From Alert to Action: How to Speed Up Your SOC Investigations
Processing alerts quickly and efficiently is the cornerstone of a Security Operations Center (SOC) professional’s role. Threat intelligence platforms can significantly enhance their ability to do so. Let’s find out what these platforms are and how they can empower analysts. The Challenge: Alert Overload The modern SOC faces a relentless barrage of security alerts generated […]
Five Eyes Agencies Expose APT29’s Evolving Cloud Attack Tactics
Cybersecurity and intelligence agencies from the Five Eyes nations have released a joint advisory detailing the evolving tactics of the Russian state-sponsored threat actor known as APT29. The hacking outfit, also known as BlueBravo, Cloaked Ursa, Cozy Bear, Midnight Blizzard (formerly Nobelium), and The Dukes, is assessed to be affiliated with the Foreign Intelligence Service (SVR) […]
WordPress Plugin Alert – Critical SQLi Vulnerability Threatens 200K+ Websites
A critical security flaw has been disclosed in a popular WordPress plugin called Ultimate Member that has more than 200,000 active installations. The vulnerability, tracked as CVE-2024-1071, carries a CVSS score of 9.8 out of a maximum of 10. Security researcher Christiaan Swiers has been credited with discovering and reporting the flaw. In an advisory published last […]
CERTFR-2024-ACT-010 : Bulletin d’actualité CERTFR-2024-ACT-010 (26 février 2024)
Ce bulletin d’actualité du CERT-FR revient sur les vulnérabilités significatives de la semaine passée pour souligner leurs criticités. Il ne remplace pas …
New IDAT Loader Attacks Using Steganography to Deploy Remcos RAT
Ukrainian entities based in Finland have been targeted as part of a malicious campaign distributing a commercial remote access trojan known as Remcos RAT using a malware loader called IDAT Loader. The attack has been attributed to a threat actor tracked by the Computer Emergency Response Team of Ukraine (CERT-UA) under the moniker UAC-0184. « The […]
New Space et cybersécurité : Houston, nous avons un problème
La cybersécurité est un canal d’exploitation des intentions bienveillantes autant que malveillantes qui alimentent des stratégies géopolitiques, auxquelles s’ajoutent désormais des stratégies que l’on pourrait nommer “géocommerciales”, purement terrestres.
8,000+ Subdomains of Trusted Brands Hijacked for Massive Spam Operation
More than 8,000 subdomains belonging to legitimate brands and institutions have been hijacked as part of a sophisticated distribution architecture for spam proliferation and click monetization. Guardio Labs is tracking the coordinated malicious activity, which has been ongoing since at least September 2022, under the name SubdoMailing. The emails range from « counterfeit package delivery alerts
North Korean Hackers Targeting Developers with Malicious npm Packages
A set of fake npm packages discovered on the Node.js repository has been found to share ties with North Korean state-sponsored actors, new findings from Phylum show. The packages are named execution-time-async, data-time-utils, login-time-utils, mongodb-connection-utils, and mongodb-execution-utils. One of the packages in question, execution-time-async, masquerades as its legitimate
Three Tips to Protect Your Secrets from AI Accidents
Last year, the Open Worldwide Application Security Project (OWASP) published multiple versions of the « OWASP Top 10 For Large Language Models, » reaching a 1.0 document in August and a 1.1 document in October. These documents not only demonstrate the rapidly evolving nature of Large Language Models, but the evolving ways in which they can be […]
Banking Trojans Target Latin America and Europe Through Google Cloud Run
Cybersecurity researchers are warning about a spike in email phishing campaigns that are weaponizing the Google Cloud Run service to deliver various banking trojans such as Astaroth (aka Guildma), Mekotio, and Ousaban (aka Javali) to targets across Latin America (LATAM) and Europe. « The infection chains associated with these malware families feature the use of malicious