This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-20T15:42:12+00:00 www.secnews.physaphae.fr AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC cyberattacks can be tough. But there are several cybersecurity tips that can help defend against attacks. We\'ve gathered a list of 25 most effective tips for you to adopt and share with others. Top 25 cybersecurity tips for your business 1.    Keep your software up to date To stay safe from cyber threats like ransomware, it\'s essential to regularly update your software, including your operating system and applications. Updates often contain crucial security patches that fix vulnerabilities exploited by hackers. Enable automatic updates for your device and web browser, and ensure plugins like Flash and Java are also kept up to date. ]]> 2024-03-13T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/25-essential-cybersecurity-tips-and-best-practices-for-your-business www.secnews.physaphae.fr/article.php?IdArticle=8463764 False Ransomware,Malware,Tool,Vulnerability,Mobile,Cloud LastPass 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC 2023-11-30T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/secure-browsing-a-guide-to-browsing-the-internet-safely www.secnews.physaphae.fr/article.php?IdArticle=8418027 False Malware,Tool,Vulnerability,Threat LastPass,LastPass 2.0000000000000000 The State of Security - Magazine Américain What\'s happened? CISA, the United States\'s Cybersecurity and Infrastructure Security Agency, has ordered federal agencies to patch their iPhones against vulnerabilities that can be used as part of a zero-click attack to install spyware from the notorious NSO Group. A "zero-click attack"? That\'s an attack that doesn\'t require any interaction from the user. Often times a malicious hacker requires a user to open an attached file, or visit a dangerous web link, in order to activate an attack. With a zero-click attack, the user doesn\'t have to do anything. So how does it work? In this particular...]]> 2023-09-14T10:03:42+00:00 https://www.tripwire.com/state-of-security/government-agencies-told-secure-iphones-against-spyware-attacks www.secnews.physaphae.fr/article.php?IdArticle=8382687 False Vulnerability LastPass 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Federal agencies have one month to fix BlastPass vulnerabilities]]> 2023-09-12T09:00:00+00:00 https://www.infosecurity-magazine.com/news/us-government-ordered-patch-apple/ www.secnews.physaphae.fr/article.php?IdArticle=8381713 False Vulnerability LastPass 2.0000000000000000 Ars Technica - Risk Assessment Security Hacktivism "BLASTPASS" bug can install malware without user interaction.]]> 2023-09-07T22:47:27+00:00 https://arstechnica.com/?p=1966414 www.secnews.physaphae.fr/article.php?IdArticle=8380245 False Malware,Vulnerability LastPass 2.0000000000000000 SecurityWeek - Security News CISA has added vulnerabilities in Plex Media Server and VMware NSX-V to its Known Exploited Vulnerabilities catalog. ]]> 2023-03-13T14:32:01+00:00 https://www.securityweek.com/cisa-warns-of-plex-vulnerability-linked-to-lastpass-hack/ www.secnews.physaphae.fr/article.php?IdArticle=8318101 False Hack,Vulnerability LastPass,LastPass 3.0000000000000000 Bleeping Computer - Magazine Américain 2023-03-11T11:28:14+00:00 https://www.bleepingcomputer.com/news/security/cisa-warns-of-actively-exploited-plex-bug-after-lastpass-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8317619 False Vulnerability LastPass,LastPass 3.0000000000000000 Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Malicious ‘Lolip0p’ PyPi Packages Install Info-Stealing Malware (published: January 16, 2023) On January 10, 2023, Fortinet researchers detected actor Lolip0p offering malicious packages on the Python Package Index (PyPI) repository. The packages came with detailed, convincing descriptions pretending to be legitimate HTTP clients or, in one case, a legitimate improvement for a terminal user interface. Installation of the libraries led to infostealing malware targeting browser data and authentication (Discord) tokens. Analyst Comment: Free repositories such as PyPI become increasingly abused by threat actors. Before adding a package, software developers should review its author and reviews, and check the source code for any suspicious or malicious intent. MITRE ATT&CK: [MITRE ATT&CK] T1204 - User Execution | [MITRE ATT&CK] T1555 - Credentials From Password Stores Tags: actor:Lolip0p, Malicious package, malware-type:Infostealer, Discord, PyPi, Social engineering, Windows Analysis of FG-IR-22-398 – FortiOS - Heap-Based Buffer Overflow in SSLVPNd (published: January 11, 2023) In December 2022, the Fortinet network security company fixed a critical, heap-based buffer overflow vulnerability (FG-IR-22-398, CVE-2022-42475) in FortiOS SSL-VPN. The vulnerability was exploited as a zero-day by an advanced persistent threat (APT) actor who was customizing a Linux implant specifically for FortiOS of relevant FortiGate hardware versions. The targeting was likely aimed at governmental or government-related targets. The attribution is not clear, but the compilation timezone UTC+8 may point to China, Russia, and some other countries. Analyst Comment: Users of the affected products should make sure that the December 2022 FortiOS security updates are implemented. Zero-day based attacks can sometimes be detected by less conventional methods, such as behavior analysis, and heuristic and machine learning based detection systems. Network defenders are advised to monitor for suspicious traffic, such as suspicious TCP sessions with Get request for payloads. MITRE ATT&CK: [MITRE ATT&CK] T1622 - Debugger Evasion | [MITRE ATT&CK] T1190 - Exploit Public-Facing Application | [MITRE ATT&CK] T1105 - Ingress Tool Transfer | [MITRE ATT&CK] T1090 - Proxy | [MITRE ATT&CK] T1070 - Indicator Removal On Host Tags: FG-IR-22-398, CVE-2022-42]]> 2023-01-18T16:35:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-fortios-zero-day-has-been-exploited-by-an-apt-two-rats-spread-by-four-types-of-jar-polyglot-files-promethium-apt-continued-android-targeting www.secnews.physaphae.fr/article.php?IdArticle=8302291 False Malware,Tool,Vulnerability,Threat,Guideline LastPass 2.0000000000000000 Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence PyTorch Discloses Malicious Dependency Chain Compromise Over Holidays (published: January 1, 2023) Between December 25th and December 30th, 2022, users who installed PyTorch-nightly were targeted by a malicious library. The malicious torchtriton dependency on PyPI uses the dependency confusion attack by having the same name as the legitimate one on the PyTorch repository (PyPI takes precedence unless excluded). The actor behind the malicious library claims that it was part of ethical research and that he alerted some affected companies via HackerOne programs (Facebook was allegedly alerted). At the same time the library’s features are more aligned with being a malware than a research project. The code is obfuscated, it employs anti-VM techniques and doesn’t stop at fingerprinting. It exfiltrates passwords, certain files, and the history of Terminal commands. Stolen data is sent to the C2 domain via encrypted DNS queries using the wheezy[.]io DNS server. Analyst Comment: The presence of the malicious torchtriton binary can be detected, and it should be uninstalled. PyTorch team has renamed the 'torchtriton' library to 'pytorch-triton' and reserved the name on PyPI to prevent similar attacks. Opensource repositories and apps are a valuable asset for many organizations but adoption of these must be security risk assessed, appropriately mitigated and then monitored to ensure ongoing integrity. MITRE ATT&CK: [MITRE ATT&CK] T1195.001 - Supply Chain Compromise: Compromise Software Dependencies And Development Tools | [MITRE ATT&CK] T1027 - Obfuscated Files Or Information | [MITRE ATT&CK] Picus: The System Information Discovery Technique Explained - MITRE ATT&CK T1082 | [MITRE ATT&CK] T1003.008 - OS Credential Dumping: /Etc/Passwd And /Etc/Shadow | [MITRE ATT&CK] T1041 - Exfiltration Over C2 Channel Tags: Dependency confusion, Dependency chain compromise, PyPI, PyTorch, torchtriton, Facebook, Meta AI, Exfiltration over DNS, Linux Linux Backdoor Malware Infects WordPress-Based Websites (published: December 30, 2022) Doctor Web researchers have discovered a new Linux backdoor that attacks websites based on the WordPress content management system. The latest version of the backdoor exploits 30 vulnerabilities in outdated versions of WordPress add-ons (plugins and themes). The exploited website pages are injected with a malicious JavaScript that intercepts all users clicks on the infected page to cause a malicious redirect. Analyst Comment: Owners of WordPress-based websites should keep all the components of the platform up-to-date, including third-party add-ons and themes. Use ]]> 2023-01-04T16:30:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-machine-learning-toolkit-targeted-by-dependency-confusion-multiple-campaigns-hide-in-google-ads-lazarus-group-experiments-with-bypassing-mark-of-the-web www.secnews.physaphae.fr/article.php?IdArticle=8297872 False Malware,Tool,Vulnerability,Threat,Patching,Medical APT 38,LastPass 2.0000000000000000 Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence LastPass Hackers Stole Source Code (published: August 26, 2022) In August 2022, an unidentified threat actor gained access to portions of the password management giant LastPass development environment. LastPass informed that it happened through a single compromised developer account and the attacker took portions of source code and some proprietary LastPass technical information. The company claims that this incident did not affect customer data or encrypted password vaults. Analyst Comment: This incident doesn’t seem to have an immediate impact on LastPass users. Still, organizations relying on LastPass should raise the concern in their risk assessment since “white-box hacking” (when source code of the attacking system is known) is easier for threat actors. Organizations providing public-facing software should take maximum measures to block threat actors from their development environment and establish robust and transparent security protocols and practices with all third parties involved in their code development. Tags: LastPass, Password manager, Data breach, Source code Mercury Leveraging Log4j 2 Vulnerabilities in Unpatched Systems to Target Israeli (published: August 25, 2022) Starting in July 2022, a new campaign by Iran-sponsored group Static Kitten (Mercury, MuddyWater) was detected targeting Israeli organizations. Microsoft researchers detected that this campaign was leveraging exploitation of Log4j 2 vulnerabilities (CVE-2021-45046 and CVE-2021-44228) in SysAid applications (IT management tools). For persistence Static Kitten was dropping webshells, creating local administrator accounts, stealing credentials, and adding their tools in the startup folders and autostart extensibility point (ASEP) registry keys. Overall the group was heavily using various open-source and built-in operating system tools: eHorus remote management software, Ligolo reverse tunneling tool, Mimikatz credential theft tool, PowerShell programs, RemCom remote service, Venom proxy tool, and Windows Management Instrumentation (WMI). Analyst Comment: Network defenders should monitor for alerts related to web shell threats, suspicious RDP sessions, ASEP registry anomaly, and suspicious account creation. Similarly, SysAid users can monitor for webshells and abnormal processes related to SysAisServer instance. Even though Static Kitten was observed leveraging the Log4Shell vulnerabilities in the past (targeting VMware apps), most of their attacks still start with spearphishing, often from a compromised email account. MITRE ATT&CK: [MITRE ATT&CK] Exploit Public-Facing Application - T1190 | [MITRE ATT&CK] OS Credential Dumping - T1003 | [MITRE ATT&CK] Phishing - T1566 | ]]> 2022-08-30T15:01:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-first-real-life-video-spoofing-attack-magicweb-backdoors-via-non-standard-key-identifier-lockbit-ransomware-blames-victim-for-ddosing-back-and-more www.secnews.physaphae.fr/article.php?IdArticle=6626943 False Ransomware,Hack,Tool,Vulnerability,Threat,Guideline,Cloud APT 29,APT 37,LastPass None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Fintech Firm Hit by Log4j Hack Refuses to Pay $5 Million Ransom (published: December 29, 2021) The Vietnamese crypto trading, ONUS, was breached by unknown threat actor(s) by exploiting the Log4Shell (CVE-2021-44228) vulnerability between December 11 and 13. The exploited target was an AWS server running Cyclos, which is a point-of-sale software provider, and the server was only intended for sandbox purposes. Actors were then able to steal information via the misconfigured AWS S3 buckets containing information on approximately two million customers. Threat actors then attempted to extort five million dollars (USD). Analyst Comment: Although Cyclos issued a warning to patch on December 13, the threat actors had already gained illicit access. Even though Log4Shell provided initial access to the compromised server, it was the misconfigured buckets the actors took advantage of to steal data. MITRE ATT&CK: [MITRE ATT&CK] Exploitation for Client Execution - T1203 Tags: ONUS, Log4Shell, CVE-2021-44228, Strategically Aged Domain Detection: Capture APT Attacks With DNS Traffic Trends (published: December 29, 2021) Palo Alto Networks Unit42 researchers have published a report based on their tracking of strategically-aged malicious domains (registered but not used until a specific time) and their domain generation algorithm (DGA) created subdomains. Researchers found two Pegasus spyware command and control domains that were registered in 2019 and were not active until July 2021. A phishing campaign using DGA subdomains that were similar to those used during the SolarWinds supply chain attack was also identified. Analyst Comment: Monitor your networks for abnormal DNS requests, and have bandwidth limitations in place, if possible, to prevent numerous connections to DGA domains. Knowing which DGAs are most active in the wild will allow you to build a proactive defense by detecting any DGA that is in use. Anomali can detect DGA algorithms used by malware to assist in defending against these types of threats. MITRE ATT&CK: [MITRE ATT&CK] Dynamic Resolution - T1568 | [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] Application Layer Protocol - T1071 Tags: DGA , Pegasus, Phishing Implant.ARM.iLOBleed.a (published: December 28, 2021) Amnpardaz researchers discovered a new rootkit that has been targeting Hewlett-Packard Enterprise’s Integrated Lights-Out (iLO) server managemen]]> 2022-01-05T19:55:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-5-million-breach-extortion-apts-using-dga-subdomains-cyberespionage-group-incorporates-a-new-tool-and-more www.secnews.physaphae.fr/article.php?IdArticle=3928542 False Malware,Hack,Tool,Vulnerability,Threat LastPass None Graham Cluley - Blog Security 2019-09-17T08:08:04+00:00 https://www.grahamcluley.com/lastpass-users-automatically-updated-to-fix-security-vulnerability-in-browser-extension/ www.secnews.physaphae.fr/article.php?IdArticle=1339378 False Vulnerability LastPass None SecurityWeek - Security News 2019-09-16T14:40:28+00:00 http://feedproxy.google.com/~r/Securityweek/~3/a3b6-ISqHNE/lastpass-patches-bug-leaking-last-used-credentials www.secnews.physaphae.fr/article.php?IdArticle=1340304 False Vulnerability LastPass None Security Affairs - Blog Secu 2019-09-16T11:57:15+00:00 https://securityaffairs.co/wordpress/91338/hacking/lastpass-credentials-leak.html www.secnews.physaphae.fr/article.php?IdArticle=1336568 False Vulnerability LastPass None ZD Net - Magazine Info 2019-09-16T08:45:40+00:00 https://www.zdnet.com/article/lastpass-bug-leaks-credentials-from-previous-site/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1336355 False Vulnerability LastPass None Bleeping Computer - Magazine Américain 2019-09-16T08:24:36+00:00 https://www.bleepingcomputer.com/news/security/password-revealing-bug-quickly-fixed-in-lastpass-extensions/ www.secnews.physaphae.fr/article.php?IdArticle=1336847 False Vulnerability LastPass None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC The internet of things (IoT) is changing nearly every industry. Smart devices that can collect and process data, and even make decisions based on that data, though artificial intelligence promises to disrupt business as we know it for years to come. However, there are some legitimate concerns. The more connected devices your company has, the more potential vulnerabilities are out there. As business owners we want to be able to access the data we collect through the IoT, but we also need to be able to protect that data, and we bear the responsibility for keeping that data secure. This, like many areas of business, is a time for brutal honesty. If you have vulnerabilities, you need to fix them. You don’t want to be part of the headlines about companies who acted too late or not at all. Your security must adapt to the IoT, and it needs to do so now. Is the internet of things threatening your company’s security? There are a few questions you will need to ask yourself and your IT department to truly determine the answer: How do I know? Most experts agree that the weakness in any network is the devices that make up the IoT. For example, if you have smart light bulbs in your home, they are likely controlled by a hub which not only provides you with more flexibility in controlling them, but also provides security so they do not become a weak point in your network. This is why an intrusion detection system (IDS) is so important. Technologies from companies like AlienVault allow you to monitor for threats and even give you advice on how to prevent harm from them. Remember there is more than one area of vulnerability in any system. Cloud-based IDS, network IDS, and host-based IDS, along with file integrity management systems, are all essential parts of your strategy. These alerts tell you there is an attack and can even reveal threats to you, which allows you to put remediation and prevention strategies in place. But what are the threats you should be aware of? What are the threats? Why don’t we have houses that are completely smart and controlled by IoT devices? What about our cars? Part of the reason is that a hacker with the right tools could potentially take over control of a house or even a connected car from the owner or driver. For example, the Bangladesh National Bank lost $81 million due to an IoT-based attack. What are these types of attacks? There are actually several, and they mirror other types of cyberattacks. Distributed Denial of Service (DDoS): Chrysler/Jeep was vulnerable to this type of attack. Essentially, control of devices or a system is taken by a hacker. Sometimes this comes with ransomware, where the owner or user has to pay to get that control back. Malware: IoT devices can be used by an attacker to spread malware, sometimes to more than one devic]]> 2018-11-19T14:00:00+00:00 https://feeds.feedblitz.com/~/581095200/0/alienvault-blogs~Is-the-Internet-of-Things-Threatening-Your-Companys-Security www.secnews.physaphae.fr/article.php?IdArticle=906788 False Spam,Tool,Vulnerability LastPass None