Search cyberveille.decio.ch

Found 7 bookmarks

Custom sorting

Beware the Unpatchable: Corona Mirai Botnet Spreads via Zero-Day

The Akamai Security Intelligence and Response Team (SIRT) has observed a botnet campaign that is abusing several previously exploited vulnerabilities, as well as a zero-day vulnerability discovered by the SIRT. CVE-2024-7029 (discovered by Aline Eliovich) is a command injection vulnerability found in the brightness function of AVTECH closed-circuit television (CCTV) cameras that allows for remote code execution (RCE). Once injected, the botnet spreads a Mirai variant with string names that reference the COVID-19 virus that has been seen since at least 2020. * We have included a list of indicators of compromise (IOCs) to assist in defense against this threat.

#akamai #EN #2024 #botnet #Mirai #AVTECH #zero-day #vulnerability #CCTV #CVE-2024-7029

·akamai.com·Aug 29, 2024

Beware the Unpatchable: Corona Mirai Botnet Spreads via Zero-Day

New 0-Day Attacks Linked to China’s ‘Volt Typhoon’

Malicious hackers are exploiting a zero-day vulnerability in Versa Director, a software product used by many Internet and IT service providers. Researchers believe the activity is linked to Volt Typhoon, a Chinese cyber espionage group focused on infiltrating critical U.S.…

#krebsonsecurity #EN #2024 #Versa-Director #zero-day #vulnerability #Volt-Typhoon

·krebsonsecurity.com·Aug 27, 2024

New 0-Day Attacks Linked to China’s ‘Volt Typhoon’

Windows driver zero-day exploited by Lazarus hackers to install rootkit

The notorious North Korean Lazarus hacking group exploited a zero-day flaw in the Windows AFD.sys driver to elevate privileges and install the FUDModule rootkit on targeted systems. #BYOVD #Bring #CVE-2024-38193 #Driver #Group #Lazarus #Microsoft #Own #Vulnerability #Your #Zero-Day

#bleepingcomputer #EN #2024 #Your #Lazarus #Own #BYOVD #Driver #Zero-Day #Vulnerability #Bring #CVE-2024-38193 #Group #Microsoft

·bleepingcomputer.com·Aug 20, 2024

Windows driver zero-day exploited by Lazarus hackers to install rootkit

Telegram zero-day allowed sending malicious Android APKs as videos

A Telegram for Android zero-day vulnerability dubbed 'EvilVideo' allowed attackers to send malicious Android APK payloads disguised as video files.

#bleepingcomputer #EN #2024 #0-day #Computer #APK #EvilVideo #Telegram #Mobile #Zero-Day #InfoSec #Android #Vulnerability

·bleepingcomputer.com·Jul 23, 2024

Telegram zero-day allowed sending malicious Android APKs as videos

Black Basta ransomware gang linked to Windows zero-day attacks

The Cardinal cybercrime group (Storm-1811, UNC4394), who are the main operators of the Black Basta ransomware, is suspected of exploiting a Windows privilege escalation vulnerability, CVE-2024-26169, before a fix was made available.

#bleepingcomputer #en #2024 #Actively-Exploited #Black-Basta #Ransomware #Vulnerability #Zero-Day #CVE-2024-26169

·bleepingcomputer.com·Jun 15, 2024

Black Basta ransomware gang linked to Windows zero-day attacks

PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers

The D-Link EXO AX4800 (DIR-X4860) router is vulnerable to remote unauthenticated command execution that could lead to complete device takeovers by attackers with access to the HNAP port.

#bleepingcomputer #EN #2024 #Authentication-Bypass #D-Link #Exploit #Proof-of-Concept #Remote-Command-Execution #Router #Vulnerability #Zero-Day #Security #InfoSec #Computer-Security

·bleepingcomputer.com·May 14, 2024

PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers

Google fixes two Pixel zero-day flaws exploited by forensics firms

Google has fixed two Google Pixel zero-days exploited by forensic firms to unlock phones without a PIN and gain access to the data stored within them.

#bleepingcomputer #EN #2024 #Android #Forensics #Google #Google-Pixel #Mobile #Pixel #Vulnerability #Zero-Day #GrapheneOS

·bleepingcomputer.com·Apr 3, 2024

Google fixes two Pixel zero-day flaws exploited by forensics firms