www.secnews.physaphae.fr/article.php?IdArticle=8497223 False Tool,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch In a field thick with cybersecurity startups showing off how they use AI and LLMs, Reality Defender stood out for its tool for detecting and labeling deepfakes and other artificial content.]]> 2024-05-10T18:10:30+00:00 https://www.darkreading.com/cyber-risk/reality-defender-wins-rsac-innovation-sandbox www.secnews.physaphae.fr/article.php?IdArticle=8497372 False Tool None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot SocGholish (also known as FakeUpdates), a malware known for its stealth and the intricacy of its delivery mechanisms, is targeting enterprises with deceptive browser update prompts. ## Description As reported by eSentire, compromised legitimate websites serve as the infection vector, where malicious JavaScript code is injected to prompt users to download browser updates. The downloaded files contain SocGholish malware, initiating the infection process upon execution.  The script employs various techniques to avoid detection and evade analysis. First, it checks if the browser is being controlled by automation tools and terminates execution if detected. Subsequently, it scrutinizes if the browser window has undergone significant manipulation to determine if the environment is being monitored. Additionally, it inspects for specific WordPress cookies to halt further actions if the user is logged into a WordPress site. If none of these conditions apply, it establishes a mouse movement event listener, tr]]> 2024-05-10T16:50:08+00:00 https://community.riskiq.com/article/c5bf96a0 www.secnews.physaphae.fr/article.php?IdArticle=8497333 False Malware,Tool,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot Researchers at Zscaler have published a report about the evolution of HijackLoader, a malware loader, and its new evasion tactics. ## Description HijackLoader, also known as IDAT Loader, emerged in 2023 as a malware loader equipped with versatile modules for injecting and executing code. HijackLoader has modular architecture, an attribute that sets it apart from typical loaders.  Zscaler researchers analyzed a new HijackLoader variant that features upgraded evasion techniques. These enhancements aim to aid in the malware\'s stealth, prolonging its ability to evade detection. The latest version of HijackLoader introduces modules to bypass Windows Defender Antivirus, circumvent User Account Control (UAC), evade inline API hooking commonly used by security tools, and utilize process hollowing. HijackLoader\'s delivery mechanism involves utilizing a PNG image, decrypted and parsed to load the subsequent stage of the attack. HijackLoader has been observed serving as a delivery mechinism for various malware families, including Amadey, [Lumma Stealer](https://sip.security.microsoft.com/intel-profiles/33933578825488511c30b0728dd3c4f8b5ca20e41c285a56f796eb39f57531ad), Racoon Stealer v2, and Remcos RAT. ## Detections Microsoft Defender Antivirus detects threat components as the following malware: - [Trojan:Win32/HijackLoader](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win32/HijackLoader.AHJ!MTB&threatId=-2147058662) ## References [HijackLoader Updates](https://www.zscaler.com/blogs/security-research/hijackloader-updates). Zscaler (accessed 2024-05-09)]]> 2024-05-09T16:11:06+00:00 https://community.riskiq.com/article/8c997d7c www.secnews.physaphae.fr/article.php?IdArticle=8496698 False Malware,Tool,Threat None 3.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain Nouveau rapport Sur la façon dont les criminels utilisent des outils d'IA génératifs: Takeways clés: Les taux d'adoption des technologies de l'IA parmi les criminels sont à la traîne des taux de leurs homologues de l'industrie en raison de la nature évolutive de la cybercriminalité. Par rapport à l'année dernière, les criminels semblent avoir abandonné toute tentative de formation de vrais modèles criminels de grande langue (LLM).Au lieu de cela, ce sont des jailbreuses existantes. Nous voyons enfin l'émergence de véritables services criminels Deepfake, certains contournant la vérification des utilisateurs utilisés dans les services financiers.

---

There’s a new report on how criminals are using generative AI tools: Key Takeaways: Adoption rates of AI technologies among criminals lag behind the rates of their industry counterparts because of the evolving nature of cybercrime. Compared to last year, criminals seem to have abandoned any attempt at training real criminal large language models (LLMs). Instead, they are jailbreaking existing ones. We are finally seeing the emergence of actual criminal deepfake services, with some bypassing user verification used in financial services. ]]> 2024-05-09T16:05:57+00:00 https://www.schneier.com/blog/archives/2024/05/how-criminals-are-using-generative-ai.html www.secnews.physaphae.fr/article.php?IdArticle=8496641 False Tool None 3.0000000000000000 Checkpoint - Fabricant Materiel Securite Les chercheurs ont récemment identifié un pic dans les attaques AndroxGH0st, un Troie qui cible les plates-formes Windows, Mac et Linux, qui l'ont vu sauter directement à la deuxième place de la liste des logiciels malveillants.Pendant ce temps, Lockbit3 reste étroitement le premier groupe de ransomwares, malgré une réduction de sa prévalence, notre dernier indice de menace mondial pour avril 2024 SAW, les chercheurs ont révélé une augmentation significative de l'utilisation des attaques AndroxGH0st, le malware étant utilisé comme un outil pour voler des informations sensibles à l'aidebotnets.Parallèlement, Lockbit3 est resté le groupe de ransomware le plus répandu en avril, malgré une baisse de 55% de son taux de détection depuis le début [& # 8230;]

---

>Researchers recently identified a spike in Androxgh0st attacks, a Trojan that targets Windows, Mac and Linux platforms, which saw it jump straight into second place in the top malware list. Meanwhile, LockBit3 narrowly remains the top ransomware group, despite a reduction in its prevalence Our latest Global Threat Index for April 2024 saw researchers revealed a significant increase in the use of Androxgh0st attacks, with the malware being used as a tool for stealing sensitive information using botnets. Meanwhile, LockBit3 remained the most prevalent ransomware group in April, despite a 55% drop in its rate of detection since the beginning […] ]]> 2024-05-09T13:00:21+00:00 https://blog.checkpoint.com/security/april-2024s-most-wanted-malware-surge-in-androxgh0st-attacks-and-the-decline-of-lockbit3/ www.secnews.physaphae.fr/article.php?IdArticle=8496582 False Ransomware,Malware,Tool,Threat None 3.0000000000000000 ProofPoint - Cyber Firms 2024-05-09T06:00:11+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/tycoon-2fa-phishing-kit-mfa-bypass www.secnews.physaphae.fr/article.php?IdArticle=8496584 False Tool,Threat,Prediction,Cloud None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-05-09T00:49:06+00:00 https://community.riskiq.com/article/1f1ae96f www.secnews.physaphae.fr/article.php?IdArticle=8496261 False Ransomware,Malware,Tool,Threat,Prediction,Cloud None 3.0000000000000000 HackRead - Chercher Cyber Par cybernewswire Philadelphie, Pennsylvanie, 8 mai 2024, CyberNewswire Security Risk Advisors (SRA) annonce le lancement de leur sélection de détection OT / XIOT & # 8230; Ceci est un article de HackRead.com Lire la publication originale: L'atelier gratuit des conseillers à risque de sécurité permet aux organisations de sélectionner des outils de sécurité OT optimaux

---

>By cybernewswire Philadelphia, Pennsylvania, May 8th, 2024, CyberNewsWire Security Risk Advisors (SRA) announces the launch of their OT/XIoT Detection Selection… This is a post from HackRead.com Read the original post: Free Workshop from Security Risk Advisors Empowers Organizations to Select Optimal OT Security Tools]]> 2024-05-08T14:23:13+00:00 https://www.hackread.com/free-workshop-from-security-risk-advisors-empowers-organizations-to-select-optimal-ot-security-tools/ www.secnews.physaphae.fr/article.php?IdArticle=8495966 False Tool,Industrial None 3.0000000000000000 ProofPoint - Firm Security 2024-05-08T11:45:22+00:00 https://www.proofpoint.com/us/newsroom/news/10-hot-ai-cybersecurity-tools-rsac-2024 www.secnews.physaphae.fr/article.php?IdArticle=8499254 False Tool None 2.0000000000000000 Korben - Bloger francais 2024-05-08T07:00:00+00:00 https://korben.info/augmentez-creativite-productivite-avec-ia.html www.secnews.physaphae.fr/article.php?IdArticle=8495786 False Tool None 4.0000000000000000 ProofPoint - Cyber Firms 2024-05-08T06:00:27+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/spoofed-email-greater-impersonation-risk www.secnews.physaphae.fr/article.php?IdArticle=8495932 False Ransomware,Malware,Tool,Threat,Cloud None 3.0000000000000000 AhnLab - Korean Security Firm Ahnlab Security Intelligence Center (ASEC) a découvert des preuves d'une souche malveillante distribuée aux serveurs Web au sudLa Corée, conduisant les utilisateurs à un site de jeu illégal.Après avoir initialement infiltré un serveur Web Windows Information (IIS) des services d'information sur Internet (IIS) mal gérés en Corée, l'acteur de menace a installé la porte arrière de METERPRETRER, un outil de transfert de port et un outil de logiciel malveillant du module IIS.Ils ont ensuite utilisé ProCDump pour exfiltrater les informations d'identification du compte du serveur.Les modules IIS prennent en charge les fonctionnalités d'extension des serveurs Web tels que ...

---

AhnLab SEcurity intelligence Center (ASEC) has discovered evidence of a malware strain being distributed to web servers in South Korea, leading users to an illegal gambling site. After initially infiltrating a poorly managed Windows Internet Information Services (IIS) web server in Korea, the threat actor installed the Meterpreter backdoor, a port forwarding tool, and an IIS module malware tool. They then used ProcDump to exfiltrate account credentials from the server. IIS modules support expansion features of web servers such as... ]]> 2024-05-08T00:59:58+00:00 https://asec.ahnlab.com/en/65131/ www.secnews.physaphae.fr/article.php?IdArticle=8495572 False Malware,Tool,Threat None 2.0000000000000000 WatchGuard - Fabricant Matériel et Logiciels 2024-05-08T00:00:00+00:00 https://www.watchguard.com/fr/wgrd-news/press-releases/les-produits-de-cybersecurite-watchguard-obtiennent-9-top-rated-awards www.secnews.physaphae.fr/article.php?IdArticle=8499593 False Tool,Threat None 3.0000000000000000 Team Cymru - Equipe de Threat Intelligence User-friendly threat intelligence tool for IP and domain analysis If you are a SOC Analyst or Team Manager and are used to alert fatigue...]]> 2024-05-07T14:51:31+00:00 https://www.team-cymru.com/post/enhancing-soc-security-introducing-pure-signal-scout-insight www.secnews.physaphae.fr/article.php?IdArticle=8495275 False Tool,Threat None 3.0000000000000000 ProofPoint - Cyber Firms 2024-05-07T13:42:04+00:00 https://www.proofpoint.com/us/blog/security-awareness-training/qr-code-phishing-simulation www.secnews.physaphae.fr/article.php?IdArticle=8495238 False Tool,Vulnerability,Threat None 2.0000000000000000 Techworm - News identifié un nouveau spyware-cum-infostealer qui cible les macs Intel et ARM. Ils ont nommé les logiciels espions & # 8220; coucou & # 8221;Parce qu'il infecte le système hôte et vole ses ressources, un peu comme l'oiseau. Qu'est-ce que le déguisement des logiciels espions de Cuckoo s? Coucou se déguise en binaire mach-o, un format exécutable conçu pour les systèmes Apple. Les chercheurs de Kandji ont commencé par un fichier nommé dumpmediaspotifymusicconverter , également appelé & # 8220; upd & # 8221;téléchargé sur virus total. Il suit et enregistre les données de iCloud Keychain, Apple Notes, Browsers Web et Crypto Wallet. Même des applications comme Discord, Filezilla, Steam et Telegram sont sa cible.Les chercheurs de Kandji notent que le logiciel espion mue le son du système pour capturer des captures d'écran. Il lance également l'application pour couvrir ses pistes et agir comme si rien ne s'était passé. En recherchant le Web, ils ont constaté qu'il était hébergé sur un site Web qui offrait des applications à convertir la musique des services de streaming à mp3. Les sites Web suspects proposent des versions gratuites et payantes d'applications pour déchirer la musique des services de streaming et pour iOS et Android Recovery.Voici quelques-uns d'entre eux: Dumpmedia [.] com TUNESOLO [.] com Fonedog [.] com TUNESFUN [.] com Tunefab [.] com Tous les groupes d'applications sur ces sites ont un ID de développeur de la technologie Yian Shenzhen Co., Ltd (VRBJ4VRP).Applications d'applications sur FonEdog ont une identification différente: Fonedog Technology Limited (Cuau2GTG98). Après avoir téléchargé une application Spotify vers MP3, ils ont ouvert le fichier image de disque et ont été surpris de trouver la même & # 8220; UPD & # 8221;fichier avec l'application réelle. Le binaire malveillant n'a pas fonctionné parce que Gatekeeper l'a bloqué.Après avoir accordé une autorisation manuelle, l'application a vérifié le lieu pour déterminer le pays de l'utilisateur. . Étonnamment, CUCUS WA LE REAGNER SI LE SYSTÈME appartient à l'un des pays suivants: Arménie Bélarus Kazakhstan Russie Ukraine CUCUS veut tout savoir this Spyware est conçu pour capturer autant d'informations que possible et l'envoyer au serveur de commande et de contrôle. CUCUS peut déterminer vos informations matérielles exactes, obtenir la liste des applications installées et capturer les processus en cours d'exécution. La recherche d'outils pour extraire l'audio ou la vidéo d'un service de streaming au MP3 ou à tout autre format souhaité est courant, et les attaquants voulaient capitaliser sur cet intérêt. Évitez de télécharger des applications à partir de sites indignes de confiance vers ]]> 2024-05-07T12:53:29+00:00 https://www.techworm.net/2024/05/intel-arm-mac-users-cuckoo-spyware.html www.secnews.physaphae.fr/article.php?IdArticle=8495088 False Tool,Mobile None 3.0000000000000000 Korben - Bloger francais 2024-05-06T21:03:51+00:00 https://korben.info/tunnelvision-faille-vpn-fuites-donnees.html www.secnews.physaphae.fr/article.php?IdArticle=8494830 False Tool,Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) More than 50% of the 90,310 hosts have been found exposing a Tinyproxy service on the internet that\'s vulnerable to a critical unpatched security flaw in the HTTP/HTTPS proxy tool. The issue, tracked as CVE-2023-49606, carries a CVSS score of 9.8 out of a maximum of 10, per Cisco Talos, which described it as a use-after-free bug impacting versions 1.10.0 and 1.11.1, which is the]]> 2024-05-06T19:30:00+00:00 https://thehackernews.com/2024/05/critical-tinyproxy-flaw-opens-over.html www.secnews.physaphae.fr/article.php?IdArticle=8494660 False Tool None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-05-06T16:26:54+00:00 https://community.riskiq.com/article/157eab98 www.secnews.physaphae.fr/article.php?IdArticle=8494726 False Ransomware,Malware,Tool,Vulnerability,Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine An IBM report found that most organizations are exposing themselves to security risks when implementing generative AI tools]]> 2024-05-06T13:15:00+00:00 https://www.infosecurity-magazine.com/news/businesses-innovation-security/ www.secnews.physaphae.fr/article.php?IdArticle=8494623 False Tool None 3.0000000000000000 Global Security Mag - Site de news francais Produits]]> 2024-05-06T11:11:16+00:00 https://www.globalsecuritymag.fr/proton-pass-lance-pass-monitor.html www.secnews.physaphae.fr/article.php?IdArticle=8494578 False Tool None 3.0000000000000000 ProofPoint - Cyber Firms 2024-05-06T07:54:03+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/genai-powering-latest-surge-modern-email-threats www.secnews.physaphae.fr/article.php?IdArticle=8494488 False Ransomware,Data Breach,Tool,Vulnerability,Threat ChatGPT 3.0000000000000000 SkullSecurity - Blog Sécu cant-give-in, cant-give-in-secure, and cant-give-in-securer are to learn how to exploit and debug compiled code that\'s loaded as a CGI module. You might think that\'s unlikely, but a surprising number of enterprise applications (usually hardware stuff - firewalls, network “security” appliances, stuff like that) is powered by CGI scripts. You never know! This challenge was inspired by one of my co-workers at GreyNoise asking how to debug a CGI script. I thought it\'d be cool to make a multi-challenge series in case others didn\'t know! This write-up is intended to be fairly detailed, to help new players understand their first stack overflow! Part 1: cant-give-in The vulnerability First, let\'s look at the vuln! All three challenges have pretty similar vulnerabilities, but here\'s what the first looks like: char *strlength = getenv("CONTENT_LENGTH"); if(!strlength) { printf("ERROR: Please send data!"); exit(0); } int length = atoi(strlength); read(fileno(stdin), data, length); if(!strcmp(data, "password=MyCoolPassword")) { printf("SUCCESS: authenticated successfully!"); } else { printf("ERROR: Login failed!"); } The way CGI works - a fact that I\'d forgotten since learning Perl like 20 years ago - is that the headers are processed by Apache and sent to the script as environmental variables, and the body (ie, POST data) is sent on stdin. In that script, we read the Content-Length from a variable, then read that many bytes of the POST body into a static buffer. That\'s a fairly standard buffer overflow, with the twist that it\'s in a CGI application! We can demonstrate the issue pretty easily by running the CGI directly (I\'m using dd to produce 200 characters without cluttering up the screen): ]]> 2024-05-05T00:00:00+00:00 https://www.skullsecurity.org/bsidessf-2024/ctfs/2024/05/05/cant-give-in.html www.secnews.physaphae.fr/article.php?IdArticle=8494287 False Tool,Vulnerability,Threat None 3.0000000000000000 SkullSecurity - Blog Sécu pas d'outils est un défi terminal assez simple, quelque chose pour les nouveaux joueursmâcher. Je soupçonne qu'il existe plusieurs façons différentes de le résoudre, mais l'idée de base est de lire un fichier en utilisant uniquement des fonctions intégrées de sh . Je l'ai personnellement résolu avec le lire intégré: $ lire file= "nv"> $ drapeau Ctf { where-are-mon-tools } Une autre solution que mon co-organisateur a développée a utilisé Exec : $ exec ]]> 2024-05-05T00:00:00+00:00 https://www.skullsecurity.org/bsidessf-2024/ctfs/2024/05/05/no-tools.html www.secnews.physaphae.fr/article.php?IdArticle=8494288 False Tool None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot Cybersecurity professionals at GBHackers have discovered a series of cyberattacks targeting poorly managed Microsoft SQL (MS-SQL) servers to install Mallox Ransomware on systems. **Read more about Microsoft\'s coverage for [Mallox Ransomware here.](https://sip.security.microsoft.com/intel-profiles/7fbe39c998c8a495a1652ac6f8bd34852c00f97dc61278cafc56dca1d443131e)** ## Description The threat actor group\'s modus operandi involves exploiting vulnerabilities in improperly managed MS-SQL servers. By employing brute force and dictionary attacks, the attackers gain unauthorized access, primarily targeting the SA (System Administrator) account.  Once inside, they deploy the Remcos Remote Access Tool (RAT) to take control of the infected system. Remcos RAT, initially used for system breach and control, has been repurposed by attackers for malicious activities, featuring capabilities such as keylogging, screenshot capture, and control over webcams and microphones.  Additionally, a custom-made remote screen control malware is deployed, allowing attackers to gain access to the infected system using the AnyDesk ID obtained from the command and control server. Mallox ransomware, known for targeting MS-SQL servers, was then installed to encrypt the system.  Mallox ransomware, utilizes AES-256 and SHA-256 encryption algorithms, appending a ".rmallox" extension to encrypted files. The attack patterns observed in this campaign bear a striking resemblance to ]]> 2024-05-03T20:14:15+00:00 https://community.riskiq.com/article/f5f3ecc6 www.secnews.physaphae.fr/article.php?IdArticle=8493202 False Ransomware,Malware,Tool,Vulnerability,Threat,Technical None 3.0000000000000000 Korben - Bloger francais 2024-05-03T12:00:54+00:00 https://korben.info/bitcoin-edward-snowden-avertissement-confidentialite.html www.secnews.physaphae.fr/article.php?IdArticle=8492965 False Tool None 3.0000000000000000 McAfee Labs - Editeur Logiciel À notre époque numérique, un ordinateur n'est pas seulement un outil;C'est une passerelle vers un monde de possibilités, de divertissement, ...

---

> In our digital age, a computer is not just a tool; it’s a gateway to a world of possibilities, entertainment,... ]]> 2024-05-03T00:36:38+00:00 https://www.mcafee.com/blogs/mcafee-news/mcafee-dominates-av-comparatives-pc-performance-test/ www.secnews.physaphae.fr/article.php?IdArticle=8492690 False Tool None 2.0000000000000000 Dark Reading - Informationweek Branch Weaponizing Microsoft\'s own services for command-and-control is simple and costless, and it helps attackers better avoid detection.]]> 2024-05-02T10:00:00+00:00 https://www.darkreading.com/cloud-security/microsoft-graph-api-emerges-as-top-attacker-tool-to-plot-data-theft www.secnews.physaphae.fr/article.php?IdArticle=8492295 False Tool None 2.0000000000000000 Dark Reading - Informationweek Branch A recent campaign targeting Middle Eastern government organizations plays standard detection tools like a fiddle. With cyberattackers getting more creative, defenders must start keeping pace.]]> 2024-05-02T05:00:00+00:00 https://www.darkreading.com/threat-intelligence/dunequixote-shows-stealth-cyberattack-methods-are-evolving www.secnews.physaphae.fr/article.php?IdArticle=8492172 False Tool None 3.0000000000000000 The State of Security - Magazine Américain With cybersecurity, the digital battlegrounds stretch across the vast expanse of the internet. On the one side, we have increasingly sophisticated and cunning adversaries. On the other, skilled cybersecurity practitioners who are desperate to protect their companies\' assets at all costs. One fundamental truth rings clear: it\'s an ongoing and relentless battle of wits. Much like modern-day mercenaries, bad actors are armed with an arsenal of sophisticated tools and threats , continually looking for any chinks in the security armor to exploit. Their objectives range from financial gain and fraud...]]> 2024-05-02T03:20:36+00:00 https://www.tripwire.com/state-of-security/cybersecurity-battle-wits www.secnews.physaphae.fr/article.php?IdArticle=8492267 False Tool,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-05-01T20:56:45+00:00 https://community.riskiq.com/article/e27d7355 www.secnews.physaphae.fr/article.php?IdArticle=8492041 False Ransomware,Malware,Tool,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-05-01T19:46:49+00:00 https://community.riskiq.com/article/ddb0878a www.secnews.physaphae.fr/article.php?IdArticle=8492016 False Tool,Vulnerability,Threat,Studies,Mobile,Technical None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-05-01T19:01:06+00:00 https://community.riskiq.com/article/9a596ba8 www.secnews.physaphae.fr/article.php?IdArticle=8492017 False Malware,Tool,Threat,Medical,Commercial None 3.0000000000000000 Global Security Mag - Site de news francais revues de produits

---

The creators of NordVPN launches NordStellar, a new threat exposure management platform for businesses ● NordStellar allows companies to cut down on data leak detection times and minimize risk to an organization ● For several years, the platform was used and tested as an internal tool, now made available to the public ● It\'s the third B2B solution by Nord Security, including a password manager for businesses - NordPass, and a network access security solution - NordLayer ● This year, the company also launched Saily - an eSIM service - Product Reviews]]> 2024-05-01T17:11:23+00:00 https://www.globalsecuritymag.fr/nord-security-introduces-nordstellar.html www.secnews.physaphae.fr/article.php?IdArticle=8491964 False Tool,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) There\'s a natural human desire to avoid threatening scenarios. The irony, of course, is if you hope to attain any semblance of security, you\'ve got to remain prepared to confront those very same threats. As a decision-maker for your organization, you know this well. But no matter how many experts or trusted cybersecurity tools your organization has a standing guard,]]> 2024-05-01T16:33:00+00:00 https://thehackernews.com/2024/05/everyones-expert-how-to-empower-your.html www.secnews.physaphae.fr/article.php?IdArticle=8491762 False Tool None 2.0000000000000000 Mandiant - Blog Sécu de Mandiant   APT42, an Iranian state-sponsored cyber espionage actor, is using enhanced social engineering schemes to gain access to victim networks, including cloud environments. The actor is targeting Western and Middle Eastern NGOs, media organizations, academia, legal services and activists. Mandiant assesses APT42 operates on behalf of the Islamic Revolutionary Guard Corps Intelligence Organization (IRGC-IO). APT42 was observed posing as journalists and event organizers to build trust with their victims through ongoing correspondence, and to deliver invitations to conferences or legitimate documents. These social engineering schemes enabled APT42 to harvest credentials and use them to gain initial access to cloud environments. Subsequently, the threat actor covertly exfiltrated data of strategic interest to Iran, while relying on built-in features and open-source tools to avoid detection. In addition to cloud operations, we also outline recent malware-based APT42 operations using two custom backdoors: NICECURL and TAMECAT. These backdoors are delivered via spear phishing, providing the attackers with initial access that might be used as a command execution interface or as a jumping point to deploy additional malware. APT42 targeting and missions are consistent with its assessed affiliation with the IRGC-IO, which is a part of the Iranian intelligence apparatus that is responsible for monitoring and preventing foreign threats to the Islamic Republic and domestic unrest. APT42 activities overlap with the publicly reported actors CALANQUE (Google Threat Analysis Group), Charming Kitten (ClearSky and CERTFA), Mint Sandstorm/Phosphorus (Microsoft), TA453 (Proofpoint), Yellow Garuda (PwC), and ITG18 (]]> 2024-05-01T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/untangling-iran-apt42-operations/ www.secnews.physaphae.fr/article.php?IdArticle=8500390 False Malware,Tool,Threat,Cloud APT 35,APT 42,Yahoo 2.0000000000000000 LogPoint - Blog Secu 2024-05-01T11:26:49+00:00 https://www.logpoint.com/fr/blog/kapeka-nouveaux-outils-dans-arsenal-sandstorm/ www.secnews.physaphae.fr/article.php?IdArticle=8501444 False Tool None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC phishing/scams is by end-user education and communication with the IT department. In a recent incident, a fake “Microsoft Security Alert” domain targeted one of our Managed Endpoint Security with SentinelOne customers, causing alarm for the end users and IT staff, but fortunately, the end user did not fall into the trap of calling the fraudulent number. The customer immediately contacted their assigned Threat Hunter for support and guidance, and the Threat Hunter was able to quickly utilize the security measures in place, locate multiple domains, and report them to the Alien Labs threat intelligence team. AT&T Cybersecurity was one of the first cybersecurity companies to alert on the domains and share the information via the Open Threat Exchange (OTX) threat intelligence sharing community, helping other organizations protect against it. Investigation Initial Alarm Review Indicators of Compromise (IOCs) The initial security layers failed to raise alarms for several reasons. First, the firewalls did not block the domain because it was newly registered and therefore not yet on any known block lists. Second, the platform did not create any alarms because the domain’s SSL certificates were properly configured. Finally, the EDR tool did not alert because no downloads were initiated from the website. The first indication of an issue came from an end user who feared a hack and reported it to the internal IT team. Utilizing the information provided by the end user, the Threat Hunter was able to locate the user\'s asset. Sniffing the URL data revealed a deceptive “Microsoft Security Alert” domain and a counterfeit McAfee website. These were detected largely because of improvements recommended during the customer\'s monthly meetings with the Threat Hunter, including a recommendation to activate the SentinelOne Deep Visibility browser extension, which is the tool that was instrumental in capturing URL information with greater accuracy after all the redirects. Figure I – Fake Microsoft Support page Figure 2 – Fake McAfee page Artifact (Indicator of Compromise) IOC Fake McAfee Page bavareafastrak[.]org Website Hosting Scam Pages Galaxytracke[.]com Zip file hash Tizer.zip - 43fb8fb69d5cbb8d8651af075059a8d96735a0d5 Figure 3 – Indicators of compromise Expanded Investigation Events Search With the understanding that the e]]> 2024-05-01T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/stories-from-the-soc-combating-security-alert-scams www.secnews.physaphae.fr/article.php?IdArticle=8491736 False Hack,Tool,Threat None 2.0000000000000000 ProofPoint - Cyber Firms 2024-05-01T05:12:14+00:00 https://www.proofpoint.com/us/blog/information-protection/whats-best-way-stop-genai-data-loss-take-human-centric-approach www.secnews.physaphae.fr/article.php?IdArticle=8491708 False Tool,Medical,Cloud ChatGPT 3.0000000000000000 Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique Une dure réalité pour les entreprises et les agents de l'entreprise d'Enterprise d'aujourd'hui qui dirigent les bureaux d'aide d'entreprise aujourd'hui sont dans une situation très difficile.Ils sont chargés de résoudre un volume considérablement accru de billets, mais n'ont pas la visibilité et les outils nécessaires pour le faire. & # 160;Dépassé et souvent incapable de faire leur travail efficacement, les professionnels de l'assistance [& # 8230;]

---

>A harsh reality for today\'s enterprise help desks Leaders and agents running enterprise help desks today are in a very tough spot. They are tasked with resolving a dramatically increased volume of tickets, yet lack the visibility and tools needed to do so.  Overwhelmed and often unable to do their jobs effectively, help desk professionals […] ]]> 2024-04-30T19:13:26+00:00 https://www.netskope.com/blog/solving-the-help-desk-dilemma-with-p-dem www.secnews.physaphae.fr/article.php?IdArticle=8491440 False Tool None 2.0000000000000000 Mandiant - Blog Sécu de Mandiant Multi-faceted extortion via ransomware and/or data theft is a popular end goal for attackers, representing a global threat targeting organizations in all industries. The impact of a successful ransomware event can be material to an organization, including the loss of access to data, systems, and prolonged operational outages. The potential downtime, coupled with unforeseen expenses for restoration, recovery, and implementation of new security processes and controls can be overwhelming.Since the initial launch of our report in 2019, data theft and ransomware deployment tactics have continued to evolve and escalate. This evolution marks a shift from manual or script-based ransomware deployment to sophisticated, large-scale operations, including: Weaponizing Trusted Service Infrastructure (TSI): Adversaries are increasingly abusing legitimate infrastructure and security tools (TSI) to rapidly propagate malware or ransomware across entire networks. Targeting Virtualization Platforms: Attackers are actively focusing on the virtualization layer, aiming to mass-encrypt virtual machines (VMs) and other critical systems at scale. Targeting Backup Data / Platforms: Threat actors are exploiting misconfigurations or security gaps in backup systems to either erase or corrupt data backups, severely hindering recovery efforts. Based upon these newer techniques, it is critical that organizations identify the span of the attack surface, and align proper security controls and visibility that includes coverage for protecting: Identities Endpoints Network Architectures Remote Access Platforms Trusted Service Infrastructure (TSI) Cascading weaknesses across these layers create opportunities for attackers to breach an organization\'s perimeter, gain initial access, and maintain a persistent foothold within the compromised network. In our updated report, ]]> 2024-04-30T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/ransomware-protection-and-containment-strategies/ www.secnews.physaphae.fr/article.php?IdArticle=8500391 False Ransomware,Malware,Tool,Threat None 3.0000000000000000 GoogleSec - Firm Security Blog dbsc Cela aidera à perturber l'industrie du vol de cookies car l'exfiltration de ces cookies n'aura plus de valeur. Lorsqu'il n'est pas possible d'éviter le vol d'identification et de cookies par malware, la prochaine meilleure chose est de rendre l'attaque plus observable par antivirus, d'agents de détection de terminaux ou d'administrateurs d'entreprise avec des outils d'analyse de journaux de base. Ce blog décrit un ensemble de signaux à utiliser par les administrateurs système ou les agents de détection de point de terminaison qui devraient signaler de manière fiable tout accès aux données protégées du navigateur d'une autre application sur le système.En augmentant la probabilité d'une attaque détectée, cela modifie le calcul pour les attaquants qui pourraient avoir un fort désir de rester furtif et pourraient les amener à repenser ces types d'attaques contre nos utilisateurs. arrière-plan Les navigateurs basés sur le chrome sur Windows utilisent le DPAPI (API de protection des données) pour sécuriser les secrets locaux tels que les cookies, le mot de passe, etc.La protection DPAPI est basée sur une clé dérivée des informations d'identification de connexion de l'utilisateur et est conçue pour se protéger contre l'accès non autorisé aux secrets des autres utilisateurs du système ou lorsque le système est éteint.Étant donné que le secret DPAPI est lié à l'utilisateur connecté, il ne peut pas protéger contre les attaques de logiciels malveillants locaux - l'exécution de logiciels malveillants en tant qu'utilisateur ou à un niveau de privilège plus élevé peut simplement appeler les mêmes API que le navigateur pour obtenir le secret DPAPI. Depuis 2013, Chromium applique l'indicateur CryptProtect_Audit aux appels DPAPI pour demander qu'un journal d'audit soit généré lorsque le décryptage se produit, ainsi que le marquage des données en tant que détenue par le navigateur.Parce que tout le stockage de données crypté de Chromium \\ est soutenu par une clé sécurisée DPAPI, toute application qui souhaite décrypter ces données, y compris les logiciels malveillants, devrait toujours générer de manière fiable un journal d'événements clairement observable, qui peut être utilisé pour détecter ces typesd'attaques. Il y a trois étapes principales impliquées dans le profit de ce journal: Activer la connexion sur l'ordinateur exécutant Google Chrome, ou tout autre navigateur basé sur le chrome. Exporter les journaux des événements vers votre système backend. Créer une logique de détection pour détecter le vol. Ce blog montrera également comment la journalisation fonctionne dans la pratique en la testant contre un voleur de mot de passe Python. Étape 1: Activer la connexion sur le système Les événements DPAPI sont connectés à deux endroits du système.Premièrement, il y a le 4693 Événement qui peut être connecté au journal de sécurité.Cet événement peut être activé en activant "Audit l'activité DPAPI" et les étapes pour ce faire sont d]]> 2024-04-30T12:14:48+00:00 http://security.googleblog.com/2024/04/detecting-browser-data-theft-using.html www.secnews.physaphae.fr/article.php?IdArticle=8493535 False Malware,Tool,Threat None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC date: Displays the current date and time. ]]> 2024-04-30T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/volatile-data-acquisition-from-live-linux-systems-part-i www.secnews.physaphae.fr/article.php?IdArticle=8491341 False Tool,Technical None 3.0000000000000000 Kaspersky - Kaspersky Research blog The report covers the tactics, techniques and tools most commonly deployed by threat actors, the nature of incidents detected and their distribution among MDR customers.]]> 2024-04-30T09:00:40+00:00 https://securelist.com/kaspersky-mdr-report-2023/112411/ www.secnews.physaphae.fr/article.php?IdArticle=8491133 False Tool,Threat None 2.0000000000000000 Global Security Mag - Site de news francais Points de Vue]]> 2024-04-30T08:16:53+00:00 https://www.globalsecuritymag.fr/conjuguer-innovation-cybersecurite-ia-et-lancement-de-produit.html www.secnews.physaphae.fr/article.php?IdArticle=8491158 False Tool None 2.0000000000000000 The State of Security - Magazine Américain In 1971, Ray Tomlison developed the first email service while working at The Defense Advanced Research Projects Agency (DARPA) . This development changed how we communicated. However, even though this was an exceptional tool, it was not very user-friendly, requiring users to have specific software installed on their computers. In 1996, Sabeer Bhatia founded Hotmail, making it the first web-based email messaging service. Exactly one year after Microsoft acquired Hotmail, I opened my first email account. I still remember the feeling of euphoria that came from receiving a virtual response to the...]]> 2024-04-30T03:02:40+00:00 https://www.tripwire.com/state-of-security/dmarc-next-step-email-hygiene-and-security www.secnews.physaphae.fr/article.php?IdArticle=8491102 False Tool None 3.0000000000000000 Techworm - News said in an analysis published on Thursday. According to ThreatFabric, Brokewell poses a significant threat to the banking industry, providing attackers with remote access to all assets available through mobile banking. The malware was discovered by the researchers while investigating a fake Google Chrome web browser “update” page, commonly used by cybercriminals to lure victims into downloading and installing malware. Looking at prior campaigns, the researchers found that Brokewell was used to target a popular “buy now, pay later” financial service and an Austrian digital authentication application. The malware is said to be in active development, with new commands added almost daily to capture every event on the device, from keystrokes and information displayed on screen to text entries and apps launched by the victim. Once downloaded, Brokewell creates an overlay screen on a targeted application to capture user credentials. It can also steal browser cookies by launching its own WebView, overriding the onPageFinished method, and dumping the session cookies after the user completes the login process. “Brokewell is equipped with “accessibility logging,” capturing every event happening on the device: touches, swipes, information displayed, text input, and applications opened. All actions are logged and sent to the command-and-control server, effectively stealing any confidential data displayed or entered on the compromised device,” the ThreatFabric researchers point out. “It\'s important to highlight that, in this case, any application is at risk of data compromise: Brokewell logs every event, posing a threat to all applications installed on the device. This piece of malware also supports a variety of “spyware” functionalities: it can collect information about the device, call history, geolocation, and record audio.” After stealing the credentials, the attackers can initiate a Device Takeover attack using remote control capabilities to perform screen streaming. It also provides the threat actor with a range of various commands that can be executed on the controlled device, such as touches, swipes, and clicks on specified elements. ThreatFabric discovered that one of the servers used as a command and control (C2) point for Brokewell was also used to host a repository called “Brokewell Cyber Labs,” created by a threat actor called “Baron Samedit.” This repository comprised the source code for the “Brokewell Android Loader,” another tool from the same developer designed to bypass restrictions Google introduced in Android 13 and later to prevent exploitation of Accessibility Service for side-loaded apps (APKs). According to ThreatFabric, Baron Samedit has been active for at least two years, providing tools to other cybercriminals to check stolen accounts from multiple services, which could still be improved to support a malware-as-a-service operation. “We anticipate further evolution of this malware family, as we’ve already observed almost daily updates to the malware. Brokewell will likely be promoted on underground channels as a rental service, attracting the interest of other cybercriminals and sparking new campaigns targeting different regions,” the researchers conclude. Hence, the only way to effectively identify and prevent potential fraud from malware families like the newly discovered Brokewell is to use a comprehensive]]> 2024-04-29T22:01:20+00:00 https://www.techworm.net/2024/04/android-malware-hack-bank-account-chrome-update.html www.secnews.physaphae.fr/article.php?IdArticle=8490777 False Malware,Tool,Threat,Mobile None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot The DFIR report provides a detailed account of a sophisticated intrusion that began with a phishing campaign using PrometheusTDS to distribute IcedID malware in August 2023. ## Description The IcedID malware established persistence, communicated with C2 servers, and dropped a Cobalt Strike beacon, which was used for lateral movement, data exfiltration, and ransomware deployment. The threat actor also utilized a suite of tools such as Rclone, Netscan, Nbtscan, AnyDesk, Seatbelt, Sharefinder, and AdFind. The intrusion culminated in the deployment of Dagon Locker ransomware after 29 days. The threat actors employed various techniques to obfuscate the JavaScript file and the Cobalt Strike shellcode, evade detection, maintain persistence, and perform network enumeration activities. The threat actor\'s activities included the abuse of lateral movement functionalities such as PsExec and Remote Desktop Protocol (RDP), exfiltration of files, dumping and exfiltration of Windows Security event logs, and the use of PowerShell commands executed from the Cobalt Strike beacon. Additionally, the threat actor employed multiple exfiltration techniques, including the use of Rclone and AWS CLI to exfiltrate data from the compromised infrastructure. The deployment of the Dagon Locker ransomware was facilitated through the use of a custom PowerShell script, AWScollector, and a locker module, with a specific PowerShell command run from a domain controller to deploy the ransomware to different systems. The impact of this incident resulted in all systems being affected by the Dagon Locker ransomware. ## References [https://thedfirreport.com/2024/04/29/from-icedid-to-dagon-locker-ransomware-in-29-days/](https://thedfirreport.com/2024/04/29/from-icedid-to-dagon-locker-ransomware-in-29-days/)]]> 2024-04-29T20:07:15+00:00 https://community.riskiq.com/article/55e96eb8 www.secnews.physaphae.fr/article.php?IdArticle=8490876 False Ransomware,Malware,Tool,Threat,Technical None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-04-29T16:05:58+00:00 https://community.riskiq.com/article/aa388c3b www.secnews.physaphae.fr/article.php?IdArticle=8490778 False Ransomware,Malware,Tool,Vulnerability,Threat,Mobile,Industrial None 3.0000000000000000 Mandiant - Blog Sécu de Mandiant Gemini 1.5 Pro to the test to see how it performed at analyzing malware. By providing code and using a simple prompt, we asked Gemini 1.5 Pro to determine if the file was malicious, and also to provide a list of activities and indicators of compromise. We did this for multiple malware files, testing with both decompiled and disassembled code, and Gemini 1.5 Pro was notably accurate each time, generating summary reports in human-readable language. Gemini 1.5 Pro was even able to make an accurate determination of code that - at the time - was receiving zero detections on VirusTotal.  In our testing with other similar gen AI tools, we were required to divide the code into chunks, which led to vague and non-specific outcomes, and affected the overall analysis. Gemini 1.5 Pro, however, processed the entire code in a single pass, and often in about 30 to 40 seconds. Introduction The explosive growth of malware continues to challenge traditional, manual analysis methods, underscoring the urgent need for improved automation and innovative approaches. Generative AI models have become invaluable in some aspects of malware analysis, yet their effectiveness in handling large and complex malware samples has been limited. The introduction of Gemini 1.5 Pro, capable of processing up to 1 million tokens, marks a significant breakthrough. This advancement not only empowers AI to function as a powerful assistant in automating the malware analysis workflow but also significantly scales up the automation of code analysis. By substantially increasing the processing capacity, Gemini 1.5 Pro paves the way for a more adaptive and robust approach to cybersecurity, helping analysts manage the asymmetric volume of threats more effectively and efficiently. Traditional Techniques for Automated Malware Analysis The foundation of automated malware analysis is built on a combination of static and dynamic analysis techniques, both of which play crucial roles in dissecting and understanding malware behavior. Static analysis involves examining the malware without executing it, providing insights into its code structure and unobfuscated logic. Dynamic analysis, on the other hand, involves observing the execution of the malware in a controlled environment to monitor its behavior, regardless of obfuscation. Together, these techniques are leveraged to gain a comprehensive understanding of malware. Parallel to these techniques, AI and machine learning (ML) have increasingly been employed to classify and cluster malware based on behavioral patterns, signatures, and anomalies. These methodologies have ranged from supervised learning, where models are trained on labeled datasets, to unsupervised learning for clustering, which identifies patterns without predefined labels to group similar malware.]]> 2024-04-29T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/gemini-for-malware-analysis/ www.secnews.physaphae.fr/article.php?IdArticle=8500392 False Malware,Hack,Tool,Vulnerability,Threat,Studies,Prediction,Cloud,Conference Wannacry 3.0000000000000000 GoogleSec - Firm Security Blog 1 in part thanks to our investment in new and improved security features, policy updates, and advanced machine learning and app review processes. We have also strengthened our developer onboarding and review processes, requiring more identity information when developers first establish their Play accounts. Together with investments in our review tooling and processes, we identified bad actors and fraud rings more effectively and banned 333K bad accounts from Play for violations like confirmed malware and repeated severe policy violations. Additionally, almost 200K app submissions were rejected or remediated to ensure proper use of sensitive permissions such as background location or SMS access. To help safeguard user privacy at scale, we partnered with SDK providers to limit sensitive data access and sharing, enhancing the privacy posture for over 31 SDKs impacting 790K+ apps. We also significantly expanded the Google Play SDK Index, which now covers the SDKs used in almost 6 million apps across the Android ecosystem. This valuable resource helps developers make better SDK choices, boosts app quality and minimizes integration risks. Protecting the Android Ecosystem Building on our success with the App Defense Alliance (ADA), we partnered with Microsoft and Meta as steering committee members in the newly restructured ADA under the Joint Development Foundation, part of the Linux Foundation family. The Alliance will support industry-wide adoption of app security best practices and guidelines, as well as countermeasures against emerging security risks. Additionally, we announced new Play Store transparency labeling to highlight VPN apps that have completed an independent security review through App Defense Alliance\'s Mobile App Security Assessment (MASA). When a user searches for VPN apps, they will now see a banner at the top of Google Play that educates them about the “Independent security review” badge in the Data safety section. This helps users see at-a-glance that a developer has prioritized security and privacy best practices and is committed to user safety. ]]> 2024-04-29T11:59:47+00:00 http://security.googleblog.com/2024/04/how-we-fought-bad-apps-and-bad-actors-in-2023.html www.secnews.physaphae.fr/article.php?IdArticle=8493536 False Malware,Tool,Threat,Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Identity and access management (IAM) services provider Okta has warned of a spike in the "frequency and scale" of credential stuffing attacks aimed at online services. These unprecedented attacks, observed over the last month, are said to be facilitated by "the broad availability of residential proxy services, lists of previously stolen credentials (\'combo lists\'), and scripting tools," the]]> 2024-04-28T19:22:00+00:00 https://thehackernews.com/2024/04/okta-warns-of-unprecedented-surge-in.html www.secnews.physaphae.fr/article.php?IdArticle=8490136 False Tool None 3.0000000000000000 Palo Alto Network - Site Constructeur La plate-forme présente l'occasion de moderniser et de simplifier la sécurité en effectuant un examen de tous les outils de cybersécurité et en recherchant des moyens de consolider.

---

>Platformization presents an opportunity to modernize and simplify security by doing a review of all cybersecurity tools and looking for ways to consolidate. ]]> 2024-04-26T22:25:37+00:00 https://www.paloaltonetworks.com/blog/2024/04/cybersecurity-platformization/ www.secnews.physaphae.fr/article.php?IdArticle=8491644 False Tool None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-04-26T19:12:08+00:00 https://community.riskiq.com/article/2641df15 www.secnews.physaphae.fr/article.php?IdArticle=8489234 False Ransomware,Spam,Malware,Tool,Threat,Industrial,Cloud None 2.0000000000000000 GoogleSec - Firm Security Blog IntroductionAs security professionals, we\'re constantly looking for ways to reduce risk and improve our workflow\'s efficiency. We\'ve made great strides in using AI to identify malicious content, block threats, and discover and fix vulnerabilities. We also published the Secure AI Framework (SAIF), a conceptual framework for secure AI systems to ensure we are deploying AI in a responsible manner. Today we are highlighting another way we use generative AI to help the defenders gain the advantage: Leveraging LLMs (Large Language Model) to speed-up our security and privacy incidents workflows.]]> 2024-04-26T18:33:10+00:00 http://security.googleblog.com/2024/04/accelerating-incident-response-using.html www.secnews.physaphae.fr/article.php?IdArticle=8493537 False Tool,Threat,Industrial,Cloud None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-04-26T17:23:14+00:00 https://community.riskiq.com/article/ff848e92 www.secnews.physaphae.fr/article.php?IdArticle=8489191 False Ransomware,Malware,Tool,Threat None 2.0000000000000000 Recorded Future - FLux Recorded Future 2024-04-26T16:20:45+00:00 https://therecord.media/kaiser-permanente-potential-third-party-data-exposure www.secnews.physaphae.fr/article.php?IdArticle=8489155 False Tool None 3.0000000000000000 Checkpoint - Fabricant Materiel Securite Un effet secondaire intéressant de la prolifération du développement de logiciels natifs du cloud est les lignes floues entre les rôles des équipes Infosec et DevOps pour protéger les données de l'application et des utilisateurs.Jusqu'à récemment, DevSecops consistait principalement à sécuriser et à protéger le code, les outils utilisés dans le SDLC et l'infrastructure des applications \\ 'contre les vulnérabilités, les fuites et les erreurs de configuration potentiels.Aujourd'hui, les données sensibles ne vit plus dans des bases de données sécurisées et centralisées.Au lieu de cela, il est dispersé dans des instances fluides et amorphes sur diverses plates-formes cloud et hybrides, ce qui rend le problème de la protection des données.Si vous regardez les chiffres, l'état de la sécurité des données aujourd'hui est carrément terrifiant.[& # 8230;]

---

>An interesting side-effect of the proliferation of cloud-native software development is the blurred lines between the roles of InfoSec and DevOps teams in protecting application and user data. Until recently, DevSecOps was mostly about securing and protecting the code, the tools used in the SDLC, and the applications\' infrastructure from potential vulnerabilities, leaks, and misconfigurations. Today, sensitive data no longer lives in secure and centralized databases. Instead, it\'s scattered in fluid and amorphic instances on various cloud and hybrid platforms, making data protection everyone\'s problem. If you look at the numbers, the state of data security today is downright terrifying. […] ]]> 2024-04-26T13:00:25+00:00 https://blog.checkpoint.com/securing-the-cloud/7-essentials-every-data-security-posture-management-dspm-must-have/ www.secnews.physaphae.fr/article.php?IdArticle=8489057 False Tool,Vulnerability,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Follow this real-life network attack simulation, covering 6 steps from Initial Access to Data Exfiltration. See how attackers remain undetected with the simplest tools and why you need multiple choke points in your defense strategy. Surprisingly, most network attacks are not exceptionally sophisticated, technologically advanced, or reliant on zero-day tools that exploit]]> 2024-04-25T16:43:00+00:00 https://thehackernews.com/2024/04/network-threats-step-by-step-attack.html www.secnews.physaphae.fr/article.php?IdArticle=8488507 False Tool,Vulnerability,Threat None 2.0000000000000000 Veracode - Application Security Research, News, and Education Blog We\'re excited to bring you two significant updates to Veracode Fix: our AI-powered security flaw remediation tool. Since we launched Fix nearly a year ago, two requests have dominated our customer feedback: Can we have it for ? Can you make it work for ? We recently launched a new version of Veracode Scan for VS Code that included Fix (with more IDE\'s to follow), which answered some of those requests, and now we\'re updating Fix to cover more languages and a new mode that will automatically apply the top-ranked fix.  Veracode Batch Fix Using Fix in the Veracode CLI tool with the new –-apply flag, you will be able to apply the top fix suggestion to the source code in one of two modes: Apply Single Finding to a Single File By supplying Veracode Fix with the results JSON file, the source code file to update, and the relevant issue ID (contained in the results file) you can apply the top-recommended fix to the source code file. ./…]]> 2024-04-25T14:54:20+00:00 https://www.veracode.com/blog/secure-development/new-veracode-fix-additional-language-support-and-batch-fix www.secnews.physaphae.fr/article.php?IdArticle=8499783 False Tool None 3.0000000000000000 Dark Reading - Informationweek Branch How the CISO of Kenvue, a consumer healthcare company spun out from Johnson & Johnson, combined tools and new ideas to build out the security program.]]> 2024-04-25T14:31:25+00:00 https://www.darkreading.com/identity-access-management-security/jj-spin-off-ciso-maximize-cybersecurity www.secnews.physaphae.fr/article.php?IdArticle=8489058 False Tool,Medical None 2.0000000000000000 HackRead - Chercher Cyber Par uzair amir Le rôle de la détection et de la réponse du réseau (NDR) dans la cybersécurité.Apprenez comment les outils NDR permettent aux organisations de lutter contre les menaces évolutives efficacement. Ceci est un article de HackRead.com Lire le post original: NDR dans le paysage moderne de la cybersécurité

---

>By Uzair Amir The role of Network Detection and Response (NDR) in cybersecurity. Learn how NDR tools empower organizations to tackle evolving threats effectively. This is a post from HackRead.com Read the original post: NDR in the Modern Cybersecurity Landscape]]> 2024-04-25T13:59:36+00:00 https://www.hackread.com/ndr-in-the-modern-cybersecurity-landscape/ www.secnews.physaphae.fr/article.php?IdArticle=8488551 False Tool None 2.0000000000000000 IT Security Guru - Blog Sécurité Cyber ​​Attacks dirigés par AI sont la norme dans un an, disons les leaders de la sécurité a>.

---

Netacea, the bot detection and response specialist, today announced new research into the threat of AI-driven cyberattacks. It finds that most businesses see “offensive AI” fast becoming a standard tool for cybercriminals, with 93% of security leaders expecting to face daily AI-driven attacks. The research, Cyber security in the age of offensive AI, surveyed security […] The post AI-driven cyber attacks to be the norm within a year, say security leaders first appeared on IT Security Guru. ]]> 2024-04-25T11:58:40+00:00 https://www.itsecurityguru.org/2024/04/25/ai-driven-cyber-attacks-to-be-the-norm-within-a-year-say-security-leaders/?utm_source=rss&utm_medium=rss&utm_campaign=ai-driven-cyber-attacks-to-be-the-norm-within-a-year-say-security-leaders www.secnews.physaphae.fr/article.php?IdArticle=8488504 False Tool,Threat None 2.0000000000000000