Discover advanced phishing techniques bypassing email security—Intezer reveals threats hidden in SVGs, PDFs, OneDrive, and OpenXML files.
A researcher has discovered a data broker had stored 644,869 PDF files in a publicly accessible cloud storage container.
Three weeks ago, Gootloader samples suddenly dried up. This has happened before, so I switched VPNs and tried new locations—coffee shops, friends’, and family’s Wi-Fi networks—but still couldn’t re…
UNC2970 is a cyber espionage group suspected to have a North Korea nexus.
A new piece of malware that we're calling TodoSwift downloads its malicious payload alongside a seemingly legitimate piece of content about cryptocurrency.
PDF (Portable Document Format) files have become an integral part of modern digital communication. Renowned for their universality and fidelity, PDFs offer a robust platform for sharing documents across diverse computing environments. PDFs have evolved into a standard format for presenting text, images, and multimedia content with consistent layout and formatting, irrespective of the software, hardware, or operating system used to view them. This versatility has made PDFs indispensable in fields ranging from business and academia to government and personal use, serving as a reliable means of exchanging information in a structured and accessible manner.
Man-in-the-Middle (MitM), one of the best known attacks in the world of computer security, is among the greatest concerns for professionals in the field. Main goal of MitM is to compromise confidentiality, integrity and availability of data flowing between source and destination. However, most of its many variants involve difficulties that make it not always possible. The present paper aims at modelling and describing a new method of attack, named Browser-in-the-Middle (BitM) which, despite the similarities with MitM in the way it controls the data flow between a client and the service it accesses, bypasses some of MitM’s typical shortcomings. It could be started by phishing techniques and in some cases coupled to the well-known Man-in-the-Browser (MitB) attack. It will be seen how BitM expands the range of the possible attacker’s actions, at the same time making them easier to implement. Among its features, the absence of the need to install malware of any kind on the victim’s machine and the total control it allows the attacker are to be emphasized.
Document PDF
Ce bulletin d’actualité exceptionnel propose une analyse des 10 vulnérabilités les plus critiques traitées par l’ANSSI au cours de l’année 2021.
ENISA and CERT-EU strongly encourage all public and private sector organisations in the EU to adopt a minimum set of cybersecurity best practices
PDF Document
