Microsoft MFA AuthQuake Flaw Enabled Unlimited Brute-Force Attempts Without Alerts
Cybersecurity researchers have flagged a « critical » security vulnerability in Microsoft’s multi-factor authentication (MFA) implementation that allows an attacker to trivially sidestep the protection and gain unauthorized access to a victim’s account. « The bypass was simple: it took around an hour to execute, required no user interaction and did not generate any notification or provide the
Researchers Uncover Espionage Tactics of China-Based APT Groups in Southeast Asia
A suspected China-based threat actor has been linked to a series of cyber attacks targeting high-profile organizations in Southeast Asia since at least October 2023. The espionage campaign targeted organizations in various sectors spanning government ministries in two different countries, an air traffic control organization, a telecoms company, and a media outlet, the Symantec Threat […]
Chinese EagleMsgSpy Spyware Found Exploiting Mobile Devices Since 2017
Cybersecurity researchers have discovered a novel surveillance program that’s suspected to be used by Chinese police departments as a lawful intercept tool to gather a wide range of information from mobile devices. The Android tool, codenamed EagleMsgSpy by Lookout, has been operational since at least 2017, with artifacts uploaded to the VirusTotal malware scanning platform […]
Microsoft et OpenAI, bientôt la fin d’une idylle ?
Depuis un certain temps déjà, la relation entre Microsoft et OpenAI se détériore. Leurs dirigeants respectifs, Satya Nadella et Sam Altman,…
Attention, ce malware se cache au sein d’App de visioconférence pour Mac !
Des chercheurs en sécurité alertent les utilisateurs de Mac à propos d’un malware visant actuellement les machines de Cupertino en se dissimulant au sein de fausses applications et services de visioconférence.
L’iPad Air M2 en promo à 649€, la version 13 pouces à 899€ !
Lancés en mai dernier, les iPad Air dotés de la puce M2 sont aujourd’hui disponibles en promotion, améliorant d’autant leur rapport qualité/prix.
Le Cyber Resilience Act entre en vigueur, mais le vrai rendez-vous sera en 2027
Entré en vigueur le 10 décembre 2024, le règlement européen sur la cyberrésilience ne s’appliquera, pour l’essentiel, que trois ans plus tard.
L’Iran réglemente les crypto-monnaies pour contourner les sanctions
L’Iran choisit la réglementation plutôt que l’interdiction des crypto-monnaies, visant contrer les sanctions américaines et s’aligner sur l’économie mondiale.
U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls
The U.S. government on Tuesday unsealed charges against a Chinese national for allegedly breaking into thousands of Sophos firewall devices globally in 2020. Guan Tianfeng (aka gbigmao and gxiaomao), who is said to have worked at Sichuan Silence Information Technology Company, Limited, has been charged with conspiracy to commit computer fraud and conspiracy to commit […]
Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability
Microsoft closed out its Patch Tuesday updates for 2024 with fixes for a total of 72 security flaws spanning its software portfolio, including one that it said has been exploited in the wild. Of the 72 flaws, 17 are rated Critical, 54 are rated Important, and one is rated Moderate in severity. Thirty-one of the […]