Retour d'experience du Centre Hospitalier de Cahors
Le CERT Santé revient sur la cyberattaque du centre hospitalier de Cahors suite à l’exploitation d’une faille de sécurité.
'RustBucket' malware targets macOS
Learn how APT group, BlueNoroff, targets Apple with malware variant to compromise macOS devices.
3CX Breach Was a Double Supply Chain Compromise
We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX, a complex, lengthy intrusion that has the makings of a cyberpunk spy novel: North Korean hackers using legions of fake executive accounts…
Linux malware strengthens links between Lazarus and the 3CX supply‑chain attack
Similarities with newly discovered Linux malware used in Operation DreamJob corroborate the theory that the 3CX attack was carried out by Lazarus.
3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible
A software supply chain attack led to another software supply chain attack.
Threat Actors Rapidly Adopt Web3 IPFS Technology
Web3 technologies are seeing widespread adoption — including by TAs. We discuss Web3 technology InterPlanetary File System (IPFS), and malicious use of it.
‘AuKill’ EDR killer malware abuses Process Explorer driver
Driver based attacks against security products are on the rise
TikTok reste autorisé sur les téléphones des fonctionnaires suisses
Après d'intenses semaines de réflexion, de clarifications internes et d'enquêtes techniques, l'administration fédérale a décidé de ne pas bannir TikTok des téléphones de fonction. Une décision à contre-courant de nombreux pays européens.
Cybersécurité et désinformation: Berne crée un nouveau Secrétariat d’État pour la sécurité civile
Pour lutter contre les nouvelles menaces, le Conseil fédéral veut renforcer le Département fédéral de la défense en créant un nouvel organe spécialisé.
Black Basta claims it's selling off stolen Capita data
No worries, outsourcer only handles government tech contracts worth billions
ntpd is not vulnerable · Issue #1 · spwpun/ntp-4.2.8p15-cves
The first four of these CVEs affect a function in libntp that is only used by ntpq, but not by ntpd. The last CVE affects the driver for a hardware clock (GPS receiver), so ntpd might be vulnerable...
in2al5d p3in4er is Almost Completely Undetectable
in2al5d p3in4er is a highly evasive new loader that has a detection ratio of 0 on VirusTotal. We explain how it works, and how to prevent it.
LockBit for Mac | How Real is the Risk of macOS Ransomware?
Discovery of a macOS variant of LockBit has caused alarm, but how serious a threat is it? We explore the malware and the threat of ransomware on Apple Macs.
Apple’s high security mode blocked NSO spyware, researchers say | TechCrunch
Apple has fixed the three exploits used to deploy the Pegasus spyware, which did not require any interaction from the target.
Summary of the Investigation Related to CVE-2023-0669
We’d like to provide an update on our investigation into the suspicious activity detected in our Fortra GoAnywhere MFT solution. Working with Unit 42, we have completed our investigation and have compiled a factual summary of the investigation, as well as continuous improvement actions Fortra is taking to further strengthen our systems and recommended actions customers can take to secure their data and improve their security posture using available features in the GoAnywhere MFT solution.
Triple Threat: NSO Group’s Pegasus Spyware Returns in 2022 with a Trio of iOS 15 and iOS 16 Zero-Click Exploit Chains
One widely publicized case of disappearances relevant to this case of spyware infection occurred in September 2015 when a group of 43 students at a teacher
QBot banker delivered through business correspondence
In early April, we detected a significant increase in attacks that use banking Trojans of the QBot family. The malware would be delivered through e-mails that were based on real business letters the attackers had gotten access to.
CVE-2023-21554: MSMQ
On April 12th, 2023, Microsoft released a slew of new patches for its Windows operating system, one of which was to fix CVE-2023-21554, a remotely-exploitable vulnerability in the obscure Windows Message Queuing (MSMQ) service that can lead to remote code execution (RCE).
Analyzing an arm64 mach-O version of LockBit
The relevance of this macOS specimen is well articulated in their tweet: “Lockbit ransomware group has created their first MacOS-based payload. We believe this is the first time a large ransomware threat group has developed a payload for Apple products.” vx-underground Ok, so even though it’s the weekend, we have what appears to be a new macOS malware specimen from one of the more notorious ransomware gangs! Coupled with the fact that this may be, (as noted by @VXUnderground), “the first time a large ransomware threat group has developed a payload for Apple products” …I was intrigued to decided to dig right in!
Linux kernel logic allowed Spectre attack on major cloud
Kernel 6.2 ditched a useful defense against ghostly chip design flaw
Google Chrome emergency update fixes first zero-day of 2023
Google has released an emergency Chrome security update to address the first zero-day vulnerability exploited in attacks since the start of the year.
Remote Code Execution Vulnerability in Google They Are Not Willing To Fix
This is a story about a security vulnerability in Google that allowed me to run arbitrary code on the computers of 50+ Google employees. Although Google initially considered my finding a serious security incident, later on, it changed its mind and stated that my finding is not, in fact, a vulnerability, but the intended behavior of their software.
Introducing: Red Canary Mac Monitor
Mac Monitor is Red Canary’s newly available tool for collection and dynamic system analysis on macOS endpoints. Red Canary Mac Monitor is a feature-rich dynamic analysis tool for macOS that leverages our extensive understanding of the platform and Apple’s latest APIs to collect and present relevant security events. Mac Monitor is practically the macOS version of the Microsoft Sysinternals tool, Procmon. Mac Monitor collects a wide variety of telemetry classes, including processes, interprocess, files, file metadata, logins, XProtect detections, and more—enabling defenders to quickly and effectively analyze enriched, high-fidelity macOS security events in a native, modern, and customizable user interface
The (Not so) Secret War on Discord
CyberArk Labs discovered a new malware called Vare that is distributed over the popular chatting service, Discord. Vare has been used to target new malware operators by using social engineering tactics on them. Additionally, we have found that Vare uses Discord’s infrastructure as a backbone for its operations. This malware is linked to a new group called “Kurdistan 4455” based out of southern Turkey and is still early in its forming stage.
A Computer Generated Swatting Service Is Causing Havoc Across America
As the U.S. deals with a nationwide swatting wave, Motherboard has traced much of the activity to a particular swatting-as-a-service account on Telegram. Torswats uses synthesized voices to pressure law enforcement to specific locations.
Espionage campaign linked to Russian intelligence services
The Military Counterintelligence Service and the CERT Polska team (CERT.PL) observed a widespread espionage campaign linked to Russian intelligence services
New hacker advocacy group seeks to protect work of security researchers
"There are advocacy groups for reptile owners but not hackers, so that seems like a miss," said Ilona Cohen of HackerOne.
Vice Society: A Tale of Victim Data Exfiltration via PowerShell, aka Stealing off the Land
The Vice Society ransomware gang exfiltrated victim network data using a custom Microsoft PowerShell script. We dissect how each function of it works.
Hackers claim vast access to Western Digital systems
One of the hackers who breached Western Digital provided some details about the hack, the data stolen, and what the hackers are demanding.
En Suisse comme en France, la vidéosurveillance progresse à une vitesse fulgurante
Le parlement français a adopté une loi autorisant la vidéosurveillance algorithmique, très décriée. A Genève, une étude montre l’opacité autour des caméras de surveillance, qui se multiplient