The White House rapidly gathered evidence and blamed Russia for a cyberattack against Ukraine, the latest sign that cyber attribution is an increasingly crucial tool in the American arsenal.

Michael Montoya, Chief Information Security Officer de la société Equinix, a dévoilé les coulisses de la gestion de crise suite à la découverte de l’attaque par rançongiciel de NetWalker en septembre 2020.

La commission de gestion du National estime que des données pourraient se retrouver en main de tiers en cas de vente d’unités de l’entreprise.

Découverte dans le gestionnaire de paquets Snap pour systèmes Linux développé par Canonical, une faille expose les utilisateurs à de l'escalade de privilèges. Un risque qui peut déboucher jusqu'à de l'accès root.

We recently audited snap-confine (a SUID-root program that is installed by default on Ubuntu) and discovered two vulnerabilities (two Local Privilege Escalations, from any user to root): CVE-2021-44730 and CVE-2021-44731.

Cosa sappiamo di sLoad e perchè è così elusivo?

ENISA and CERT-EU strongly encourage all public and private sector organisations in the EU to adopt a minimum set of cybersecurity best practices [PDF Document](https://www.enisa.europa.eu/publications/boosting-your-organisations-cyber-resilience/@@download/fullReport)

The scandal over NSO Group's Pegasus spyware was uncovered by a single fake image file mistakenly left on an activist's iPhone, a report states, a discovery that prompted international outcry over privacy.

Using machine learning, separate teams of computer scientists identified the same two men as likely authors of messages that fueled the viral movement.

Vodafone Portugal, one of the country’s leading telecommunications companies, said Tuesday it had been hacked though no confidential customer data was compromised

As a journalist working for the Arab news network Alaraby, Rania Dridi said she’s taken precautions to avoid being targeted by hackers, keeping an eye out for suspicious messages and avoiding clicking on links or opening attachments from people she doesn’t know.

L’institution a été victime jeudi soir de ce qui semble être un rançongiciel. Ses services informatiques travaillent d’arrache-pied pour restaurer ses systèmes avant la rentrée de lundi

Control of the internet is increasingly part of any modern conflict.

Hackers aligned with the government of Iran are exploiting the critical Log4j vulnerability to infect unpatched VMware users with ransomware, researchers said on Thursday.

For almost two decades, hackers with Snake have been forcing their way into government networks. They are considered one of the most dangerous hacker groups in the world. Who they work for, though, has always been a matter of pure speculation. But reporters with the German public broadcasters BR and WDR  have discovered some clues, and they all lead to the Russian secret service FSB.

La société Passware, qui s'est fait une spécialité des solutions de déverrouillage des Mac et des PC par force brute, est parvenue à « craquer » la puce T2. Mais attention, le processus nécessite de 10 heures à… plusieurs milliers d'années, en fonction du mot de passe et de sa longueur. Mais cela reste possible grâce à une vulnérabilité exploitée par l'entreprise, dont les clients sont principalement les forces de l'ordre mais aussi des entreprises.

Twitter is changing its 2FA service provider after allegations emerged that it sold access to its networks to surveillance companies.

The Red Cross said the attack began on November 9 and involved an authentication bypass vulnerability in Zoho ManageEngine ADSelfService Plus.

Le comité international de la Croix-Rouge vient de confirmer que la cyberattaque dont il a été victime courant janvier a commencé par l’exploitation d’une vulnérabilité critique affectant un serveur Zoho ManageEngine, pour laquelle le correctif n’avait pas été appliqué.

Aux États-Unis, un groupe pharmaceutique victime de NotPetya l'a emporté en première instance face à plusieurs de ses (ré)assureurs. Retour sur l'affaire.

Marsh analysis, insights, and ideas, regarding new cyber insurance policy exclusion language related to war, cyber war, cyber operations, and catastrophic risk.

Merck & Co.‘s victory in a legal dispute with insurers over coverage for $1.4 billion in losses from malware known as NotPetya is expected to force insurance policies to more clearly confront responsibility for the fallout from nation-state cyberattacks.

The year's 1st Chrome zero-day can lead to all sorts of misery, ranging from data corruption to the execution of arbitrary code on vulnerable systems.

As early as Dec. 21, 2021, Unit 42 observed a new infection method for the highly prevalent malware family Emotet. Emotet is high-volume malware that often changes and modifies its attack patterns. This latest modification of the Emotet attack follows suit.

The FBI, NSA, and CISA warned that Russian state-sponsored intrusions will continue.

Researchers have revealed details of a now-patched high-severity security vulnerability in Apache Cassandra that, if left unaddressed, could be abused to gain remote code execution on affected installations. "This Apache security vulnerability is easy to exploit and has the potential to wreak havoc on systems, but luckily only manifests in non-default configurations of Cassandra," Omer Kaspi, security researcher at DevOps firm JFrog, said in a technical write-up published Tuesday.

Meta will pay $90 million to settle litigation over Facebook's use of cookies to track users’ internet use even after they had logged off.

DDoS temporarily take out sites as Ukraine stares down Russian soldiers at its border.

La Commission de la politique de sécurité du Conseil national propose de modifier la législation afin que la Confédération puisse créer, en collaboration avec les cantons, les hautes écoles, les établissements de recherche et les entreprises suisses, une infrastructure numérique indépendante. Elle estime par ailleurs qu’il y a lieu de définir des normes pour la gestion de la sécurité. La commission a donné suite à une initiative parlementaire en ce sens.

Un trentenaire estime que le journal des connexions à la plateforme des supports de cours de son école a été utilisé contre lui abusivement.