Actualités – Page 52 – Guillaume BEAUPELLET

Malware Campaign Uses Ethereum Smart Contracts to Control npm Typosquat Packages

An ongoing campaign is targeting npm developers with hundreds of typosquat versions of their legitimate counterparts in an attempt to trick them into running cross-platform malware. The attack is notable for utilizing Ethereum smart contracts for command-and-control (C2) server address distribution, according to independent findings from Checkmarx, Phylum, and Socket published over the past few

Canadian Suspect Arrested Over Snowflake Data Breach and Extortion Attacks

Canadian law enforcement authorities have arrested an individual who is suspected to have conducted a series of hacks stemming from the breach of cloud data warehousing platform Snowflake earlier this year. The individual in question, Alexander « Connor » Moucka (aka Judische and Waifu), was apprehended on October 30, 2024, on the basis of a provisional arrest […]

Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System

Google has warned that a security flaw impacting its Android operating system has come under active exploitation in the wild. The vulnerability, tracked as CVE-2024-43093, has been described as a privilege escalation flaw in the Android Framework component that could result in unauthorized access to « Android/data, » « Android/obb, » and « Android/sandbox » directories and its sub-directories,

Bulletin d’actualité CERTFR-2024-ACT-048 (04 novembre 2024)

Ce bulletin d’actualité du CERT-FR revient sur les vulnérabilités significatives de la semaine passée pour souligner leurs criticités. Il ne remplace pas l’analyse de l’ensemble des avis et alertes publiés par le CERT-FR dans le cadre d’une analyse de risques pour prioriser l’application des…

Critical Flaws in Ollama AI Framework Could Enable DoS, Model Theft, and Poisoning

Cybersecurity researchers have disclosed six security flaws in the Ollama artificial intelligence (AI) framework that could be exploited by a malicious actor to perform various actions, including denial-of-service, model poisoning, and model theft. « Collectively, the vulnerabilities could allow an attacker to carry out a wide-range of malicious actions with a single HTTP request, including

Cyber OT : la prise de conscience du secteur industriel

Les systèmes industriels s’ouvrent et s’exposent bien plus largement aux risques de cybersécurité que par le passé. À l’heure de leur transformation digitale, la stratégie du château fort ne tient plus.

German Police Disrupt DDoS-for-Hire Platform dstat[.]cc; Suspects Arrested

German law enforcement authorities have announced the disruption of a criminal service called dstat[.]cc that made it possible for other threat actors to easily mount distributed denial-of-service (DDoS) attacks. « The platform made such DDoS attacks accessible to a wide range of users, even those without any in-depth technical skills of their own, » the Federal Criminal […]

THN Recap: Top Cybersecurity Threats, Tools, and Practices (Oct 28 – Nov 03)

This week was a total digital dumpster fire! Hackers were like, « Let’s cause some chaos! » and went after everything from our browsers to those fancy cameras that zoom and spin. (You know, the ones they use in spy movies? 🕵️‍♀️) We’re talking password-stealing bots, sneaky extensions that spy on you, and even cloud-hacking ninjas! 🥷 […]

Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine

Google said it discovered a zero-day vulnerability in the SQLite open-source database engine using its large language model (LLM) assisted framework called Big Sleep (formerly Project Naptime). The tech giant described the development as the « first real-world vulnerability » uncovered using the artificial intelligence (AI) agent. « We believe this is the first public example of an […]

Cyber Threats That Could Impact the Retail Industry This Holiday Season (and What to Do About It)

As the holiday season approaches, retail businesses are gearing up for their annual surge in online (and in-store) traffic. Unfortunately, this increase in activity also attracts cybercriminals looking to exploit vulnerabilities for their gain. Imperva, a Thales company, recently published its annual holiday shopping cybersecurity guide. Data from the Imperva Threat Research team’s