Multiples vulnérabilités dans Google Chrome (03 septembre 2024) (CERT-FR)
De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Vulnérabilité dans les produits VMware (03 septembre 2024) (CERT-FR)
Une vulnérabilité a été découverte dans VMware Fusion. Elle permet à un attaquant de provoquer une exécution de code arbitraire.
Owners of 1-Time Passcode Theft Service Plead Guilty
Three men in the United Kingdom have pleaded guilty to operating otp[.]agency, a once popular online service that helped attackers intercept the one-time passcodes (OTPs) that many websites require as a second authentication factor in addition to passwords. Launched in November 2019, OTP Agency was a service for intercepting one-time passcodes needed to log in to various websites. Scammers who had already stolen someone’s bank account credentials could enter the target’s phone number and name, and the service would initiate an automated phone call to the target that warned them about unauthorized activity on their account. The call would prompt the target to enter a one-time passcode that was sent to the user via SMS when the thieves attempted to log in. Any codes shared by the target were then…
Rocinante Trojan Poses as Banking Apps to Steal Sensitive Data from Brazilian Android Users
Mobile users in Brazil are the target of a new malware campaign that delivers a new Android banking trojan named Rocinante. "This malware family is capable of performing keylogging using the Accessibility Service, and is also able to steal PII from its victims using phishing screens posing as different banks," Dutch security company ThreatFabric said. "Finally, it can use all this exfiltrated
Secrets Exposed: Why Your CISO Should Worry About Slack
In the digital realm, secrets (API keys, private keys, username and password combos, etc.) are the keys to the kingdom. But what if those keys were accidentally left out in the open in the very tools we use to collaborate every day? A Single Secret Can Wreak Havoc Imagine this: It's a typical Tuesday in June 2024. Your dev team is knee-deep in sprints, Jira tickets are flying, and Slack is
New Flaws in Microsoft macOS Apps Could Allow Hackers to Gain Unrestricted Access
Eight vulnerabilities have been uncovered in Microsoft applications for macOS that an adversary could exploit to gain elevated privileges or access sensitive data by circumventing the operating system's permissions-based model, which revolves around the Transparency, Consent, and Control (TCC) framework. "If successful, the adversary could gain any privileges already granted to the affected
Ex-Engineer Charged in Missouri for Failed $750,000 Bitcoin Extortion Attempt
A 57-year-old man from the U.S. state of Missouri has been arrested in connection with a failed data extortion campaign that targeted his former employer. Daniel Rhyne of Kansas City, Missouri, has been charged with one count of extortion in relation to a threat to cause damage to a protected computer, one count of intentional damage to a protected computer, and one count of wire fraud. He was
RansomHub Ransomware Group Targets 210 Victims Across Critical Sectors
Threat actors linked to the RansomHub ransomware group encrypted and exfiltrated data from at least 210 victims since its inception in February 2024, the U.S. government said. The victims span various sectors, including water and wastewater, information technology, government services and facilities, healthcare and public health, emergency services, food and agriculture, financial services,