China-Linked ‘Muddling Meerkat’ Hijacks DNS to Map Internet on Global Scale

A previously undocumented cyber threat dubbed Muddling Meerkat has been observed undertaking sophisticated domain name system (DNS) activities in a likely effort to evade security measures and conduct reconnaissance of networks across the world since October 2019. Cloud security firm Infoblox described the threat actor as likely affiliated with the

Navigating the Threat Landscape: Understanding Exposure Management, Pentesting, Red Teaming and RBVM

It comes as no surprise that today’s cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many

New R Programming Vulnerability Exposes Projects to Supply Chain Attacks

A security vulnerability has been discovered in the R programming language that could be exploited by a threat actor to create a malicious RDS (R Data Serialization) file such that it results in code execution when loaded and referenced. The flaw, assigned the CVE identifier CVE-2024-27322, « involves the use of promise objects and lazy evaluation in R, » AI […]

Étude Trends of IT 2024 : comment les managers IT développent leurs projets

Silicon et KPMG lancent la deuxième édition de l’étude Trends of IT. Cette édition 2024 est co-construite, avec les managers IT de grandes entreprises et d’ETI, pour comprendre les enjeux et partager leurs bonnes pratiques dans l’exécution des projets stratégiques.

Sandbox Escape Vulnerabilities in Judge0 Expose Systems to Complete Takeover

Multiple critical security flaws have been disclosed in the Judge0 open-source online code execution system that could be exploited to obtain code execution on the target system. The three flaws, all critical in nature, allow an « adversary with sufficient access to perform a sandbox escape and obtain root permissions on the host machine, » Australian

L’Essentiel du Métier de Data Analyst

Dans l’univers en rapide évolution des données massives, le rôle de data analyst devient crucial pour les organisations de toutes tailles. Un data analyst, ou analyste de données, est un professionnel dont la principale mission est d’analyser les données pour aider à prendre des décisions éclairées. Grâce à des compétences en statistiques et en informatique, […]

Okta Warns of Unprecedented Surge in Proxy-Driven Credential Stuffing Attacks

Identity and access management (IAM) services provider Okta has warned of a spike in the « frequency and scale » of credential stuffing attacks aimed at online services. These unprecedented attacks, observed over the last month, are said to be facilitated by « the broad availability of residential proxy services, lists of previously stolen credentials (‘combo lists’), and […]

Ukraine Targeted in Cyberattack Exploiting 7-Year-Old Microsoft Office Flaw

Cybersecurity researchers have discovered a targeted operation against Ukraine that has been found leveraging a nearly seven-year-old flaw in Microsoft Office to deliver Cobalt Strike on compromised systems. The attack chain, which took place at the end of 2023 according to Deep Instinct, employs a PowerPoint slideshow file (« signal-2023-12-20-160512.ppsx ») as the starting point, with

Bogus npm Packages Used to Trick Software Developers into Installing Malware

An ongoing social engineering campaign is targeting software developers with bogus npm packages under the guise of a job interview to trick them into downloading a Python backdoor. Cybersecurity firm Securonix is tracking the activity under the name DEV#POPPER, linking it to North Korean threat actors. « During these fraudulent interviews, the developers are often asked

Severe Flaws Disclosed in Brocade SANnav SAN Management Software

Several security vulnerabilities disclosed in Brocade SANnav storage area network (SAN) management application could be exploited to compromise susceptible appliances. The 18 flaws impact all versions up to and including 2.3.0, according to independent security researcher Pierre Barre, who discovered and reported them. The issues range from incorrect firewall rules,