Filters
Categories
Blog Article
Data breach: the operations of “Charming Kitten” revealed
Blog Article
Report
SmartLoader : Large-scale infiltration via GitHub uncovered by Gatewatcher Purple Team
SmartLoader: A malicious campaign hijacking GitHub and generative AI to bypass cybersecurity mechanisms. Analyzed by Gatewatcher’s Purple Team, it relies on public repositories, legitimate scripts, and evasion techniques to ensure persistence and complicate detection.
Report
Infostealer Analysis Report
Stealers are a rising cyber threat, extracting sensitive data via phishing. Gatewatcher’s Purple Team analyzes the French infostealer landscape, dissecting Nova Stealer and tracking cybercriminal operations.
Blog Article
The role of TTPs in the cyber environment
Explore the role of TTPs (Tactics, Techniques, Procedures) in cybersecurity, their classification in MITRE ATT&CK, and how they enhance threat detection and response.
Report
Cyber Threat Landscape 2024 – Purple Team’s analysis
In 2024, cyber threats evolved towards greater stealth and industrialisation. This report deciphers key trends and challenges to help anticipate future risks.
Blog Article
Healthcare’s Anatomy: Exposing DICOM and critical vulnerabilities in healthcare systems
Analyze the vulnerabilities of unencrypted DICOM traffic and the attack risks on PACS servers. This article provides a technical overview of potential threats and malicious actions targeting sensitive medical data.
Alert
CVE-2024-0012/CVE-2024-9474: PanOS Authentication Bypass / Command injection
On November 18, 2024, Palo Alto Networks published two security advisories regarding the operating system used in some of its products.
Blog Article
Healthcare’s anatomy: the DICOM protocol
DICOM is an international protocol for exchanging medical imaging, used to transfer data between various devices and PACS servers. This article explores its functionality, service classes, and DICOM message types for a better understanding.
Alert
CVE-2024-29847 Ivanti Endpoint Manager (EPM) Pre-Auth RCE
On September 10, 2024, Ivanti announced a critical vulnerability (CVSSv3.0: 10), identified as CVE-2024-29847, which allows for remote arbitrary code execution without prior authentication.
Blog Article
Healthcare’s anatomy: HL7, a sensitive yet overlooked protocol
[1/3] In the healthcare sector, technology plays a crucial role. Learn how information systems, with protocols like HL7 and DICOM, facilitate the exchange of medical data while presenting security challenges. This article series explores these protocols and their vulnerabilities.
Blog Article
The non-sporting challenge of the Paris Olympic and Paralympic Games: The cybersecurity race
The Paris 2024 Olympic Games will be the target of unprecedented cyberattacks, threatening to sabotage competitions and disrupt millions of spectators. Who are these attackers, and how can they be thwarted in time?
Alert
CVE-2024-6387: regreSSHion (Openssh Unauthenticated Remote Code Execution)
OpenSSH, a widely used and trusted remote administration tool, has been identified with a critical vulnerability.