La directive NIS2 vise à renforcer de manière significative la cybersécurité et la sécurité de l’information dans toute l’Union européenne (UE), en atténuant les menaces pesant sur les réseaux et les systèmes d’information dans des secteurs clés (secteurs d’activité d’importance vitale) tout en assurant la continuité de ces services en cas d’incidents. Son objectif est de […]

The post NIS2 : comment les équipes IT peuvent éliminer les angles morts de leurs réseaux dans les temps first appeared on UnderNews.

With the browser becoming the most prevalent workspace in the enterprise, it is also turning into a popular attack vector for cyber attackers. From account takeovers to malicious extensions to phishing attacks, the browser is a means for stealing sensitive data and accessing organizational systems. Security leaders who are planning their security architecture

Firstmac Limited is warning customers that it suffered a data breach a day after the new Embargo cyber-extortion group leaked over 500GB of data allegedly stolen from the firm. [...]

Have I Been Pwned has added the information for 26,818,266 people whose data was leaked in a recent hack of The Post Millennial conservative news website. [...]

​CISA and the FBI said today that Black Basta ransomware affiliates breached over 500 organizations between April 2022 and May 2024. [...]

In the last decade, there has been a growing disconnect between front-line analysts and senior management in IT and Cybersecurity. Well-documented challenges facing modern analysts revolve around a high volume of alerts, false positives, poor visibility of technical environments, and analysts spending too much time on manual tasks. The Impact of Alert Fatigue and False Positives  Analysts

Cybersecurity researchers have disclosed multiple security flaws in Cinterion cellular modems that could be potentially exploited by threat actors to access sensitive information and achieve code execution. "These vulnerabilities include critical flaws that permit remote code execution and unauthorized privilege escalation, posing substantial risks to integral communication networks and IoT

The Black Basta ransomware-as-a-service (RaaS) operation has targeted more than 500 private industry and critical infrastructure entities in North America, Europe, and Australia since its emergence in April 2022. In a joint advisory published by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Department of Health and Human Services (HHS

[Info Numerama] Le ministère des Sports et des Jeux olympiques et paralympiques nous a confirmé le piratage du compte X d'Amélie Oudéa-Castéra vendredi dernier. Le profil a été restauré depuis.

We spoke to climate scientist Katharine Hayhoe about climate change, faith and psychology – and how to channel anxiety about the state of our planet into meaningful action

We’re thrilled to announce that WeLiveSecurity has been named a finalist in the Corporates – Best Cybersecurity Vendor Blog category of the European Security Blogger Awards 2024

Cybersecurity researchers have identified a malicious Python package that purports to be an offshoot of the popular requests library and has been found concealing a Golang-version of the Sliver command-and-control (C2) framework within a PNG image of the project's logo.  The package employing this steganographic trickery is requests-darwin-lite, which has been

Les réseaux privés virtuels (VPN) jouissent d'une notoriété croissante, mais il existe des usages en ligne qui ne sont pas neutres. Certaines activités peuvent ainsi avoir des répercussions judiciaires. L'occasion de faire le point sur le cadre légal des VPN en France.

​Europol, the European Union's law enforcement agency, confirmed that its Europol Platform for Experts (EPE) portal was breached and is now investigating the incident after a threat actor claimed they stole For Official Use Only (FOUO) documents containing classified data. [...]

After many months of taunting law enforcement and offering a million-dollar reward to anyone who could reveal his identity, the FBI and NCA have done just that, revealing the name of LockBitSupp, the operator of the LockBit ransomware operation. [...]

The threat actor behind the recent Dell data breach revealed they scraped information of 49 million customer records using an partner portal API they accessed as a fake company. [...]

Ascension, a major U.S. healthcare network, is diverting ambulances from several hospitals due to a suspected ransomware attack that has been causing clinical operation disruptions and system outages since Wednesday. [...]

​The Ohio Lottery is sending data breach notification letters to over 538,000 individuals affected by a cyberattack that hit the organization's systems on Christmas Eve. [...]

Security flaws in Telit Cinterion cellular modems, widely used in sectors including industrial, healthcare, and telecommunications, could allow remote attackers to execute arbitrary code via SMS. [...]