Actualités – Page 371 – Guillaume BEAUPELLET

North Korean Hackers Uncovered as Mastermind in 3CX Supply Chain Attack

Enterprise communications service provider 3CX confirmed that the supply chain attack targeting its desktop application for Windows and macOS was the handiwork of a threat actor with North Korean nexus. The findings are the result of an interim assessment conducted by Google-owned Mandiant, whose services were enlisted after the intrusion came to light late last month. The […]

CERTFR-2023-ACT-016 : Bulletin d’actualité CERTFR-2023-ACT-016 (11 avril 2023)

Ce bulletin d’actualité du CERT-FR revient sur les vulnérabilités significatives de la semaine passée pour souligner leurs criticités. Il ne remplace pas …

Newly Discovered « By-Design » Flaw in Microsoft Azure Could Expose Storage Accounts to Hackers

A « by-design flaw » uncovered in Microsoft Azure could be exploited by attackers to gain access to storage accounts, move laterally in the environment, and even execute remote code. « It is possible to abuse and leverage Microsoft Storage Accounts by manipulating Azure Functions to steal access-tokens of higher privilege identities, move laterally, potentially access critical business […]

Cybercriminals Turn to Android Loaders on Dark Web to Evade Google Play Security

Malicious loader programs capable of trojanizing Android applications are being traded on the criminal underground for up to $20,000 as a way to evade Google Play Store defenses. « The most popular application categories to hide malware and unwanted software include cryptocurrency trackers, financial apps, QR-code scanners, and even dating apps, » Kaspersky said in a new report based […]

[eBook] A Step-by-Step Guide to Cyber Risk Assessment

In today’s perilous cyber risk landscape, CISOs and CIOs must defend their organizations against relentless cyber threats, including ransomware, phishing, attacks on infrastructure, supply chain breaches, malicious insiders, and much more. Yet at the same time, security leaders are also under tremendous pressure to reduce costs and invest wisely. One of the most effective ways […]

Cryptocurrency Stealer Malware Distributed via 13 NuGet Packages

Cybersecurity researchers have detailed the inner workings of the cryptocurrency stealer malware that was distributed via 13 malicious NuGet packages as part of a supply chain attack targeting .NET developers. The sophisticated typosquatting campaign, which was detailed by JFrog late last month, impersonated legitimate packages to execute PowerShell code designed to retrieve a follow-on binary

North Korean Hackers Uncovered as Mastermind in 3CX Supply Chain Attack

CERTFR-2023-ACT-016 : Bulletin d’actualité CERTFR-2023-ACT-016 (11 avril 2023)

Newly Discovered « By-Design » Flaw in Microsoft Azure Could Expose Storage Accounts to Hackers

Cybercriminals Turn to Android Loaders on Dark Web to Evade Google Play Security

[eBook] A Step-by-Step Guide to Cyber Risk Assessment

Cryptocurrency Stealer Malware Distributed via 13 NuGet Packages

CERTFR-2023-ACT-009 : Bulletin d’actualité CERTFR-2023-ACT-009 (20 février 2023)

CERTFR-2023-ACT-008 : Bulletin d’actualité CERTFR-2023-ACT-008 (06 février 2023)

CERTFR-2023-ACT-007 : Bulletin d’actualité CERTFR-2023-ACT-007 (03 février 2023)

CERTFR-2023-ACT-006 : Bulletin d’actualité CERTFR-2023-ACT-006 (30 janvier 2023)