North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS
A threat actor with ties to the Democratic People’s Republic of Korea (DPRK) has been observed targeting cryptocurrency-related businesses with a multi-stage malware capable of infecting Apple macOS devices. Cybersecurity company SentinelOne, which dubbed the campaign Hidden Risk, attributed it with high confidence to BlueNoroff, which has been previously linked to malware families such as
Malicious PyPI Package ‘Fabrice’ Found Stealing AWS Keys from Thousands of Developers
Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) that has racked up thousands of downloads for over three years while stealthily exfiltrating developers’ Amazon Web Services (AWS) credentials. The package in question is « fabrice, » which typosquats a popular Python library known as « fabric, » which is designed to execute shell commands […]
SteelFox and Rhadamanthys Malware Use Copyright Scams, Driver Exploits to Target Victims
An ongoing phishing campaign is employing copyright infringement-related themes to trick victims into downloading a newer version of the Rhadamanthys information stealer since July 2024. Cybersecurity firm Check Point is tracking the large-scale campaign under the name CopyRh(ight)adamantys. Targeted regions include the United States, Europe, East Asia, and South America. « The campaign
China-Aligned MirrorFace Hackers Target EU Diplomats with World Expo 2025 Bait
The China-aligned threat actor known as MirrorFace has been observed targeting a diplomatic organization in the European Union, marking the first time the hacking crew has targeted an organization in the region. « During this attack, the threat actor used as a lure the upcoming World Expo, which will be held in 2025 in Osaka, Japan, » […]
5 Most Common Malware Techniques in 2024
Tactics, techniques, and procedures (TTPs) form the foundation of modern defense strategies. Unlike indicators of compromise (IOCs), TTPs are more stable, making them a reliable way to identify specific cyber threats. Here are some of the most commonly used techniques, according to ANY.RUN’s Q3 2024 report on malware trends, complete with real-world examples. Disabling of […]
🇬🇧 Phishing campaigns by the Nobelium intrusion set (06 décembre 2021)
Version française: 🇫🇷 ANSSI has observed a number of phishing campaigns directed against French entities since February 2021. Technical indicators correspond to activities associated with the Nobelium intrusion set. These campaigns have succeeded in compromising email accounts belonging to French…
Les Mac M4 sont disponibles sur Amazon !
La semaine dernière, Apple a dévoilé ses premiers Mac M4 avec -dans l’ordre- l’iMac, Mac mini et MacBook Pro 14 et 16 pouces tous compatibles avec Apple Intelligence. La firme a ouvert les précommandes au fil des annonces entre lundi et mercredi, avec une date de livraison dès demain pour les plus rapides ou certaines […]
Kamala Harris a-t-elle perdu l’élection à cause d’un faux appel passé ?
À quelques heures de la défaite de Kamala Harris, une vidéo a été diffusée par ses détracteurs, que vous avez peut-être vous-même vue passer. Capturée au siège du Comité national démocrate, elle montrait Harris en train de passer ce qui semblait être un appel téléphonique pour mobiliser les électeurs.
Les 4 AirTags à 85€, le prix le plus bas jamais constaté !
Il peut être rassurant de placer une balise dans vos sacs et valises afin de pouvoir facilement les retrouver si vous les égarez. Une promotion permet aujourd’hui de s’offrir un pack de 4 AirTags au meilleur prix.
Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems
Cisco has released security updates to address a maximum severity security flaw impacting Ultra-Reliable Wireless Backhaul (URWB) Access Points that could permit unauthenticated, remote attackers to run commands with elevated privileges. Tracked as CVE-2024-20418 (CVS score: 10.0), the vulnerability has been described as stemming from a lack of input validation to the web-based management