Apple and Google Join Forces to Stop Unauthorized Tracking Alert System

Apple and Google have teamed up to work on a draft industry-wide specification that’s designed to tackle safety risks and alert users when they are being tracked without their knowledge or permission using devices like AirTags. « The first-of-its-kind specification will allow Bluetooth location-tracking devices to be compatible with unauthorized tracking detection and alerts across Android and

Hackers Exploiting 5-year-old Unpatched Vulnerability in TBK DVR Devices

Threat actors are actively exploiting an unpatched five-year-old flaw impacting TBK digital video recording (DVR) devices, according to an advisory issued by Fortinet FortiGuard Labs. The vulnerability in question is CVE-2018-9995 (CVSS score: 9.8), a critical authentication bypass issue that could be exploited by remote actors to gain elevated permissions. « The 5-year-old vulnerability (

CISA Issues Advisory on Critical RCE Affecting ME RTU Remote Terminal Units

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday released an Industrial Control Systems (ICS) advisory about a critical flaw affecting ME RTU remote terminal units. The security vulnerability, tracked as CVE-2023-2131, has received the highest severity rating of 10.0 on the CVSS scoring system for its low attack complexity. « Successful exploitation of this

Sécurité applicative : 5 enseignements du rapport Datadog

Le niveau de gravité de la plupart des vulnérabilités applicatives devrait être réévalué à la baisse, pour mieux prioriser, relève Datadog.

Le Zero Trust est un cheminement : concentrez-vous sur les données

Le Zero Trust peut être un processus sans fin. Au lieu d’essayer de créer une stratégie à l’échelle de l’organisation, concentrez-vous sur vos applications les plus importantes qui hébergent les données sensibles.

Researchers Uncover New BGP Flaws in Popular Internet Routing Protocol Software

Cybersecurity researchers have uncovered weaknesses in a software implementation of the Border Gateway Protocol (BGP) that could be weaponized to achieve a denial-of-service (DoS) condition on vulnerable BGP peers. The three vulnerabilities reside in version 8.4 of FRRouting, a popular open source internet routing protocol suite for Linux and Unix platforms. It’s currently used by several

Hébergement en ligne : nos conseils pour un site sécurisé

Les sites en ligne sont de plus en plus utilisés pour héberger des données sensibles et confidentielles, tels que les informations personnelles des clients, les données financières et les données d’entreprise. Malheureusement, leur sécurité est devenue une préoccupation majeure pour les propriétaires de ces plateformes, car les cybercriminels sont de plus en plus sophistiqués dans leurs méthodes d’attaque. Pour […]

CERTFR-2023-ACT-019 : Bulletin d’actualité CERTFR-2023-ACT-019 (02 mai 2023)

Ce bulletin d’actualité du CERT-FR revient sur les vulnérabilités significatives de la semaine passée pour souligner leurs criticités. Il ne remplace pas …

LOBSHOT: A Stealthy, Financial Trojan and Info Stealer Delivered through Google Ads

In yet another instance of how threat actors are abusing Google Ads to serve malware, a threat actor has been observed leveraging the technique to deliver a new Windows-based financial trojan and information stealer called LOBSHOT. « LOBSHOT continues to collect victims while staying under the radar, » Elastic Security Labs researcher Daniel Stepanic said in an […]

North Korea’s ScarCruft Deploys RokRAT Malware via LNK File Infection Chains

The North Korean threat actor known as ScarCruft started experimenting with oversized LNK files as a delivery route for RokRAT malware as early as July 2022, the same month Microsoft began blocking macros across Office documents by default. « RokRAT has not changed significantly over the years, but its deployment methods have evolved, now utilizing archives containing LNK files that […]