L’ANSSI révise sa position sur la cryptographie post-quantique
En avril 2022, l’ANSSI avait communiqué sa position sur la cryptographie post-quantique. Elle vient d’y greffer un addendum.
Après le rachat d’Activision Blizzard, Microsoft licencie 1900 personnes dans sa division jeux vidéo
A peine trois mois après avoir finalisé l’acquisition d’Activision Blizzard pour 69 milliards de dollars (avec le soutien des syndicats du…
SystemBC Malware’s C2 Server Analysis Exposes Payload Delivery Tricks
Cybersecurity researchers have shed light on the command-and-control (C2) server of a known malware family called SystemBC. « SystemBC can be purchased on underground marketplaces and is supplied in an archive containing the implant, a command-and-control (C2) server, and a web administration portal written in PHP, » Kroll said in an analysis published last week. The risk and
Free Mobile : la double authentification agace certains abonnés !
Si vous êtes abonné Free Mobile et que vous vous êtes récemment rendu sur l’espace dédié, vous avez remarqué que la firme a mis en place un nouveau système nécessitant une double authentification, mais sans prendre en compte tous les cas de figure.
LODEINFO Fileless Malware Evolves with Anti-Analysis and Remote Code Tricks
Cybersecurity researchers have uncovered an updated version of a backdoor called LODEINFO that’s distributed via spear-phishing attacks. The findings come from Japanese company ITOCHU Cyber & Intelligence, which said the malware « has been updated with new features, as well as changes to the anti-analysis (analysis avoidance) techniques. » LODEINFO (versions 0.6.6 and 0.6.7
Critical Jenkins Vulnerability Exposes Servers to RCE Attacks – Patch ASAP!
The maintainers of the open-source continuous integration/continuous delivery and deployment (CI/CD) automation software Jenkins have resolved nine security flaws, including a critical bug that, if successfully exploited, could result in remote code execution (RCE). The issue, assigned the CVE identifier CVE-2024-23897, has been described as an arbitrary file read vulnerability through the
Cyber Threat Landscape: 7 Key Findings and Upcoming Trends for 2024
The 2023/2024 Axur Threat Landscape Report provides a comprehensive analysis of the latest cyber threats. The information combines data from the platform’s surveillance of the Surface, Deep, and Dark Web with insights derived from the in-depth research and investigations conducted by the Threat Intelligence team. Discover the full scope of digital threats in the Axur […]
China-backed Hackers Hijack Software Updates to Implant « NSPX30 » Spyware
A previously undocumented China-aligned threat actor has been linked to a set of adversary-in-the-middle (AitM) attacks that hijack update requests from legitimate software to deliver a sophisticated implant named NSPX30. Slovak cybersecurity firm ESET is tracking the advanced persistent threat (APT) group under the name Blackwood. It’s said to be active since at least 2018. The […]
Comment utiliser AirDrop et NameDrop en toute confidentialité
Parmi les nombreuses nouveautés d’iOS 17, Apple a apport un soin tout particulier, en faisant évoluer sa fonction d’échanges de fichiers, AirDrop.
Understanding APT, APT-Cache and Their Frequently Used Commands
The post Understanding APT, APT-Cache and Their Frequently Used Commands first appeared on Tecmint: Linux Howtos, Tutorials & Guides . If you’ve ever used Debian or Debian-based distributions like Ubuntu or Linux Mint, then chances are that you’ve used the apt package system to install or The post Understanding APT, APT-Cache and Their Frequently Used Commands […]