The Cobalt group is exploiting the CVE-2017-11882 Microsoft Office flaw in targeted attacks

Haythem Elmir

A few days after details about the CVE-2017-11882 Microsoft Office flaw were publicly disclosed, the firm Reversing Lab observed Cobalt group using it. A few days after details about the CVE-2017-11882 Microsoft Office vulnerability were publicly disclosed, security experts from firm Reversing Lab observed criminal gang using it in the wild. The gang is […]

Facebook Flaw Allowed Removal of Any Photo

Haythem Elmir

A researcher says he received a $10,000 bounty from Facebook after finding a critical vulnerability that could have been exploited to delete any photo from the social media network. In early November, Facebook announced a new feature for posting polls that include images and GIF animations. Iran-based security researcher and […]

SAML POST-INTRUSION ATTACK MIRRORS ‘GOLDEN TICKET’

Haythem Elmir

Researchers at CyberArk Labs have created a post-intrusion attack technique known as a Golden SAML that could allow an attacker to fake enterprise user identities and forge authentication to gain access to valuable cloud resources in a federation environment. “Using this post-exploit technique, attackers can become any user they want […]

OVH choisit Ooredoo Tunisie pour un hébergement sécurisé et réglementaire des noms de domaines  ».tn  » et  » تونس. » sur le territoire tunisien

Haythem Elmir

Ooredoo Tunisie, opérateur-hébergeur leader, et OVH, leader européen du cloud, ont scellé un partenariat visant à rapatrier les serveurs DNS de l’ensemble des noms de domaine gérés par OVHportant l’extension «.tn » ou « تونس.» sur le territoire tunisien. Ces données seront recueillies dans le datacenter de l’opérateur situé à Mghira et […]