MOVEit Transfer Under Attack: Zero-Day Vulnerability Actively Being Exploited
A critical flaw in Progress Software’s in MOVEit Transfer managed file transfer application has come under widespread exploitation in the wild to take over vulnerable systems. The shortcoming, which is yet to be assigned a CVE identifier, relates to a severe SQL injection vulnerability that could lead to escalated privileges and potential unauthorized access to […]
Evasive QBot Malware Leverages Short-lived Residential IPs for Dynamic Attacks
An analysis of the « evasive and tenacious » malware known as QBot has revealed that 25% of its command-and-control (C2) servers are merely active for a single day. What’s more, 50% of the servers don’t remain active for more than a week, indicating the use of an adaptable and dynamic C2 infrastructure, Lumen Black Lotus Labs said […]
Les aides auditives Oticon MFi sont compatibles avec les Mac
Le leader mondial des aides auditives Oticon annonce la compatibilité de ses gammes Made for iPhone avec les Mac via une mise à jour logicielle.
Unmasking XE Group: Experts Reveal Identity of Suspected Cybercrime Kingpin
Cybersecurity researchers have unmasked the identity of one of the individuals who is believed to be associated with the e-crime actor known as XE Group. According to Menlo Security, which pieced together the information from different online sources, « Nguyen Huu Tai, who also goes by the names Joe Nguyen and Thanh Nguyen, has the strongest likelihood of […]
New Zero-Click Hack Targets iOS Users with Stealthy Root-Privilege Malware
A previously unknown advanced persistent threat (APT) is targeting iOS devices as part of a sophisticated and long-running mobile campaign dubbed Operation Triangulation that began in 2019. « The targets are infected using zero-click exploits via the iMessage platform, and the malware runs with root privileges, gaining complete control over the device and user data, » Kaspersky said. The Russian
Un an après son rachat par Microsoft, Nuance coupe dans ses effectifs
A peine racheté par Microsoft, Nuance n’échappe pas à la cure d’austérité en cours chez le géant de Redmond. Selon le Boston Globe, la société…
Pour les services secrets russes, la NSA et Apple auraient espionné des milliers d’iPhone
La Russie affirme aujourd’hui que l’Agence nationale de la sécurité (NSA) aurait espionné des responsables et des civils russes en utilisant des backdoors de l’iPhone, créées tout spécialement par Apple pour le gouvernement américain.
Microsoft crée une communauté pour les admins sous macOS
Afin de venir en aide à ses utilisateurs œuvrant sur macOS, Microsoft vient de mettre en ligne la communauté Microsoft Mac Admins. A destination des professionnels de l’informatique, celle-ci se destine aux passionnés, comme aux néophytes afin de les aider avec des produits Microsoft sur Mac.
How Wazuh Improves IT Hygiene for Cyber Security Resilience
IT hygiene is a security best practice that ensures that digital assets in an organization’s environment are secure and running properly. Good IT hygiene includes vulnerability management, security configuration assessments, maintaining asset and system inventories, and comprehensive visibility into the activities occurring in an environment. As technology advances and the tools used by
Malicious PyPI Packages Using Compiled Python Code to Bypass Detection
Researchers have discovered a novel attack on the Python Package Index (PyPI) repository that employs compiled Python code to sidestep detection by application security tools. « It may be the first supply chain attack to take advantage of the fact that Python bytecode (PYC) files can be directly executed, » ReversingLabs analyst Karlo Zanki said in a report shared […]