OilRig Exploits Windows Kernel Flaw in Espionage Campaign Targeting UAE and Gulf
The Iranian threat actor known as OilRig has been observed exploiting a now-patched privilege escalation flaw impacting the Windows Kernel as part of a cyber espionage campaign targeting the U.A.E. and the broader Gulf region. « The group utilizes sophisticated tactics that include deploying a backdoor that leverages Microsoft Exchange servers for credentials theft, and exploiting […]
FBI Creates Fake Cryptocurrency to Expose Widespread Crypto Market Manipulation
The U.S. Department of Justice (DoJ) has announced arrests and charges against several individuals and entities in connection with allegedly manipulating digital asset markets as part of a widespread fraud operation. The law enforcement action – codenamed Operation Token Mirrors – is the result of the U.S. Federal Bureau of Investigation (FBI) taking the « unprecedented […]
GitHub, Telegram Bots, and QR Codes Abused in New Wave of Phishing Attacks
A new tax-themed malware campaign targeting insurance and finance sectors has been observed leveraging GitHub links in phishing email messages as a way to bypass security measures and deliver Remcos RAT, indicating that the method is gaining traction among threat actors. « In this campaign, legitimate repositories such as the open-source tax filing software, UsTaxes, HMRC, […]
How Hybrid Password Attacks Work and How to Defend Against Them
Threat actors constantly change tactics to bypass cybersecurity measures, developing innovative methods to steal user credentials. Hybrid password attacks merge multiple cracking techniques to amplify their effectiveness. These combined approaches exploit the strengths of various methods, accelerating the password-cracking process. In this post, we’ll explore hybrid attacks — what they are
CISA Warns of Threat Actors Exploiting F5 BIG-IP Cookies for Network Reconnaissance
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that it has observed threat actors leveraging unencrypted persistent cookies managed by the F5 BIG-IP Local Traffic Manager (LTM) module to conduct reconnaissance of target networks. It said the module is being used to enumerate other non-internet-facing devices on the network. The agency, however, did […]
Cybersécurité : le Top 4 des fournisseurs de services en France
Orange Cyberdéfense domine toujours le marché français des services de sécurité, en croissance de près de 12% entre 2022 et 2023. Quatre ESN dépassent 150 millions € de revenus annuels.
New Critical GitLab Vulnerability Could Allow Arbitrary CI/CD Pipeline Execution
GitLab has released security updates for Community Edition (CE) and Enterprise Edition (EE) to address eight security flaws, including a critical bug that could allow running Continuous Integration and Continuous Delivery (CI/CD) pipelines on arbitrary branches. Tracked as CVE-2024-9164, the vulnerability carries a CVSS score of 9.6 out of 10. « An issue was discovered in […]
Université Paris-Saclay : l’attaque revendiquée par un collectif atypique
RansomHouse dit avoir volé 1 To de données à l’université Paris-Saclay. Ce groupe pratique l’extorsion… mais avance des motivations particulières.
Bohemia and Cannabia Dark Web Markets Taken Down After Joint Police Operation
The Dutch police have announced the takedown of Bohemia and Cannabia, which has been described as the world’s largest and longest-running dark web market for illegal goods, drugs, and cybercrime services. The takedown is the result of a collaborative investigation with Ireland, the United Kingdom, and the United States that began towards the end of […]
Les Assises 2024 : quand « ensemble » rime avec Global Security Alliance
La 24ème édition des Assises met à l’honneur la Global Security Alliance. L’occasion de comprendre comment cette organisation à but non lucratif s’implique dans l’écosystème cyber.