Offensive AI: The Sine Qua Non of Cybersecurity
« Peace is the virtue of civilization. War is its crime. Yet it is often in the furnace of war that the sharpest tools of peace are forged. » – Victor Hugo. In 1971, an unsettling message started appearing on several computers that comprised ARPANET, the precursor to what we now know as the Internet. The message, […]
U.S. DoJ Indicts North Korean Hacker for Ransomware Attacks on Hospitals
The U.S. Department of Justice (DoJ) on Thursday unsealed an indictment against a North Korean military intelligence operative for allegedly carrying out ransomware attacks against healthcare facilities in the country and funneling the payments to orchestrate additional intrusions into defense, technology, and government entities across the world. « Rim Jong Hyok and his co-conspirators deployed
CrowdStrike Warns of New Phishing Scam Targeting German Customers
CrowdStrike is alerting about an unfamiliar threat actor attempting to capitalize on the Falcon Sensor update fiasco to distribute dubious installers targeting German customers as part of a highly targeted campaign. The cybersecurity company said it identified what it described as an unattributed spear-phishing attempt on July 24, 2024, distributing an inauthentic CrowdStrike Crash Reporter
Ongoing Cyberattack Targets Exposed Selenium Grid Services for Crypto Mining
Cybersecurity researchers are sounding the alarm over an ongoing campaign that’s leveraging internet-exposed Selenium Grid services for illicit cryptocurrency mining. Cloud security Wiz is tracking the activity under the name SeleniumGreed. The campaign, which is targeting older versions of Selenium (3.141.59 and prior), is believed to be underway since at least April 2023. « Unbeknownst to […]
Critical Flaw in Telerik Report Server Poses Remote Code Execution Risk
Progress Software is urging users to update their Telerik Report Server instances following the discovery of a critical security flaw that could result in remote code execution. The vulnerability, tracked as CVE-2024-6327 (CVSS score: 9.9), impacts Report Server version 2024 Q2 (10.1.24.514) and earlier. « In Progress Telerik Report Server versions prior to 2024 Q2 (10.1.24.709), […]
North Korean Hackers Shift from Cyber Espionage to Ransomware Attacks
A North Korea-linked threat actor known for its cyber espionage operations has gradually expanded into financially-motivated attacks that involve the deployment of ransomware, setting it apart from other nation-state hacking groups linked to the country. Google-owned Mandiant is tracking the activity cluster under a new moniker APT45, which overlaps with names such as Andariel, Nickel […]
Mise en conformité avec NIS2 : RSSI et DPO, deux postes complémentaires
Dans de trop nombreuses entreprises, les rôles de RSSI et de DPO sont souvent attribués à la même personne. Il devient indispensable de répartir les responsabilités entre les deux postes pour garantir une gestion efficace et éviter que ces rôles ne se réduisent à de simples acronymes.
6 Types of Applications Security Testing You Must Know About
While the specifics for security testing vary for applications, web applications, and APIs, a holistic and proactive applications security strategy is essential for all three types. There are six core types of testing that every security professional should know about to secure their applications, regardless of what phase they are in in development or deployment. […]
Meta Removes 63,000 Instagram Accounts Linked to Nigerian Sextortion Scams
Meta Platforms on Wednesday said it took steps to remove around 63,000 Instagram accounts in Nigeria that were found to target people with financial sextortion scams. « These included a smaller coordinated network of around 2,500 accounts that we were able to link to a group of around 20 individuals, » the company said. « They targeted primarily […]
Panne informatique mondiale : c’est la faute de l’UE selon Microsoft
Microsoft affirme que l’accord européen de 2009 a donné à CrowdStrike les clés du noyau Windows, permettant ainsi l’énorme panne informatique de la semaine dernière.