Cybersecurity firm ESET has addressed a high-severity elevation of privilege vulnerability in its Windows security solution.
The U.S. Government Accountability Office said Monday that CGI Federal, an IT contractor and unit of CGI Inc , notified the agency of a data breach last month affecting about 6,000 current and former GAO employees.
Poland’s new prime minister says he has documentation proving that state authorities under the previous government used the powerful Pegasus spyware illegally and targeted a “very long” list of hacking victims.
Après la cyberattaque dont a été victime le Centre Hospitalier d’Armentières dans la nuit du 10 au 11 février 2024, la direction commune CHU de Lille / CH d’Armentières a engagé des mesures d’urgence et de sécurité pour assurer la continuité des soins, garantir la sécurité des patients, et protéger les données face aux attaques des pirates informatiques.
Air Canada appears to have quietly killed its costly chatbot support.
In 2021, Ivanti patched a vulnerability that they called “code injection”. Rumors say it was a backdoor in an open source project. Let’s find out what actually happened!
Insikt Group has observed TAG-70 leveraging cross-site scripting (XSS) vulnerabilities against Roundcube webmail servers in Europe, targeting government, military, and national infrastructure.
Today we are open-sourcing Magika, Google’s AI-powered file-type identification system, to help others accurately detect binary and textual file types. Under the hood, Magika employs a custom, highly optimized deep-learning model, enabling precise file identification within milliseconds, even when running on a CPU.
Today, many seasoned security professionals will tell you they’ve been fighting a constant battle against cybercriminals and state-sponsored attackers. They will also tell you that any clear-eyed assessment shows that most of the patches, preventative measures and public awareness campaigns can only succeed at mitigating yesterday’s threats — not the threats waiting in the wings.
That could be changing. As the world focuses on the potential of AI — and governments and industry work on a regulatory approach to ensure AI is safe and secure — we believe that AI represents an inflection point for digital security. We’re not alone. More than 40% of people view better security as a top application for AI — and it’s a topic that will be front and center at the Munich Security Conference this weekend.
Google has confirmed a new security scheme which, it says, will help “secure, empower and advance our collective digital future” using AI. Part of this AI Cyber Defence Initiative includes open-sourcing the new, AI-powered, Magika tool that is already being used to help protect Gmail users from potentially problematic content.
A misconfigured cloud storage server belonging to BMW exposed sensitive company information, including private keys and internal data
The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) conducted an incident response assessment of a state government organization’s network environment after documents containing host and user information, including metadata, were posted on a dark web brokerage site. Analysis confirmed that an unidentified threat actor compromised network administrator credentials through the account of a former employee—a technique commonly leveraged by threat actors—to successfully authenticate to an internal virtual private network (VPN) access point, further navigate the victim’s on-premises environment, and execute various lightweight directory access protocol (LDAP) queries against a domain controller.[1] Analysis also focused on the victim’s Azure environment, which hosts sensitive systems and data, as well as the compromised on-premises environment. Analysis determined there were no indications the threat actor further compromised the organization by moving laterally from the on-premises environment to the Azure environment.
Cyble analyzes the increasing incidences of vulnerabilities in Fortinet, highlighting the impact they have on Critical Infrastructure.
In July 2021, someone sent Google a batch of malicious code that could be used to hack Chrome, Firefox, and PCs running Microsoft Defender. That code was
Vyacheslav Igorevich Penchukov pleaded guilty to two counts, each of which carries a possible 20-year prison term.
Group-IB, a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime, has uncovered a new iOS Trojan designed to steal users’ facial recognition data, identity documents, and intercept SMS. The Trojan, dubbed GoldPickaxe.iOS by Group-IB’s Threat Intelligence unit, has been attributed to a Chinese-speaking threat actor codenamed GoldFactory, responsible for developing a suite of highly sophisticated banking Trojans that also includes the earlier discovered GoldDigger and newly identified GoldDiggerPlus, GoldKefu, and GoldPickaxe for Android. To exploit the stolen biometric data, the threat actor utilizes AI face-swapping services to create deepfakes by replacing their faces with those of the victims. This method could be used by cybercriminals to gain unauthorized access to the victim’s banking account – a new fraud technique, previously unseen by Group-IB researchers. The GoldFactory Trojans target the Asia-Pacific region, specifically — Thailand and Vietnam impersonating local banks and government organizations.
Group-IB’s discovery also marks a rare instance of malware targeting Apple’s mobile operating system. The detailed technical description of the Trojans, analysis of their technical capabilities, and the list of relevant indicators of compromise can be found in Group-IB’s latest blog post.
Evidence of a pre-existing exploit was rendered when the Huntress agent was added to an endpoint. Within minutes, and in part through the use of previously published threat intelligence, analysts were able to identify the issue and make recommendations to the customer to remediate the root cause.
We terminated accounts associated with state-affiliated threat actors. Our findings show our models offer only limited, incremental capabilities for malicious cybersecurity tasks.
Microsoft is addressing 73 vulnerabilities this February 2024 Patch Tuesday, including two (actually, three!) zero-day/exploited-in-the-wild vulnerabilities, both of which are already included on the CISA KEV list. Today also brings patches for two critical remote code execution (RCE) vulnerabilities, and a critical elevation of privilege vulnerability in Exchange. Six browser vulnerabilities were published separately this month, and are not included in the total.
La Cour européenne des droits de l’homme a donné raison à un utilisateur de l’application Telegram visé par une demande du FSB, le service de sécurité intérieure russe. La décision pourrait avoir un impact sur certaines lois en cours de discussion en Europe.
The Danish data protection authority (Datatilsynet) has issued an injunction regarding student data being funneled to Google through the use of Chromebooks and Google Workspace services in the country's schools.
L’industriel allemand, spécialiste des piles et des batteries, s’est déclaré victime d’une cyberattaque. Plusieurs sites de production sont à l’arrêt.
Recently, Check Point Research released a white paper titled “The Obvious, the Normal, and the Advanced: A Comprehensive Analysis of Outlook Attack Vectors”, detailing various attack vectors on Outlook to help the industry understand the security risks the popular Outlook app may bring into organizations. As mentioned in the paper, we discovered an interesting security issue in Outlook when the app handles specific hyperlinks. In this blog post, we will share our research on the issue with the security community and help defend against it. We will also highlight the broader impact of this bug in other software.
Zoom fixed 7 flaws in its desktop and mobile applications, including a critical bug (CVE-2024-24691) affecting the Windows software
Cible de hackers, l'établissement de La Colline fonctionne cependant normalement, selon son propriétaire. Celui-ci n'a pas constaté de vols de données des patients.
The APT group Water Hydra has been exploiting the Microsoft Defender SmartScreen vulnerability CVE-2024-21412 in its campaigns targeting financial market traders. This vulnerability, which has now been patched by Microsoft, was discovered and disclosed by the Trend Micro Zero Day Initiative.
VIGINUM dévoile l’activité d’un réseau baptisé « Portal Kombat », constitué de « portails d’information » numériques diffusant des contenus pro-russes, couvrant positivement l’invasion russe en Ukraine et dénigrant les autorités de Kiev, afin d’influencer les opinions publiques notamment françaises.
Hackers are exploiting a server-side request forgery (SSRF) vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy the new DSLog backdoor on vulnerable devices.
Over the past weeks, Proofpoint researchers have been monitoring an ongoing cloud account takeover campaign impacting dozens of Microsoft Azure environments and compromising hundreds of user accoun...
The Justice Department announced today that, as part of an international law enforcement effort, federal authorities in Boston seized internet domains that were used to sell computer malware used by cybercriminals to secretly access and steal data from victims’ computers. Federal authorities in Atlanta and Boston also unsealed indictments charging individuals in Malta and Nigeria, respectively, for their alleged involvement in selling the malware and supporting cybercriminals seeking to use the malware for malicious purposes.
Bitdefender researchers have discovered a new backdoor targeting Mac OS users.
G7 is drafting a workaround to use frozen assets to rebuild Ukraine.
Popular password management app LastPass is warning customers about a fraudulent app that uses a similar name and icon to attempt to trick LastPass...
Executive Summary On December 13, 2023, Lumen’s Black Lotus Labs reported our findings on the KV-botnet, a covert data transfer network used by state-sponsored actors based in China to conduct espionage and intelligence activities targeting U.S. critical infrastructure. Around the time of the first publication, we identified a spike in activity that we assess aligns
