How Hackers Phish for Your Users’ Credentials and Sell Them
Account credentials, a popular initial access vector, have become a valuable commodity in cybercrime. As a result, a single set of stolen credentials can put your organization’s entire network at risk. According to the 2023 Verizon Data Breach Investigation Report, external parties were responsible for 83 percent of breaches that occurred between November 2021 and October 2022. Forty-nine
Key Cybercriminals Behind Notorious Ransomware Families Arrested in Ukraine
A coordinated law enforcement operation has led to the arrest of key individuals in Ukraine who are alleged to be a part of several ransomware schemes. « On 21 November, 30 properties were searched in the regions of Kyiv, Cherkasy, Rivne, and Vinnytsia, resulting in the arrest of the 32-year-old ringleader, » Europol said in a statement today. « Four […]
Hackers Can Exploit ‘Forced Authentication’ to Steal Windows NTLM Tokens
Cybersecurity researchers have discovered a case of « forced authentication » that could be exploited to leak a Windows user’s NT LAN Manager (NTLM) tokens by tricking a victim into opening a specially crafted Microsoft Access file. The attack takes advantage of a legitimate feature in the database management system solution that allows users to link to external […]
N. Korean Hackers ‘Mixing’ macOS Malware Tactics to Evade Detection
The North Korean threat actors behind macOS malware strains such as RustBucket and KANDYKORN have been observed « mixing and matching » different elements of the two disparate attack chains, leveraging RustBucket droppers to deliver KANDYKORN. The findings come from cybersecurity firm SentinelOne, which also tied a third macOS-specific malware called ObjCShellz to the RustBucket campaign.
How to Handle Retail SaaS Security on Cyber Monday
If forecasters are right, over the course of today, consumers will spend $13.7 billion. Just about every click, sale, and engagement will be captured by a CRM platform. Inventory applications will trigger automated re-orders; communication tools will send automated email and text messages confirming sales and sharing shipping information. SaaS applications supporting retail efforts will host
LE PARLEMENT EUROPÉEN CRITIQUE L’INACTION SUR LES LOGICIELS ESPIONS
Dans une résolution adoptée majoritairement (424 voix pour, 108 contre, et 23 abstentions), les législateurs ont ouvertement critiqué la Commission européenne pour son manque d’action contre les abus liés aux logiciels espions. Cette démarche intervient dans un contexte de plus en plus inquiet concernant la surveillance numérique au sein de l’Union Européenne (UE).
Experts Uncover Passive Method to Extract Private RSA Keys from SSH Connections
A new study has demonstrated that it’s possible for passive network attackers to obtain private RSA host keys from a vulnerable SSH server by observing when naturally occurring computational faults that occur while the connection is being established. The Secure Shell (SSH) protocol is a method for securely transmitting commands and logging in to a […]
L’AUSTRALIE REVISE SA STRATÉGIE CYBERSÉCURITÉ SANS INTERDIRE LES PAIEMENTS DE RANÇONS
Le gouvernement australien a choisi de ne pas interdire les paiements de rançon dans le cadre de sa nouvelle stratégie nationale de cybersécurité, contrairement à ce qui avait été initialement envisagé.
L’Identité Machine : une clé pour combler la faille de responsabilité dans la loi sur l’IA de l’UE ?
En résumé, la dernière version de la loi sur l’IA de l’UE fragilise la surveillance réglementaire et la responsabilité des développeurs, elle ébranle également la confiance et la sécurité en exposant les utilisateurs à des risques.
APPLE AVERTIT LES ARMÉNIENS DE TENTATIVES DE PIRATAGE SOUTENUES PAR L’ÉTAT
Récemment, Apple a envoyé des alertes à ses clients en Arménie, les informant que leurs téléphones sont ciblés par des pirates informatiques soutenus par un État.