CERTFR-2024-ACT-012 : Bulletin d’actualité CERTFR-2024-ACT-012 (11 mars 2024)
Ce bulletin d’actualité du CERT-FR revient sur les vulnérabilités significatives de la semaine passée pour souligner leurs criticités. Il ne remplace pas …
Data Leakage Prevention in the Age of Cloud Computing: A New Approach
As the shift of IT infrastructure to cloud-based solutions celebrates its 10-year anniversary, it becomes clear that traditional on-premises approaches to data security are becoming obsolete. Rather than protecting the endpoint, DLP solutions need to refocus their efforts to where corporate data resides – in the browser. A new guide by LayerX titled « On-Prem is […]
BianLian Threat Actors Exploiting JetBrains TeamCity Flaws in Ransomware Attacks
The threat actors behind the BianLian ransomware have been observed exploiting security flaws in JetBrains TeamCity software to conduct their extortion-only attacks. According to a new report from GuidePoint Security, which responded to a recent intrusion, the incident « began with the exploitation of a TeamCity server which resulted in the deployment of a PowerShell implementation of
Proof-of-Concept Exploit Released for Progress Software OpenEdge Vulnerability
Technical specifics and a proof-of-concept (PoC) exploit have been made available for a recently disclosed critical security flaw in Progress Software OpenEdge Authentication Gateway and AdminServer, which could be potentially exploited to bypass authentication protections. Tracked as CVE-2024-1403, the vulnerability has a maximum severity rating of 10.0 on the CVSS scoring system. It
Magnet Goblin Hacker Group Leveraging 1-Day Exploits to Deploy Nerbian RAT
A financially motivated threat actor called Magnet Goblin is swiftly adopting one-day security vulnerabilities into its arsenal in order to opportunistically breach edge devices and public-facing services and deploy malware on compromised hosts. “Threat actor group Magnet Goblin’s hallmark is its ability to swiftly leverage newly disclosed vulnerabilities, particularly targeting
Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets
Microsoft on Friday revealed that the Kremlin-backed threat actor known as Midnight Blizzard (aka APT29 or Cozy Bear) managed to gain access to some of its source code repositories and internal systems following a hack that came to light in January 2024. « In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our
Cyber Solidarity Act : 5 questions sur la « réserve de cybersécurité »
Budget, périmètre, fournisseurs, bénéficiaires… Comment se présente la « réserve de cybersécurité » qu’instaure le Cyber Solidarity Act ?
Meta Details WhatsApp and Messenger Interoperability to Comply with EU’s DMA Regulations
Meta has offered details on how it intends to implement interoperability in WhatsApp and Messenger with third-party messaging services as the Digital Markets Act (DMA) went into effect in the European Union. “This allows users of third-party providers who choose to enable interoperability (interop) to send and receive messages with opted-in users of either Messenger […]
Secrets Sensei: Conquering Secrets Management Challenges
In the realm of cybersecurity, the stakes are sky-high, and at its core lies secrets management — the foundational pillar upon which your security infrastructure rests. We’re all familiar with the routine: safeguarding those API keys, connection strings, and certificates is non-negotiable. However, let’s dispense with the pleasantries; this isn’t a simple ‘set it and […]
Ransomwares et NIS2: renforcez votre résilience et votre conformité
Assistez au webinaire 21 Mars à 11h 00esur la cybersécurité et la gestion de crise. Au programme, nous explorerons les obligations liées au NIS 2, découvrirons comment Bitdefender peut vous aider à vous protéger et à réagir efficacement, et plongerons dans l’univers de Veeam pour automatiser vos sauvegardes. Restez avec nous pour une démo