Found 5714 bookmarks
Newest
Google Paid Out $10 Million via Bug Bounty Programs in 2023
Google Paid Out $10 Million via Bug Bounty Programs in 2023
Google on Tuesday announced that it paid out a total of $10 million through its bug bounty programs in 2023, bringing the total amount awarded by the tech giant for vulnerabilities found in its products since 2010 to $59 million. The total paid out in 2023 is less than the $12 million handed out in 2022, but it’s still a significant amount. The money was earned last year by 632 researchers from 68 countries. The highest single reward was $113,337.
#securityweek#EN#2024#Google#bugbounty#2023#paid
·securityweek.com·
Google Paid Out $10 Million via Bug Bounty Programs in 2023
France Travail : la CNIL enquête sur la fuite de données et donne des conseils pour se protéger
France Travail : la CNIL enquête sur la fuite de données et donne des conseils pour se protéger
Quelles données personnelles sont concernées ? Le 8 mars, France Travail (anciennement Pôle emploi) et Cap emploi ont informé la CNIL avoir été victime d’une intrusion dans leurs systèmes d’information. Cette attaque aurait potentiellement permis l’extraction de données de 43 millions d’usagers. Ce nombre, à confirmer, concerne les personnes actuellement inscrites sur la liste des demandeurs d'emploi ou qui l’ont été au cours des 20 dernières années, ainsi que des personnes ayant un espace candidat sur francetravail.fr.
#CNIL#FR#2024#Pôle-emploi#France-Travail#intrusion#leak
·cnil.fr·
France Travail : la CNIL enquête sur la fuite de données et donne des conseils pour se protéger
Exclusive: After LockBit’s takedown, its purported leader vows to hack on
Exclusive: After LockBit’s takedown, its purported leader vows to hack on
This week, the Click Here podcast landed a rare interview with the purported leader of the LockBit ransomware group – he goes by the name LockBitSupp. He’s under pressure because last month an international police operation infiltrated the group and seized not just their platform, but their hacking tools, cryptocurrency accounts and source code ending a four year ransomware rampage.
#therecord.media#EN#2024#LockBit#LockBitSupp#ransomware
·therecord.media·
Exclusive: After LockBit’s takedown, its purported leader vows to hack on
Google Chrome gets real-time phishing protection later this month
Google Chrome gets real-time phishing protection later this month
Google will roll out a Safe Browsing update later this month that will provide real-time malware and phishing protection to all Chrome users, without compromising their browsing privacy. The company launched Safe Browsing in 2005 to defend users against web phishing attacks and has since upgraded it to block malicious domains that push malware, unwanted software, and various social engineering schemes.
#bleepingcomputer#EN#2024#solution#Browsing#Phishing#Enhanced#Chrome#Google#Safe#Privacy#Safe-Browsing#browser
·bleepingcomputer.com·
Google Chrome gets real-time phishing protection later this month
Kubernetes Vulnerability Allows Remote Code Execution on Windows Endpoints
Kubernetes Vulnerability Allows Remote Code Execution on Windows Endpoints
The exploitation of a high-severity Kubernetes vulnerability can lead to arbitrary code execution with System privileges on all Windows endpoints in a cluster, Akamai warns. The issue, tracked as CVE-2023-5528 and impacting default Kubernetes installations, exists in the way the open source container orchestration system processes YAML files, which it uses for virtually every function. In some regards, the vulnerability is like CVE-2023-3676, a lack of sanitization in the subPath parameter in YAML files leading to code injection when creating pods with volumes.
#securityweek#EN#2024#Kubernetes#cmd#Windows#CVE-2023-5528
·securityweek.com·
Kubernetes Vulnerability Allows Remote Code Execution on Windows Endpoints
DarkGate Opens Organizations for Attack via Skype, Teams
DarkGate Opens Organizations for Attack via Skype, Teams
From July to September, we observed the DarkGate campaign (detected by Trend Micro as TrojanSpy.AutoIt.DARKGATE.AA) abusing instant messaging platforms to deliver a VBA loader script to victims. This script downloaded and executed a second-stage payload consisting of a AutoIT scripting containing the DarkGate malware code. It’s unclear how the originating accounts of the instant messaging applications were compromised, however is hypothesized to be either through leaked credentials available through underground forums or the previous compromise of the parent organization.
#trendmicro#EN#2024#malware#DarkGate#Skype#Teams
·trendmicro.com·
DarkGate Opens Organizations for Attack via Skype, Teams
Researchers found multiple flaws in ChatGPT plugins
Researchers found multiple flaws in ChatGPT plugins
Researchers from Salt Security discovered three types of vulnerabilities in ChatGPT plugins that can be could have led to data exposure and account takeovers. ChatGPT plugins are additional tools or extensions that can be integrated with ChatGPT to extend its functionalities or enhance specific aspects of the user experience. These plugins may include new natural language processing features, search capabilities, integrations with other services or platforms, text analysis tools, and more. Essentially, plugins allow users to customize and tailor the ChatGPT experience to their specific needs.
#securityaffairs#EN#2024#flows#ChatGPT#plugins#researchers
·securityaffairs.com·
Researchers found multiple flaws in ChatGPT plugins
Threat actors leverage document publishing sites for ongoing credential and session token theft
Threat actors leverage document publishing sites for ongoing credential and session token theft
Talos IR has responded to several recent incidents in which threat actors used legitimate digital document publishing sites such as Publuu and Marq to host phishing documents as part of ongoing credential and session harvesting attacks.
#talosintelligence#EN#phishing#legitimate#digital-document#Publuu#Marq#FlipSnack#Issuu#RelayTo
·blog.talosintelligence.com·
Threat actors leverage document publishing sites for ongoing credential and session token theft
Plusieurs ministères visés par des attaques informatiques depuis dimanche, annonce Matignon
Plusieurs ministères visés par des attaques informatiques depuis dimanche, annonce Matignon
Si ces attaques, qui ont commencé dimanche soir, ont été d’une « intensité inédite », les services du premier ministre ont précisé lundi que leur impact avait été « réduit ». Elles ont été revendiquées par Anonymous Sudan, qui regroupe des militants prorusses.
#lemonde#FR#2024#France#DDoS#Anonymous#Anonymous-Sudan#prorusses
·lemonde.fr·
Plusieurs ministères visés par des attaques informatiques depuis dimanche, annonce Matignon
La Commission se félicite de l'accord politique obtenu sur le règlement relatif à la cybersolidarité
La Commission se félicite de l'accord politique obtenu sur le règlement relatif à la cybersolidarité
La Commission se félicite de l'accord politique auquel le Parlement européen et le Conseil sont parvenus la nuit dernière concernant le règlement sur la cybersolidarité, proposé par la Commission en avril 2023. Le règlement sur la cybersolidarité renforcera la solidarité au niveau de l'UE afin de mieux détecter les menaces et incidents de cybersécurité, de mieux s'y préparer et de mieux y réagir. Cet accord intervient à un moment crucial pour la cybersécurité de l'UE, étant donné que le paysage des cybermenaces dans l'UE continue d'être affecté par les événements géopolitiques.
#europa#EU#2024#FR#cybersolidarité#accord#politique#cyber-bouclier#règlement
·ec.europa.eu·
La Commission se félicite de l'accord politique obtenu sur le règlement relatif à la cybersolidarité
Magnet Goblin Targets Publicly Facing Servers Using 1-Day Vulnerabilities
Magnet Goblin Targets Publicly Facing Servers Using 1-Day Vulnerabilities
  • Magnet Goblin is a financially motivated threat actor that quickly adopts and leverages 1-day vulnerabilities in public-facing services as an initial infection vector. At least in one case of Ivanti Connect Secure VPN (CVE-2024-21887), the exploit entered the group’s arsenal as fast as within 1 day after a POC for it was published. Campaigns that we were able to attribute to this actor targeted Ivanti, Magento, Qlink Sense and possibly Apache ActiveMQ. Analysis of the actor’s recent Ivanti Connect Secure VPN campaign revealed a novel Linux version of a malware called NerbianRAT, in addition to WARPWIRE, a JavaScript credential stealer. * The actor’s arsenal also includes MiniNerbian, a small Linux backdoor, and remote monitoring and management (RMM) tools for Windows like ScreenConnect and AnyDesk.
#checkpoint#EN#2024#Magnet-Goblin#1-day#vulnerability#Linux#NerbianRAT
·research.checkpoint.com·
Magnet Goblin Targets Publicly Facing Servers Using 1-Day Vulnerabilities
EU Commission breached data protection rules using Microsoft 365, EU watchdog found – Euractiv
EU Commission breached data protection rules using Microsoft 365, EU watchdog found – Euractiv
The European Commission violated data protection rules in its use of Microsoft 365, leading to the imposition of corrective measures by the European Data Protection Supervisor (EDPS), the watchdog announced on Monday (11 March).
#euractiv#EU-Commission#violated#data-protection#legal#EDPS#watchdog
·euractiv.com·
EU Commission breached data protection rules using Microsoft 365, EU watchdog found – Euractiv