Search cyberveille.decio.ch

Found 1407 bookmarks

Custom sorting

The Hidden Treasures of Crash Reports

Sadly, nobody really loves crash reports, but I’m here to change that! This research, a crash course on crash reports, will highlight how these often overlooked files are an invaluable source of information, capable of revealing malware infections, exploitation attempts, or even buggy (exploitable?) system code. Such insights are critical for defense and offense, empowering us to either protect or exploit macOS systems.

#objective-see #EN #2024 #crash-report #course #Hidden #analysis #macos

·objective-see.org·Aug 15, 2024

The Hidden Treasures of Crash Reports

Troy Hunt: Inside the "3 Billion People" National Public Data Breach

I decided to write this post because there's no concise way to explain the nuances of what's being described as one of the largest data breaches ever. Usually, it's easy to articulate a data breach; a service people provide their information to had someone snag it through an act of unauthorised access and publish a discrete corpus of information that can be attributed back to that source. But in the case of National Public Data, we're talking about a data aggregator most people had never heard of where a "threat actor" has published various partial sets of data with no clear way to attribute it back to the source. And they're already the subject of a class action, to add yet another variable into the mix. I've been collating information related to this incident over the last couple of months, so let me talk about what's known about the incident, what data is circulating and what remains a bit of a mystery.

#troyhunt #EN #2024 #3billion #National #Public #Data #Breach #data-breach #USDoD

·troyhunt.com·Aug 15, 2024

Troy Hunt: Inside the "3 Billion People" National Public Data Breach

Want to Win a Bike Race? Hack Your Rival’s Wireless Shifters | WIRED

Please don’t, actually. But do update your Shimano Di2 shifters’ software to prevent a new radio-based form of cycling sabotage. #bicycles #cyberattacks #cybersecurity #cycling #fitness #hacks #security

#wired #EN #2024 #fitness #hacks #Shimano #cycling

·wired.com·Aug 14, 2024

Want to Win a Bike Race? Hack Your Rival’s Wireless Shifters | WIRED

Inside the FBI's Dashboard for Wiretapping the World

Never-before-published screenshots of an internal FBI tool show how the agency monitored millions of messages from the secretly backdoored messaging app Anom.

#404media #EN #2024 #Anom #images #dahsboard #FBI

·404media.co·Aug 14, 2024

Inside the FBI's Dashboard for Wiretapping the World

Extension Trojan Malware Campaign

Malwares make no distinction between corporate and personal devices. Therefore, past perceptions of different levels of antivirus for businesses and households must be challenged. ReasonLabs is the first endpoint protection based on a multilayered machine-learning engine, that provides enterprise-grade security for all your personal devices.

#reasonlabs #EN #2024 #Extension #Trojan #Malware #Campaign

·reasonlabs.com·Aug 14, 2024

Extension Trojan Malware Campaign

Russia-linked phishing campaigns ensnare civil society and NGOs

Russia-linked phishing campaigns are targeting civil society and NGOs operating in the region and abroad, according to a new investigation by Access Now and the Citizen Lab.

#accessnow #EN #2024 #Russia #Russia-linked #phishing #campaigns #NGO #civil-society

·accessnow.org·Aug 14, 2024

Russia-linked phishing campaigns ensnare civil society and NGOs

Critical SAP flaw allows remote attackers to bypass authentication

SAP has released its security patch package for August 2024, addressing 17 vulnerabilities, including a critical authentication bypass that could allow remote attackers to fully compromise the system.

#bleepingcomputer #EN #2024 #Authentication-Bypass #SAP #SSRF #Vulnerability #CVE-2024-41730

·bleepingcomputer.com·Aug 13, 2024

Critical SAP flaw allows remote attackers to bypass authentication

CVE-2024-39825 and CVE-2024-39818: High-Risk Zoom Flaws Require Urgent Updates

Among the most critical are CVE-2024-39825 and CVE-2024-39818, both with a CVSS score of 8.5, indicating a high level of severity

#securityonline #EN #2024 #CVE-2024-39825 #CVE-2024-39818 #High-Risk #Zoom

·securityonline.info·Aug 13, 2024

CVE-2024-39825 and CVE-2024-39818: High-Risk Zoom Flaws Require Urgent Updates

CVE-2024-23897 Enabled Ransomware Attack on Indian Banks

CVE-2024-23897 is an unauthenticated arbitary file read vulnerability in Jenkins CLI used by RansomEXX to target small Indian banks.

#juniper #EN #2024 #CVE-2024-23897 #Ransomware #Jenkins #RansomEXX #ransom-note

·blogs.juniper.net·Aug 13, 2024

CVE-2024-23897 Enabled Ransomware Attack on Indian Banks

Exploitable PoC Released for CVE-2024-38077: 0-Click RCE Threatens All Windows Servers

Security researchers have detailed and published a PoC exploit code for a critical vulnerability, designated as CVE-2024-38077 (CVSS 9.8)

#securityonline #EN #2024 #CVE-2024-38077 #RCE #PoC #exploit #code

·securityonline.info·Aug 13, 2024

Exploitable PoC Released for CVE-2024-38077: 0-Click RCE Threatens All Windows Servers

Suspected head of prolific cybercrime groups arrested and extradited - National Crime Agency

The National Crime Agency leads the UK's fight to cut serious and organised crime.

#nationalcrimeagency.gov.uk #EN #2024 #organised-crime #J.P.Morgan #Reveton #Angler

·nationalcrimeagency.gov.uk·Aug 13, 2024

Suspected head of prolific cybercrime groups arrested and extradited - National Crime Agency

Compromising Microsoft's AI Healthcare Chatbot Service

Tenable finds privilege-escalation issues in Azure Health Bot via an SSRF, which allowed access to cross-tenant resources.

#tenable #en #2024 #azure #azure-health-bot #tenable-research #ssrf #vulnerability #cross-tenant-access #artificial-intelligence #ai-security

·tenable.com·Aug 13, 2024

Compromising Microsoft's AI Healthcare Chatbot Service

Don’t get Mad, get wise

The “Mad Liberator” ransomware group leverages social-engineering moves to watch out for

#sophos #EN #2024 #MadLiberator #ransomware #group #social-engineering

·news.sophos.com·Aug 13, 2024

Don’t get Mad, get wise

Exploiting pfsense Remote Code Execution – CVE-2022-31814

Greetings everyone, In this write-up, we will be exploring the interesting exploitation that has been done against the pfsense CVE-2022-31814. What is pfsense? pfSense software is a FreeBSD-based operating system designed to install and configure a firewall that can be easily configured via the web interface and installed on any PC. With all of the

#laburity.com #en #2024 #pfsense #Remote #Code #Execution #CVE-2022-31814

·laburity.com·Aug 13, 2024

Exploiting pfsense Remote Code Execution – CVE-2022-31814

NIST's Post-Quantum Cryptography Standards Are Here - IEEE Spectrum

Today, the National Institute of Standards and Technology (NIST) announced the first standardization of three cryptography schemes that are immune against the threat of quantum computers, known as post-quantum cryptography (PQC) schemes. With these standards in hand, NIST is encouraging computer system administrators to begin transitioning as soon as possible.

#ieee.org #en #2024 #quantum-computing #nist #standards #security #cryptography

·spectrum.ieee.org·Aug 13, 2024

NIST's Post-Quantum Cryptography Standards Are Here - IEEE Spectrum

60 Hurts per Second – How We Got Access to Enough Solar Power to Run the United States

Bitdefender researchers have identified a series of vulnerabilities in PV plant management platforms operated by Solarman and Deye. This platform is responsible for coordinating production operations of millions of solar installations worldwide generating a whopping output of approximately 195 GW of solar power (20% of the global solar production) If exploited, these vulnerabilities could allow an attacker to control inverter settings that could take parts of the grid down, potentially causing blackouts. * These vulnerabilities have been communicated to the affected vendors and fixed.

#bitdefender #EN #2024 #Solar #Power #plant #management #IoT #Solarman #Deye

·bitdefender.com·Aug 13, 2024

60 Hurts per Second – How We Got Access to Enough Solar Power to Run the United States

Technical Exploits of HID's iClass SE Discovered, To Be Revealed at DEF CON 32

Researchers have "reverse-engineered" HID's iCLASS SE platform and will be "revealing some cryptographic keys to the kingdom."

#ipvm.com #EN #2024 #defcon2024 #iclass-se #HID #exploit

·ipvm.com·Aug 13, 2024

Technical Exploits of HID's iClass SE Discovered, To Be Revealed at DEF CON 32

Feds seize Radar/Dispossessor ransomware gang servers in US and Europe

The agency said at least 43 companies have been attacked by the group in the U.S., South America, India, Europe, the United Arab Emirates, and elsewhere.

#therecord.media #EN #2024 #Radar #Dispossessor #lockbit #seized #FBI

·therecord.media·Aug 13, 2024

Feds seize Radar/Dispossessor ransomware gang servers in US and Europe

CrowdStrike Exec Shows Up to Accept 'Most Epic Fail' Award in Person

CrowdStrike President Michael Sentonas appears at DEF CON's annual Pwnie Awards to accept the 'award' because 'we got this horribly wrong [and] it's super important to own it.'

#pcmag #crowdstrike #EN #2024 #defcon2024 #CrowdStrike #PwnieAwards

·uk.pcmag.com·Aug 13, 2024

CrowdStrike Exec Shows Up to Accept 'Most Epic Fail' Award in Person

Improving Apache httpd Protections Proactively with Orange Tsai of DEVCORE

In collaboration with renowned security researcher Orange Tsai and DEVCORE, Akamai researchers have issued early-release remediations to Apache CVEs for our Akamai App & API Protector customers. Tsai presented his research at Black Hat USA 2024 and outlined the details for many Apache HTTP Server (httpd) vulnerabilities that were recently patched. Before his Black Hat presentation, the Akamai Security Intelligence Group (SIG) proactively contacted Tsai to facilitate the sharing of technique details for proactive defense for our customers. * App & API Protector customers who are in automatic mode have existing and updated protections.

#akamai #OrangeTsai #EN #2024 #DEVCORE #vulnerabilities #Apache #httpd #CVE-2024-38475 #CVE-2024-38472 #CVE-2024-39573 #CVE-2024-38477

·akamai.com·Aug 12, 2024

Improving Apache httpd Protections Proactively with Orange Tsai of DEVCORE

Ongoing Social Engineering Campaign Refreshes Payloads

On June 20, 2024, Rapid7 identified multiple intrusion attempts by threat actors utilizing Techniques, Tactics, and Procedures (TTPs) that are consistent with an ongoing social engineering campaign being tracked by Rapid7.

#rapid7 #EN #2024 #TTPs #Social-engineering #Campaign #analysis #BlackBasta

·rapid7.com·Aug 12, 2024

Ongoing Social Engineering Campaign Refreshes Payloads

Spyware Company Seeks Legal Takedown

We have received a takedown notice from the company mSpy, alleging that the domain ddosecrets.com, specifically the section https://data.ddosecrets.com/MSpy/, is hosting stolen personal and corporate data belonging to them.

#flokinet #EN #2024 #MSpy #Takedown #takedown #ddosecrets

·blog.flokinet.is·Aug 12, 2024

Spyware Company Seeks Legal Takedown

Chained for attack: OpenVPN vulnerabilities discovered leading to RCE and LPE | Microsoft Security Blog

Microsoft researchers found multiple vulnerabilities in OpenVPN that could lead to an attack chain allowing remote code execution and local privilege escalation. This attack chain could enable attackers to gain full control over targeted endpoints, potentially resulting in data breaches, system compromise, and unauthorized access to sensitive information.

#microsoft #EN #2024 #OpenVPN #vulnerabilities #discovered #RCE #CVE-2024-27459 #CVE-2024-27903

·microsoft.com·Aug 12, 2024

Chained for attack: OpenVPN vulnerabilities discovered leading to RCE and LPE | Microsoft Security Blog

Security bugs in ransomware leak sites helped save six companies from paying hefty ransoms

The vulnerabilities allowed one security researcher to peek inside the leak sites without having to log in.

#techcrunch #EN #2024 #Atropos.ai #web #bug #leak-site #ransomware

·techcrunch.com·Aug 12, 2024

Security bugs in ransomware leak sites helped save six companies from paying hefty ransoms

A Dive into Earth Baku’s Latest Campaign

Since late 2022, Earth Baku has broadened its scope from the Indo-Pacific region to Europe, the Middle East, and Africa. Their latest operations demonstrate sophisticated techniques, such as exploiting public-facing applications like IIS servers for initial access and deploying the Godzilla webshell for command and control.

#trendmicro #EN #2024 #APT41 #malware #apt-&-targeted-attacks #research #EarthBaku #reports

·trendmicro.com·Aug 12, 2024

A Dive into Earth Baku’s Latest Campaign

Hackers leak 2.7 billion data records with Social Security numbers

Almost 2.7 billion records of personal information for people in the United States were leaked on a hacking forum, exposing names, social security numbers, all known physical addresses, and possible aliases.

#bleepingcomputer #EN #2024 #Class-Action-Lawsuit #Data-Breach #National-Public-Data #Personal-Information #Social-Security-Number #US

·bleepingcomputer.com·Aug 12, 2024

Hackers leak 2.7 billion data records with Social Security numbers

Iran Targeting 2024 US Election

Discover how Iran is allegedly targeting the 2024 US election, the potential impacts, and the measures being taken to safeguard the democratic process.

#microsoft #EN #2024 #Iran #election #US

·blogs.microsoft.com·Aug 12, 2024

Iran Targeting 2024 US Election

Trump campaign confirms it was hacked after POLITICO received internal documents from "Robert"

The campaign suggested Iran was to blame. POLITICO has not independently verified the identity of the hacker or their motivation.

#politico #EN #2024 #Trump #campaign #leak #data-leak

·politico.com·Aug 12, 2024

Trump campaign confirms it was hacked after POLITICO received internal documents from "Robert"

Threat Actors’ Toolkit: Leveraging Sliver, PoshC2 & Batch Scripts

In early December of 2023, we discovered an open directory filled with batch scripts, primarily designed for defense evasion and executing command and control payloads. These scripts execute various actions, including disabling antivirus processes and stopping services related to SQL, Hyper-V, security tools, and Exchange servers. This report also highlights scripts responsible for erasing backups, wiping event logs, and managing the installation or removal of remote monitoring tools like Atera. Our investigation uncovered the use of additional tools, including Ngrok for proxy services, SystemBC, and two well-known command and control frameworks: Sliver and PoshC2. The observed servers show long term usage by the threat actors, appearing in The DFIR Report Threat Feeds as far back as September 2023. They have been active intermittently since then, with the most recent activity detected in August 2024. Ten new sigma rules were created from this report and added to our private sigma ruleset

#thedfirreport #EN #2024 #Toolkit #investigation #open-directory #PoshC2 #Batch-Scripts

·thedfirreport.com·Aug 12, 2024

Threat Actors’ Toolkit: Leveraging Sliver, PoshC2 & Batch Scripts

How a cybersecurity researcher befriended, then doxed, the leader of LockBit

Jon DiMaggio used sockpuppet accounts, then his own identity, to infiltrate LockBit and gain the trust of its alleged admin, Dmitry Khoroshev.

#techcrunch #en #2024 #LockBit #JonDiMaggio #doxing #ransomware #gang #infiltration

·techcrunch.com·Aug 12, 2024

How a cybersecurity researcher befriended, then doxed, the leader of LockBit