Search cyberveille.decio.ch

Found 4945 bookmarks

Newest

Zero Day Initiative — CVE-2024-30043: Abusing URL Parsing Confusion to Exploit XXE on SharePoint Server and Cloud

Yes, the title is right. This blog covers an XML eXternal Entity (XXE) injection vulnerability that I found in SharePoint. The bug was recently patched by Microsoft. In general, XXE vulnerabilities are not very exciting in terms of discovery and related technical aspects. They may sometimes be fun t

#zerodayinitiative #EN #2024 #SharePoint #XML #eXternal #vulnerability #CVE-2024-30043

·zerodayinitiative.com·yesterday at 7:47 AM

Zero Day Initiative — CVE-2024-30043: Abusing URL Parsing Confusion to Exploit XXE on SharePoint Server and Cloud

Spyware maker pcTattletale says it's 'out of business' and shuts down after data breach | TechCrunch

The spyware maker's founder, Bryan Fleming, said pcTattletale is "out of business and completely done," following a data breach.

#techcrunch #EN #2024 #spyware #pcTattletale #out-of-business #data-breach

·techcrunch.com·yesterday at 7:39 AM

Spyware maker pcTattletale says it's 'out of business' and shuts down after data breach | TechCrunch

Exiled, then spied on: Civil society in Latvia, Lithuania, and Poland targeted with Pegasus spyware

At least seven more Russian, Belarusian, Latvian, and Israeli journalists and activists have been targeted with Pegasus within the EU.

#accessnow #EN #2024 #Pegasus #EU #spyware #Belarusia #Russia #Latvia #Israel

·accessnow.org·yesterday at 7:38 AM

Exiled, then spied on: Civil society in Latvia, Lithuania, and Poland targeted with Pegasus spyware

‘Operation Endgame’ Hits Malware Delivery Platforms

Law enforcement agencies in the United States and Europe today announced Operation Endgame, a coordinated action against some of the most popular cybercrime platforms for delivering ransomware and data-stealing malware. Dubbed "the largest ever operation against botnets," the international effort…

#krebsonsecurity #EN #2024 #Operation-Endgame

·krebsonsecurity.com·yesterday at 7:17 AM

‘Operation Endgame’ Hits Malware Delivery Platforms

Active exploitation of unauthenticated stored XSS vulnerabilities in WordPress Plugins

We have observed active exploitation attempts targeting three high-severity CVEs: CVE-2024-2194, CVE-2023-6961, and CVE-2023-40000.

#fastly #EN #2024 #Wordpress #XSS #exploitation #CVE-2024-2194 #CVE-2023-6961 #CVE-2023-40000

·fastly.com·yesterday at 7:16 AM

Active exploitation of unauthenticated stored XSS vulnerabilities in WordPress Plugins

OpenAI finds Russian, Chinese propaganda campaigns used its tech

Covert propagandists have already begun using generative artificial intelligence to boost their influence operations.

#washingtonpost #EN #2024 #OpenAI #chatgpt #China #Russia #propaganda

·washingtonpost.com·yesterday at 6:02 AM

OpenAI finds Russian, Chinese propaganda campaigns used its tech

CVE-2024-34331: Parallels Repack Privilege Escalation

Another day, another accidental exploit 🥳. This time abusing Parallels Desktop’s trust in macOS installers, gaining local privilege escalation!

#khronokernel #EN #2024 #Parallels #Repack #Privilege #Escalation #CVE-2024-34331

·khronokernel.com·May 30, 2024

CVE-2024-34331: Parallels Repack Privilege Escalation

The Pumpkin Eclipse

Executive Summary Lumen Technologies’ Black Lotus Labs identified a destructive event, as over 600,000 small office/home office (SOHO) routers were taken offline belonging to a single internet service provider (ISP). The incident took place over a 72-hour period between October 25-27, rendered the infected devices permanently inoperable, and required a hardware-based replacement. Public scan data Lumen Technologies’ Black Lotus Labs identified a destructive event, as over 600,000 small office/home office (SOHO) routers were taken offline belonging to a single internet service provider (ISP).

#lumen #EN #2024 #IoT #routers #destructive #SOHO #ISP #72-hour #Chalubo

·blog.lumen.com·May 30, 2024

The Pumpkin Eclipse

Researchers Uncover Active Exploitation of WordPress Plugin Vulnerabilities

Researchers have discovered several vulnerabilities in popular WordPress plugins that allow attackers to create rogue admin accounts. #attacks #breach #computer #cyber #data #hack #hacker #hacking #how #information #malware #network #news #ransomware #security #software #the #to #today #updates #vulnerability

#thehackernews #EN #2024 #WordPress #Plugin #Vulnerabilities

·thehackernews.com·May 30, 2024

Researchers Uncover Active Exploitation of WordPress Plugin Vulnerabilities

LilacSquid: The stealthy trilogy of PurpleInk, InkBox and InkLoader

Multiple TTPs utilized in this campaign bear some overlap with North Korean APT groups.

#talosintelligence #EN #2024 #TTP #LilacSquid #research

·blog.talosintelligence.com·May 30, 2024

LilacSquid: The stealthy trilogy of PurpleInk, InkBox and InkLoader

Data breach exposes details of 25,000 current and former BBC employees

Data breach at pension scheme being taken ‘extremely seriously’, but broadcaster says there is no evidence of a ransomware attack

#theguardian #EN #2024 #BBC #data-breach #employees

·theguardian.com·May 30, 2024

Data breach exposes details of 25,000 current and former BBC employees

Check Point - Wrong Check Point (CVE-2024-24919)

Gather round, gather round - it’s time for another blogpost tearing open an SSLVPN appliance and laying bare a recent in-the-wild exploited bug. This time, it is Check Point who is the focus of our penetrative gaze. Check Point, for those unaware, is the vendor responsible for the 'CloudGuard Network Security' appliance, yet another device claiming to be secure and hardened. Their slogan - "you deserve the best security" - implies they are a company you can trust with the security of your network. A bold claim.

#watchtowr #EN #2024 #CVE-2024-24919 #checkpoint #analysis #patch-diff

·labs.watchtowr.com·May 30, 2024

Check Point - Wrong Check Point (CVE-2024-24919)

An Anonymous Source Shared Thousands of Leaked Google Search API Documents with Me; Everyone in SEO Should See Them

On Sunday, May 5th, I received an email from a person claiming to have access to a massive leak of API documentation from inside Google’s Search division.

#sparktoro #EN #2024 #Google #Leak #Search #API

·sparktoro.com·May 30, 2024

An Anonymous Source Shared Thousands of Leaked Google Search API Documents with Me; Everyone in SEO Should See Them

macOS version of elusive 'LightSpy' spyware tool discovered

A macOS version of the LightSpy surveillance framework has been discovered, confirming the extensive reach of a tool only previously known for targeting Android and iOS devices.

#bleepingcomputer #EN #2024 #Apple #LightSpy #Malware #Spyware

·bleepingcomputer.com·May 30, 2024

macOS version of elusive 'LightSpy' spyware tool discovered

Operators of 911 S5 residential proxy service subjected to US sanctions

Chinese nationals Yunhe Wang, Jingping Liu, and Yanni Zheng have been sanctioned by the U.S. Treasury Department for operating the residential proxy service 911 S5, which was a botnet comprised of over 19 million residential IP addresses that had been used to support various cybercrime groups' COVID-19 relief scams and bomb threats, Ars Technica reports.

#scmagazine #EN #2024 #911 #S5 #residential-proxy #botnet #US #China #Operators #arrested

·scmagazine.com·May 30, 2024

Operators of 911 S5 residential proxy service subjected to US sanctions

Office of Public Affairs | 911 S5 Botnet Dismantled and Its Administrator Arrested in Coordinated International Operation | United States Department of Justice

A court-authorized international law enforcement operation led by the U.S. Justice Department disrupted a botnet used to commit cyber attacks, large-scale fraud, child exploitation, harassment, bomb threats, and export violations.

#justice.gov #EN #2024 #911 #S5 #Botnet #Dismantled #press-release #US

·justice.gov·May 30, 2024

Office of Public Affairs | 911 S5 Botnet Dismantled and Its Administrator Arrested in Coordinated International Operation | United States Department of Justice

PoC Exploit Released For macOS Privilege Escalation Vulnerability

A new vulnerability has been discovered in macOS Sonoma that is associated with privilege escalation. This vulnerability has been assigned

#gbhackers #EN #2024 #CVE-2024-27842 #PoC #Exploit #Released #macOS

·gbhackers.com·May 30, 2024

PoC Exploit Released For macOS Privilege Escalation Vulnerability

Troy Hunt: Operation Endgame

Today we loaded 16.5M email addresses and 13.5M unique passwords provided by law enforcement agencies into Have I Been Pwned (HIBP) following botnet takedowns in a campaign they've coined Operation Endgame. That link provides an excellent overview so start there then come back to this blog post which

#troyhunt #EN #2024 #HIBP #Operation-Endgame #passwords #addresses

·troyhunt.com·May 30, 2024

Troy Hunt: Operation Endgame

Largest ever operation against botnets hits dropper malware ecosystem | Europol

Between 27 and 29 May 2024 Operation Endgame, coordinated from Europol’s headquarters, targeted droppers including, IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee and Trickbot. The actions focused on disrupting criminal services through arresting High Value Targets, taking down the criminal infrastructures and freezing illegal proceeds. This approach had a global impact on the dropper ecosystem. The malware, whose infrastructure was taken down...

#Europol #EN #2024 #Operation-Endgame #IcedID #SystemBC #Pikabot #Smokeloader #Bumblebee #Trickbot #dropper #botnets

·europol.europa.eu·May 30, 2024

Largest ever operation against botnets hits dropper malware ecosystem | Europol

Botnets disrupted after international action

Continuing a string of successful botnet takedowns, on Thursday, May 30th 2024, a coalition of international law enforcement agencies announced "Operation Endgame". This effort targeted multiple botnets such as IcedID, Smokeloader, SystemBC, Pikabot and Bumblebee, as well as some of the operators of these botnets. These botnets played a key part in enabling ransomware, thereby causing damages to society estimated to be over a hundred million euros. This coordinated effort is the largest operation ever against botnets involved with ransomware.

#spamhaus #EN #2024 #Operation-Endgame #Smokeloader #IcedID #SystemBC #Bumblebee #notnet #takedown

·spamhaus.org·May 30, 2024

Botnets disrupted after international action

Cybercriminals pose as "helpful" Stack Overflow users to push malware

Cybercriminals are abusing Stack Overflow in an interesting approach to spreading malware—answering users' questions by promoting a malicious PyPi package that installs Windows information-stealing malware.

#bleepingcomputer #EN #2024 #Information-stealing-malware #Packages #PyPI #Python #Stack-OverFlow #pytoileur

·bleepingcomputer.com·May 30, 2024

Cybercriminals pose as "helpful" Stack Overflow users to push malware

How Researchers Cracked an 11-Year-Old Password to a $3 Million Crypto Wallet | WIRED

Thanks to a flaw in a decade-old version of the RoboForm password manager and a bit of luck, researchers were able to unearth the password to a crypto wallet containing a fortune.

#wired #EN #2024 #RoboForm #cryptocurrency #bitcoin #cracked #password #wallet

·wired.com·May 29, 2024

How Researchers Cracked an 11-Year-Old Password to a $3 Million Crypto Wallet | WIRED

TeamCity Major Bug-Fix Release for All Versions: Update Your Server Now | The TeamCity Blog

Our customers’ safety is our utmost priority. In order to protect our customers from any potential security threats, we’ve rolled out major bug-fix releases for several older versions of TeamCity (versions 2022.04 through 2023.11).

#JetBrains #EN #2024 #vulnerability #TeamCity #Bug-Fix

·blog.jetbrains.com·May 29, 2024

TeamCity Major Bug-Fix Release for All Versions: Update Your Server Now | The TeamCity Blog

Cache Me If You Can: Local Privilege Escalation in Zscaler Client Connector (CVE-2023-41973)

A couple months ago, my colleague Winston Ho and I chained a series of unfortunate bugs into a zero-interaction local privilege escalation in Zscaler Client Connector. This was an interesting journey into Windows RPC caller validation and bypassing several checks, including Authenticode verification. Check out the original Medium blogpost for Winston’s own ZSATrayManager Arbitrary File Deletion (CVE-2023-41969)!

#spaceraccoon #EN #204 #report #vulnerability #Zscaler #Client #Connector #CVE-2023-41973

·spaceraccoon.dev·May 29, 2024

Cache Me If You Can: Local Privilege Escalation in Zscaler Client Connector (CVE-2023-41973)

Cooler Master allegedly breached, members exposed

Cooler Master, a popular computer hardware maker, has allegedly suffered from a data breach, exposing the company’s corporate data as well as the personal details of members from its fan-based members program. The attackers claim to have stolen 103GB of data from the company’s servers on May 18th. According to the attacks’ perpetrators, the allegedly stolen information carries a trove of sensitive data, including Cooler Master’s Fanzone members’ payment card details.

#cybernews #EN #2024 #Cooler-Master #data-breach #members

·cybernews.com·May 29, 2024

Cooler Master allegedly breached, members exposed

From Origins to Operations: Understanding Black Basta Ransomware

Explore the rise of Black Basta as a top ransomware threat, their sophisticated tactics, notable attacks, and future implications for cybersecurity.

#flashpoint #EN #2024 #BlackBasta #ransomware #threat #research

·flashpoint.io·May 29, 2024

From Origins to Operations: Understanding Black Basta Ransomware

BreachForums Returns Just Weeks After FBI Seizure - Honeypot or Blunder?

The online criminal bazaar BreachForums has been resurrected merely two weeks after a U.S.-led coordinated law enforcement action dismantled and seized control of its infrastructure. Cybersecurity researchers and dark web trackers Brett Callow, Dark Web Informer, and FalconFeeds revealed the site's online return at breachforums[.]st – one of the dismantled sites – by a user named ShinyHunters, who has since offered for sale a 1.3 TB database containing details of allegedly 560 million Ticketmaster customers for $500,000.

#thehackernews #EN #2024 #BreachForums #Ticketmaster #customers #return #darkweb

·thehackernews.com·May 29, 2024

BreachForums Returns Just Weeks After FBI Seizure - Honeypot or Blunder?

CVE-2024-23108: Fortinet FortiSIEM 2nd Order Command Injection Deep-Dive

CVE-2024-23108 Fortinet FortiSIEM Command Injection Deep-Dive and Indicators of Compromise. This blog details a command injection vulnerability which allows an unauthenticated attacker to access the FortiSIEM server as root to execute arbitrary commands.

#horizon3 #EN #2024 #CVE-2024-23108 #FortiSIEM #IoCs #analysis

·horizon3.ai·May 29, 2024

CVE-2024-23108: Fortinet FortiSIEM 2nd Order Command Injection Deep-Dive

Pegasus in Rwanda: Sister of presidential candidate, high-ranking Rwandan politicians added to spyware list

A leaked list of phone numbers reveals how Rwandan President Paul Kagame’s regime used Pegasus spyware sought to track political opponents and members of his own party.

#forbiddenstories #EN #2024 #Rwanda #Pegasus #spyware

·forbiddenstories.org·May 29, 2024

Pegasus in Rwanda: Sister of presidential candidate, high-ranking Rwandan politicians added to spyware list

PCTattletale leaks victims' screen recordings to entire Internet

PCTattletale is a simple stalkerware app. Rather than the sophisticated monitoring of many similarly insecure competitors it simply asks for permission to record the targeted device (Android and Windows are supported) on infection. Afterward the observer can log in to an online portal and activate recording, at which point a screen capture is taken on the device and played on the target's browser.

#ericdaigle #EN #2024 #PCTattletale #analysis #stalkerware #screen #recordings #leak

·ericdaigle.ca·May 28, 2024

PCTattletale leaks victims' screen recordings to entire Internet