Transparent Tribe Uses Fake YouTube Android Apps to Spread CapraRAT Malware
The suspected Pakistan-linked threat actor known as Transparent Tribe is using malicious Android apps mimicking YouTube to distribute the CapraRAT mobile remote access trojan (RAT), demonstrating the continued evolution of the activity. « CapraRAT is a highly invasive tool that gives the attacker control over much of the data on the Android devices that it infects, » SentinelOne security
Microsoft AI Researchers Accidentally Expose 38 Terabytes of Confidential Data
Microsoft on Monday said it took steps to correct a glaring security gaffe that led to the exposure of 38 terabytes of private data. The leak was discovered on the company’s AI GitHub repository and is said to have been inadvertently made public when publishing a bucket of open-source training data, Wiz said. It also […]
CERTFR-2023-ACT-040 : Bulletin d’actualité CERTFR-2023-ACT-040 (18 septembre 2023)
Ce bulletin d’actualité du CERT-FR revient sur les vulnérabilités significatives de la semaine passée pour souligner leurs criticités. Il ne remplace pas …
Hook: New Android Banking Trojan That Expands on ERMAC’s Legacy
A new analysis of the Android banking trojan known as Hook has revealed that it’s based on its predecessor called ERMAC. « The ERMAC source code was used as a base for Hook, » NCC Group security researchers Joshua Kamp and Alberto Segura said in a technical analysis published last week. « All commands (30 in total) that the malware […]
New AMBERSQUID Cryptojacking Operation Targets Uncommon AWS Services
A novel cloud-native cryptojacking operation has set its eyes on uncommon Amazon Web Services (AWS) offerings such as AWS Amplify, AWS Fargate, and Amazon SageMaker to illicitly mine cryptocurrency. The malicious cyber activity has been codenamed AMBERSQUID by cloud and container security firm Sysdig. « The AMBERSQUID operation was able to exploit cloud services without triggering the AWS
Think Your MFA and PAM Solutions Protect You? Think Again
When you roll out a security product, you assume it will fulfill its purpose. Unfortunately, however, this often turns out not to be the case. A new report, produced by Osterman Research and commissioned by Silverfort, reveals that MFA (Multi-Factor Authentication) and PAM (Privileged Access Management) solutions are almost never deployed comprehensively enough to provide […]
Le risque cyber gagne du terrain dans l’industrie du tourisme
Pourquoi ces industries autrefois épargnées sont-elles devenues les proies privilégiées ? Comment renforcer la sécurité en s’adaptant aux nouvelles techniques de phishings sophistiquées ? Par ailleurs,
Le synchronisation cloud des codes MFA pointée du doigt
La synchronisation des codes MFA sur Google Authenticator a facilité une attaque contre un éditeur… qui le fait savoir.
Retool Falls Victim to SMS-Based Phishing Attack Affecting 27 Cloud Clients
Software development company Retool has disclosed that the accounts of 27 of its cloud customers were compromised following a targeted and SMS-based social engineering attack. The San Francisco-based firm blamed a Google Account cloud synchronization feature recently introduced in April 2023 for making the breach worse, calling it a « dark pattern. » « The fact that Google Authenticator syncs […]
Financially Motivated UNC3944 Threat Actor Shifts Focus to Ransomware Attacks
The financially motivated threat actor known as UNC3944 is pivoting to ransomware deployment as part of an expansion to its monetization strategies, Mandiant has revealed. « UNC3944 has demonstrated a stronger focus on stealing large amounts of sensitive data for extortion purposes and they appear to understand Western business practices, possibly due to the geographical composition of the […]