U.S. and U.K. Warn of Russian Hackers Exploiting Cisco Router Flaws for Espionage
U.K. and U.S. cybersecurity and intelligence agencies have warned of Russian nation-state actors exploiting now-patched flaws in networking equipment from Cisco to conduct reconnaissance and deploy malware against targets. The intrusions, per the authorities, took place in 2021 and targeted a small number of entities in Europe, U.S. government institutions, and about 250 Ukrainian victims. The
Iranian Government-Backed Hackers Targeting U.S. Energy and Transit Systems
An Iranian government-backed actor known as Mint Sandstorm has been linked to attacks aimed at critical infrastructure in the U.S. between late 2021 to mid-2022. « This Mint Sandstorm subgroup is technically and operationally mature, capable of developing bespoke tooling and quickly weaponizing N-day vulnerabilities, and has demonstrated agility in its operational focus, which appears to align
Développement logiciel sécurisé : le choix des Five Eyes
L’alliance dite des Five Eyes exhorte l’industrie du logiciel à intégrer la sécurité dès la phase de conception et par défaut.
Pakistani Hackers Use Linux Malware Poseidon to Target Indian Government Agencies
The Pakistan-based advanced persistent threat (APT) actor known as Transparent Tribe used a two-factor authentication (2FA) tool used by Indian government agencies as a ruse to deliver a new Linux backdoor called Poseidon. « Poseidon is a second-stage payload malware associated with Transparent Tribe, » Uptycs security researcher Tejaswini Sandapolla said in a technical report published this week.
Uncovering (and Understanding) the Hidden Risks of SaaS Apps
Recent data breaches across CircleCI, LastPass, and Okta underscore a common theme: The enterprise SaaS stacks connected to these industry-leading apps can be at serious risk for compromise. CircleCI, for example, plays an integral, SaaS-to-SaaS role for SaaS app development. Similarly, tens of thousands of organizations rely on Okta and LastPass security roles for SaaS […]
Critical Flaws in vm2 JavaScript Library Can Lead to Remote Code Execution
A fresh round of patches has been made available for the vm2 JavaScript library to address two critical flaws that could be exploited to break out of the sandbox protections. Both the flaws – CVE-2023-29199 and CVE-2023-30547 – are rated 9.8 out of 10 on the CVSS scoring system and have been addressed in versions 3.9.16 and 3.9.17, respectively. […]
YouTube Videos Distributing Aurora Stealer Malware via Highly Evasive Loader
Cybersecurity researchers have detailed the inner workings of a highly evasive loader named « in2al5d p3in4er » (read: invalid printer) that’s used to deliver the Aurora information stealer malware. « The in2al5d p3in4er loader is compiled with Embarcadero RAD Studio and targets endpoint workstations using advanced anti-VM (virtual machine) technique, » cybersecurity firm Morphisec said in a report
Une nouvelle vague de diffusion du malware Qbot cible les entreprises avec des PDF malveillants
Début avril, découverte d’une nouvelle diffusion massive des logiciels malveillants Qbot. Le pirate cible les entreprises via leurs employés via des PDF Piégés.
Quand Hexatrust guide collectivités et établissements de santé
Le collectif Hexatrust livre son catalogue 2023/2024 de solutions cyber françaises « clés en main » qui répondent aux exigences de l’ANSSI.
Goldoson Android Malware Infects Over 100 Million Google Play Store Downloads
A new Android malware strain named Goldoson has been detected in the official Google Play Store spanning more than 60 legitimate apps that collectively have over 100 million downloads. An additional eight million installations have been tracked through ONE store, a leading third-party app storefront in South Korea. The rogue component is part of a third-party software […]