Cyber attack prevention
WordPress: Jetpack vulnerability discovered. Millions of users at riskLearn how the Jetpack plugin vulnerability puts WordPress sites at risk and what to do to protect themA vulnerability in the Jetpack WordPress plugin allowed users to read other people's forms. Discovered in version 3.9.9, it prompted Jetpack to release multiple patches. It is recommended to update now to avoid future risks to sensitive user data.
Challenges and advanced solutions against sophisticated layer 7 DDoS attacksVerisign experiences addressing digital threats: analysis and strategies to protect against advanced cyber attacks at the most critical levels of the networkLayer 7 DDoS attacks are advanced and difficult to detect, aiming to saturate server resources by simulating legitimate traffic. Organizations must adopt proactive monitoring and mitigation strategies to counter these threats, as highlighted by the Verisign study.
Serious vulnerability discovered in NVIDIA's container toolkitWhat you need to know about the NVIDIA container toolkit bug and how to protect yourselfA serious vulnerability (CVE-2024-0132) in NVIDIA's Container Toolkit allows attackers to gain control over a host system. It affects versions up to 1.16.1. NVIDIA has released urgent updates to address the issue.
Italy's success in cybersecurityHow Italy achieved excellence in global cybersecurity: strategies, collaborations, and international successesItaly is among the world leaders in cybersecurity according to the ITU Global Cybersecurity Index 2023/2024. It achieved a perfect score thanks to laws, international cooperation and technical initiatives. This demonstrates the country's advanced security infrastructure.
Crucial security update for Google Chrome: protect your data nowDiscover new cyber threats and Google's solutions to protect your data with the latest Chrome updateGoogle has released a critical update for Chrome to address two security vulnerabilities (CVE-2024-7971 and CVE-2024-7965) that cybercriminals have been exploiting. Users are advised to update to version 128.0.6613.138 to stay protected.
Secrets and pitfalls of the Tor network: new revelations on security and the risks of deanonymiza...New deanonymization risks on Tor: learn how online security is threatened by sophisticated attacks and what the Tor team is doing to protect usersAn investigation has highlighted risks of authorities deanonymizing the Tor network. The Tor team has responded by reassuring users of current security improvements and encouraging them to use updated software, but concerns remain about the balance between privacy and legal investigations.
Cyber Think Tank: free tool revolutionizes cybersecurity for SMBsA revolution for SMB cybersecurity: discover how a new free platform can transform your digital defensesA new free cybersecurity platform for SMBs offers advanced tools to detect and neutralize cyber threats. Easy to use, it includes automatic updates and technical support, promoting collaboration between companies to improve overall cybersecurity.
A new era for Flipper Zero with firmware 1.0Discover the revolutionary features of Flipper Zero firmware 1.0: performance improvements, JavaScript, and enhanced connectivityFlipper Zero, a cybersecurity device, receives the 1.0 firmware update improving performance, connectivity and battery life. Added JavaScript support, new protocols and optimizations. New NFC features and dynamic app download from the community.
EUCLEAK, the vulnerability that allows cloning of YubiKey FIDO sticksLearn how the EUCLEAK vulnerability puts your cryptographic keys at riskEUCLEAK is a vulnerability in YubiKey 5 devices (and others with Infineon SLE78 microcontroller) that allows cloning of ECDSA cryptographic keys via side-channel attacks. Requires physical access and specialized equipment. Yubico has issued security advisories.
New critical exploit discovered in Windows kernel: security implications and solutionsHow a zero-day exploit threatens Windows kernel security: analysis and mitigationCVE-2024-38106 is a serious vulnerability in the Windows kernel, discovered by Sergei Kornienko. It allows attackers to gain SYSTEM privileges. Microsoft has released a patch to fix it. It has been actively exploited by the North Korean hacker group Citrine Sleet.
Blockchain news: partnerships, security, and future prospectsDiscover how blockchain is disrupting key markets and addressing critical challenges in critical industries like finance, healthcare, and logisticsBlockchain technology is revolutionizing various industries due to its security and transparency. New partnerships between companies and financial institutions are accelerating innovations. However, challenges such as scalability and regulation still need to be overcome.
The strategic transformation of CorexalysHow Corexalys is revolutionizing digital security in France and EuropeFrench company Corexalys has sold its OSINT platforms to ChapsVision to focus on online influence operations for the French Ministry of Defense and due diligence services for private clients, responding to growing cyber threats and geopolitical challenges.
How to protect PostgreSQL from cryptojacking and keep your database performance highHow to configure PostgreSQL to avoid cryptojacking attacks and ensure optimal performance, protecting your data and reducing operating costsCryptojacking is the unauthorized use of system resources, such as PostgreSQL, to mine cryptocurrencies. Preventing it requires constant updates, secure configurations, activity monitoring, and training of personnel to recognize and avoid attacks.
Serious vulnerability discovered in AMD CPUs: invisible malware riskCritical flaws put AMD CPUs at risk: how hackers can gain stealth, persistent access to your systemsA security vulnerability called Sinkclose has been affecting AMD CPUs since 2006, allowing access to the Ring -2 level. By exploiting the TClose feature, attackers can install persistent malware. AMD is releasing patches, but some models are still without updates.
Shocking discovery in the world of browsers: a backdoor that has been exploited for 18 yearsHackers able to access private networks via backdoors in major web browsersA vulnerability in browsers has been discovered after 18 years, allowing hackers to access private networks via the IP 0.0.0.0. Apple, Google and Mozilla are responding with security measures. The risk involves sensitive data on private and development servers.
Meta and the security challenge: unexpected vulnerabilities in the new machine learning modelCritical vulnerability discovered in Meta's AI model: Prompt-Guard-86M under attackMeta introduced a machine learning model, Prompt-Guard-86M, to prevent prompt injection attacks. However, it is vulnerable to such attacks via letter spaces. This highlights the importance of security in the evolution of AI.
A dangerous vulnerability discovered on Telegram for Android: everything you need to know about E...Exploit discovered on Telegram for Android: what is EvilVideo and how to protect yourselfESET researchers have discovered the EvilVideo exploit, which affects Telegram on Android. The exploit, sold on underground forums, tricks users into downloading malicious apps. Telegram has resolved the issue with the update to version 10.14.5, thus protecting users.
Cybersecurity for dummies: defend yourself from modern cyber threatsDiscover essential cybersecurity techniques to protect your business from today's most advanced digital threatsCybersecurity protects businesses from attacks such as malware and phishing. "Exploits" exploit technical vulnerabilities, while "cyber-exploitation" affects the private sphere. Cybersecurity protects data and applications, while network security protects networks. Challenges include access management,...
Critical breakthroughs in 2024: new threats to Adobe, SolarWinds, and VMwareCritical vulnerabilities discovered in 2024: urgency for security updates increases for Adobe, SolarWinds, and VMware. Find out how these threats can affect cyber infrastructuresCISA has added new critical vulnerabilities to its catalog, affecting Adobe Commerce, SolarWinds Serv-U, VMware vCenter Server, and OSGeo GeoServer GeoTools. It also issued an advisory for Rockwell Automation Pavilion 8 industrial control systems, highlighting the importance of proactive vulnerability...
Effective plans and strategies to face and defeat a ransomware attackStrategies and tips for companies facing cyber attacks: how to manage negotiations, prepare for incidents and prevent future ransomware threatsThe text discusses negotiations with criminals using ransomware, the importance of preparation and training to deal with such attacks, evaluating whether to pay the ransom, and implementing preventative and recovery measures to mitigate future risks.
Zero-day threat on Android devices: Samsung prepares a crucial updateFind out how Samsung is addressing critical Android vulnerabilities and protecting Galaxy devices from cyber threatsSamsung will release a security patch in August to address a serious zero-day vulnerability (CVE-2024-32896) on Galaxy devices. The vulnerability allows remote code execution. Another flaw (CVE-2024-2974) also needs fixing.
Google Cloud security predictions for 2024: how AI will reshape the cybersecurity landscapeFind out how AI will transform cybersecurity and address geopolitical threats in 2024 according to Google Cloud reportGoogle Cloud's "Cybersecurity Forecast 2024" report predicts the use of AI to broaden phishing and disinformation, but also to improve defense. Highlights threats from the "Big Four" (China, Russia, North Korea, Iran) and attacks on elections and the Paris Olympics.
Critical vulnerability discovered in PHP CGI: how to protect your systems from CVE-2024-4577Find out how a security flaw in PHP CGI threatens your Windows servers and what immediate steps to take to protect yourselfAkamai has discovered a serious vulnerability in PHP (CVE-2024-4577) that allows remote code execution on Windows systems with CGI configurations. Bad actors can exploit it to spread malware and crypto mining attacks. Installing patches and using WAF is critical for protection.
New critical vulnerability discovered in OpenSSH: remote code execution riskFind out how a race condition in recent versions of OpenSSH puts system security at risk: details, impacts and solutions to implement immediatelyA vulnerability in OpenSSH 8.7 and 8.8, identified as CVE-2024-6409, could allow remote code execution. Caused by a race condition in the signal handler, it is a serious risk. Discovered by Qualys, requires immediate patches to mitigate risks.
Apple ID security: prevent phishing attacks with two-factor authenticationLearn how cybercriminals exploit phishing and learn how to defend your Apple ID with simple but effective security measuresApple ID users are being hacked via phishing emails and SMS that appear legitimate. Hackers steal credentials to lock out accounts and access funds. Enabling two-factor authentication (2FA) is vital to protecting yourself by avoiding clicking on suspicious links.
Security alert for MSI Center: critical vulnerability discovered in Windows systemsA critical flaw in Windows systems allows limited users to obtain administrator privileges: find out how to protect yourself and what solutions to implement to avoid cyber attacksA vulnerability (CVE-2024-37726) was discovered in MSI Center on Windows, allowing elevation of privilege. Users should update to version 2.0.38.0 to mitigate risks. This flaw can allow total control of the system by attackers.
Operation Morpheus: Europol hits cybercrime hardA vast network of illegal servers discovered and neutralized: the global fight against cyber threats enters a new phaseOperation Morpheus, coordinated by Europol, disabled nearly 600 Cobalt Strike servers used by cybercriminals. Pirated versions of this pentesting tool have been exploited for cyber attacks. Public-private collaboration has been crucial to this success.
regreSSHion vulnerability discovered in OpenSSHLearn how an old vulnerability returns in a new, threatening form and what steps to take to secure your OpenSSH systemsA flaw in OpenSSH, called regreSSHion and identified as CVE-2024-6387, allows remote attacks. This bug is a regression of an old CVE from 2006. Major Linux distributions have released updates to address the issue.
Serious vulnerability discovered in Rabbit R1: all user data at riskVulnerability in Rabbit R1 exposes sensitive API keys. What are the privacy risks?The Rabbitude Group has discovered a vulnerability in the Rabbit R1 AI device that exposes crucial API keys. These keys allow unauthorized access to users' personal data. Rabbit has revoked an API key and is investigating, but has found no evidence of violations so far.
Severe vulnerabilities in Juniper Networks devices: urgent security updatesThe critical issue that exposes corporate networks to serious risks and the immediate measures to be takenJuniper Networks has released security patches to fix a serious vulnerability in Junos OS. This flaw, rated 10.0, allows arbitrary code execution and denial of service. Immediate update is recommended to protect company IT infrastructures.
Alexa is renewed: Amazon focuses on generative artificial intelligence and monthly subscriptionsNew features and economic opportunities to improve the Alexa user experienceAmazon is revamping Alexa with paid versions equipped with generative artificial intelligence. The goal is to make it smarter and more profitable, using it to facilitate purchases on Amazon and introducing monthly subscriptions.
Microsoft fix for critical Wi-Fi vulnerability: urgent updateMicrosoft releases critical security updates to protect Windows devicesMicrosoft has released security updates to address a serious vulnerability (CVE-2024-30078) in Windows Wi-Fi drivers, which allowed remote attacks via public Wi-Fi networks. It is critical to update systems immediately to prevent security risks.
Serious vulnerability in Microsoft Outlook: risk of spoofing in company emailsThe importance of a timely response to mitigate risks associated with security vulnerabilitiesA critical bug in Microsoft Outlook may allow corporate emails to be impersonated, increasing phishing risks. Microsoft initially ignored the report, but is now reviewing the issue. Users are advised to strengthen their cybersecurity.
Burnout among cybersecurity specialists: a growing problemBitdefender study: impact of burnout on staff and emerging challenges in cybersecurityA Bitdefender survey reveals that over 70% of cybersecurity professionals work on weekends, leading to burnout and dissatisfaction. The main threats are phishing, software vulnerabilities and ransomware. Organizations invest in security but current solutions are not adequate.
The impact of CVSS 4.0 in Software Security Vulnerability AssessmentThe evolution of the Common Vulnerability Scoring System and its importance for corporate information securityCVSS 4.0, released on October 21, 2023, is a tool for assessing the severity of software vulnerabilities. It uses 30 variables in four categories: Basic, Threat, Environmental and Supplemental. Helps organizations manage and prioritize vulnerabilities to reduce risk.
Serious vulnerability found in Mali GPU drivers: updates requiredExposure to cyber attacks for Mali GPU devices: immediate corrective actions requiredARM has reported a "use-after-free" vulnerability in Mali Bifrost and Valhall GPUs, which has already been exploited by malicious actors. They recommend quick driver updates to protect devices, especially for those using versions r34p0 to r40p0, patched from r41p0 onwards.
TPM chip vulnerabilities and risks without physical accessTPM chip security under scrutiny: new vulnerabilities and mitigation strategiesA researcher has revealed a vulnerability in TPM chips that allows hackers to access data without physical contact. This flaw affects Intel systems and requires firmware updates that not all manufacturers have implemented. A tool to detect the vulnerability will be available soon.
Serious security flaw in PHP on Windows server in CGI modeCVE-2024-4577 vulnerability details and essential mitigations for PHP servers on Windows in CGI modeDEVCORE has discovered a serious vulnerability (CVE-2024-4577) in PHP on Windows in CGI mode, which allows remote code execution. It affects several versions of PHP and poses a critical risk to servers. Immediate updating of PHP is recommended.
Kali Linux innovations and technical improvements in version 2024.2New tools, GNOME desktop improvements, and Kali NetHunter updatesThe Kali Linux 2024.2 release introduces significant updates, including GNOME 46 and improvements for Kali-Undercover and Xfce. Introduces new hacking and penetration testing tools, along with improvements to Kali NetHunter. Available for various systems and upgradeable with sudo apt update && sudo apt...
Secure Boot: Microsoft updates certificates to address vulnerabilitiesThe impact of Secure Boot certificate revocation and Microsoft's mitigation strategiesMicrosoft will update Secure Boot certificates to address vulnerabilities, potentially rendering older Windows bootloaders unusable. The updates will be distributed via Windows Update, but may cause problems, also requiring UEFI BIOS updates to recognize the new certificates.
Leveraging log data in cybersecurityHow hackers exploit logs to compromise the security of networks and applicationsLogs are files that record system data and network activity. Hackers scan them to discover vulnerabilities, gain administrative privileges, and evade security systems. Administrators must regularly monitor logs to prevent cyber attacks.
Defending credentials: techniques and tools for account security in the digital ageAdvanced strategies and tools necessary to ensure the security of account credentials in the current context of cyber attacksProtecting account credentials is crucial against cyber attacks. Using strong passwords, 2FA, and tools like “Have I Been Pwned” helps prevent breaches. Organizations must adopt security strategies and have a recovery plan ready in the event of a compromise.
Netflix and proactive cybersecurity collaborationStrategic collaboration between Netflix and the ethical hacker community to improve securityNetflix has paid out more than $1 million through its bug bounty program to incentivize experts to report vulnerabilities. This strategy improves the security of the platform and demonstrates the company's commitment to protecting its users.
An uncertain future for cybersecurity in EuropeEuropean initiatives and investments to strengthen cybersecurity and close the skills gapIn Italy and Europe there is a shortage of skills in cybersecurity. Initiatives such as those of ENISA and the G7 community in Rome seek to respond to this challenge. The European Commission invests millions in training and resilience against cyber attacks.
The challenges of digital identity management in the age of cybersecurityThe evolution of IAM solutions to counter modern cyber threatsDigital identity is critical to IT security. Organizations must protect credentials from attacks using technologies such as multi-factor authentication (MFA) and biometrics. AI and blockchain are the future for improving the management and security of digital identities.
Security strategies and challenges in modern surveillance camerasSolutions and practices to ensure the cybersecurity of surveillance camerasSurveillance cameras are essential for security, but vulnerable to cyber-attacks. It is crucial to update firmware, use encryption, firewalls and security training for users to protect monitored data and environments from unauthorized access.
Cybersecurity strategies for the Paris 2024 OlympicsChallenges and solutions to ensure cybersecurity of global sporting eventsThe article examines cybersecurity for the Paris 2024 Olympics, the importance of data in the sporting world, the solidarity projects of the Yellow Flames and the proposals for an Authority that monitors the accounts of professional clubs in sport.
Netflix addresses a critical vulnerability in its big data orchestration servicesNetflix successfully addresses a critical security flawNetflix has addressed a critical vulnerability in its Big Data services that could allow unauthorized access to sensitive data. The company worked with experts to quickly resolve the issue and continues to invest in advanced security technologies to prevent future risks.
Google vs. Microsoft: cybersecurity battle intensifiesCompetition between giants: Google denounces Microsoft's vulnerabilities and proposes Workspace as a more secure solutionGoogle criticized Microsoft's security after a hack, promoting its own Workspace as an alternative. It also launched aggressive offers to attract customers. Microsoft responded with the "Secure Future" initiative to improve security and regain trust.
Cyber security in the UK: current challenges and response strategiesAn in-depth assessment of current cyber threats and countermeasures in the UKThe UK DSIT's "Cybersecurity Breaches Survey 2024" report finds that many businesses and non-profit organizations have suffered cyber attacks, especially phishing. Security measures are still lacking, with concerns about supply chain risks and variable attention to security.