L'enseigne Intersport a été touchée par une cyberattaque en novembre 2022. Le groupe de hackers criminels Hive exige aujourd'hui une rançon à l'entreprise, en menaçant de publier des données sensibles. [Lire la suite]

Abonnez-vous aux newsletters Numerama pour recevoir l’essentiel de l’actualité https://www.numerama.com/newsletter/

A version of an open source ransomware toolkit called Cryptonite has been observed in the wild with wiper capabilities due to its "weak architecture and programming." Cryptonite, unlike other ransomware strains, is not available for sale on the cybercriminal underground, and was instead offered for free by an actor named CYBERDEVILZ until recently through a GitHub repository. The source code and

Microsoft has warned of Russian-sponsored cyberattacks continuing to target Ukrainian infrastructure and NATO allies in Europe throughout the winter. [...]

The Cybersecurity and Infrastructure Security Agency (CISA) has added one more security vulnerability to its list of bugs known to be exploited in attacks. [...]

The André-Mignot teaching hospital in the suburbs of Paris had to shut down its phone and computer systems because of a ransomware attack that hit on Saturday evening. [...]

A financially motivated threat actor is hacking telecommunication service providers and business process outsourcing firms, actively reversing defensive mitigations applied when the breach is detected. [...]

Un wiper, destiné à effacer toutes les données sur l'ordinateur, touche de nombreuses institutions en Russie. Ce logiciel malveillant est totalement nouveau et n'a été revendiqué par aucun groupe ou État.  [Lire la suite]

Abonnez-vous aux newsletters Numerama pour recevoir l’essentiel de l’actualité https://www.numerama.com/newsletter/

Hackers are abusing the open-source Linux PRoot utility in BYOF (Bring Your Own Filesystem) attacks to provide a consistent repository of malicious tools that work on many Linux distributions. [...]

Forget pests for a minute. Modern farms also face another – and more insidious – breed of threat.

The post Tractors vs. threat actors: How to hack a farm appeared first on WeLiveSecurity

Three vulnerabilities in the American Megatrends MegaRAC Baseboard Management Controller (BMC) software impact server equipment used in many cloud service and data center providers. [...]

Les chercheurs de l'ICS CERT de Kaspersky ont partagé leurs prédictions concernant les évolutions et les risques concernant les systèmes de contrôle industriel auxquels les organisations doivent se préparer en 2023.

The post Kaspersky prévoit des changements dans le paysage des menaces pour les systèmes de contrôle industriel en 2023 first appeared on UnderNews.

Three different security flaws have been disclosed in American Megatrends (AMI) MegaRAC Baseboard Management Controller (BMC) software that could lead to remote code execution on vulnerable servers. "The impact of exploiting these vulnerabilities include remote control of compromised servers, remote deployment of malware, ransomware and firmware implants, and server physical damage (bricking),"

In the era of digitization and ever-changing business needs, the production environment has become a living organism. Multiple functions and teams within an organization can ultimately impact the way an attacker sees the organization's assets, or in other words, the external attack surface. This dramatically increases the need to define an exposure management strategy. To keep up with business

A new data wiper malware called CryWiper has been found targeting Russian government agencies, including mayor's offices and courts. "Although it disguises itself as a ransomware and extorts money from the victim for 'decrypting' data, [it] does not actually encrypt, but purposefully destroys data in the affected system," Kaspersky researchers Fedor Sinitsyn and Janis Zinchenko said in a

Cybersecurity researchers have discovered a security vulnerability that exposes cars from Honda, Nissan, Infiniti, and Acura to remote attacks through a connected vehicle service provided by SiriusXM. The issue could be exploited to unlock, start, locate, and honk any car in an unauthorized manner just by knowing the vehicle's vehicle identification number (VIN), researcher Sam Curry said in a 

The Lazarus Group threat actor has been observed leveraging fake cryptocurrency apps as a lure to deliver a previously undocumented version of the AppleJeus malware, according to new findings from Volexity. "This activity notably involves a campaign likely targeting cryptocurrency users and organizations with a variant of the AppleJeus malware by way of malicious Microsoft Office documents,"

Le cabinet Garner a présenté, comme chaque année, ses 10 principales tendances technologiques stratégiques pour l’année 2023 lors de son symposium IT/Xpo 2022. Au sein de ce panorama des perspectives figure pour la première fois l’observabilité. Sans être totalement nouvelle, l’observabilité n’est pas encore une approche familière aux utilisateurs que nous rencontrons, peut-être parce qu’ils ne perçoivent pas en quoi elle se distingue – ou complète - la surveillance. Mais ne nous y trompons pas : l’observabilité est bien plus qu’un nouveau mot à la mode pour parler de surveillance, et un enjeu intéressant à considérer avec attention.

The post La supervision c’est bien, l’observabilité c’est mieux first appeared on UnderNews.

Tanium, éditeur de l’unique solution de converged endpoint management (XEM) du marché, publie les résultats d’une enquête révélant que les attaques ciblant les employés sont principale cause d’incidents évitables de cybersécurité.

The post Étude : les attaques ciblant les employés sont la première cause d’incidents évitables de cybersécurité first appeared on UnderNews.

From precisely spotting security vulnerabilities in your code, to writing an entire block of functional code on a whim, to opening portals to another dimension, OpenAI's newly launched ChatGPT is a game changer with its possibilities seeming limited only by your limitedness. [...]