Urgent Security Updates: Cisco and VMware Address Critical Vulnerabilities

VMware has released security updates to fix a trio of flaws in Aria Operations for Networks that could result in information disclosure and remote code execution. The most critical of the three vulnerabilities is a command injection vulnerability tracked as CVE-2023-20887 (CVSS score: 9.8) that could allow a malicious actor with network access to achieve remote code execution. Also […]

Kimsuky Targets Think Tanks and News Media with Social Engineering Attacks

The North Korean nation-state threat actor known as Kimsuky has been linked to a social engineering campaign targeting experts in North Korean affairs with the goal of stealing Google credentials and delivering reconnaissance malware. « Further, Kimsuky’s objective extends to the theft of subscription credentials from NK News, » cybersecurity firm SentinelOne said in a report shared with The

Barracuda Urges Immediate Replacement of Hacked ESG Appliances

Enterprise security company Barracuda is now urging customers who were impacted by a recently disclosed zero-day flaw in its Email Security Gateway (ESG) appliances to immediately replace them. « Impacted ESG appliances must be immediately replaced regardless of patch version level, » the company said in an update, adding its « remediation recommendation at this time is full replacement of […]

La cybersécurité, clé de voûte pour l’avenir du travail hybride

Aujourd’hui, plus de la moitié (56%) des responsables de la sécurité français affirment que la protection de leurs collaborateurs en travail hybride va devenir plus complexe au cours de l’année.

Winning the Mind Game: The Role of the Ransomware Negotiator

Get exclusive insights from a real ransomware negotiator who shares authentic stories from network hostage situations and how he managed them. The Ransomware Industry Ransomware is an industry. As such, it has its own business logic: organizations pay money, in crypto-currency, in order to regain control over their systems and data. This industry’s landscape is […]

New PowerDrop Malware Targeting U.S. Aerospace Industry

An unknown threat actor has been observed targeting the U.S. aerospace industry with a new PowerShell-based malware called PowerDrop. « PowerDrop uses advanced techniques to evade detection such as deception, encoding, and encryption, » according to Adlumin, which found the malware implanted in an unnamed domestic aerospace defense contractor in May 2023. « The name is derived from the tool,

New Malware Campaign Leveraging Satacom Downloader to Steal Cryptocurrency

A recent malware campaign has been found to leverage Satacom downloader as a conduit to deploy stealthy malware capable of siphoning cryptocurrency using a rogue extension for Chromium-based browsers. « The main purpose of the malware that is dropped by the Satacom downloader is to steal BTC from the victim’s account by performing web injections into targeted cryptocurrency […]

Cybersécurité : 5 points à retenir du DBIR 2023

L’intrusion système, l’ingénierie sociale et les attaques sur applications web concentrent 97% des violations de données en EMEA, selon le DBIR 2023.

Over 60K Adware Apps Posing as Cracked Versions of Popular Apps Target Android Devices

Thousands of adware apps for Android have been found to masquerade as cracks or modded versions of popular apps to redirect users to serve unwanted ads to users as part of a campaign ongoing since October 2022. « The campaign is designed to aggressively push adware to Android devices with the purpose to drive revenue, » Bitdefender […]

5 Reasons Why IT Security Tools Don’t Work For OT

Attacks on critical infrastructure and other OT systems are on the rise as digital transformation and OT/IT convergencecontinue to accelerate. Water treatment facilities, energy providers, factories, and chemical plants — the infrastructure that undergirds our daily lives could all be at risk. Disrupting or manipulating OT systems stands to pose real physical harm to citizens, […]