Vulnérabilité dans TheGreenBow VPN Client (24 septembre 2024) (CERT-FR)
Une vulnérabilité a été découverte dans TheGreenBow VPN Client. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
The SSPM Justification Kit
SaaS applications contain a wealth of sensitive data and are central to business operations. Despite this, far too many organizations rely on half measures and hope their SaaS stack will remain secure. Unfortunately, this approach is lacking and will leave security teams blind to threat prevention and detection, as well as open to regulatory violations, data leaks, and significant breaches. If
Kaspersky Exits U.S., Automatically Replaces Software With UltraAV, Raising Concerns
Antivirus vendor Kaspersky has formally begun pulling back its offerings in the U.S., migrating existing users to UltraAV, effective September 19, 2024, ahead of its formal exit at the end of the month. "Kaspersky antivirus customers received a software update facilitating the transition to UltraAV," the company said in a post announcing the move on September 21. "This update ensured that users
Discover Latest Ransomware Tactics and Zero Trust Strategies in This Expert Webinar
Ransomware is no longer just a threat; it's an entire industry. Cybercriminals are growing more sophisticated, and their tactics are evolving rapidly. This persistent danger is a major concern for business leaders. But there's good news: you don't have to be defenseless. What if you could gain a strategic edge? Join our exclusive webinar, "Unpacking the 2024 Ransomware Landscape: Insights and
EU Digital Identity Wallet: A leap towards secure and trusted electronic identification through certification (ENISA)
The European Union Agency for Cybersecurity (ENISA) and the European Commission announce the request to ENISA to support the certification of the EU Digital Identity Wallets (EUDI).
New Octo2 Android Banking Trojan Emerges with Device Takeover Capabilities
Cybersecurity researchers have discovered a new version of an Android banking trojan called Octo that comes with improved capabilities to conduct device takeover (DTO) and perform fraudulent transactions. The new version has been codenamed Octo2 by the malware author, Dutch security firm ThreatFabric said in a report shared with The Hacker News, adding campaigns distributing the malware have
Exfiltration de données du secteur social – Retour d’expérience du CERT-FR (24 septembre 2024) (CERT-FR)
L’année 2023 et le début de l’année 2024 ont été marqués par de nombreux incidents ciblant des entités du secteur social gérant des données à caractère personnel . Compte tenu des impacts qu’ont eu ces exfiltrations de données, le CERT-FR propose un retour d’expérience sur la gestion de ces...
Telegram Agrees to Share User Data With Authorities for Criminal Investigations
In a major policy reversal, the popular messaging app Telegram has announced it will give users' IP addresses and phone numbers to authorities in response to valid legal requests in an attempt to rein in criminal activity on the platform. "We've made it clear that the IP addresses and phone numbers of those who violate our rules can be disclosed to relevant authorities in response to valid legal
Multiples vulnérabilités dans les produits ESET (23 septembre 2024) (CERT-FR)
De multiples vulnérabilités ont été découvertes dans les produits ESET. Elles permettent à un attaquant de provoquer une élévation de privilèges et un déni de service.