Toute l'actualité de la Cybersécurité
It's Near-Unanimous: AI, ML Make the SOC Better
2024-11-20 21:27:02
Efficiency is the name of the game for the security operations center — and 91% of cybersecurity pros say AI and ML are winning that game.
Ford data breach involved a third-party supplier
2024-11-20 21:22:09
Ford investigates a data breach linked to a third-party supplier and pointed out that its systems and customer data were not compromised. Ford investigation investigated a data breach after a threat actors...
SquareX Brings Industry's First Browser Detection Response Solution to AISA Melbourne CyberCon 2024
2024-11-20 21:00:16
Palo Alto, California, 20th November 2024, CyberNewsWire
Fintech giant Finastra investigates data breach after SFTP hack
2024-11-20 20:56:59
Finastra has confirmed it warned customers of a cybersecurity incident after a threat actor began selling allegedly stolen data on a hacking forum. [...]
MITRE shares 2024's top 25 most dangerous software weaknesses
2024-11-20 20:37:39
MITRE has shared this year's top 25 list of the most common and dangerous software weaknesses behind more than 31,000 vulnerabilities disclosed between June 2023 and June 2024. [...]
China's 'Liminal Panda' APT Attacks Telcos, Steals Phone Data
2024-11-20 20:35:09
In US Senate testimony, a CrowdStrike exec explained how this advanced persistent threat penetrated telcos in Asia and Africa, gathering SMS messages, unique identifiers, and other metadata along the...
US charges five linked to Scattered Spider cybercrime gang
2024-11-20 19:22:58
The U.S. Justice Department has charged five suspects believed to be part of the financially motivated Scattered Spider cybercrime gang with conspiracy to commit wire fraud. [...]
Ubuntu Linux impacted by decade-old 'needrestart' flaw that gives root
2024-11-20 19:04:21
Five local privilege escalation (LPE) vulnerabilities have been discovered in the needrestart utility used by Ubuntu Linux, which was introduced over 10 years ago in version 21.04. [...]
US and UK Military Social Network “Forces Penpals” Exposes SSN, PII Data
2024-11-20 18:42:25
Forces Penpals, a social network for US and UK military personnel, exposed the sensitive data of 1.1M users,…
Alleged Ford 'Breach' Encompasses Auto Dealer Info
2024-11-20 18:10:48
Cybersecurity investigators found the leaked data to be information from a third party, not Ford itself, that is already accessible to the public and not sensitive in nature.
Cyberattaque sur le Département de La Réunion : le mystérieux groupe Termite revendique l'incident
2024-11-20 18:08:01
Un groupe de pirates informatiques baptisé Termite a récemment revendiqué une cyberattaque visant le Département de La Réunion. Cette intrusion, survenue le 13 novembre 2024 selon les pirates, a...
70 % des collaborateurs pas suffisamment sensibilisés à la cybersécurité
2024-11-20 17:43:32
Selon un rapport de Fortinet, près de 70 % des entreprises estiment que leurs collaborateurs ne sont pas suffisamment sensibilisés aux fondamentaux de la cybersécurité. Cette nouvelle étude met en...
Phishing Gendarmerie : quand les pirates exploitent la curiosité des internautes
2024-11-20 17:41:18
Un site frauduleux, prétendant sensibiliser à la cybersécurité, a été récemment repéré par ZATAZ sous le nom de domaine prévention gendarmerie....
Mishing : la menace mobile croissante qui plane sur les entreprises
2024-11-20 17:38:19
Au cours des 10 dernières années, l'usage des appareils mobiles dans le secteur professionnel a beaucoup évolué et impacte désormais fortement la communication et la productivité en entreprise....
Comment définir la période de validité de l'infrastructure à clé publique (PKI) et les meilleures pratiques en matière de révocation
2024-11-20 17:35:11
Définir les périodes de validité optimales des certificats de PKI peut s’avérer complexe et décourageant. Les conséquences pour la sécurité du réseau et l’efficacité opérationnelle...
How Functional Isolation Forest Detects Anomalies
2024-11-20 17:00:16
Functional Isolation Forest (FIF) uses random splits in functional Hilbert space and projections onto a dictionary to isolate anomalies. Its performance heavily relies on dictionary selection, influencing...
Leveling Up Fuzzing: Finding more vulnerabilities with AI
2024-11-20 16:55:00
Posted by Oliver Chang, Dongge Liu and Jonathan Metzman, Google Open Source Security TeamRecently, OSS-Fuzz reported 26 new vulnerabilities to open source project maintainers, including one vulnerability...
Velar Integration Brings Automated Trading to Bitcoin Markets
2024-11-20 16:52:44
A partnership between technology provider Velar and investment platform DCA HQ introduces automated Dollar-Cost Averaging (DCA) capabilities for Bitcoin and related assets. DCA, a method long used in...
Microsoft confirms game audio issues on Windows 11 24H2 PCs
2024-11-20 16:48:49
Microsoft says a Windows 24H2 bug causes game audio to unexpectedly increase to full volume when using USB DAC sound systems. [...]
La maturité en cybersécurité des communes françaises reste préoccupante
2024-11-20 16:46:49
La cybersécurité est l'affaire de tous. Y compris des communes - même les plus petites - qui sont également des cibles pour (...)
New Ghost Tap attack abuses NFC mobile payments to steal money
2024-11-20 16:44:42
Cybercriminals have devised a novel method to cash out from stolen credit card details linked to mobile payment systems such as Apple Pay and Google Pay, dubbed 'Ghost Tap,' which relays NFC card data...
Multiple Vulnerabilities in Wowza Streaming Engine (Fixed)
2024-11-20 16:42:05
Rapid7 is disclosing multiple vulnerabilities in Wowza Streaming Engine below v4.9.1. These vulnerabilities are tracked as CVE-2024-52052, CVE-2024-52053, CVE-2024-52054, CVE-2024-52055, and CVE-2024-52056....
Really Simple Security Plugin Flaw Risks 4+ Million WordPress Websites
2024-11-20 16:41:09
Heads up, WordPress admins! The WordPress plugin Really Simple Security had a serious security flaw.…
Really Simple Security Plugin Flaw Risks 4+ Million WordPress Websites on Latest Hacking News...
Fhenix Enhances Blockchain Privacy with New Testnet Release
2024-11-20 16:38:46
Fhenix has released Nitrogen, an upgraded testnet for its Layer 2 network that incorporates Fully Homomorphic Encryption (FHE) The release marks a significant development in blockchain privacy technology,...
Fedora 40: llvm-test-suite 2024-300397332b Security Advisory Updates
2024-11-20 16:22:10
Remove ClamAV subdirectory because of viruses in input files: These were the findings: MultiSource/Applications/ClamAV/inputs/rtf-test/rtf1.rtf: Eicar-Signature MultiSource/Applications/ClamAV/inputs/clam.zip:...
ANY.RUN Sandbox Automates Interactive Analysis of Complex Cyber Attack Chains
2024-11-20 16:18:08
ANY.RUN, a well-known interactive malware analysis platform, has announced Smart Content Analysis, an enhancement to its Automated Interactivity feature. This new mechanism is designed to automatically...
The HackerNoon Newsletter: Predicted Outputs: The OpenAI Feature You Probably Missed (11/20/2024)
2024-11-20 16:07:22
How are you, hacker?
🪐 What's happening in tech today, November 20, 2024?
The
HackerNoon Newsletter
brings the HackerNoon
...
Microsoft avance dans son initiative pour un futur sécurisé
2024-11-20 15:46:28
Lors de sa conférence Ignite de mardi, Microsoft a fait le point sur l'état d'avancement de son initiative pour un avenir sûr (Secure (...)
Hacker obtained documents tied to lawsuit over Matt Gaetz's sexual misconduct allegations
2024-11-20 15:33:01
A hacker allegedly accessed a file containing testimony from a woman claiming she had sex with Matt Gaetz when she was 17, sparking controversy. The New York Times reported that a hacker, who goes online...
Piratage d'Osiris : des données sensibles sur les accidents du travail en vente sur le dark web
2024-11-20 15:32:04
Un pirate informatique a revendiqué sur un forum clandestin le piratage d'Osiris, une plateforme clé utilisée par les autorités publiques françaises pour la gestion des indemnisations liées aux...
Building Scalable E-commerce Infrastructure on Magento
2024-11-20 15:30:16
This article highlights the key challenges Ruroc faced and the solutions they implemented. It serves as a guide for developers to build scalable e-commerce infrastructure on Magento while avoiding similar...
Threat Brief: Operation Lunar Peek, Activity Related to CVE-2024-0012 and CVE-2024-9474 (Updated Nov. 19)
2024-11-20 15:26:18
We detail the observed limited activity regarding authentication bypass vulnerability CVE-2024-0012 affecting specific versions of PAN-OS software, and include protections and mitigations.
The post Threat...
The Difference Between Crypto Trading and Crypto Investing
2024-11-20 15:12:46
Welcome to the crypto bull market of 2024–2025! Success hinges on understanding trading vs. investing. Traders focus on short-term price moves, aiming to profit from momentum, with little concern for...
Fuite de données chez Auchan : les cagnottes de fidélité, un juteux business pirate
2024-11-20 15:10:10
Le géant de la grande distribution Auchan a été victime d'un piratage massif visant son espace client. L'enseigne a annoncé que plusieurs centaines de milliers de comptes ont été compromis,...
Understanding Parallel Programming: A Guide for Beginners, Part II
2024-11-20 15:09:06
A **RunLoop** helps asynchronous tasks run at the right time without blocking or interfering with the main thread. It functions as a cycle of event handling, used to schedule tasks and coordinate incoming...
Apple Urgently Patches Actively Exploited Zero-Days
2024-11-20 15:05:05
Though information regarding the exploits is limited, the company did report that Intel-based Mac systems have been targeted by cybercriminals looking to exploit CVE-2024-44308 and CVE-2024-44309.
Small US Cyber Agencies Are Underfunded & That's a Problem
2024-11-20 15:00:00
If the US wants to maintain its lead in cybersecurity, it needs to make the tough funding decisions that are demanded of it.
From Resistance to Resilience: Change Management for First-timers in Digital Transformation
2024-11-20 14:55:58
This article highlights the critical role of change management in digital transformation through Kotter's 8-Step Model. By addressing workflow dependencies, simulating real-life processes in early hands-on...
Hackers Exploit Misconfigured Jupyter Servers for Illegal Sports Streaming
2024-11-20 14:44:14
Aqua Nautilus' research reveals hackers are leveraging vulnerable and misconfigured Jupyter Notebook servers to steal live sports streams.…
Kaspersky peut-il protéger notre vie numérique ?
2024-11-20 14:32:23
Kaspersky est une entreprise spécialisée dans la cybersécurité. Utilisées partout dans le monde, même si certains pays s'en éloignent, ses solutions restent visiblement particulièrement efficaces....
ANY.RUN Sandbox Now Automates Interactive Analysis of Complex Cyber Attack Chains
2024-11-20 14:21:57
Dubai, United Arab Emirates, 20th November 2024, CyberNewsWire
Who's managing cybersecurity at organizations that don't have a CISO?
2024-11-20 14:18:14
This week in cybersecurity from the editors at Cybercrime Magazine –Read the Full Story in CSO Sausalito, Calif. – Nov. 20, 2024 Many companies have yet to embrace the role of chief information security...
'Water Barghest' Sells Hijacked IoT Devices for Proxy Botnet Misuse
2024-11-20 14:14:02
An elusive, sophisticated cybercriminal group has used known and zero-day vulnerabilities to compromise more than 20,000 SOHO routers and other IoT devices so far, and then puts them up for sale on a...
Rekoobe Backdoor In Open Directories Possibly Attacking TradingView Users
2024-11-20 14:13:27
APT31, using the Rekoobe backdoor, has been observed targeting TradingView, a popular financial platform, as researchers discovered malicious domains mimicking TradingView, suggesting a potential interest...
Gnosis conditional token framework (CTF): tokenizing potential outcomes in prediction markets
2024-11-20 14:11:53
The concept of the "Gnosis conditional token framework" implements a codebase for tokenizing potential outcomes in prediction markets. Such markets are often referred to as information markets, idea futures,...
Water Barghest Botnet Comprised 20,000+ IoT Devices By Exploiting Vulnerabilities
2024-11-20 14:08:11
Water Barghest, a sophisticated botnet, exploits vulnerabilities in IoT devices to enlist them in a residential proxy marketplace by leveraging automated scripts to identify vulnerable devices from public...
Fedora 39: chromium 2024-9c44ad3527 Security Advisory Updates
2024-11-20 14:04:10
Update to 130.0.6723.116
North Korean IT Worker Using Weaponized Video Conference Apps To Attack Job Seakers
2024-11-20 14:00:37
North Korean IT workers, operating under the cluster CL-STA-0237, have been implicated in recent phishing attacks leveraging malware-infected video conference apps. The group, likely based in Laos,...
Ubuntu 7123-1: Linux kernel (Azure) Security Advisory Updates
2024-11-20 14:00:14
Several security issues were fixed in the Linux kernel.
Predicted Outputs: The OpenAI Feature You Probably Missed
2024-11-20 14:00:13
Predicted Outputs significantly reduce latency for model responses, especially when much of the output is known ahead of time. This feature is particularly beneficial for applications that involve regenerating...
Rapid7 Extends AWS Support to Include Coverage for Newly-Launched Resource Control Policies (RCPs)
2024-11-20 14:00:00
Rapid7 is excited to announce our support for Amazon Web Services' (AWS) new Resource Control Policies (RCPs), a powerful tool designed to bolster security controls for organizations using AWS infrastructure....
Protecting your digital assets from non-human identity attacks
2024-11-20 14:00:00
Untethered data accessibility and workflow automation are now foundational elements of most digital infrastructures. With the right applications and protocols in place, businesses no longer need to feel...
Ubuntu 7121-2: Linux kernel (Azure) Security Advisory Updates
2024-11-20 13:59:45
Several security issues were fixed in the Linux kernel.
Ubuntu 7120-2: Linux kernel Security Advisory Updates
2024-11-20 13:59:21
Several security issues were fixed in the Linux kernel.
Hackers Hijacked Misconfigured Servers For Live Streaming Sports
2024-11-20 13:56:37
Recent threat hunting activities focused on analyzing outbound network traffic and binaries within containerized environments. By cross-referencing honeypot data with threat intelligence platforms, researchers...
“Sad announcement” email leads to tech support scam
2024-11-20 13:47:34
People are receiving disturbing emails that appear to imply something has happened to their friend or family member.
Amazon and Audible flooded with 'forex trading' and warez listings
2024-11-20 13:47:04
Amazon, Amazon Music, and Audible, an Amazon-owned online audiobook and podcast service, have been flooded with bogus listings that push dubious "forex trading" sites, Telegram channels, and suspicious...
Volt Typhoon Attacking U.S. Critical Infra To Maintain Persistent Access
2024-11-20 13:46:52
Volt Typhoon, a Chinese state-sponsored threat actor, targets critical infrastructure sectors like communications, energy, transportation, and water systems by pre-positions itself in target networks,...
USN-7120-2: Linux kernel vulnerabilities
2024-11-20 13:42:54
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- File systems infrastructure;
...
Télécom SudParis et Spie ICS créent un laboratoire IT commun
2024-11-20 13:40:40
Télécom SudParis et l’entreprise de services numériques Spie ICS ont annoncé la création d’un laboratoire (...)
USN-7121-2: Linux kernel (Azure) vulnerabilities
2024-11-20 13:36:55
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
...
USN-7123-1: Linux kernel (Azure) vulnerabilities
2024-11-20 13:30:41
It was discovered that the CIFS network file system implementation in the
Linux kernel did not properly validate certain SMB messages, leading to an
out-of-bounds read vulnerability. An attacker could...
AlmaLinux 9.5 Released: Exploring Key Updates & Improvements
2024-11-20 13:22:03
Upgrading and maintaining your operating system is crucial to optimal performance and security. AlmaLinux, a widely used open-source Linux distribution, recently released version 9.5 with new features...
Code Smell 280 - Spaghetti Code
2024-11-20 13:17:06
GOTO statements create confusing and unmaintainable code
The Dual Edge of Open Source: Examining Key Benefits and Security Challenges
2024-11-20 13:14:14
Open-source software (OSS) adoption has increased dramatically over recent years due to its flexibility and cost-cutting benefits, but whether or not OSS is completely safe is often controversial. Due...
Update now! Apple confirms vulnerabilities are already being exploited
2024-11-20 13:12:55
Apple has released security updates that look especially important for Intel-based Macs because they are already being exploited in the wild.
Analyzing the Emergence of Helldown Ransomware Targeting Linux & VMware Systems
2024-11-20 13:11:09
Recently, cybersecurity researchers discovered a Linux variant of the Helldown ransomware strain . This finding signals that threat actors have begun targeting VMware and Linux systems as attack vectors,...
Mitigating the Risk of Cybercrime While Traveling Abroad
2024-11-20 13:00:09
Global tourism is reaching pre-pandemic records and many people are eager to embark on a new adventure. Yet at the same time, incidents of cybercrimes are increasing at a staggering...
The post Mitigating...
How Bitcoin's digital signature feature facilitates Web3 adoption
2024-11-20 12:43:20
Bitcoin is a pioneer in technological advancement and decentralization. As its creator states in the white paper, peer-to-peer…
From OpenAI to Closed AI: Custom Chips Are Closing The Doors—What's Next?
2024-11-20 12:00:11
Word on the street is that OpenAI's working with Broadcom to develop custom chips. Written into this rumor is a message that the days of universally accessible AI may be numbered—here's why designer...
Linux Variant of Helldown Ransomware Targets VMware ESX Servers
2024-11-20 11:55:39
Cybersecurity firm Sekoia has discovered a new variant of Helldown ransomware. The article details their tactics and how…
Avec la GenAI, Microsoft renforce la sécurité des entreprises
2024-11-20 11:25:48
Les annonces ont été foisonnantes à la dernière conférence dédiée aux développeurs de Microsoft (...)
Threat Assessment: Ignoble Scorpius, Distributors of BlackSuit Ransomware
2024-11-20 11:00:53
Explore this assessment on cybercrime group Ignoble Scorpius, distributors of BlackSuit ransomware. Since May 2023, operations have increased —affecting critical sectors.
The post Threat Assessment:...
Microsoft Ignite New 360-Degree Details Attackers Tools & Methods
2024-11-20 10:58:35
A significant leap forward in cybersecurity was announced with the introduction of new threat intelligence (TI) capabilities in Security Copilot, aimed at giving organizations a comprehensive ‘360-degree’...
Apple addressed two actively exploited zero-day vulnerabilities
2024-11-20 10:39:57
Apple released security updates for iOS, iPadOS, macOS, visionOS, and Safari browser to address two actively exploited zero-day flaws. Apple released security updates for two zero-day vulnerabilities,...
Cyber Resilience Act : Keyfactor rappelle 5 faits majeurs pour se mettre sereinement en conformité
2024-11-20 10:22:44
Le 10 octobre dernier, le Conseil de l'Union Européenne a adopté le Cyber Resilience Act (CRA), un règlement qui impose des exigences de cybersécurité pour tous les produits embarquant des éléments...
AI Granny Daisy takes up scammers' time so they can't bother you
2024-11-20 09:31:55
An Artificial Intelligence model called Daisy has been deployed to waste phone scammers' time so they can't defraud real people.
Glove Stealer Emerges A New Malware Threat For Browsers
2024-11-20 09:13:58
Researchers discovered a new malware running active campaigns in the wild, infecting browsers. Identified as…
Glove Stealer Emerges A New Malware Threat For Browsers on Latest Hacking News | Cyber...
The Future of Mobile Security: Emerging Threats and Countermeasures
2024-11-20 08:59:58
As mobile devices like smartphones and tablets become increasingly ubiquitous, mobile security is more important…
The Future of Mobile Security: Emerging Threats and Countermeasures on Latest Hacking...
Trend Micro Deep Security Vulnerable to Command Injection Attacks
2024-11-20 08:59:43
Trend Micro has released a critical update addressing a remote code execution (RCE) vulnerability (CVE-2024-51503) in its Trend Micro Deep Security 20 Agent. This vulnerability, identified as a manual...
Debian LTS: DLA-3960-1: thunderbird Security Advisory Updates
2024-11-20 08:43:50
A security issue was discovered in Thunderbird, which could result in the disclosure of OpenPGP encrypted messages. For Debian 11 bullseye, this problem has been fixed in version
African Reliance on Foreign Suppliers Boosts Insecurity Concerns
2024-11-20 08:00:00
Recent backdoor implants and cyber-espionage attacks on their supply chains have African organizations looking to diversify beyond Chinese, American tech vendors.
Unsecured JupyterLab and Jupyter Notebooks servers abused for illegal streaming of Sports events
2024-11-20 07:32:57
Threat actors exploit misconfigured JupyterLab and Jupyter Notebooks servers to rip sports streams and illegally redistribute them. Researchers from security firm Aqua observed threat actors exploiting...
CISA Warns Kemp LoadMaster OS Command Injection Vulnerability Exploited in Attacks
2024-11-20 07:21:42
The Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent security advisory warning organizations about an active exploitation of a critical vulnerability in Progress Kemp LoadMaster,...
DeepTempo Launches AI-Based Security App for Snowflake
2024-11-20 05:52:51
DeepTempo's Tempo is a deep learning-based Snowflake native app that allows organizations to detect and respond to evolving threats directly within their Snowflake environments.
Fintech Giant Finastra Investigating Data Breach
2024-11-20 01:12:15
The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. Finastra, which provides software...
RIIG Launches With Risk Intelligence Solutions
2024-11-20 00:50:33
RIIG is a risk intelligence and cybersecurity solutions provider offering open source intelligence solutions designed for zero-trust environments.
SWEEPS Educational Initiative Offers Application Security Training
2024-11-20 00:33:51
The secure coding curriculum, funded by a .5 million grant, is available for students and professionals at all stages of their careers.
List of 15 new domains
2024-11-20 00:00:00
.fr b-populaire-mediterannee[.fr] (registrar: Hostinger operations UAB)
cabaya[.fr] (registrar: Hosting Concepts B.V. d/b/a Openprovider)
client-services-client[.fr] (registrar: AMEN / Agence des Médias...
Vulnérabilité dans Google Chrome (20 novembre 2024)
20/11/2024
Une vulnérabilité a été découverte dans Google Chrome. Elle permet à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Multiples vulnérabilités dans les produits Apple (20 novembre 2024)
20/11/2024
De multiples vulnérabilités ont été découvertes dans les produits Apple. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Multiples vulnérabilités dans les produits Spring (20 novembre 2024)
20/11/2024
De multiples vulnérabilités ont été découvertes dans les produits Spring. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et un contournement de la...
Multiples vulnérabilités dans les produits Atlassian (20 novembre 2024)
20/11/2024
De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des...