Secrets Exposed: Why Your CISO Should Worry About Slack
In the digital realm, secrets (API keys, private keys, username and password combos, etc.) are the keys to the kingdom. But what if those keys were accidentally left out in the open in the very tools we use to collaborate every day? A Single Secret Can Wreak Havoc Imagine this: It’s a typical Tuesday in […]
New Flaws in Microsoft macOS Apps Could Allow Hackers to Gain Unrestricted Access
Eight vulnerabilities have been uncovered in Microsoft applications for macOS that an adversary could exploit to gain elevated privileges or access sensitive data by circumventing the operating system’s permissions-based model, which revolves around the Transparency, Consent, and Control (TCC) framework. « If successful, the adversary could gain any privileges already granted to the affected
Ex-Engineer Charged in Missouri for Failed $750,000 Bitcoin Extortion Attempt
A 57-year-old man from the U.S. state of Missouri has been arrested in connection with a failed data extortion campaign that targeted his former employer. Daniel Rhyne of Kansas City, Missouri, has been charged with one count of extortion in relation to a threat to cause damage to a protected computer, one count of intentional […]
RansomHub Ransomware Group Targets 210 Victims Across Critical Sectors
Threat actors linked to the RansomHub ransomware group encrypted and exfiltrated data from at least 210 victims since its inception in February 2024, the U.S. government said. The victims span various sectors, including water and wastewater, information technology, government services and facilities, healthcare and public health, emergency services, food and agriculture, financial services,
Bulletin d’actualité CERTFR-2024-ACT-039 (02 septembre 2024)
Ce bulletin d’actualité du CERT-FR revient sur les vulnérabilités significatives de la semaine passée pour souligner leurs criticités. Il ne remplace pas l’analyse de l’ensemble des avis et alertes publiés par le CERT-FR dans le cadre d’une analyse de risques pour prioriser l’application des…
Webinar: Learn to Boost Cybersecurity with AI-Powered Vulnerability Management
The world of cybersecurity is in a constant state of flux. New vulnerabilities emerge daily, and attackers are becoming more sophisticated. In this high-stakes game, security leaders need every advantage they can get. That’s where Artificial Intelligence (AI) comes in. AI isn’t just a buzzword; it’s a game-changer for vulnerability management. AI is poised to […]
Comment RansomHub prospère sur les cendres de Lockbit et BlackCat
Le FBI met en garde contre la croissance rapide du gang RansomHub, dont les affiliés ont piraté au moins 210 organisations depuis février.
Next-Generation Attacks, Same Targets – How to Protect Your Users’ Identities
The FBI and CISA Issue Joint Advisory on New Threats and How to Stop Ransomware Note: on August 29, the FBI and CISA issued a joint advisory as part of their ongoing #StopRansomware effort to help organizations protect against ransomware. The latest advisory, AA24-242A, describes a new cybercriminal group and its attack methods. It also […]
Malicious npm Packages Mimicking ‘noblox.js’ Compromise Roblox Developers’ Systems
Roblox developers are the target of a persistent campaign that seeks to compromise systems through bogus npm packages, once again underscoring how threat actors continue to exploit the trust in the open-source ecosystem to deliver malware. « By mimicking the popular ‘noblox.js’ library, attackers have published dozens of packages designed to steal sensitive data and compromise […]
North Korean Hackers Deploy FudModule Rootkit via Chrome Zero-Day Exploit
A recently patched security flaw in Google Chrome and other Chromium web browsers was exploited as a zero-day by North Korean actors in a campaign designed to deliver the FudModule rootkit. The development is indicative of the persistent efforts made by the nation-state adversary, which had made a habit of incorporating rafts of Windows zero-day […]