Search cyberveille.decio.ch

Found 39 bookmarks

Custom sorting

Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344

ESET researchers have discovered a vulnerability that allows bypassing UEFI Secure Boot, affecting the majority of UEFI-based systems. This vulnerability, assigned CVE-2024-7344, was found in a UEFI application signed by Microsoft’s Microsoft Corporation UEFI CA 2011 third-party UEFI certificate. Exploitation of this vulnerability leads to the execution of untrusted code during system boot, enabling potential attackers to easily deploy malicious UEFI bootkits (such as Bootkitty or BlackLotus) even on systems with UEFI Secure Boot enabled, regardless of the installed operating system.

#welivesecurity #EN #2025 #CVE-2024-7344 #UEFI #Secure #Boot #vulnerability #certificate

·welivesecurity.com·Jan 19, 2025

Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344

Bootkitty: Analyzing the first UEFI bootkit for Linux

ESET's discovery of the first UEFI bootkit designed for Linux sendss an important message: UEFI bootkits are no longer confined to Windows systems alone.

#welivesecurity #EN #2024 #Bootkitty #UEFI #bootkit #Linux

·welivesecurity.com·Nov 28, 2024

Bootkitty: Analyzing the first UEFI bootkit for Linux

Life on a crooked RedLine: Analyzing the infamous infostealer’s backend

Following the takedown of RedLine Stealer by international authorities, ESET researchers are publicly releasing their research into the infostealer’s backend modules.

#welivesecurity #EN #2024 #analysis #RedLine #infostealer #backend

·welivesecurity.com·Nov 11, 2024

Life on a crooked RedLine: Analyzing the infamous infostealer’s backend

Embargo ransomware: Rock’n’Rust

ESET researchers uncover new Rust-based tools that we named MDeployer and MS4Killer and that are actively utilized by a new ransomware group called Embargo.

#welivesecurity #EN #2024 #Embargo #ransomware #analysis

·welivesecurity.com·Oct 25, 2024

Embargo ransomware: Rock’n’Rust

Telekopye transitions to targeting tourists via hotel booking scam

ESET Research shares new findings about Telekopye, a scam toolkit used to defraud people on online marketplaces, and newly on accommodation booking platforms.

#welivesecurity #EN #Telekopye #marketplaces #scam

·welivesecurity.com·Oct 14, 2024

Telekopye transitions to targeting tourists via hotel booking scam

NGate Android malware relays NFC traffic to steal cash

ESET Research uncovers Android malware that relays NFC data from victims’ payment cards, via victims’ mobile phones, to the device of a perpetrator waiting at an ATM.

#ESET #welivesecurity #EN #2024 #Android #malware #NFC #ATM

·welivesecurity.com·Aug 23, 2024

NGate Android malware relays NFC traffic to steal cash

To the Moon and back(doors): Lunar landing in diplomatic missions

ESET researchers provide technical analysis of the Lunar toolset, likely used by the Turla APT group, that infiltrated a European ministry of foreign affairs

#welivesecurity #EN #2024 #Lunar #toolset #Turla #APT #EU #European #ministry #analysis

·welivesecurity.com·May 17, 2024

To the Moon and back(doors): Lunar landing in diplomatic missions

A pernicious potpourri of Python packages in PyPI

The past year has seen over 10,000 downloads of malicious packages hosted on the official Python package repository, ESET research finds.

#welivesecurity #EN #2023 #Python #packages #malicious #PyPI

·welivesecurity.com·Dec 15, 2023

A pernicious potpourri of Python packages in PyPI

Telekopye: Chamber of Neanderthals’ secrets

ESET research shares insights about groups operating Telekopye, Telegram bots that scam people in online marketplaces, their internal onboarding process, different tricks of trade that Neanderthals use, and more.

#welivesecurity #ESET #2023 #EN #research #Telekopye #Telegram #bots

·welivesecurity.com·Nov 27, 2023

Telekopye: Chamber of Neanderthals’ secrets

Winter Vivern exploits zero-day vulnerability in Roundcube Webmail servers

ESET Research discover campaigns by the Winter Vivern APT group that exploit a zero-day XSS vulnerability in the Roundcube Webmail server and target governmental entities and a think tank in Europe.

#welivesecurity #ESET #2023 #EN #WinterVivern #APT #zero-day #XSS #vulnerability #Roundcube

·welivesecurity.com·Oct 27, 2023

Winter Vivern exploits zero-day vulnerability in Roundcube Webmail servers

Lazarus luring employees with trojanized coding challenges: The case of a Spanish aerospace company

ESET researchers uncover a Lazarus attack against an aerospace company in Spain, where the group deployed several tools, including a publicly undocumented backdoor we named LightlessCan.

#welivesecurity #2023 #ESET #Spain #LightlessCan #Lazarus #lure #aerospace #challenges

·welivesecurity.com·Sep 29, 2023

Lazarus luring employees with trojanized coding challenges: The case of a Spanish aerospace company

Telekopye: Hunting Mammoths using Telegram bot

ESET researchers uncover a toolkit that operates as a Telegram bot and helps scammers target victims on online marketplaces, mainly in Russia.

#welivesecurity #EN #2023 #telegram #bot #ESET #scammers #Russia

·welivesecurity.com·Aug 30, 2023

Telekopye: Hunting Mammoths using Telegram bot

MoustachedBouncer: Espionage against foreign diplomats in Belarus

MoustachedBouncer is a cyberespionage group discovered by ESET Research and first publicly disclosed in this blogpost. The group has been active since at least 2014 and only targets foreign embassies in Belarus. Since 2020, MoustachedBouncer has most likely been able to perform adversary-in-the-middle (AitM) attacks at the ISP level, within Belarus, in order to compromise its targets. The group uses two separate toolsets that we have named NightClub and Disco.

#welivesecurity #EN #2023 #MoustachedBouncer #cyberespionage #AitM #Belarus

·welivesecurity.com·Aug 11, 2023

MoustachedBouncer: Espionage against foreign diplomats in Belarus

Linux malware strengthens links between Lazarus and the 3CX supply‑chain attack

Similarities with newly discovered Linux malware used in Operation DreamJob corroborate the theory that the 3CX attack was carried out by Lazarus.

#welivesecurity #EN #2023 #3CX #Lazarus #Operation #DreamJob

·welivesecurity.com·Apr 21, 2023

Linux malware strengthens links between Lazarus and the 3CX supply‑chain attack

BlackLotus UEFI bootkit: Myth confirmed

ESET researchers are the first to publish an analysis of BlackLotus, the first in-the-wild UEFI bootkit capable of bypassing UEFI Secure Boot.

#welivesecurity #EN #2023 #bootkit #UEFI #IoCs

·welivesecurity.com·Mar 2, 2023

BlackLotus UEFI bootkit: Myth confirmed

StrongPity espionage campaign targeting Android users

ESET researchers uncover an active StrongPity campaign that spreads a trojanized version of the Android Telegram app posing as the Shagle video chat app.

#welivesecurity #EN #2023 #ESET #Android #Telegram #trojanized #Shagle

·welivesecurity.com·Jan 11, 2023

StrongPity espionage campaign targeting Android users

Domestic Kitten campaign spying on Iranian citizens with new FurBall malware

ESET researchers recently identified a new version of the Android malware FurBall being used in a Domestic Kitten campaign conducted by the APT-C-50 group. The Domestic Kitten campaign is known to conduct mobile surveillance operations against Iranian citizens and this new FurBall version is no different in its targeting. Since June 2021, it has been distributed as a translation app via a copycat of an Iranian website that provides translated articles, journals, and books. The malicious app was uploaded to VirusTotal where it triggered one of our YARA rules (used to classify and identify malware samples), which gave us the opportunity to analyze it.

#WeLiveSecurity #EN #2022 #FurBall #APT-C-50 #surveillance #Iran #research

·welivesecurity.com·Oct 21, 2022

Domestic Kitten campaign spying on Iranian citizens with new FurBall malware

POLONIUM targets Israel with Creepy malware

ESET researchers analyzed previously undocumented custom backdoors and cyberespionage tools deployed in Israel by the POLONIUM APT group.

#welivesecurity #EN #2022 #research #POLONIUM #Israel #malware #APT

·welivesecurity.com·Oct 13, 2022

POLONIUM targets Israel with Creepy malware

Amazon‑themed campaigns of Lazarus in the Netherlands and Belgium

ESET researchers have discovered Lazarus attacks against targets in the Netherlands and Belgium that use spearphishing emails connected to fake job offers.

#welivesecurity #EN #2022 #Lazarus #report #campaign #Netherlands #Belgium #spearphishing

·welivesecurity.com·Oct 2, 2022

Amazon‑themed campaigns of Lazarus in the Netherlands and Belgium

Operation In(ter)ception: Aerospace and military companies in the crosshairs of cyberspies | WeLiveSecurity

ESET research uncovers attacks against several high-profile aerospace and military companies in Europe and the Middle East, with several hints suggesting a possible link to the Lazarus group.

#welivesecurity #EN #2022 #Lazarus-Group #military #Europe #Lazarus #Operation #North-Korea

·welivesecurity.com·Aug 18, 2022

Operation In(ter)ception: Aerospace and military companies in the crosshairs of cyberspies | WeLiveSecurity

I see what you did there: A look at the CloudMensis macOS spyware

ESET uncovers CloudMensis, a macOS backdoor that spies on users of Mac devices and communicates with its operators via public cloud storage services.

#WeLiveSecurity #EN #2022 #macOS #spyware #CloudMensis #ESET

·welivesecurity.com·Jul 19, 2022

I see what you did there: A look at the CloudMensis macOS spyware

Industroyer2: Industroyer reloaded

ESET researchers have responded to a cyber-incident that affected an energy provider in Ukraine and involved ICS-capable malware called Industroyer2.

#welivesecurity #Industroyer2 #Industroyer #EN #2022 #Ukraine #cyberwar #ICS #research

·welivesecurity.com·Apr 12, 2022

Industroyer2: Industroyer reloaded

IsaacWiper and HermeticWizard: New wiper and worm targeting Ukraine

ESET researchers uncover IsaacWiper, a new wiper that attacks Ukrainian organizations and HermeticWizard, a worm spreading HermeticWiper in local networks.

#ESET #IsaacWiper #HermeticWizard #EN #2022 #welivesecurity #Ukraine #datawiping #attacks #cyberwar

·welivesecurity.com·Mar 1, 2022

IsaacWiper and HermeticWizard: New wiper and worm targeting Ukraine

Watering hole deploys new macOS malware, DazzleSpy, in Asia

The website of a Hong Kong pro-democracy radio station was compromised to serve a Safari exploit that installed cyberespionage malware on visitors’ Macs.

#DazzleSpy #macOS #WeLiveSecurity #wateringhole #EN #malware #WebKit #exploit #Asia

·welivesecurity.com·Feb 15, 2022

Watering hole deploys new macOS malware, DazzleSpy, in Asia

BlackLotus UEFI bootkit: Myth confirmed

ESET researchers are the first to publish an analysis of BlackLotus, the first in-the-wild UEFI bootkit capable of bypassing UEFI Secure Boot.

#welivesecurity #EN #2023 #bootkit #UEFI #IoCs

·welivesecurity.com·Mar 2, 2023

BlackLotus UEFI bootkit: Myth confirmed

StrongPity espionage campaign targeting Android users

ESET researchers uncover an active StrongPity campaign that spreads a trojanized version of the Android Telegram app posing as the Shagle video chat app.

#welivesecurity #EN #2023 #ESET #Android #Telegram #trojanized #Shagle

·welivesecurity.com·Jan 11, 2023

StrongPity espionage campaign targeting Android users

Domestic Kitten campaign spying on Iranian citizens with new FurBall malware

#WeLiveSecurity #EN #2022 #FurBall #APT-C-50 #surveillance #Iran #research

·welivesecurity.com·Oct 21, 2022

Domestic Kitten campaign spying on Iranian citizens with new FurBall malware

POLONIUM targets Israel with Creepy malware

ESET researchers analyzed previously undocumented custom backdoors and cyberespionage tools deployed in Israel by the POLONIUM APT group.

#welivesecurity #EN #2022 #research #POLONIUM #Israel #malware #APT

·welivesecurity.com·Oct 13, 2022

POLONIUM targets Israel with Creepy malware

Amazon‑themed campaigns of Lazarus in the Netherlands and Belgium

ESET researchers have discovered Lazarus attacks against targets in the Netherlands and Belgium that use spearphishing emails connected to fake job offers.

#welivesecurity #EN #2022 #Lazarus #report #campaign #Netherlands #Belgium #spearphishing

·welivesecurity.com·Oct 2, 2022

Amazon‑themed campaigns of Lazarus in the Netherlands and Belgium

Operation In(ter)ception: Aerospace and military companies in the crosshairs of cyberspies | WeLiveSecurity

ESET research uncovers attacks against several high-profile aerospace and military companies in Europe and the Middle East, with several hints suggesting a possible link to the Lazarus group.

#welivesecurity #EN #2022 #Lazarus-Group #military #Europe #Lazarus #Operation #North-Korea

·welivesecurity.com·Aug 18, 2022

Operation In(ter)ception: Aerospace and military companies in the crosshairs of cyberspies | WeLiveSecurity