Learn how the threat actor Savvy Seahorse Facebook ads to lure users to fake investment platforms and leverages DNS to allow their attacks to persist for years.

This blog post provides a detailed look at the TTPs of a ransomware affiliate operator. In this case, the endpoint had been moved to another infrastructure (as illustrated by various command lines, and confirmed by the partner), so while Huntress SOC analysts reported the activity to the partner, no Huntress customer was impacted by the ransomware deployment.

The Lazarus Group is back with an upgraded variant of their FudModule rootkit, this time enabled by a zero-day admin-to-kernel vulnerability for CVE-2024-21338. Read this blog for a detailed analysis of this rootkit variant and learn more about several new techniques, including a handle table entry manipulation technique that directly targets Microsoft Defender, CrowdStrike Falcon, and HitmanPro.

In a memo to employees sent Tuesday evening, Sundar Pichai vowed to make structural changes to address the issues found in Gemini’s racially inaccurate images.

Lundi soir, dans un train gare du Nord, un ingénieur de la mairie de Paris s'est fait voler une sacoche contenant un ordinateur et deux clés USB. Problème, dessus étaient stockés les plans de sécurisation des Jeux olympiques de Paris 2024 par la police municipale.

Warning of North Korean cyber threats targeting the Defense Sector

On 26 February, EDRi and its partners Global Witness, Gesellschaft für Freiheitsrechte and Bits of Freedom have submitted a complaint to the European Commission regarding a potential infringement of the Digital Services Act (DSA).

Specifically, we have raised concerns that LinkedIn, a designated Very Large Online Platform (VLOP) under the DSA, infringes the DSA’s new prohibition of targeting online adverts based on profiling using sensitive categories of personal data such as sexuality, political opinions, or race.

• Sonar’s Vulnerability Research Team has discovered an issue that led to multiple XSS vulnerabilities in the popular Content Management System Joomla.
• The issue discovered with the help of SonarCloud affects Joomla’s core filter component and is tracked as CVE-2024-21726.
• Attackers can leverage the issue to gain remote code execution by tricking an administrator into clicking on a malicious link.
• The underlying PHP bug is an inconsistency in how PHP’s mbstring functions handle invalid multibyte sequences.
• The bug was fixed with PHP versions 8.3 and 8.4, but not backported to older PHP versions.
  • Joomla released a security announcement and published version 5.0.3/4.4.3, which mitigates the vulnerability.

Guardio Labs uncovers a sprawling campaign of subdomain hijacking, compromising already over 8,000 domains from esteemed brands and institutions, including MSN, VMware, McAfee, The Economist, Cornell University, CBS, Marvel, eBay and others. This malicious activity, dubbed “SubdoMailing”, leverages the trust associated with these domains to circulate spam and malicious phishing emails by the Millions each day, cunningly using their credibility and stolen resources to slip past security measures.

In our detailed analysis, we disclose how we detected this extensive subdomain hijacking effort, its mechanisms, its unprecedented scale and the main threat actor behind it. Furthermore, we developedthe “SubdoMailing” checker — a website designed to empower domain owners to reclaim control over their compromised assets and shield themselves against such pervasive threats. This report not only sheds light on the magnitude of the issue but also serves as a call to action for enhancing domain security against future exploits.

Comme l’a illustré un récent verdict contre Air Canada, les entreprises peuvent être jugées responsables des inform

Elastic Security Labs observed new PIKABOT campaigns, including an updated version. PIKABOT is a widely deployed loader malicious actors utilize to distribute additional payloads.

Key Takeaways More information about Gootloader can be found in the following reports: The DFIR Report, GootloaderSites, Mandiant, Red Canary, & Kroll. An audio version of this report can be … Read More

The LockBit gang is relaunching its ransomware operation on a new infrastructure less than a week after law enforcement hacked their servers, and is threatening to focus more of their attacks on the government sector.

The Department of Justice joined the United Kingdom and international law enforcement partners in London today to announce the disruption of the LockBit ransomware group, one of the most active ransomware groups in the world that has targeted over 2,000 victims, received more than $120 million in ransom payments, and made ransom demands totaling hundreds of millions of dollars.

Sensitive location data could be sold off to the highest bidder.

Russian-speaking ransomware operation LockBit reestablished a dark web leak site Saturday afternoon, posting a lengthy screed apparently authored by its leader, who

The data breach shows why organisations must enhance cybersecurity measures in the face of growing threats from skilled hackers like IntelBroker.

Avast, the cybersecurity software company, is facing a $16.5 million fine from the FTC after its privacy extensions and antivirus software harvested and sold user data.

In a report going over the state of malware in 2024, device management firm Jamf says that 9% of mobile users were caught by phishing, while 20% of companies were at risk because of bad smartphone configurations.

Durant plusieurs heures, ChatGPT a présenté un comportement inattendu, générant des réponses illogiques et des créa