CERTFR-2024-ACT-018 : Bulletin d’actualité CERTFR-2024-ACT-018 (22 avril 2024)
Ce bulletin d’actualité du CERT-FR revient sur les vulnérabilités significatives de la semaine passée pour souligner leurs criticités. Il ne remplace pas …
Programme de transfert au Campus Cyber : point d’étape après un an
Le 31 mars 2023, le PTCC (Programme de transfert au Campus Cyber) était officiellement lancé. Quels projets a-t-il pris sous son aile ?
MITRE Corporation Breached by Nation-State Hackers Exploiting Ivanti Flaws
The MITRE Corporation revealed that it was the target of a nation-state cyber attack that exploited two zero-day flaws in Ivanti Connect Secure appliances starting in January 2024. The intrusion led to the compromise of its Networked Experimentation, Research, and Virtualization Environment (NERVE), an unclassified research and prototyping network. The unknown adversary « performed reconnaissance
Ransomware Double-Dip: Re-Victimization in Cyber Extortion
Between crossovers – Do threat actors play dirty or desperate? In our dataset of over 11,000 victim organizations that have experienced a Cyber Extortion / Ransomware attack, we noticed that some victims re-occur. Consequently, the question arises why we observe a re-victimization and whether or not this is an actual second attack, an affiliate crossover […]
Researchers Uncover Windows Flaws Granting Hackers Rootkit-Like Powers
New research has found that the DOS-to-NT path conversion process could be exploited by threat actors to achieve rootkit-like capabilities to conceal and impersonate files, directories, and processes. « When a user executes a function that has a path argument in Windows, the DOS path at which the file or folder exists is converted to an […]
À trois mois des JO 2024, le rappel cyber de l’ANSSI
Comme avant la Coupe du monde de rugby, l’ANSSI dresse un état des lieux de la menace cyber, avec cette fois-ci les JO 2024 en point de mire.
Microsoft Warns: North Korean Hackers Turn to AI-Fueled Cyber Espionage
Microsoft has revealed that North Korea-linked state-sponsored cyber actors has begun to use artificial intelligence (AI) to make its operations more effective and efficient. « They are learning to use tools powered by AI large language models (LLM) to make their operations more efficient and effective, » the tech giant said in its latest report on East Asia hacking […]
New RedLine Stealer Variant Disguised as Game Cheats Using Lua Bytecode for Stealth
A new information stealer has been found leveraging Lua bytecode for added stealth and sophistication, findings from McAfee Labs reveal. The cybersecurity firm has assessed it to be a variant of a known malware called RedLine Stealer owing to the fact that the command-and-control (C2) server IP address has been previously identified as associated with the malware. […]
Critical Update: CrushFTP Zero-Day Flaw Exploited in Targeted Attacks
Users of the CrushFTP enterprise file transfer software are being urged to update to the latest version following the discovery of a security flaw that has come under targeted exploitation in the wild. « CrushFTP v11 versions below 11.1 have a vulnerability where users can escape their VFS and download system files, » CrushFTP said in an advisory released Friday.
Palo Alto Networks Discloses More Details on Critical PAN-OS Flaw Under Attack
Palo Alto Networks has shared more details of a critical security flaw impacting PAN-OS that has come under active exploitation in the wild by malicious actors. The company described the vulnerability, tracked as CVE-2024-3400 (CVSS score: 10.0), as « intricate » and a combination of two bugs in versions PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 of the software. « In