Apple Issues Patch for Critical Zero-Day in iPhones, Macs – Update Now
Apple on Monday released security updates for iOS, iPadOS, macOS, tvOS, and Safari web browser to address a zero-day flaw that has come under active exploitation in the wild. The issue, tracked as CVE-2024-23222, is a type confusion bug that could be exploited by a threat actor to achieve arbitrary code execution when processing maliciously […]
North Korean Hackers Weaponize Fake Research to Deliver RokRAT Backdoor
Media organizations and high-profile experts in North Korean affairs have been at the receiving end of a new campaign orchestrated by a threat actor known as ScarCruft in December 2023. « ScarCruft has been experimenting with new infection chains, including the use of a technical threat research report as a decoy, likely targeting consumers of threat intelligence like […]
MavenGate Attack Could Let Hackers Hijack Java and Android via Abandoned Libraries
Several public and popular libraries abandoned but still used in Java and Android applications have been found susceptible to a new software supply chain attack method called MavenGate. « Access to projects can be hijacked through domain name purchases and since most default build configurations are vulnerable, it would be difficult or even impossible to know […]
L’ONU désigne le stablecoin USDT comme principal outil de blanchiment d’argent en Asie
L’ONU pointe du doigt un « système bancaire parallèle » pour les criminels avec l’utilisation du stablecoin USDT Tether.
CERTFR-2024-ACT-005 : Bulletin d’actualité CERTFR-2024-ACT-005 (22 janvier 2024)
Ce bulletin d’actualité du CERT-FR revient sur les vulnérabilités significatives de la semaine passée pour souligner leurs criticités. Il ne remplace pas …
NS-STEALER Uses Discord Bots to Exfiltrate Your Secrets from Popular Browsers
Cybersecurity researchers have discovered a new Java-based « sophisticated » information stealer that uses a Discord bot to exfiltrate sensitive data from compromised hosts. The malware, named NS-STEALER, is propagated via ZIP archives masquerading as cracked software, Trellix security researcher Gurumoorthi Ramanathan said in an analysis published last week. The ZIP file contains
La méthode security.txt s’imposera-t-elle en 2024 ?
Promue RFC en 2022, la méthode security.txt viseà standardiser la communication de contacts pour les chercheurs en sécurité.
Cybersécurité : Microsoft dénonce une attaque pilotée par l’Etat russe
Agissant sous le nom de « Midnight Blizzard », le groupe de hackers russe a lancé une attaque par pulvérisation de mot de passe contre les comptes de cadres de Microsoft.
FTC Bans InMarket for Selling Precise User Location Without Consent
The U.S. Federal Trade Commission (FTC) is continuing to clamp down on data brokers by prohibiting InMarket Media from selling or licensing precise location data. The settlement is part of allegations that the Texas-based company did not inform or seek consent from consumers before using their location information for advertising and marketing purposes. « InMarket will […]
Apache ActiveMQ Flaw Exploited in New Godzilla Web Shell Attacks
Cybersecurity researchers are warning of a « notable increase » in threat actor activity actively exploiting a now-patched flaw in Apache ActiveMQ to deliver the Godzilla web shell on compromised hosts. « The web shells are concealed within an unknown binary format and are designed to evade security and signature-based scanners, » Trustwave said. « Notably, despite the binary’s unknown file