QNAP Patches High-Severity Flaws in QTS, Video Station, QuMagie, Netatalk Products
QNAP has released patches for a dozen vulnerabilities in its products, including several high-severity flaws.
CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign
This blog delves into the Phemedrone Stealer campaign's exploitation of CVE-2023-36025, the Windows Defender SmartScreen Bypass vulnerability, for its defense evasion and investigates the malware's payload.
Attack of the week: Airdrop tracing – A Few Thoughts on Cryptographic Engineering
It's been a while since I wrote an "attack of the week" post, and the fault for this is entirely mine. I've been much too busy writing boring posts about Schnorr signatures! But this week's news brings an exciting story with both technical and political dimensions: new reports claim that Chinese security agencies have developed…
SharePoint Pre-Auth RCE chain (CVE-2023–29357 & CVE-2023–24955) | STAR Labs
Brief I may have achieved successful exploitation of a SharePoint target during Pwn2Own Vancouver 2023. While the live demonstration lasted only approximately 30 seconds, it is noteworthy that the process of discovering and crafting the exploit chain consumed nearly a year of meticulous effort and research to complete the full exploit chain. This exploit chain leverages two vulnerabilities to achieve pre-auth remote code execution (RCE) on the SharePoint server: Authentication Bypass – An unauthenticated attacker can impersonate as any SharePoint user by spoofing valid JSON Web Tokens (JWTs), using the none signing algorithm to subvert signature validation checks when verifying JWT tokens used for OAuth authentication.
Active Exploitation of Two Zero-Day Vulnerabilities in Ivanti Connect Secure VPN
Volexity has uncovered active in-the-wild exploitation of two vulnerabilities allowing unauthenticated remote code execution in Ivanti Connect Secure VPN appliances. An official security advisory and knowledge base article have been released by Ivanti that includes mitigation that should be applied immediately. However, a mitigation does not remedy a past or ongoing compromise. Systems should simultaneously be thoroughly analyzed per details in this post to look for signs of a breach.
Ransomware gang takes credit for Christmas attack on global Lutheran organization
The World Council of Churches reported an incident in December, and the Lutheran World Federation said it experienced a related incident. The Rhysida gang claimed it carried out the attack on the federation.
WCC hit by ransomware attack
The World Council of Churches (WCC) communications systems have been hacked by a ransomware group.
Compromising Google Accounts: Malwares Exploiting Undocumented OAuth2 Functionality for session hijacking
A detailed blog on Analysis of the Global Malware Trend: Exploiting Undocumented OAuth2 Functionality to Regenerate Google Service Cookies Regardless of IP or Password Reset.
LastPass to enforce a 12-character requirement for master passwords
Security pros say while the 12-character requirement by LastPass is a step in the right direction, teams still need to enforce multi-factor authentication and practice continuous monitoring.
CVE-2023-27532
Veeam Backup & Replication is a data backup and replication solution. On March 7, 2023, Veeam published an advisory, along with patches, for https://nvd.nist.g…
ALPHV Ransomware Claims Cyberattack on US Firm Ultra Intelligence and Communications
Russian-speaking BlackCat/ALPHV ransomware group has claimed to have carried out a cyberattack on Ultra Intelligence and Communications, a US-based company
Three New Malicious PyPI Packages Deploy CoinMiner on Linux Devices | FortiGuard Labs
FortiGuard Labs cover the attack phases of three new PyPI packages that bear a resemblance to the culturestreak PyPI package discovered earlier this year. Learn more.
Canton de Berne: Suite à une faille de sécurité dans un système informatique: plusieurs personnes prévenues identifiées et perquisitions effectuées
Suite à une faille de sécurité, l’été dernier, dans l’application «MobileIron», également utilisée par la Police cantonale bernoise, des données d’utilisatrices et d’utilisateurs avaient manifestement pu être téléchargées et consultées. Une enquête a permis d’identifier plusieurs personnes prévenues. De plus amples investigations sont en cours.
Weak password and infostealer blamed for Orange Spain outage
No 2FA or special characters to prevent database takeover and BGP hijack
The State of Ransomware in the U.S.: Report and Statistics 2023
The U.S. was bombarded by financially-motivated ransomware attacks throughout 2023. This report looks at the numbers, the costs and the solution.
Cactus RANSOMWARE gang hit the Swedish retail and grocery provider Coop
The Cactus ransomware group claims to have hacked Coop, one of the largest retail and grocery providers in Sweden.
The biggest cybersecurity and cyberattack stories of 2023
2023 was a big year for cybersecurity, with significant cyberattacks, data breaches, new threat groups emerging, and, of course, zero-day vulnerabilities.
La ville de Nyon se cherche un SOC
Un centre opérationnel de sécurité (SOC) est essentiel pour la surveillance continue des cybermenaces et être en mesure de répondre rapidement à un incident. La ville de Nyon a lancé
Porsche To Kill ICE-Powered Macan In Europe Over Cybersecurity Laws | Carscoops
Porsche's best-selling model will be discontinued from markets within the European Union in spring of 2024
smith (CVE-2023-32434)
This write-up presents an exploit for a vulnerability in the XNU kernel: Assigned CVE-2023-32434. Fixed in iOS 16.5.1 and macOS 13.4.1. Reachable from the WebContent sandbox and might have been actively exploited. *Note that this CVE fixed multiple integer overflows, so it is unclear whether or not the integer overflow used in my exploit was also used in-the-wild. Moreover, if it was, it might not have been exploited in the same way. The exploit has been successfully tested on: iOS 16.3, 16.3.1, 16.4 and 16.5 (iPhone 14 Pro Max) macOS 13.1 and 13.4 (MacBook Air M2 2022) All code snippets shown below are from xnu-8792.81.2.
D-Link D-View 8 Unauthenticated Probe-Core Server Communication
A security issue exists in D-Link D-View 8 v2.0.2.89 and prior that could allow an attacker to manipulate the probe inventory of the D-View service. This could result in the disclosure of info
Downfall - A Slay the Spire Fan Expansion :: Downfall (Steam Standalone) was Breached. Please read.
UPDATE 12/29 - While there is no new alerts regarding the Steam product or risk of downloads, the Discord account remains compromised. I have reports that the account is trying to DM people and either send malware to them impersonating themselves as a developer, or trying to gain sensitive information. Do not engage with this account and absolutely do not click on any links sent.
Hackers Attack UK's Nuclear Waste Services Through LinkedIn
Fortunately for Radioactive Waste Management (RWM), the first-of-its-kind hacker attack on the project was unsuccessful.
Victoria Courts Confront Unprecedented Ransomware Assault on AV Technology Network
Victoria's court system fell victim to a ransomware attack allegedly orchestrated by the Qilin ransomware gang. The Victoria court ransomware
A New Kind of AI Copy Can Fully Replicate Famous People. The Law Is Powerless.
New AI-generated digital replicas of real experts expose an unnerving policy gray zone. Washington wants to fix it, but it’s not clear how.
2023, une année riche en vulnérabilités critiques
L’exploitation de vulnérabilités critiques revient en force sur le devant de la scène pour l’établissement d’un accès initial et le lancement de cyberattaques. Elles étaient nombreuses l'an dernier.
Cyberattaques : 2023, année noire pour les ESN
L’année qui s’achève a vu de nombreuses entreprises de services numériques frappées par des cyberattaques, en France et au-delà. Avec à chaque fois, un nombre conséquent d’organisations affectées indirectement.
ChatGPT-aided ransomware in China results in four arrests as AI raises cybersecurity concerns | South China Morning Post
New Black Basta decryptor exploits ransomware flaw to recover files
Researchers have created a decryptor that exploits a flaw in Black Basta ransomware, allowing victims to recover their files for free.
L'hôpital cantonal de Saint-Gall a trouvé son SOC
Le Centre hospitalier cantonal de St-Gall a attribué un contrat de 2,2 millions de francs suisses pour un service de centre opérationnel de sécurité SOC.