What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2025-04-20 16:16:45 | CVE-2025-32433: Vulnérabilité RCE non authentifiée dans l'implémentation SSH d'Erlang / OTP \\ CVE-2025-32433: Unauthenticated RCE Vulnerability in Erlang/OTP\\'s SSH Implementation (lien direct) |
les principaux plats à retenir
Une vulnérabilité critique a été découverte dans Erlang / OTP, suivie comme CVE-2025-32433, et a un score CVSS de 10 (critique).
Cette vulnérabilité critique du code distant (RCE) affecte le serveur SSH dans la plate-forme logicielle Erlang / OTP.
Cette vulnérabilité permet aux attaquants non authentifiés d'obtenir un accès complet au système en envoyant des paquets SSH fabriqués avant que toute connexion ou information soit fournie.
Les systèmes exécutant le serveur SSH natif d'Erlang / OTP sont en danger et peuvent être intégrés dans les télécommunications, l'IoT, les plates-formes cloud, les bases de données, etc.
Nous recommandons immédiatement les systèmes impactés.
|
Vulnerability Patching Cloud | ★★★ | |
|
2025-04-11 15:49:55 | De l'ombre au projecteur: l'évolution de Lummastealer et ses secrets cachés From Shadow to Spotlight: The Evolution of LummaStealer and Its Hidden Secrets (lien direct) |
|
★★★ | ||
|
2025-04-10 14:30:01 | Une classe ci-dessus: Support expert pour la défense des recours collectifs pour violation de données A Class Above: Expert Support for Data Breach Class Action Defense (lien direct) |
Entre 2022 et 2024, recours collectifs liés aux violations de données aux États-Unis à la fois à Cybersecurity Posture et un |
Data Breach Technical | ★★ | |
|
2025-03-25 16:45:00 | Le cas curieux de Playboy Locker The Curious Case of PlayBoy Locker (lien direct) |
|
★★ | ||
|
2025-03-17 14:41:45 | Suivez-vous le rythme de l'innovation de l'IA de la cybersécurité? Are you keeping pace with Cyber Security AI innovation? (lien direct) |
Sautez si vous avez entendu cette histoire, mais quand j'ai commencé à antivirus chez Dr Solomon \'s, Alan Salomon partagerait comment il est passé de la recouvrement des données du disque dur en antivirus parce qu'il a reçu un volant pour récupérer et reconnu que la corruption était logique. En tant que tel, pour résoudre les dommages, il a écrit un algorithme (il était mathématicien par éducation) pour annuler la corruption. Quelques mois plus tard, il a récupéré un autre entraînement et a reconnu la même corruption logique, ce qui l'a amené à écrire un nouvel algorithme pour détecter cette corruption; C'est ainsi qu'il a commencé le logiciel antivirus du Dr Solomon. Le point ici est que l'antivirus traditionnel a toujours été basé sur la correspondance des modèles. Trouvez quelque chose d'unique à chaque attaque de son code, puis vous pouvez écrire un algorithme ou plus communément appelé ces jours-ci une signature pour détecter, bloquer et réparer l'attaque. Je me souviens qu'Alan a dit efficacement que les signatures avaient résolu le problème du virus, le volume continuerait de croître, tout comme la complexité, mais la même solution de signature s'appliquerait toujours.
Skip ahead if you have heard this story, but when I started in anti-virus at Dr Solomon\'s, Alan Solomon would share how he moved from doing hard disk data recoveries into antivirus because he received a drive to recover and recognized the corruption was logical. As such to fix the damage he wrote an algorithm (he was a mathematician by education) to undo the corruption. A few months later he was recovering another drive and recognized the same logical corruption, which led him to write a new algorithm to detect this corruption; this was how he started Dr Solomon\'s antivirus software. The point here is that traditional anti-virus has always been based on pattern matching. Find something unique to each attack in its code, then you can write an algorithm or more commonly called these days a signature to detect, block and repair the attack. I remember Alan saying effectively that signatures had solved the virus problem, the volume would continue to grow, as would the complexity, but the same signature solution would always apply. |
★★★ | ||
|
2025-03-11 18:06:18 | Craquer le code: comment identifier, atténuer et empêcher les attaques de bacs Cracking the Code: How to Identify, Mitigate, and Prevent BIN Attacks (lien direct) |
Takeways clés
Comprendre les attaques de bacs: Les attaques de bacs exploitent les numéros d'identification bancaire (bacs) accessibles au public sur les cartes de paiement aux détails de la carte brute valides, permettant des transactions frauduleuses. L'identification des modèles d'échec des tentatives d'autorisation est essentielle pour la détection précoce.
Stratégies d'atténuation efficaces: Mise en œuvre de la limitation des taux, de l'authentification améliorée (par exemple, CAPTCHA, MFA), des pare-feu d'application Web (WAFS), du géofencing et des outils de détection basés sur l'apprentissage automatique peuvent réduire considérablement la probabilité d'attaques de bac à succès.
Réponse des incidents collaboratifs: Engagez les processeurs de paiement, les émetteurs de cartes et les équipes de criminalistique numérique pour tracer des attaques, geler les cartes compromises et mettre en œuvre des mesures à long terme comme la tokenisation et la conformité PCI DSS pour renforcer la sécurité des paiements.
Les acteurs de menace ayant des motivations financières exploitent souvent des attaques de bacs lors du ciblage des services financiers ou des victimes de commerce électronique. Les attaques de bacs impliquent des acteurs de menace testant systématiquement les numéros de carte résultant d'un numéro d'identification bancaire (BIN) pour trouver des détails de carte valides. Les valeurs de bac sont affectées aux émetteurs de cartes et forment les 6 à 8 premiers chiffres sur les cartes de paiement. Ces valeurs sont publiées auprès des commerçants, des processeurs de paiement et d'autres fournisseurs de services pour faciliter les transactions et sont accessibles au public. Le bac est ensuite suivi d'un ensemble supplémentaire de nombres (le numéro de compte) pour former un complete numéro de compte primaire (pan), ou numéro de carte.
KEY TAKEAWAYS
Understanding BIN Attacks: BIN attacks exploit the publicly available Bank Identification Numbers (BINs) on payment cards to brute-force valid card details, enabling fraudulent transactions. Identifying patterns of failed authorization attempts is critical for early detection.
Effective Mitigation Strategies: Implementing rate limiting, enhanced authentication (e.g., CAPTCHA, MFA), Web Application Firewalls (WAFs), geofencing, and machine-learning-based fraud detection tools can significantly reduce the likelihood of successful BIN attacks.
Collaborative Incident Response: Engage payment processors, card issuers, and digital forensics teams to trace attacks, freeze compromised cards, and implement long-term measures like tokenization and PCI DSS complianc |
Tool Threat | ★★ | |
|
2025-03-05 22:04:21 | Trois vulnérabilités zéro jour découvertes dans les produits VMware Three Zero-Day Vulnerabilities Discovered in VMware Products (lien direct) |
les principaux plats à retenir
Trois vulnérabilités à jour zéro ont été découvertes dans les produits VMware, suivis comme CVE-2025-22224 , CVE-2025-22225 , et CVE-2025-22226 . .
Presque tous les produits VMware pris en charge et non pris en charge sont touchés, notamment VMware ESXi, VMware Workstation Pro / Player (Workstation), VMware Fusion, VMware Cloud Foundation et VMware Telco Cloud Platform.
Chaîner ces 3 vulnérabilités ensemble permet à un attaquant d'échapper ou de «sortir» d'une machine virtuelle «enfant» (VM), d'accéder à l'hyperviseur ESXi «parent» et potentiellement accéder à toute autre machine virtuelle accessible ainsi que pour le réseau de gestion du cluster VMware exposé.
Nous recommandons la mise à niveau vers des «versions fixes» indiquées dans le vmware par Broadcom Matrix immédiatement.
|
Vulnerability Threat Cloud | ★★ | |
|
2025-02-25 21:57:44 | Signatures trompeuses: techniques avancées dans les attaques BEC Deceptive Signatures: Advanced Techniques in BEC Attacks (lien direct) |
Takeways clés
Sophistication des attaques de BEC: Les attaques de compromis par e-mail (BEC) sont de plus en plus sophistiquées, tirant parti de l'ingénierie sociale avancée, de la personnalisation axée sur l'IA et des kits de phishing afin de surmonter les protections du MFA.
Exploitation de la confiance: Certains groupes d'acteurs de menace ont été découverts en tirant une technique qui implique d'intégrer des leurres de phishing dans des blocs de signature de messagerie sur les comptes d'utilisateurs. Cette tactique trompeuse exploite les destinataires et la confiance et l'attention à la nature bénigne des sections de signature en la remplaçant par un e-mail formaté. Il peut également rester non détecté pendant certaines étapes d'investigation car elle n'est pas considérée comme un changement de règle de boîte de réception qui pourrait être associée à l'exploitation et à l'alerte d'audit spécifiques.
Impact en cascade: Une fois que les informations d'identification initiales sont compromises, les attaquants utilisent souvent ces comptes pour lancer des campagnes de phishing secondaire, élargissant leur portée et augmentant les dommages financiers et de réputation aux organisations. De plus, même après un changement de mot de passe et qu'un acteur de menace a perdu accès à un compte précédemment compromis, si la modification de la signature du bloc n'est pas capturé et corrigée rapidement, l'envoi normal des e-mails par l'utilisateur peut perpétuer sans le savoir l'attaque vers l'avant.
Les attaques de compromis par courrier électronique d'entreprise sont devenues de plus en plus courantes ces dernières années, motivées par des tactiques sophistiquées d'ingénierie sociale qui facilitent la dupe des victimes. Ceci est en partie à la crédibilité que les acteurs de la menace peuvent réaliser en collectant des informations sensibles à partir de sources accessibles au public, y compris des sites Web d'entreprise et des médias sociaux. Les criminels exploitent ces informations pour poser en tant que collègues de confiance ou partenaires commerciaux, en utilisant des comptes de messagerie volés ou usurpés pour livrer des messages convaincants qui incitent les destinataires à transférer des fonds ou à divulguer des informations confidentielles. La nature évolutive de ces régimes est caractérisée par leur taux de réussite élevé, les faibles obstacles technologiques à l'entrée pour les acteurs de la menace et les pertes financières substantielles subies par les organisations victimes. Les progrès de l'automatisation, de la personnalisation dirigée par l'IA et des kits de phishing prêts à l'emploi ont accéléré encore la prolifération des attaques de BEC, créant un marché lucratif pour les cybercriminels.
KEY TAKEAWAYS
Sophistication of BEC Attacks: Business Email Compromi |
Threat | ★★★ | |
|
2025-02-18 21:50:13 | Enhancing Business Email Compromise Incident Response: New Email & Cloud Security Configuration Snapshot (lien direct) |
KEY TAKEAWAYS
Email & Cloud Security Configuration Snapshot can be delivered free as part of BEC investigations, in automated fashion
Snapshot condenses frontline threat intelligence from 1000s of BEC investigations to identify configuration weakness allowing most common BEC attack patterns
Requires no additional client involvement to run
Available for M365 and Google Workspace
Business Email Compromise (BEC) remains one of the most financially devastating forms of cybercrime, with the FBI reporting over $55 billion in BEC losses worldwide over the past 10 years. Requiring little technical expertise, BECs are relatively simple to execute and attackers have found clever ways to bypass most defenses, contributing to the high rate of incidents. Though attackers leverage various intrusion vectors to compromise email accounts, most BEC incidents are worsened by poor email and cloud security configurations, making it easier for attackers to move laterally, exfiltrate data, and increase the overall impact of the attack.
KEY TAKEAWAYS
Email & Cloud Security Configuration Snapshot can be delivered free as part of BEC investigations, in automated fashion
Snapshot condenses frontline threat intelligence from 1000s of BEC investigations to identify configuration weakness allowing most common BEC attack patterns
Requires no additional client involvement to run
Available for M365 and Google Workspace
Business Email Compromise (BEC) remains one of the most financially devastating forms of cybercrime, with the FBI reporting over $55 billion in BEC losses worldwide over the past 10 years. Requiring little technical expertise, BECs are relatively simple to execute and attackers have found clever ways to bypass most defenses, contributing to the high rate of incidents. Though attackers leverage various intrusion vectors to compromise email accounts, most BEC incidents are worsened by poor email and cloud security configurations, making it easier for attackers to move laterally, exfiltrate data, and increase the overall impact of the attack. |
Threat Cloud Technical | ★★★ | |
|
2025-01-29 15:00:00 | RSAC 2025 - Key Trends from 100s of \\'Hackers & Threats\\' Talk Submissions (lien direct) |
Just before the end of 2024, the Hackers & Threats Program Committee met to review hundreds of submissions for the track for RSAC 2025 Conference.
Just before the end of 2024, the Hackers & Threats Program Committee met to review hundreds of submissions for the track for RSAC 2025 Conference. |
★★★ | ||
|
2025-01-28 15:16:45 | Phorpiex - Downloader Delivering Ransomware (lien direct) |
Cybereason Security Services issues Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them.
Cybereason Security Services issues Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them.
|
Ransomware Threat | ★★★ | |
|
2025-01-24 21:18:31 | CVE-2025-23006: Critical Vulnerability Discovered in SonicWall SMA 1000 Series (lien direct) |
Key Takeaways
Critical vulnerability discovered in SonicWall\'s SMA 1000 series appliances, tracked as CVE-2025-23006.
Impacted products include Appliance Management Console (AMC) and Central Management Console (CMC) products, versions 12.4.3-02804 and earlier.
This vulnerability could allow a remote, unauthenticated attacker to execute arbitrary commands.
We recommend upgrading to version 12.4.3-02854 (platform-hotfix) or later immediately.
|
Vulnerability | ★★ | |
|
2025-01-23 19:03:00 | From Noise to Clarity: The Value of MalOp™ Technology in Modern Cyber Defense (lien direct) |
On Demand: 2024 MITRE ATT&CK Enterprise Evaluation Result Breakdown Webinar.
On Demand: 2024 MITRE ATT&CK Enterprise Evaluation Result Breakdown Webinar.
|
★★ | ||
|
2024-12-31 16:12:25 | "Out-of-the-Box" Detection Coverage: A Critical Metric for Endpoint Security (lien direct) |
Register now: 2024 MITRE ATT&CK Enterprise Evaluation Result Breakdown Webinar.
Back in the summer I wrote a blog around capability versus usability, in which I highlighted that typically industry testing focuses on capability, despite one of the key challenges in the industry being skills. EDR by its nature, is a technical capability and as such the skills gap in this space is even greater. I will always remember a good friend sharing in his keynote, a number of years ago, that there is little point in buying a best of breed solution if you don\'t have the people powers to actually use it.
Register now: 2024 MITRE ATT&CK Enterprise Evaluation Result Breakdown Webinar.
Back in the summer I wrote a blog around capability versus usability, in which I highlighted that typically industry testing focuses on capability, despite one of the key challenges in the industry being skills. EDR by its nature, is a technical capability and as such the skills gap in this space is even greater. I will always remember a good friend sharing in his keynote, a number of years ago, that there is little point in buying a best of breed solution if you don\'t have the people powers to actually use it.
|
Technical | ★★★ | |
|
2024-12-17 18:18:17 | CVE-2024-55956: Zero-Day Vulnerability in Cleo Software Could Lead to Data Theft (lien direct) |
Key Takeaways
Zero-day vulnerability was discovered in 3 Cleo products, tracked as CVE-2024-55956
Cleo is the developer of various managed file transfer platforms with approximately 4,000 customers, mostly mid-sized organizations
CVE-2024-55956 could allow unauthenticated users to import and execute arbitrary Bash or PowerShell commands on host systems by leveraging default settings of the Autorun directory
Threat actor group, CL0P, has claimed responsibility for vulnerability exploitation with the goal of data theft
We recommend upgrading to version 5.8.0.24 immediately
|
Vulnerability Threat | ★★ | |
|
2024-12-17 14:51:29 | Your Data Is Under New Lummanagement: The Rise of LummaStealer (lien direct) |
|
★★ | ||
|
2024-12-16 21:41:44 | Leader in SOC Efficiency and Operational Excellence in MITRE ATT&CK 2024 Results (lien direct) |
As cyber threats grow in complexity, security teams find themselves struggling to distinguish true risk from the noise of relentless alerts. Today\'s adversaries operate at a global scale and around the clock, targeting endpoints across Windows, Linux, and macOS environments with advanced ransomware and espionage techniques. In the recent 2024 MITRE ATT&CK® Enterprise Evaluation, Cybereason once again demonstrated why out-of-the-box detection coverage and operational efficiency matter more than ever.
As cyber threats grow in complexity, security teams find themselves struggling to distinguish true risk from the noise of relentless alerts. Today\'s adversaries operate at a global scale and around the clock, targeting endpoints across Windows, Linux, and macOS environments with advanced ransomware and espionage techniques. In the recent 2024 MITRE ATT&CK® Enterprise Evaluation, Cybereason once again demonstrated why out-of-the-box detection coverage and operational efficiency matter more than ever. |
Ransomware | ★★ | |
|
2024-12-11 15:51:29 | Blog: 2025 predictions (lien direct) |
|
Prediction | ★★★ | |
|
2024-12-03 14:22:51 | Stellar Discovery of A New Cluster of Andromeda/Gamarue C2 (lien direct) |
|
★★ | ||
|
2024-11-12 15:15:00 | Cybereason Merges with Trustwave, Enhances MDR and Consulting Services (lien direct) |
|
★★ | ||
|
2024-11-08 17:39:12 | INSTORCING versus externalisation Insourcing versus Outsourcing (lien direct) |
|
★★★ | ||
|
2024-10-24 16:00:44 | Déverrouiller le potentiel de l'IA dans la cybersécurité: embrasser l'avenir et ses complexités Unlocking the Potential of AI in Cybersecurity: Embracing the Future and Its Complexities (lien direct) |
Tool Threat | ★★ | ||
|
2024-10-23 18:05:54 | Podcast de vie malveillante: Operation Snow White, partie 2 Malicious Life Podcast: Operation Snow White, Part 2 (lien direct) |
★★ | |||
|
2024-10-18 14:16:35 | Analyse des menaces: Ransomware des bêtes THREAT ANALYSIS: Beast Ransomware (lien direct) |
Ransomware Threat | ★★ | ||
|
2024-10-04 16:09:32 | Cuckoo Spear Part 2: acteur de menace Arsenal CUCKOO SPEAR Part 2: Threat Actor Arsenal (lien direct) |
Tool Threat | ★★ | ||
|
2024-10-03 13:00:00 | L'épidémie silencieuse: découvrir les dangers de la fatigue alerte et comment le surmonter The Silent Epidemic: Uncovering the Dangers of Alert Fatigue and How to Overcome It (lien direct) |
À l'ère numérique d'aujourd'hui, les cyberattaques sont devenues une menace commune et constante pour les individus et les organisations.Des escroqueries à phishing aux attaques de logiciels malveillants, les cybercriminels trouvent constamment de nouvelles façons d'exploiter les vulnérabilités et de voler des informations sensibles.Les ransomwares sont de plus en plus répandus, avec des attaques de haut niveau ciblant les grandes organisations, les agences gouvernementales et les systèmes de santé.Les conséquences d'une attaque de ransomware peuvent être dévastatrices, entraînant une perte financière, des dommages de réputation et même le compromis de données sensibles.
In today\'s digital age, cyberattacks have become a common and constant threat to individuals and organizations alike. From phishing scams to malware attacks, cybercriminals are constantly finding new ways to exploit vulnerabilities and steal sensitive information. Ransomware is increasingly prevalent, with high-profile attacks targeting large organizations, government agencies, and healthcare systems. The consequences of a ransomware attack can be devastating, resulting in financial loss, reputational damage, and even the compromise of sensitive data. |
Ransomware Malware Vulnerability Threat Medical | ★★ | |
|
2024-10-01 19:31:23 | Podcast de vie malveillante: Opération Snow White, partie 1 Malicious Life Podcast: Operation Snow White, Part 1 (lien direct) |
★★ | |||
|
2024-09-18 13:58:40 | Le grand débat: EDR basé sur site contre cloud The Great Debate: On-Premise vs. Cloud based EDR (lien direct) |
Cloud | ★★★ | ||
|
2024-09-17 16:20:31 | Podcast de vie malveillante: luttes intestines et trahison en Russie \\ s Cyber World Malicious Life Podcast: Infighting and Treason in Russia\\'s Cyber World (lien direct) |
★★ | |||
|
2024-09-13 20:25:22 | CUCKOO SPEAR PARTIE 1: Analyser NOOPDOOR d'un point de vue IR CUCKOO SPEAR Part 1: Analyzing NOOPDOOR from an IR Perspective (lien direct) |
This Threat Analysis Report will delve into a newly discovered nation-state level threat Campaign tracked by Cybereason as Cuckoo Spear. It will outline how the associated Threat Actor persists stealthily on their victims\' network for years, highlighting strategies used across Cuckoo Spear and how defenders can detect and prevent these attacks. |
Threat | ★★ | |
|
2024-09-11 14:54:21 | SoC Modernisation: Où êtes-vous dans le voyage évolutif? SoC Modernization: Where are you on the Evolutionary Journey? (lien direct) |
★★ | |||
|
2024-09-05 19:31:13 | Podcast de vie malveillante: Snap Fraud: devenir riche en volant aux pauvres Malicious Life Podcast: SNAP Fraud: Getting Rich by Stealing from the Poor (lien direct) |
★★★ | |||
|
2024-08-27 15:32:02 | Podcast de vie malveillante: The Hollywood Con Queen, partie 2 Malicious Life Podcast: The Hollywood Con Queen, Part 2 (lien direct) |
★★★ | |||
|
2024-08-14 13:41:15 | Podcast de vie malveillante: The Hollywood Con Queen, partie 1 Malicious Life Podcast: The Hollywood Con Queen, Part 1 (lien direct) |
★★★ | |||
|
2024-08-01 17:22:14 | Capacité vs convivialité Capability vs. Usability (lien direct) |
Many people have the experience of buying a product for personal use, that has all the capability and more that you could wish for. When you actually start using it you discover that you don\'t have the expertise or perhaps time, to really get the best out of it, or that the way the product is designed makes it an over complex set of tasks to get to the result you are needing - TV/video recorders are classic examples. |
★★★ | ||
|
2024-07-31 15:27:27 | Podcast de vie malveillante: les chiffres secrètes de la reine condamnés Malicious Life Podcast: The Doomed Queen\\'s Secret Ciphers (lien direct) |
★★★ | |||
|
2024-07-25 13:08:08 | Coucoo Spear & # 8211;le dernier acteur de menace nationale ciblant les entreprises japonaises Cuckoo Spear – the latest Nation-state Threat Actor targeting Japanese companies (lien direct) |
Highly sophisticated, well-funded, and strategically motivated nation-state cybersecurity threats are complex and challenging, requiring advanced cybersecurity measures, threat intelligence, and international cooperation. Government agencies or state-sponsored groups, are engaging in cyber-attacks for various reasons, including espionage, sabotage, or for political influence. |
Threat | ★★★ | |
|
2024-07-15 19:33:45 | Podcast MALICICE Life: Pourquoi les gens ont-ils écrit des virus dans les années 80 et 90? Malicious Life Podcast: Why Did People Write Viruses In The 80s & 90s? (lien direct) |
Malware | ★★ | ||
|
2024-07-10 14:12:01 | Durcissement de bit dur Hardening of HardBit (lien direct) |
Threat | ★★★ | ||
|
2024-06-26 13:00:00 | Podcast de vie malveillante: Section 230: La loi qui rend les médias sociaux grands et terribles Malicious Life Podcast: Section 230: The Law that Makes Social Media Great, and Terrible (lien direct) |
★★★ | |||
|
2024-06-25 17:01:23 | Je suis gluant (chargeur) I am Goot (Loader) (lien direct) |
Threat | ★★★ | ||
|
2024-06-11 17:53:25 | Podcast de vie malveillante: Que s'est-il passé à Uber? Malicious Life Podcast: What Happened at Uber? (lien direct) |
In 2016, Joe Sullivan, former CISO of Facebook, was at the peak of his career. As Uber\'s new CISO, he and his team had just successfully prevented data from a recent breach from leaking to the internet. But less than a year later, Sullivan was unexpectedly fired from Uber, and three years later, the US Department of Justice announced criminal charges against him.
So, what happened at Uber?
|
Uber | ★★★ | |
|
2024-05-29 16:12:47 | Alerte de menace: la porte dérobée XZ - fournit des chaînes dans votre SSH THREAT ALERT: The XZ Backdoor - Supply Chaining Into Your SSH (lien direct) |
|
Threat | ★★ | |
|
2024-05-28 17:59:38 | Podcast de vie malveillante: le prince nigérian Malicious Life Podcast: The Nigerian Prince (lien direct) |
Dans cet épisode de ML, nous explorons l'histoire de la célèbre arnaque du prince nigérian, également connu sous le nom de 419 ou arnaque des frais avancés, de ses racines dans une prison parisienne pendant la Révolution française,à la raison économique et sociale pour laquelle cette arnaque particulière est devenue si populaire auprès des jeunes africains.De plus, l'IA rendra ces escroqueries plus dangereuses - ou, contre-intuitivement, aller à l'encontre des intérêts des escrocs?
In this episode of ML, we\'re exploring the history of the well-known Nigerian Prince scam, also known as 419 or advanced fee scam, from its roots in a Parisian prison during the French Revolution, to the economic and social reason why this particular scam became so popular with African youth. Also, will AI make such scams more dangerous - or, counter intuitively, go against the interests of scammers? |
Legislation | ★★★ | |
|
2024-05-17 18:18:14 | Podcast de vie malveillante: Secrets de démasquage: la montée en puissance de l'intelligence open source Malicious Life Podcast: Unmasking Secrets: The Rise of Open-Source Intelligence (lien direct) |
★★ | |||
|
2024-05-06 16:15:31 | Derrière les portes fermées: la montée de l'accès à distance malveillant caché Behind Closed Doors: The Rise of Hidden Malicious Remote Access (lien direct) |
Threat | ★★★ | ||
|
2024-05-01 13:36:26 | Malicious Life Podcast: The Source Code of Malicious Life (lien direct) |
A few weeks ago we had a listener\'s meetup in New York, and as part of that meetup, I gave a talk in which I discussed how Malicious Life came to be - a story that goes back to my days as a ship\'s captain in the Israeli Navy - and then about how me and Nate craft the stories that you hear every other week. That last part, I hope, might also be beneficial to those of you, our listeners, who find themselves giving talks about technically complex ideas, cyber-related or not. The storytelling ideas and techniques I laid out in the talk are universal, and you\'ll find them in blockbuster movies as well as podcast episodes.
A few weeks ago we had a listener\'s meetup in New York, and as part of that meetup, I gave a talk in which I discussed how Malicious Life came to be - a story that goes back to my days as a ship\'s captain in the Israeli Navy - and then about how me and Nate craft the stories that you hear every other week. That last part, I hope, might also be beneficial to those of you, our listeners, who find themselves giving talks about technically complex ideas, cyber-related or not. The storytelling ideas and techniques I laid out in the talk are universal, and you\'ll find them in blockbuster movies as well as podcast episodes. |
★★★ | ||
|
2024-04-23 13:17:04 | Podcast de vie malveillante: le Y2K Bug Pt.2 Malicious Life Podcast: The Y2K Bug Pt. 2 (lien direct) |
In the waning years of the 20th century, amid growing anxieties about the turn of the millennium, one man, Robert Bemer, observed the unfolding drama from his remote home on King Possum Lake. A revered figure in computing, Bemer had early on flagged a significant, looming issue known as the Y2K bug, which threatened to disrupt global systems as calendars rolled over to the year 2000. This episode delves into Bemer\'s life during this critical period, exploring his predictions, the ensuing global frenzy to avert disaster, and the disparate views on whether the billions spent in prevention were justified or merely a response to a misunderstood threat. |
Threat | ★★★ | |
|
2024-04-01 15:32:50 | Podcast de vie malveillante: le Y2K Bug Pt.1 Malicious Life Podcast: The Y2K Bug Pt. 1 (lien direct) |
★★ | |||
|
2024-03-26 14:39:15 | Alerte de menace: les conséquences de la violation Anydesk Threat Alert: The Anydesk Breach Aftermath (lien direct) |
Cybearason Problèmes de menace Alertes pour informer les clients de l'émergence des menaces impactantes, y compris les vulnérabilités critiques.Les alertes de menaces de cyberéasie résument ces menaces et fournissent des recommandations pratiques pour se protéger contre elles.
Cybereason issues Threat Alerts to inform customers of emerging impacting threats, including critical vulnerabilities. Cybereason Threat Alerts summarize these threats and provide practical recommendations for protecting against them. |
Vulnerability Threat | ★★★ |
To see everything:
Our RSS (filtrered)
