CrowdStrike fait ses excuses à Washington… mais défend son accès au noyau Windows
Devant le Parlement américain, Crowdstrike a réitéré les engagements annoncés après la panne mondiale de juillet. Sans céder de terrain sur les accès kernel.
CISA Flags Critical Ivanti vTM Vulnerability Amid Active Exploitation Concerns
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting Ivanti Virtual Traffic Manager (vTM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2024-7593 (CVSS score: 9.8), which could be exploited by a remote unauthenticated attacker to bypass the
Necro Android Malware Found in Popular Camera and Browser Apps on Play Store
Altered versions of legitimate Android apps associated with Spotify, WhatsApp, and Minecraft have been used to deliver a new version of a known malware loader called Necro. Kaspersky said some of the malicious apps have also been found on the Google Play Store. They have been cumulatively downloaded 11 million times. They include – Wuta […]
U.S. Proposes Ban on Connected Vehicles Using Chinese and Russian Tech
The U.S. Department of Commerce (DoC) said it’s proposing a ban on the import or sale of connected vehicles that integrate software and hardware made by foreign adversaries, particularly that of the People’s Republic of China (PRC) and Russia. « The proposed rule focuses on hardware and software integrated into the Vehicle Connectivity System (VCS) and […]
Kaspersky Exits U.S., Automatically Replaces Software With UltraAV, Raising Concerns
Antivirus vendor Kaspersky has formally begun pulling back its offerings in the U.S., migrating existing users to UltraAV, effective September 19, 2024, ahead of its formal exit at the end of the month. « Kaspersky antivirus customers received a software update facilitating the transition to UltraAV, » the company said in a post announcing the move on […]
The SSPM Justification Kit
SaaS applications contain a wealth of sensitive data and are central to business operations. Despite this, far too many organizations rely on half measures and hope their SaaS stack will remain secure. Unfortunately, this approach is lacking and will leave security teams blind to threat prevention and detection, as well as open to regulatory violations, […]
Discover Latest Ransomware Tactics and Zero Trust Strategies in This Expert Webinar
Ransomware is no longer just a threat; it’s an entire industry. Cybercriminals are growing more sophisticated, and their tactics are evolving rapidly. This persistent danger is a major concern for business leaders. But there’s good news: you don’t have to be defenseless. What if you could gain a strategic edge? Join our exclusive webinar, « Unpacking […]
New Octo2 Android Banking Trojan Emerges with Device Takeover Capabilities
Cybersecurity researchers have discovered a new version of an Android banking trojan called Octo that comes with improved capabilities to conduct device takeover (DTO) and perform fraudulent transactions. The new version has been codenamed Octo2 by the malware author, Dutch security firm ThreatFabric said in a report shared with The Hacker News, adding campaigns distributing […]
Telegram Agrees to Share User Data With Authorities for Criminal Investigations
In a major policy reversal, the popular messaging app Telegram has announced it will give users’ IP addresses and phone numbers to authorities in response to valid legal requests in an attempt to rein in criminal activity on the platform. « We’ve made it clear that the IP addresses and phone numbers of those who violate […]
Comment Kaspersky orchestre sa sortie des États-Unis
Après avoir stoppé ses activités aux États-Unis, Kaspersky remplace son antivirus par celui d’une entreprise américaine pour environ un million de clients.