What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2025-02-10 20:46:00 | Hackers Exploit Google Tag Manager to Deploy Credit Card Skimmers on Magento Stores (lien direct) | Threat actors have been observed leveraging Google Tag Manager (GTM) to deliver credit card skimmer malware targeting Magento-based e-commerce websites.
Website security company Sucuri said the code, while appearing to be a typical GTM and Google Analytics script used for website analytics and advertising purposes, contains an obfuscated backdoor capable of providing attackers with persistent
Threat actors have been observed leveraging Google Tag Manager (GTM) to deliver credit card skimmer malware targeting Magento-based e-commerce websites. Website security company Sucuri said the code, while appearing to be a typical GTM and Google Analytics script used for website analytics and advertising purposes, contains an obfuscated backdoor capable of providing attackers with persistent |
Malware Threat | ★★★ | |
 |
2025-02-10 19:41:42 | Xona Systems, Nozomi Networks boost critical infrastructure security with access management, threat detection (lien direct) | Xona Systems, provider of secure access management solutions for critical infrastructure, announced on Monday the integration of the...
Xona Systems, provider of secure access management solutions for critical infrastructure, announced on Monday the integration of the... |
Threat | ★★ | |
 |
2025-02-10 17:33:44 | Australians Hit With One Cyber Attack Every Second in 2024 (lien direct) | Australia saw a record surge in cyber attacks in 2024, with data breaches escalating. Experts warn of rising risks as hackers may exploit AI-driven tactics.
Australia saw a record surge in cyber attacks in 2024, with data breaches escalating. Experts warn of rising risks as hackers may exploit AI-driven tactics. |
Threat | ★★★ | |
 |
2025-02-10 16:06:31 | From Hype to Reality: How AI is Transforming Cybersecurity Practices (lien direct) | AI hype is everywhere, but not many vendors are getting specific. Darktrace\'s multi-layered AI combines various machine learning techniques for behavioral analytics, real-time threat detection, investigation, and autonomous response.
AI hype is everywhere, but not many vendors are getting specific. Darktrace\'s multi-layered AI combines various machine learning techniques for behavioral analytics, real-time threat detection, investigation, and autonomous response. |
Threat | ★★★ | |
|
2025-02-10 15:14:00 | DragonRank Exploits IIS Servers with BadIIS Malware for SEO Fraud and Gambling Redirects (lien direct) | Threat actors have been observed targeting Internet Information Services (IIS) servers in Asia as part of a search engine optimization (SEO) manipulation campaign designed to install BadIIS malware.
"It is likely that the campaign is financially motivated since redirecting users to illegal gambling websites shows that attackers deploy BadIIS for profit," Trend Micro researchers Ted Lee and
Threat actors have been observed targeting Internet Information Services (IIS) servers in Asia as part of a search engine optimization (SEO) manipulation campaign designed to install BadIIS malware. "It is likely that the campaign is financially motivated since redirecting users to illegal gambling websites shows that attackers deploy BadIIS for profit," Trend Micro researchers Ted Lee and |
Malware Threat Prediction | ★★★ | |
 |
2025-02-10 15:00:00 | Analyst Burnout Is an Advanced Persistent Threat (lien direct) | For too long, we\'ve treated our analysts as mere cogs in a machine, expecting them to conform to the limitations of our tools and processes. It\'s time to revolutionize security operations.
For too long, we\'ve treated our analysts as mere cogs in a machine, expecting them to conform to the limitations of our tools and processes. It\'s time to revolutionize security operations. |
Tool Threat | ★★★ | |
 |
2025-02-10 13:53:25 | 10th February – Threat Intelligence Report (lien direct) | >For the latest discoveries in cyber research for the week of 10th February, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Grubhub, the US-based online food ordering and delivery platform, suffered a data breach due to unauthorized access through a compromised third-party service provider\'s account. The incident exposed personal details of customers, drivers, […]
>For the latest discoveries in cyber research for the week of 10th February, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Grubhub, the US-based online food ordering and delivery platform, suffered a data breach due to unauthorized access through a compromised third-party service provider\'s account. The incident exposed personal details of customers, drivers, […] |
Data Breach Threat | ★★★ | |
 |
2025-02-10 13:21:52 | Emerging Threats Updates Improve Metadata, Including MITRE ATT&CK Tags (lien direct) | Key findings: The Emerging Threats team made significant updates to the Emerging Threats ruleset to provide more comprehensive information for customers and the community. Updates include populating since-created metadata tags within legacy rules, as well as adding MITRE ATT&CK tags in rule metadata. Emerging Threats metadata provides additional context to an alert where you initially only have a rule message to make decisions. Without metadata, information security personnel are left with only the rule message from which to act. Updating metadata is an investment that strengthens our research and defenses, providing more actionable information and intelligence. Overview To fully defend against the rapidly changing threat landscape – from malware to credential phishing to espionage – effective detection is not just about creating rules. It is about optimizing the rules for smarter performance. For organizations leveraging the Emerging Threats ruleset, metadata plays a vital role, delivering invaluable context to security operations analysts, threat researchers, and data scientists that enhances detection beyond mere alerts. This post takes a closer look at Emerging Threats metadata, addresses the rationale behind specific metadata tags and values, offers practical guidance on how to make the most of this information, and sheds light on the comprehensive approach to implementing recent large-scale metadata updates. How does Proofpoint utilize Emerging Threats rules? The Emerging Threats team and the world-class Threat Research organization at Proofpoint work to ensure that our customers and the information security community are protected against threat actors and their techniques within the threat landscape by analyzing malicious network traffic and crafting impactful detection rules for alerting. The Threat Research team including threat hunters, intelligence analysts, reverse engineers, and detection engineers all use the Emerging Threats ruleset in several ways. For example, the rules are baked into the internal Proofpoint sandbox and pipeline to help identify malware families observed in email traffic; analysts collaborate with the ET team to develop new rules based on newly identified activity; and the team uses the ET intelligence portal to surface detections and help identify indicators of compromise while conducting investigations. Emerging Threats has both ET Open rules that are free for the community, and the paid ET Pro ruleset that contains additional rules based on internal Proofpoint intelligence, threat hunting, and detection. ET Pro is a timely and accurate rule set for detecting and blocking advanced threats using an organization\'s existing network security appliances, such as next generation firewalls (NGFW) and network intrusion detection/prevention systems (IDS/IPS). Updated daily and available in Suricata and Snort formats, ET Pro covers more than 40 different categories of malware command and control, credential phishing, DDoS, botnets, network anomalies, exploits, vulnerabilities, SCADA exploit kit activity, and much more. Updates to the Emerging Threats ruleset Emerging Threats has produced rules since 2010, with nearly half a million revisions made to the over 100,000 rules In the ruleset, which is updated daily. Since its initial use in 2010, the team has continuously updated and enhanced the ruleset structure and made several metadata advancements, including improving severity and confidence scores, and adding MITRE ATT&CK tags. Once a new metadata tag is introduced, we are presented with the issue that older rules need to be updated with values for the new metadata tag. Enriching metadata across the ruleset is a large-scale undertaking, and is designed to provide more actionable insight for organizations using the Emerging Threats ruleset. In the latest iteration of updates, the Emerging Threat team focused on enhancing three metadata tags: “signature_severity”, “confidence”, and MITRE ATT&CK coverage to improve the utility and reliability of t | Malware Tool Vulnerability Threat | ★★ | |
|
2025-02-10 12:41:21 | DHS warns Chinese-made internet cameras pose espionage threat to US critical infrastructure (lien direct) | >The U.S. Department of Homeland Security (DHS) has reportedly issued a bulletin warning that internet-connected cameras manufactured in...
>The U.S. Department of Homeland Security (DHS) has reportedly issued a bulletin warning that internet-connected cameras manufactured in... |
Threat | ★★★ | |
|
2025-02-10 10:44:00 | XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells (lien direct) | Threat actors have been observed exploiting multiple security flaws in various software products, including Progress Telerik UI for ASP.NET AJAX and Advantive VeraCore, to drop reverse shells and web shells, and maintain persistent remote access to compromised systems.
The zero-day exploitation of security flaws in VeraCore has been attributed to a threat actor known as XE Group, a cybercrime
Threat actors have been observed exploiting multiple security flaws in various software products, including Progress Telerik UI for ASP.NET AJAX and Advantive VeraCore, to drop reverse shells and web shells, and maintain persistent remote access to compromised systems. The zero-day exploitation of security flaws in VeraCore has been attributed to a threat actor known as XE Group, a cybercrime |
Vulnerability Threat | ★★★ | |
 |
2025-02-10 09:45:00 | Europol Warns Financial Sector of “Imminent” Quantum Threat (lien direct) | Europol has urged the financial sector to prioritize quantum-safe cryptography
Europol has urged the financial sector to prioritize quantum-safe cryptography |
Threat | ★★★ | |
 |
2025-02-10 03:03:17 | “Quishing” - The Emerging Threat of Fake QR Codes (lien direct) | QR codes have revolutionized digital interactions, offering quick access to websites and services and adding a layer of security to many apps. These quick and seemingly innocent codes are everywhere - however, their widespread use has made them a prime target for scammers. The corruption QR codes leaves everyone vulnerable. However, there are simple methods to protect against this threat. What Is “Quishing”? In quishing attacks, scammers use fake QR codes to redirect people to fraudulent websites when the code is scanned. This enables the criminal to download information and profiles from the...
QR codes have revolutionized digital interactions, offering quick access to websites and services and adding a layer of security to many apps. These quick and seemingly innocent codes are everywhere - however, their widespread use has made them a prime target for scammers. The corruption QR codes leaves everyone vulnerable. However, there are simple methods to protect against this threat. What Is “Quishing”? In quishing attacks, scammers use fake QR codes to redirect people to fraudulent websites when the code is scanned. This enables the criminal to download information and profiles from the... |
Threat | ★★★ | |
|
2025-02-10 03:03:16 | Key Takeaways from the NCSC Annual Review 2024 (lien direct) | In early December 2024, the UK\'s National Cyber Security Center (NCSC) released its eighth Annual Review. While the report\'s primary focus is to recap the NCSC\'s activities over the past year, it also offers invaluable insights into how the UK thinks about and plans to act on cybersecurity. In this article, we\'ll look at a few of its key takeaways. UK in "A Contest for Cyberspace" The overarching theme of the NCSC Annual Review 2024 is the enormous scale of the cyber threat to the UK and the government\'s increasingly serious attitude towards it. This is best exemplified in the foreword by the...
In early December 2024, the UK\'s National Cyber Security Center (NCSC) released its eighth Annual Review. While the report\'s primary focus is to recap the NCSC\'s activities over the past year, it also offers invaluable insights into how the UK thinks about and plans to act on cybersecurity. In this article, we\'ll look at a few of its key takeaways. UK in "A Contest for Cyberspace" The overarching theme of the NCSC Annual Review 2024 is the enormous scale of the cyber threat to the UK and the government\'s increasingly serious attitude towards it. This is best exemplified in the foreword by the... |
Threat | ★★★ | |
|
2025-02-10 01:58:04 | AI in Cybersecurity: the Good, the Bad and the Ugly (lien direct) | Artificial intelligence (AI) is revolutionizing cybersecurity. It offers unparalleled capabilities for detecting, predicting and neutralizing threats in real-time. But at the same time, threat actors are using it to create sophisticated attacks. At Proofpoint, we take an evidence-based, practical approach to AI. Our Nexus® AI Framework combines advanced machine learning with behavioral analytics for explainable decision-making. As a result, you get actionable insights and protection across multiple threat vectors. This blog explores the many sides of AI-the good, the bad and the ugly. It also details how the six AI cores in Proofpoint Nexus power our targeted solutions, which stop today\'s most complex security challenges. Proofpoint Nexus AI: defending from every angle Proofpoint Nexus is a comprehensive threat intelligence platform powered by AI, machine learning and real-time threat intelligence. The Proofpoint Nexus AI Framework integrates six powerful cores to counter AI-driven threats empowering defenders with advanced tools: Nexus Language Model (LM) combats business email compromise (BEC). It carefully examines email content to detect common elements found in BEC attempts, such as transactional language and urgency. By recognizing subtle linguistic patterns and behavioral cues, Nexus LM for BEC identifies suspicious emails before they can cause harm. Nexus Generative AI automates data analysis across email, cloud and endpoints to identify nuanced patterns in phishing and exfiltration attempts. It also automates complex workflows, isolating compromised devices, revoking access and neutralizing phishing campaigns. Nexus Threat Intelligence (TI) provides real-time updates on attacker tactics, techniques and vulnerabilities, enriching threat detection models. It ensures Proofpoint solutions stay ahead of evolving cyberthreats, offering proactive detection and defense. Nexus Relationship Graph (RG) monitors user behavior across systems, detecting anomalies that signal insider threats or account compromise. By using behavioral analytics, ML and anomaly detection, Nexus RG spots deviations from normal user actions that may indicate a potential threat. Nexus Machine Learning (ML) powers predictive threat detection, which maps known attack behaviors and unsupervised techniques that detect unknown anomalies. It uses behavior-focused detection models to identify malicious activity based on runtime behaviors rather than static signatures. Nexus Computer Vision (CV) is an AI-powered module designed to identify and neutralize vision-based threats. Through advanced computer vision technology, Nexus CV detects threats hidden in visual elements, such as phishing sites, QR codes, malicious attachments and spoofed emails. Good, bad and ugly-AI is complex in the real world AI helps cybersecurity teams as well as the cybercriminals who are trying to outsmart them. What follows are just some of the ways that AI can both help and hinder cybersecurity efforts. The Proofpoint Nexus Framework powers advanced solutions for each of these challenges. The good: AI as a game-changer for cybersecurity In many ways, AI makes it easier for defenders to do their jobs. When it comes to combating sophisticated threats, it can be extremely useful because it addresses the challenges that human teams cannot resolve at scale. Here\'s how it can be taken advantage of when you use Proofpoint. 1: Predict threats before they happen. AI enables a proactive defense to cyber threats. That\'s because AI models can predict potential attack vectors by analyzing historical threat patterns and real-time data. Proofpoint Core Email Protection uses Nexus ML to process billions of data points daily to identify emerging phishing campaigns, malware payloads and zero-day threats. By applying ensemble techniques, Core Email Protection accurately correlates new email-based threats with established patterns. As a result, it helps defenders proactively stop attacks before they infiltrate networks. 2: Detect anomalies acros | Ransomware Malware Tool Vulnerability Threat Prediction Cloud | ★★ | |
 |
2025-02-08 14:43:36 | Critical Microsoft Outlook RCE Bug Actively Exploited In Attacks (lien direct) | Cybersecurity firm Check Point has discovered a critical remote code execution (RCE) vulnerability in Microsoft Outlook, which is currently being exploited in active cyberattacks, posing a significant threat to organizations worldwide.
This has prompted the Cybersecurity and Infrastructure Security Agency (CISA) to warn the U.S. federal agencies to secure their systems against such ongoing attacks.
Check Point vulnerability researcher Haifei Li discovered the high-severity RCE vulnerability tracked as CVE-2024–21413 (CVSS score 9.8).
This flaw results from improper input validation, which can trigger code execution when opening emails with malicious links using a vulnerable Microsoft Outlook version.
Successful exploitation of this vulnerability would allow a threat actor to bypass the Office Protected View and open malicious files in editing mode rather than protected mode.
It could also grant the threat actor elevated privileges, including the ability to read, write, and delete data.
Microsoft addressed the CVE-2024–21413 vulnerability a year ago, cautioning that the Preview Pane could itself be an attack vector.
As a result, simply viewing a malicious email within Outlook might be enough to trigger the exploit, making it exceptionally dangerous.
According to Check Point, attackers exploit the vulnerability dubbed Moniker Link, a method that tricks Outlook into opening unsafe files.
This allows the threat actors to bypass built-in Outlook protections for malicious links embedded in emails using the file:// protocol.
The attackers can manipulate Outlook to treat malicious files as trusted resources by appending an exclamation mark followed by arbitrary text to a file URL.
By inserting this exclamation mark immediately after the file extension in URLs pointing to attacker-controlled servers, along with some random text, they can deceive the system and execute malicious payloads.
For example, an attacker might craft a link as shown below:
CLICK ME
When a victim clicks on the link, Outlook retrieves the file from the attacker’s server and runs it with elevated privileges, granting the attacker control over the system.
The CVE-2024-21413 vulnerability has affected multiple Microsoft Office products, including Microsoft Office LTSC 2021, Microsoft 365 Apps for Enterprise, Microsoft Outlook 2016, and Microsoft Office 2019.
In response to the active exploitation of this vulnerability, CISA has added CVE-2024-21413 to its Known Exploited Vulnerabilities (KEV) Catalog.
As per the November 2021 Binding Operational Directive (BOD) 22-01, the federal agencies have been given time until February 27, 2025, to patch their systems and protect their networks against potential threats.
“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” the cybersecurity agency warned on Thursday.
With active exploitation in the wild, CVE-2024-21413 presents a severe security risk to Outlook users.
Hence, private organizations are advised to immediately apply patches and reinforce cybersecurity defenses to prevent potential breaches.
Cybersecurity firm Check Point has discovered a critical remote code execution (RCE) vulnerability in Microsoft Outlook, which is currently being exploited in active cyberattacks, posing a significant threat to organizations worldwide. This has prompted the Cybersecurity and Infrastructure Security Agency (CISA) to warn |
Vulnerability Threat | ★★★ | |
|
2025-02-07 16:31:00 | Microsoft Identifies 3,000+ Publicly Disclosed ASP.NET Machine Keys Vulnerable to Code Injection (lien direct) | Microsoft is warning of an insecure practice wherein software developers are incorporating publicly disclosed ASP.NET machine keys from publicly accessible resources, thereby putting their applications in attackers\' pathway.
The tech giant\'s threat intelligence team said it observed limited activity in December 2024 that involved an unknown threat actor using a publicly available, static ASP.NET
Microsoft is warning of an insecure practice wherein software developers are incorporating publicly disclosed ASP.NET machine keys from publicly accessible resources, thereby putting their applications in attackers\' pathway. The tech giant\'s threat intelligence team said it observed limited activity in December 2024 that involved an unknown threat actor using a publicly available, static ASP.NET |
Threat | ★★★ | |
|
2025-02-07 14:00:00 | Malicious AI Models on Hugging Face Exploit Novel Attack Technique (lien direct) | The technique, called nullifAI, allows the models to bypass Hugging Face\'s protective measures against malicious AI models
The technique, called nullifAI, allows the models to bypass Hugging Face\'s protective measures against malicious AI models |
Threat | ★★★ | |
 |
2025-02-07 13:42:44 | Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (lien direct) | Software vendor Trimble is warning that hackers are exploiting a Cityworks deserialization vulnerability to remotely execute commands on IIS servers and deploy Cobalt Strike beacons for initial network access. [...]
Software vendor Trimble is warning that hackers are exploiting a Cityworks deserialization vulnerability to remotely execute commands on IIS servers and deploy Cobalt Strike beacons for initial network access. [...] |
Vulnerability Threat | ★★★ | |
 |
2025-02-07 13:35:46 | Le protocole d\'alerte ZATAZ : version 2025 (lien direct) | La cybersécurité est cruciale dans un monde connecté. Le protocole d\'alerte ZATAZ évolue après 25 ans pour mieux contrer les menaces, avec alertes en temps réel....
La cybersécurité est cruciale dans un monde connecté. Le protocole d\'alerte ZATAZ évolue après 25 ans pour mieux contrer les menaces, avec alertes en temps réel.... |
Threat | ★★★ | |
 |
2025-02-07 12:57:51 | Open Graph Spoofing Toolkit: Old Exploitation Techniques Still in Use to Lure Social Media Users into Phishing Attacks (lien direct) | 
The current digital landscape necessitates an approach to sharing content on social media for significant user engagement and click-through rates. This is where the Open Graph Protocol (OGP) comes into play. Developed by Facebook, Open Graph allows web developers to control how their web pages appear when shared across various platforms. Developers use specific meta tags in a webpage\'s HTML to define essential elements such as the title, description, and image that accompany shared links.
Attackers have long exploited the Open Graph Protocol for malicious activities. Recently, Cyble Research and Intelligence Labs (CRIL) also observed a threat actor on a Russian underground offering a toolkit dubbed \'OG Spoof\' for similar operations. The toolkit was designed for phishing campaigns, aiming to mislead users and artificially inflate click-through rates by exploiting flaws in the Open Graph protocol.
Overview
The importance of Open Graph (OG) tags cannot be overstated. The OG tags enhance the visibility of content, making it appealing to a broader base of potential viewers and more likely to garner views and clicks.
 Figure 1: OG tags used in the header
Several content management systems (CMS), such as WordPress and Magento, come equipped with built-in functionalities or plugins that automatically generate these tags based on the post\'s content. This automation ensures that when links are shared, they are presented in an engaging manner while accurately previewing their content.
The TA released the \'OG Spoof\' kit for sale in October 2024 at a staggering USD 2,500 price and claimed that it was initially designed for their own fraudulent operations. However, as they developed advanced methods, the toolk |
Malware Vulnerability Threat | ★★★ | |
|
2025-02-07 11:44:32 | Critical Vulnerabilities Reported in Cyble\\'s Weekly Vulnerability Insights (lien direct) | 
Overview
Cyble Research & Intelligence Labs (CRIL) published their Weekly Vulnerability Insights Report to clients, covering key vulnerabilities reported from January 29 to February 4, 2025. The analysis highlights critical security flaws that have posed cyber threats to various IT infrastructures globally. Notably, the Cybersecurity and Infrastructure Security Agency (CISA) added five vulnerabilities to the Known Exploited Vulnerability (KEV) catalog.
This report highlights vulnerabilities in several widely used software products and services, including Paessler PRTG Network Monitor, Microsoft .NET Framework, and Zyxel DSL devices. These vulnerabilities could impact a range of industries that rely on these systems to monitor, manage, and protect critical infrastructure.
Incorporation of Vulnerabilities into the KEV Catalog
CISA\'s inclusion of vulnerabilities in the KEV catalog is an important step in highlighting serious risks associated with widely deployed software. During this period, CISA added five vulnerabilities, including two dating back to 2018, that have been actively exploited and affect major IT infrastructure tools like Paessler PRTG Network Monitor. These vulnerabilities were assessed for their active exploitation and listed accordingly to ensure better protection for organizations globally.
Among the newly added vulnerabilities, CVE-2018-19410 and |
Tool Vulnerability Threat Patching Mobile | ★★★ | |
|
2025-02-07 10:55:33 | U.S. Ransomware Attacks Surge to Start 2025 (lien direct) | 
Overview
According to an analysis of Cyble threat intelligence data, U.S. ransomware attacks have surged to the start of 2025, up nearly 150% from the first five weeks of 2024.
Ransomware attacks on U.S. targets have been climbing since a few organizations paid ransoms to attackers in highly publicized cases last year, making the country a more attractive target for ransomware groups.
That\'s likely the main reason for the increase. Regardless of the timeframe or changes in the most active ransomware groups, U.S. ransomware attacks have increased substantially in the last year and have been climbing steadily since the fall.
We\'ll examine the changing ransomware landscape in the U.S. and other frequently attacked countries and consider what changes may be in store as we approach 2025.
The Effect of Ransomware Payments
In the first five weeks of 2024, Cyble documented 152 ransomware attacks on U.S. targets, in line with late 2023 trends.
In the first five weeks of 2025, that number soared to 378 attacks on U.S. targets, a 149% year-over-year increase. Compared to the end of 2024, attacks are up a still significant 29% so far in 2025, up from 282 in the last five weeks of the year.
Perhaps owing to geographical proximity, Canada has also seen a significant increase in ransomware attacks, up from 14 in the year-ago period to 28 at the end of 2024, and nearly doubling again to 46 to start 2025.
Even as North American ransomware attacks have soared, the next-most attacked regions have stayed relatively stable. France, for example, had 18 attacks to start in 2024 and has seen 19 thus far in 2025 (chart below).
|
Ransomware Tool Vulnerability Threat Legislation Prediction Medical | ★★★ | |
|
2025-02-07 10:49:00 | Hackers Exploiting SimpleHelp RMM Flaws for Persistent Access and Ransomware (lien direct) | Threat actors have been observed exploiting recently disclosed security flaws in SimpleHelp\'s Remote Monitoring and Management (RMM) software as a precursor for what appears to be a ransomware attack.
The intrusion leveraged the now-patched vulnerabilities to gain initial access and maintain persistent remote access to an unspecified target network, cybersecurity company Field Effect said in a
Threat actors have been observed exploiting recently disclosed security flaws in SimpleHelp\'s Remote Monitoring and Management (RMM) software as a precursor for what appears to be a ransomware attack. The intrusion leveraged the now-patched vulnerabilities to gain initial access and maintain persistent remote access to an unspecified target network, cybersecurity company Field Effect said in a |
Ransomware Vulnerability Threat | ★★★ | |
 |
2025-02-07 09:55:00 | Trimble Cityworks Customers Warned of Zero-Day Exploitation (lien direct) | >Trimble Cityworks is affected by a zero-day vulnerability that has been exploited in attacks involving the delivery of malware.
>Trimble Cityworks is affected by a zero-day vulnerability that has been exploited in attacks involving the delivery of malware. |
Malware Vulnerability Threat | ★★★ | |
 |
2025-02-07 07:00:00 | A Rose by Any Other Name: Exposure Management, a Category that Evolved from Traditional Vulnerability Management (lien direct) | As organizations increase their reliance on cloud services, remote work tools, IoT devices and smart infrastructures, and the use of third-party vendors, their exposure to cyber threats increases. Traditional approaches to vulnerability management are unable to keep up with rapidly changing business needs and an expanding attack surface. While scanning and patching known vulnerabilities remains critical, today’s complex threat landscape demands a more comprehensive strategy. Exposures encompass the total attack surface and all potential security gaps across an organization’s entire digital infrastructure. Examples include known vulnerabilities, misconfigurations, and uncovered weaknesses. These differ from vulnerabilities, which are specific weaknesses or flaws in a system that could be exploited. Security leaders should consider adopting a holistic exposure management program to address both known and unknown exposures. First let’s understand what exposure management is. Exposure Management represents a comprehensive approach that looks at an organization’s entire attack surface and potential security risks across all their digital assets, both internally and externally. It goes beyond identifying and remediating vulnerabilities by providing a much wider view of an organization’s security posture. This approach enables businesses to understand the full breadth of their attack surface and exposures, and prioritize actions based on potential impact. The evolution from vulnerability management to exposure management is becoming increasingly critical, according to Gartner. In their 2024 report, “How to Grow Vulnerability Management into Exposure Management," Gartner emphasizes that exposure management is more than just tools - it’s a comprehensive methodology that integrates people, processes, and technologies to effectively evaluate and assess exposures across both digital and physical assets. Gartner also highlights how this approach enhances and contextualizes security initiatives by providing data-driven insights into which assets, configurations, and vulnerabilities pose the greatest business risk. This allows security teams to effectively prioritize and allocate resources towards the most impactful remediations, tailored to their specific needs, industry threats, and business priorities. This approach strengthens key capabilities such as threat detection, investigation, and response (TDIR), and cyber risk management. How Has Exposure Management Evolved from Traditional Vulnerability Management? Vulnerability management has been a staple of security programs for decades. It’s long been considered a requirement for “good cyber hygiene.” However, many organizations still struggle with properly managing the large volume of vulnerabilities in their environment, including prioritizing mitigation or remediation of the vulnerabilities that pose the greatest risk. Welcome “exposure management.” While vulnerability management focuses primarily on identifying and patching known vulnerabilities, exposure management has evolved to unify multiple security disciplines (including asset configuration, and patch management) into a comprehensive view of an organization’s attack surface – enabling teams to better identify, and prioritize critical exposures, particularly those actively exploited in the wild. Vulnerability management is a critical subset of exposure management, focusing on the detection and correction of security weaknesses. Vulnerability management alone can’t address the full spectrum of security risks organizations face today, particularly with the increasing complexity brought by digital transformation. Key Functions of Vulnerability Management vs. Exposure Management | Tool Vulnerability Threat Patching Mobile Industrial Cloud Technical | ★★★ | |
 |
2025-02-07 03:57:39 | The RAT Pack Returns: ValleyRAT\\'s Devious Delivery Methods (lien direct) | Morphisec Threat Labs has uncovered cunning new delivery techniques used by ValleyRAT, a sophisticated multi-stage malware attributed to the Silver Fox APT. The malware, which primarily targets key roles in finance, accounting, and sales, has evolved with updated tactics, techniques, and procedures (TTPs), including the reuse of URLs and the exploitation of gaming binaries for [...]
Morphisec Threat Labs has uncovered cunning new delivery techniques used by ValleyRAT, a sophisticated multi-stage malware attributed to the Silver Fox APT. The malware, which primarily targets key roles in finance, accounting, and sales, has evolved with updated tactics, techniques, and procedures (TTPs), including the reuse of URLs and the exploitation of gaming binaries for [...] |
Malware Threat | ★★★ | |
 |
2025-02-06 22:23:43 | Nationwide partners with CAPSLOCK (lien direct) | Nationwide partners with CAPSLOCK to boost cyber skills, diversity and resilience
CAPSLOCK\'s tailored programme upskills Nationwide\'s first cohort of learners to tackle both the challenging hiring and threat landscapes
-
Business News
Nationwide partners with CAPSLOCK to boost cyber skills, diversity and resilience CAPSLOCK\'s tailored programme upskills Nationwide\'s first cohort of learners to tackle both the challenging hiring and threat landscapes - Business News |
Threat | ★★ | |
|
2025-02-06 21:55:03 | CyberArk announced a new integration with SentinelOne Singularity (lien direct) | CyberArk and SentinelOne team up to enable step change in endpoint and identity security
Mutual customers will benefit from boosted endpoint threat detection and response capabilities
-
Product Reviews
CyberArk and SentinelOne team up to enable step change in endpoint and identity security Mutual customers will benefit from boosted endpoint threat detection and response capabilities - Product Reviews |
Threat | ★★★ | |
|
2025-02-06 21:43:00 | Les menaces de cybersécurité augmentent, mais ce sont les générations Z et Alpha qui introduisent des risques, et non les " personnes âgées " (lien direct) | Par Anna Collard, vice-présidente principale de la stratégie de contenu et évangéliste chez KnowBe4 Africa Les menaces de cybersécurité augmentent, mais ce sont les générations Z et Alpha qui introduisent des risques, et non les " personnes âgées " (Par Anna Collard)
Génération Z sont beaucoup plus susceptibles que les employés plus âgés d\'utiliser le même mot de passe pour leurs comptes professionnels et personnels et d\'ignorer les mises à jour informatiques importantes
-
Points de Vue
Par Anna Collard, vice-présidente principale de la stratégie de contenu et évangéliste chez KnowBe4 Africa Les menaces de cybersécurité augmentent, mais ce sont les générations Z et Alpha qui introduisent des risques, et non les " personnes âgées " (Par Anna Collard) Génération Z sont beaucoup plus susceptibles que les employés plus âgés d\'utiliser le même mot de passe pour leurs comptes professionnels et personnels et d\'ignorer les mises à jour informatiques importantes - Points de Vue |
Threat | ★★★ | |
|
2025-02-06 21:36:12 | Quest lance deux solutions : Security Guardian Shields Up et Disaster Recovery for Identity (lien direct) | Quest Mène la Charge avec des Avancées Inédites en Sécurité d\'Identité et Récupération après Ransomware
Redéfinition des standards ITDR et de cyber-résilience en perturbant les menaces émergentes et en contrant les attaques via la Quest Unified Cloud Platform
-
Produits
Quest Mène la Charge avec des Avancées Inédites en Sécurité d\'Identité et Récupération après Ransomware Redéfinition des standards ITDR et de cyber-résilience en perturbant les menaces émergentes et en contrant les attaques via la Quest Unified Cloud Platform - Produits |
Threat Cloud | ★★★ | |
|
2025-02-06 21:33:26 | Checkmarx Launches Collaborative Checkmarx Zero Research Hub (lien direct) | Checkmarx Launches Collaborative Checkmarx Zero Research Hub to Share Application Security and Software Supply Chain Threat Intelligence
Security researchers and AppSec leaders are invited to explore research and contribute to vulnerability database
-
Product Reviews
Checkmarx Launches Collaborative Checkmarx Zero Research Hub to Share Application Security and Software Supply Chain Threat Intelligence Security researchers and AppSec leaders are invited to explore research and contribute to vulnerability database - Product Reviews |
Vulnerability Threat | ★★★ | |
|
2025-02-06 20:04:00 | Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking (lien direct) | Bogus websites advertising Google Chrome have been used to distribute malicious installers for a remote access trojan called ValleyRAT.
The malware, first detected in 2023, is attributed to a threat actor tracked as Silver Fox, with prior attack campaigns primarily targeting Chinese-speaking regions like Hong Kong, Taiwan, and Mainland China.
"This actor has increasingly targeted key roles
Bogus websites advertising Google Chrome have been used to distribute malicious installers for a remote access trojan called ValleyRAT. The malware, first detected in 2023, is attributed to a threat actor tracked as Silver Fox, with prior attack campaigns primarily targeting Chinese-speaking regions like Hong Kong, Taiwan, and Mainland China. "This actor has increasingly targeted key roles |
Malware Threat | ★★★ | |
|
2025-02-06 19:41:51 | OpenAI Data Breach: Threat Actor Allegedly Claims 20 Million Logins for Sale (lien direct) | An anonymous threat actor has allegedly claimed responsibility for a massive data breach affecting OpenAI, offering for sale a database containing the login credentials of 20 million users on the dark web.
The unverified claim that surfaced on an underground hacking forum has raised concerns about data security for millions of users relying on OpenAI’s services.
The threat actor alleges they have access to a trove of login credentials, including emails and hashed passwords, purportedly sourced from OpenAI\'s user accounts.
To promote their discovery, they shared a post with a sample of the data and more being offered for a few dollars.
”When I realized that OpenAI might have to verify accounts in bulk, I understood that my password wouldn\'t stay hidden. I have more than 20 million access codes to OpenAI accounts. If you want, you can contact me – this is a treasure, and Jesus thinks so too,” reads the post by the threat actor on the hacker forum, which was shared by HackManac.
OpenAI and independent cybersecurity firms have neither officially confirmed nor denied the threat actor\'s claims.
If proven true, this breach would be one of the largest data leaks related to OpenAI and could also lead to phishing attacks, unauthorized access, and identity theft.
While the authenticity of the breach remains unconfirmed, OpenAI users should remain vigilant and prioritize digital security measures.
They are advised to take precautionary measures such as updating OpenAI passwords and avoiding using the same password across multiple sites, enabling two-factor authentication (2FA), and monitoring accounts linked to OpenAI for unusual login attempts or password reset requests.
Whether this is a legitimate breach or an elaborate hoax, the incident serves as a stark reminder of the persistent threats in the digital realm.
This is a developing story; updates will follow as new information emerges.
An anonymous threat actor has allegedly claimed responsibility for a massive data breach affecting OpenAI, offering for sale a database containing the login credentials of 20 million users on the dark web. The unverified claim that surfaced on an underground hacking forum has raised concerns about data security for millions of users relying on OpenAI’s services. The threat actor alleges they have access to a trove of login credentials, including emails and hashed passwords, purportedly sourced from OpenAI\'s user accounts. To promote their discovery, they shared a post with a sample of the data and more being offered for a few dollars. ”When I realized that OpenAI might have to verify accounts in bulk, I understood that my password wouldn\'t stay hidden. I have more than 20 million access codes to OpenAI accounts. If you want, you can contact me – this is a treasure, and Jesus thinks so too,” reads the post by the threat actor on the hacker forum, which was shared by HackManac. OpenAI and independent cybersecurity firms have neither officially confirmed nor denied the threat actor\'s claims. If proven true, this breach would be one of the largest data leaks related to OpenAI and could also lead to phishing attacks, unauthorized access, and identity theft. While the authenticity of the breach remains unconfirmed, OpenAI users should remain vigilant and prioritize digital security measures. They are advised to take precautionary measures such as updating OpenAI passwords and avoiding using the same password across multiple sites, enabling two-factor authentication (2FA), and monitoring accounts linked to OpenAI for unusual login attempts or password reset requests. Whether this is a legitimate breach or an elaborate hoax, the incident serves as a stark reminder of the persistent threats in the digital realm. This is a developing story; updates will follow as new information emerges. |
Data Breach Threat | ★★★ | |
 |
2025-02-06 18:44:12 | Secure Third-party Access Without the Hassle of VPNs (lien direct) | >Today\'s businesses rely on third-party vendors, contractors, and partners to operate efficiently more than ever. But every external connection introduces a risk-especially when it comes with overly permissive access. If not properly managed, this can become a significant vulnerability. Attackers know this, and they actively exploit these weak points. Take the recent Belsen Group breach […]
>Today\'s businesses rely on third-party vendors, contractors, and partners to operate efficiently more than ever. But every external connection introduces a risk-especially when it comes with overly permissive access. If not properly managed, this can become a significant vulnerability. Attackers know this, and they actively exploit these weak points. Take the recent Belsen Group breach […] |
Vulnerability Threat | ★★ | |
|
2025-02-06 18:19:36 | 1,000 Apps Used in Malicious Campaign Targeting Android Users in India (lien direct) | >Zimperium warns that threat actors have stolen the information of tens of thousands of Android users in India using over 1,000 malicious applications.
>Zimperium warns that threat actors have stolen the information of tens of thousands of Android users in India using over 1,000 malicious applications. |
Threat Mobile | ★★ | |
 |
2025-02-06 14:00:00 | Using capa Rules for Android Malware Detection (lien direct) | Mobile devices have become the go-to for daily tasks like online banking, healthcare management, and personal photo storage, making them prime targets for malicious actors seeking to exploit valuable information. Bad actors often turn to publishing and distributing malware via apps as a lucrative channel for generating illegal and/or unethical profits. Android takes a multi-layered approach to combating malware to help keep users safe (more later in the post), but while we continuously strengthen our defenses against malware, threat actors are persistently updating their malware to evade detection. Malware developers used to complete their entire malicious aggression using the common Android app development toolkits in Java, which is easier to detect by reversing the Java bytecode. In recent years, malware developers are increasing the use of native code to obfuscate some of the critical malware behaviors and putting their hopes on obscuration in compiled and symbol-stripped Executable and Linkable Format (ELF) files, which can be more difficult and time-consuming to reveal their true intentions. To combat these new challenges, Android Security and Privacy Team is partnering with Mandiant FLARE to extend the open-source binary analysis tool capa to analyze native ARM ELF files targeting Android. Together, we improved existing and developed new capa rules to detect capabilities observed in Android malware, used the capa rule matches to highlight the highly suspicious code in native files, and prompted Gemini with the highlighted code behaviors for summarization to enhance our review processes for faster decisions. In this blog post, we will describe how we leverage capa behavior-detection capabilities and state-of-art Gemini summarization by: Showcasing a malware sample that used various anti-analysis tricks to evade detections Explaining how our existing and new capa rules identify and highlighted those behaviors Presenting how Gemini summarizes the highlighted code for security reviews An Illegal Gambling App Under a Music App Façade Google Play Store ensures all published apps conform to local laws and regulations. This includes gambling apps, which are prohibited or require licenses in some areas. Developing and distributing illegal gambling apps in such areas can generate significant illicit profits, which sometimes is associated with organized crimes. To bypass Google Play Store\'s security-screening procedures, some gambling apps disguise themselves with harmless façades like music or casual games. These apps only reveal their gambling portals | Malware Tool Threat Mobile Medical Cloud | ★★★ | |
 |
2025-02-06 13:14:40 | Ukraine\\'s largest bank PrivatBank Targeted with SmokeLoader malware (lien direct) | UAC-0006, a financially motivated threat actor, targets PrivatBank customers with advanced phishing attacks. CloudSEK’s research reveals malicious emails…
UAC-0006, a financially motivated threat actor, targets PrivatBank customers with advanced phishing attacks. CloudSEK’s research reveals malicious emails… |
Malware Threat | ★★★ | |
|
2025-02-06 12:50:54 | Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware (lien direct) | Hackers are targeting vulnerable SimpleHelp RMM clients to create administrator accounts, drop backdoors, and potentially lay the groundwork for ransomware attacks. [...]
Hackers are targeting vulnerable SimpleHelp RMM clients to create administrator accounts, drop backdoors, and potentially lay the groundwork for ransomware attacks. [...] |
Ransomware Malware Threat | ★★ | |
|
2025-02-06 11:44:16 | CISA Issues Nine Critical Industrial Control Systems Advisories, Addressing Vulnerabilities in Key Equipment (lien direct) | 
Overview
The Cybersecurity and Infrastructure Security Agency (CISA) released a series of nine Industrial Control Systems (ICS) advisories on February 4, 2025. These CISA ICS advisories provide essential information about vulnerabilities, security risks, and recommended mitigations affecting various industrial control systems and their components.
The advisories, which highlight numerous threats across a variety of devices, emphasize the need for vigilance and prompt action to protect critical infrastructure from potential exploits. The nine advisories address flaws found in systems from notable vendors such as Schneider Electric, Rockwell Automation, and AutomationDirect.
These vulnerabilities can allow attackers to disrupt operations, gain unauthorized access, or even execute remote code on compromised devices.
Details of the Industrial Control Systems Advisories
1. Western Telematic Inc. Vulnerability
Advisory Code: ICSA-25-035-01
Vulnerable Products:
NPS Seri |
Vulnerability Threat Legislation Industrial | ★★★ | |
|
2025-02-06 10:44:52 | Five Eyes Cyber Agencies Share New Security Guidelines for Edge Device Manufacturers (lien direct) | 
Overview
The rise in cyber threats targeting edge devices has prompted the cybersecurity agencies of the UK, Australia, Canada, New Zealand, and the United States to release new guidelines aimed at strengthening the security of these critical network components.
These recommendations urge manufacturers to integrate robust forensic and logging features by default, making it easier to detect and investigate cyber intrusions. As cybercriminals and state-sponsored actors continue to exploit vulnerabilities in edge devices, organizations must adopt these security measures to mitigate risks.
“In the face of a relentless wave of intrusions involving network devices globally our new guidance sets what we collectively see as the standard required to meet the contemporary threat,” said NCSC Technical Director Ollie Whitehouse. “In doing so we are giving manufacturers and their customers the tools to ensure products not only defend against cyberattacks but also provide investigative capabilities require post intrusion.”
Understanding Edge Device Security Risks
Edge devices, including routers, IoT sensors, security cameras, and smart appliances, act as critical gateways between local networks and the internet. These devices are often deployed with minimal security features, making them attractive targets for attackers who exploit vulnerabilities to gain unauthorized access, disrupt services, or maintai |
Tool Vulnerability Threat Technical | ★★★ | |
|
2025-02-06 07:00:00 | LevelBlue Expands Its Partner Program Globally (lien direct) | LevelBlue Expands Its Partner Program Globally Businesses worldwide are challenged with increasingly sophisticated cyber threats, and the need for advanced security solutions has never been greater. That’s why we’re expanding the LevelBlue Partner Program through strategic alliances to add to our strong global base of managed service providers (MSPs) managed security service providers (MSSPs) and resellers in different regions including Europe and the Middle East. We’re excited about a new partnership with Renaissance, Ireland’s leading value-added distributor. Through this alliance, Renaissance is bringing LevelBlue’s managed security services to the Irish market, addressing the growing demand for security solutions amid rapid growth in the region. Ireland’s MSPs and MSSPs are facing challenges in delivering complex cybersecurity services due to resource limitations. Through our collaboration, Renaissance provides Irish MSPs and MSSPs with the ability to complement their security capabilities without requiring substantial investments in building in-house capabilities. In addition to increasing our footprint in Europe, we’re also expanding our reach within the Middle East. In October of 2024, we strengthened our collaboration with Mindfire Technologies, the largest MSSP in the Middle East. Through our joint efforts, we are bringing cybersecurity services tailored to the needs of organizations within the region, helping them to stay ahead of evolving threats and scale their security operations. However, our expansion isn’t just about growing our own reach—it’s about fostering a stronger, more resilient cybersecurity ecosystem worldwide. By working closely with regional partners like Renaissance and Mindfire, we ensure that businesses of all sizes can access world-class cybersecurity services tailored to their specific needs. What This Means for Our Partners By working with LevelBlue, our partners benefit from offering not just world-class security solutions, but we are a trusted partner, providing key resources for their success including: Full demo and training environment Online training and certification Self-service technical training Sales enablement Technical support Marketing support Centralized management console What This Means for Businesses With our strategic alliances, LevelBlue is simplifying cybersecurity for businesses globally, enabling them to innovate with confidence. For organizations in Europe, the Middle East, and beyond, our expansion brings numerous benefits: Access to Award-Winning Security Services: Organizations can leverage LevelBlue’s managed security services to protect their digital assets and maintain compliance. Stronger Security Posture: With LevelBlue’s expertise, companies can enhance their cybersecurity defenses without needing to build in-house teams from scratch. Reduced Operational Burden: LevelBlue’s 24/7 support allows internal IT teams to focus on strategic initiatives. Confidence to Innovate: With a strong security foundation, businesses can pursue digital transformation and growth without fear of cyber threats. Looking Ahead As part of our commitment to the LevelBlue Partner Program, we are evolving our offerings to help MSPs and MSSPs open new growth opportunities, In October 2024 we announced four security services to our partners that easily extend and integrate with LevelBlue USM Anywhere, which includes proactive threat intelligence: LevelBlue Managed Threat Detection and Response; LevelBlue Incident Response Retainer; LevelB | Vulnerability Threat Technical | ★★★ | |
|
2025-02-06 04:53:11 | Credential-stealing malware surges in 2024 (lien direct) | Malware designed to steal credentials from password stores now accounts for 25% of all malware activity-a dramatic threefold increase in this type of threat. This was one of the findings of Picus Security\'s annual cybersecurity analysis, The Red Report 2025. This is the first time that credentials theft has ranked among the top 10 techniques [...]
Malware designed to steal credentials from password stores now accounts for 25% of all malware activity-a dramatic threefold increase in this type of threat. This was one of the findings of Picus Security\'s annual cybersecurity analysis, The Red Report 2025. This is the first time that credentials theft has ranked among the top 10 techniques [...] |
Malware Threat | ★★★ | |
|
2025-02-05 20:44:01 | NETGEAR Urges Users to Fix Critical Wi-Fi Router Flaws (lien direct) | NETGEAR, an American computer networking company, recently addressed two critical vulnerabilities that could allow threat actors to gain unauthorized access to home networks. The company has issued a critical security advisory urging users to update their Wi-Fi routers to the latest firmware immediately. The two critical vulnerabilities, internally tracked as PSV-2023-0039 and PSV-2021-0117, affect multiple Wi-Fi 6 access points (WAX206, WAX214v2, and WAX220) and Nighthawk Pro Gaming router models (XR1000, XR1000v2, XR500). While the PSV-2023-0039 (CVSS score: 9.8) vulnerability could enable unauthenticated threat actors to exploit the flaw for remote code execution (RCE), the PSV-2021-0117 (CVSS score: 9.6) vulnerability could be exploited for authentication bypass in low-complexity attacks without user interaction. The following product models are affected by the unauthenticated RCE security vulnerability PSV-2023-0039, that were patched in the versions given below: XR1000 – fixed in firmware version 1.0.0.74 XR1000v2 – fixed in firmware version 1.1.0.22 XR500 – fixed in firmware version 2.3.2.134 “NETGEAR strongly recommends that you download the latest firmware as soon as possible,” reads the advisory published on Saturday. Further, the following product models are impacted by the authentication bypass security vulnerability PSV-2021-0117, which was patched in the versions shown below: WAX206 – fixed in firmware version 1.0.5.3 WAX220 – fixed in firmware version 1.0.3.5 WAX214v2 – in firmware version 1.0.2.5 You can follow the steps mentioned below to download and install the latest firmware for your NETGEAR product: Visit the NETGEAR Support Please enter your model number in the search box, then select your model from the drop-down menu as soon as it appears. If a drop-down menu does not appear, check that you have entered your model number correctly or select a product category to find your product model. Click Downloads. Under Current Versions, choose the download whose title begins with Firmware Version. Click Download. Follow the instructions provided in your product\'s user manual, firmware release notes, or product support page. “The unauthenticated RCE vulnerability remains if you do not complete all recommended steps,” the company warned on Saturday. “NETGEAR is n | Vulnerability Threat | ★★★ | |
|
2025-02-05 18:16:00 | Silent Lynx Using PowerShell, Golang, and C++ Loaders in Multi-Stage Cyberattacks (lien direct) | A previously undocumented threat actor known as Silent Lynx has been linked to cyber attacks targeting various entities in Kyrgyzstan and Turkmenistan.
"This threat group has previously targeted entities around Eastern Europe and Central Asian government think tanks involved in economic decision making and banking sector," Seqrite Labs researcher Subhajeet Singha said in a technical report
A previously undocumented threat actor known as Silent Lynx has been linked to cyber attacks targeting various entities in Kyrgyzstan and Turkmenistan. "This threat group has previously targeted entities around Eastern Europe and Central Asian government think tanks involved in economic decision making and banking sector," Seqrite Labs researcher Subhajeet Singha said in a technical report |
Threat Technical | ★★★ | |
 |
2025-02-05 14:52:49 | Formation cyber : Google.org investit 15 millions de dollars en France, en Europe, au Moyen-Orient et en Afrique (lien direct) | >Alors que les cyberattaques se multiplient et que les menaces ne cessent de croître, l’Europe est confrontée à une pénurie de talents, plus de 800 000 postes en cybersécurité restant à pourvoir. 15 000 uniquement pour la France en 2024 selon la DGSE*. Il est donc indispensable de contribuer à la formation d’une main-d’œuvre qualifiée. Communiqué – […]
The post Formation cyber : Google.org investit 15 millions de dollars en France, en Europe, au Moyen-Orient et en Afrique first appeared on UnderNews.
>Alors que les cyberattaques se multiplient et que les menaces ne cessent de croître, l’Europe est confrontée à une pénurie de talents, plus de 800 000 postes en cybersécurité restant à pourvoir. 15 000 uniquement pour la France en 2024 selon la DGSE*. Il est donc indispensable de contribuer à la formation d’une main-d’œuvre qualifiée. Communiqué – […] The post Formation cyber : Google.org investit 15 millions de dollars en France, en Europe, au Moyen-Orient et en Afrique first appeared on UnderNews. |
Threat | ★★★ | |
|
2025-02-05 12:25:39 | CISA Adds New Vulnerabilities to Known Exploited Vulnerabilities Catalog – Critical Updates Required (lien direct) | 
Overview
The Cybersecurity and Infrastructure Security Agency (CISA) has recently added four vulnerabilities to its Known Exploited Vulnerabilities Catalog. These vulnerabilities, identified in widely-used software products, have been actively exploited by cyber attackers.
With these updates, CISA highlights the importance of addressing these flaws promptly to mitigate the risks they pose, particularly to federal enterprises and other critical infrastructure sectors. The newly added vulnerabilities include CVE-2024-45195, CVE-2024-29059, CVE-2018-9276, and CVE-2018-19410, all of which could have severe consequences for the security of affected systems.
Detailed List of Vulnerabilities Highlighed in the Known Exploited Vulnerabilities Catalog
CVE-2024-45195: Apache OFBiz Forced Browsing Vulnerability
The first of the vulnerabilities, CVE-2024-45195, relates to a flaw in Apache OFBiz, an open-source enterprise resource planning (ERP) and e-commerce solution. This vulnerability is a forced browsing issue, where attackers can gain unauthorized access to certain parts of a website by bypassing security restrictions through direct URL requests. The flaw was discovered in Apache OFBiz versions before 18.12.16, and users are advised to upgrade to this version or later to mitigate the threat.
The vulnerability can allow attackers to gain unauthorized access to sensitive data by leveraging weak authorization mechanisms. It is listed in the CISA Known Exploited Vulnerabilities Catalog due to active exploitation, with evidence showing malicious actors targeting vulnerable systems to escalate privileges.
CVE-2024-29059: Microsoft .NET Framework Info |
Tool Vulnerability Threat Patching | ★★★ | |
 |
2025-02-05 12:19:51 | The Critical Importance of a Robust Incident Response Plan (lien direct) | >In today\'s challenging cyber threat landscape, having an effective Incident Response (IR) plan is essential. Discover how preparation and decisive action can help organizations minimize risks, maintain business continuity, and build resilience.
>In today\'s challenging cyber threat landscape, having an effective Incident Response (IR) plan is essential. Discover how preparation and decisive action can help organizations minimize risks, maintain business continuity, and build resilience. |
Threat | ★★★ | |
|
2025-02-05 09:40:09 | Stealthy Attack: Dual Injection Undermines Chrome\\'s App-Bound Encryption (lien direct) | 
Key Takeaways
Cyble Research and Intelligence Labs (CRIL) identified malware being spread via a ZIP file containing an .LNK file disguised as a PDF and an XML project file masquerading as a PNG to trick users into opening it.
The filename suggests that the malware is likely targeting organizations in Vietnam, particularly in the Telemarketing or Sales sectors.
The LNK file creates a scheduled task that runs every 15 minutes, executing MSBuild.exe to deploy malicious C# code.
The malware is capable of bypassing Chrome\'s App-Bound Encryption and deploying a stealer payload to target sensitive Chrome-related files.
Additionally, it uses the Double Injection technique to carry out fileless execution to evade detection.
The malware establishes a connection to the Threat Actor (TA) through the Telegram Web API for command execution.
The malware enables the TA to change the Telegram bot ID and chat ID as required, offering flexibility in controlling their communication channels.
Overview
Cyble Research & Intelligence Labs (CRIL) discovered malware potentially targeting organizations in Vietnam, especially those in the Telemarketing or Sales sectors. The initial infection vector is unknown at present.
This malware was discovered being delivered via a malicious ZIP archive containing an .LNK file disguised as a .PDF and an XML project file masquerading as a .PNG file, designed to deceive users into opening the fake PDF file. When executed, the shortcut file copies an XML project file to the Temp directory and initiates a command that creates a scheduled task running every 15 minutes. This task launches |
Malware Tool Vulnerability Threat | ★★★ | |
|
2025-02-05 05:30:12 | Zero Trust Principles for Critical Infrastructure Security (lien direct) | The cyber threat to critical infrastructure has never been greater. The growing sophistication of cybercriminals, deteriorating geopolitical relations, and the convergence of operational technology (OT) and information technology (IT) have created unprecedented risks for critical infrastructure organizations. Fortunately, resources are available to help these organizations protect themselves. In late October 2024, the Cloud Security Alliance (CSA) released Zero Trust Guidance for Critical Infrastructure, a systematic, five-step roadmap to help the world\'s most important organizations...
The cyber threat to critical infrastructure has never been greater. The growing sophistication of cybercriminals, deteriorating geopolitical relations, and the convergence of operational technology (OT) and information technology (IT) have created unprecedented risks for critical infrastructure organizations. Fortunately, resources are available to help these organizations protect themselves. In late October 2024, the Cloud Security Alliance (CSA) released Zero Trust Guidance for Critical Infrastructure, a systematic, five-step roadmap to help the world\'s most important organizations... |
Threat Cloud | ★★★ | |
|
2025-02-04 20:21:09 | Google Fixes Android Kernel Zero-Day Exploit Actively Used In Attacks (lien direct) | Google on Monday released its February 2025 security patches, which address 48 vulnerabilities, including a critical zero-day vulnerability affecting the Android kernel that was being actively exploited in attacks.
Tracked as CVE-2024-53104, the zero-day flaw has been described as a high-severity issue affecting the Android Kernel\'s USB Video Class (UVC) driver.
What\'s the vulnerability?
This vulnerability is a privilege escalation security flaw in Android\'s USB Video Class driver, which if exploited, can allow an authenticated attacker to elevate privileges in low-complexity attacks on targeted devices.
The zero-day flaw resides in the uvc_parse_format function. Improper parsing of UVC_VS_UNDEFINED type frames can cause the buffer size of frames to be miscalculated.
This can lead to out-of-bounds writes since frames of this type were not considered when calculating the frame buffer size in uvc_parse_streaming.
This can potentially allow attackers to execute arbitrary code on a vulnerable Android phone or trigger denial-of-service conditions.
“In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming,” reads the advisory.
“There are indications that CVE-2024-36971 may be under limited, targeted exploitation”, the search giant noted in its February 2025 monthly Android security advisory.
Additionally, Google addressed a critical security flaw, CVE-2024-45569 (CVSS score of 9.8), in Qualcomm\'s WLAN component. Qualcomm states this flaw is a memory corruption issue caused by an Improper Validation of the Array Index in WLAN Host Communication when parsing the ML IE due to invalid frame content.
Patches Released
Google has released two patch sets, the 2025-02-01 and 2025-02-05 security patch levels, as part of the February 2025 security updates.
While Google Pixel devices receive security updates immediately, other manufacturers may experience delays due to the additional testing required to ensure the security patches are compatible with various hardware configurations.
Hence, Android users are strongly advised to install the 2025-02-01 and 2025-02-05 security patch levels as soon as possible to safeguard their devices and themselves from major security threats.
Google on Monday released its February 2025 security patches, which address 48 vulnerabilities, including a critical zero-day vulnerability affecting the Android kernel that was being actively exploited in attacks. Tracked as CVE-2024-53104, the zero-day flaw has been described as a high-severity issue affecting the Android Kernel\'s USB Video Class (UVC) driver. What\'s the vu |
Vulnerability Threat Mobile | ★★★ |
To see everything:
Our RSS (filtrered)
