Actualités – Page 239 – Guillaume BEAUPELLET

U.S. Treasury Sanctions North Korean Kimsuky Hackers and 8 Foreign Agents

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) on Thursday sanctioned the North Korea-linked adversarial collective known as Kimsuky as well as eight foreign-based agents who are alleged to have facilitated sanctions evasion. The agents, the Treasury said, helped in « revenue generation and missile-related technology procurement that support the DPRK’s

Zyxel Releases Patches to Fix 15 Flaws in NAS, Firewall, and AP Devices

Zyxel has released patches to address 15 security issues impacting network-attached storage (NAS), firewall, and access point (AP) devices, including three critical flaws that could lead to authentication bypass and command injection. The three vulnerabilities are listed below – CVE-2023-35138 (CVSS score: 9.8) – A command injection vulnerability that could allow an

Zero-Day Alert: Apple Rolls Out iOS, macOS, and Safari Patches for 2 Actively Exploited Flaws

Apple has released software updates for iOS, iPadOS, macOS, and Safari web browser to address two security flaws that it said have come under active exploitation in the wild on older versions of its software. The vulnerabilities, both of which reside in the WebKit web browser engine, are described below – CVE-2023-42916 – An out-of-bounds read issue that […]

Google Unveils RETVec – Gmail’s New Defense Against Spam and Malicious Emails

Google has revealed a new multilingual text vectorizer called RETVec (short for Resilient and Efficient Text Vectorizer) to help detect potentially harmful content such as spam and malicious emails in Gmail. « RETVec is trained to be resilient against character-level manipulations including insertion, deletion, typos, homoglyphs, LEET substitution, and more, » according to the project’s

This Free Solution Provides Essential Third-Party Risk Management for SaaS

Wing Security recently announced that basic third-party risk assessment is now available as a free product. But it raises the questions of how SaaS is connected to third-party risk management (TPRM) and what companies should do to ensure a proper SaaS-TPRM process is in place. In this article we will share 5 tips to manage the […]

7 Uses for Generative AI to Enhance Security Operations

Welcome to a world where Generative AI revolutionizes the field of cybersecurity. Generative AI refers to the use of artificial intelligence (AI) techniques to generate or create new data, such as images, text, or sounds. It has gained significant attention in recent years due to its ability to generate realistic and diverse outputs. When it […]

CACTUS Ransomware Exploits Qlik Sense Vulnerabilities in Targeted Attacks

A CACTUS ransomware campaign has been observed exploiting recently disclosed security flaws in a cloud analytics and business intelligence platform called Qlik Sense to obtain a foothold into targeted environments. « This campaign marks the first documented instance […] where threat actors deploying CACTUS ransomware have exploited vulnerabilities in Qlik Sense for initial access, » Arctic Wolf

U.S. Treasury Sanctions Sinbad Cryptocurrency Mixer Used by North Korean Hackers

The U.S. Treasury Department on Wednesday imposed sanctions against Sinbad, a virtual currency mixer that has been put to use by the North Korea-linked Lazarus Group to launder ill-gotten proceeds. « Sinbad has processed millions of dollars’ worth of virtual currency from Lazarus Group heists, including the Horizon Bridge and Axie Infinity heists, » the department said. « Sinbad is also […]

Iranian Hackers Exploit PLCs in Attack on Water Authority in U.S.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) revealed that it’s responding to a cyber attack that involved the active exploitation of Unitronics programmable logic controllers (PLCs) to target the Municipal Water Authority of Aliquippa in western Pennsylvania. The attack has been attributed to an Iranian-backed hacktivist collective known as Cyber Av3ngers. « Cyber threat

200+ Malicious Android Apps Targeting Iranian Banks: Experts Warn

An Android malware campaign targeting Iranian banks has expanded its capabilities and incorporated additional evasion tactics to fly under the radar. That’s according to a new report from Zimperium, which discovered more than 200 malicious apps associated with the malicious operation, with the threat actor also observed carrying out phishing attacks against the targeted financial […]