Lancement de Locknest : le premier gestionnaire de mots de passe physique et français
Sans dépendance au Cloud, Locknest propose de reprendre le contrôle sur ses données avec une clé physique.
Les entreprises ont du mal à identifier et à gérer les risques liés à la cybersécurité de leurs API
De nouvelles statistiques révèlent que si les API sont à l’origine de la majorité du trafic Internet, ces dernières demeurent en grande partie non sécurisées.
Feds Warn of AndroxGh0st Botnet Targeting AWS, Azure, and Office 365 Credentials
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warned that threat actors deploying the AndroxGh0st malware are creating a botnet for « victim identification and exploitation in target networks. » A Python-based malware, AndroxGh0st was first documented by Lacework in December 2022, with the malware
Webinar: The Art of Privilege Escalation – How Hackers Become Admins
In the digital age, the battleground for security professionals is not only evolving, it’s expanding at an alarming rate. The upcoming webinar, « The Art of Privilege Escalation – How Hackers Become Admins, » offers an unmissable opportunity for IT security experts to stay ahead in this relentless cyber war. Privilege escalation – the term might sound […]
New iShutdown Method Exposes Hidden Spyware Like Pegasus on Your iPhone
Cybersecurity researchers have identified a « lightweight method » called iShutdown for reliably identifying signs of spyware on Apple iOS devices, including notorious threats like NSO Group’s Pegasus, QuaDream’s Reign, and Intellexa’s Predator. Kaspersky, which analyzed a set of iPhones that were compromised with Pegasus, said the infections left traces in a file
GitHub Rotates Keys After High-Severity Vulnerability Exposes Credentials
GitHub has revealed that it has rotated some keys in response to a security vulnerability that could be potentially exploited to gain access to credentials within a production container. The Microsoft-owned subsidiary said it was made aware of the problem on December 26, 2023, and that it addressed the issue the same day, in addition […]
Citrix, VMware, and Atlassian Hit with Critical Flaws — Patch ASAP!
Citrix is warning of two zero-day security vulnerabilities in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) that are being actively exploited in the wild. The flaws are listed below – CVE-2023-6548 (CVSS score: 5.5) – Authenticated (low privileged) remote code execution on Management Interface (requires access to NSIP, CLIP, or SNIP […]
Zero-Day Alert: Update Chrome Now to Fix New Actively Exploited Vulnerability
Google on Tuesday released updates to fix four security issues in its Chrome browser, including an actively exploited zero-day flaw. The issue, tracked as CVE-2024-0519, concerns an out-of-bounds memory access in the V8 JavaScript and WebAssembly engine, which can be weaponized by threat actors to trigger a crash. « By reading out-of-bounds memory, an attacker might […]
Protection des terminaux : on-prem et legacy deviennent vraiment l’exception
La Magic Quadrant des plates-formes de protection des terminaux (EPP) illustre la difficulté à trouver chaussure à son pied quand on souhaite sécuriser des infrastructures héritées et/ou déployer sur site.
Alert: Over 178,000 SonicWall Firewalls Potentially Vulnerable to Exploits – Act Now
Over 178,000 SonicWall firewalls exposed over the internet are exploitable to at least one of the two security flaws that could be potentially exploited to cause a denial-of-service (DoS) condition and remote code execution (RCE). “The two issues are fundamentally the same but exploitable at different HTTP URI paths due to reuse of a vulnerable […]