Non classé

Cybersecurity researchers have discovered a malicious package on the npm package registry that masquerades as a library for detecting vulnerabilities in Ethereum smart contracts but, in reality, drops an open-source remote access trojan called Quasar RAT onto developer systems.
The heavily obfuscated package, named ethereumvulncontracthandler, was published to npm on December 18, 2024, by a user

Cybersecurity researchers have discovered a malicious package on the npm package registry that masquerades as a library for detecting vulnerabilities in Ethereum smart contracts but, in reality, drops an open-source remote access trojan called Quasar RAT onto developer systems.
The heavily obfuscated package, named ethereumvulncontracthandler, was published to npm on December 18, 2024, by a user

German prosecutors have charged three Russian-German nationals for acting as secret service agents for Russia.
The individuals, named Dieter S., Alexander J., and Alex D., have been accused of working for a foreign secret service. Dieter S. is also alleged to have participated in sabotage operations as well as taking pictures of military installations with an aim to endanger national security.

German prosecutors have charged three Russian-German nationals for acting as secret service agents for Russia.
The individuals, named Dieter S., Alexander J., and Alex D., have been accused of working for a foreign secret service. Dieter S. is also alleged to have participated in sabotage operations as well as taking pictures of military installations with an aim to endanger national security.

New « DoubleClickjacking » Exploit Bypasses Clickjacking Protections on Major Websites

Threat hunters have disclosed a new « widespread timing-based vulnerability class » that leverages a double-click sequence to facilitate clickjacking attacks and account takeovers in almost all major websites.
The technique has been codenamed DoubleClickjacking by security researcher Paulos Yibelo.
« Instead of relying on a single click, it takes advantage of a double-click sequence, » Yibelo said.

Threat hunters have disclosed a new « widespread timing-based vulnerability class » that leverages a double-click sequence to facilitate clickjacking attacks and account takeovers in almost all major websites.
The technique has been codenamed DoubleClickjacking by security researcher Paulos Yibelo.
« Instead of relying on a single click, it takes advantage of a double-click sequence, » Yibelo said.

The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) on Tuesday leveled sanctions against two entities in Iran and Russia for their attempts to interfere with the November 2024 presidential election.
The federal agency said the entities – a subordinate organization of Iran’s Islamic Revolutionary Guard Corps and a Moscow-based affiliate of Russia’s Main Intelligence

The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) on Tuesday leveled sanctions against two entities in Iran and Russia for their attempts to interfere with the November 2024 presidential election.
The federal agency said the entities – a subordinate organization of Iran’s Islamic Revolutionary Guard Corps and a Moscow-based affiliate of Russia’s Main Intelligence

The U.S. Department of Justice (DoJ) has issued a final rule carrying out Executive Order (EO) 14117, which prevents mass transfer of citizens’ personal data to countries of concern such as China (including Hong Kong and Macau), Cuba, Iran, North Korea, Russia, and Venezuela.
« This final rule is a crucial step forward in addressing the extraordinary national security threat posed of our

The U.S. Department of Justice (DoJ) has issued a final rule carrying out Executive Order (EO) 14117, which prevents mass transfer of citizens’ personal data to countries of concern such as China (including Hong Kong and Macau), Cuba, Iran, North Korea, Russia, and Venezuela.
« This final rule is a crucial step forward in addressing the extraordinary national security threat posed of our

The United States Treasury Department said it suffered a « major cybersecurity incident » that allowed suspected Chinese threat actors to remotely access some computers and unclassified documents. 
« On December 8, 2024, Treasury was notified by a third-party software service provider, BeyondTrust, that a threat actor had gained access to a key used by the vendor to secure a cloud-based

The United States Treasury Department said it suffered a « major cybersecurity incident » that allowed suspected Chinese threat actors to remotely access some computers and unclassified documents. 
« On December 8, 2024, Treasury was notified by a third-party software service provider, BeyondTrust, that a threat actor had gained access to a key used by the vendor to secure a cloud-based

Cybersecurity researchers have uncovered three security weaknesses in Microsoft’s Azure Data Factory Apache Airflow integration that, if successfully exploited, could have allowed an attacker to gain the ability to conduct various covert actions, including data exfiltration and malware deployment.
« Exploiting these flaws could allow attackers to gain persistent access as shadow administrators

Cybersecurity researchers have uncovered three security weaknesses in Microsoft’s Azure Data Factory Apache Airflow integration that, if successfully exploited, could have allowed an attacker to gain the ability to conduct various covert actions, including data exfiltration and malware deployment.
« Exploiting these flaws could allow attackers to gain persistent access as shadow administrators

The United States Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) has proposed new cybersecurity requirements for healthcare organizations with an aim to safeguard patients’ data against potential cyber attacks.
The proposal, which seeks to modify the Health Insurance Portability and Accountability Act (HIPAA) of 1996, is part of a broader initiative to bolster the

The United States Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) has proposed new cybersecurity requirements for healthcare organizations with an aim to safeguard patients’ data against potential cyber attacks.
The proposal, which seeks to modify the Health Insurance Portability and Accountability Act (HIPAA) of 1996, is part of a broader initiative to bolster the

Every week, the digital world faces new challenges and changes. Hackers are always finding new ways to breach systems, while defenders work hard to keep our data safe. Whether it’s a hidden flaw in popular software or a clever new attack method, staying informed is key to protecting yourself and your organization.
In this week’s update, we’ll cover the most important developments in

Every week, the digital world faces new challenges and changes. Hackers are always finding new ways to breach systems, while defenders work hard to keep our data safe. Whether it’s a hidden flaw in popular software or a clever new attack method, staying informed is key to protecting yourself and your organization.
In this week’s update, we’ll cover the most important developments in

News has been making headlines over the weekend of the extensive attack campaign targeting browser extensions and injecting them with malicious code to steal user credentials. Currently, over 25 extensions, with an install base of over two million users, have been found to be compromised, and customers are now working to figure out their exposure (LayerX, one of the companies involved in

News has been making headlines over the weekend of the extensive attack campaign targeting browser extensions and injecting them with malicious code to steal user credentials. Currently, over 25 extensions, with an install base of over two million users, have been found to be compromised, and customers are now working to figure out their exposure (LayerX, one of the companies involved in