Latest CyberSec News by @thecyberpicker

Latest CyberSec News by @thecyberpicker

30533 bookmarks
Custom sorting
Case Study: Inadequate Configuration & Change Control | CSA
Case Study: Inadequate Configuration & Change Control | CSA
The Football Australia 2024 breach resulted from developers misconfiguring their AWS S3 buckets (an example of Misconfiguration and Inadequate Change Control).
·cloudsecurityalliance.org·
Case Study: Inadequate Configuration & Change Control | CSA
Réseaux de désinformation : OpenAI bloque des comptes ChatGPT pilotés par des puissances étrangères
Réseaux de désinformation : OpenAI bloque des comptes ChatGPT pilotés par des puissances étrangères
OpenAI annonce avoir identifié et fermé les comptes ChatGPT de plusieurs groupes liés à des puissances étrangères. L’outil d’IA générative servait à orchestrer des opérations d’influence et de désinformation sur les réseaux sociaux. Leur objectif est clair : polariser les débats publics, diffuser des contenus
·numerama.com·
Réseaux de désinformation : OpenAI bloque des comptes ChatGPT pilotés par des puissances étrangères
New Way to Track Covertly Android Users - Schneier on Security
New Way to Track Covertly Android Users - Schneier on Security
Researchers have discovered a new way to covertly track Android users. Both Meta and Yandex were using it, but have suddenly stopped now that they have been caught. The details are interesting, and worth reading in detail: >Tracking code that Meta and Russia-based Yandex embed into millions of websites is de-anonymizing visitors by abusing legitimate Internet protocols, causing Chrome and other browsers to surreptitiously send unique identifiers to native apps installed on a device, researchers have discovered. Google says it’s investigating the abuse, which allows Meta and Yandex to convert ephemeral web identifiers into persistent mobile app user identities...
·schneier.com·
New Way to Track Covertly Android Users - Schneier on Security
Securing Agentic AI in the Enterprise | CSA
Securing Agentic AI in the Enterprise | CSA
Agentic AI is transforming automation and identity. Learn how to secure these autonomous systems before they reshape your attack surface.
·cloudsecurityalliance.org·
Securing Agentic AI in the Enterprise | CSA
Sleep with one eye open: how Librarian Ghouls steal data by night
Sleep with one eye open: how Librarian Ghouls steal data by night
According to Kaspersky, Librarian Ghouls APT continues its series of attacks on Russian entities. A detailed analysis of a malicious campaign utilizing RAR archives and BAT scripts.
·securelist.com·
Sleep with one eye open: how Librarian Ghouls steal data by night
Understanding the evolving malware and ransomware threat landscape
Understanding the evolving malware and ransomware threat landscape
Cyber threats like ransomware and malware are rising fast, hitting firms like Frederick Health and Marks & Spencer. Defense needs layers, adaptability and vigilance.
·cybersecuritydive.com·
Understanding the evolving malware and ransomware threat landscape
TightVNC 2.8.83 - Control Pipe Manipulation
TightVNC 2.8.83 - Control Pipe Manipulation
TightVNC 2.8.83 - Control Pipe Manipulation. CVE-2024-42049 . local exploit for Multiple platform
·exploit-db.com·
TightVNC 2.8.83 - Control Pipe Manipulation
New Mirai botnet infect TBK DVR devices via command injection flaw
New Mirai botnet infect TBK DVR devices via command injection flaw
A new variant of the Mirai malware botnet is exploiting a command injection vulnerability in TBK DVR-4104 and DVR-4216 digital video recording devices to hijack them.
·bleepingcomputer.com·
New Mirai botnet infect TBK DVR devices via command injection flaw
Comment les pirates brouillent les traces des cryptomonnaies qu’ils volent
Comment les pirates brouillent les traces des cryptomonnaies qu’ils volent
Au programme, des techniques comme le « Peel Chain », des mixeurs ou encore des services d'échange opaques. Ce 4 mars, Ben Zhou, le P-DG de la plateforme d'échange Bybit, a une mauvaise nouvelle à annoncer sur le réseau social X. Un peu plus de dix jours après le spectaculaire piratage de l'échangeur, un hack
·numerama.com·
Comment les pirates brouillent les traces des cryptomonnaies qu’ils volent
Voici les trois meilleurs VPN du moment en promotion
Voici les trois meilleurs VPN du moment en promotion
Avoir un VPN pour se rendre sur Internet s'est largement démocratisé, grâce notamment à des campagnes marketing intensives de la part des fournisseurs. Mais quels sont les meilleurs VPN du moment au meilleur rapport qualité-prix ? Les VPN sont de plus en plus utilisés pour surfer l'esprit tranquille sur vos appareils
·numerama.com·
Voici les trois meilleurs VPN du moment en promotion
Malicious npm packages posing as utilities delete project directories
Malicious npm packages posing as utilities delete project directories
Two malicious packages have been discovered in the npm JavaScript package index, which masquerades as useful utilities but, in reality, are destructive data wipers that delete entire application directories.
·bleepingcomputer.com·
Malicious npm packages posing as utilities delete project directories
Supply chain attack hits Gluestack NPM packages with 960K weekly downloads
Supply chain attack hits Gluestack NPM packages with 960K weekly downloads
A significant supply chain attack hit NPM after 15 popular Gluestack packages with over 950,000 weekly downloads were compromised to include malicious code that acts as a remote access trojan (RAT).
·bleepingcomputer.com·
Supply chain attack hits Gluestack NPM packages with 960K weekly downloads