OvrC Platform Vulnerabilities Expose IoT Devices to Remote Attacks and Code Execution
A security analysis of the OvrC cloud platform has uncovered 10 vulnerabilities that could be chained to allow potential attackers to execute code remotely on connected devices. « Attackers successfully exploiting these vulnerabilities can access, control, and disrupt devices supported by OvrC; some of those include smart electrical power supplies, cameras, routers, home automation systems, and
Iranian Hackers Use « Dream Job » Lures to Deploy SnailResin Malware in Aerospace Attacks
The Iranian threat actor known as TA455 has been observed taking a leaf out of a North Korean hacking group’s playbook to orchestrate its own version of the Dream Job campaign targeting the aerospace industry by offering fake jobs since at least September 2023. « The campaign distributed the SnailResin malware, which activates the SlugResin backdoor, » […]
Microsoft Fixes 90 New Flaws, Including Actively Exploited NTLM and Task Scheduler Bugs
Microsoft on Tuesday revealed that two security flaws impacting Windows NT LAN Manager (NTLM) and Task Scheduler have come under active exploitation in the wild. The security vulnerabilities are among the 90 security bugs the tech giant addressed as part of its Patch Tuesday update for November 2024. Of the 90 flaws, four are rated […]
MITRE ATT&CK : les dernières techniques intégrées à la matrice principale
D’une version à l’autre, le framework MITRE ATT&CK s’est enrichi d’une vingtaine de (sous-)techniques. Que recouvrent-elles ?
New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration
Cybersecurity researchers have disclosed new security flaws impacting Citrix Virtual Apps and Desktop that could be exploited to achieve unauthenticated remote code execution (RCE) The issue, per findings from watchTowr, is rooted in the Session Recording component that allows system administrators to capture user activity, and record keyboard and mouse input, along with a video […]
New Phishing Tool GoIssue Targets GitHub Developers in Bulk Email Campaigns
Cybersecurity researchers are calling attention to a new sophisticated tool called GoIssue that can be used to send phishing messages at scale targeting GitHub users. The program, first marketed by a threat actor named cyberdluffy (aka Cyber D’ Luffy) on the Runion forum earlier this August, is advertised as a tool that allows criminal actors […]
Des proxys aux backdoors, la logithèque de MITRE ATT&CK s’étend
La liste de malwares et de logiciels potentiellement malveillants adossée à la principale matrice de MITRE ATT&CK s’élargit avec la v16 du framework.
Bulletin d’actualité CERTFR-2024-ACT-049 (12 novembre 2024)
Ce bulletin d’actualité du CERT-FR revient sur les vulnérabilités significatives de la semaine passée pour souligner leurs criticités. Il ne remplace pas l’analyse de l’ensemble des avis et alertes publiés par le CERT-FR dans le cadre d’une analyse de risques pour prioriser l’application des…
North Korean Hackers Target macOS Using Flutter-Embedded Malware
Threat actors with ties to the Democratic People’s Republic of Korea (DPRK aka North Korea) have been found embedding malware within Flutter applications, marking the first time this tactic has been adopted by the adversary to infect Apple macOS devices. Jamf Threat Labs, which made the discovery based on artifacts uploaded to the VirusTotal platform […]
La XRD peut-elle remplacer les SIEM dans les SOC ?
La technologie XDR peut-elle démoder les SIEM au coeur des grands SOC ? Plus qu’un remplacement, la XDR pointe les insuffisances du SIEM actuel et pousse les éditeurs à le réinventer. Avant une convergence des solutions.