Researchers Discover 3 Vulnerabilities in Microsoft Azure API Management Service
Three new security flaws have been disclosed in Microsoft Azure API Management service that could be abused by malicious actors to gain access to sensitive information or backend services. This includes two server-side request forgery (SSRF) flaws and one instance of unrestricted file upload functionality in the API Management developer portal, according to Israeli cloud […]
Researchers Uncover New Exploit for PaperCut Vulnerability That Can Bypass Detection
Cybersecurity researchers have found a way to exploit a recently disclosed critical flaw in PaperCut servers in a manner that bypasses all current detections. Tracked as CVE-2023-27350 (CVSS score: 9.8), the issue affects PaperCut MF and NG installations that could be exploited by an unauthenticated attacker to execute arbitrary code with SYSTEM privileges. While the flaw was patched by […]
Espionnage via Bluetooth
Google et Apple travaillent ensemble pour protéger les personnes de la surveillance via des appareils Bluetooth. Depuis plusieurs années maintenant, divers trackers Bluetooth comme l’Apple AirTag suscitent de nombreuses polémiques sur les abus. Aujourd’hui, Google et Apple ont décidé de s’associer pour développer une spécification qui rendra plus difficile l’espionnage des appareils exploitant le Bluetooth. […]
Why the Things You Don’t Know about the Dark Web May Be Your Biggest Cybersecurity Threat
IT and cybersecurity teams are so inundated with security notifications and alerts within their own systems, it’s difficult to monitor external malicious environments – which only makes them that much more threatening. In March, a high-profile data breach hit national headlines when personally identifiable information connected to hundreds of lawmakers and staff was leaked on […]
Meta Uncovers Massive Social Media Cyber Espionage Operations Across South Asia
Three different threat actors leveraged hundreds of elaborate fictitious personas on Facebook and Instagram to target individuals located in South Asia as part of disparate attacks. « Each of these APTs relied heavily on social engineering to trick people into clicking on malicious links, downloading malware or sharing personal information across the internet, » Guy Rosen, chief […]
Meta Takes Down Malware Campaign That Used ChatGPT as a Lure to Steal Accounts
Meta said it took steps to take down more than 1,000 malicious URLs from being shared across its services that were found to leverage OpenAI’s ChatGPT as a lure to propagate about 10 malware families since March 2023. The development comes against the backdrop of fake ChatGPT web browser extensions being increasingly used to steal users’ Facebook account credentials with […]
Chinese Hacker Group Earth Longzhi Resurfaces with Advanced Malware Tactics
A Chinese state-sponsored hacking outfit has resurfaced with a new campaign targeting government, healthcare, technology, and manufacturing entities based in Taiwan, Thailand, the Philippines, and Fiji after more than six months of no activity. Trend Micro attributed the intrusion set to a cyber espionage group it tracks under the name Earth Longzhi, which is a subgroup within APT41 (aka HOODOO
Google Introduces Passwordless Secure Sign-In with Passkeys for Google Accounts
Almost five months after Google added support for passkeys to its Chrome browser, the tech giant has begun rolling out the passwordless solution across Google Accounts on all platforms. Passkeys, backed by the FIDO Alliance, are a more secure way to sign in to apps and websites without having to use a traditional password. This, in turn, can be […]
Mots de passe : la rotation est-elle encore une solution ?
Faut-il toujours imposer un renouvellement régulier des mots de passe ? Les voix dissonent dans l’écosystème cyber. A l’occasion de la Journée mondiale du mot de passe ce 4 mai, Silicon.fr fait le point.
Download the eBook: What Does it Take to be a Full-Fledged Virtual CISO?
Almost half of MSP clients fell victim to a cyberattack within the last 12 months. In the SMB world, the danger is especially acute as only 50% of SMBs have a dedicated internal IT person to take care of cybersecurity. No wonder cybercriminals are targeting SMBs so heavily. No wonder SMBs are increasingly willing to […]