Search cyberveille.decio.ch

Found 3149 bookmarks

Custom sorting

Des dizaines de milliers d'entreprises victimes indirectes d'une cyberattaque

Plus de 45'000 PME et près d'un millier de fiduciaires suisses ne peuvent plus utiliser leur logiciel de gestion "Winbiz cloud", accessible en ligne. La faute à une attaque informatique qui a touché l'hébergeur bernois Infopro. La situation devrait perdurer jusqu'à ce week-end.

#rts #CH #FR #2022 #Winbiz #fiduciaires #Infopro #attaque

·rts.ch·Nov 24, 2022

Des dizaines de milliers d'entreprises victimes indirectes d'une cyberattaque

Nighthawk: An Up-and-Coming Pentest Tool Likely to Gain Threat Actor Notice | Proofpoint US

Key Takeaways * Nighthawk is an advanced C2 framework intended for red team operations through commercial licensing. * Proofpoint researchers observed initial use of the framework in September 2022 by a likely red team. * We have seen no indications at this time that leaked versions of Nighthawk are being used by attributed threat actors in the wild. * The tool has a robust list of configurable evasion techniques that are referenced as “opsec” functions throughout its code. P* roofpoint researchers expect Nighthawk will show up in threat actor campaigns as the tool becomes more widely recognized or as threat actors search for new, more capable tools to use against targets.

#proofpoint #EN #2022 #redteam #tool #Nighthawk #C2 #framework #threat

·proofpoint.com·Nov 23, 2022

Nighthawk: An Up-and-Coming Pentest Tool Likely to Gain Threat Actor Notice | Proofpoint US

ViperSoftX: Hiding in System Logs and Spreading VenomSoftX - Avast Threat Labs

ViperSoftX is a multi-stage stealer that exhibits interesting hiding capabilities. Other than stealing cryptocurrencies, it also spreads the VenomSoftX browser extension, which performs man-in-the-browser attacks.

#avast #2022 #EN #ViperSoftX #multi-stage #stealer #analysis #browser #extension #man-in-the-browser

·decoded.avast.io·Nov 23, 2022

ViperSoftX: Hiding in System Logs and Spreading VenomSoftX - Avast Threat Labs

Android SharkBot Droppers on Google Play Underline Platform's Security Needs

A common theme we've noticed in the last few months consists of malicious apps distributed directly from the Google Play Store.

#bitdefender #EN #2022 #SharkBot #Android #GooglePlay #malicious #apps

·bitdefender.com·Nov 22, 2022

Android SharkBot Droppers on Google Play Underline Platform's Security Needs

Why would you want to hack Electric Vehicle Charging Stations?

A Russian zero-day exploit purchase site is interested in tools for hacking of Electric Vehicle Charging Stations. This raises a number of questions. Why would anybody want to hack such targets? Also, why would Russian entities (in particular) be interested in such targets? The best answer to these is “good question!”, and let's put politics aside. Let’s explore the potential cybersecurity risks of electric vehicle charging station, assuming the ability of compromising them at a scale, having some kind of tools. It turns out that this is a fascinating security problem!

#lukaszolejnik #EN #2022 #cyber-risk #cyberwarfare #security #0-day #Vehicle #Charging #Stations

·blog.lukaszolejnik.com·Nov 22, 2022

Why would you want to hack Electric Vehicle Charging Stations?

Researchers Explore Hacking VirusTotal to Find Stolen Credentials

VirusTotal can be used to collect large amounts of credentials without infecting an organization or buying them online, researchers found.

#darkreading #EN #2022 #threat-intelligence #VirusTotal #Credentials

·darkreading.com·Nov 22, 2022

Researchers Explore Hacking VirusTotal to Find Stolen Credentials

Over 2 million users Affected with Browser Hijackers

Cyble Research & Intelligence Labs analyzes the recent surge in users being infected by Browser Hijackers using Chrome plugins.

#cyble #2022 #EN #Browser #Hijackers #infected #Chrome #plugins

·blog.cyble.com·Nov 22, 2022

Over 2 million users Affected with Browser Hijackers

Aurora: a rising stealer flying under the radar

Since September 2022, Aurora malware is advertised as an infostealer and several traffers teams announced they added it to their malware toolset.

#sekoia #2022 #EN #infostealer #malware #technical #analysis #IoCs #Malware-as-a-Service

·blog.sekoia.io·Nov 21, 2022

Aurora: a rising stealer flying under the radar

A Leak Details Apple's Secret Dirt on Corellium, a Trusted Security Startup

A 500-page document reviewed by WIRED shows Corellium engaged with several controversial companies, including spyware maker NSO Group.

#wired #EN #2022 #apple #Corellium #privacy #hacking #leak #NSO

·wired.com·Nov 21, 2022

A Leak Details Apple's Secret Dirt on Corellium, a Trusted Security Startup

Le ministre de l'Éducation nationale ne veut pas de Microsoft Office 365 ni de Google Workspace

Le ministère de l'Éducation nationale confirme ne pas vouloir des offres de Microsoft Office 365 et de Google Workspace dans les écoles.

#siecledigital #FR #2022 #Éducation #Office365 #Google-Workspace #écoles

·siecledigital.fr·Nov 21, 2022

Le ministre de l'Éducation nationale ne veut pas de Microsoft Office 365 ni de Google Workspace

Endurance Ransomware Claims Breach of US Federal Government

The WatchGuard Security Team spends a lot of time chasing ransomware extortion groups throughout the dark web. So, it only fits that one of the newer ransomware extortion groups is named Endurance Ransomware. It appears this “group” is one individual known as IntelBroker, who has allegedly breached several entities of the US government and two […]

#secplicity #EN #2022 #WatchGuard #ransomware #Endurance #US

·secplicity.org·Nov 21, 2022

Endurance Ransomware Claims Breach of US Federal Government

Vanuatu: Hackers strand Pacific island government for over a week

Vanuatu - an island courted by the US and China - has been stranded offline for over a week.

#BBC #EN #2022 #Vanuatu #ransomware #government

·bbc.com·Nov 21, 2022

Vanuatu: Hackers strand Pacific island government for over a week

Threat actors exploiting Twitter changes after Musk takeover, research shows

The Record by Recorded Future gives exclusive, behind-the-scenes access to leaders, policymakers, researchers, and the shadows of the cyber underground.

#therecord #EN #2022 #Twitter #Musk #exploiting

·therecord.media·Nov 21, 2022

Threat actors exploiting Twitter changes after Musk takeover, research shows

Control Your Types or Get Pwned: Remote Code Execution in Exchange PowerShell Backend

By now you have likely already heard about the in-the-wild exploitation of Exchange Server, chaining CVE-2022-41040 and CVE-2022-41082. It was originally submitted to the ZDI program by the researcher known as “DA-0x43-Dx4-DA-Hx2-Tx2-TP-S-Q from GTSC”. After successful validation, it was immediately

#zerodayinitiative #EN #2022 #0-day #CVE-2022-41040 #CVE-2022-41082 #PowerShell

·zerodayinitiative.com·Nov 21, 2022

Control Your Types or Get Pwned: Remote Code Execution in Exchange PowerShell Backend

Exploit released for actively abused ProxyNotShell Exchange bug

Proof-of-concept exploit code has been released online for two actively exploited and high-severity vulnerabilities in Microsoft Exchange, collectively known as ProxyNotShell.

#bleepingcomputer #EN #2022 #CVE-2022-41082 #CVE-2022-41040 #Exploit #Microsoft-Exchange #Privilege-Escalation #Proof-of-Concept #ProxyNotShell #RCE #Remote-Code-Execution

·bleepingcomputer.com·Nov 21, 2022

Exploit released for actively abused ProxyNotShell Exchange bug

Making Cobalt Strike harder for threat actors to abuse

Cobalt Strike, the popular tool used by red teams to test the resilience of their cyber defenses, has seen many iterations and improvements over the last decade. First released in 2012, it was originally the commercial spinoff of the open-source Armitage project that added a graphical user interface (GUI) to the Metasploit framework to help security practitioners detect software vulnerabilities more quickly.

#google #EN #2022 #Cobalt-Strike #YARA #rules #detect

·cloud.google.com·Nov 20, 2022

Making Cobalt Strike harder for threat actors to abuse

Wi-Spy

The Wi-Peep exploit allows an attacker to covertly locate all of the Wi-Fi-enabled devices in a building quickly using inexpensive hardware.

#Hackster.io #EN #2022 #research #Wi-Fi #Wi-Peep #drone #attacker #locate #devices

·hackster.io·Nov 20, 2022

Wi-Spy

Technical Analysis of the RedLine Stealer

RedLine is an information stealer which operates on a MaaS (malware-as-a-service) model. This stealer is available on underground forums, and priced according to users' needs.

#cloudsek #EN #2022 #stealer #RedLine #MaaS #technical #analysis #IoCs

·cloudsek.com·Nov 19, 2022

Technical Analysis of the RedLine Stealer

AXLocker, Octocrypt, and Alice: Leading a new wave of Ransomware Campaigns

Cyble analyzes a new wave of ransomware attacks being led by AXLocker, Octocrypt, and Alice ransomware and how they target Discord tokens.

#cyble #2022 #EN #AXLocker #Octocrypt #Alice #analysis #ransomware #Discord #IoCs

·blog.cyble.com·Nov 19, 2022

AXLocker, Octocrypt, and Alice: Leading a new wave of Ransomware Campaigns

Researchers Quietly Cracked Zeppelin Ransomware Keys

Peter is an IT manager for a technology manufacturer that got hit with a Russian ransomware strain called "Zeppelin" in May 2020. He'd been on the job less than six months, and because of the way his predecessor architected things,…

#krebsonsecurity #EN #2022 #Cracked #Zeppelin #Ransomware #Keys

·krebsonsecurity.com·Nov 18, 2022

Researchers Quietly Cracked Zeppelin Ransomware Keys

Michigan school districts reopen after three-day closure due to ransomware attack

Public schools in two Michigan counties are reopening on Thursday after a ransomware attack crippled their ability to function and closed doors to students for three days. All of the public schools in Jackson and Hillsdale counties announced their reopening on Thursday in letters to parents, assuring them that cybersecurity experts, tech officials and law enforcement worked around the clock to restore the systems following outages that began on Monday.

#therecord #EN #2022 #schools #US #ransomware #Public #closed #students

·therecord.media·Nov 17, 2022

Michigan school districts reopen after three-day closure due to ransomware attack

A Comprehensive Look at Emotet’s Fall 2022 Return

Emotet returned to the email threat landscape in early November for the first time since July 2022. It is once again one of the most high-volume actors observed by Proofpoint, distributing hundreds of thousands of emails per day. * Proofpoint observed multiple changes to Emotet and its payloads including the lures used, and changes to the Emotet modules, loader, and packer. * Emotet was observed dropping IcedID. * The new activity suggests Emotet is returning to its full functionality acting as a delivery network for major malware families. * New operators or management might be involved as the botnet has some key differences with previous deployments.

#proofpoint #EN #2022 #Emotet #Return #IcedID

·proofpoint.com·Nov 17, 2022

A Comprehensive Look at Emotet’s Fall 2022 Return

CVE-2022-41622 and CVE-2022-41800 (FIXED): F5 BIG-IP and iControl REST Vulnerabilities and Exposures

Rapid7 discovered several vulnerabilities and exposures in F5 BIG-IP and BIG-IQ devices running a customized distribution of CentOS detailed in F5's Base Operating Systems support article. The affected products are detailed in the vendor advisories below:

#rapid7 #EN #2022 #CVE-2022-41622 #CVE-2022-41800 #F5 #BIG-IP #vulnerabilities

·rapid7.com·Nov 17, 2022

CVE-2022-41622 and CVE-2022-41800 (FIXED): F5 BIG-IP and iControl REST Vulnerabilities and Exposures

Firefox fixes fullscreen fakery flaw – get the update now! – Naked Security

What’s so bad about a web page going fullscreen without warning you first?

#nakedsecurity #EN #2022 #CVE-2022-45407 #CVE-2022-4540 #firefox #mozilla #vulnerability #patch

·nakedsecurity.sophos.com·Nov 17, 2022

Firefox fixes fullscreen fakery flaw – get the update now! – Naked Security

Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester

From mid-June through mid-July 2022, CISA conducted an incident response engagement at a Federal Civilian Executive Branch (FCEB) organization where CISA observed suspected advanced persistent threat (APT) activity. In the course of incident response activities, CISA determined that cyber threat actors exploited the Log4Shell vulnerability in an unpatched VMware Horizon server, installed XMRig crypto mining software, moved laterally to the domain controller (DC), compromised credentials, and then implanted Ngrok reverse proxies on several hosts to maintain persistence.

#cisa #EN #2022 #uscert #csirt #cert #cybersecurity #cyber-security #Log4Shell #VM #APT #Iran #USware

·cisa.gov·Nov 17, 2022

Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester

Cryptex: how a custom iPhone is changing macOS updates – The Eclectic Light Company

Expected in Ventura 13.1 is a new lightweight system for applying security patches. This article explains how it uses cryptexes, already being used in macOS 13.

#eclecticlight #2022 #macOS #updates #security #Cryptex #patches #cryptexes

·eclecticlight.co·Nov 16, 2022

Cryptex: how a custom iPhone is changing macOS updates – The Eclectic Light Company

New RapperBot Campaign – We Know What You Bruting for this Time

FortiGuard Labs provides an analysis on RapperBot focusing on comparing samples for different campaigns, including one aiming to launch Distributed Denial of Service (DDoS) attacks. Read our blog to learn more about the differences observed in this campaign vs previous RapperBot and similar campaigns in the past.

#fortinet #EN #2022 #RapperBot #DDoS-attacks #DDoS #analysis #IoCs

·fortinet.com·Nov 16, 2022

New RapperBot Campaign – We Know What You Bruting for this Time

Google Reaches $391.5 Million Settlement With States Over Location Tracking Practices

Attorneys general found that Google violated state consumer protection laws by misleading consumers about its location-data practices, tracking consumers even when their location history setting was turned off.

#wsj #EN #2022 #settlement #privacy #tracking #location #fine #US

·wsj.com·Nov 16, 2022

Google Reaches $391.5 Million Settlement With States Over Location Tracking Practices

Top Zeus Botnet Suspect “Tank” Arrested in Geneva

Vyacheslav “Tank” Penchukov, the accused 40-year-old Ukrainian leader of a prolific cybercriminal group that stole tens of millions of dollars from small to mid-sized businesses in the United States and Europe, has been arrested in Switzerland, according to multiple sources.

#krebsonsecurity #EN #2022 #Geneva #Penchukov #Zeus #JabberZeus #arrested #Switzerland

·krebsonsecurity.com·Nov 16, 2022

Top Zeus Botnet Suspect “Tank” Arrested in Geneva

CVE-2022-45047: Apache MINA SSHD unsafe deserialization vulnerability

Recently, Apache MINA fixed an unsafe deserialization vulnerability. The bug exists in the class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider, an attacker could exploit this vulnerability to deserialize and thus achieve remote code execution. Track as CVE-2022-45047, the flaw severity is important.

#securityonline #EN #2022 #CVE-2022-4504 #Apache #MINA #SSHD #unsafe #deserialization

·securityonline.info·Nov 16, 2022

CVE-2022-45047: Apache MINA SSHD unsafe deserialization vulnerability