Hackers steal Swiss police and customs data
Hackers have published data from the federal police and customs offices on the Darknet, after an attack on the servers of the host company.
Russian Radio Stations Hacked, Fake Putin Message Announcing Invasion of Russia Broadcast
The voice, very similar to President Putin’s, also announced martial law, general mobilisation and the evacuation of civilians in three regions bordering Ukraine.
MOVEit hack: BBC, BA and Boots among cyber attack victims
Staff at multiple organisations are warned of a payroll data breach after an IT supplier is hacked.
New Magecart-Style Campaign Abusing Legitimate Websites to Attack Others | Akamai
Akamai researchers have identified a new Magecart-style skimmer campaign that hides behind legitimate website domains to steal PII and credit card information.
Rapid7 Observed Exploitation of Critical MOVEit Transfer Vulnerability
Rapid7 is observing exploitation of a critical vulnerability in Progress Software’s MOVEit Transfer solution across multiple customer environments.
Enzo Biochem Ransomware Attack Exposes Information of 2.5M Individuals - SecurityWeek
Enzo Biochem says the clinical test information of roughly 2.47 million individuals was exposed in a recent ransomware attack.
Bypassing SELinux with init_module
There are two Linux system calls for loading a kernel module - init_module and finit_module. By leveraging init_module, I bypassed a filesystem-based SELinux rule that prevented me from loading a kernel module through traditional means (e.g., insmod). I then disabled SELinux from kernel-space. Proof of concept code can be found on my GitHub.
New macOS vulnerability, Migraine, could bypass System Integrity Protection | Microsoft Security Blog
A new vulnerability, which we refer to as “Migraine” for its involvement with macOS migration, could allow an attacker with root access to automatically bypass System Integrity Protection (SIP) in macOS and perform arbitrary operations on a device
‘Gravity Forms’ WordPress Plugin Found Vulnerable to PHP Object Injection
Gravity Forms, a popular WordPress plugin, has been found vulnerable to unauthenticated PHP Object Injection attacks.
Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft
Analysis of a zero-day vulnerability in MOVEit Transfer, and containment and hardening guidance.
“Clickless” iOS exploits infect Kaspersky iPhones with never-before-seen malware | Ars Technica
"Operation Triangulation" stole mic recordings, photos, geolocation, and more.
Ask Fitis, the Bear: Real Crooks Sign Their Malware
Code-signing certificates are supposed to help authenticate the identity of software publishers, and provide cryptographic assurance that a signed piece of software has not been altered or tampered with. Both of these qualities make stolen or ill-gotten code-signing certificates attractive…
A Matter of Triangulation.
Hi all, Today we have very big and important news. Kaspersky experts have discovered an extremely complex, professionally targeted cyberattack that uses Apple’s mobile devices. The purpose of this attack is the inconspicuous introduction of spyware into the iPhones of employees of the company – both top and middle-management. The attack is carried out using
Zero Day Initiative — CVE-2023-24941: Microsoft Network File System Remote Code Execution
In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Quinton Crist, Guy Lederfein, and Lucas Miller of the Trend Micro Research Team detail a recently patched remote code execution vulnerability in the Microsoft Network File Service (NFS). This bug was originally dis
Swiss real estate agency fails to put a password on its systems
- A misconfiguration of Swiss real estate agency Neho’s systems exposed sensitive credentials to the public. * Using leaked data, threat actors could potentially breach the company’s internal systems and hijack official communication channels. * Real estate agencies handle sensitive data, including customers' personally identifiable information, bank account details, and other data highly valued by cybercriminals. Ensuring cybersecurity is vital. * Cybernews reached out to Neho and the company fixed the issue.
Millions of Gigabyte Motherboards Were Sold With a Firmware Backdoor | WIRED
Hidden code in hundreds of models of Gigabyte motherboards invisibly and insecurely downloads programs—a feature ripe for abuse, researchers say.
2023-05-31 // SITUATIONAL AWARENESS // Spyboy Defense Evasion Tool Advertised Online
On May 21, 2023, an online persona named spyboy began advertising an endpoint defense evasion tool for the Windows operating system via the Russian-language forum Ramp. The author claims that the software — seen in a demonstration video as being titled “Terminator” — can bypass twenty three (23) EDR and AV controls. At time of writing, spyboy is pricing the software from $300 USD (single bypass) to $3,000 USD (all-in-one bypass).
EDR bypassing via memory manipulation techniques | WithSecure™ Labs
Endpoint Detection & Response systems (EDR), delivered by in-house teams or as part of a managed service, are a feature of modern intrusion detection and remediation operations. This success is a problem for attackers, and malicious actors have worked to find new ways to evade EDR detection capabilities. PDF Document
New hacking forum leaks data of 478,000 RaidForums members
A database for the notorious RaidForums hacking forums has been leaked online, allowing threat actors and security researchers insight into the people who frequented the forum.
Hauts-de-Seine : les petits pirates informatiques avaient rançonné le pôle Leonard de Vinci
Trois étudiants avaient fait chanter les responsables du pôle universitaire. Ils ont été interpellés par la police judiciaire avant d’être présentés à un juge d’instruction.
The professionalization of cyber crime
The huge profits of ransomware have led to a rapid evolution and professionalization of the wider cyber crime industry, and the rapid growth of a supporting underground marketplace of products and service providers. PDF doc
You’ve been kept in the dark (web): exposing Qilin’s RaaS program
All you need to know about Qilin ransomware and its operations targeting critical sectors. Group-IB’s Threat Intelligence team infiltrated the Qilin ransomware group in March 2023 and now can reveal inside information about this RaaS program. The blog provides recommendations on how to prevent Qilin’s attacks and will be useful for threat intelligence experts, threat hunters, and corporate cybersecurity teams.
Hundreds of Swiss students and teachers have data stolen
A total 761 people had sensitive personal data hacked during a cyberattack on the education department of the Swiss city of Basel.
ABB provides details about IT security incident
ABB recently became aware of an IT security incident that impacted certain ABB systems. ABB started an investigation, retained leading experts, notified certain law enforcement and data protection authorities, and implemented measures to contain and assess the incident. The incident has now been successfully contained.
Tesla Files: Un vol de données met Tesla dans l'embarras
Tesla a été confronté à une fuite de données très sensibles. Non seulement les rémunérations et les adresses privées de collaborateurs ont été révélées, mais surtout des dysfonctionnements sur la conduite autonome des voitures Tesla.
.png?width=92&height=&ar=&mode=&format=avif&dpr=2)
Vulnerability in GCP CloudSQL Leads to Data Exposure
The Dig research team reveals recently discovered critical vulnerability in GCP CloudSQL service that lead to internal container access and data exposure
Here’s how long it takes new BrutePrint attack to unlock 10 different smartphones
Researchers have devised a low-cost smartphone attack that cracks the authentication fingerprint used to unlock the screen and perform other sensitive actions on a range of Android devices in as little as 45 minutes.
Mercenary mayhem: A technical analysis of Intellexa's PREDATOR spyware
We would like to thank The Citizen Lab for their cooperation, support and inputs into this research. * Commercial spyware use is on the rise, with actors leveraging these sophisticated tools to conduct surveillance operations against a growing number of targets. Cisco Talos has new details of a commercial spyware product sold by the spyware firm Intellexa (formerly known as Cytrox). * Our research specifically looks at two components of this mobile spyware suite known as “ALIEN” and “PREDATOR,” which compose the backbone of the spyware implant. Our findings include an in-depth walkthrough of the infection chain, including the implants’ various information-stealing capabilities. * A deep dive into both spyware components indicates that ALIEN is more than just a loader for PREDATOR and actively sets up the low-level capabilities needed for PREDATOR to spy on its victims. * We assess with high confidence that the spyware has two additional components — tcore (main component) and kmem (privilege escalation mechanic) — but we were unable to obtain and analyze these modules. * If readers suspect their system(s) may have been compromised by commercial spyware, please consider notifying Talos’ research team at talos-mercenary-spyware-help@external.cisco.com to assist in furthering the community’s knowledge of these threats.
Inner workings revealed for “Predator,” the Android malware that exploited 5 0-days
Spyware is sold to countries including Egypt, Indonesia, Oman, Saudi Arabia, and Serbia. Smartphone malware sold to governments around the world can surreptitiously record voice calls and nearby audio, collect data from apps such as Signal and WhatsApp, and hide apps or prevent them from running upon device reboots, researchers from Cisco’s Talos security team have found.
Old Wine in the New Bottle: Mirai Variant Targets Multiple IoT Devices
We analyze Mirai variant IZ1H9, which targets IoT devices. Our overview includes campaigns observed, botnet configuration and vulnerabilities exploited.