Search cyberveille.decio.ch

Found 5714 bookmarks

Newest

SolarWinds: The Untold Story of the Boldest Supply-Chain Hack

It was late 2019, and Adair, the president of the security firm Volexity, was investigating a digital security breach at an American think tank. The intrusion was nothing special. Adair figured he and his team would rout the attackers quickly and be done with the case—until they noticed something strange. A second group of hackers was active in the think tank’s network. They were going after email, making copies and sending them to an outside server. These intruders were much more skilled, and they were returning to the network several times a week to siphon correspondence from specific executives, policy wonks, and IT staff.

#wired #2023 #EN #Supply-Chain #Hack #SolarWinds #2019 #Story

·wired.com·May 2, 2023

SolarWinds: The Untold Story of the Boldest Supply-Chain Hack

What is a Rapid Security Response (RSR)

Intended to be lightweight, timely and quick to install, the first RSR has now been provided for Ventura. Did you know you can also uninstall it easily?

#eclecticlight #EN #2023 #Rapid-Security-Response #macis #iOS16 #RSR

·eclecticlight.co·May 2, 2023

What is a Rapid Security Response (RSR)

BouldSpy: Android Spyware Tied to Iranian Police Targets Minorities

Researchers at the Lookout Threat Lab have discovered a new Android surveillance tied to the Law Enforcement Command of the Islamic Republic of Iran (FARAJA).

#lookout #EN #2023 #BouldSpy #Spyware #Android #FARAJA #Iran

·security.lookout.com·May 2, 2023

BouldSpy: Android Spyware Tied to Iranian Police Targets Minorities

Apple uses iOS and macOS Rapid Security Response feature for the first time

When it announced iOS 16, iPadOS 16, and macOS Ventura at its Worldwide Developers Conference last summer, one of the features Apple introduced was something called "Rapid Security Response." The feature is meant to enable quicker and more frequent security patches for Apple's newest operating systems, especially for WebKit-related flaws that affect Safari and other apps that use Apple's built-in browser engine.

#arstechnica #EN #2023 #iOS16 #Ventura #macos #Rapid-Security-Response #RSR

·arstechnica.com·May 2, 2023

Apple uses iOS and macOS Rapid Security Response feature for the first time

FIN7 tradecraft seen in attacks against Veeam backup servers

WithSecure Intelligence identified attacks which occurred in late March 2023 against internet-facing servers running Veeam Backup & Replication software. Our research indicates that the intrusion set used in these attacks has overlaps with those attributed to the FIN7 activity group. It is likely that initial access & execution was achieved through a recently patched Veeam Backup & Replication vulnerability, CVE-2023-27532.

#withsecure #EN #2023 #Research #Veeam #FIN7

·labs.withsecure.com·May 1, 2023

FIN7 tradecraft seen in attacks against Veeam backup servers

Investigating ChatGPT phishing detection capabilities

Kaspersky research on ChatGPT capabilities to tell a phishing link from a legitimate one by analyzing the URL, as well as extract target organization name.

#securelist #2023 #EN #Machine-learning #Phishing #Phishing-websites #phishing #detection #capabilities

·securelist.com·May 1, 2023

Investigating ChatGPT phishing detection capabilities

AI Chatbots Have Been Used to Create Dozens of News Content Farms

The news-rating group NewsGuard has found dozens of news websites generated by AI chatbots proliferating online, according to a report published Monday, raising questions about how the technology may supercharge established fraud techniques.

#bloomberg #EN #2023 #NewsGuard #Chatbots #Content-Farms #chatbots

·bloomberg.com·May 1, 2023

AI Chatbots Have Been Used to Create Dozens of News Content Farms

Comparison of password strength across top hacking forums (of users that were infected with info-stealing malware)

Comparing the password strength of 5 hacking forum users that were compromised with info-stealers - Hackforums.net,...

#reddit #r/malware #EN #2023 #passwords #leaks #comparison #hackforums

·old.reddit.com·May 1, 2023

Comparison of password strength across top hacking forums (of users that were infected with info-stealing malware)

LockBit and Cl0p ransomware gangs actively exploiting Papercut vulnerabilities

Vulnerabilities in PaperCut printing management are being used in ransomware attacks.

#malwarebytes #EN #2023 #lockbit #cl0p #PaperCut

·malwarebytes.com·May 1, 2023

LockBit and Cl0p ransomware gangs actively exploiting Papercut vulnerabilities

DOJ Detected SolarWinds Breach Months Before Public Disclosure

In May 2020, the US Department of Justice noticed Russian hackers in its network but did not realize the significance of what it had found for six months.

#wired #EN #SolarWinds #Russia #Detected

·wired.com·Apr 29, 2023

DOJ Detected SolarWinds Breach Months Before Public Disclosure

Clôture de l’établissement des faits concernant la banque de données de centres privés de dépistage Covid-19

Suite à la réception d’un signalement par un particulier, le Préposé a procédé à un établissement des faits concernant une banque de données insuffisamment sécurisée de centres privés de dépistage Covid-19. Dans son rapport final publié ce jour, il a établi que les données de santé traitées dans la banque de données avaient été exposées à des risques de sécurité considérables en raison de la faille signalée. Comme les responsables avaient pris les mesures immédiates appropriées après la découverte de cette faille, le risque pour les personnes concernées a pu être réduit. La procédure est ainsi close sans recommandation.

#edoeb #CH #FR #Covid-19 #faille #confidentialité #NCSC

·edoeb.admin.ch·Apr 28, 2023

Clôture de l’établissement des faits concernant la banque de données de centres privés de dépistage Covid-19

Le Département de la défense et des banques testent le partage confidentiel de données de cybermenace

Le DDPS annonce avoir achevé un projet pilote de confidential computing avec la BNS, SIX et la Banque cantonale de

#ictjournal #FR #CH #DDPS #BNS #Banque #SIX #confidentiel #confidential-computing

·ictjournal.ch·Apr 28, 2023

Le Département de la défense et des banques testent le partage confidentiel de données de cybermenace

Magecart threat actor rolls out convincing modal forms

To ensnare new victims, criminals will often devise schemes that attempt to look as realistic as possible. Having said that, it is not every day that we see the fraudulent copy exceed the original piece. While following up on an ongoing Magecart credit card skimmer campaign, we were almost fooled by a payment form that looked so well done we thought it was real. The threat actor used original logos from the compromised store and customized a web element known as a modal to perfectly hijack the checkout page.

#malwarebytes #EN #2023 #Magecart #forms #analysis

·malwarebytes.com·Apr 28, 2023

Magecart threat actor rolls out convincing modal forms

Hackers Leaked Minneapolis Students' Psychological Reports, Allegations of Abuse

In a hacking episode that is spiraling from bad to worse, cybercriminals have leaked highly sensitive documents related to droves of Minneapolis students.

#gizmodo #EN #2023 #Ransomware #leack #childrens #Education #school #US #Minneapolis

·gizmodo.com·Apr 27, 2023

Hackers Leaked Minneapolis Students' Psychological Reports, Allegations of Abuse

RTM Locker Ransomware as a Service (RaaS) Now on Linux - Uptycs

Uptycs threat research team discovered a new ransomware Linux binary attributed to the RTM group Locker, a known Ransomware-as-a-Service (RaaS) provider.

#Uptycs #EN #2023 #ransomware #Linux #RTM #group #Locker #Ransomware-as-a-Service

·uptycs.com·Apr 27, 2023

RTM Locker Ransomware as a Service (RaaS) Now on Linux - Uptycs

Never Connect to RDP Servers Over Untrusted Networks

Did you know that RDP is unsafe without the use of additional protection like a VPN? In this blog post we will explain why and demonstrate the impact.

#gosecure #EN #2023 #RDP #Untrusted

·gosecure.net·Apr 27, 2023

Never Connect to RDP Servers Over Untrusted Networks

Mirai Botnet Attackers Exploit TP-Link Router Bug

Researchers began to detect exploit attempts in the wild targeting the patched, high-severity flaw in TP-Link routers starting on April 11.

#duo #decipher #EN #2023 #Mirai #Exploit #TP-Link #CVE-2023-1389

·duo.com·Apr 26, 2023

Mirai Botnet Attackers Exploit TP-Link Router Bug

Attackers Use Containers for Profit via TrafficStealer

We found TrafficStealer abusing open container APIs in order to redirect traffic to specific websites and manipulate engagement with ads.

#trendmicro #EN #2023 #cloud #report #Containers #TrafficStealer #docker

·trendmicro.com·Apr 26, 2023

Attackers Use Containers for Profit via TrafficStealer

Cyble — Threat Actor Selling New Atomic macOS (AMOS) Stealer on Telegram

CRIL analyzes AMOS, a stealthy new information stealer targeting macOS and disseminating stolen information via Telegram.

#cyble #EN #2023 #AMOS #macOS #stealer #Telegram #Golang #MacStealer

·blog.cyble.com·Apr 26, 2023

Cyble — Threat Actor Selling New Atomic macOS (AMOS) Stealer on Telegram

VMware Patches Critical Vulnerability Disclosed at Pwn2Own Hacking Contest

VMware this week released patches for a critical vulnerability disclosed at the Pwn2Own Vancouver 2023 hacking contest.

#securityweek #EN #2023 #VMware #critical #vulnerability #Pwn2Own #CVE-2023-20869

·securityweek.com·Apr 26, 2023

VMware Patches Critical Vulnerability Disclosed at Pwn2Own Hacking Contest

Gootloader Unloaded: Researchers Launch Multi-Pronged Offensive Against Gootloader, Cutting Off Traffic to Thousands of Gootloader Web Pages and Using the Operator’s Very Own Tactics to Protect End-Users

eSentire’s Threat Response Unit (TRU), led by researchers Joe Stewart and Keegan Keplinger, have launched a multi-pronged offensive against a growing cyberthreat: the Gootloader Initial Access-as-a-Service Operation. The Gootloader Operation is an expansive cybercrime business, and it has been active since 2018. For the past 15 months, the Gootloader Operator has been launching ongoing attacks targeting legal professionals working for both law firms and corporate legal departments in the U.S., Canada, the U.K. and Australia. Between January and March 2023, TRU shut down Gootloader attacks against 12 different organizations, seven of which were law firms.

#esentire #EN #2023 #Gootloader #Access-as-a-Service #Offensive #hackback

·esentire.com·Apr 26, 2023

New high-severity vulnerability (CVE-2023-29552) discovered in the Service Location Protocol (SLP)

Researchers from Bitsight and Curesec have jointly discovered a high-severity vulnerability — tracked as CVE-2023-29552 — in the Service Location Protocol (SLP)

#bitsight #EN #2023 #CVE-2023-29552 #SLP #DoS #Amplification

·bitsight.com·Apr 26, 2023

New high-severity vulnerability (CVE-2023-29552) discovered in the Service Location Protocol (SLP)

Smartphones With Popular Qualcomm Chip Secretly Share Private Information With US Chip-Maker

During our security research we found that smart phones with Qualcomm chip secretly send personal data to Qualcomm. This data is sent without user consent, unencrypted, and even when using a Google-free Android distribution. This is possible because the Qualcomm chipset itself sends the data, circumventing any potential Android operating system setting and protection mechanisms. Affected smart phones are Sony Xperia XA2 and likely the Fairphone and many more Android phones which use popular Qualcomm chips.

#nitrokey #EN #2023 #privacy #Qualcomm #Chip #Secretly #Share

·nitrokey.com·Apr 25, 2023

Smartphones With Popular Qualcomm Chip Secretly Share Private Information With US Chip-Maker

PSA: upgrade your LUKS key derivation function

Here's an article from a French anarchist describing how his (encrypted) laptop was seized after he was arrested, and material from the encrypted partition has since been entered as evidence against him. His encryption password was supposedly greater than 20 characters and included a mixture of cases, numbers, and punctuation, so in the absence of any sort of opsec failures this implies that even relatively complex passwords can now be brute forced, and we should be transitioning to even more secure passphrases. Or does it? Let's go into what LUKS is doing in the first place. The actual data is typically encrypted with AES, an extremely popular and well-tested encryption algorithm. AES has no known major weaknesses and is not considered to be practically brute-forceable - at least, assuming you have a random key. Unfortunately it's not really practical to ask a user to type in 128 bits of binary every time they want to unlock their drive, so another approach has to be taken.

#mjg59 #EN #Linux #LUKS #KDF #cracked #police #encryption #password #AES

·mjg59.dreamwidth.org·Apr 23, 2023

PSA: upgrade your LUKS key derivation function

Meet the hacker armies on Ukraine's cyber front line

How links between ‘hacktivists’ and official military are becoming blurred on both sides in the war.

#bbc #EN #2023 #hacktivists #military #Ukraine #cyberarmy #vigilante #Telegram #russia-ukraine-war

·bbc.com·Apr 22, 2023

Meet the hacker armies on Ukraine's cyber front line

Analysis of Pre-Auth RCE in Sophos Web Appliance (CVE-2023-1671)

CVE-2023-1671 is a pre-authenticated command injection in Sophos Web Appliance. In this blog post, VulnCheck researchers analyze the vulnerability and develop a proof of concept (PoC) for it.

#vulncheck #EN #2023 #analysis #vulnerability #Sophos #CVE-2023-1671 #pre-authenticated #command #injection

·vulncheck.com·Apr 22, 2023

Analysis of Pre-Auth RCE in Sophos Web Appliance (CVE-2023-1671)

Software Maker 3CX Was Compromised in First-of-its-Kind Threaded Supply-Chain Hack

Hackers first compromised a different software maker and embedded malware in one of its programs. 3CX got compromised when a worker downloaded that program. It's not known why worker downloaded it.

#zetter #EN #2023 #3CX #Supply-Chain-Attack

·zetter.substack.com·Apr 22, 2023

Software Maker 3CX Was Compromised in First-of-its-Kind Threaded Supply-Chain Hack

World's largest cyber defense exercise Locked Shields brings together over 3000 participants

Tallinn, Estonia – From 18 to 21 April, the NATO Cooperative Cyber Defense Center of Excellence (CCDCOE) is hosting Locked Shields 2023, the world’s largest live-fire cyber defense exercise. Over 3,000 participants from 38 nations are taking part in the exercise, which involves protecting real computer systems from real-time attacks and simulating tactical and strategic decisions in critical situations.

#ccdcoe #EN #2023 #NATO #Cooperative #CyberDefense #exercise

·ccdcoe.org·Apr 22, 2023

World's largest cyber defense exercise Locked Shields brings together over 3000 participants

X_Trader Supply Chain Attack Affects Critical Infrastructure Organizations in U.S. and Europe

North Korean-linked operation affected more organizations beyond 3CX, including two critical infrastructure organizations in the energy sector.

#symantec #EN #2023 #North #North-Korea #3CX #X_Trader #Supply-Chain-Attack

·symantec-enterprise-blogs.security.com·Apr 21, 2023

X_Trader Supply Chain Attack Affects Critical Infrastructure Organizations in U.S. and Europe

Critical Vulnerabilities in PaperCut Print Management Software

Our team is tracking in-the-wild exploitation of zero-day vulnerabilities against PaperCut MF/NG which allow for unauthenticated remote code execution due to an authentication bypass.

#huntress #EN #2023 #PaperCut #zero-day #RCE #Print #Management #Software

·huntress.com·Apr 21, 2023

Critical Vulnerabilities in PaperCut Print Management Software