True Protection or False Promise? The Ultimate ITDR Shortlisting Guide
It’s the age of identity security. The explosion of driven ransomware attacks has made CISOs and security teams realize that identity protection lags 20 years behind their endpoints and networks. This realization is mainly due to the transformation of lateral movement from fine art, found in APT and top cybercrime groups only, to a commodity […]
Smash-and-Grab Extortion
The Problem The “2024 Attack Intelligence Report” from the staff at Rapid7 [1] is a well-researched, well-written report that is worthy of careful study. Some key takeaways are: 53% of the over 30 new vulnerabilities that were widely exploited in 2023 and at the start of 2024 were zero-days. More mass compromise events arose from […]
Cyberattaque sur Snowflake : les derniers enseignements
Les conclusions de Crowdstrike, additionnées à celles de Mandiant, donnent un éclairage sur la campagne de cyberattaques au cœur de laquelle se trouve Snowflake.
Crypto Analysts Expose HuiOne Guarantee’s $11 Billion Cybercrime Transactions
Cryptocurrency analysts have shed light on an online marketplace called HuiOne Guarantee that’s widely used by cybercriminals in Southeast Asia, particularly those linked to pig butchering scams. « Merchants on the platform offer technology, data, and money laundering services, and have engaged in transactions totaling at least $11 billion, » Elliptic said in a report shared with […]
ViperSoftX Malware Disguises as eBooks on Torrents to Spread Stealthy Attacks
The sophisticated malware known as ViperSoftX has been observed being distributed as eBooks over torrents. « A notable aspect of the current variant of ViperSoftX is that it uses the Common Language Runtime (CLR) to dynamically load and run PowerShell commands, thereby creating a PowerShell environment within AutoIt for operations, » Trellix security researchers Mathanraj Thangaraju and […]
New OpenSSH Vulnerability Discovered: Potential Remote Code Execution Risk
Select versions of the OpenSSH secure networking suite are susceptible to a new vulnerability that can trigger remote code execution (RCE). The vulnerability, tracked as CVE-2024-6409 (CVSS score: 7.0), is distinct from CVE-2024-6387 (aka RegreSSHion) and relates to a case of code execution in the privsep child process due to a race condition in signal […]
RADIUS Protocol Vulnerability Exposes Networks to MitM Attacks
Cybersecurity researchers have discovered a security vulnerability in the RADIUS network authentication protocol called BlastRADIUS that could be exploited by an attacker to stage Mallory-in-the-middle (MitM) attacks and bypass integrity checks under certain circumstances. « The RADIUS protocol allows certain Access-Request messages to have no integrity or authentication checks, » InkBridge
Détection des menaces, réponse aux incidents, protection des accès : comment intégrer l’IA à sa politique cyber ?
Le déploiement ultra-rapide de l’IA générative apporte son lot de nouvelles menaces. Pour autant, elle constitue aussi une partie de la solution, car son potentiel en défense est immense. La matinale Silicon sera l’occasion d’échanges et de retours d’expérience avec des RSSI qui ont réalisé les premières expérimentations d’intégration de l’IA dans leur stratégie cyber et
Hackers Exploiting Jenkins Script Console for Cryptocurrency Mining Attacks
Cybersecurity researchers have found that it’s possible for attackers to weaponize improperly configured Jenkins Script Console instances to further criminal activities such as cryptocurrency mining. « Misconfigurations such as improperly set up authentication mechanisms expose the ‘/script’ endpoint to attackers, » Trend Micro’s Shubham Singh and Sunil Bharti said in a technical write-up
GuardZoo Malware Targets Over 450 Middle Eastern Military Personnel
Military personnel from Middle East countries are the target of an ongoing surveillanceware operation that delivers an Android data-gathering tool called GuardZoo. The campaign, believed to have commenced as early as October 2019, has been attributed to a Houthi-aligned threat actor based on the application lures, command-and-control (C2) server logs, targeting footprint, and the attack