Après Aeroflot, c'est au tour des pharmacies russes d'être visées par des hackers - Numerama
Depuis fin juillet, des centaines de pharmacies russes n'accueillent plus aucun patient. La raison ? Deux des plus grands réseaux d'officines du pays sont victimes d'une cyberattaque majeure. Réservation de médicaments en ligne indisponible, personnel mis au chômage forcé : un nouveau pan de l'économie russe est visé
Project Zero disclosure policy change puts vendors on early notice | CyberScoop
Google wants to shorten delays in the vulnerability lifecycle by sharing limited details about newly discovered defects within a week of reporting to the affected vendor.
SHARED INTEL Q&A: Inside the access mess no one sees — and the identity risk no one owns
For decades, identity and access management (IAM) and privileged access management (PAM) sat on the sidelines of cybersecurity strategy—viewed more as IT maintenance than frontline defense. Related: The hidden threat of rogue access But that’s changing. Fast. Historically, security investments prioritized the visible: firewalls, antivirus software, endpoint monitoring. IAM and PAM—meant to control who gets
Senate Democrats call Trump admin’s focus on state voter rolls a pretext for disenfranchisement | CyberScoop
Sen. Alex Padilla and other Democrats say the GOP is pressing inflated concerns about noncitizen voting to justify legal and legislative challenges to eligible voters.
5 ans après, Dropbox renonce à son gestionnaire de mots de passe
Dropbox a pris la décision d'arrêter son aventure du gestionnaire de mots de passe, démarrée en 2020. L'outil sera progressivement coupé dans les mois à venir. Les internautes concernés doivent migrer sans tarder. C'était en 2020. En pleine période de pandémie de coronavirus, et de forte croissance dans le secteur du
ShinyHunters behind Salesforce data theft attacks at Qantas, Allianz Life, and LVMH
A wave of data breaches impacting companies like Qantas, Allianz Life, LVMH, and Adidas has been linked to the ShinyHunters extortion group, which has been using voice phishing attacks to steal data from Salesforce CRM instances.
Hackers target Python devs in phishing attacks using fake PyPI site
The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing attacks using a fake Python Package Index (PyPI) website.
Scammers Unleash Flood of Slick Online Gaming Sites
Fraudsters are flooding Discord and other social media platforms with ads for hundreds of polished online gaming and wagering websites that lure people with free credits and eventually abscond with any cryptocurrency funds deposited by players. Here's a closer look…
Army Secretary forces West Point to rescind appointment given to Easterly | CyberScoop
The United States Military Academy abruptly ended the appointment of Jen Easterly to a high-profile academic position in West Point’s Department of Social Sciences, according to a memorandum issued Wednesday by the Secretary of the Army.
Safepay ransomware threatens to leak 3.5TB of Ingram Micro data
The SafePay ransomware gang is threatening to leak 3.5TB of data belonging to IT giant Ingram Micro, allegedly stolen from the company's compromised systems earlier this month.
Hackers actively exploit critical RCE in WordPress Alone theme
Threat actors are actively exploiting a critical unauthenticated arbitrary file upload vulnerability in the WordPress theme 'Alone,' to achieve remote code execution and perform a full site takeover.
Le gestionnaire de mots de passe de Dropbox : ce qu’il va se passer
Dropbox a pris la décision d'arrêter son aventure du gestionnaire de mots de passe, démarrée en 2020. L'outil sera progressivement coupé dans les mois à venir. Les internautes concernés doivent migrer sans tarder. C'était en 2020. En pleine période de pandémie de coronavirus, et de forte croissance dans le secteur du
Hackers plant 4G Raspberry Pi on bank network in failed ATM heist
The UNC2891 hacking group, also known as LightBasin, used a 4G-equipped Raspberry Pi hidden in a bank's network to bypass security defenses in a newly discovered attack.