New Mystic Stealer Malware Targets 40 Web Browsers and 70 Browser Extensions
A new information-stealing malware called Mystic Stealer has been found to steal data from about 40 different web browsers and over 70 web browser extensions. First advertised on April 25, 2023, for $150 per month, the malware also targets cryptocurrency wallets, Steam, and Telegram, and employs extensive mechanisms to resist analysis. « The code is heavily obfuscated making […]
Researchers Discover New Sophisticated Toolkit Targeting Apple macOS Systems
Cybersecurity researchers have uncovered a set of malicious artifacts that they say is part of a sophisticated toolkit targeting Apple macOS systems. « As of now, these samples are still largely undetected and very little information is available about any of them, » Bitdefender researchers Andrei Lapusneanu and Bogdan Botezatu said in a preliminary report published on Friday. The […]
Introducing AI-guided Remediation for IaC Security / KICS
While the use of Infrastructure as Code (IaC) has gained significant popularity as organizations embrace cloud computing and DevOps practices, the speed and flexibility that IaC provides can also introduce the potential for misconfigurations and security vulnerabilities. IaC allows organizations to define and manage their infrastructure using machine-readable configuration files, which are
CERTFR-2023-ACT-026 : Bulletin d’actualité CERTFR-2023-ACT-026 (19 juin 2023)
Ce bulletin d’actualité du CERT-FR revient sur les vulnérabilités significatives de la semaine passée pour souligner leurs criticités. Il ne remplace pas …
State-Backed Hackers Employ Advanced Methods to Target Middle Eastern and African Governments
Governmental entities in the Middle East and Africa have been at the receiving end of sustained cyber-espionage attacks that leverage never-before-seen and rare credential theft and Exchange email exfiltration techniques. « The main goal of the attacks was to obtain highly confidential and sensitive information, specifically related to politicians, military activities, and ministries of foreign
Microsoft Blames Massive DDoS Attack for Azure, Outlook, and OneDrive Disruptions
Microsoft on Friday attributed a string of service outages aimed at Azure, Outlook, and OneDrive earlier this month to an uncategorized cluster it tracks under the name Storm-1359. « These attacks likely rely on access to multiple virtual private servers (VPS) in conjunction with rented cloud infrastructure, open proxies, and DDoS tools, » the tech giant said in a post […]
Plus de 500 millions de données volées à 80 millions de russe !
Près d’un million de cybercriminels russophones opèreraient actuellement dans le darknet. Ils auraient réussi à piéger plus de 80 millions de Russes.
Le diffuseur de Gozi / Zeus / SpyEte condamné à trois ans de prison aux États-Unis
Un hacker malveillant roumain a été condamné à trois ans de prison fédérale aux États-Unis pour avoir dirigé l’infrastructure derrière plusieurs souches de logiciels malveillants.
Le ministère de la Justice des États-Unis accuse deux hackers russes, Alexey Bilyuchenko et Aleksandr Verner, d’être impliqués dans le piratage de l’échangeur de crypto-monnaie Mt. Gox.
Le ministère de la Justice des États-Unis accuse deux hackers russes, Alexey Bilyuchenko et Aleksandr Verner, d’être impliqués dans le piratage de l’échangeur de crypto-monnaie Mt. Gox.
From Cryptojacking to DDoS Attacks: Diicot Expands Tactics with Cayosin Botnet
Cybersecurity researchers have discovered previously undocumented payloads associated with a Romanian threat actor named Diicot, revealing its potential for launching distributed denial-of-service (DDoS) attacks. « The Diicot name is significant, as it’s also the name of the Romanian organized crime and anti-terrorism policing unit, » Cado Security said in a technical report. « In addition,