Information Security newsfeeds from around the world in English and French. Find it all in one place since 2004. You'll find online the last 5 years.
The European Telecommunications Standards Institute (ETSI) has uncovered a data breach in which threat actors obtained a database holding a list of portal users. The incident was disclosed last week by ETSI. It is still unclear if the attack was carried out for financial gain or if the hackers wanted to utilize the user list […]
Continue ReadingA critical Zip Slip vulnerability was discovered in the open-source data cleaning and transformation tool ‘OpenRefine’, which allowed attackers to import malicious code and execute arbitrary code. OpenRefine is a strong Java-based, free, open-source tool for handling messy data. This includes cleaning it, converting it into a different format, and expanding it with web services and external data. According to SonarCloud, […]
Continue ReadingLightSpy malware, responsible for a watering hole attack conducted against iOS users in Hong Kong, has been discovered to be embedded with Android implant Core and its 14 related plugins from 20 active servers for attacking mobile users. LightSpy is a Mobile Advanced Persistent Threat (mAPT) that uses new and sophisticated techniques to attack mobile […]
Continue ReadingLazarus group has been recently discovered to have targeted an Aerospace company in Spain, which involved deploying several tools, including an undocumented backdoor named “LightlessCan.” Reports indicate that the threat actor gained access to the organization’s network last year using a spearphishing campaign impersonating a recruiter from Meta. The threat group contacted one of the […]
Continue ReadingCloudflare, a prominent cybersecurity vendor renowned for its web protection services, faces a security challenge that could expose its customers to unforeseen risks. A recent disclosure from Certitude highlights a vulnerability that could allow attackers to bypass certain protection mechanisms offered by Cloudflare, leaving customers susceptible to attacks that the platform is designed to prevent. […]
Continue ReadingIn the realm of cybersecurity, the battle against threat actors never stops. With its vast cloud infrastructure, Amazon Web Services (AWS) is at the forefront of this ongoing struggle. AWS employs a global network of sensors and advanced disruption tools daily to detect and thwart hundreds of cyberattacks. These relentless efforts remain largely unseen but […]
Continue ReadingAPT34 is a secretive cyberespionage group specializing in Middle East targets, known for gathering sensitive intelligence via spear phishing and advanced infiltration methods. The sophistication and comprehensive resources of the APT34 group pose a major regional and global cybersecurity threat. They have conducted high-profile cyberattacks in the Middle East against diverse targets:- Cybersecurity researchers at […]
Continue ReadingAPT (Advanced Persistent Threat) actors are evolving at a rapid pace, continually enhancing their toolsets and tactics. They adapt quickly to security measures, leveraging advanced techniques, such as zero-day exploits, to remain undetected. Their ability to innovate and collaborate in the underground cybercriminal ecosystem makes tracking and countering APT threats an ongoing challenge for cybersecurity […]
Continue ReadingJohn Bumstead, who works for a company called 404Media that fixes and sells used electronics, found an iPhone-to-HDMI adapter that seemed normal at first. However, the app that came with it was tricky because it asked users to scan a QR code. This code leads to an ad-filled website, prompting downloads of an invasive app […]
Continue ReadingCisco has issued fixes to address a vulnerability in the GET VPN feature of IOS and IOS XE software that has been exploited in attacks. A remote attacker who has administrative access to a group member or a key server can exploit this vulnerability to run arbitrary code or bring down an affected device. Cisco […]
Continue Reading