Gestion des accès : Wallix absorbe son partenaire Kleverware
Les collaborateurs de la PME active dans la gouvernance des identités et des droits d’accès sont appelés à rejoindre les équipes de Wallix.
State-Sponsored Sidewinder Hacker Group’s Covert Attack Infrastructure Uncovered
Cybersecurity researchers have unearthed previously undocumented attack infrastructure used by the prolific state-sponsored group SideWinder to strike entities located in Pakistan and China. This comprises a network of 55 domains and IP addresses used by the threat actor, cybersecurity companies Group-IB and Bridewell said in a joint report shared with The Hacker News. « The identified phishing
China’s Mustang Panda Hackers Exploit TP-Link Routers for Persistent Attacks
The Chinese nation-state actor known as Mustang Panda has been linked to a new set of sophisticated and targeted attacks aimed at European foreign affairs entities since January 2023. An analysis of these intrusions, per Check Point researchers Itay Cohen and Radoslaw Madej, has revealed a custom firmware implant designed explicitly for TP-Link routers. « The implant features […]
Des doutes sur la sécurité des noms de domaine en .zip
Disponible depuis peu, l’extension générique .zip agite la communauté infosec. Quelles sont les grandes lignes du débat ?
Cyolo Product Overview: Secure Remote Access to All Environments
Operational technology (OT) cybersecurity is a challenging but critical aspect of protecting organizations’ essential systems and resources. Cybercriminals no longer break into systems, but instead log in – making access security more complex and also more important to manage and control than ever before. In an effort to solve the access-related challenges facing OT and […]
CopperStealer Malware Crew Resurfaces with New Rootkit and Phishing Kit Modules
The threat actors behind the CopperStealer malware resurfaced with two new campaigns in March and April 2023 that are designed to deliver two novel payloads dubbed CopperStealth and CopperPhish. Trend Micro is tracking the financially motivated group under the name Water Orthrus. The adversary is also assessed to be behind another campaign known as Scranos, which was detailed by Bitdefender […]
Identité numérique européenne : Le futur de la vie privée en ligne
En 2024, tous les pays européens devront mettre à la disposition de leurs citoyens un Digital ID Wallet. Grace à ce portefeuille électronique, ils pourront, depuis leurs terminaux électroniques, stocker et gérer leur identité numérique, et partager leurs attributs personnels vérifiés.
Hackers Using Golang Variant of Cobalt Strike to Target Apple macOS Systems
A Golang implementation of Cobalt Strike called Geacon is likely to garner the attention of threat actors looking to target Apple macOS systems. The findings come from SentinelOne, which observed an uptick in the number of Geacon payloads appearing on VirusTotal in recent months. « While some of these are likely red-team operations, others bear the […]
Une vulnérabilité corrigée dans le plug-in Advanced Custom Fields pour WordPress
Une faille de sécurité a été identifiée dans le plug-in Advanced Custom Fields pour WordPress, permettant l’insertion de code malveillant sur approximativement deux millions de sites web. Cela pourrait causer des préjudices aux sites eux-mêmes et à leurs utilisateurs. Cette faille concerne spécifiquement les plug-ins Advanced Custom Fields et Advanced Custom Fields Pro, développés par […]
Sécurité du cloud : l’ENISA questionne la responsabilité partagée
L’agence européenne suggère, chiffres à l’appui, le décalage d’interprétation de la notion de responsabilité partagée entre fournisseurs et clients.