Continuous integration vendor Travis CI has patched a serious security flaw that exposed API keys, access tokens, and credentials, potentially putting organizations that use public source code repositories at risk of further attacks. The issue — tracked as CVE-2021-41077 — concerns unauthorized access and plunder of secret environment data associated with a public open-source project during the

L’équipe Advanced Threat Research de McAfee Enterprise a publié une analyse sur le groupuscule Groove, une organisation de ransomware-as-a-service relativement récente.

The post McAfee Entreprise établit un lien entre un nouveau groupe RaaS et Babuk first appeared on UnderNews.

New details have been revealed about a recently remediated critical vulnerability in Netgear smart switches that could be leveraged by an attacker to potentially execute malicious code and take control of vulnerable devices. The flaw — dubbed "Seventh Inferno" (CVSS score: 9.8) — is part of a trio of security weaknesses, called Demon's Cries (CVSS score: 9.8) and Draconian Fear (CVSS score: 7.8)

The most recent Patch Tuesday includes a fix for the previously disclosed and actively exploited remote code execution flaw in MSHTML.

The post Microsoft Patch Tuesday fixes actively exploited zero‑day and 85 other flaws appeared first on WeLiveSecurity

Microsoft on Wednesday disclosed details of a targeted phishing campaign that leveraged a now-patched zero-day flaw in its MSHTML platform using specially-crafted Office documents to deploy Cobalt Strike Beacon on compromised Windows systems. "These attacks used the vulnerability, tracked as CVE-2021-40444, as part of an initial access campaign that distributed custom Cobalt Strike Beacon

The U.S. government has entered a Deferred Prosecution Agreement (DPA) with three former intelligence operatives to resolve criminal charges relating to their offering of hacking services to a foreign government. [...]

Microsoft has addressed four critical vulnerabilities collectively known as OMIGOD, found in the Open Management Infrastructure (OMI) software agent silently installed on Azure Linux machines accounting for more than half of Azure instances. [...]

The justice ministry of the South African government is working on restoring its operations after a recent ransomware attack encrypted all its systems, making all electronic services unavailable both internally and to the public. [...]

Latvian network equipment manufacturer MikroTik has shared details on how customers can secure and clean routers compromised by the massive Mēris DDoS botnet over the summer. [...]

The Grief ransomware gang is threatening to delete victim's decryption keys if they hire a negotiation firm, making it impossible to recover encrypted files. [...]

Microsoft on Wednesday announced a new passwordless mechanism that allows users to access their accounts without a password by using Microsoft Authenticator, Windows Hello, a security key, or a verification code sent via SMS or email. The change is expected to be rolled out in the coming weeks. "Except for auto-generated passwords that are nearly impossible to remember, we largely create our own

Microsoft on Tuesday addressed a quartet of security flaws as part of its Patch Tuesday updates that could be abused by adversaries to target Azure cloud customers and elevate privileges as well as allow for remote takeover of vulnerable systems. The list of flaws, collectively called OMIGOD by researchers from Wiz, affect a little-known software agent called Open Management Infrastructure

Microsoft says a OneDrive issue prevents some Android users from uploading photos and videos from their camera roll to the cloud. [...]

​Kali Linux 2021.3 was released yesterday by Offensive Security and includes a new set of tools, improved virtualization support, and a new OpenSSL configuration that increases the attack surface. [...]

Microsoft is rolling out passwordless login support over the coming weeks, allowing customers to sign in to Microsoft accounts without using a password. [...]

Le rapport ISG Provider Lens™ révèle que les entreprises du marché français adoptent massivement les produits et services proposés par les fournisseurs en la matière.

The post Les entreprises du marché français à l’affût des services de cybersécurité pour protéger leurs informations et leur identité first appeared on UnderNews.

Les APT font aujourd’hui partie des cyberattaques les plus sophistiquées et destructrices mises en œuvre par des personnes dotées de compétences avancées et d'intentions malveillantes. Dans ce contexte, le préjudice potentiel des APT peut être largement contenu en automatisant la gestion des politiques de sécurité.

The post Comment l’automatisation des politiques permet de se protéger des menaces APT first appeared on UnderNews.

Hier, Apple a procédé en urgence à la mise à jour d'un patch de sécurité afin de contrer le logiciel de cyberespionnage Pegasus, qui utilisait une faille depuis février 2021 pour installer un logiciel espion.

The post Hack des appareils Apple par Pegasus : le décryptage de Darktrace first appeared on UnderNews.

Aujourd'hui, l'équipe Advanced Threat Research (ATR) de McAfee Entreprise a publié son rapport sur l'opération "Harvest", une campagne d'exfiltration de données au cours de laquelle un hacker a maintenu un accès pendant plusieurs années pour capturer des données réseau. En travaillant avec l'équipe Professional Services IR sur un cas qui a débuté comme un incident de logiciel malveillant, ils ont découvert que l'attaque s'est finalement avérée être une cyber-attaque à long terme liée à une cyber-offensive d'un État-nation.

The post Opération “Harvest” : une campagne d’exfiltration de données qui s’étend sur plusieurs années first appeared on UnderNews.