Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution
Broadcom on Tuesday released updates to address a critical security flaw impacting VMware vCenter Server that could pave the way for remote code execution. The vulnerability, tracked as CVE-2024-38812 (CVSS score: 9.8), has been described as a heap-overflow vulnerability in the DCE/RPC protocol. « A malicious actor with network access to vCenter Server may trigger this […]
Google Chrome Switches to ML-KEM for Post-Quantum Cryptography Defense
Google has announced that it will be switching from KYBER to ML-KEM in its Chrome web browser as part of its ongoing efforts to defend against the risk posed by cryptographically relevant quantum computers (CRQCs). « Chrome will offer a key share prediction for hybrid ML-KEM (codepoint 0x11EC), » David Adrian, David Benjamin, Bob Beck, and Devon […]
U.S. Treasury Sanctions Executives Linked to Intellexa Predator Spyware Operation
The U.S. Department of Treasury has imposed fresh sanctions against five executives and one entity with ties to the Intellexa Consortium for their role in the development, operation, and distribution of a commercial spyware called Predator. « The United States will not tolerate the reckless propagation of disruptive technologies that threatens our national security and undermines […]
Meta to Train AI Models Using Public U.K. Facebook and Instagram Posts
Meta has announced that it will begin training its artificial intelligence (AI) systems using public content shared by adult users across Facebook and Instagram in the U.K. in the coming months. « This means that our generative AI models will reflect British culture, history, and idiom, and that UK companies and institutions will be able to […]
NIS 2 : pas de sanctions prévues avant trois ans confirme l’ANSSI
A l’occasion de l’université d’été Hexatrust, le directeur général de l’ANSSI Vincent Strubel a confirmé qu’aucune sanction pour non conformité à NIS 2 ne serait appliquée dans un délai de trois ans après sa transposition en droit français.
Le Kit de rentrée 2024 des DSI & RSSI
En cette période de reprise, Riot et LockSelf s’associent pour proposer un kit clés en main, afin d’aider les DSI et RSSI dans la gestion de leur politique cyber et la sensibilisation de leurs collaborateurs aux bonnes pratiques de cybersécurité.
Gestion des accès à privilèges (PAM) : ce qui progresse à part les prix
Les trois fournisseurs que Gartner positionne en « leaders » du PAM ont des tarifs au-dessus de la moyenne du marché… comme WALLIX.
Les 5 étapes clés pour définir un cadre solide de cyber-résilience
Un cadre de cyber-résilience offre une approche structurée qui permet aux entreprises de se préparer, de gérer et de reprendre une activité normale après une cyberattaque.
Microsoft a son point d’entrée dans la cryptographie post-quantique
Microsoft a mis à jour sa principale bibliothèque cryptographique pour y ajouter deux algorithmes post-quantiques.
How to Investigate ChatGPT activity in Google Workspace
Since launching ChatGPT in 2022, OpenAI has defied expectations with a steady stream of product announcements and enhancements. One such announcement came on May 16, 2024, and for most consumers, it probably felt innocuous. Titled “Improvements to data analysis in ChatGPT,” the post outlines how users can add files directly from Google Drive and Microsoft OneDrive. […]