FSB Uses Trojan App to Monitor Russian Programmer Accused of Supporting Ukraine
A Russian programmer accused of donating money to Ukraine had his Android device secretly implanted with spyware by the Federal Security Service (FSB) after he was detained earlier this year. The findings come as part of a collaborative investigation by First Department and the University of Toronto’s Citizen Lab. « The spyware placed on his device […]
Conquering the Complexities of Modern BCDR
The modern business landscape is thrilling yet daunting. Rapidly evolving technology, persistent cyberthreats and escalating operational complexities make data protection and seamless business continuity challenging for businesses of all sizes. Your organization needs robust security measures that go beyond traditional backup solutions to address the intricacies of today’s complex IT ecosystems.
Researchers Uncover Flaws in Popular Open-Source Machine Learning Frameworks
Cybersecurity researchers have disclosed multiple security flaws impacting open-source machine learning (ML) tools and frameworks such as MLflow, H2O, PyTorch, and MLeap that could pave the way for code execution. The vulnerabilities, discovered by JFrog, are part of a broader collection of 22 security shortcomings the supply chain security company first disclosed last month. Unlike […]
Les RSSI s’inquiêtent face aux risques cyber liés aux fournisseurs
L’étude » Le risque cyber lié aux fournisseurs » produite par le Cesin et Board of Cyber pointe l’inquiétude des RSSI renforcée par l’application des règlementations NIS2 et DORA.
Les opérateurs téléphoniques refusent de fournir des données de sécurité à l’armée américaine
Les opérateurs téléphoniques américains refusent de partager avec le Pentagone les résultats de tests de sécurité, invoquant le secret professionnel.
2025 : IA et ingénierie sociale aux mains des hackers ?
Alors que 2024 s’achève, voici les prédictions de Data Security Breach pour 2025, une année où l’Intelligence Artificielle (IA) et les attaques sur les identités promettent de redéfinir le paysage de la cybersécurité.
More_eggs MaaS Expands Operations with RevC2 Backdoor and Venom Loader
The threat actors behind the More_eggs malware have been linked to two new malware families, indicating an expansion of its malware-as-a-service (MaaS) operation. This includes a novel information-stealing backdoor called RevC2 and a loader codenamed Venom Loader, both of which are deployed using VenomLNK, a staple tool that serves as an initial access vector for […]
Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware
The threat actor known as Gamaredon has been observed leveraging Cloudflare Tunnels as a tactic to conceal its staging infrastructure hosting a malware called GammaDrop. The activity is part of an ongoing spear-phishing campaign targeting Ukrainian entities since at least early 2024 that’s designed to drop the Visual Basic Script malware, Recorded Future’s Insikt Group […]
This $3,000 Android Trojan Targeting Banks and Cryptocurrency Exchanges
As many as 77 banking institutions, cryptocurrency exchanges, and national organizations have become the target of a newly discovered Android remote access trojan (RAT) called DroidBot. « DroidBot is a modern RAT that combines hidden VNC and overlay attack techniques with spyware-like capabilities, such as keylogging and user interface monitoring, » Cleafy researchers Simone Mattia, Alessandro
Critical Mitel MiCollab Flaw Exposes Systems to Unauthorized File and Admin Access
Cybersecurity researchers have released a proof-of-concept (PoC) exploit that strings together a now-patched critical security flaw impacting Mitel MiCollab with an arbitrary file read zero-day, granting an attacker the ability to access files from susceptible instances. The critical vulnerability in question is CVE-2024-41713 (CVSS score: 9.8), which relates to a case of insufficient input