Un sac poubelle remplis de données de santé retrouvé dans la rue
Des informations confidentielles sur les patients d’un espace de santé trouvé dans une poubelle !
Vente du code source du Ransomware INC
Depuis août 2023, le ransomware INC, fonctionnant sous le modèle Ransomware-as-a-Service (RaaS), fait parler de lui. Le code source a été mis en vente sur le darknet.
Military-themed Email Scam Spreads Malware to Infect Pakistani Users
Cybersecurity researchers have shed light on a new phishing campaign that has been identified as targeting people in Pakistan using a custom backdoor. Dubbed PHANTOM#SPIKE by Securonix, the unknown threat actors behind the activity have leveraged military-related phishing documents to activate the infection sequence. « While there are many methods used today to deploy malware, the […]
Oyster Backdoor Spreading via Trojanized Popular Software Downloads
A malvertising campaign is leveraging trojanized installers for popular software such as Google Chrome and Microsoft Teams to drop a backdoor called Oyster (aka Broomstick and CleanUpLoader). That’s according to findings from Rapid7, which identified lookalike websites hosting the malicious payloads that users are redirected to after searching for them on search engines like Google […]
SolarWinds Serv-U Vulnerability Under Active Attack – Patch Immediately
A recently patched high-severity flaw impacting SolarWinds Serv-U file transfer software is being actively exploited by malicious actors in the wild. The vulnerability, tracked as CVE-2024-28995 (CVSS score: 8.6), concerns a directory transversal bug that could allow attackers to read sensitive files on the host machine. Affecting all versions of the software prior to and […]
Kaspersky banni aux États-Unis : les grandes lignes du dispositif
Déjà banni des réseaux fédéraux étasuniens, Kaspersky l’est désormais dans tout le pays. Que prévoit Washington ?
U.S. Bans Kaspersky Software, Citing National Security Risks
The U.S. Department of Commerce’s Bureau of Industry and Security (BIS) on Thursday announced a « first of its kind » ban that prohibits Kaspersky Lab’s U.S. subsidiary from directly or indirectly offering its security software in the country. The blockade also extends to the cybersecurity company’s affiliates, subsidiaries and parent companies, the department said, adding the […]
Researchers Uncover UEFI Vulnerability Affecting Multiple Intel CPUs
Cybersecurity researchers have disclosed details of a now-patched security flaw in Phoenix SecureCore UEFI firmware that affects multiple families of Intel Core desktop and mobile processors. Tracked as CVE-2024-0762 (CVSS score: 7.5), the « UEFIcanhazbufferoverflow » vulnerability has been described as a case of a buffer overflow stemming from the use of an unsafe variable in the […]
French Diplomatic Entities Targeted in Russian-Linked Cyber Attacks
State-sponsored actors with ties to Russia have been linked to targeted cyber attacks aimed at French diplomatic entities, the country’s information security agency ANSSI said in an advisory. The attacks have been attributed to a cluster tracked by Microsoft under the name Midnight Blizzard (formerly Nobelium), which overlaps with activity tracked as APT29, BlueBravo, Cloaked […]
NIS2 : un catalyseur pour l’innovation en cybersécurité ou juste une n-ième formalité ?
Les nouveaux besoins de sécurisation appelés par la directive NIS2, associés à l’accent mis sur la collaboration et le partage des connaissances, ouvrent la voie à la créativité dans le secteur de la cybersécurité, ce qui transformera radicalement le paysage global tel que nous le connaissons.