Search cyberveille.decio.ch

Found 5714 bookmarks

Newest

Decrypted: Akira Ransomware

Researchers for Avast have developed a decryptor for the Akira ransomware and released it for public download. The Akira ransomware appeared in March 2023 and since then, the gang claims successful attacks on various organizations in the education, finance and real estate industries, amongst others.

#avast #EN #2023 #Akira #decryptor #Windows #ransomware

·decoded.avast.io·Jul 3, 2023

Decrypted: Akira Ransomware

NCSC marks 20th anniversary of first response to state-sponsored cyber attack

In June 2003, GCHQ experts were involved in responding to a cyber attack against the UK Government for the first time.

#NCSC.GOV.UK #EN #2023 #anniversary #response #APT #cyber #attack #UK

·ncsc.gov.uk·Jul 3, 2023

NCSC marks 20th anniversary of first response to state-sponsored cyber attack

TSMC Says Supplier Hacked After Ransomware Group Claims Attack on Chip Giant

The LockBit ransomware group claims to have hacked Taiwan Semiconductor Manufacturing Company (TSMC), but the chip giant says only one of its suppliers was breached. The notorious cybercrime group announced on Thursday on its website that it targeted TSMC, suggesting — based on the $70 million ransom demand — that it has stolen vast amounts of sensitive information. The victim was initially given seven days to respond, but the deadline has been extended to August 6 at the time of writing.

#securityweek #EN #2023 #LockBit #TSMC #ransomware

·securityweek.com·Jul 3, 2023

TSMC Says Supplier Hacked After Ransomware Group Claims Attack on Chip Giant

Hacker stehlen bei der Fedpol sensible Daten zu Bundesräten und Botschaften

Dokumente der Bundespolizei Fedpol sind im Darknet gelandet - darunter auch Schutzmassnahmen für ausländische Botschaften und den Bundesrat.

#nzz.ch #DE #2023 #xplain #Fedpol #Schweiz #NZZ-Magazin #Bundesrat

·archive.ph·Jul 2, 2023

Hacker stehlen bei der Fedpol sensible Daten zu Bundesräten und Botschaften

A cause de la cyberattaque contre Xplain, des secrets d'Etat sont en ligne

Après la cyberattaque contre Xplain – un des prestataires de la Confédération – les dispositifs de sécurité détaillés de Fedpol et des données de connexions de certains offices fédéraux se retrouvent sur le Darknet. Le Parlement demande des comptes.

#blick #FR #2023 #Xplain #cyberattaque #RedNotice #Fedpol #Darknet

·blick.ch·Jul 2, 2023

A cause de la cyberattaque contre Xplain, des secrets d'Etat sont en ligne

Des données confidentielles sur des conseillers fédéraux volées lors de la cyberattaque

Des pirates informatiques ont dérobé des documents confidentiels du Service fédéral de sécurité (SFS) lors de l'attaque contre le prestataire de la Confédération Xplain, selon des informations concordantes des médias. Des fichiers ont été publiés sur le DarkNet.

#rts #FR #2023 #suisse #SFS #confidentielles #conseillers-fédéraux #Xplain #Confédération

·rts.ch·Jul 2, 2023

Des données confidentielles sur des conseillers fédéraux volées lors de la cyberattaque

High school changes every student’s password to ‘Ch@ngeme!’

After a cybersecurity audit mistakenly reset everyone’s password, a high school changed every student’s password to “Ch@ngeme!” giving every student the chance to hack into any other student’s account, according to emails obtained by TechCrunch.

#techcrunch #EN #023 #password #Ch@ngeme!#reset #school

·techcrunch.com·Jul 2, 2023

High school changes every student’s password to ‘Ch@ngeme!’

CVE-2023-27997 is Exploitable, and 69% of FortiGate…

Bishop Fox internally developed an exploit for CVE-2023-27997, a heap overflow in FortiOS—the OS behind FortiGate firewalls—that allows remote code execution. There are 490,000 affected SSL VPN interfaces exposed on the internet, and roughly 69% of them are currently unpatched. You should patch yours now

#bishopfox #EN #2023 #FortiGate #CVE-2023-27997

·bishopfox.com·Jul 1, 2023

CVE-2023-27997 is Exploitable, and 69% of FortiGate…

TSMC confirms data breach after LockBit cyberattack on third-party supplier

One of the world's biggest chipmakers confirmed a data breach after the LockBit ransomware gang targeted one of its third-party providers.

#techcrunch #EN #2023 #security #data-breach #LockBit #ransomware #TSMC #chipmaker

·techcrunch.com·Jul 1, 2023

TSMC confirms data breach after LockBit cyberattack on third-party supplier

Malware Execution Method Using DNS TXT Record

AhnLab Security Emergency response Center (ASEC) has confirmed instances where DNS TXT records were being utilized during the execution process of malware. This is considered meaningful from various perspectives, including analysis and detection as this method has not been widely utilized as a means of executing malware.

#ASEC #EN #2023 #DNS #TXT #malware #analysis

·asec.ahnlab.com·Jun 30, 2023

Malware Execution Method Using DNS TXT Record

Meduza Stealer or The Return of The Infamous Aurora Stealer

Meduza Stealer malware analysis

#russianpanda #EN #2023 #analysis #meduza #Aurora #Stealer #malware

·russianpanda.com·Jun 29, 2023

Meduza Stealer or The Return of The Infamous Aurora Stealer

SEC notifies SolarWinds CISO and CFO of possible action in cyber investigation

The Securities and Exchange Commission has notified the chief financial officer and CISO of SolarWinds about potential enforcement actions related to the 2020 cyberattack against the company’s Orion software platform, the company disclosed in a regulatory filing with the agency.

#cybersecuritydive #EN #2023 #regulation #SolarWinds #CISO #CFO #cyberattack #action #justice #legal

·cybersecuritydive.com·Jun 29, 2023

SEC notifies SolarWinds CISO and CFO of possible action in cyber investigation

Tracing Ransomware Threat Actors Through Stylometric Analysis and Chat Log Examination

I stumbled upon an intriguing concept presented by Will Thomas (BushidoToken) in his blog post titled “Unmasking Ransomware Using Stylometric Analysis: Shadow, 8BASE, Rancoz.” This concept revolves around utilizing stylometry to identify potential modifications in new ransomware variants based on existing popular strains. If you’re interested, you can read the blog post here. (Notably, Will Thomas also appeared on Dark Net Diaries, discussing his tracking of the Revil ransomware.)

#callyso0414 #YUCA #medium #EN #2023 #ransomware #logs #log #chats #Stylometric #Analysis

·medium.com·Jun 28, 2023

Tracing Ransomware Threat Actors Through Stylometric Analysis and Chat Log Examination

Une équipe d’intervention cantonale épaulera les communes vaudoises en cas de cyberattaque

Via une convention avec les communes, l’IT du canton de Vaud va créer une équipe d’intervention chargée de leur prêter main forte aux niveaux organisationnel et technique en cas de cyberattaque. La force de réaction s'appuiera également sur des prestataires spécialisés locaux.

#ictjournal #CH #FR #VD #Vaud #convention #cyberattaque

·ictjournal.ch·Jun 28, 2023

Une équipe d’intervention cantonale épaulera les communes vaudoises en cas de cyberattaque

Akira Ransomware Extends Reach to Linux Platform

Cyble Research & Intelligence Labs examines the Linux variant of Akira Ransomware and assesses its impact on various sectors.

#cyble #EN #2023 #Akira #Ransomware #Linux

·blog.cyble.com·Jun 28, 2023

Akira Ransomware Extends Reach to Linux Platform

Swiss intelligence warns of fallout in cyberspace as West clamps down on spies

The efforts by governments in Europe and elsewhere to degrade Russia's human intelligence networks could have blowback in other areas, Swiss intelligence is warning.

#therecord #EN #2023 #switzerland #spies #Russia #Russia-Ukraine-war #intelligence #Warning

·therecord.media·Jun 28, 2023

Swiss intelligence warns of fallout in cyberspace as West clamps down on spies

Kazakhstan - the world's last SSLv2 superpower... and a country with potentially vulnerable last-mile internet infrastructure

Kazakhstan - the world's last SSLv2 superpower... and a country with potentially vulnerable last-mile internet infrastructure, Author: Jan Kopriva

#sans #EN #2023 #Kazakhstan #SSLv2 #vulnerable #internet

·isc.sans.edu·Jun 28, 2023

Kazakhstan - the world's last SSLv2 superpower... and a country with potentially vulnerable last-mile internet infrastructure

CHU de Rennes : un compte de prestataire détourné pour la cyberattaque

Les équipes d’Orange Cyberdefense ont détecté le trafic réseau anormal ayant trahi l’occurrence d’une cyberattaque. Celui-ci impliquait un compte VPN mis à disposition d’un tiers à fin de maintenance applicative.

#lemagit #FR #2023 #CHU #Rennes #prestataire #VPN #compromis

·lemagit.fr·Jun 28, 2023

CHU de Rennes : un compte de prestataire détourné pour la cyberattaque

Microsoft Teams vulnerability allows attackers to deliver malware to employees

Security researchers have found a bug that could allow attackers to deliver malware directly into employees' Microsoft Teams inbox.

#helpnetsecurity #EN #2023 #Microsoft #Teams #bug #malware

·helpnetsecurity.com·Jun 28, 2023

Microsoft Teams vulnerability allows attackers to deliver malware to employees

Dismantling encrypted criminal EncroChat communications leads to over 6 500 arrests and close to EUR 900 million seized

The dismantling of EncroChat in 2020 sent shockwaves across OCGs in Europe and beyond. It helped to prevent violent attacks, attempted murders, corruption and large-scale drug transports, as well as obtain large-scale information on organised crime. OCGs worldwide illegally used the encryption tool EncroChat for criminal purposes. Since the dismantling, investigators managed to intercept, share and analyse over 115...

#europol #EN #2023 #EncroChat #encrypted

·europol.europa.eu·Jun 27, 2023

Dismantling encrypted criminal EncroChat communications leads to over 6 500 arrests and close to EUR 900 million seized

Pour la loi suisse, le piratage éthique peut être licite

Toute personne qui pirate l'infrastructure IT d'autrui sans le consentement de l'exploitant est en p

#ictjournal #FR #CH #2023 #lio #suisse #piratage #ethique #NTC

·ictjournal.ch·Jun 27, 2023

Pour la loi suisse, le piratage éthique peut être licite

VMware ESXi Zero-Day Used by Chinese Espionage Actor to Perform Privileged Guest Operations on Compromised Hypervisors

Additional techniques UNC3886 utilized across multiple organizations to evade EDR solutions.

#mandiant #EN #2023 #ESXi #Zero-Day #CVE-2023-20867 #CVE-2022-22948 #VMware

·mandiant.com·Jun 27, 2023

VMware ESXi Zero-Day Used by Chinese Espionage Actor to Perform Privileged Guest Operations on Compromised Hypervisors

Siemens Energy confirms data breach after MOVEit data-theft attack

Siemens Energy has confirmed that data was stolen during the recent Clop ransomware data-theft attacks using a zero-day vulnerability in the MOVEit Transfer platform.

#bleepingcomputer #EN #2023 #MOVEit #Siemens-Energy #Cl0p #Clop #ransomware #data-theft

·bleepingcomputer.com·Jun 27, 2023

Siemens Energy confirms data breach after MOVEit data-theft attack

LetMeSpy, a phone tracking app spying on thousands, says it was hacked

A data breach reveals the spyware is built by a Polish developer

#techcrunch #EN #2023 #LetMeSpy #phone #spyware #hacked #databreach

·techcrunch.com·Jun 27, 2023

LetMeSpy, a phone tracking app spying on thousands, says it was hacked

Process Mockingjay: Echoing RWX In Userland To Achieve Code Execution

Our research team is committed to continuously identifying potential security vulnerabilities and techniques that threat actors may exploit to bypass existing security controls. In this blog post, our team is detailing on a comprehensive research specifically focused on process injection techniques utilized by attackers to deceive robust security products integrated into the security stack, such as EDRs and XDRs. Throughout the blog post, we will delve into various process injection techniques e

#securityjoes #EN #2023 #Mockingjay #EDR #bypass #technique #RWX #Code #Execution

·securityjoes.com·Jun 27, 2023

Process Mockingjay: Echoing RWX In Userland To Achieve Code Execution

PindOS: New JavaScript Dropper Delivering Bumblebee and IcedID

Deep Instinct’s Threat Research Lab recently noticed a new strain of a JavaScript-based dropper that is delivering Bumblebee and IcedID. The dropper contains comments in Russian and employs the unique user-agent string “PindOS”, which may be a reference to current (and past) anti-American sentiment in Russia. Bumblebee is a malware loader first discovered in March 2022. It was associated with Conti group and was being used as a replacement for BazarLoader. It acts as a primary vector for multiple types of other malware, including ransomware. IcedID is a modular banking malware designed to steal financial information. It has been seen in the wild since at least 2017 and has recently been observed shifting some of its focus to malware delivery.

#deepinstinct #EN #2023 #JavaScript #Dropper #PindOS #Bumblebee #analysis

·deepinstinct.com·Jun 26, 2023

PindOS: New JavaScript Dropper Delivering Bumblebee and IcedID

PyPI Attackers Still At It: Malicious Packages Drop Trojans and Info-stealers

Sonatype's malicious open source and malware detection systems found hundreds of malicious PyPI packages.

#sonatype #EN #2023 #PyPI #malware #Supply-Chain-Attack

·blog.sonatype.com·Jun 23, 2023

PyPI Attackers Still At It: Malicious Packages Drop Trojans and Info-stealers

Emerging Threat! Exposing JOKERSPY

Explore JOKERSPY, a recently discovered campaign that targets financial institutions with Python backdoors. This article covers reconnaissance, attack patterns, and methods of identifying JOKERSPY in your network.

#elastic.co #EN #2023 #JOKERSPY #macOS #Python #backdoor

·elastic.co·Jun 22, 2023

Emerging Threat! Exposing JOKERSPY

Fragments of Cross-Platform Backdoor Hint at Larger Mac OS Attack

During routine detection maintenance, our Mac researchers stumbled upon a small set of files with backdoor capabilities that seem to form part of a more complex malware toolkit. The following analysis is incomplete, as we are trying to identify the puzzle pieces that are still missing.

#bitdefender #EN #2023 #macOS #malware #Cross-Platform #Backdoor

·bitdefender.com·Jun 22, 2023

Fragments of Cross-Platform Backdoor Hint at Larger Mac OS Attack

IoT Under Siege: The Anatomy of the Latest Mirai Campaign Leveraging Multiple IoT Exploits

Since March 2023, Unit 42 researchers have observed threat actors leveraging several IoT vulnerabilities to spread a variant of the Mirai botnet.

#unit42 #EN #2023 #Mirai #analysis #IoT

·unit42.paloaltonetworks.com·Jun 22, 2023

IoT Under Siege: The Anatomy of the Latest Mirai Campaign Leveraging Multiple IoT Exploits