{ Tribune Expert } – L’intelligence artificielle, un levier pour révolutionner l’OSINT

Si l’OSINT est historiquement associé à la collecte manuelle et à l’analyse de données disponibles publiquement, l’IA promet de redéfinir ces pratiques en automatisant, accélérant et approfondissant les capacités d’analyse.

Les Assises 2024 : de la NIS2 à l’EUCS… une ANSSI pragmatique

De la volonté de tranposer « sans précipitation » la NIS2 à celle de trouver un accord sur l’EUCS, l’ANSSI a tracé ses lignes directrices à l’occasion des Assises de la cybersécurité 2024.

Social Media Accounts: The Weak Link in Organizational SaaS Security

Social media accounts help shape a brand’s identity and reputation. These public forums engage directly with customers as they are a hub to connect, share content and answer questions. However, despite the high profile role these accounts have, many organizations overlook social media account security. Many lack the safeguards to prevent unauthorized access — a […]

Microsoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the Wild

Microsoft has released security updates to fix a total of 118 vulnerabilities across its software portfolio, two of which have come under active exploitation in the wild. Of the 118 flaws, three are rated Critical, 113 are rated Important, and two are rated Moderate in severity. The Patch Tuesday update doesn’t include the 25 additional […]

Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks

Microsoft is warning of cyber attack campaigns that abuse legitimate file hosting services such as SharePoint, OneDrive, and Dropbox that are widely used in enterprise environments as a defense evasion tactic. The end goal of the campaigns are broad and varied, allowing threat actors to compromise identities and devices and conduct business email compromise (BEC) […]

Gamers Tricked Into Downloading Lua-Based Malware via Fake Cheating Script Engines

Users searching for game cheats are being tricked into downloading a Lua-based malware that is capable of establishing persistence on infected systems and delivering additional payloads. « These attacks capitalize on the popularity of Lua gaming engine supplements within the student gamer community, » Morphisec researcher Shmuel Uzan said in a new report published today, adding « this […]

Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited

Ivanti has warned that three new security vulnerabilities impacting its Cloud Service Appliance (CSA) have come under active exploitation in the wild. The zero-day flaws are being weaponized in conjunction with another flaw in CSA that the company patched last month, the Utah-based software services provider said. Successful exploitation of these vulnerabilities could allow an […]

Fausse musique et hack de streaming pour 10 millions de dollars !

Les autorités américaines ont récemment inculpé Michael Smith, 52 ans, pour avoir orchestré une fraude aux services de streaming d’une valeur de plus de 10 millions de dollars.

Cyberattack Group ‘Awaken Likho’ Targets Russian Government with Advanced Tools

Russian government agencies and industrial entities are the target of an ongoing activity cluster dubbed Awaken Likho. « The attackers now prefer using the agent for the legitimate MeshCentral platform instead of the UltraVNC module, which they had previously used to gain remote access to systems, » Kaspersky said, detailing a new campaign that began in June […]

New Case Study: The Evil Twin Checkout Page

Is your store at risk? Discover how an innovative web security solution saved one global online retailer and its unsuspecting customers from an “evil twin” disaster. Read the full real-life case study here. The Invisible Threat in Online Shopping When is a checkout page, not a checkout page? When it’s an “evil twin”! Malicious redirects […]