The Danish data protection authority (Datatilsynet) has issued an injunction regarding student data being funneled to Google through the use of Chromebooks and Google Workspace services in the country's schools.

L’industriel allemand, spécialiste des piles et des batteries, s’est déclaré victime d’une cyberattaque. Plusieurs sites de production sont à l’arrêt.

Recently, Check Point Research released a white paper titled “The Obvious, the Normal, and the Advanced: A Comprehensive Analysis of Outlook Attack Vectors”, detailing various attack vectors on Outlook to help the industry understand the security risks the popular Outlook app may bring into organizations. As mentioned in the paper, we discovered an interesting security issue in Outlook when the app handles specific hyperlinks. In this blog post, we will share our research on the issue with the security community and help defend against it. We will also highlight the broader impact of this bug in other software.

Zoom fixed 7 flaws in its desktop and mobile applications, including a critical bug (CVE-2024-24691) affecting the Windows software

The APT group Water Hydra has been exploiting the Microsoft Defender SmartScreen vulnerability CVE-2024-21412 in its campaigns targeting financial market traders. This vulnerability, which has now been patched by Microsoft, was discovered and disclosed by the Trend Micro Zero Day Initiative.

VIGINUM dévoile l’activité d’un réseau baptisé « Portal Kombat », constitué de « portails d’information » numériques diffusant des contenus pro-russes, couvrant positivement l’invasion russe en Ukraine et dénigrant les autorités de Kiev, afin d’influencer les opinions publiques notamment françaises.

Hackers are exploiting a server-side request forgery (SSRF) vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy the new DSLog backdoor on vulnerable devices.

Over the past weeks, Proofpoint researchers have been monitoring an ongoing cloud account takeover campaign impacting dozens of Microsoft Azure environments and compromising hundreds of user accoun...

Bitdefender researchers have discovered a new backdoor targeting Mac OS users.

G7 is drafting a workaround to use frozen assets to rebuild Ukraine.

Popular password management app LastPass is warning customers about a fraudulent app that uses a similar name and icon to attempt to trick LastPass...

Executive Summary On December 13, 2023, Lumen’s Black Lotus Labs reported our findings on the KV-botnet, a covert data transfer network used by state-sponsored actors based in China to conduct espionage and intelligence activities targeting U.S. critical infrastructure. Around the time of the first publication, we identified a spike in activity that we assess aligns

Le Conseil d’État vaudois a décidé de mettre fin au contrat avec le prestataire informatique bernois en raison de retards et de prestations insuffisantes.

A new Rust-based macOS malware spreading as a Visual Studio update to provide backdoor access to compromised systems uses infrastructure linked to the infamous ALPHV/BlackCat ransomware gang.

France, the UK, the US, and others will work on a framework for the responsible use of tools like NSO Group's Pegasus, and Shadowserver Foundation gains £1 million investment.

Car maker Hyundai Motor Europe suffered a Black Basta ransomware attack, with the threat actors claiming to have stolen three terabytes of corporate data.

Today, the Department of State is announcing a reward offer of up to $10,000,000 for information leading to the identification and/or location of any individual(s) who hold a key leadership position in the Hive ransomware variant transnational organized crime group. In addition, we are also announcing a reward of up to $5,000,000 for information leading […]

Today, Ivanti warned of a new authentication bypass vulnerability impacting Connect Secure, Policy Secure, and ZTA gateways, urging admins to secure their appliances immediately.

At Ivanti, our top priority is upholding our commitment to deliver and maintain secure products for our customers. Our team has been working around the clock to aggressively review all code and is singularly focused on bringing full resolution to the issues affecting Ivanti Connect Secure (formerly Pulse Connect Secure), Ivanti Policy Secure and ZTA gateways.

We have been following our product incident response process and rigorously assessing our products and code alongside world-class security experts and collaborating with the broader security ecosystem to share intelligence. We are committed to communicating findings openly with customers, consistent with our commitment to security and responsible disclosure.

We're very familiar with the many projects in which Raspberry Pi hardware is used, from giving old computers a new lease of life through to running the animated displays so beloved by retailers. But cracking BitLocker? We doubt the company will be bragging too much about that particular application.

The technique was documented in a YouTube video over the weekend, which demonstrated how a Raspberry Pi Pico can be used to gain access to a BitLocker-secured device in under a minute, provided you have physical access to the device.