The Hidden Dangers of Public Wi-Fi
Public Wi-Fi, which has long since become the norm, poses threats to not only individual users but also businesses. With the rise of remote work, people can now work from virtually anywhere: a cafe close to home, a hotel in a different city, or even while waiting for a plane at the airport. Next, let’s […]
New « Whiffy Recon » Malware Triangulates Infected Device Location via Wi-Fi Every Minute
The SmokeLoader malware is being used to deliver a new Wi-Fi scanning malware strain called Whiffy Recon on compromised Windows machines. « The new malware strain has only one operation. Every 60 seconds it triangulates the infected systems’ positions by scanning nearby Wi-Fi access points as a data point for Google’s geolocation API, » Secureworks Counter Threat Unit (CTU) said in […]
WinRAR Security Flaw Exploited in Zero-Day Attacks to Target Traders
A recently patched security flaw in the popular WinRAR archiving software has been exploited as a zero-day since April 2023, new findings from Group-IB reveal. The vulnerability, cataloged as CVE-2023-38831, allows threat actors to spoof file extensions, thereby making it possible to launch malicious scripts contained within an archive that masquerades as seemingly innocuous image or […]
Thousands of Unpatched Openfire XMPP Servers Still Exposed to High-Severity Flaw
Thousands of Openfire XMPP servers are unpatched against a recently disclosed high-severity flaw and are susceptible to a new exploit, according to a new report from VulnCheck. Tracked as CVE-2023-32315 (CVSS score: 7.5), the vulnerability relates to a path traversal vulnerability in Openfire’s administrative console that could permit an unauthenticated attacker to access otherwise restricted
SASE : peut-on faire avec un seul fournisseur ?
Vers qui se tourner pour une offre SASE monofournisseur ? Gartner liste huit offreurs dans son Magic Quadrant.
Cyberattaque : la Seine-et-Marne en porte encore des stigmates
Le Département de Seine-et-Marne ressent encore des effets de la cyberattaque qu’il a subie en novembre 2022.
Anatomie d’une police de cyberassurance
Il existe deux principaux types de police de cybersassurance : la couverture de première partie et la couverture de tiers.
Trouver l’équilibre entre cybersécurité et réduction de l’impact environnemental
Le maître-mot de ces derniers mois, la sobriété énergétique. Les processus de transformation numérique engagés par l’ensemble des organisations ainsi que l’arrivée de l’IoT ont profondément rebattu les cartes de la notion même de responsabilité environnementale en entreprise.
Meta Set to Enable Default End-to-End Encryption on Messenger by Year End
Meta has once again reaffirmed its plans to roll out support for end-to-end encryption (E2EE) by default for one-to-one friends and family chats on Messenger by the end of the year. As part of that effort, the social media giant said it’s upgrading « millions more people’s chats » effective August 22, 2023, exactly seven months after […]
Agile Approach to Mass Cloud Credential Harvesting and Crypto Mining Sprints Ahead
Developers are not the only people who have adopted the agile methodology for their development processes. From 2023-06-15 to 2023-07-11, Permiso Security’s p0 Labs team identified and tracked an attacker developing and deploying eight (8) incremental iterations of their credential harvesting malware while continuing to develop infrastructure for an upcoming (spoiler: now launched) campaign