What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2025-01-10 09:36:20 | Bringing Shadow Admins Out of the Shadows (lien direct) | In today\'s rapidly evolving IT landscape most organizations rely heavily on IT systems to streamline operations and stay competitive. While some of these systems are managed and secured by IT and security departments, increasingly many are not because they are not officially sanctioned. They are often referred to as shadow IT, shadow clouds, shadow VPNs and shadow password managers. To this “shadow” list should be added shadow admins. These are individuals who have administrative or privileged roles within specific IT systems-and they haven\'t been formally authorized for this privilege. In this blog post we\'ll cover why shadow admins are so risky and what you can do about them. Who are shadow IT admins? Shadow IT admins typically have technical or functional expertise. As such, they may set up, configure or manage certain services. Often these admins act out of a desire to address immediate business needs. However, they often don\'t have a plan for long-term management. Neither do they typically consider the organization\'s governance, risk and compliance (GRC) requirements. As a result, their actions can lead to significant risks for the organization, especially if they are not well-versed in security best practices or the organization\'s GRC policies. What happens if they are managing systems that contain sensitive data or support critical business processes? Why do shadow IT admins exist? Shadow IT admins usually emerge when people get frustrated with official processes and priorities when it comes to acquiring and managing IT. Here are some common issues: Slow IT response. Functional teams inside an organization might need an IT solution immediately but find that the IT department is bogged down by slow approval or long deployment queues. Lack of resources. IT departments may not have the bandwidth to address every request, leading individuals or departments to take matters into their own hands. Unmet needs. Business units and their associated shadow admins often introduce services or systems that they believe will serve them better than what they can access through approved and supported systems. Innovation and agility. In some cases, shadow IT admins are driven by a desire for innovation. They might be introducing new tools or technologies that can drive the business forward but do so outside the official IT structure. And as part of this they take on IT admin ownership of the unsanctioned system. The risks of shadow IT admins While shadow IT admins often have good intentions, they can unwittingly expose the organization to a variety of risks. Attackers can exploit these accounts to perform privileged actions, like creating backdoors, altering security settings, exfiltrating sensitive data or bringing down systems all together. Attackers can also use these accounts to hide their tracks. This enables them to avoid detection so that they can maintain control over the compromised system. There are also shadow admin risks that are associated with Active Directory. Threat actors can use shadow admin accounts in Active Directory to take control of directory services, reset passwords and escalate their privileges. What\'s more, by identifying these accounts, attackers can elevate their access level-and they often don\'t need additional exploits to do it, either. One reason shadow admin accounts are such a significant risk is because they often go unnoticed until well after they\'ve been exploited. For a recent highly public example of a breach that involved shadow IT and shadow admin accounts, check out Microsoft\'s Midnight Blizzard attack. 6 Ways that shadow admins add risk to organizations These are six areas where shadow admins cause an impact. 1: Security vulnerabilities Shadow IT admins often bypass critical security processes that have been set up by the IT department. This can lead to various security risks, such as: Weak access controls. Shadow IT ad | Ransomware Data Breach Tool Threat Cloud Technical | ★★★ | |
 |
2025-01-10 09:15:00 | Fake PoC Exploit Targets Security Researchers with Infostealer (lien direct) | Trend Micro detailed how attackers are using a fake proof-of-concept for a critical Microsoft vulnerability, designed to steal sensitive data from security researchers
Trend Micro detailed how attackers are using a fake proof-of-concept for a critical Microsoft vulnerability, designed to steal sensitive data from security researchers |
Vulnerability Threat Prediction | ★★★ | |
 |
2025-01-09 22:59:00 | Major Vulnerabilities Patched in SonicWall, Palo Alto Expedition, and Aviatrix Controllers (lien direct) | Palo Alto Networks has released software patches to address several security flaws in its Expedition migration tool, including a high-severity bug that an authenticated attacker could exploit to access sensitive data.
"Multiple vulnerabilities in the Palo Alto Networks Expedition migration tool enable an attacker to read Expedition database contents and arbitrary files, as well as create and
Palo Alto Networks has released software patches to address several security flaws in its Expedition migration tool, including a high-severity bug that an authenticated attacker could exploit to access sensitive data. "Multiple vulnerabilities in the Palo Alto Networks Expedition migration tool enable an attacker to read Expedition database contents and arbitrary files, as well as create and |
Tool Vulnerability Threat | ★★★ | |
 |
2025-01-09 18:16:49 | Harnessing AI for Proactive Threat Intelligence and Advanced Cyber Defense (lien direct) | Discover how AI revolutionizes cybersecurity with real-time threat detection, adaptive protection, and advanced data protection to combat evolving…
Discover how AI revolutionizes cybersecurity with real-time threat detection, adaptive protection, and advanced data protection to combat evolving… |
Threat | ★★★ | |
 |
2025-01-09 17:16:38 | Zero-Day Vulnerability in Ivanti VPN (lien direct) | It’s being actively exploited.
It’s being actively exploited. |
Vulnerability Threat | ★★★ | |
 |
2025-01-09 17:09:03 | New zero-day exploit targets Ivanti VPN product (lien direct) | >Mandiant says it found malware in impacted devices associated with a Chinese-linked threat group.
>Mandiant says it found malware in impacted devices associated with a Chinese-linked threat group. |
Malware Vulnerability Threat | ★★★ | |
|
2025-01-09 16:14:00 | MirrorFace Leverages ANEL and NOOPDOOR in Multi-Year Cyberattacks on Japan (lien direct) | Japan\'s National Police Agency (NPA) and National Center of Incident Readiness and Strategy for Cybersecurity (NCSC) accused a China-linked threat actor named MirrorFace of orchestrating a persistent attack campaign targeting organizations, businesses, and individuals in the country since 2019.
The primary objective of the attack campaign is to steal information related to Japan\'s national
Japan\'s National Police Agency (NPA) and National Center of Incident Readiness and Strategy for Cybersecurity (NCSC) accused a China-linked threat actor named MirrorFace of orchestrating a persistent attack campaign targeting organizations, businesses, and individuals in the country since 2019. The primary objective of the attack campaign is to steal information related to Japan\'s national |
Threat Legislation | ★★★ | |
|
2025-01-09 15:05:00 | Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection (lien direct) | Threat actors are attempting to take advantage of a recently disclosed security flaw impacting GFI KerioControl firewalls that, if successfully exploited, could allow malicious actors to achieve remote code execution (RCE).
The vulnerability in question, CVE-2024-52875, refers to a carriage return line feed (CRLF) injection attack, paving the way for HTTP response splitting, which could then
Threat actors are attempting to take advantage of a recently disclosed security flaw impacting GFI KerioControl firewalls that, if successfully exploited, could allow malicious actors to achieve remote code execution (RCE). The vulnerability in question, CVE-2024-52875, refers to a carriage return line feed (CRLF) injection attack, paving the way for HTTP response splitting, which could then |
Vulnerability Threat | ★★★ | |
 |
2025-01-09 13:00:22 | Cracking the Code: How Banshee Stealer Targets macOS Users (lien direct) | >Executive Summary: Since September, Check Point Research (CPR) has been monitoring a new version of the Banshee macOS Stealer, a malware that steals browser credentials, cryptocurrency wallets, and other sensitive data. Undetected for over two months, Banshee’s latest version introduced string encryption taken from Apple’s XProtect, likely causing antivirus detection systems to overlook the malware Threat actors distributed Banshee using phishing websites and fake GitHub repositories, often impersonating popular software like Chrome and Telegram. A key update in the new version removed a Russian language check, expanding the malware’s potential targets. The Banshee Stealer highlights the growing risks to macOS […]
>Executive Summary: Since September, Check Point Research (CPR) has been monitoring a new version of the Banshee macOS Stealer, a malware that steals browser credentials, cryptocurrency wallets, and other sensitive data. Undetected for over two months, Banshee’s latest version introduced string encryption taken from Apple’s XProtect, likely causing antivirus detection systems to overlook the malware Threat actors distributed Banshee using phishing websites and fake GitHub repositories, often impersonating popular software like Chrome and Telegram. A key update in the new version removed a Russian language check, expanding the malware’s potential targets. The Banshee Stealer highlights the growing risks to macOS […] |
Malware Threat | ★★★ | |
 |
2025-01-09 11:11:20 | Google: Chinese hackers likely behind Ivanti VPN zero-day attacks (lien direct) | Hackers exploiting the critical Ivanti Connect Secure zero-day vulnerability disclosed yesterday installed on compromised VPN appliances new malware called \'Dryhook\' and \'Phasejam\' that is not currently associated with any threat group. [...]
Hackers exploiting the critical Ivanti Connect Secure zero-day vulnerability disclosed yesterday installed on compromised VPN appliances new malware called \'Dryhook\' and \'Phasejam\' that is not currently associated with any threat group. [...] |
Malware Vulnerability Threat | ★★★ | |
 |
2025-01-09 10:04:39 | CISA\\'s Greene details focus on strengthening cybersecurity resilience with KEV Catalog, CPGs, PRNI initiatives (lien direct) | >As the U.S. critical infrastructure sector operates under continuous threat from nation-state cyber adversaries and cybercriminal organizations around...
>As the U.S. critical infrastructure sector operates under continuous threat from nation-state cyber adversaries and cybercriminal organizations around... |
Threat | ★★★ | |
|
2025-01-09 09:45:00 | Critical Ivanti Zero-Day Exploited in the Wild (lien direct) | Ivanti customers are urged to patch two new bugs in the security vendor\'s products, one of which is being actively exploited
Ivanti customers are urged to patch two new bugs in the security vendor\'s products, one of which is being actively exploited |
Vulnerability Threat | ★★★ | |
 |
2025-01-09 07:00:00 | Seven Trends to Watch for in 2025 (lien direct) | *No generative AI was used by the author Rapid Rate of Change Still Powering Technology Here we are a quarter of the way through the 21st century and the rate of change in technology shows no signs of slowing. And, while we are not quite the jet-setting hipsters that cartoons of the 1960’s predicted, we are living in a world where everything and everyone is connected. We all want our technology to work seamlessly, frictionless, and securely. With that idea of being secure and safe with the technology we rely on, let’s look at where 2025 may take us. Security and the Business Come Closer Together to Build Resilience Humans have a way of building silos to solve problems, and once established, those silos are difficult to eradicate. The removal of silos allows for more collaboration and integration to build predictable and efficient systems that are more reliable. This eradication of silos and working together is exactly where security teams need to be. Security is something every team needs to focus on. The line of business and the security team can no longer be isolated from one another. If security teams understand the critical few objectives of the business, the greater alignment will deliver positive results. In 2025, expect every member of an organization to begin to understand and accept their role in security and watch for the line of business move to being more resilient by aligning with security. Multi-Factor Authentication (MFA) Commitment MFA may appear tactical, but in 2024 we saw the damage that the lack of this control could spawn. Systems lacking MFA can have broad impact across the supply chain and for an extended period. While many organizations bolstered their commitment to MFA in 2024, the industry needs to be proactive with demanding MFA usage. Security hygiene needs to include strong advice on why MFA is a critical component of digital safety. In 2025, expect MFA to be a built-in requirement for use cases of all types. Non-Human identity With the proliferation of “things” connected to the internet, the need for non-humans to have credentials is essential. However, just as it is essential to have identity access management (IAM) for non-humans as it is for non-human identity (NHI). These NHIs are associated with apps and devices and are in expansion mode to handle containers, cloud integrations, microservices, etc. Machine-to-machine access and authentication requires NHIs. In 2025, watch for CISOs and governance teams grapple with how to manage NHIs. As the volume of NHIs grow and the software supply chain becomes more unwieldy, effective management of NHIs will become a necessity. Non-Functional Requirements (Performance and Security) In the early years of the 21st century, we moved to the concept of gamification for both personal and enterprise software. However, we are not necessarily hyper-cognizant of two critical non-functional requirements (NFR) – performance and security. I am an eternal optimist and truly believe that as silos start to erode, performance and security will rise to the same level of functional requirements in systems engineering. The secure-by-design movement is a big step in the right direction to bringing both security and performance to | Tool Vulnerability Threat Cloud | ★★★ | |
 |
2025-01-09 00:00:00 | Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit (lien direct) | Our blog entry discusses a fake PoC exploit for LDAPNightmare (CVE-2024-49113) that is being used to distribute information-stealing malware.
Our blog entry discusses a fake PoC exploit for LDAPNightmare (CVE-2024-49113) that is being used to distribute information-stealing malware. |
Malware Threat | ★★★ | |
|
2025-01-08 18:35:29 | Aborder l'exploitation de la peur du rayonnement: un guide d'auto-évaluation pour contrer la désinformation Addressing the Exploitation of Radiation Fear: A Self-Assessment Guide to Counter Disinformation (lien direct) |
In December 2024, two events -drone sightings in the US and Israel\'s strike on Syria\'s weapon depots- were followed by orchestrated reports of detected radiation spikes. Some media outlets took these dubious reports (with millions of views) that originated from social media , and published pieces based on them. In one of these cases, the actors behind the disinformation campaign exploited a real-time radiation map, which is maintained by a private company that manufactures personal dosimeters, to sustain the narrative.Kim Zetter has recently published "Anatomy of a Nuclear Scare", an article that covers this issue.This trend does not come as a surprise, as radioactivity is one of those few things that can collectively trigger significant levels of societal anxiety and emotional, rather than rational, response, which is often disproportionate to the actual physical risks it poses. This radiation fear has been shaped during years by a mix of cultural, historical, and media-driven narratives. In recent years, increasing geopolitical instability, the ever-growing influence of social media, the return of magical thinking and the precariousness and discrediting of traditional sources of information have resulted in a constant flow of misinformation.. It\'s no coincidence that successful campaigns can be executed with limited resources, compared to traditional manipulation activities, and still have the potential to go viral, maximizing ROI.Despite the fact that these campaigns explicitly exploited-or leveraged-publicly available online resources providing real-time radiation levels, in most cases, the actions were simplistic and carried out without the need for specialized \'cyber\' skills or expertise. So far, the only exception to this trend can be found in Chernobyl\'s post-invasion radiation spikes from 2022.I see no reason to believe that we won\'t likely see similar campaigns in the near future. I also acknowledge that this topic is not everyone\'s cup of tea. You may not have the time or interest to go through detailed technical explanations of radioactivity from both physics and cybersecurity perspectives. However, for those who are really interested in that kind of in-depth reading, I\'ve published comprehensive research papers on this topic.So, I thought it might be useful to put together this publication, which is merely intended to serve as an \'emergency guide\' to quickly grasp a set of simple yet sound principles that hopefully can help everyone, regardless of their background, to approach radioactivity-related reports with a critical eye. Armed with these fundamentals of radiation monitoring, we\'ll learn how to quickly discern between stories that make sense and those that don\'t hold water.An Emergency Guide to Understanding Radioactivity and Radiation MonitoringLet\'s say that you want to build a simple cabin in a small plot of land you have in the woods. The foundations should be stable enough to ensure the structure does not collapse just right after finishing it. However, you have an unusual constraint: the only material you can use is balloons. Common sense suggests that, although balloons are not the ideal material, the best way to use them would be to keep them completely deflated. Anything built using inflated balloons will not last long; it depends on the quality of the material the balloon is made of, but everybody acknowl | Tool Threat Industrial Prediction Technical | ★★★ | |
 |
2025-01-08 17:17:18 | What are Botnets and How Darktrace Uncovers Them (lien direct) | Learn how Darktrace detected and implemented defense protocols against Socks5Systemz botnet before any threat to intelligence had been published.
Learn how Darktrace detected and implemented defense protocols against Socks5Systemz botnet before any threat to intelligence had been published. |
Threat | ★★★ | |
|
2025-01-08 17:11:43 | Darktrace Threat Research Investigates Raspberry Robin Worm (lien direct) | The Darktrace Threat Research team investigates Raspberry Robin, an evasive worm in USB drives. Learn how to protect yourself from this malicious variant.
The Darktrace Threat Research team investigates Raspberry Robin, an evasive worm in USB drives. Learn how to protect yourself from this malicious variant. |
Threat | ★★★ | |
|
2025-01-08 16:14:31 | Cleo File Transfer Vulnerability: Patch Pitfalls and Darktrace\\'s Detection of Post-Exploitation Activities (lien direct) | File transfer applications are prime targets for ransomware groups due to their critical role in business operations. Recent vulnerabilities in Cleo\'s MFT software, namely CVE-2024-50623 and CVE-2024-55956, highlight ongoing risks. Read more about the Darktrace Threat Research team\'s investigation into these vulnerabilities.
File transfer applications are prime targets for ransomware groups due to their critical role in business operations. Recent vulnerabilities in Cleo\'s MFT software, namely CVE-2024-50623 and CVE-2024-55956, highlight ongoing risks. Read more about the Darktrace Threat Research team\'s investigation into these vulnerabilities. |
Ransomware Vulnerability Threat | ★★★ | |
|
2025-01-08 15:43:34 | Ivanti warns of new Connect Secure flaw used in zero-day attacks (lien direct) | Ivanti is warning that a new Connect Secure remote code execution vulnerability tracked as CVE-2025-0282 was exploited in zero-day attacks to install malware on appliances. [...]
Ivanti is warning that a new Connect Secure remote code execution vulnerability tracked as CVE-2025-0282 was exploited in zero-day attacks to install malware on appliances. [...] |
Malware Vulnerability Threat | ★★★ | |
 |
2025-01-08 15:00:00 | New AI-Focused Modules in Our Security Awareness and Training Service (lien direct) | Leaders know that employees can be a solid first line of defense against cyber incidents if they have the proper knowledge and understand how to spot a potential attack. However, as threat actors increasingly embrace AI to enhance the volume and velocity of their efforts, executives everywhere are growing concerned that attacks will become more difficult for personnel to identify.
Leaders know that employees can be a solid first line of defense against cyber incidents if they have the proper knowledge and understand how to spot a potential attack. However, as threat actors increasingly embrace AI to enhance the volume and velocity of their efforts, executives everywhere are growing concerned that attacks will become more difficult for personnel to identify. |
Threat | ★★★ | |
 |
2025-01-08 14:29:34 | Shrinking the haystack: The six phases of cloud threat detection (lien direct) | Red Canary parses through 6 billion telemetry records per day to detect threats in our customers\' cloud environments. Here\'s how we do it.
Red Canary parses through 6 billion telemetry records per day to detect threats in our customers\' cloud environments. Here\'s how we do it. |
Threat Cloud | ★★★ | |
|
2025-01-08 14:29:01 | Shrinking the haystack: Building a cloud threat detection engine (lien direct) | A step-by-step guide to building a framework for ingesting billions of cloud telemetry records to detect and respond to cyber threats
A step-by-step guide to building a framework for ingesting billions of cloud telemetry records to detect and respond to cyber threats |
Threat Cloud | ★★★ | |
 |
2025-01-08 14:00:00 | Ivanti Connect Secure VPN Targeted in New Zero-Day Exploitation (lien direct) | Written by: John Wolfram, Josh Murchie, Matt Lin, Daniel Ainsworth, Robert Wallace, Dimiter Andonov, Dhanesh Kizhakkinan, Jacob Thompson
Note: This is a developing campaign under active analysis by Mandiant and Ivanti. We will continue to add more indicators, detections, and information to this blog post as needed. On Wednesday, Jan. 8, 2025, Ivanti disclosed two vulnerabilities, CVE-2025-0282 and CVE-2025-0283, impacting Ivanti Connect Secure (“ICS”) VPN appliances. Mandiant has identified zero-day exploitation of CVE-2025-0282 in the wild beginning mid-December 2024. CVE-2025-0282 is an unauthenticated stack-based buffer overflow. Successful exploitation could result in unauthenticated remote code execution, leading to potential downstream compromise of a victim network. Ivanti and its affected customers identified the compromise based on indications from the company-supplied Integrity Checker Tool (“ICT”) along with other commercial security monitoring tools. Ivanti has been working closely with Mandiant, affected customers, government partners, and security vendors to address these issues. As a result of their investigation, Ivanti has released patches for the vulnerabilities exploited in this campaign and Ivanti customers are urged to follow the actions in the Security Advisory to secure their systems as soon as possible. Mandiant is currently performing analysis of multiple compromised Ivanti Connect Secure appliances from multiple organizations. The activity described in this blog utilizes insights collectively derived from analysis of these infected devices and have not yet conclusively tied all of the activity described below to a single actor. In at least one of the appliances undergoing analysis, Mandiant observed the deployment of the previously observed SPAWN ecosystem of malware (which includes the SPAWNANT installer, SPAWNMOLE tunneler and the SPAWNSNAIL SSH backdoor). The deployment of the SPAWN ecosystem of malware following the targeting of Ivanti Secure Connect appliances has been attributed to |
Malware Tool Vulnerability Threat Industrial Cloud Commercial | ★★★ | |
|
2025-01-08 14:00:00 | Scammers Exploit Microsoft 365 to Target PayPal Users (lien direct) | A new PayPal phishing scam used genuine money requests, bypassing security checks to deceive recipients
A new PayPal phishing scam used genuine money requests, bypassing security checks to deceive recipients |
Threat | ★★★ | |
|
2025-01-08 11:26:50 | Darktrace Recognized in the Gartner® Magic Quadrant™ for Email Security Platforms (lien direct) | Darktrace is proud to announce we\'ve been recognized as a Challenger in our first appearance in the Gartner® Magic Quadrant™ for Email Security. In the report you\'ll get key insights into the evolving email threat landscape, the requirements of a modern email security platform and the role of AI in advanced threat detection.
Darktrace is proud to announce we\'ve been recognized as a Challenger in our first appearance in the Gartner® Magic Quadrant™ for Email Security. In the report you\'ll get key insights into the evolving email threat landscape, the requirements of a modern email security platform and the role of AI in advanced threat detection. |
Threat | ★★★ | |
|
2025-01-08 08:30:46 | UN aviation agency confirms recruitment database security breach (lien direct) | The United Nations\' International Civil Aviation Organization (ICAO) has confirmed that a threat actor has stolen approximately 42,000 records after hacking into its recruitment database. [...]
The United Nations\' International Civil Aviation Organization (ICAO) has confirmed that a threat actor has stolen approximately 42,000 records after hacking into its recruitment database. [...] |
Threat | ★★★ | |
|
2025-01-08 07:00:00 | Google\\'s Willow Quantum Chip and Its Potential Threat to Current Encryption Standards (lien direct) | Introduction: Google\'s recent announcement of their Willow quantum processor marks a significant advancement in quantum computing technology while raising questions about the security and sustainability of current encryption methods. As quantum computers grow more powerful, cybersecurity experts grow increasingly concerned about their potential to break widely used encryption standards that protect sensitive data worldwide. Quantum vs. Traditional Computing: Google’s Willow quantum processor is a leap forward in quantum computing capabilities, particularly in its approach to error correction and qubit stability. Unlike traditional computers that process information in bits (either 0s or 1s), quantum computers use quantum bits or qubits that can exist in multiple states at the same time. Because of this, quantum computers can test millions of combinations simultaneously instead of one at a time. This fundamental difference allows quantum computers to solve certain types of problems exponentially faster than classical computers, including the mathematical problems that form the foundation of today\'s encryption standards. When tested, Willow performed a standard computation in under five minutes that would take one of today’s fastest supercomputers 10 septillion years - a number that exceeds the age of the universe (Google). Current Encryption Standards: Current encryption methods such as RSA (Rivest-Shamir-Adleman) and ECC (Elliptic Curve Cryptography) rely on mathematical problems that are extremely difficult for classical computers to solve. These algorithms protect everything from financial transactions to government communications and personal data. However, quantum computers equipped with a significant amount of qubits and stability could potentially break these encryption methods in hours or days, rather than the millions of years it would take classical computers. The threat to current encryption standards isn\'t immediate, but it\'s becoming more concrete. In the last two years, quantum computing capabilities have advanced significantly, with Google\'s Willow chip demonstrating unprecedented levels of qubit coherence and error correction. However, quantum computers would need 13 million qubits | Threat Technical | ★★★ | |
 |
2025-01-08 00:00:00 | WatchGuard acquiert ActZero pour proposer une sécurité boostée par l\'IA, évolutive et ouverte, afin d\'offrir des services MDR simplifiés 24 h/24 et 7 j/7 (lien direct) | SEATTLE – 8 JANVIER 2025 – WatchGuard® Technologies, leader mondial de la cybersécurité unifiée, a annoncé aujourd\'hui l\'acquisition d\'ActZero, un fournisseur phare de services MDR offrant une réponse proactive, rapide et automatisée aux menaces, ainsi qu\'une analyse des menaces multiplateforme pilotée par l\'IA et conçue pour devancer les menaces au rythme machine. WatchGuard a acquis ActZero, réputé pour ses services de cybersécurité simplifiés, afin d\'étendre et de perfectionner son service MDR innovant 24 h/24 et 7 j/7. Le personnel et les services d\'ActZero renforceront WatchGuard MDR, élargissant davantage notre plateforme de sécurité unifiée permettant de fournir des services de sécurité efficaces et puissants à une échelle et une vitesse accrues. Cette acquisition permet aux fournisseurs de services managés (MSP) de bénéficier de gains d\'efficacité opérationnelle, démontrant une fois de plus pourquoi WatchGuard est le fournisseur de plateforme de cybersécurité préféré des MSP. " En raison de la montée en puissance de notre service MDR tout au long de l\'année, il nous était apparu nécessaire de procéder à une mise à l\'échelle sans tarder ", a déclaré Prakash Panjwani, CEO de WatchGuard Technologies. " L\'acquisition d\'ActZero permet à WatchGuard de gagner en capacité et en extensibilité, et d\'acquérir une nouvelle technologie qui permettra à notre service MDR de couvrir l\'ensemble de la gamme de produits WatchGuard ainsi que celles de tiers. Grâce à cette extension, nous pouvons gérer efficacement une base de partenaires plus importante, en instaurant un climat de confiance avec ces derniers en vue de leur permettre d\'ajouter facilement d\'autres services au fur et à mesure de l\'extension de nos capacités en matière de MDR. ActZero a conçu son service en tenant compte de ce type d\'expérience client à grande échelle. " La technologie et les équipes d\'ActZero constituent la base de la gamme de produits MDR de WatchGuard. Géré par une équipecomposée d\'experts en sécurité et s\'appyant sur l\'IA, son service offre un soutien flexible adapté aux besoins opérationnels des MSP, notamment : Des capacités MDR éprouvées et extensibles, impliquant notamment une fonction d\'assistance à la clientèle efficace, des procédures d\'intégration et une équipe d\'experts SOC. Des outils de plateforme de pointe tirant parti du Machine Learning pour une sécurité automatisée, efficace et performante en réduisant le nombre de faux positifs. Une architecture ouverte qui s\'étend au-delà de la sécurité des endpoints WatchGuard aux Firebox managés et aux services tiers tels que Microsoft Defender. " WatchGuard partage notre engagement à fournir des services MDR de pointe et à simplifier la gestion de la cybersécurité pour les MSP ", souligne Hal Libby, General Manager, Managed Services chez WatchGuard Technologies. " Nous sommes ravis que davantage de MSP puissent tirer parti des capacités de notre plateforme, et que nous puissions, avec WatchGuard, accélérer l\'expansion des produits MDR à l\'avenir. " La détection et la réponse managées (MDR) assurent une surveillance continue des environnements informatiques (Cloud, on-premise, endpoint, identité…) pour lutter contre les agents intrusifs et les logiciels malveillants latents, idéalement avant qu\'ils ne créent des dommage | Tool Threat | ★★★ | |
 |
2025-01-07 23:28:48 | CISA: Recent Government Hack Only Affected US Treasury (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday said that last week\'s cybersecurity incident was only limited to the U.S. Department of the Treasury, and had no wider government impact.
“At this time, there is no indication that any other federal agencies have been impacted by this incident. CISA continues to monitor the situation and coordinate with relevant federal authorities to ensure a comprehensive response,” the CISA said in a statement issued on Monday.
This update follows the US Treasury Department’s disclosure last Monday about a Chinese state-sponsored hacker breach of its agency\'s workstations in early December, which it described as a “major cybersecurity incident.” The cybercriminals had compromised BeyondTrust, a third-party vendor that provides identity and remote support for Treasury workstations.
In a letter shared with senior U.S. House lawmakers last week, the agency said that BeyondTrust notified them of the breach on December 8th.
According to the letter, the Chinese state-sponsored hackers used a Remote Support SaaS API key stolen from BeyondTrust to override the service\'s security, remotely access certain Treasury Departmental Offices (DO) user workstations, and access certain unclassified documents maintained by the employees. However, it is unclear how the BeyondTrust key was stolen.
“Based on available indicators, the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor. In accordance with Treasury policy, intrusions attributable to an APT are considered a major cybersecurity incident,” the letter added.
In a statement this Monday, CISA said it “is working closely with the Treasury Department and BeyondTrust to understand and mitigate the impacts of the recent cybersecurity incident.”
The federal cyber watchdog added, “The security of federal systems and the data they protect is of critical importance to our national security. We are working aggressively to safeguard against any further impacts and will provide updates, as appropriate.”
In accordance with legal requirements, the Treasury Department has committed to providing lawmakers with an update within 30 days.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday said that last week\'s cybersecurity incident was only limited to the U.S. Department of the Treasury, and had no wider government impact. “At this time, there is no indication that any other federal agencies have been impacted by this incident. CISA continues to monitor the situation and coordinate with relevant federal authorities to ensure a comprehensive response,” the CISA said in a statement issued on Monday. This update follows the US Treasury Department’s disclosure last Monday about a Chinese state-sponsored hacker breach of its agency\'s workstations in early December, which it described as a “major cybersecurity incident.” The cybercriminals had compromised BeyondTrust, a third-party vendor that provides identity and remote support for Treasury workstations. In a letter shared with senior U.S. House lawmakers last week, the agency said that BeyondTrust notified them of the breach on December 8th. According to the letter, the Chinese state-sponsored hackers used a Remote Support SaaS API key stolen from BeyondTrust to override the service\'s security, remotely access certain Treasury Departmental Offices (DO) user workstations, and access certain unclassified documents maintained by the employees. However, it is unclear how the BeyondTrust key was stolen. “Based on ava |
Hack Threat Cloud | ★★★ | |
|
2025-01-07 23:26:09 | PowerSchool hack exposes student, teacher data from K-12 districts (lien direct) | Education software giant PowerSchool has confirmed it suffered a cybersecurity incident that allowed a threat actor to steal the personal information of students and teachers from school districts using its PowerSchool SIS platform. [...]
Education software giant PowerSchool has confirmed it suffered a cybersecurity incident that allowed a threat actor to steal the personal information of students and teachers from school districts using its PowerSchool SIS platform. [...] |
Hack Threat | ★★ | |
|
2025-01-07 18:34:51 | News alert: CyTwist launches threat detection engine tuned to identify AI-driven malware in minutes (lien direct) | >Ramat Gan, Israel, January 7th, 2025, CyberNewswire — CyTwist, a leader in advanced next-generation threat detection solutions, has launched its patented detection engine to combat the insidious rise of AI-generated malware.
 The cybersecurity landscape is evolving as attackers harness … (more…)
The post News alert: CyTwist launches threat detection engine tuned to identify AI-driven malware in minutes first appeared on The Last Watchdog.
>Ramat Gan, Israel, January 7th, 2025, CyberNewswire — CyTwist, a leader in advanced next-generation threat detection solutions, has launched its patented detection engine to combat the insidious rise of AI-generated malware. The cybersecurity landscape is evolving as attackers harness … (more…)
The post News alert: CyTwist launches threat detection engine tuned to identify AI-driven malware in minutes first appeared on The Last Watchdog. |
Malware Threat | ★★★ | |
|
2025-01-07 13:00:27 | Brand Impersonation Scam Hijacks Travel Agency Accounts (lien direct) | >Recently, within the span of a week, a new and extensive phishing campaign compromised more than 7,300 businesses and 40,000 individuals around the world. The most heavily impacted regions are the United States (75%) and the European Union (10%). The hackers are impersonating brands and presenting fake email-based offers. Hackers\' objectives center around driving malicious downloads and collecting harvested credentials that they can exploit for their own financial gain. The Full Story: The campaign hinges on the use of hacked accounts – belonging to the travel agency known as Riya – to send email messages. Messages from the accounts weaponize […]
>Recently, within the span of a week, a new and extensive phishing campaign compromised more than 7,300 businesses and 40,000 individuals around the world. The most heavily impacted regions are the United States (75%) and the European Union (10%). The hackers are impersonating brands and presenting fake email-based offers. Hackers\' objectives center around driving malicious downloads and collecting harvested credentials that they can exploit for their own financial gain. The Full Story: The campaign hinges on the use of hacked accounts – belonging to the travel agency known as Riya – to send email messages. Messages from the accounts weaponize […] |
Threat | ★★★ | |
 |
2025-01-07 12:51:55 | UN aviation agency \\'actively investigating\\' cybercriminal\\'s claimed data breach (lien direct) | The International Civil Aviation Organization (ICAO) said it was responding to claims of a data breach “allegedly linked to a threat actor known for targeting international organizations.”
The International Civil Aviation Organization (ICAO) said it was responding to claims of a data breach “allegedly linked to a threat actor known for targeting international organizations.” |
Data Breach Threat | ★★★ | |
 |
2025-01-07 05:19:40 | Greece\\'s 2024 Cyber Threat Landscape: A Year of Increased and Varied Attacks (lien direct) | The year 2024 proved challenging for cybersecurity in Greece, with a significant surge in the volume and sophistication of cyberattacks. Ransomware attacks, Distributed Denial-of-Service (DDoS) attacks, and Advanced Persistent Threats (APTs) all significantly disrupted businesses, government services, and critical infrastructure. Efstratios Lontzetidis, a Cyber Threat Intelligence Researcher based in Greece, provided a compelling round up [...]
The year 2024 proved challenging for cybersecurity in Greece, with a significant surge in the volume and sophistication of cyberattacks. Ransomware attacks, Distributed Denial-of-Service (DDoS) attacks, and Advanced Persistent Threats (APTs) all significantly disrupted businesses, government services, and critical infrastructure. Efstratios Lontzetidis, a Cyber Threat Intelligence Researcher based in Greece, provided a compelling round up [...] |
Ransomware Threat | ★★★ | |
 |
2025-01-06 23:30:00 | La sécurisation des données : une expertise indispensable dans un contexte de menaces cyber croissantes (lien direct) | La sécurisation des données : une expertise indispensable dans un contexte de menaces cyber croissantes par Jean-Marc Rietsch groupe Pineappli FISAM
-
Points de Vue
/
primetime,
PINEAPPLI
La sécurisation des données : une expertise indispensable dans un contexte de menaces cyber croissantes par Jean-Marc Rietsch groupe Pineappli FISAM - Points de Vue / primetime, PINEAPPLI |
Threat | ★★★ | |
|
2025-01-06 23:24:54 | Usman Choudhary, Chief Product & Technology Officer, VIPRE Security Group, offers his thoughts on security trends that will dominate in 2025 (lien direct) | SMEs a Target and AI Malware to Fuel Supply Chain Attacks, With Regulatory Burden Amplifying Security Training Urgency
2024 saw increasingly sophisticated cybersecurity threats as criminals leveraged all forms of AI to create difficult-to-detect phishing attacks, deepfakes, and ransomware incidents. To counter these, organisations adopted AI-driven security solutions including threat detection, automated incident response, and intelligent vulnerability management, to protect data and infrastructure. In 2025, as AI evolves further in sophistication and adoption, alongside the growing burden of data breach costs and regulation – in addition to implementing advanced cybersecurity measures, organisations must prioritise real-world security awareness training.
-
Opinion
SMEs a Target and AI Malware to Fuel Supply Chain Attacks, With Regulatory Burden Amplifying Security Training Urgency 2024 saw increasingly sophisticated cybersecurity threats as criminals leveraged all forms of AI to create difficult-to-detect phishing attacks, deepfakes, and ransomware incidents. To counter these, organisations adopted AI-driven security solutions including threat detection, automated incident response, and intelligent vulnerability management, to protect data and infrastructure. In 2025, as AI evolves further in sophistication and adoption, alongside the growing burden of data breach costs and regulation – in addition to implementing advanced cybersecurity measures, organisations must prioritise real-world security awareness training. - Opinion |
Ransomware Data Breach Malware Vulnerability Threat | ★★ | |
 |
2025-01-06 21:12:00 | FireScam Android Spyware Campaign Poses \\'Significant Threat Worldwide\\' (lien direct) | A fake Telegram Premium app delivers information-stealing malware, in a prime example of the rising threat of adversaries leveraging everyday applications, researchers say.
A fake Telegram Premium app delivers information-stealing malware, in a prime example of the rising threat of adversaries leveraging everyday applications, researchers say. |
Malware Threat Mobile | ★★ | |
|
2025-01-06 17:00:00 | From $22M in Ransom to +100M Stolen Records: 2025\\'s All-Star SaaS Threat Actors to Watch (lien direct) | In 2024, cyber threats targeting SaaS surged, with 7,000 password attacks blocked per second (just in Entra ID)-a 75% increase from last year-and phishing attempts up by 58%, causing $3.5 billion in losses (source: Microsoft Digital Defense Report 2024). SaaS attacks are increasing, with hackers often evading detection through legitimate usage patterns. The cyber threat arena saw standout
In 2024, cyber threats targeting SaaS surged, with 7,000 password attacks blocked per second (just in Entra ID)-a 75% increase from last year-and phishing attempts up by 58%, causing $3.5 billion in losses (source: Microsoft Digital Defense Report 2024). SaaS attacks are increasing, with hackers often evading detection through legitimate usage patterns. The cyber threat arena saw standout |
Threat Cloud | ★★★ | |
|
2025-01-06 13:26:22 | 6th January– Threat Intelligence Report (lien direct) | >For the latest discoveries in cyber research for the week of 6th January, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Check Point elaborated on the US Treasury Department cyber-attack that compromised employee workstations and classified documents. The breach, attributed to a China state-sponsored threat actor, involved unauthorized remote access using a security […]
>For the latest discoveries in cyber research for the week of 6th January, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Check Point elaborated on the US Treasury Department cyber-attack that compromised employee workstations and classified documents. The breach, attributed to a China state-sponsored threat actor, involved unauthorized remote access using a security […] |
Threat | ★★★ | |
|
2025-01-06 11:10:00 | New Infostealer Campaign Uses Discord Videogame Lure (lien direct) | Threat actors are tricking victims into downloading malware with the promise of testing a new videogame
Threat actors are tricking victims into downloading malware with the promise of testing a new videogame |
Malware Threat | ★★★ | |
 |
2025-01-06 10:38:18 | Innovating to Secure Software Supply Chains: Veracode Acquires Phylum, Inc. Technology for Enhanced Software Composition Analysis (lien direct) | The rise of emerging open-source threats presents a growing risk to organizations as attackers increasingly exploit vulnerabilities in widely used libraries, frameworks, and tools. In fact, most Software Composition Analysis (SCA) tools on the market today are unable to keep up with the volume of new overtly malicious activities in the open-source ecosystem.
To address the critical threat, I\'m excited to announce Veracode\'s acquisition of Phylum Inc.\'s technology to advance our capabilities in securing software supply chains. The addition of Phylum will help the market\'s ability to combat threats through the advanced detection and mitigation of malicious packages in open-source libraries.
The dependencies of software teams on open-source libraries and the threats targeting these libraries make detecting and blocking malicious packages more critical than ever. Malicious packages often contain code designed to extract sensitive information such as credentials, API…
The rise of emerging open-source threats presents a growing risk to organizations as attackers increasingly exploit vulnerabilities in widely used libraries, frameworks, and tools. In fact, most Software Composition Analysis (SCA) tools on the market today are unable to keep up with the volume of new overtly malicious activities in the open-source ecosystem. To address the critical threat, I\'m excited to announce Veracode\'s acquisition of Phylum Inc.\'s technology to advance our capabilities in securing software supply chains. The addition of Phylum will help the market\'s ability to combat threats through the advanced detection and mitigation of malicious packages in open-source libraries. The dependencies of software teams on open-source libraries and the threats targeting these libraries make detecting and blocking malicious packages more critical than ever. Malicious packages often contain code designed to extract sensitive information such as credentials, API… |
Tool Vulnerability Threat | ★★★ | |
|
2025-01-06 10:00:00 | Scammers Drain $500m from Crypto Wallets in a Year (lien direct) | Scam Sniffer claims that threat actors used wallet drainers to steal $494m from victims in 2024
Scam Sniffer claims that threat actors used wallet drainers to steal $494m from victims in 2024 |
Threat | ★★★ | |
|
2025-01-06 03:38:52 | FireScam Malware Campaign Highlights Rising Threat to Mobile Users (lien direct) | The ubiquity of mobile applications has created a perfect storm for bad actors, offering ample opportunities to exploit unsuspecting users. One of the latest instances is FireScam, a sophisticated malware that targets Android devices. Disguised as a fake “Telegram Premium” app, FireScam uses phishing websites to lure victims into downloading malware that infects their devices [...]
The ubiquity of mobile applications has created a perfect storm for bad actors, offering ample opportunities to exploit unsuspecting users. One of the latest instances is FireScam, a sophisticated malware that targets Android devices. Disguised as a fake “Telegram Premium” app, FireScam uses phishing websites to lure victims into downloading malware that infects their devices [...] |
Malware Threat Mobile | ★★★ | |
|
2025-01-04 13:00:00 | U.S. Treasury Sanctions Beijing Cybersecurity Firm for State-Backed Hacking Campaigns (lien direct) | The U.S. Treasury Department\'s Office of Foreign Assets Control (OFAC) on Friday issued sanctions against a Beijing-based cybersecurity company known as Integrity Technology Group, Incorporated for orchestrating several cyber attacks against U.S. victims.
These attacks have been publicly attributed to a Chinese state-sponsored threat actor tracked as Flax Typhoon (aka Ethereal Panda or
The U.S. Treasury Department\'s Office of Foreign Assets Control (OFAC) on Friday issued sanctions against a Beijing-based cybersecurity company known as Integrity Technology Group, Incorporated for orchestrating several cyber attacks against U.S. victims. These attacks have been publicly attributed to a Chinese state-sponsored threat actor tracked as Flax Typhoon (aka Ethereal Panda or |
Threat | ★★★ | |
|
2025-01-03 22:19:53 | La gestion continue de l\'exposition aux menaces, l\'atout de la résilience numérique (lien direct) | Benoit GRUNEMWALD, Directeur des Affaires Publiques ESET France et Afrique francophone
La transformation numérique des entreprises s\'accompagne d\'une complexification sans précédent, touchant à la fois les risques, les menaces, les acteurs de la menace et les vulnérabilités d\'un système d\'information en mouvement. Une approche traditionnelle et ponctuelle d\'analyse de vulnérabilité montre ces limites. Entre en scène la Gestion Continue de l\'Exposition aux Menaces (CTEM), une méthodologie proactive qui redéfinit notre rapport à la cyberdéfense.
-
Points de Vue
Benoit GRUNEMWALD, Directeur des Affaires Publiques ESET France et Afrique francophone La transformation numérique des entreprises s\'accompagne d\'une complexification sans précédent, touchant à la fois les risques, les menaces, les acteurs de la menace et les vulnérabilités d\'un système d\'information en mouvement. Une approche traditionnelle et ponctuelle d\'analyse de vulnérabilité montre ces limites. Entre en scène la Gestion Continue de l\'Exposition aux Menaces (CTEM), une méthodologie proactive qui redéfinit notre rapport à la cyberdéfense. - Points de Vue |
Threat | ★★★ | |
|
2025-01-03 13:46:00 | LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain Controllers (lien direct) | A proof-of-concept (PoC) exploit has been released for a now-patched security flaw impacting Windows Lightweight Directory Access Protocol (LDAP) that could trigger a denial-of-service (DoS) condition.
The out-of-bounds reads vulnerability is tracked as CVE-2024-49113 (CVSS score: 7.5). It was addressed by Microsoft as part of Patch Tuesday updates for December 2024, alongside CVE-2024-49112 (
A proof-of-concept (PoC) exploit has been released for a now-patched security flaw impacting Windows Lightweight Directory Access Protocol (LDAP) that could trigger a denial-of-service (DoS) condition. The out-of-bounds reads vulnerability is tracked as CVE-2024-49113 (CVSS score: 7.5). It was addressed by Microsoft as part of Patch Tuesday updates for December 2024, alongside CVE-2024-49112 ( |
Vulnerability Threat | ★★★ | |
 |
2025-01-03 02:31:13 | Configurations Mega Blog: Why Configurations Are the Wrong Thing to Get Wrong (lien direct) | So many times, we look beyond the mark. With our feeds constantly inundated with headline-grabbing news about AI-generated threats, nation states upping their cybercrime game, and sophisticated new forms of malware, we can be tempted to think that the bulk of cyberwarfare is going on "up there" somewhere. In reality, most breaches still originate from unforced errors, and threat actors are just like anybody else – they don\'t like working harder than they need to. That\'s why the golden rule of cybercrime seems to be "try the easy stuff first." And some of the easiest things are doors that...
So many times, we look beyond the mark. With our feeds constantly inundated with headline-grabbing news about AI-generated threats, nation states upping their cybercrime game, and sophisticated new forms of malware, we can be tempted to think that the bulk of cyberwarfare is going on "up there" somewhere. In reality, most breaches still originate from unforced errors, and threat actors are just like anybody else – they don\'t like working harder than they need to. That\'s why the golden rule of cybercrime seems to be "try the easy stuff first." And some of the easiest things are doors that... |
Malware Threat | ★★★ | |
|
2025-01-02 20:53:57 | VicOne and Zero Day Initiative (ZDI) to Lead Pwn2Own Automotive (lien direct) | Pas de details / No more details | Threat | ★★★ | |
 |
2025-01-02 19:45:06 | China-Linked Cyber Threat Group Hacks US Treasury Department (lien direct) | Threat actors entered Treasury Department systems through BeyondTrust. The breach may be related to the Salt Typhoon attacks reported throughout the year.
Threat actors entered Treasury Department systems through BeyondTrust. The breach may be related to the Salt Typhoon attacks reported throughout the year. |
Threat | ★★ | |
 |
2025-01-02 19:32:05 | Breaking Encryption: How To Prepare For Tomorrow\\'s Quantum Risk Today (lien direct) | There\'s a growing threat looming over our collective privacy and security - and that\'s quantum computing.
There\'s a growing threat looming over our collective privacy and security - and that\'s quantum computing. |
Threat | ★★ |
To see everything:
Our RSS (filtrered)
