Toute l'actualité de la Cybersécurité
Fake Meta Ads Hijacking Facebook Accounts to Spread SYS01 Infostealer
2024-10-30 21:30:07
A malvertising campaign is exploiting Meta’s platform to spread SYS01 infostealer, targeting men 45+ via fake ads for…
The evolution of open source risk: Persistent challenges in software security
2024-10-30 20:57:31
As organizations increasingly rely on open source software, associated security risks grow, demanding more robust and proactive risk management.
15 Leading Technology and Service Providers Achieve SASE Certification
2024-10-30 20:19:15
Investigating a SharePoint Compromise: IR Tales from the Field
2024-10-30 20:19:14
Our investigation uncovered an attacker who accessed a server without authorization and moved laterally across the network, compromising the entire domain.
Ex-Disney Employee Charged With Hacking Menu Database
2024-10-30 19:44:56
In a vengeful move against the happiest place on Earth, the former employee allegedly used his old credentials to make potentially deadly changes.
Norton Report Reveals Nearly Half of US Consumers Were Targeted by a Scam While Online Shopping
2024-10-30 19:27:27
Russia-linked Midnight Blizzard APT targeted 100+ organizations with a spear-phishing campaign using RDP files
2024-10-30 19:20:51
Microsoft warns of a new phishing campaign by Russia-linked APT Midnight Blizzard targeting hundreds of organizations. Microsoft warns of a large-scale spear-phishing campaign by Russia-linked APT Midnight...
Microsoft Entra "security defaults" to make MFA setup mandatory
2024-10-30 19:18:17
Microsoft says it will improve security across Entra tenants where security defaults are enabled by making multifactor authentication (MFA) registration mandatory. [...]
Business Email Compromise (BEC) Impersonation: The Weapon of Choice of Cybercriminals
2024-10-30 19:09:19
Russian Cozy Bear Hackers Phish Critical Sectors with Microsoft, AWS Lures
2024-10-30 18:26:32
Russian state-sponsored hackers Cozy Bear are targeting over 100 organizations globally with a new phishing campaign. This sophisticated…
QNAP patches second zero-day exploited at Pwn2Own to get root
2024-10-30 17:36:27
QNAP has fixed a second zero-day vulnerability exploited at the Pwn2Own Ireland 2024 hacking contest to gain a root shell and take over a TS-464 NAS device. [...]
Cybersecurity Training Resources Often Limited to Developers
2024-10-30 16:50:32
With a lack of cybersecurity awareness training resources for all employees, organizations are more susceptible to being breached or falling short when it comes to preventing threats.
Vishing, Mishing Go Next-Level With FakeCall Android Malware
2024-10-30 16:29:36
A new variant of the sophisticated attacker tool gives cybercriminals even more control over victim devices to conduct various malicious activities, including fraud and cyber espionage.
ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues
2024-10-30 16:12:33
Atlanta, Georgia, 30th October 2024, CyberNewsWire
Why Did Snowflake Have a Target on It? Handling Data Warehouse Security Risks
2024-10-30 16:09:41
In early June, the Ticketmaster breach brought widespread attention to the fact that Snowflake accounts did not require multi-factor authentication (MFA) and some were compromised as a result. If only...
The...
North Korean govt hackers linked to Play ransomware attack
2024-10-30 15:55:32
The North Korean state-sponsored hacking group tracked as 'Andariel' has been linked to the Play ransomware operation, using the RaaS to work behind the scenes and evade sanctions. [...]
Avec Gencore AI, Securiti renforce la protection de la GenAI
2024-10-30 15:48:47
La sécurité des systèmes d’IA génératives, des copilotes ou des agents IA monte en puissance. Pour répondre (...)
North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack
2024-10-30 15:44:00
Threat actors in North Korea have been implicated in a recent incident that deployed a known ransomware family called Play, underscoring their financial motivations.
The activity, observed between May...
Meet Cropler, Connectech & DoubleShift: HackerNoon Startups of the Week
2024-10-30 15:30:14
Welcome to HackerNoon Startups of the Week! Each week, the HackerNoon team showcases a list of startups from our Startups of The Year database. All these startups have been nominated as one of the best...
Pour enrôler ses victimes, les cyberpirates de Black Basta passent par Teams
2024-10-30 15:13:53
Avec le développement des outils collaboratifs en entreprise, les cybercriminels ont trouvé un moyen de dialoguer en direct avec des salariés (...)
How SkyCastle is Solving the Problem in the Movie 'Her'
2024-10-30 15:00:19
SkyCastle aims to solve the authenticity issue in AI relationships, creating unique virtual companions for emotional support, using blockchain for individuality.
Last Call: One Month Left to Win Your Share of ,500 in the #bitcoin Writing Contest
2024-10-30 14:58:53
Over 150 #bitcoin stories have been published, drawing more than 300,000 pageviews. Ten winners have been awarded cash prizes for their standout entries, so far. The final round of the #bitcoin writing...
New “Scary” FakeCall Malware Captures Photos and OTPs on Android
2024-10-30 14:58:51
A new, more sophisticated variant of the FakeCall malware is targeting Android devices. Learn about the advanced features…
Protégez vos communications : comment garantir l'authenticité de vos emails ?
2024-10-30 14:56:57
Si vous envoyez régulièrement des emails, vous avez sûrement déjà été confronté à des problèmes comme vos messages qui finissent dans les spams, ou pire, des tentatives d'usurpation de votre...
Blast Royale to Launch $NOOB Low FDV Community Offering (LCO) For First Gaming x Meme Token
2024-10-30 14:56:40
ROAD TOWN, British Virgin Islands, October 30th, 2024, Chainwire/-- Blast Royale has announced the upcoming pre-sale of its Low FDV Community Offering (LCO) for the $NOOB token, scheduled for November...
Patch now! New Chrome update for two critical vulnerabilities
2024-10-30 14:55:54
Chrome issued a security update that patches two critical vulnerabilities. One of which was reported by Apple
Morph Announces Mainnet Launch On Ethereum, Paving The Way For Consumer Blockchain Adoption
2024-10-30 14:51:05
NEW YORK, NY, October 30th, 2024/Chainwire/--Morph, a global consumer layer for driving blockchain adoption, today announced its mainnet launch on Ethereum. The mainnet launch marks a significant milestone...
Android malware "FakeCall" now reroutes bank calls to attackers
2024-10-30 14:50:50
A new version of the FakeCall malware for Android hijacks outgoing calls from a user to their bank, redirecting them to the attacker's phone number instead. [...]
IA générative, utilisation détournée d'outils de cybersécurité, exploitation d'environnements clouds mal configurés : un rapport met en lumière les nouvelles cybermenaces qui pèsent sur les entreprises
2024-10-30 14:46:12
Les outils de sécurité offensive disponibles dans le commerce et les environnements cloud mal configurés amplifient la surface d’attaque des organisations. Tribune – Elastic, l'entreprise...
Xsolla To Launch Xsolla ZK, Advancing Web3 Adoption For Video Games
2024-10-30 14:44:31
LOS ANGELES, United States, October 30th, 2024/Chainwire/--Xsolla,a global video game commerce company, announces plans to launch Xsolla ZK and introduce a digital backpack of virtual items on the blockchain....
DWF Labs Announces Leadership Transition In Business Development
2024-10-30 14:39:13
Lingling Jiang will be taking over the roles and responsibilities necessary to support and expand our work with valued partners and collaborators. Lingling brings a wealth of experience to her new role,...
Avec La Tech pour Toutes, l'école 42 sensibilise des femmes à l'IT
2024-10-30 14:37:49
En France, les initiatives se poursuivent pour réduire les inégalités de genre qui persistent dans les professions scientifiques. (...)
80 % des RSSI du secteur de la santé se considèrent comme des facilitateurs d'affaires dont l'appétence pour le risque ne cesse de croître
2024-10-30 14:35:50
L'appétence pour le risque des RSSI de ce secteur est supérieure à celle de tous les autres secteurs. Tribune – Netskope, un leader sur le marché du SASE, annonce la publication d'une nouvelle...
Hackers steal 15,000 cloud credentials from exposed Git config files
2024-10-30 14:00:00
A global large-scale dubbed "EmeraldWhale" exploited misconfigured Git configuration files to steal over 15,000 cloud account credentials from thousands of private repositories. [...]
When Cybersecurity Tools Backfire
2024-10-30 14:00:00
Outages are inevitable. Our focus should be on minimizing their scope, addressing underlying causes, and understanding that protecting systems is about keeping bad actors out while maintaining stability...
FBI: Upcoming U.S. general election fuel multiple fraud schemes
2024-10-30 13:44:04
The Federal Bureau of Investigation (FBI) is warning of multiple schemes taking advantage of the upcoming U.S. general election to scam people out of their money or personal data. [...]
Change Healthcare Breach Hits 100M Americans
2024-10-30 13:34:08
Change Healthcare says it has notified approximately 100 million Americans that their personal, financial and healthcare records may have been stolen in a February 2024 ransomware attack that caused the...
Here's a cybersecurity problem: there just aren't enough young people.
2024-10-30 13:34:03
This week in cybersecurity from the editors at Cybercrime Magazine – Read the Full Story in TechPolicy.Press Sausalito, Calif. – Oct. 30, 2024 3.5 million. That's how many unfilled jobs there...
USN-7085-2: X.Org X Server vulnerability
2024-10-30 13:21:06
USN-7085-1 fixed a vulnerability in X.Org. This update provides
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
Original advisory details:
Jan-Niklas Sohn discovered that the X.Org...
'CrossBarking' Attack Targets Secret APIs, Exposes Opera Browser Users
2024-10-30 13:13:27
Using a malicious Chrome extension, researchers showed how an attacker could use a now-fixed bug to inject custom code into a victim's Opera browser to exploit special and powerful APIs, used by developers...
Opera Browser Fixes Big Security Hole That Could Have Exposed Your Information
2024-10-30 13:05:00
A now-patched security flaw in the Opera web browser could have enabled a malicious extension to gain unauthorized, full access to private APIs.
The attack, codenamed CrossBarking, could have made it...
The Karma connection in Chrome Web Store
2024-10-30 13:03:06
Somebody brought to my attention that the Hide YouTube Shorts extension for Chrome changed hands and turned malicious. I looked into it and could confirm that it contained two undisclosed components:...
Malvertising Campaign Hijacks Facebook Accounts to Spread SYS01stealer Malware
2024-10-30 13:00:00
Cybersecurity researchers have uncovered an ongoing malvertising campaign that abuses Meta's advertising platform and hijacked Facebook accounts to distribute information known as SYS01stealer.
"The hackers...
The Importance of Asset Context in Attack Surface Management.
2024-10-30 13:00:00
This topic covers one of the main drivers for ASM and why companies are investing in it, the context it delivers to inform better security decision making.
Cybersecurity Awareness Month: 5 new AI skills cyber pros need
2024-10-30 13:00:00
The rapid integration of artificial intelligence (AI) across industries, including cybersecurity, has sparked a sense of urgency among professionals. As organizations increasingly adopt AI tools to bolster...
Ramp Network Integrates Mexico's SPEI for Real-Time Crypto Conversions
2024-10-30 12:07:16
Ramp Network has announced the integration of Mexico's SPEI payment system into its platform. The integration allows users to convert cryptocurrencies to Mexican pesos and receive funds in their local...
Google fixed a critical vulnerability in Chrome browser
2024-10-30 12:05:34
Google addressed a critical vulnerability in its Chrome browser, tracked as CVE-2024-10487, which was reported by Apple. Google has patched a critical Chrome vulnerability, tracked as CVE-2024-10487,...
USN-7084-2: pip vulnerability
2024-10-30 11:55:54
USN-7084-1 fixed vulnerability in urllib3. This update provides the
corresponding update for the urllib3 module bundled into pip.
Original advisory details:
It was discovered that urllib3 didn't strip...
Researchers Uncover Python Package Targeting Crypto Wallets with Malicious Code
2024-10-30 11:00:00
Cybersecurity researchers have discovered a new malicious Python package that masquerades as a cryptocurrency trading tool but harbors functionality designed to steal sensitive data and drain assets from...
Embarking on a Compliance Journey? Here's How Intruder Can Help
2024-10-30 10:30:00
Navigating the complexities of compliance frameworks like ISO 27001, SOC 2, or GDPR can be daunting.
Luckily, Intruder simplifies the process by helping you address the key vulnerability management criteria...
Jumpy Pisces Engages in Play Ransomware
2024-10-30 10:00:29
A first-ever collaboration between DPRK-based Jumpy Pisces and Play ransomware signals a possible shift in tactics.
The post Jumpy Pisces Engages in Play Ransomware appeared first on Unit 42.
Kaspersky découvre une campagne malveillante sur Telegram visant les entreprises de la fintech
2024-10-30 09:44:35
L'équipe GReAT (Global Research and Analysis team) de Kaspersky a débusqué une campagne cybercriminelle menée par des hackers utilisant Telegram pour diffuser un logiciel espion de type Trojan à...
New PySilon RAT Abusing Discord Platform to Maintain Persistence
2024-10-30 09:02:35
Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan exploits the popular social platform Discord to maintain persistence on infected systems. Discord, known...
Introducing Rootstock Genesis Countdown: User Guide
2024-10-30 09:00:14
The Rootstock Genesis Countdown, starting October 30, invites users to join 16 quests across Rootstock's ecosystem with rewards, raffles, and big prizes. Complete all quests by January 3 for a chance...
NTT s'adosse à Palo Alto pour son service géré de détection des menaces
2024-10-30 09:00:03
Grâce à ce partenariat avec Palo Alto Networks, le fournisseur mondial de services IT, NTT Data, peut offrir un service de sécurité (...)
USN-7085-1: X.Org X Server vulnerability
2024-10-30 08:52:22
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
certain memory operations in the X Keyboard Extension. An attacker could
use this issue to cause the X Server to crash, leading to...
QNAP fixed NAS backup zero-day demonstrated at Pwn2Own Ireland 2024
2024-10-30 08:12:36
QNAP fixed critical zero-day CVE-2024-50388 which was demonstrated against a TS-464 NAS device during the Pwn2Own Ireland 2024 competition. QNAP addressed a critical zero-day vulnerability, tracked as...
Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics
2024-10-30 08:05:20
The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on organizations using sophisticated spear-phishing tactics. Known for its stealth and precision, Konni has...
VimeWorld - 3,118,964 breached accounts
2024-10-30 07:02:43
In October 2018, the Russian Minecraft service VimeWorld suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 3.1M records of usernames, email and...
The TechBeat: Cross-Platform Design Wrapped Part 3: UI Polish and Interaction Design (10/30/2024)
2024-10-30 06:11:06
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
...
Google Chrome Security, Critical Vulnerabilities Patched
2024-10-30 06:05:17
Google has updated its Chrome browser, addressing critical vulnerabilities that posed potential risks to millions of users worldwide. The latest Stable channel update, version 130.0.6723.91/.92 for Windows...
Using GTM Strategies for Digital Tech Startups: My Guide from Launching 7x Businesses
2024-10-30 04:04:28
This guide explores GTM strategies for digital tech startups, highlighting lead generation methods, market dynamics, and the evolution from outbound to inbound marketing, based on personal experiences...
The Algorithm for Inserting Sequences into Sequences
2024-10-30 01:35:33
Maintaining the correct order in data sequences becomes complex when inserting, deleting, or rearranging elements using traditional numbering systems. Common solutions like shifting sequence numbers or...
Metabase Information Disclosure Vulnerability (CVE-2021-41277)
2024-10-30 01:02:27
What is the attack?FortiGuard Labs observes widespread attack attempts targeting a three-year-old Metabase vulnerability (CVE-2021-41277) detected by more than 30,000 sensors. Successful exploitation...
List of 13 new domains
2024-10-30 00:00:00
.fr assurance-vital[.fr] (registrar: AMEN / Agence des Médias Numériques)
connexion-sante-france[.fr] (registrar: EPAG Domainservices GmbH)
controleroutier[.fr] (registrar: EPAG Domainservices GmbH)
dossier-renouvellements[.fr]...
Multiples vulnérabilités dans Google Chrome (30 octobre 2024)
30/10/2024
De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Multiples vulnérabilités dans les produits Apple (30 octobre 2024)
30/10/2024
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité...
Multiples vulnérabilités dans les produits Qnap (30 octobre 2024)
30/10/2024
De multiples vulnérabilités ont été découvertes dans les produits Qnap. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un problème de sécurité non...
Multiples vulnérabilités dans les produits Mozilla (30 octobre 2024)
30/10/2024
De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni...