Search cyberveille.decio.ch

Found 148 bookmarks

Custom sorting

Ransomware abuses Amazon AWS feature to encrypt S3 buckets

A new ransomware campaign encrypts Amazon S3 buckets using AWS's Server-Side Encryption with Customer Provided Keys (SSE-C) known only to the threat actor, demanding ransoms to receive the decryption key.

#bleepingcomputer #EN #2025 #Encryption #Ransomware #Computer #S3 #Amazon #AES #Security #AWS

·bleepingcomputer.com·Jan 13, 2025

Ransomware abuses Amazon AWS feature to encrypt S3 buckets

Microsoft: macOS bug lets hackers install malicious kernel drivers

Apple recently addressed a macOS vulnerability that allows attackers to bypass System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions. #Apple #Computer #InfoSec #Integrity #Microsoft #Protection #SIP #Security #System #Vulnerability #macOS

#bleepingcomputer #EN #2024 #CVE-2024-44243 #System #macOS #Apple #Security #Integrity #SIP

·bleepingcomputer.com·Jan 13, 2025

Microsoft: macOS bug lets hackers install malicious kernel drivers

Malicious ads push Lumma infostealer via fake CAPTCHA pages

A large-scale malvertising campaign distributed the Lumma Stealer info-stealing malware through fake CAPTCHA verification pages that prompt users to run PowerShell commands to verify they are not a bot.

#bleepingcomputer #EN #2024 #Captcha #ClickFix #Information-Stealer #Lumma #Malvertising #Malware #PowerShell #Security #InfoSec #Computer-Security

·bleepingcomputer.com·Dec 22, 2024

Malicious ads push Lumma infostealer via fake CAPTCHA pages

Ascension: Health data of 5.6 million stolen in ransomware attack

Ascension, one of the largest private U.S. healthcare systems, is notifying over 5.6 million patients and employees that their personal and health data was stolen in a May cyberattack linked to the Black Basta ransomware operation.

#bleepingcomputer #EN #2024 #Ascension #Data-Breach #Healthcare #Ransomware #Security #InfoSec #Computer-Security

·bleepingcomputer.com·Dec 20, 2024

Ascension: Health data of 5.6 million stolen in ransomware attack

Stop Calling Online Scams ‘Pig Butchering,’ Interpol Warns

Experts say the catchall term for online fraud furthers harm against victims and could dissuade people from reporting attempts to bilk them out of their money.

#wired #en #2024 #china #crime #hacks #security #cryptocurrency #PigButchering #name #Interpol #victim #shaming

·wired.com·Dec 18, 2024

Stop Calling Online Scams ‘Pig Butchering,’ Interpol Warns

What a new threat report says about Mac malware in 2024

Apple's macOS has been under siege in 2024 as malware-as-a-service platforms and AI-driven threats make the year a turning point for Mac security.

#appleinsider #EN #2024 #Apple #macOS #AI-driven #Mac #security #malware-as-a-service

·appleinsider.com·Dec 9, 2024

What a new threat report says about Mac malware in 2024

AWS launches an incident response service to combat cybersecurity threats | TechCrunch

Amazon has launched AWS Security Incident Response, a service to help triage and respond to cybersecurity threats.

#techcrunch #EN #2024 #Amazon #AWS #Security #Incident #Response #service #launch

·techcrunch.com·Dec 2, 2024

AWS launches an incident response service to combat cybersecurity threats | TechCrunch

Microsoft 365 Admin portal abused to send sextortion emails

The Microsoft 365 Admin Portal is being abused to send sextortion emails, making the emails appear trustworthy and bypassing email security platforms.

#bleepingcomputer #EN #2024 #Email #Extortion #Mail-Filters #Microsoft-365 #Microsoft-365-Admin-Portal #Sextortion #Security #InfoSec #Computer-Security

·bleepingcomputer.com·Nov 20, 2024

Microsoft 365 Admin portal abused to send sextortion emails

Anyone Can Buy Data Tracking US Soldiers and Spies to Nuclear Vaults and Brothels in Germany | WIRED

More than 3 billion phone coordinates collected by a US data broker expose the detailed movements of US military and intelligence workers in Germany—and the Pentagon is powerless to stop it.

#wired #EN #2024 #surveillance #Datastream #data-broker #security #nsa #military #national-security #germany #pentagon

·wired.com·Nov 20, 2024

Anyone Can Buy Data Tracking US Soldiers and Spies to Nuclear Vaults and Brothels in Germany | WIRED

Major security audit of critical FreeBSD components now available - Help Net Security

The FreeBSD Foundation has released an extensive security audit of two critical FreeBSD components: bhyve and Capsicum.

#helpnetsecurity #EN #2024 #FreeBSD #security #audit #Capsicum #bhyve

·helpnetsecurity.com·Nov 19, 2024

Major security audit of critical FreeBSD components now available - Help Net Security

T-Mobile confirms it was hacked in recent wave of telecom breaches

T-Mobile confirms it was hacked in the wave of recently reported telecom breaches conducted by Chinese threat actors to gain access to private communications, call records, and law enforcement information requests.

#bleepingcomputer #EN #2024 #China #Cyber-espionage #Cyberattack #Salt-Typhoon #T-Mobile #Telecommunications #Security #InfoSec #Computer-Security

·bleepingcomputer.com·Nov 16, 2024

T-Mobile confirms it was hacked in recent wave of telecom breaches

Windows infected with backdoored Linux VMs in new phishing attacks

A new phishing campaign dubbed 'CRON#TRAP' infects Windows with a Linux virtual machine that contains a built-in backdoor to give stealthy access to corporate networks.

#Backdoor #Linux #Phishing #QEMU #Virtual-Machine #Windows #Security #InfoSec #Computer-Security

·bleepingcomputer.com·Nov 13, 2024

Windows infected with backdoored Linux VMs in new phishing attacks

D-Link won’t fix critical flaw affecting 60,000 older NAS devices

More than 60,000 D-Link network-attached storage devices that have reached end-of-life are vulnerable to a command injection vulnerability with a publicly available exploit.

#bleepingcomputer #EN #2024 #Command-Injection #D-Link #Exploit #Hardware #NAS #PoC #Proof-of-Concept #Security #InfoSec #Computer-Security

·bleepingcomputer.com·Nov 11, 2024

D-Link won’t fix critical flaw affecting 60,000 older NAS devices

Meet Interlock — The new ransomware targeting FreeBSD servers

A relatively new ransomware operation named Interlock attacks organizations worldwide, taking the unusual approach of creating an encryptor to target FreeBSD servers.

#bleepingcomputer #EN #2024 #Data-Leak-Site #Encryptor #Extortion #FreeBSD #Interlock #Ransomware #Security #InfoSec #Computer-Security

·bleepingcomputer.com·Nov 11, 2024

Meet Interlock — The new ransomware targeting FreeBSD servers

DocuSign's Envelopes API abused to send realistic fake invoices

Threat actors are abusing DocuSign's Envelopes API to create and mass-distribute fake invoices that appear genuine, impersonating well-known brands like Norton and PayPal.

#bleepingcomputer #EN #2024 #API #DocuSign #Invoice #Phishing #Signature #Security #InfoSec #Computer-Security

·bleepingcomputer.com·Nov 11, 2024

DocuSign's Envelopes API abused to send realistic fake invoices

Nokia says hackers leaked third-party app source code

Nokia's investigation of recent claims of a data breach found that the source code leaked on a hacker forum belongs to a third party and company and customer data has not been impacted.

#bleepingcomputer #EN #2024 #Data-Leak #Nokia #Source-Code #Telecommunications #Third-Party-Data-Breach #Security #InfoSec #Computer-Security

·bleepingcomputer.com·Nov 11, 2024

Nokia says hackers leaked third-party app source code

Schneider Electric confirms dev platform breach after hacker steals data

Schneider Electric has confirmed a developer platform was breached after a threat actor claimed to steal 40GB of data from the company's JIRA server.

#bleepingcomputer #EN #2024 #Data-Breach #Developer-Environment #Jira #Schneider-Electric #Security #InfoSec #Computer-Security

·bleepingcomputer.com·Nov 4, 2024

Schneider Electric confirms dev platform breach after hacker steals data

Inside Sophos' 5-Year War With the Chinese Hackers Hijacking Its Devices

Sophos went so far as to plant surveillance “implants” on its own devices to catch the hackers at work—and in doing so, revealed a glimpse into China's R&D pipeline of intrusion techniques.

#cybersecurity #hacking #malware #vulnerabilities #security #china

·wired.com·Nov 1, 2024

Inside Sophos' 5-Year War With the Chinese Hackers Hijacking Its Devices

POLITICO Europe

Italian probe reveals “gigantic and alarming market of confidential data,” prosecutors say.

·politico.eu·Oct 27, 2024

POLITICO Europe

New Windows Driver Signature bypass allows kernel rootkit installs

Attackers can downgrade Windows kernel components to bypass security features such as Driver Signature Enforcement and deploy rootkits on fully patched systems. #Attack #Bypass #Computer #Downgrade #Elevation #Escalation #InfoSec #Privilege #Privileges #Rootkit #Security #Windows #of

#Privileges #Computer #Privilege #Security #Rootkit #Elevation #Escalation #InfoSec #Attack #Bypass #Downgrade #Windows #of

·bleepingcomputer.com·Oct 26, 2024

New Windows Driver Signature bypass allows kernel rootkit installs

Microsoft creates fake Azure tenants to pull phishers into honeypots

Microsoft is using deceptive tactics against phishing actors by spawning realistic-looking honeypot tenants with access to Azure and lure cybercriminals in to collect intelligence about them. #Accounts #Computer #Fake #Honeypot #InfoSec #Microsoft #Phishing #Security

#InfoSec #Accounts #Computer #Phishing #Honeypot #Security #Microsoft #Fake

·bleepingcomputer.com·Oct 19, 2024

Microsoft creates fake Azure tenants to pull phishers into honeypots

USDoD hacker behind National Public Data breach arrested in Brazil

A notorious hacker named USDoD, who is linked to the National Public Data and InfraGard breaches, has been arrested by Brazil's Polícia Federal in

#bleepingcomputer #EN #2024 #USDoD #InfoSec #Threat #National #Hacker #InfraGard #Data #Public #Computer #Actor #Security #Breach

·bleepingcomputer.com·Oct 18, 2024

USDoD hacker behind National Public Data breach arrested in Brazil

Jetpack fixes critical information disclosure flaw existing since 2016

WordPress plugin Jetpack released a critical security update earlier today, addressing a vulnerability that allowed a logged-in user to access forms submitted by other visitors to the site.

#bleepingcomputer #2024 #EN #Information #Security #Vulnerability #WordPress #Computer #InfoSec #Plugin #Disclosure #Jetpack

·bleepingcomputer.com·Oct 16, 2024

Jetpack fixes critical information disclosure flaw existing since 2016

MoneyGram says hackers stole customers' personal information and transaction data | TechCrunch

The money transfer giant said hackers also stole some customer Social Security numbers during the September cyberattack.

#techcrunch #EN #2024 #MoneyGram #data-breach #customer #Social #Security #numbers

·techcrunch.com·Oct 14, 2024

MoneyGram says hackers stole customers' personal information and transaction data | TechCrunch

Ivanti warns of three more CSA zero-days exploited in attacks

American IT software company Ivanti has released security updates to fix three new Cloud Services Appliance (CSA) zero-days tagged as actively exploited in attacks.

#bleepingcomputer #EN #2024 #Bypass #Ivanti #Code #Command #Actively #Remote #Services #Exploited #Injection #Execution #Security #Zero-Day #CSA #Cloud #Appliance #CVE-2024-9379 #CVE-2024-9380 #CVE-2024-9381

·bleepingcomputer.com·Oct 8, 2024

Ivanti warns of three more CSA zero-days exploited in attacks

Cyber Cops Stopped 500 Ransomware Hacks Since 2021, DHS Says - Bloomberg

Homeland Security Investigations is stopping hacks before they occur.

#bloomberg #EN #2024 #Ransomware #Homeland #Security #US #ransomware #stop

·bloomberg.com·Oct 7, 2024

Cyber Cops Stopped 500 Ransomware Hacks Since 2021, DHS Says - Bloomberg

Critical flaw in NVIDIA Container Toolkit allows full host takeover

A critical vulnerability in NVIDIA Container Toolkit impacts all AI applications in a cloud or on-premise environment that rely on it to access GPU resources.

#bleepingcomputer #EN #2024 #AI #Artificial-Intelligence #Cloud #Cloud-Security #Container-Escape #NVIDIA #Vulnerability #Security #InfoSec #Computer-Security

·bleepingcomputer.com·Oct 1, 2024

Critical flaw in NVIDIA Container Toolkit allows full host takeover

Global infostealer malware operation targets crypto users, gamers

A massive infostealer malware operation encompassing thirty campaigns targeting a broad spectrum of demographics and system platforms has been uncovered, attributed to a cybercriminal group named #Atomic #Computer #Info #InfoSec #Information #Information-stealing #Marko #Polo #Rhadamanthys #Security #Stealc #Stealer #malware

#InfoSec #Information-stealing #Computer #Info #Rhadamanthys #Stealer #Atomic #Information #Polo #Marko #malware #Security #Stealc

·bleepingcomputer.com·Sep 21, 2024

Global infostealer malware operation targets crypto users, gamers

Transport for London confirms customer data stolen in cyberattack

Transport for London (TfL) has determined that the cyberattack on September 1 impacts customer data, including names, contact details, email addresses, and home addresses. #Breach #Computer #Customer #Data #InfoSec #London #Security #TfL #Transport #for

#InfoSec #London #Security #Transport #Breach #TfL #for #Computer #Data #Customer

·bleepingcomputer.com·Sep 12, 2024

Transport for London confirms customer data stolen in cyberattack

Sextortion scams now use your "cheating" spouse’s name as a lure

A new variant of the ongoing sextortion email scams is now targeting spouses, saying that their husband or wife is cheating on them, with links to the alleged proof.

#bleepingcomputer #EN #2024 #Cheating #Spouse #Extortion #Security #Sextortion

·bleepingcomputer.com·Sep 9, 2024

Sextortion scams now use your "cheating" spouse’s name as a lure