Cyber attack prevention
Google Dark Web: the new service for the security of your accountsProtect your sensitive data: Learn how Google's Dark Web Report can help you maintain the security of your accountGoogle has made its Dark Web service available to everyone, to protect users' accounts and personal information. The Google Dark Web Report monitors the dark web for possible data breaches and provides additional paid features. Users can use the Google app and Password Manager to protect their cr...
Fight against cybercrime and fake news, Google finances two Italian projectsA new era for cybersecurity: Google invests in innovation made in ItalyGoogle has selected two Italian projects to receive funding as part of the Impact Challenge: Tech for Social Good. One involves identifying cyber vulnerabilities of SMEs, the other helps older people detect and counter cyber attacks. Google will invest 4 million euros in these initiatives, which will...
Signal's alleged zero-day flaw affecting link previewsSigns of uncertainty: how to protect yourself from possible threatsSignal has rejected accusations of an alleged zero-day flaw, but there may be a risk linked to link previews. We recommend disabling previews, keeping the app updated, and taking precautions such as two-factor authentication and avoiding suspicious links.
Siemens launches SINEC Security Inspector, a new test suite for industrial network securityA new tool to ensure the protection and integrity of industrial networks, improving cybersecurity in the manufacturing sectorSiemens has expanded its portfolio of cybersecurity solutions, launching SINEC Security Inspector, a security test suite that helps identify and mitigate cyber vulnerabilities in the manufacturing industry. The open framework integrates third-party security tools and offers an efficient way to control...
Serious zero-day vulnerability in Cisco's IOS XE software: attackers can take control of routers and...Serious security risk for Cisco devices: a zero-day vulnerability puts routers and switches at riskCisco has found a serious vulnerability in its IOS XE software that allows unauthenticated hackers to gain full administrator privileges and remote control of routers and switches. To mitigate risk, Cisco recommends disabling the HTTP server feature on devices exposed to the Internet.
Google: news for the security of Android and iOS usersAn important series of improvements for the security and privacy of both Android and iOS usersIn celebration of Cyber Security Month, Google announced three new improvements for users. On Android it will be possible to delete browsing data from the last 15 minutes, Google Password Manager will become the default provider for passwords on iOS and it will be easier to access the report on the dark...
The end of VBScript: Microsoft is committed to ending the use of the outdated scripting languageA major change for cybersecurity: Microsoft abandons VBScript for greater protectionMicrosoft will phase out VBScript from future versions of Windows to combat the spread of malware. This decision is part of a broader strategy to increase the security of Windows systems and provide users with a more reliable computing experience.
Cyberlum Academy: training to counter cyber attacksImproving the preparation of security experts in the IT sector: the mission of the Cybellum AcademyThe Cybellum Academy is an institution dedicated to training and offering content on cybersecurity. Offers courses on product security and vulnerability management to thwart cyber attacks on critical devices.
Office employees' risky cyber security habitsThe challenges of cybersecurity awareness in work contextsAccording to a study by Ivanti, many employees do not consider their actions relevant to corporate security. Younger workers have less secure habits, while regional differences point to gaps in cybersecurity training. It is essential to create a collaborative culture, avoiding problems for end us...
Hacking black market: traffic of bugs and exploits on the riseBlack market explosion: searching for vulnerabilities in the digital ageHacking mobile phones, particularly via apps like WhatsApp, is becoming increasingly expensive. Zero-day vulnerabilities have reached very high prices, demonstrating the importance of investing in security. Illegal trafficking in malware and spyware is growing, putting users' online privacy at risk....
APIs and their fragility in the digital contextThe need for API-centric cybersecurity to protect digital applicationsAPIs are essential but vulnerable. Their widespread use and lack of adequate oversight facilitate cyberattacks. Enterprises must adopt protection strategies, detect anomalous behavior and involve developers and company departments in security.
Soft skills: an ongoing challenge for the cybersecurity sectorChallenges and opportunities for cybersecurity professionals in the digitally advanced job marketA new report from ISACA highlights gaps in cybersecurity professionals, such as interpersonal skills, cloud computing and security measures. There are shortages of specialized personnel and difficulties in retaining talent. The most sought after skills are identity and access management, cloud computing,...
Google and Yahoo strengthen email anti-spam protectionsThe future of email: raising your guard against phishing attacks and spamGoogle and Yahoo have announced new requirements to combat email spam and phishing. Starting next year, senders of bulk messages will be required to authenticate their messages and offer users the ability to easily unsubscribe from commercial emails. Clear criteria will be introduced to avoid sending...
Cyber attacks: a magnifying glass on securityRevealing hidden vulnerabilities: an in-depth analysis of cyber attacksCyberattacks highlight gaps in corporate security, but it's important to combat hackers who abuse user data to commit fraud. The article highlights that companies need to invest in advanced technologies, train staff and take appropriate security measures to protect users.
BunnyLoader: the ever-evolving malware-as-a-serviceThe unstoppable threat making its way into the world of hackingBunnyLoader is a dangerous malware-as-a-service that is gaining popularity on the dark web. With advanced features such as clipboard stealing and remote command execution, it poses a significant threat to cybersecurity.
October 2023 security updates for Android: fixed two exploited vulnerability issuesSecurity risks for Android users: exploited vulnerabilities and spread of spyware on iPhoneGoogle has released the October 2023 security updates for Android, fixing 51 vulnerabilities, including 2 zero-days exploited in malicious attacks. These issues were reported by Apple and Citizen Lab and were used to spread spyware on iPhones. Additionally, a bug in the Arm Mali GPU driver that allowed...
UK businesses: growth in cyber incidents and security budget challengesA worrying picture: UK businesses face a growing challenge in cyber protectionUK businesses face a growing challenge in cyber protection, with a 25% increase in cyber incidents. However, limited budget and other factors remain weaknesses. New technologies such as artificial intelligence could help improve cybersecurity.
Critical vulnerabilities addressed in WS_FTP Server by Progress SoftwareThe implications of remediating vulnerabilities and recommended mitigation measuresProgress Software has resolved two critical vulnerabilities in WS_FTP Server, which allowed remote command execution by unauthenticated attackers. Users are recommended to update to the correct version or disable the ad hoc transfer feature.
Cisco acquires Splunk for $28 billionCisco and Splunk join forces to create cutting-edge security solutionsCisco will acquire Splunk for $28 billion, with the goal of improving digital security and connecting everything securely. The union will make it possible to predict and prevent threats thanks to artificial intelligence, offering innovative solutions in the security and observability sector.
Google fixes a new zero-day vulnerability exploited by a spyware vendorAn urgent patch has been released to protect users from espionage activity via a zero-day vulnerability in ChromeGoogle has released a Chrome update to address a zero-day vulnerability exploited by a spyware vendor. The stable version 117.0.5938.132 resolves the critical vulnerability identified as CVE-2023-5217. It is the sixth zero-day solved by Google in 2023.
The revolution of the Zero-Touch model for corporate IT securityA new approach to enhance the protection of corporate IT systemsThe article explains the concept of "Zero-Trust" in cybersecurity and how it is evolving with the introduction of the "Zero-Touch" model. This new approach aims to reduce human intervention and adopt Artificial Intelligence to optimize the management of protective devices.
Working group on the Intersection of AI and cybersecurityArtificial intelligence, an opportunity to strengthen cyber protectionThe R Street Institute has created a working group to examine the use of cybersecurity in Artificial Intelligence (AI). The group will discuss use cases, regulations and business practices. Members include representatives from the government, Google and academic institutions. AI has been used in cybersecurity...
New GPU.side-channel attack discovered: modern graphics cards vulnerableA serious security risk for graphics cards: the GPU.side-channel vulnerabilityA group of researchers has discovered a new cyber attack, called "GPU.zip", that exploits the data compression of modern graphics cards to reveal sensitive information during web browsing. Despite the report, no manufacturer has yet released a patch to fix the problem. The attack involves several GPU...
$17 million contract for Xage cybersecurity for Space Force networksA new milestone for cybersecurity: Xage partner of the Space ForceCybersecurity firm Xage has won a $17 million contract to protect the networks of the Space Force's Space Systems Command. Using "zero trust" technology, Xage will ensure the security of information networks and satellites. This collaboration will strengthen the security of the military organization's...
Launch of cybersecurity and IT apprenticeship program at University of Maine at AugustaA new approach to apprenticeships: smart investments for growth in IT and cybersecurityOn September 28, from 1:00 pm to 3:00 pm eastern time, the Maine Department of Labor (MDOL) and its Commissioner, Laura Fortman, will announce the launch of the Registered Apprenticeship (RA) program in cybersecurity and IT at the University of Maine at Augusta (UMA). This new initiative will offer employers...
Password security: why standard policies are not enoughThe need to adopt advanced strategies to protect sensitive passwordsThe article warns about weaknesses in password policies and emphasizes that password complexity requirements are not enough. Stolen passwords are sold on the dark web and used in "credential stuffing" attacks. Organizations must defend themselves by promptly identifying and reporting compromised...
Apple fixes 3 more zero-day security issuesCritical updates to protect Apple users from zero-day attacksApple has identified three zero-day vulnerabilities affecting iPhone and Mac that have been exploited by cybercriminals. Affected devices include iPhone 8 and later, iPad mini 5th generation and later, Macs running macOS Monterey or later, and Apple Watch Series 4 and later. The vulnerabilities have...
Signal prepares for the era of quantum attacksThe race for secure encryption: Signal prepares for the challenges of the digital futureThe article is about the Signal chat app which is gearing up to protect future communications from potential quantum computer attacks. Signal will implement new security measures to combat the risk of data decryption and ensure the privacy of conversations.
Data security: traditional data centers vs cloud environmentsData security: a comparative evaluation of traditional data centers and cloud environmentsThe article explains the differences in data security between traditional data centers and cloud environments. Data centers offer direct control and physical security, while cloud environments offer flexibility and advanced security features. The choice depends on the needs and resources of the o...
Zero Trust security: the importance of assigning the level of trust to corporate usersThe challenge of cybersecurity in the era of mobility and multi-device accessThe article discusses the importance of correctly assigning trust levels in corporate devices to ensure greater cybersecurity. We also talk about the challenges in identifying the user and the device used, and recommend reliable authentication methods, such as the use of digital certificates and hardware...
Intel launches Project Amber to ensure the integrity of Trusted Execution EnvironmentsIntel's new integrity verification solution to ensure TEE securityIntel has launched a new attestation service called Project Amber, as part of the Trust Authority portfolio. This service ensures the authenticity and integrity of the environment by allowing organizations to verify that data has not been compromised. It also supports confidential AI and intelligent...
Cyber attacks on the rise in Q2: the report from Swascan's SOC and Threat Intelligence TeamThe importance of an agile and aware defense against cyber threatsThe report from Swascan's SOC and Threat Intelligence Team reveals that there was a significant increase in cyber attacks in the second quarter, including ransomware, phishing and malware. It is essential to adopt advanced defense strategies and train personnel to limit cyber risk.
Trend Micro addresses a serious vulnerability that allows remote code executionTimely resolution of a serious vulnerability in Trend Micro's Apex One solutionTrend Micro has successfully patched a serious zero-day vulnerability in Apex One, its endpoint security solution. Attackers were exploiting this flaw, so it is important to update affected products to protect systems.
Nearly 12,000 Juniper firewalls vulnerable to a recent RCE flaw discoveredA detailed analysis of the recent RCE vulnerability in Juniper firewalls and how it was exploitedResearch has found that more than 12,000 Juniper firewalls across the Internet are vulnerable to a recent security flaw. Attackers can execute malicious code without authentication by exploiting a vulnerability in the J-Web component of Junos OS. Juniper Networks released a patch to fix the issue last...
The cyber kill chain: a security guideHow to deal with threats and protect corporate networksThe article explains the cyber kill chain, a model that describes the stages of a cyber attack. Shows how to mitigate cyber threats and protect data using security measures at every stage.
Phishing traps: common mistakes to avoidEssential precautions to protect your online securityPhishing is a dangerous cyber attack: don't trust emails from unknown senders, avoid spelling errors, check attached files, don't fall for urgent payment or winnings scams.
Android vulnerability: credit cards at riskThe discovery of a serious vulnerability in the Android operating system puts the security of credit cards at riskA serious security flaw has been discovered on Android that allows access to credit card data via NFC devices such as Flipper Zero. The vulnerability has been identified as CVE-2023-35671 and affects devices running Android 5.0 and later. The fix is only available for recent versions of Android. Older...
Choosing the best CSSP for cybersecurityExpert opinion on how to evaluate the reliability of CSSPsThis article examines the important role of cybersecurity vendors (CSSPs) in protecting against cyber threats. Guidance is provided on how to select a reliable and competent CSSP and the importance of evaluating solutions and supplier experience is highlighted. Finally, it is emphasized that cybersecurity...
Critical vulnerabilities in Notepad++ software: CERT-In warningCERT-In recommendations to protect systems from attacks on Notepad++ softwareThe Indian government agency CERT-In has discovered several vulnerabilities in the Notepad++ program, which could allow an attacker to execute code and obtain sensitive information from the target system. It is critical to apply software updates to resolve such vulnerabilities and protect your system....
Cyber security: the new face of cyber threatsThe challenge of evolving cyber threats: how to protect companies from new attacksThe article highlights the importance of cybersecurity for businesses and the challenges they face. We discuss emerging trends in the cyber security landscape, such as identity-based attacks, and the agility and sophistication of cyber adversaries. We emphasize the need for collaboration between security...
Cyber security in Industry 4.0: risks and advanced solutionsAdvanced protection of industrial plants: how to deal with cyber threats in the Industry 4.0 eraThe article describes the challenges of cyber security in Industry 4.0, with case studies of devastating attacks. It presents the fundamentals of security in industrial contexts, such as physical, network, system and data protection. It also provides strategies to improve safety, such as implementing...
GenAI: benefits and risks in the use of generative artificial intelligenceThe mixed impacts of using GenAI: opportunities and threats in the world of technology according to the CEO of McAfeeThe use of generative artificial intelligence (GenAI) offers great benefits, but it also helps hackers perfect online scams. McAfee adapts to technological change, using AI to protect customers. Digital security is necessary in modern society, despite the temptation to reduce expenses. The use of GenAI...
RCE ThemeBleed bug discovered in Windows 11 with a test exploitA risky vulnerability discovered in Windows 11 Themes opens the door to attackersAn exploit called ThemeBleed has been discovered that allows attackers to execute code on the system. The flaw has been patched by Microsoft, but users are advised to apply security updates.
Offline file sharing: the advent of USB Dead DropsAn alternative network for offline and anonymous file exchangeDead Drops is a project that creates an alternative network to the Internet for exchanging files. USB sticks are installed in public places, allowing users to share and find files anonymously and offline. However, it is advisable to use security precautions due to the potential risk of malware.
Cyber Shield: a video game for cybersecurity awarenessPlayful innovation for corporate cyber protection: Gamindo launches Cyber ShieldGamindo created the video game “Cyber Shield” to train employees in the basics of cybersecurity. Through an interactive platform, players learn and practice defense strategies against cyber attacks. The goal is to create an engaging environment to develop solid cybersecurity skills.
Severe zero-day vulnerabilities in Adobe's Acrobat and ReaderUrgent updates to address serious zero-day vulnerabilities in Adobe's Acrobat and ReaderAdobe has released security updates to fix a zero-day vulnerability in Acrobat and Reader, along with other fixed vulnerabilities. The attacks exploit a flaw that allows the execution of unauthorized code. Users are encouraged to install updates to protect themselves.
WiKI-Eve attack: stealing passwords from WiFi routersThe new technique that compromises the security of Wi-Fi networks, putting user passwords at riskA new attack called WiKI-Eve exploits a vulnerability in WiFi to intercept passwords typed on smartphones. Researchers found that this attack can guess numeric passwords in less than 100 attempts with 85% accuracy. Improved security measures are needed to protect against this type of attack.
What's new in the National Institute of Standards and Technology's brand new CMF frameworkNew updates and performance metrics in NIST's Cybersecurity Framework 2.0The National Institute of Standards and Technology (NIST) has released a draft of the Cybersecurity Framework 2.0. This new version included new features and focuses on organizational security. Comments will be accepted until 2024.
Apple addresses zero-day vulnerabilities exploited in recent spyware attackClosing the door on surveillance: Apple's quick response to zero-days exploited in spyware attackApple has fixed two serious vulnerabilities in its iOS operating systems. These flaws were exploited in a recent spyware attack using the Pegasus software. The vulnerabilities allowed attackers to execute code through malicious images and attachments. Apple has released software updates to patch these...
Unveiling the top GitHub hacking tools for Android securityUnveiling a powerful arsenal of hacking tools designed to enhance Android securityThis article highlights the importance of strong security measures on Android devices and introduces the top GitHub hacking tools for Android. These tools help ethical hackers and security professionals assess and strengthen the security of Android apps by uncovering vulnerabilities and monitoring real-time...