Couverture de RadioCSIRT English Version - Your Weekly Cybersecurity News for Sunday, January 18, 2026 (Ep. 68)

RadioCSIRT English Version - Your Weekly Cybersecurity News for Sunday, January 18, 2026 (Ep. 68)

RadioCSIRT English Version - Your Weekly Cybersecurity News for Sunday, January 18, 2026 (Ep. 68)

Écouter gratuitement

Voir les détails

3 mois pour 0,99 €/mois

Après 3 mois, 9.95 €/mois. Offre soumise à conditions.

À propos de ce contenu audio

 We open this weekly recap with a massive Patch Tuesday from Microsoft, which addressed 114 vulnerabilities, including three zero-days; notably, CVE-2026-20805 is actively exploited in the wild. Infrastructure concerns continued as Cisco patched a critical AsyncOS zero-day exploited by Chinese APT actors, and AWS remediated a "CodeBreach" supply chain flaw in its console CI pipelines.In data privacy and regulation, France’s CNIL imposed a combined $48 million fine on Free and Free Mobile for security failures affecting 24 million subscribers. Meanwhile, Spanish energy giant Endesa disclosed a breach exposing the data of 22 million customers, and a massive scraping incident affected 17.5 million Instagram users.On the threat landscape, Check Point Research analyzed "Sicarii," a new ransomware operation likely acting as a false flag with confused ideological messaging. Physical "Quishing" (QR code phishing) campaigns are surging in France, and the infamous BreachForums hacking community suffered a taste of its own medicine with a leak of its user database. Finally, strategic cooperation strengthens as the UK unveils its Government Cyber Action Plan and Germany partners with Israel to build a "Cyber Dome" defense system.OSINT Sources:📊 Reports, Studies & StrategiesKaspersky Security Bulletin 2025 : https://www.kasbersky.com/about/press-releases/2025_kaspersky-financial-sector-faced-ai-blockchain-and-organized-crime-threats-in-2025SecurityScorecard (via KnowBe4) : https://www.knowbe4.com/hubfs/Financial-Sector-Threats-The-Shifting-Landscape.pdfENISA Threat Landscape 2025 : https://www.enisa.europa.eu/publications/enisa-threat-landscape-2025FS-ISAC : https://www.fsisac.com/knowledge/annual-navigating-cyber-2025-reportRESCO Courtage : https://www.resco-courtage.com/dora-reglementation-guide-complet-2025NCSC UK : https://www.ncsc.gov.uk/blog-post/government-cyber-action-plan-strengthening-resilience-across-uk🛡️ Vulnerabilities, Patch Tuesday & Security AdvisoriesMicrosoft Security Update Guide : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0628CISA (CVE-2025-8110) : https://www.cisa.gov/news-events/alerts/2026/01/12/cisa-adds-one-known-exploited-vulnerability-catalogCISA (CVE-2026-20805) : https://www.cisa.gov/news-events/alerts/2026/01/13/cisa-adds-one-known-exploited-vulnerability-catalogCERT-FR (MISP) : https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0030/CERT-FR (VMware) : https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0029/CERT-FR (MariaDB) : https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0028/CERT-FR (NetApp) : https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0027/CERT-FR (Google Pixel) : https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0026/Krebs on Security : https://krebsonsecurity.com/2026/01/patch-tuesday-january-2026-edition/Cisco Talos Intelligence : https://blog.talosintelligence.com/microsoft-patch-tuesday-january-2026/CERT Santé : https://cyberveille.esante.gouv.fr/alertes/palo-alto-cve-2026-0227-2026-01-15BleepingComputer (Cisco AsyncOS) : https://www.bleepingcomputer.com/news/security/cisco-finally-fixes-asyncos-zero-day-exploited-since-november/CyberPress (AWS Console) : https://cyberpress.org/aws-console-supply-chain-attack-github-hijackingcyber/⚠️ Data Leaks, Incidents & AttacksBleepingComputer (BreachForums) : https://www.bleepingcomputer.com/news/security/breachforums-hacking-forum-database-leaked-exposing-324-000-accounts/CyberPress (Instagram) : https://cyberpress.org/instagram-data-leak/Cybersecurity Dive (SitusAMC) : https://www.cybersecuritydive.com/news/hackers-steal-sensitive-data-major-banking-industry-vendor-situsamc/BleepingComputer (Endesa) : https://www.bleepingcomputer.com/news/security/spanish-energy-giant-endesa-discloses-data-breach-affecting-customers/BleepingComputer (Pax8) : https://www.bleepingcomputer.com/news/security/cloud-marketplace-pax8-accidentally-exposes-data-on-1-800-msp-partners/The Record (Anchorage Police) : https://therecord.media/anchorage-police-takes-servers-offline-after-third-party-attack🕵️ Threat Intelligence (APT, Ransomware, Phishing)Planet.fr (Quishing Scam) : https://www.planet.fr/societe-arnaque-a-la-fausse-carte-bancaire-par-courrier-le-mecanisme-du-quishing-qui-vise-vos-coordonnees.2992374.29336.htmlCheck Point Research (Sicarii) : https://research.checkpoint.com/2026/sicarii-ransomware-truth-vs-myth/Cisco Talos Intelligence (UAT-8837) : https://blog.talosintelligence.com/uat-8837/Malwarebytes (LinkedIn Phishing) : https://www.malwarebytes.com/blog/news/2026/01/phishing-scammers-are-posting-fake-account-restricted-comments-on-linkedin⚖️ Regulations, Sanctions & International CooperationThe Record (CNIL/Free Fine) : https://therecord.media/france-data-regulator-fineMalwarebytes (Datamasters Fine) : https://www.malwarebytes.com/blog/news/2026/01/data-broker-fined-after-selling-alzheimers-patient-info-and-millions-of-sensitive-profilesThe Record (Germany-Israel Deal) : https://therecord.media/...
Les membres Amazon Prime bénéficient automatiquement de 2 livres audio offerts chez Audible.

Vous êtes membre Amazon Prime ?

Bénéficiez automatiquement de 2 livres audio offerts.
Bonne écoute !
    Aucun commentaire pour le moment