Un gestionnaire de mots de passe conçu par Apple devrait être présenté lors de la WWDC 2024. L'application, dont le nom serait Passwords, risque de bousculer le secteur.
Traditional SCAs Are Broken: Did You Know You Are Missing Critical Pieces?
Application Security professionals face enormous challenges securing their software supply chains, racing against time to beat the attacker to the mark.
Software Composition Analysis (SCA) tools have become a basic instrument in the application security arsenal in the last 7 years. Although essential, many platforms
Google is urging third-party Android app developers to incorporate generative artificial intelligence (GenAI) features in a responsible manner.
The new guidance from the search and advertising giant is an effort to combat problematic content, including sexual content and hate speech, created through such tools.
To that end, apps that generate content using AI must ensure they don't create
The U.S. Federal Bureau of Investigation (FBI) has disclosed that it's in possession of more than 7,000 decryption keys associated with the LockBit ransomware operation to help victims get their data back at no cost.
"We are reaching out to known LockBit victims and encouraging anyone who suspects they were a victim to visit our Internet Crime Complaint Center at ic3.gov," FBI Cyber Division
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks targeting defense forces in the country with a malware called SPECTR as part of an espionage campaign dubbed SickSync.
The agency attributed the attacks to a threat actor it tracks under the moniker UAC-0020, which is also called Vermin and is assessed to be associated with security agencies of the Luhansk
The Computer Emergency Response Team of Ukraine (CERT-UA) reports about a new campaign dubbed "SickSync," launched by the UAC-0020 (Vermin) hacking group in attacks on the Ukrainian defense forces. [...]
$90,000/year, full home office, and 30 days of paid leave, and all for a job as a junior data analyst – unbelievable, right? This and many other job offers are fake though – made just to ensnare unsuspecting victims into giving up their data.
The threat actor known as Commando Cat has been linked to an ongoing cryptojacking attack campaign that leverages poorly secured Docker instances to deploy cryptocurrency miners for financial gain.
"The attackers used the cmd.cat/chattr docker image container that retrieves the payload from their own command-and-control (C&C) infrastructure," Trend Micro researchers Sunil Bharti and Shubham
Los Angeles Unified School District (LAUSD) officials are investigating a threat actor's claims that they're selling stolen databases containing records belonging to millions of students and thousands of teachers. [...]
Chinese threat actors are targeting ThinkPHP applications vulnerable to CVE-2018-20062 and CVE-2019-9082 to install a persistent web shell named Dama. [...]
The Computer Emergency Response Team of Ukraine (CERT-UA) reports about a new campaign dubbed "SickSync," launched by the UAC-0020 (Vermin) hacking group in attacks on the Ukrainian defense forces. [...]
A new ransomware operation named 'Fog' launched in early May 2024, using compromised VPN credentials to breach the networks of educational organizations in the U.S. [...]
Chinese shopping platform Pandabuy told BleepingComputer it previously paid a a ransom demand to prevent stolen data from being leaked, only for the same threat actor to extort the company again this week. [...]
The distributed denial-of-service (DDoS) botnet known as Muhstik has been observed leveraging a now-patched security flaw impacting Apache RocketMQ to co-opt susceptible servers and expand its scale.
"Muhstik is a well-known threat targeting IoT devices and Linux-based servers, notorious for its ability to infect devices and utilize them for cryptocurrency mining and launching Distributed Denial
Learn about critical threats that can impact your organization and the bad actors behind them from Cybersixgill’s threat experts. Each story shines a light on underground activities, the threat actors involved, and why you should care, along with what you can do to mitigate risk.
In an increasingly interconnected world, supply chain attacks have emerged as a formidable threat, compromising
Tom works for a reputable financial institution. He has a long, complex password that would be near-impossible to guess. He’s memorized it by heart, so he started using it for his social media accounts and on his personal devices too. Unbeknownst to Tom, one of these sites has had its password database compromised by hackers and put it up for sale on the dark web. Now threat actors are working
Threat actors are increasingly abusing legitimate and commercially available packer software such as BoxedApp to evade detection and distribute malware such as remote access trojans and information stealers.
"The majority of the attributed malicious samples targeted financial institutions and government industries," Check Point security researcher Jiri Vinopal said in an analysis.
The volume of
Connexion
