D-Link Confirms Data Breach: Employee Falls Victim to Phishing Attack
Taiwanese networking equipment manufacturer D-Link has confirmed a data breach that led to the exposure of what it said is « low-sensitivity and semi-public information. » « The data was confirmed not from the cloud but likely originated from an old D-View 6 system, which reached its end of life as early as 2015, » the company said. « The data […]
Discord: A Playground for Nation-State Hackers Targeting Critical Infrastructure
In what’s the latest evolution of threat actors abusing legitimate infrastructure for nefarious ends, new findings show that nation-state hacking groups have entered the fray in leveraging the social platform for targeting critical infrastructure. Discord, in recent years, has become a lucrative target, acting as a fertile ground for hosting malware using its content delivery network (CDN) […]
Critical Vulnerabilities Uncovered in Open Source CasaOS Cloud Software
Two critical security flaws discovered in the open-source CasaOS personal cloud software could be successfully exploited by attackers to achieve arbitrary code execution and take over susceptible systems. The vulnerabilities, tracked as CVE-2023-37265 and CVE-2023-37266, both carry a CVSS score of 9.8 out of a maximum of 10. Sonar security researcher Thomas Chauchefoin, who discovered the bugs,
Informatique quantique ou IA, d’où viendra la menace ?
Quels risques induisent l’informatique quantique et les systèmes d’IA. Éric Brier (S3NS/Thales) a donné son point de vue lors des Assises de la cybersécurité.
Webinar: Locking Down Financial and Accounting Data — Best Data Security Strategies
Financial data is much more than just a collection of numbers; it is a crucial component of any business and a prime target for cybercriminals. It’s important to understand that financial records can be a veritable treasure trove for digital pirates. A security breach not only puts customers’ personal information in jeopardy but also enables […]
Exploring the Realm of Malicious Generative AI: A New Digital Security Challenge
Recently, the cybersecurity landscape has been confronted with a daunting new reality – the rise of malicious Generative AI, like FraudGPT and WormGPT. These rogue creations, lurking in the dark corners of the internet, pose a distinctive threat to the world of digital security. In this article, we will look at the nature of Generative […]
Experts Warn of Severe Flaws Affecting Milesight Routers and Titan SFTP Servers
A severity flaw impacting industrial cellular routers from Milesight may have been actively exploited in real-world attacks, new findings from VulnCheck reveal. Tracked as CVE-2023-43261 (CVSS score: 7.5), the vulnerability has been described as a case of information disclosure that affects UR5X, UR32L, UR32, UR35, and UR41 routers before version 35.3.0.7 that could enable attackers to access
Gestion du risque cyber : une question de méthodes
Si l’adoption de EBIOS RM semble s’être imposée en France, d’autres méthodes de gestion du risque cyber sont aussi présentes sur un secteur où l’innovation est forte. Regards croisés de Neverhack Consulting, ServiceNow, Egerie et All4Tech.
Gestion du risque cyber : pourquoi il faut outiller
Impossible d’assurer sa cybersécurité, mais aussi sa conformité sans une solution de gestion de risque solide. La réglementation évoluant, ces plateformes de gestion du risque cyber vont devenir indispensables pour un nombre croissant d’entreprises.
Les axes d’amélioration des solutions MFA et SSO
Comment vont – ou devraient – évoluer les solutions MFA et/ou SSO ainsi que les applications compatibles ? CISA et NSA ont leur point de vue.