Startup Security Tactics: Friction Surveys
When we do quarterly planning, my team categorizes our goals within four evergreen outcomes: Reduce the risk of information security incidents Increase trust in Vanta’s information security program Reduce the friction caused by information security controls Use security expertise to support the business In this article, I’m going to focus on number three: reducing friction. Declaring […]
Critical ‘nOAuth’ Flaw in Microsoft Azure AD Enabled Complete Account Takeover
A security shortcoming in Microsoft Azure Active Directory (AD) Open Authorization (OAuth) process could have been exploited to achieve full account takeover, researchers said. California-based identity and access management service Descope, which discovered and reported the issue in April 2023, dubbed it nOAuth. « nOAuth is an authentication implementation flaw that can affect Microsoft Azure AD
Cybersécurité : comment l’IA générative s’imbrique
Où en est l’intégration de l’IA générative dans les solutions de cybersécurité ? Coup d’œil sur les initiatives d’une dizaine de fournisseurs.
Quelles nouvelles catégories apparaissent dans l’App Podcasts ?
Apple a apporté discrètement quelques améliorations au sein de l’interface de l’App Podcasts afin de simplifier la recherche et la découverte.
Apple bientôt forcée à autoriser des App Store alternatifs ?
Apple sera-t-elle contrainte à autoriser des magasins d’applications tiers ? La question reste pour le moment sans réponse, même si la pression se veut de plus en plus forte aux Etats-Unis, en Europe et désormais en Inde !
Chinese Hacker Group ‘Flea’ Targets American Ministries with Graphican Backdoor
Foreign affairs ministries in the Americas have been targeted by a Chinese state-sponsored actor named Flea as part of a recent campaign that spanned from late 2022 to early 2023. The cyber attacks, per Broadcom’s Symantec, involved a new backdoor codenamed Graphican. Some of the other targets included a government finance department and a corporation that markets […]
New Condi Malware Hijacking TP-Link Wi-Fi Routers for DDoS Botnet Attacks
A new malware called Condi has been observed exploiting a security vulnerability in TP-Link Archer AX21 (AX1800) Wi-Fi routers to rope the devices into a distributed denial-of-service (DDoS) botnet. Fortinet FortiGuard Labs said the campaign has ramped up since the end of May 2023. Condi is the work of a threat actor who goes by the online alias zxcr9999 […]
Alert! Hackers Exploiting Critical Vulnerability in VMware’s Aria Operations Networks
VMware has flagged that a recently patched critical command injection vulnerability in Aria Operations for Networks (formerly vRealize Network Insight) has come under active exploitation in the wild. The flaw, tracked as CVE-2023-20887, could allow a malicious actor with network access to the product to perform a command injection attack, resulting in remote code execution. It impacts VMware
L’IA générative divise : entre cybercriminels et cybersécurité, qui sortira vainqueur de cette nouvelle ère technologique ?
Pour les RSSI, l’enjeu est d’avoir une longueur d’avance afin de protéger leurs organisations contre les dommages financiers et réputationnels dévastateurs pouvant émerger dans le cadre de ce nouveau paysage de menaces alimentées par l’IA.
Pas de WI-Fi 7 pour l’iPhone 15 ! Apple en retard ?
Alors qu’Apple faisait partie des avant-gardistes du réseau sans fil, la firme pourrait-elle prendre du retard et ne pas équiper son prochain smartphone de la dernière génération de Wi-Fi ?