Experts Detail Multi-Million Dollar Licensing Model of Predator Spyware
A new analysis of the sophisticated commercial spyware called Predator has revealed that its ability to persist between reboots is offered as an « add-on feature » and that it depends on the licensing options opted by a customer. « In 2021, Predator spyware couldn’t survive a reboot on the infected Android system (it had it on iOS), » […]
Cost of a Data Breach Report 2023: Insights, Mitigators and Best Practices
John Hanley of IBM Security shares 4 key findings from the highly acclaimed annual Cost of a Data Breach Report 2023 What is the IBM Cost of a Data Breach Report? The IBM Cost of a Data Breach Report is an annual report that provides organizations with quantifiable information about the financial impacts of breaches. […]
New JavaScript Malware Targeted 50,000+ Users at Dozens of Banks Worldwide
A new piece of JavaScript malware has been observed attempting to steal users’ online banking account credentials as part of a campaign that has targeted more than 40 financial institutions across the world. The activity cluster, which employs JavaScript web injections, is estimated to have led to at least 50,000 infected user sessions spanning North […]
German Authorities Dismantle Dark Web Hub ‘Kingdom Market’ in Global Operation
German law enforcement has announced the disruption of a dark web platform called Kingdom Market that specialized in the sales of narcotics and malware to « tens of thousands of users. » The exercise, which involved collaboration from authorities from the U.S., Switzerland, Moldova, and Ukraine, began on December 16, 2023, the Federal Criminal Police Office (BKA) said. Kingdom
Crypto-monnaies : compromission du kit Ledger Connect
Des pirates s’invitent dans un outil Ledger et affiche, une fois de plus les limites du SBOM dans la protection de la chaine d’approvisionnement.
Hackers Exploiting Old MS Excel Vulnerability to Spread Agent Tesla Malware
Attackers are weaponizing an old Microsoft Office vulnerability as part of phishing campaigns to distribute a strain of malware called Agent Tesla. The infection chains leverage decoy Excel documents attached in invoice-themed messages to trick potential targets into opening them and activate the exploitation of CVE-2017-11882 (CVSS score: 7.8), a memory corruption vulnerability in Office’s
Urgent: New Chrome Zero-Day Vulnerability Exploited in the Wild – Update ASAP
Google has rolled out security updates for the Chrome web browser to address a high-severity zero-day flaw that it said has been exploited in the wild. The vulnerability, assigned the CVE identifier CVE-2023-7024, has been described as a heap-based buffer overflow bug in the WebRTC framework that could be exploited to result in program crashes or arbitrary code […]
Remote Encryption Attacks Surge: How One Vulnerable Device Can Spell Disaster
Ransomware groups are increasingly switching to remote encryption in their attacks, marking a new escalation in tactics adopted by financially motivated actors to ensure the success of their campaigns. « Companies can have thousands of computers connected to their network, and with remote ransomware, all it takes is one underprotected device to compromise the entire network, » […]
Social engineering et réseaux sociaux : comment sensibiliser les collaborateurs ?
Protéger nos organisations des cyberattaques sur les réseaux sociaux nécessite une sensibilisation et une vigilance de tous les collaborateurs.
Alert: Chinese-Speaking Hackers Pose as UAE Authority in Latest Smishing Wave
The Chinese-speaking threat actors behind Smishing Triad have been observed masquerading as the United Arab Emirates Federal Authority for Identity and Citizenship to send malicious SMS messages with the ultimate goal of gathering sensitive information from residents and foreigners in the country. « These criminals send malicious links to their victims’ mobile devices through SMS or