Brazil Halts Meta’s AI Data Processing Amid Privacy Concerns
Brazil’s data protection authority, Autoridade Nacional de Proteção de Dados (ANPD), has temporarily banned Meta from processing users’ personal data to train the company’s artificial intelligence (AI) algorithms. The ANPD said it found « evidence of processing of personal data based on inadequate legal hypothesis, lack of transparency, limitation of the rights of data subjects, and […]
L’app MFA Authy mise à mal par une API non sécurisée
Une API sans authentification a permis à des tiers de valider les numéros de téléphone associés à des millions de comptes Authy.
Global Police Operation Shuts Down 600 Cybercrime Servers Linked to Cobalt Strike
A coordinated law enforcement operation codenamed MORPHEUS has felled close to 600 servers that were used by cybercriminal groups and were part of an attack infrastructure associated with the Cobalt Strike. The crackdown targeted older, unlicensed versions of the Cobalt Strike red teaming framework between June 24 and 28, according to Europol. Of the 690 […]
Twilio’s Authy App Breach Exposes Millions of Phone Numbers
Cloud communications provider Twilio has revealed that unidentified threat actors took advantage of an unauthenticated endpoint in Authy to identify data associated with Authy accounts, including users’ cell phone numbers. The company said it took steps to secure the endpoint to no longer accept unauthenticated requests. The development comes days after an online persona named […]
The Emerging Role of AI in Open-Source Intelligence
Recently the Office of the Director of National Intelligence (ODNI) unveiled a new strategy for open-source intelligence (OSINT) and referred to OSINT as the “INT of first resort”. Public and private sector organizations are realizing the value that the discipline can provide but are also finding that the exponential growth of digital data in recent […]
Microsoft MSHTML Flaw Exploited to Deliver MerkSpy Spyware Tool
Unknown threat actors have been observed exploiting a now-patched security flaw in Microsoft MSHTML to deliver a surveillance tool called MerkSpy as part of a campaign primarily targeting users in Canada, India, Poland, and the U.S. « MerkSpy is designed to clandestinely monitor user activities, capture sensitive information, and establish persistence on compromised systems, » Fortinet FortiGuard
Premières connexions quantique en Belgique
Un pas vers une communication ultra-sécurisée : Les premières connexions de Distribution de Clés Quantiques (QKD) ont été déployées en Belgique.
FakeBat Loader Malware Spreads Widely Through Drive-by Download Attacks
The loader-as-a-service (LaaS) known as FakeBat has become one of the most widespread loader malware families distributed using the drive-by download technique this year, findings from Sekoia reveal. « FakeBat primarily aims to download and execute the next-stage payload, such as IcedID, Lumma, RedLine, SmokeLoader, SectopRAT, and Ursnif, » the company said in a Tuesday analysis. Drive-by […]
South Korean ERP Vendor’s Server Hacked to Spread Xctdoor Malware
An unnamed South Korean enterprise resource planning (ERP) vendor’s product update server has been found to be compromised to deliver a Go-based backdoor dubbed Xctdoor. The AhnLab Security Intelligence Center (ASEC), which identified the attack in May 2024, did not attribute it to a known threat actor or group, but noted that the tactics overlap […]
Israeli Entities Targeted by Cyberattack Using Donut and Sliver Frameworks
Cybersecurity researchers have discovered an attack campaign that targets various Israeli entities with publicly-available frameworks like Donut and Sliver. The campaign, believed to be highly targeted in nature, « leverage target-specific infrastructure and custom WordPress websites as a payload delivery mechanism, but affect a variety of entities across unrelated verticals, and rely on