Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Quotidien Hebdomadaire Mensuel

Quotidien Shaarli

Tous les liens d'un jour sur une page.

Jour précédent
Jour suivant

September 3, 2024

Dutch regulator slaps Clearview AI with $33 million fine, threatens executive liability - The Verge

The Dutch Data Protection Authority imposed the largest fine yet against facial recognition company Clearview AI under the GDPR.

19:23
theverge, EN, 2024, Netherlands, Data, Protection, Authority, GDPR, fine, facial-recognition, legal, fine, EU, ClearviewAI
Transport for London faces 'ongoing cyber security incident'

Transport for London's (TfL) computer systems have been targeted in an ongoing cyber attack.
It said there was no evidence customer data had been compromised and there was currently no impact on TfL services.
Insiders have told BBC London they have been asked to work at home if possible, and that it is the transport provider's backroom systems at the corporate headquarters that are mainly affected.

19:10
bbc, EN, 2024, Transport, London, TfL, cyberattack
Government Emails at Risk: Critical Cross-Site Scripting Vulnerability in Roundcube Webmail
  • Sonar’s Vulnerability Research Team recently discovered a critical Cross-Site Scripting (XSS) vulnerability in Roundcube, a popular open-source webmail software.
  • When a victim views a malicious email in Roundcube sent by an attacker, the attacker can execute arbitrary JavaScript in the victim's browser.
  • Attackers can abuse the vulnerability to steal emails, contacts, and the victim's email password as well as send emails from the victim's account.
  • In October 2023, ESET Research reported that a similar vulnerability was actively used by the APT group Winter Vivern to attack European government entities.
  • Roundcube administrators should update to the patched version 1.6.8 or 1.5.8 as soon as possible.
  • All discovered issues are tracked as CVE-2024-42008, CVE-2024-42009, CVE-2024-42010.
19:02
sonarsource, EN, 2024, Roundcube, Webmail, CVE-2024-42008, CVE-2024-42009, CVE-2024-42010
North Korean threat actor Citrine Sleet exploiting Chromium zero-day

Microsoft observed North Korean threat actor Citrine Sleet exploiting the CVE-2024-7971 zero-day vulnerability in Chromium. Citrine Sleet targets the cryptocurrency sector for financial gain.

18:14
microsoft, EN, 2024, CVE-2024-7971, zero-day, Chromium, North-Korea, cryptocurrency
Breaking down CVE-2024–38063: remote exploitation of the Windows kernel

We have examined the Windows TCP/IP network stack flaw that could grant adversaries remote access with maximum privileges. Exploiting CVE-2024–38063 does not imply any action on the part of the user…

14:57
bi-zone.medium.com, EN, 2024, CVE-2024–38063, IPv6, PoC, analysis
Owners of 1-Time Passcode Theft Service Plead Guilty

Three men in the United Kingdom have pleaded guilty to operating otp[.]agency, a once popular online service that helped attackers intercept the one-time passcodes (OTPs) that many websites require as a second authentication factor in addition to passwords. Launched in…

08:31
krebsonsecurity, EN, 2024, UK, OTP, Multi-Factor-Authentication, One-time-Password, OTP, OTP.Agency, MFA
Admins of MFA bypass service plead guilty to fraud

Three men have pleaded guilty to running OTP.Agency, an online platform that provided social engineering help to obtain one-time passcodes from customers of various banks and services in the U.K.

08:28
bleepingcomputer, EN, 2024, Cybercrime, Legal, Multi-Factor-Authentication, One-time-Password, OTP, OTP.Agency, MFA