CISA et FBI alertent sur les bonnes pratiques sécurité dans les logiciels
Le monde numérique repose sur une infrastructure vaste et complexe de logiciels qui régissent presque tous les aspects de la vie moderne. Cependant, cette dépendance croissante aux produits logiciels expose également les infrastructures critiques, les entreprises et les particuliers à des risques de sécurité potentiellement dévastateurs.
Les pirates nord-coréens utilisent une nouvelle variante de FASTCash pour cibler les distributeurs de billets
Une nouvelle menace émerge dans le monde de la cybersécurité alors que des pirates informatiques nord-coréens exploitent une variante Linux du malware FASTCash pour infiltrer les systèmes de commutation de paiement des institutions financières et effectuer des retraits d’espèces non autorisés aux distributeurs automatiques.
LiteSpeed Cache Plugin Vulnerability Poses Significant Risk to WordPress Websites
A high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could allow an unauthenticated threat actor to elevate their privileges and perform malicious actions. The vulnerability, tracked as CVE-2024-50550 (CVSS score: 8.1), has been addressed in version 6.5.2 of the plugin. « The plugin suffers from an unauthenticated privilege escalation vulnerability
Enterprise Identity Threat Report 2024: Unveiling Hidden Threats to Corporate Identities
In the modern, browser-centric workplace, the corporate identity acts as the frontline defense for organizations. Often referred to as “the new perimeter”, the identity stands between safe data management and potential breaches. However, a new report reveals how enterprises are often unaware of how their identities are being used across various platforms. This leaves them […]
Le MFA, une course à obstacles pour Snowflake
Depuis qu’il s’est trouvé au coeur d’une campagne de cyberattaques, Snowflake tente d’accélérer l’adoption du MFA chez ses clients.
North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack
Threat actors in North Korea have been implicated in a recent incident that deployed a known ransomware family called Play, underscoring their financial motivations. The activity, observed between May and September 2024, has been attributed to a threat actor tracked as Jumpy Pisces, which is also known as Andariel, APT45, DarkSeoul, Nickel Hyatt, Onyx Sleet […]
Opera Browser Fixes Big Security Hole That Could Have Exposed Your Information
A now-patched security flaw in the Opera web browser could have enabled a malicious extension to gain unauthorized, full access to private APIs. The attack, codenamed CrossBarking, could have made it possible to conduct actions such as capturing screenshots, modifying browser settings, and account hijacking, Guardio Labs said. To demonstrate the issue, the company said […]
Malvertising Campaign Hijacks Facebook Accounts to Spread SYS01stealer Malware
Cybersecurity researchers have uncovered an ongoing malvertising campaign that abuses Meta’s advertising platform and hijacked Facebook accounts to distribute information known as SYS01stealer. « The hackers behind the campaign use trusted brands to expand their reach, » Bitdefender Labs said in a report shared with The Hacker News. « The malvertising campaign leverages nearly a hundred malicious
Embarking on a Compliance Journey? Here’s How Intruder Can Help
Navigating the complexities of compliance frameworks like ISO 27001, SOC 2, or GDPR can be daunting. Luckily, Intruder simplifies the process by helping you address the key vulnerability management criteria these frameworks demand, making your compliance journey much smoother. Read on to understand how to meet the requirements of each framework to keep your customer […]
Researchers Uncover Python Package Targeting Crypto Wallets with Malicious Code
Cybersecurity researchers have discovered a new malicious Python package that masquerades as a cryptocurrency trading tool but harbors functionality designed to steal sensitive data and drain assets from victims’ crypto wallets. The package, named « CryptoAITools, » is said to have been distributed via both Python Package Index (PyPI) and bogus GitHub repositories. It was downloaded over […]