Cybersécurité : un fort parfum de GPT à la conférence RSA
La RSA a donné lieu, chez les fournisseurs de solutions de cybersécurité, à une foule d’annonces sur l’IA générative.
Google Authenticator App Gets Cloud Backup Feature for TOTP Codes
Search giant Google on Monday unveiled a major update to its 12-year-old Authenticator app for Android and iOS with an account synchronization option that allows users to back up their time-based one-time passwords (TOTPs) codes to the cloud. « This change means users are better protected from lockout and that services can rely on users retaining access, increasing […]
Russian Hackers Tomiris Targeting Central Asia for Intelligence Gathering
The Russian-speaking threat actor behind a backdoor known as Tomiris is primarily focused on gathering intelligence in Central Asia, fresh findings from Kaspersky reveal. « Tomiris’s endgame consistently appears to be the regular theft of internal documents, » security researchers Pierre Delcher and Ivan Kwiatkowski said in an analysis published today. « The threat actor targets government and
Ransomware Hackers Using AuKill Tool to Disable EDR Software Using BYOVD Attack
Threat actors are employing a previously undocumented « defense evasion tool » dubbed AuKill that’s designed to disable endpoint detection and response (EDR) software by means of a Bring Your Own Vulnerable Driver (BYOVD) attack. « The AuKill tool abuses an outdated version of the driver used by version 16.32 of the Microsoft utility, Process Explorer, to disable EDR processes before […]
Hackers Exploit Outdated WordPress Plugin to Backdoor Thousands of WordPress Sites
Threat actors have been observed leveraging a legitimate but outdated WordPress plugin to surreptitiously backdoor websites as part of an ongoing campaign, Sucuri revealed in a report published last week. The plugin in question is Eval PHP, released by a developer named flashpixx. It allows users to insert PHP code pages and posts of WordPress sites that’s […]
CERTFR-2023-ACT-018 : Bulletin d’actualité CERTFR-2023-ACT-018 (24 avril 2023)
Ce bulletin d’actualité du CERT-FR revient sur les vulnérabilités significatives de la semaine passée pour souligner leurs criticités. Il ne remplace pas …
Données clients dans des routeurs vendus d’occasion
Une étude affiche une inquiétante mauvaise habitude dans la revente de matériel informatique. 22% des routeurs de seconde main affichent encore des données sur les clients ! Une étude présentée ce 24 avril 2023 affiche des chiffres qui laissent perplexe sur la compréhension de certains utilisateurs professionnels de matériels informatiques. Le laboratoire ESET Research découvre […]
GhostToken : une faille GCP qui favorisait les backdoors
GhostToken : c’est le nom qu’on a donné à une faille récemment corrigée par Google. Quels en étaient les ressorts ?
New All-in-One « EvilExtractor » Stealer for Windows Systems Surfaces on the Dark Web
A new « all-in-one » stealer malware named EvilExtractor (also spelled Evil Extractor) is being marketed for sale for other threat actors to steal data and files from Windows systems. « It includes several modules that all work via an FTP service, » Fortinet FortiGuard Labs researcher Cara Lin said. « It also contains environment checking and Anti-VM functions. Its primary purpose seems […]
Russian Hackers Suspected in Ongoing Exploitation of Unpatched PaperCut Servers
Print management software provider PaperCut said that it has « evidence to suggest that unpatched servers are being exploited in the wild, » citing two vulnerability reports from cybersecurity company Trend Micro. « PaperCut has conducted analysis on all customer reports, and the earliest signature of suspicious activity on a customer server potentially linked to this vulnerability is […]