Spyware startup Variston is losing staff — some say it’s closing | TechCrunch
In July 2021, someone sent Google a batch of malicious code that could be used to hack Chrome, Firefox, and PCs running Microsoft Defender. That code was
Gold Rush is back to APAC: Group-IB unveils first iOS trojan stealing your face
Group-IB, a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime, has uncovered a new iOS Trojan designed to steal users’ facial recognition data, identity documents, and intercept SMS. The Trojan, dubbed GoldPickaxe.iOS by Group-IB’s Threat Intelligence unit, has been attributed to a Chinese-speaking threat actor codenamed GoldFactory, responsible for developing a suite of highly sophisticated banking Trojans that also includes the earlier discovered GoldDigger and newly identified GoldDiggerPlus, GoldKefu, and GoldPickaxe for Android. To exploit the stolen biometric data, the threat actor utilizes AI face-swapping services to create deepfakes by replacing their faces with those of the victims. This method could be used by cybercriminals to gain unauthorized access to the victim’s banking account – a new fraud technique, previously unseen by Group-IB researchers. The GoldFactory Trojans target the Asia-Pacific region, specifically — Thailand and Vietnam impersonating local banks and government organizations. Group-IB’s discovery also marks a rare instance of malware targeting Apple’s mobile operating system. The detailed technical description of the Trojans, analysis of their technical capabilities, and the list of relevant indicators of compromise can be found in Group-IB’s latest blog post.
Evidence of a pre-existing exploit was rendered when the Huntress agent was added to an endpoint. Within minutes, and in part through the use of previously published threat intelligence, analysts were able to identify the issue and make recommendations to the customer to remediate the root cause.
Disrupting malicious uses of AI by state-affiliated threat actors
We terminated accounts associated with state-affiliated threat actors. Our findings show our models offer only limited, incremental capabilities for malicious cybersecurity tasks.
Microsoft is addressing 73 vulnerabilities this February 2024 Patch Tuesday, including two (actually, three!) zero-day/exploited-in-the-wild vulnerabilities, both of which are already included on the CISA KEV list. Today also brings patches for two critical remote code execution (RCE) vulnerabilities, and a critical elevation of privilege vulnerability in Exchange. Six browser vulnerabilities were published separately this month, and are not included in the total.
Imposer aux messageries de donner leurs clés pour déchiffrer les messages est illégal, estime la CEDH
La Cour européenne des droits de l’homme a donné raison à un utilisateur de l’application Telegram visé par une demande du FSB, le service de sécurité intérieure russe. La décision pourrait avoir un impact sur certaines lois en cours de discussion en Europe.
Denmark orders schools to stop sending student data to Google
The Danish data protection authority (Datatilsynet) has issued an injunction regarding student data being funneled to Google through the use of Chromebooks and Google Workspace services in the country's schools.
The Risks of the #MonikerLink Bug in Microsoft Outlook and the Big Picture
Recently, Check Point Research released a white paper titled “The Obvious, the Normal, and the Advanced: A Comprehensive Analysis of Outlook Attack Vectors”, detailing various attack vectors on Outlook to help the industry understand the security risks the popular Outlook app may bring into organizations. As mentioned in the paper, we discovered an interesting security issue in Outlook when the app handles specific hyperlinks. In this blog post, we will share our research on the issue with the security community and help defend against it. We will also highlight the broader impact of this bug in other software.
CVE-2024-21412: Water Hydra Targets Traders with Microsoft Defender SmartScreen Zero-Day
The APT group Water Hydra has been exploiting the Microsoft Defender SmartScreen vulnerability CVE-2024-21412 in its campaigns targeting financial market traders. This vulnerability, which has now been patched by Microsoft, was discovered and disclosed by the Trend Micro Zero Day Initiative.
Portal Kombat : un réseau structuré et coordonné de propagande prorusse
VIGINUM dévoile l’activité d’un réseau baptisé « Portal Kombat », constitué de « portails d’information » numériques diffusant des contenus pro-russes, couvrant positivement l’invasion russe en Ukraine et dénigrant les autorités de Kiev, afin d’influencer les opinions publiques notamment françaises.
Hackers exploit Ivanti SSRF flaw to deploy new DSLog backdoor
Hackers are exploiting a server-side request forgery (SSRF) vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy the new DSLog backdoor on vulnerable devices.
Community Alert: Ongoing Malicious Campaign Impacting Azure Cloud Environments
Over the past weeks, Proofpoint researchers have been monitoring an ongoing cloud account takeover campaign impacting dozens of Microsoft Azure environments and compromising hundreds of user accoun...
Executive Summary On December 13, 2023, Lumen’s Black Lotus Labs reported our findings on the KV-botnet, a covert data transfer network used by state-sponsored actors based in China to conduct espionage and intelligence activities targeting U.S. critical infrastructure. Around the time of the first publication, we identified a spike in activity that we assess aligns
Vaud: le canton rompt un contrat à 6 millions avec Xplain
Le Conseil d’État vaudois a décidé de mettre fin au contrat avec le prestataire informatique bernois en raison de retards et de prestations insuffisantes.
New RustDoor macOS malware impersonates Visual Studio update
A new Rust-based macOS malware spreading as a Visual Studio update to provide backdoor access to compromised systems uses infrastructure linked to the infamous ALPHV/BlackCat ransomware gang.
World Govs, Tech Giants Sign Spyware Responsibility Pledge
France, the UK, the US, and others will work on a framework for the responsible use of tools like NSO Group's Pegasus, and Shadowserver Foundation gains £1 million investment.
Hyundai Motor Europe hit by Black Basta ransomware attack
Car maker Hyundai Motor Europe suffered a Black Basta ransomware attack, with the threat actors claiming to have stolen three terabytes of corporate data.
Reward Offers for Information to Bring Hive Ransomware Variant Co-Conspirators To Justice - United States Department of State
Today, the Department of State is announcing a reward offer of up to $10,000,000 for information leading to the identification and/or location of any individual(s) who hold a key leadership position in the Hive ransomware variant transnational organized crime group. In addition, we are also announcing a reward of up to $5,000,000 for information leading […]
Ivanti: Patch new Connect Secure auth bypass bug immediately
Today, Ivanti warned of a new authentication bypass vulnerability impacting Connect Secure, Policy Secure, and ZTA gateways, urging admins to secure their appliances immediately.
Security Update for Ivanti Connect Secure and Ivanti Policy Secure Gateways
At Ivanti, our top priority is upholding our commitment to deliver and maintain secure products for our customers. Our team has been working around the clock to aggressively review all code and is singularly focused on bringing full resolution to the issues affecting Ivanti Connect Secure (formerly Pulse Connect Secure), Ivanti Policy Secure and ZTA gateways. We have been following our product incident response process and rigorously assessing our products and code alongside world-class security experts and collaborating with the broader security ecosystem to share intelligence. We are committed to communicating findings openly with customers, consistent with our commitment to security and responsible disclosure.
Raspberry Pi Pico cracks BitLocker in under a minute
We're very familiar with the many projects in which Raspberry Pi hardware is used, from giving old computers a new lease of life through to running the animated displays so beloved by retailers. But cracking BitLocker? We doubt the company will be bragging too much about that particular application. The technique was documented in a YouTube video over the weekend, which demonstrated how a Raspberry Pi Pico can be used to gain access to a BitLocker-secured device in under a minute, provided you have physical access to the device.
In 2023, ransomware actors intensified their operations, targeting high-profile institutions and critical infrastructure, including hospitals, schools, and government agencies. Major ransomware supply chain attacks were carried out exploiting the ubiquitous file transfer software MOVEit, impacting companies ranging from the BBC to British Airways. As a result of these attacks and others, ransomware gangs reached an unprecedented milestone, surpassing $1 billion in extorted cryptocurrency payments from victims. Last year’s developments highlight the evolving nature of this cyber threat and its increasing impact on global institutions and security at large.
Chinese spies hacked Dutch defence network last year - intelligence agencies
Chinese state-backed cyber spies gained access to a Dutch military network last year, Dutch intelligence agencies said on Tuesday, calling it part of a trend of Chinese political espionage against the Netherlands and its allies.