Search cyberveille.decio.ch

Found 3150 bookmarks

Custom sorting

Zerobot – New Go-Based Botnet Campaign Targets Multiple Vulnerabilities

FortiGuardLabs examines a botnet known as Zerobot written in the Go language targeting IoT vulnerabilities. Read our blog to learn about how it evolves, including self-replication, attacks for different protocols, and self-propagation as well as its behavior once inside an infected device.

#fortinet #EN #2022 #vulnerabilities #Botnet #iot-security #Zerobot #Go #Threat-Research #malware-research #malware-analysis

·fortinet.com·Dec 6, 2022

Zerobot – New Go-Based Botnet Campaign Targets Multiple Vulnerabilities

Vice Society: Profiling a Persistent Threat to the Education Sector

Vice Society, a ransomware gang, has been involved in high-profile activity against schools this year.

#unit42 #EN #2022 #paloaltonetworks #vice-society #education #ransomware #schools

·unit42.paloaltonetworks.com·Dec 6, 2022

Vice Society: Profiling a Persistent Threat to the Education Sector

Le renseignement espagnol muet sur le scandale du logiciel espion Pegasus

Auditionnée par le Parlement européen, la directrice du Centre national espagnol s’est contentée de rappeler le cadre juridique, selon les eurodéputés.

#euronews #FR #2022 #Espagne #Parlement-européen #Pegasus #spyware

·fr.euronews.com·Dec 6, 2022

Le renseignement espagnol muet sur le scandale du logiciel espion Pegasus

Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems

he maintainers of the FreeBSD operating system have released updates to remediate a security vulnerability impacting the ping module that could be potentially exploited to crash the program or trigger remote code execution. The issue, assigned the identifier CVE-2022-23093, impacts all supported versions of FreeBSD and concerns a stack-based buffer overflow vulnerability in the ping service.

#thehackernews #EN #2022 #Ping #Vulnerability #FreeBSD #CVE-2022-23093

·thehackernews.com·Dec 6, 2022

Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems

Winbiz change d’hébergeur: des milliers de clients toujours sans accès à leur comptabilité | ICTjournal

Deux semaines après la cyberattaque dont a été victime son hébergeur Infopro, Winbiz n’a pas complètement rétabli l’accès à son logiciel cloud

#ictjournal #FR #2022 #CH #Winbiz #infopro #victime #hébergeur

·ictjournal.ch·Dec 6, 2022

Winbiz change d’hébergeur: des milliers de clients toujours sans accès à leur comptabilité | ICTjournal

Blowing Cobalt Strike Out of the Water With Memory Analysis

Unit 42 researchers examine several malware samples that incorporate Cobalt Strike components, and discuss some of the ways that we catch these samples by analyzing artifacts from the deltas in process memory at key points of execution. We will also discuss the evasion tactics used by these threats, and other issues that make their analysis problematic.

#unit42 #EN #2022 #CobaltStrike #analysis #paloaltonetworks

·unit42.paloaltonetworks.com·Dec 6, 2022

Blowing Cobalt Strike Out of the Water With Memory Analysis

W4SP continues to nest in PyPI: Same supply chain attack, different distribution method

Here's ReversingLabs' discoveries and indicators of compromise (IOCs) for W4SP, as well as links to our YARA rule that can be used to detect the malicious Python packages in your environment.

#develop.secure.software #EN #2022 #W4SP #YARA #Python #PyPI

·develop.secure.software·Dec 5, 2022

W4SP continues to nest in PyPI: Same supply chain attack, different distribution method

Post-quantum cryptography: What is Emmanuel Macron talking about?

The President of the Republic announced the sending of the 'first diplomatic telegram encrypted using post-quantum cryptography' to the French embassy in Washington. We explain its importance for the future of confidential communications.

#lemonde #EN #2022 #cryptography #Macron #post-quantum

·lemonde.fr·Dec 5, 2022

Post-quantum cryptography: What is Emmanuel Macron talking about?

Purpose Built Proxy Services and the Malicious Activity They Enable

As demand for malicious proxy services continues, new players have entered the market. Black Proxies is marketed to other cybercriminals for their reliability, scope, and overwhelming number of IP addresses.

#domaintools #EN #2022 #proxy #black-proxies #cybercriminals #Services

·domaintools.com·Dec 5, 2022

Purpose Built Proxy Services and the Malicious Activity They Enable

CVE-2022-21661: Exposing Database Info via WordPress SQL Injection

In October of this year, we received a report from ngocnb and khuyenn from GiaoHangTietKiem JSC covering a SQL injection vulnerability in WordPress. The bug could allow an attacker to expose data stored in a connected database. This vulnerability was recently addressed as CVE-2022-21661 ( ZDI-22-020

#zerodayinitiative #EN #2022 #CVE-2022-21661 #SQL-injection #vulnerability #WordPress

·zerodayinitiative.com·Dec 5, 2022

CVE-2022-21661: Exposing Database Info via WordPress SQL Injection

Connected medical devices are the Achilles' heel of healthcare orgs - Help Net Security

The rising adoption of connected medical devices is accelerating cyberattacks, according to Capterra’s Medical IoT Survey.

#helpnetsecurity #EN #2022 #IoT #connected #medical #devices #statistcs #healthcare #Survey

·helpnetsecurity.com·Dec 5, 2022

Connected medical devices are the Achilles' heel of healthcare orgs - Help Net Security

Schoolyard Bully Trojan Facebook Credential Stealer - Zimperium

Zimperium zLabs has discovered a new Android threat campaign, the Schoolyard Bully Trojan, which has been active since 2018 and has spread to over 300,000 victims and is specifically targeting Facebook credentials. To learn more about this new threat, read more on our blog.

#zimperium #EN #2022 #Android #Schoolyard-Bully #Trojan #Facebook #schools

·zimperium.com·Dec 5, 2022

Schoolyard Bully Trojan Facebook Credential Stealer - Zimperium

Rackspace Cloud Office suffers security breach

Thousands of small to medium size businesses are suffering as Rackspace have suffered a security incident on their Hosted Exchange service. Yesterday, 2nd December 2022, Rackspace announced an outage to their Hosted Exchange Server:

#doublepulsar #EN #2022 #Rackspace #Cloud #Office #breach #Exchange

·doublepulsar.com·Dec 5, 2022

Rackspace Cloud Office suffers security breach

Yvelines : cyberattaque contre l'hôpital André Mignot du centre hospitalier de Versailles

L'accueil des patients est limité et l'hôpital a déjà organisé le transfert de deux patients vers d'autres centres de soins, indique France Info.

#lefigaro #FR #2022 #l'hôpital #cyberattaque #Mignot

·lefigaro.fr·Dec 4, 2022

Yvelines : cyberattaque contre l'hôpital André Mignot du centre hospitalier de Versailles

Certpotato – using adcs to privesc from virtual and network service accounts to local system

The goal of this blog post is to present a privilege escalation I found while working on ADCS. We will see how it is possible to elevate our privileges to NT AUTHORITY\SYSTEM from virtual and network service accounts of a domain-joined machine (for example from a webshell on a Windows server) using ADCS. I want to call this attack chain “CertPotato” as homage to other *Potato tools and as a way to better remember it. A popular technique for getting SYSTEM from a virtual or network service account is Delegate 2 Thyself by Charlie Clark. This technique involves using RBCD to elevate your privileges. In this article, I propose an alternative approach to become local SYSTEM using ADCS.

#sensepost #2022 #EN #certpotato #adcs #privesc #escalation

·sensepost.com·Dec 4, 2022

Certpotato – using adcs to privesc from virtual and network service accounts to local system

Preparing for a Russian cyber offensive against Ukraine this winter

As we report more fully below, in the wake of Russian battlefield losses to Ukraine this fall, Moscow has intensified its multi-pronged hybrid technology approach to pressure the sources of Kyiv’s military and political support, domestic and foreign. This approach has included destructive missile and cyber strikes on civilian infrastructure in Ukraine, cyberattacks on Ukrainian and now foreign-based supply chains, and cyber-enabled influence operations[1]—intended to undermine US, EU, and NATO political support for Ukraine, and to shake the confidence and determination of Ukrainian citizens.

#Microsoft #EN #2022 #iridium #russia-ukraine-war #Russia #cyberoffensive #analysis #winter

·blogs.microsoft.com·Dec 3, 2022

Preparing for a Russian cyber offensive against Ukraine this winter

Darknet markets generate millions in revenue selling stolen personal data

A handful of markets were responsible for trafficking most of the data.

#arstechnica #EN #2022 #Darknet #markets #data #stolen-data-supply-chain

·arstechnica.com·Dec 3, 2022

Darknet markets generate millions in revenue selling stolen personal data

Fuite de données sensibles au Département de la justice à Zurich

Une fuite de données secoue le monde politique zurichois, à deux mois des élections cantonales. Entre 2006 et 2012, un ancien prestataire informatique du Département de la justice a omis d'effacer des données parfois sensibles sur des ordinateurs remplacés.

#rts #FR #CH #2022 #Fuite #Leak #Zurich #prestataire #justice #sensibles

·rts.ch·Dec 3, 2022

Fuite de données sensibles au Département de la justice à Zurich

The Mystery of Metador | Unpicking Mafalda’s Anti-Analysis Techniques

Discover the anti-analysis techniques of the Mafalda implant, a unique, feature-rich backdoor used by the Metador threat actor.

#SentinelOne #EN #2022 #Metador #Mafalda #Anti-Analysis #Techniques

·sentinelone.com·Dec 2, 2022

The Mystery of Metador | Unpicking Mafalda’s Anti-Analysis Techniques

Samsung, LG, Mediatek certificates compromised to sign Android malware

Multiple platform certificates used by Android OEM device vendors to digitally sign core system applications have also been used to sign Android apps containing malware.

#bleepingcomputer #2022 #Android #Certificates #LG #Malware #MediaTek #Platform-Certificate #Samsung

·bleepingcomputer.com·Dec 2, 2022

Samsung, LG, Mediatek certificates compromised to sign Android malware

Google Online Security Blog: Memory Safe Languages in Android 13

As the amount of new memory-unsafe code entering Android has decreased, so too has the number of memory safety vulnerabilities. From 2019 to 2022 it has dropped from 76% down to 35% of Android’s total vulnerabilities. 2022 is the first year where memory safety vulnerabilities do not represent a majority of Android’s vulnerabilities.

#Google #EN #2022 #memory-safe #Android #statistics #vulnerabilities #memory #safety

·security.googleblog.com·Dec 2, 2022

Google Online Security Blog: Memory Safe Languages in Android 13

Lastpass says hackers accessed customer data in new breach

LastPass says unknown attackers breached its cloud storage using information stolen during a previous security incident from August 2022. The company added that, once in, the threat actors also managed to access customer data stored in the compromised storage service.

#bleepingcomputer #EN #2022 #lastpass #GoTo #breach #cloud

·bleepingcomputer.com·Dec 1, 2022

Lastpass says hackers accessed customer data in new breach

LockBit 3.0 ‘Black’ attacks and leaks reveal wormable capabilities and tooling

Reverse-engineering reveals close similarities to BlackMatter ransomware, with some improvements

#sophos #EN #2022 #LockBit3.0 #BlackMatter #Reverse-engineering

·news.sophos.com·Nov 30, 2022

LockBit 3.0 ‘Black’ attacks and leaks reveal wormable capabilities and tooling

CashRewindo: How to age domains for an investment scam like fine scotch

Years-old domains, compromised JS libraries and worldwide-localized content among tactics of this sophisticated attacker.

#confiant #EN #2022 #Medium #CashRewindo #investment #scam #analysis

·blog.confiant.com·Nov 30, 2022

CashRewindo: How to age domains for an investment scam like fine scotch

Play, ce nouveau ransomware utilisé contre les Alpes-Maritimes et ITS Group

Les opérateurs de ce rançongiciel ont attendu la fin novembre pour commencer à épingler publiquement leurs victimes et à en divulguer des données. Pour autant, ils sont actifs depuis au moins fin juin.

#lemagit #FR #2022 #play #ransonware #PlayCrypt

·lemagit.fr·Nov 29, 2022

Play, ce nouveau ransomware utilisé contre les Alpes-Maritimes et ITS Group

Libye: la mise en examen de la société française Amesys et l'inculpation de deux cadres, confirmées en appel

La cour d'appel de Paris a confirmé cette semaine (lundi), la mise en examen de la société française Amesys pour complicité d'actes de torture dans l'enquête sur la vente d’un programme de cybersurveillance au régime libyen de Mouammar Kadhafi. Deux des chefs de l'entreprise ont été inculpés, ce qui rend la société complice d'exactions en Libye.

#rfi #FR #2022 #Lybie #Amesys #inculpation

·rfi.fr·Nov 27, 2022

Libye: la mise en examen de la société française Amesys et l'inculpation de deux cadres, confirmées en appel

U.S. bans sale and import of some tech from Chinese companies Huawei and ZTE

The five-member FCC said it has voted unanimously to adopt new rules that will block the importation or sale of certain technology products that pose security risks to U.S. critical infrastructure.

#npr #2022 #EN #US #ban #China #Huawei #FCC #block #Politics #infrastructure

·npr.org·Nov 27, 2022

U.S. bans sale and import of some tech from Chinese companies Huawei and ZTE

Detecting and Fingerprinting Infostealer Malware-as-a-Service platforms

Cyber threat intelligence largely involves the tracking and studying of the adversaries outside of your network. Gaining counterintelligence about your adversaries' capabilities and weaponry is one of the final building blocks for managing a strong cyber defense. In the pursuit of performing this duty, I have been studying how to discover adversary infrastructure on the internet. One good way of doing this has been via leveraging the scan data available through the popular Shodan search engine. If you've not used it before, Shodan periodically scans the entire internet and makes it available for users to query through. It is often used to monitor networks, look for vulnerabilities, and ensure the security of an organization's perimeter.

#bushidotoken #en #2022 #shodan #Infostealer #Malware-as-a-Service #Detecting #howto

·blog.bushidotoken.net·Nov 27, 2022

Detecting and Fingerprinting Infostealer Malware-as-a-Service platforms

WhatsApp data leak: 500 million user records for sale

Someone is allegedly selling up-to-date mobile phone numbers of nearly 500 million WhatsApp users. A data sample investigated by Cybernews likely confirms this to be true.

#cybernews #WhatsApp #EN #2022 #leak #phone #numbers

·cybernews.com·Nov 26, 2022

WhatsApp data leak: 500 million user records for sale

Ransomware Roundup: Cryptonite Ransomware

The latest FortiGuard Labs Threat Signal Ransomware Roundup covers the Cryptonite ransomware, along with protection recommendations. Read more.

#fortinet #EN #2022 #Cryptonite #Ransomware #FortiGuards-Labs #Threat-Research #ransomware #crypto-ransomware

·fortinet.com·Nov 24, 2022

Ransomware Roundup: Cryptonite Ransomware