Ivanti Warns of Another Endpoint Manager Mobile Vulnerability Under Active Attack
Ivanti has disclosed yet another security flaw impacting Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core, that it said has been weaponized as part of an exploit chain by malicious actors in the wild. The new vulnerability, tracked as CVE-2023-35081 (CVSS score: 7.8), impacts supported versions 11.10, 11.9, and 11.8, as well as those that are […]
IcedID Malware Adapts and Expands Threat with Updated BackConnect Module
The threat actors linked to the malware loader known as IcedID have made updates to the BackConnect (BC) module that’s used for post-compromise activity on hacked systems, new findings from Team Cymru reveal. IcedID, also called BokBot, is a strain of malware similar to Emotet and QakBot that started off as a banking trojan in 2017, before switching to […]
Doctolib va proposer d’échanger des messages privés avec son médecin
Si votre médecin est un fan de Doctolib, cette nouvelle fonction pourra se révéler des plus pratiques. Dans un mail adressé à ses utilisateurs, la plateforme vient d’annoncer les nouveautés pour la rentrée 2023.
Overture Maps Foundation : les premières données publiées
Un article signé GOODTECH.info Face à l’omniprésence de Google sur le terrain de la cartographie, la Linux Foundation héberge, depuis fin 2022, un nouveau projet, l’Overture Maps Foundation. Objectif : fournir des données cartographiques ouvertes fiables et interopérables aux développeurs. Les premières données sont en ligne depuis mercredi. De quoi parle-t-on ? Le site web […]
STARK#MULE Targets Koreans with U.S. Military-themed Document Lures
An ongoing cyber attack campaign has set its sights on Korean-speaking individuals by employing U.S. Military-themed document lures to trick them into running malware on compromised systems. Cybersecurity firm Securonix is tracking the activity under the name STARK#MULE. « Based on the source and likely targets, these types of attacks are on par with past attacks stemming […]
A Data Exfiltration Attack Scenario: The Porsche Experience
As part of Checkmarx’s mission to help organizations develop and deploy secure software, the Security Research team started looking at the security posture of major car manufacturers. Porsche has a well-established Vulnerability Reporting Policy (Disclosure Policy)[1], it was considered in scope for our research, so we decided to start there, and see what we could find. What […]
Hackers Abusing Windows Search Feature to Install Remote Access Trojans
A legitimate Windows search feature is being exploited by malicious actors to download arbitrary payloads from remote servers and compromise targeted systems with remote access trojans such as AsyncRAT and Remcos RAT. The novel attack technique, per Trellix, takes advantage of the « search-ms: » URI protocol handler, which offers the ability for applications and HTML links […]
Trois ans après, Apple et Epic Games se battent toujours en justice
En cours depuis plusieurs années, l’affaire opposant Apple et Epic Games ne semble pas trouver une issue définitive. Bien au contraire, même si les premières décisions semblent donner raison -juridiquement- à Cupertino, elles ont tout de même fragilisé le modèle économique de la Pomme.
Android détecte les AirTags, qui deviennent inutiles contre le vol !
Comme prévu, Google déploie une mise à jour permettant aux appareils Android d’alerter les utilisateurs de la présence d’un AirTag qui ne leur appartient pas.
Search Central Live Tokyo and Jakarta: it’s a wrap
It’s been about a month since Search Central Live Tokyo concluded and about 2 weeks since SCL Jakarta! Looking back at the events makes us happy; it’s really great to be back and meet people in person! But let’s ponder what we learned.