Search cyberveille.decio.ch

Found 497 bookmarks

Custom sorting

NoName057(16) DDoSia project: 2024 updates and behavioural shifts

Learn about NoName057(16), a pro-Russian hacktivist group behind Project DDoSia targeting entities supporting Ukraine. Discover an overview of the changes made by the group, both from the perspective of the software shared by the group to generate DDoS attacks and the specifics of the evolution of the C2 servers. It also provides an overview of the country and sectors targeted by the group for 2024.

#sekoia #EN #2024 #NoName057(16)#DDoSia #Analysis

·blog.sekoia.io·Mar 1, 2024

NoName057(16) DDoSia project: 2024 updates and behavioural shifts

Scattered Spider laying new eggs

Discover the techniques, tactics (TTPs) used by Scattered Spider intrusion set, including social engineering and targeted phishing campaigns.

#sekoia #EN #2024 #analysis #TTPs #Scattered-Spider #phishing #intrusion #Social-engineering

·blog.sekoia.io·Feb 22, 2024

Scattered Spider laying new eggs

A first analysis of the i-Soon data leak

Data from a Chinese cybersecurity vendor that works for the Chinese government exposed a range of hacking tools and services.

#malwarebytes #EN #2024 #i-Soon #data #leak #analysis

·malwarebytes.com·Feb 21, 2024

A first analysis of the i-Soon data leak

Shc Linux Malware Installing CoinMiner

The ASEC analysis team recently discovered that a Linux malware developed with Shc has been installing a CoinMiner. It is presumed that after successful authentication through a dictionary attack on inadequately managed Linux SSH servers, various malware were installed on the target system. Among those installed were the Shc downloader, XMRig CoinMiner installed through the former, and DDoS IRC Bot, developed with Perl.

#asec #2023 #EN #Shell #Script #Compiler #analysis #Linux #Malware #CoinMiner #Shc

·asec.ahnlab.com·Jan 4, 2023

Shc Linux Malware Installing CoinMiner

CVE-2022-27925

On May 10, 2022, Zimbra released versions 9.0.0 patch 24 and 8.8.15 patch 31 to address multiple vulnerabilities in Zimbra Collaboration Suite, including CVE-2…

#AttackerKB #Analysis #CVE-2022-27925 #EN #2022 #Zimbra

·attackerkb.com·Aug 20, 2022

CVE-2022-27925

CVE-2022-35650 Analysis

CVE-2022-35650 The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature is only available to teachers, managers and admins by default.

#Anna #0x1337 #CVE-2022-35650 #Analysis #Moodle #vulnerability #PHP

·0x1337.ninja·Aug 4, 2022

CVE-2022-35650 Analysis

CVE-2020-3433 : élévation de privilèges sur le client VPN Cisco AnyConnect

Cet article explique comment trois vulnérabilités supplémentaires ont été découvertes dans le client VPN Cisco AnyConnect pour Windows. Elles ont été trouvées suite au développement d’un exploit pour la CVE-2020-3153 (une élévation de privilèges, étudiée dans MISC n°111). Après un rappel du fonctionnement de ce logiciel, nous étudierons chacune de ces nouvelles vulnérabilités.

#ed-diamond #FR #2020 #CVE-2020-3433 #Cisco #AnyConnect #analysis

·connect.ed-diamond.com·Jul 19, 2022

CVE-2020-3433 : élévation de privilèges sur le client VPN Cisco AnyConnect

CVE-2022-30333

On May 6, 2022, Rarlab released version 6.17, which addresses CVE-2022-30333, a path traversal vulnerability reported to them by Sonar, who posted a write-up about it. Sonar specifically calls out Zimbra Collaboration Suite’s usage of unrar as vulnerable (specifically, the amavisd component, which is used to inspect incoming emails for spam and malware). Zimbra addressed this issue in 9.0.0 patch 25 and 8.5.15 patch 32 by replacing unrar with 7z.

#attackerkb #CVE-2022-30333 #analysis #zimbra #Rapid7

·attackerkb.com·Jul 19, 2022

CVE-2022-30333

BRATA is evolving into an Advanced Persistent Threat

Here we go with another episode about our (not so) old friend, BRATA. In almost one year, threat actors (TAs) have further improved the capabilities of this malware. In our previous blog post [1] we defined three main BRATA variants, which appeared during two different waves detected by our telemetries at the very end of 2021. However, during the last months we have observed a change in the attack pattern commonly used.

#cleafy #2022 #EN #malware #BRATA #APT #phishing #analysis #IOCs #banker

·cleafy.com·Jun 20, 2022

BRATA is evolving into an Advanced Persistent Threat

ASyncRat surpasses Dridex, TrickBot and Emotet to become dominant email threat

Earlier this year Malwarebytes released its 2022 Threat Review, a review of the most important threats and cybersecurity trends of 2021, and what they could mean for 2022. Among other things it covers the year’s alarming rebound in malware detections, and a significant shift in the balance of email threats.

#malwarebytes #EN #2022 #analysis #email #threat #email-threat #Review #TrickBot #ASyncRat #Dridex

·blog.malwarebytes.com·Jun 13, 2022

ASyncRat surpasses Dridex, TrickBot and Emotet to become dominant email threat

A closer look at Eternity Malware

In this analysis, Cyble looks at the Eternity Malware suite, listing a wide variety of malware for sale on Telegram.

#Cyble #2022 #EN #Eternity #Malware #Telegram #analysis

·blog.cyble.com·May 16, 2022

A closer look at Eternity Malware

An update on the threat landscape

Online security is extremely important for people in Ukraine and the surrounding region right now. Government agencies, independent newspapers and public service providers need it to function and individuals need to communicate safely. Google’s Threat Analysis Group (TAG) has been working around the clock, focusing on the safety and security of our users and the platforms that help them access and share important information.

#google #threat #analysis #2022 #EN #Ukraine #TAG #GoogleTAG #informations #APT28 #UNC1151 #Ghostwriter #FancyBear #MustangPanda

·blog.google·Mar 8, 2022

An update on the threat landscape

Code injection or backdoor: A new look at Ivanti’s CVE-2021-44529

In 2021, Ivanti patched a vulnerability that they called “code injection”. Rumors say it was a backdoor in an open source project. Let’s find out what actually happened!

#greynoise #EN #2024 #backdoor #Ivanti #CVE-2021-44529 #analysis

·labs.greynoise.io·Feb 18, 2024

Code injection or backdoor: A new look at Ivanti’s CVE-2021-44529

Vulnerable Fortinet Devices: Low-hanging Fruit for Threat Actors

Cyble analyzes the increasing incidences of vulnerabilities in Fortinet, highlighting the impact they have on Critical Infrastructure.

#cyble #EN #2024 #analysis #Fortinet #exposed

·cyble.com·Feb 16, 2024

Vulnerable Fortinet Devices: Low-hanging Fruit for Threat Actors

Threat Intel Accelerates Detection & Response

Evidence of a pre-existing exploit was rendered when the Huntress agent was added to an endpoint. Within minutes, and in part through the use of previously published threat intelligence, analysts were able to identify the issue and make recommendations to the customer to remediate the root cause.

#huntress #EN #2024 #analysis #endpoint #finger.exe #IoC

·huntress.com·Feb 15, 2024

Threat Intel Accelerates Detection & Response

New MacOS Backdoor Written in Rust Shows Possible Link with Windows Ransomware Group

Bitdefender researchers have discovered a new backdoor targeting Mac OS users.

#bitdefender #EN #2024 #macOS #Backdoor #rust #Trojan.MAC.RustDoor #analysis

·bitdefender.com·Feb 13, 2024

New MacOS Backdoor Written in Rust Shows Possible Link with Windows Ransomware Group

Zero Day Initiative — CVE-2023-46263: Ivanti Avalanche Arbitrary File Upload Vulnerability

In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Lucas Miller and Dusan Stevanovic of the Trend Micro Research Team detail a recently patched remote code execution vulnerability in the Ivanti Avalanche enterprise mobility management program. Other Ivanti products

#zerodayinitiative #EN #2024 #CVE-2023-46263 #Ivanti #Avalanche #analysis

·zerodayinitiative.com·Feb 6, 2024

Zero Day Initiative — CVE-2023-46263: Ivanti Avalanche Arbitrary File Upload Vulnerability

Ransomware Retrospective 2024: Unit 42 Leak Site Analysis

Analysis of ransomware gang leak site data reveals significant activity over 2023. As groups formed — or dissolved — and tactics changed, we synthesize our findings.

#unit42 #2024 #EN #Retrospective #Analysis #ransomware #Data-Leak-Site

·unit42.paloaltonetworks.com·Feb 6, 2024

Ransomware Retrospective 2024: Unit 42 Leak Site Analysis

New Go-based Malware Loader Discovered I Arctic Wolf

Arctic Wolf Labs has discovered, based on recent intrusion observations, a new Go-based malware loader named CherryLoader

#arcticwolf #EN #2024 #Go-based #Malware #Loader #analysis #CherryLoader

·arcticwolf.com·Jan 29, 2024

New Go-based Malware Loader Discovered I Arctic Wolf

Attack of the week: Airdrop tracing – A Few Thoughts on Cryptographic Engineering

It's been a while since I wrote an "attack of the week" post, and the fault for this is entirely mine. I've been much too busy writing boring posts about Schnorr signatures! But this week's news brings an exciting story with both technical and political dimensions: new reports claim that Chinese security agencies have developed…

#cryptographyengineering #EN #2023 #Airdrop #Cryptographic #analysis #tracing

·blog.cryptographyengineering.com·Jan 12, 2024

Attack of the week: Airdrop tracing – A Few Thoughts on Cryptographic Engineering

CVE-2023-27532

Veeam Backup & Replication is a data backup and replication solution. On March 7, 2023, Veeam published an advisory, along with patches, for https://nvd.nist.g…

#AttackerKB #EN #2023 #Veeam #CVE-2023-27532 #analysis

·attackerkb.com·Jan 8, 2024

CVE-2023-27532

Analyzing DPRK's SpectralBlur

In both his twitter (err, X) thread and in a subsequent posting he provided a comprehensive background and triage of the malware dubbed SpectralBlur. In terms of its capabilities he noted: SpectralBlur is a moderately capable backdoor, that can upload/download files, run a shell, update its configuration, delete files, hibernate or sleep, based on commands issued from the C2. -Greg He also pointed out similarities to/overlaps with the DPRK malware known as KandyKorn (that we covered in our “Mac Malware of 2024” report), while also pointing out there was differences, leading him to conclude: We can see some similarities ... to the KandyKorn. But these feel like families developed by different folks with the same sort of requirements. -Greg

#objective-see #EN #2024 #Analysis #macOS #backdoor #SpectralBlur #malware

·objective-see.org·Jan 5, 2024

Analyzing DPRK's SpectralBlur

smith (CVE-2023-32434)

This write-up presents an exploit for a vulnerability in the XNU kernel: Assigned CVE-2023-32434. Fixed in iOS 16.5.1 and macOS 13.4.1. Reachable from the WebContent sandbox and might have been actively exploited. *Note that this CVE fixed multiple integer overflows, so it is unclear whether or not the integer overflow used in my exploit was also used in-the-wild. Moreover, if it was, it might not have been exploited in the same way. The exploit has been successfully tested on: iOS 16.3, 16.3.1, 16.4 and 16.5 (iPhone 14 Pro Max) macOS 13.1 and 13.4 (MacBook Air M2 2022) All code snippets shown below are from xnu-8792.81.2.

#Poulin-Bélanger #EN #2023 #exploit #analysis #vulnerability #github #macos #ios #CVE-2023-32434

·github.com·Jan 3, 2024

smith (CVE-2023-32434)

CVE-2023-46747 : Unauthenticated Remote Code Execution in F5 BIG-IP - Malware Analysis - Malware Analysis, News and Indicators

On 26th October, 2023 F5 released a security advisory about a critical unauthenticated remote code execution vulnerability, CVE-2023-46747, in F5’s BIG-IP configuration utility. This vulnerability could allow unauthent…

#malware.news #EN #2024 #F5 #analysis #CVE-2023-46747

·malware.news·Jan 3, 2024

CVE-2023-46747 : Unauthenticated Remote Code Execution in F5 BIG-IP - Malware Analysis - Malware Analysis, News and Indicators

Objective-See's Blog

A comprehensive analysis of the year's new malware

#objective-see #EN #2024 #retrospective #macos #malware #year #analysis

·objective-see.org·Jan 2, 2024

Objective-See's Blog

The ticking time bomb of Microsoft Exchange Server 2013

I monitor (in an amateur, clueless way) ransomware groups in my spare time, to see what intelligence can be gained from looking at victim orgs and what went wrong. Basically, I’m a giant big dork with too much free time. I’ve discovered two organisations with ransomware incidents, where the entry point appears to have been Exchange Server 2013 with Outlook Web Access enabled, where all available security updates were applied.

#doublepulsar #EN #2023 #analysis #ransomware #Microsoft-Exchange #Exchange-Server2013 #risk

·medium.com·Dec 23, 2023

The ticking time bomb of Microsoft Exchange Server 2013

Android Banking Trojan Chameleon can now bypass any Biometric Authentication

ThreatFabric discovers a new variant of the Chameleon banking trojan distributed via Zombinder with features to bypass any biometric authentication.

#threatfabric #EN #2023 #Android #Banking #Trojan #Chameleon #analysis

·threatfabric.com·Dec 22, 2023

Android Banking Trojan Chameleon can now bypass any Biometric Authentication

Shc Linux Malware Installing CoinMiner

#asec #2023 #EN #Shell #Script #Compiler #analysis #Linux #Malware #CoinMiner #Shc

·asec.ahnlab.com·Jan 4, 2023

Shc Linux Malware Installing CoinMiner

CVE-2022-27925

On May 10, 2022, Zimbra released versions 9.0.0 patch 24 and 8.8.15 patch 31 to address multiple vulnerabilities in Zimbra Collaboration Suite, including CVE-2…

#AttackerKB #Analysis #CVE-2022-27925 #EN #2022 #Zimbra

·attackerkb.com·Aug 20, 2022

CVE-2022-27925

CVE-2022-35650 Analysis

#Anna #0x1337 #CVE-2022-35650 #Analysis #Moodle #vulnerability #PHP

·0x1337.ninja·Aug 4, 2022

CVE-2022-35650 Analysis