Search cyberveille.decio.ch

Not so lucky: BlackCat is back!

While the main trend in the cyber threat landscape in recent months has been MoveIt and Cl0p, NCC Groups’ Cyber Incident Response Team have also been handling multiple different ransomware groups over the same period. In the ever-evolving cybersecurity landscape, one consistent trend witnessed in recent years is the unsettling rise in ransomware attacks. These nefarious acts of digital extortion have left countless victims scrambling to safeguard their data, resources, and even their livelihoods. To counter this threat, every person in the cyber security theatre has a responsibility to shine light on current threat actor Tactics, Techniques and Procedures (TTP’S) to assist in improving defences and the overall threat landscape.

#nccgroup #EN #2023 #TTP #BlackCat #D0nut #Medusa #NoEscape

·research.nccgroup.com·Nov 6, 2023

Not so lucky: BlackCat is back!

Technical Advisory – SonicWall Global Management System (GMS) & Analytics – Multiple Critical Vulnerabilities

Multiple Unauthenticated SQL Injection Issues & Security Filter Bypass – CVE-2023-34133 Title: Multiple Unauthenticated SQL Injection Issues & Security Filter Bypass Risk: 9.8 (Critic…

#nccgroup #EN #SonicWall #GMS #CVE-2023-34133 #CVE-2023-34124

·research.nccgroup.com·Aug 25, 2023

Technical Advisory – SonicWall Global Management System (GMS) & Analytics – Multiple Critical Vulnerabilities

Technical Advisory – Multiple Vulnerabilities in the Galaxy App Store (CVE-2023-21433, CVE-2023-21434)

The Galaxy App Store is an alternative application store that comes pre-installed on Samsung Android devices. Several Android applications are available on both the Galaxy App Store and Google App Store, and users have the option to use either store to install specific applications. Two vulnerabilities were uncovered with the Galaxy App Store application: Technical…

#nccgroup #EN #2023 #Samsung #Galaxy #App #Store #Android #Advisory #CVE-2023-21433 #CVE-2023-21434

·research.nccgroup.com·Jan 21, 2023

Technical Advisory – Multiple Vulnerabilities in the Galaxy App Store (CVE-2023-21433, CVE-2023-21434)

A glimpse into the shadowy realm of a Chinese APT: detailed analysis of a ShadowPad intrusion – NCC Group Research

This post explores some of the TTPs employed by a threat actor who was observed deploying ShadowPad during an incident response engagement.

#nccgroup #EN #2022 #TTP #research #ShadowPad #CVE-2022-29464 #secur32.dll

·research.nccgroup.com·Oct 3, 2022

A glimpse into the shadowy realm of a Chinese APT: detailed analysis of a ShadowPad intrusion – NCC Group Research

Remote Code Execution on Western Digital PR4100 NAS (CVE-2022-23121)

This blog post describes an unchecked return value vulnerability found and exploited in September 2021 by Alex Plaskett, Cedric Halbronn and Aaron Adams working at the Exploit Development Group (EDG) of NCC Group. We successfully exploited it at Pwn2Own 2021 competition in November 2021 when targeting the Western Digital PR4100.

#CVE-2022-23121 #nccgroup #EN #2022 #Netatalk #WesternDigital #vulnerability #AppleDouble

·research.nccgroup.com·May 24, 2022

Remote Code Execution on Western Digital PR4100 NAS (CVE-2022-23121)

Technical Advisory – Multiple Vulnerabilities in the Galaxy App Store (CVE-2023-21433, CVE-2023-21434)

The Galaxy App Store is an alternative application store that comes pre-installed on Samsung Android devices. Several Android applications are available on both the Galaxy App Store and Google App Store, and users have the option to use either store to install specific applications. Two vulnerabilities were uncovered with the Galaxy App Store application: Technical…

#nccgroup #EN #2023 #Samsung #Galaxy #App #Store #Android #Advisory #CVE-2023-21433 #CVE-2023-21434

·research.nccgroup.com·Jan 21, 2023

Technical Advisory – Multiple Vulnerabilities in the Galaxy App Store (CVE-2023-21433, CVE-2023-21434)

A glimpse into the shadowy realm of a Chinese APT: detailed analysis of a ShadowPad intrusion – NCC Group Research

This post explores some of the TTPs employed by a threat actor who was observed deploying ShadowPad during an incident response engagement.

#nccgroup #EN #2022 #TTP #research #ShadowPad #CVE-2022-29464 #secur32.dll

·research.nccgroup.com·Oct 3, 2022

A glimpse into the shadowy realm of a Chinese APT: detailed analysis of a ShadowPad intrusion – NCC Group Research

Remote Code Execution on Western Digital PR4100 NAS (CVE-2022-23121)

This blog post describes an unchecked return value vulnerability found and exploited in September 2021 by Alex Plaskett, Cedric Halbronn and Aaron Adams working at the Exploit Development Group (EDG) of NCC Group. We successfully exploited it at Pwn2Own 2021 competition in November 2021 when targeting the Western Digital PR4100.

#CVE-2022-23121 #nccgroup #EN #2022 #Netatalk #WesternDigital #vulnerability #AppleDouble

·research.nccgroup.com·May 24, 2022

Remote Code Execution on Western Digital PR4100 NAS (CVE-2022-23121)

This blog post describes an unchecked return value vulnerability found and exploited in September 2021 by Alex Plaskett, Cedric Halbronn and Aaron Adams working at the Exploit Development Group (EDG) of NCC Group. We successfully exploited it at Pwn2Own 2021 competition in November 2021 when targeting the Western Digital PR4100.

#CVE-2022-23121 #nccgroup #EN #2022 #Netatalk #WesternDigital #vulnerability #AppleDouble

·research.nccgroup.com·May 24, 2022

Remote Code Execution on Western Digital PR4100 NAS (CVE-2022-23121)