Kevin Poireault

🌍 Bloquer une app en Éthiopie la bloque aussi en Palestine Grâce au Google Play Store 'Rest of the world'

Appli bloquée en Éthiopie = indisponible en Palestine

Saviez-vous qu'une application Android bloquée en Afghanistan le sera aussi en Mauritanie ? Et qu'une application qui disparaît du Google Play Store à Madagascar sera indisponible au Kosovo ?

L'explication ici: open.substack.com/pub/coupecir...

Cybersecurity as a Service Delivered | Sophos We Deliver Superior Cybersecurity Outcomes for Real-World Organizations Worldwide with a Broad Portfolio of Advanced Security Products and Services.

🔗 Sophos' security advisory: www.sophos.com/en-us/securi...
💾 Download JSON: cveawg.mitre.org/api/cve/CVE-...

🔧 Fixes? Every critical and high-severity vuln was remediated through hotfixes. No action is required for Sophos Firewall customers to receive these fixes with the "Allow automatic installation of hotfixes" feature enabled on remediated versions.

🔎 VulnWatch Friday: CVE-2025-7624 🔓

In a July 21 security advisory, Sophos shared the patches for 5️⃣ vulnerabilities affecting its products.

One of the two critical vulnerabilities, tracked as CVE-2025-7624 is an SQL injection in the legacy SMTP proxy of some Sophos Firewall versions.

🔐 The CrushFTP, LLC security advisory: www.crushftp.com/crush11wiki/...
🐞 The Rapid7 blog post: www.rapid7.com/blog/post/cr...
💾 Download JSON: cveawg.mitre.org/api/cve/CVE-...

The vulnerability involves a mishandling of AS2 validation in all versions of CrushFTP servers prior to 10.8.5 and prior to 11.3.4_23.

When exploited, it allows remote attackers to obtain admin access via HTTPS.

🔧 Fix? CrushFTP 11.3.4_26 and CrushFTP 10.8.5_12.

🧐 VulnWatch Wednesday: CVE-2025-54309 🔓

At least 10,000 CrushFTP instances are vulnerable to a critical flaw, which is currently being exploited by attackers, affecting the file transfer solution, according to @shadowserver.bsky.social and @rapid7.com.

www.infosecurity-magazine.com/news/crushft...

💬 Cognizant's response (part 2): "Clorox has tried to blame us for these failures, but the reality is that Clorox hired Cognizant for a narrow scope of help desk services which Cognizant reasonably performed.” [4/4]

In a statement sent to me, Cognizant denied being responsible for the cyber-attack.

💬 Cognizant's response (part 1): "It is shocking that a corporation the size of Clorox had such an inept internal cybersecurity system to mitigate this attack." [3/4]

In a lawsuit filed in California on July 22, Clorox accused Cognizant of being responsible for an attack that cost it months of operational disruption and at least $49m in expenses.

Cognizant allegedly handed over a password to the cybercriminal w/o asking any authentication questions. [2/4]

𝐍𝐄𝐖 ⚖️ The Clorox Company 𝐒𝐮𝐞𝐬 Cognizant 𝐟𝐨𝐫 𝐂𝐚𝐮𝐬𝐢𝐧𝐠 2023 𝐂𝐲𝐛𝐞𝐫-𝐀𝐭𝐭𝐚𝐜𝐤

Clorox, a leading US producer of cleaning products, is suing its former IT service desk provider, London-based Cognizant, over the August 2023 cyber-attack. [1/4]

www.infosecurity-magazine.com/news/clorox-...

The leak is believed to have been made possible by the compromise, via an infostealer, of a user account linked to a training organization based in Isère.

The attackers then gained access to Kairos, an app that enables training organizations to track the training progress of jobseekers. [2/2]

𝐅𝐫𝐚𝐧𝐜𝐞 🇫🇷 𝐍𝐞𝐰 𝐃𝐚𝐭𝐚 𝐁𝐫𝐞𝐚𝐜𝐡 𝐂𝐨𝐮𝐥𝐝 𝐀𝐟𝐟𝐞𝐜𝐭 340,000 𝐉𝐨𝐛𝐬𝐞𝐞𝐤𝐞𝐫𝐬

France Travail has suffered a data breach that could affect hundreds of thousands of jobseekers.

The breach was detected by the @anssi-fr.bsky.social's @cert-fr.bsky.social on July 12. [1/2]

www.infosecurity-magazine.com/news/france-...

UPDATE 4/4 | 4️⃣ I reached out to the Paris Police Prefecture to understand the profile of the suspected individual and to enquire about the Jabber server used to intercept communications. They declined to provide further details on the case at this time.

UPDATE 3/4 | 3️⃣ The involved Ukrainian and French law enforcement agencies have reportedly seized the XSS domains, although several cyber threat intelligence experts noted the site was still up at the time of writing.

UPDATE 2/4 | 2️⃣ The forum’s suspected administrator was not only a technical operator but is believed to have played a central role in enabling criminal activity.

💬"He arbitrated disputes between criminals and guaranteed the security of transactions," Europol noted.

UPDATE 1/4 | 1️⃣A Europol mobile office was deployed this week in Ukraine to support French and Ukrainian teams with on-site coordination and evidence collection.

2️⃣ The name of the image in the Europol statement (see below) suggests that the operation's codename was Operation Ratatouille.

𝐍𝐄𝐖 👮 𝐒𝐮𝐬𝐩𝐞𝐜𝐭𝐞𝐝 𝐗𝐒𝐒 𝐅𝐨𝐫𝐮𝐦 𝐀𝐝𝐦𝐢𝐧 𝐀𝐫𝐫𝐞𝐬𝐭𝐞𝐝 𝐢𝐧 𝐔𝐤𝐫𝐚𝐢𝐧𝐞

A man suspected of administering the Russian-language cybercrime forum XSS was arrested in Ukraine on July 22.

📴 The Ukrainian and French law enforcement agencies have also seized the XSS domains.

www.infosecurity-magazine.com/news/suspect...

𝐍𝐄𝐖 🐞 𝐒𝐡𝐚𝐫𝐞𝐏𝐨𝐢𝐧𝐭 ‘𝐓𝐨𝐨𝐥𝐒𝐡𝐞𝐥𝐥’ 𝐕𝐮𝐥𝐧𝐬 𝐄𝐱𝐩𝐥𝐨𝐢𝐭𝐞𝐝 𝐛𝐲 𝐂𝐡𝐢𝐧𝐞𝐬𝐞 𝐇𝐚𝐜𝐤𝐞𝐫𝐬

Microsoft has observed three China-based threat actors, Linen Typhoon, Violet Typhoon and Storm-2603, exploiting the SharePoint vulnerabilities dubbed as 'ToolShell.'

www.infosecurity-magazine.com/news/sharepo...

"Apple’s ongoing legal battle with the UK government over access to encrypted data took a twist [..] with reports that ministers may be readying to back down to avoid friction with the Trump administration in the US." www.mlex.com/mlex/data-pr...

Chinese Censorship: GreatFire Fights Back ✊

Episode 02 of the FreeWeChat saga (Tencent/Group-IB vs @greatfire.org) in the latest edition of @coupecircuit.bsky.social⤵️

Also covering the latest internet shutdown news: 🇵🇰🇧🇩🇷🇺🇹🇬

👀 VulnWatch Monday: CVE-2025-53770 🔓

CVE-2025-53770, aka 'ToolShell' is the talk of the cybersecurity-focused internet today!

Read the full Infosecurity Magazine analysis: www.infosecurity-magazine.com/news/microso...

💾 Download JSON here: cveawg.mitre.org/api/cve/CVE-...

Z-ONE consulting made a large list of cybersecurity companies in China and gives a broad overview of the Chinese market: drive.google.com/drive/u/1/fo...

www.z1-sec.com/en/

Why is a respected Singapore-based cybersecurity company involved in a SLAPP lawsuit against a Chinese anti-censorship NGO?

In the new edition of @coupecircuit.bsky.social, I explore an intriguing case in which Tencent could be leveraging non-Chinese private companies to enforce censorship ⬇️

🔎 Fortinet's security advisory: fortiguard.fortinet.com/psirt/FG-IR-...
💾 Download CVRF: fortiguard.fortinet.com/psirt/cvrf/F...

🔎 VulnWatch Friday: CVE-2025-25257 🔓

On July 8, 2025, Fortinet released fixes for a critical vulnerability in FortiWeb that could allow an unauthenticated threat actor to execute SQL commands via crafted HTTP or HTTPS requests.

No in-the-wild exploitation has been observed at the time of writing.

𝐍𝐄𝐖 - 𝐓𝐢𝐤𝐓𝐨𝐤'𝐬 𝐇𝐚𝐧𝐝𝐥𝐢𝐧𝐠 𝐨𝐟 𝐄𝐔 𝐔𝐬𝐞𝐫 𝐃𝐚𝐭𝐚 𝐢𝐧 𝐂𝐡𝐢𝐧𝐚 𝐂𝐨𝐦𝐞𝐬 𝐔𝐧𝐝𝐞𝐫 𝐒𝐜𝐫𝐮𝐭𝐢𝐧𝐲... 𝐀𝐠𝐚𝐢𝐧

🇪🇺 @dpcireland.bsky.social is launching of a new inquiry into TikTok's storage of European users' data on servers in China, just 2 months after it fined the company €530m.

www.infosecurity-magazine.com/news/tiktok-...

🥷 𝐔𝐧𝐦𝐚𝐬𝐤𝐢𝐧𝐠 𝐭𝐡𝐞 𝐒𝐚𝐟𝐞𝐏𝐚𝐲 𝐑𝐚𝐧𝐬𝐨𝐦𝐰𝐚𝐫𝐞 𝐆𝐫𝐨𝐮𝐩 🥷

I dived deeper into the ransomware group's tactics and attack patterns, victimology and its place within the cybercriminal ecosystem, including its ties with defunct and active groups.

www.infosecurity-magazine.com/news-feature...

🔎 Microsoft's Patch Tuesday list of vulnerabilities: msrc.microsoft.com/update-guide...
💾 Download JSON for CVE-2025-47981: cveawg.mitre.org/api/cve/CVE-...