Information Security newsfeed from around the world in English and French. Find it all in one place… here.
An ongoing campaign powered by a phishing kit sold on underground forums is explicitly targeting high-ranking executives in a variety of sectors and countries with fake Office 365 password expiration notifications, Trend Micro researchers warn. The compromised login credentials are likely then sold on those same forums for $250 per account (or even higher). The […]
Continue ReadingAn evolving phishing campaign observed at least since May 2020 has been found to target high-ranking company executives across manufacturing, real estate, finance, government, and technological sectors with the goal of obtaining sensitive information. The campaign hinges on a social engineering trick that involves sending emails to potential victims containing fake Office 365 password expiration […]
Continue Reading
Google Warns Social Engineering Attacks Have Been Backdooring Researchers’ SystemsNorth Korean hackers have been “targeting security researchers working on vulnerability research and development at different companies and organizations” to trick them into installing backdoored software that gives attackers remote access to their system, warns Google’s Threat Analysis Group. Source: Bank Info Security
Continue ReadingCybersecurity researchers on Tuesday disclosed a now-patched security flaw in TikTok that could have potentially enabled an attacker to build a database of the app’s users and their associated phone numbers for future malicious activity. Although this flaw only impacts those users who have linked a phone number with their account or logged in with […]
Continue ReadingMost companies with small security teams face the same issues. They have inadequate budgets, inadequate staff, and inadequate skills to face today’s onslaught of sophisticated cyberthreats. Many of these companies turn to virtual CISOs (vCISOs) to provide security expertise and guidance. vCISOs are typically former CISOs with years of experience building and managing information security […]
Continue ReadingOver the past few months, hackers have been trying to surreptitiously backdoor the computer systems of a number of security researchers working on vulnerability research and development at different companies and organizations, the Google Threat Analysis Group (TAG) has revealed on Monday. The hackers’ tactics The hackers, who Google TAG believes are backed by the […]
Continue ReadingUne vulnérabilité a été découverte dans Belden HiLCOS. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité. Source: Cert FR
Continue ReadingDe multiples vulnérabilités ont été découvertes dans Moodle. Certaines d’entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et un contournement de la politique de sécurité. Source: Cert FR
Continue Reading
Nat Smith of Gartner on Applying Technology, Retaining SOC AnalystsWhen deploying automation in their security operations centers, organizations should start with “small and simple things,” advises Nat Smith of Gartner, who also offers tips on retaining skilled SOC analysts. Source: Bank Info Security
Continue Reading
Researchers: 33,000 Vulnerable Servers Could Be Used to Amplify AttacksThreat actors are exploiting vulnerable Microsoft Remote Desktop Protocol servers to amplify DDoS attacks, according to a report from Netscout, which offers mitigation advice. Source: Bank Info Security
Continue Reading