27Mar 2024 by

SASE Solutions Fall Short Without Enterprise Browser Extensions, New Report Reveals

Actualités
As SaaS applications dominate the business landscape, organizations need optimized network speed and robust security measures. Many of them have been turning to SASE, a product category that offers cloud-based network protection while enhancing network infrastructure performance. However, a new report: "Better Together: SASE and Enterprise Browser Extension for the SaaS-First Enterprise" (
Read More
27Mar 2024 by

Critical Unpatched Ray AI Platform Vulnerability Exploited for Cryptocurrency Mining

Actualités
Cybersecurity researchers are warning that threat actors are actively exploiting a "disputed" and unpatched vulnerability in an open-source artificial intelligence (AI) platform called Anyscale Ray to hijack computing power for illicit cryptocurrency mining. "This vulnerability allows attackers to take over the companies' computing power and leak sensitive data," Oligo Security researchers Avi
Read More
27Mar 2024 by

Alert: New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice

Actualités
A new phishing campaign has been observed leveraging a novel loader malware to deliver an information stealer and keylogger called Agent Tesla. Trustwave SpiderLabs said it identified a phishing email bearing this attack chain on March 8, 2024. The message masquerades as a bank payment notification, urging the user to open an archive file attachment. The archive ("Bank Handlowy w Warszawie
Read More
27Mar 2024 by

Two Chinese APT Groups Ramp Up Cyber Espionage Against ASEAN Countries

Actualités
Two China-linked advanced persistent threat (APT) groups have been observed targeting entities and member countries affiliated with the Association of Southeast Asian Nations (ASEAN) as part of a cyber espionage campaign over the past three months. This includes the threat actor known as Mustang Panda, which has been recently linked to cyber attacks against Myanmar as well as
Read More
27Mar 2024 by

Recent ‘MFA Bombing’ Attacks Targeting Apple Users (Krebs on Security)

Actualités, Sécurité
Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple’s password reset feature. In this scenario, a target’s Apple devices are forced to display dozens of system-level prompts that prevent the devices from being used until the recipient responds “Allow” or “Don’t Allow” to each prompt. Assuming the user manages not to fat-finger the wrong button on the umpteenth password reset request, the scammers will then call the victim while spoofing Apple support in the caller ID, saying the user’s account is under attack and that Apple support needs to “verify” a one-time code. Some of the many notifications Patel says he received from Apple all at once. Parth Patel is an entrepreneur who is trying to build a…
Read More
27Mar 2024 by

Recent ‘MFA Bombing’ Attacks Targeting Apple Users (Krebs on Security)

Actualités, Sécurité
Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple’s password reset feature. In this scenario, a target’s Apple devices are forced to display dozens of system-level prompts that prevent the devices from being used until the recipient responds “Allow” or “Don’t Allow” to each prompt. Assuming the user manages not to fat-finger the wrong button on the umpteenth password reset request, the scammers will then call the victim while spoofing Apple support in the caller ID, saying the user’s account is under attack and that Apple support needs to “verify” a one-time code. Some of the many notifications Patel says he received from Apple all at once. Parth Patel is an entrepreneur who is trying to build a…
Read More
27Mar 2024 by

Recent ‘MFA Bombing’ Attacks Targeting Apple Users (Krebs on Security)

Actualités
Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple’s password reset feature. In this scenario, a target’s Apple devices are forced to display dozens of system-level prompts that prevent the devices from being used until the recipient responds “Allow” or “Don’t Allow” to each prompt. Assuming the user manages not to fat-finger the wrong button on the umpteenth password reset request, the scammers will then call the victim while spoofing Apple support in the caller ID, saying the user’s account is under attack and that Apple support needs to “verify” a one-time code. Some of the many notifications Patel says he received from Apple all at once. Parth Patel is an entrepreneur who is trying to build a…
Read More
27Mar 2024 by

Recent ‘MFA Bombing’ Attacks Targeting Apple Users

Actualités
Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple’s password reset feature. In this scenario, a target’s Apple devices are forced to display dozens of system-level prompts that prevent the devices from being used until the recipient responds “Allow” or “Don’t Allow” to each prompt. Assuming the user manages not to fat-finger the wrong button on the umpteenth password reset request, the scammers will then call the victim while spoofing Apple support in the caller ID, saying the user’s account is under attack and that Apple support needs to “verify” a one-time code. Some of the many notifications Patel says he received from Apple all at once. Parth Patel is an entrepreneur who is trying to build a…
Read More
26Mar 2024 by

Malicious NuGet Package Linked to Industrial Espionage Targets Developers

Actualités
Threat hunters have identified a suspicious package in the NuGet package manager that's likely designed to target developers working with tools made by a Chinese firm that specializes in industrial- and digital equipment manufacturing. The package in question is SqzrFramework480, which ReversingLabs said was first published on January 24, 2024. It has been downloaded 
Read More