Les sanctions américaines et l'assurance cyberattaque
L'assureur qui veut s'opposer au paiement de la prestation d’assurance suite à une cyberattaque, en invoquant les sanctions américaines, doit prouver que la cyberattaque a servi les intérêts d'une entité visée par ces sanctions et qu'il risque ainsi concrètement d'être réprimandé par l'autorité américaine compétente. Le simple fait que le type de logiciel utilisé pour la cyberattaque en question soit habituellement déployé par un groupe de cyberpirates sous sanction (in casu Evil Corp) ne suffit pas pour refuser le paiement de la prestation d’assurance.
Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction
Microsoft has been tracking activity related to the financially motivated threat actor Octo Tempest, whose evolving campaigns represent a growing concern for many organizations across multiple industries.
Boeing says 'cyber incident' hit parts business after ransom threat | Reuters
Boeing , one of the world's largest defense and space contractors, said on Wednesday it was investigating a cyber incident that impacted elements of its parts and distribution business and cooperating with a law enforcement probe into it.
Analyse d’impact relative à la protection des données personnelles: comment faire?
La nouvelle loi sur la protection des données a introduit l’obligation d’établir, dans certains cas, une analyse d’impact relative à la protection des données personnelles (AIPD). Elle vise à identifier préalablement les risques potentiellement élevés pour la personnalité et les droits fondamentaux, afin de prendre les mesures adéquates pour les réduire à un niveau acceptable. Si l’exercice peut faire peur, il suffit de suivre quelques étapes très concrètes.
Apache ActiveMQ is a message broker service, designed to act as a communication bridge between disparate services. Developed in Java, it can broker multiple pr…
Massive ransomware attack hinders services in 70 German municipalities
Hackers encrypted the servers of the municipal service provider Südwestfalen IT, leading the company to restrict access to its infrastructure for over 70 municipalities in western Germany.
2022 RTF Global Ransomware Incident Map: Attacks continue worldwide, groups splinter, education sector hit hard
According to ecrime.ch data, confirmed ransomware incidents occurred in 105 countries, originating from 58 ransomware groups. This number is relatively consistent with last year’s data, in which we calculated that incidents impacted organizations in 109 countries and documented at least 60 distinct ransomware families. Though the overall statistics remain relatively consistent from last year to this year, there is more to the story: new trends in the ecosystem include the shifting dynamics of ransomware groups, the rise of the education sector as a key target, and the trends in geographic distribution of attacks.
Massive cybercrime URL shortening service uncovered via DNS data
A threat actor that security researchers call Prolific Puma has been providing link shortening services to cybercriminals for at least four years while keeping a sufficiently low profile to operate undetected.
Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port…
Atlassian warns of critical Confluence flaw leading to data loss
Australian software company Atlassian warned admins to immediately patch Internet-exposed Confluence instances against a critical security flaw that could lead to data loss following successful exploitation.
Two Developers of the Ragnar Locker Ransomware Arrested in Spain
An international law enforcement operation coordinated by Europol resulted in the dismantling of one of the largest groups involved in the distribution of
Learn about the fake Google Chrome update malware, a common form of website malware that tricks users into downloading a remote access trojan disguised as a browser update. Understand how it works, its impact on websites, and how to protect your site from such threats. Stay updated on the latest malware trends with Sucuri.
HackerOne paid ethical hackers over $300 million in bug bounties
HackerOne has announced that its bug bounty programs have awarded over $300 million in rewards to ethical hackers and vulnerability researchers since the platform's inception.
Turning a boring file move into a privilege escalation on Mac | pwn.win
While poking around Parallels Desktop I found a script which is invoked by a setuid-root binary, which has the following snippet: local prl_dir="${usr_home}/Library/Parallels" if [ -e "$prl_dir" -a ! -d "$prl_dir" ]; then log warning "'${prl_dir}' is not a directory. Renaming it." mv -f "$prl_dir"{,~} continue fi Here ${usr_home} represents the home directory of the user for which Parallels Desktop is installed. The code says if ~/Library/Parallels exists and is not a directory then move it to ~/Library/Parallels~, presumably to back it up before creating this path as a directory.
SIM Swappers Are Working Directly with Ransomware Gangs Now
Hackers connected to “the Comm,” a nebulous group that includes SIM swappers, are working with ALPHV, a ransomware group that has impacted some of the biggest companies on the planet, including MGM Casinos.
Untruths spouted by chatbots ended up on the web—and Microsoft's Bing search engine served them up as facts. Generative AI could make search harder to trust.
European govt email servers hacked using Roundcube zero-day
The Winter Vivern Russian hacking group has been exploiting a Roundcube Webmail zero-day since at least October 11 to attack European government entities and think tanks.
Hyundai to hold software-upgrade clinics across the US for vehicles targeted by thieves | AP News
Hyundai says it will set up “mobile clinics” at five U.S. locations to provide anti-theft software upgrades for vehicles now regularly targeted by thieves using a technique popularized on TikTok and other social platforms.