Search cyberveille.decio.ch

Found 2837 bookmarks

Custom sorting

Warning: New attack campaign utilized a new 0-day RCE vulnerability on Microsoft Exchange Server

Circa the beginning of August 2022, while doing security monitoring & incident response services, GTSC SOC team discovered that a critical infrastructure was being attacked, specifically to their Microsoft Exchange application. During the investigation, GTSC Blue Team experts determined that the attack utilized an unpublished Exchange security vulnerability, i.e., a 0-day vulnerability, thus immediately came up with a temporary containment plan.

#gteltsc.vn #EN #2022 #Microsoft-Exchange #Exchange #0-day #RCE #vulnerability #campaign #IoCs

·gteltsc.vn·Sep 30, 2022

Warning: New attack campaign utilized a new 0-day RCE vulnerability on Microsoft Exchange Server

Witchetty: Group Uses Updated Toolset in Attacks on Governments in Middle East

Espionage group begins using new backdoor that leverages rarely seen steganography technique.

#symantec #EN #2022 #Witchetty #Espionage #backdoor #steganography #LookingFrog #IoCs

·symantec-enterprise-blogs.security.com·Sep 30, 2022

Witchetty: Group Uses Updated Toolset in Attacks on Governments in Middle East

ZINC weaponizing open-source software

In recent months, Microsoft detected weaponization of legitimate open-source software by an actor the Microsoft Threat Intelligence Center (MSTIC) tracks as ZINC, targeting employees at media, defense and aerospace, and IT service provider organizations in the US, UK, India, and Russia.

#microsoft #EN #2022 #ZINC #open-source #software #MSTIC #aerospace #weaponizing

·microsoft.com·Sep 29, 2022

ZINC weaponizing open-source software

Lindy Cameron at Chatham House security and defence conference 2022

The National Cyber Security Centre’s CEO Lindy Cameron delivered a keynote speech at the Chatham House security and defence conference 2022. Lindy Cameron discussed the cyber dimension of the Russia-Ukraine conflict, focusing on what the NCSC has observed and the UK’s response.

#ncsc #UK #EN #2022 #Russia-Ukraine-war #cyber #warfare

·ncsc.gov.uk·Sep 29, 2022

Lindy Cameron at Chatham House security and defence conference 2022

BumbleBee: Round Two

In this intrusion from May 2022, the threat actors used BumbleBee as the initial access vector. BumbleBee has been identified as an initial access vector utilized by several ransomware affiliates. …

#thedfirreport #EN #2022 #BumbleBee #ransomware #RDP #IoCs

·thedfirreport.com·Sep 28, 2022

BumbleBee: Round Two

NullMixer drops Redline Stealer, SmokeLoader and other malware | Securelist

NullMixer is a dropper delivering a number of Trojans, such as RedLine Stealer, SmokeLoader, Satacom, and others.

#securelist #EN #2022 #NullMixer #dropper #Malware #Malware-Descriptions #Malware-Technologies #Trojan #Trojan-Dropper #Trojan-stealer

·securelist.com·Sep 28, 2022

NullMixer drops Redline Stealer, SmokeLoader and other malware | Securelist

MAR-10400779-1.v1 – Zimbra 1

CISA received seven files for analysis. Six Java Server Pages (JSP) webshells and a Bourne Again SHell (bash) file. Five JSP webshell files are designed to parse inbound requests for commands for execution, download files, and upload files. One JSP webshell file contains a form with input fields that prompts the attacker to enter the command in the input box and click "run" to execute. The command output will be displayed in a JSP page. The bash file is designed to perform ldapsearch queries and store the output into a newly created directory.

#uscert #csirt #cert #EN #2022 #Malware #Analysis #Report #AR22-270A #Zimbra

·cisa.gov·Sep 28, 2022

MAR-10400779-1.v1 – Zimbra 1

Lazarus ‘Operation In(ter)ception’ Targets macOS Users Dreaming of Jobs in Crypto

First Coinbase, now Crypto.com. Lazarus campaign targets more crypto exchange platform job seekers with multi-stage malware.

#sentinelone #EN #2022 #Lazarus #Lazarus-Group #crypto #macOS #operation #APT38

·sentinelone.com·Sep 28, 2022

Lazarus ‘Operation In(ter)ception’ Targets macOS Users Dreaming of Jobs in Crypto

Slack’s and Teams’ Lax App Security Raises Alarms

New research shows how third-party apps could be exploited to infiltrate these sensitive workplace tools.

#wired #EN #2022 #Microsoft #Teams #Slack #third-party #app #research

·wired.com·Sep 27, 2022

Slack’s and Teams’ Lax App Security Raises Alarms

Poseidon’s Offspring: Charybdis and Scylla

HUMAN's Satori Threat Intelligence and Research Team uncovered a network of 89 Android and iOS apps committing various flavors of ad fraud.

#humansecurity #EN #2022 #Android #iOS #ad-fraud #Charybdis #Scylla

·humansecurity.com·Sep 26, 2022

Poseidon’s Offspring: Charybdis and Scylla

In the footsteps of the Fancy Bear: PowerPoint mouse-over event abused to deliver Graphite implants

Analysis of APT28/Fancy Bear PowerPoint mouse-over campaign

#cluster25 #2022 #EN #APT28 #IoCs #FancyBear #PowerPoint #campaign #mouse-over #Analysis

·blog.cluster25.duskrise.com·Sep 26, 2022

In the footsteps of the Fancy Bear: PowerPoint mouse-over event abused to deliver Graphite implants

GRU: Rise of the (Telegram) MinIOns

Multiple self-proclaimed hacktivist groups are conducting attacks in support of Russian interests.

#Mandiant #EN #2022 #Telegram #GRU #Russia-Ukraine-war #hacktivist #Russia #Analysis

·mandiant.com·Sep 26, 2022

GRU: Rise of the (Telegram) MinIOns

BitBucket Server and Data Center at risk via Command Injection Vulnerability

Cyble analyzes CVE-2022-36804 affecting Atlassian Bitbucket and how Threat Actors may exploit this in the near future.

#cyble #EN #2022 #BitBucket #Atlassian #CVE-2022-26134 #CVE-2022-26138

·blog.cyble.com·Sep 26, 2022

BitBucket Server and Data Center at risk via Command Injection Vulnerability

New Malware Campaign Targets Zoom Users

Cyble Research and Intelligence Labs analyzes a new malware campaign targeting Zoom users.

#cyble #EN #2022 #Malware #Zoom #Vidar #Stealer

·blog.cyble.com·Sep 26, 2022

New Malware Campaign Targets Zoom Users

2K Games' Support System Hacked

2K Games Support System was hacked by an unknown hacker group targeting gamers via a fake user ticketing system.

#thecyberexpress #EN #2022 #RedLine #stealer #2K-Games #gamers

·thecyberexpress.com·Sep 26, 2022

2K Games' Support System Hacked

Microsoft Issues Out-of-Band Patch for Flaw Allowing Lateral Movement, Ransomware Attacks

Microsoft this week released an out-of-band security update for its Endpoint Configuration Manager solution to patch a vulnerability that could be useful to malicious actors for moving around in a targeted organization’s network. The vulnerability is tracked as CVE-2022-37972 and it has been described by Microsoft as a medium-severity spoofing issue. The tech giant has credited Brandon Colley of Trimarc Security for reporting the flaw.

#Microsoft #EN #2022 #CVE-2022-37972 #Endpoint-Configuration-Manager #patch #vulnerability

·securityweek.com·Sep 25, 2022

Microsoft Issues Out-of-Band Patch for Flaw Allowing Lateral Movement, Ransomware Attacks

Tarfile: Exploiting the World With a 15-Year-Old Vulnerability

Trellix Advanced Research Center stumbled across a vulnerability in Python’s tarfile module. As we dug into the issue, we realized this was in fact CVE-2007-4559. The vulnerability is a path traversal attack in the extract and extractall functions in the tarfile module that allow an attacker to overwrite arbitrary files by adding the “..” sequence to filenames in a TAR archive. Over the course of our research into the impact of this vulnerability we discovered that hundreds of thousands of repositories were vulnerable to this vulnerability. While the vulnerability was originally only marked as a 6.8, we were able to confirm that in most cases an attacker can gain code execution from the file write.

#trellix #EN #2022 #CVE-2007-4559 #tarfile #Python #vulnerability

·trellix.com·Sep 25, 2022

Tarfile: Exploiting the World With a 15-Year-Old Vulnerability

Noberus Ransomware: Darkside and BlackMatter Successor Continues to Evolve its Tactics

New version of Exmatter, and Eamfo malware, used by attackers deploying the Rust-based ransomware.

#symantec-enterprise-blogs #EN #2022 #Noberus #Ransomware #BlackMatter #rust #Darkside #Exmatter #Eamfo #ransomware-as-a-service

·symantec-enterprise-blogs.security.com·Sep 24, 2022

Noberus Ransomware: Darkside and BlackMatter Successor Continues to Evolve its Tactics

Malicious OAuth applications abuse cloud email services to spread spam

Microsoft discovered an attack where attackers installed a malicious OAuth application in compromised tenants and used their Exchange Online service to launch spam runs.

#microsoft #EN #2022 #Exchange #OAuth #abuse #spam #attack

·microsoft.com·Sep 23, 2022

Malicious OAuth applications abuse cloud email services to spread spam

Void Balaur | The Sprawling Infrastructure of a Careless Mercenary

The Void Balaur cyber mercenary group has thrived throughout 2022, attacking targets on a global scale with new phishing campaigns.

#sentinelone #EN #2022 #mercenary #Void-Balaur #phishing #hack-for-hire

·sentinelone.com·Sep 23, 2022

Void Balaur | The Sprawling Infrastructure of a Careless Mercenary

The Apple security landscape: Moving into the world of enterprise risk

With the enterprise adoption of MacOS and iOS devices increasing, the Apple security landscape is becoming increasingly complex.

#venturebeat #EN #2022 #MacOS #iOS #security #enterprise #landscape

·venturebeat.com·Sep 23, 2022

The Apple security landscape: Moving into the world of enterprise risk

Iranian State Actors Conduct Cyber Operations Against the Government of Albania

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory to provide information on recent cyber operations against the Government of Albania in July and September. This advisory provides a timeline of activity observed, from initial access to execution of encryption and wiper attacks. Additional information concerning files used by the actors during their exploitation of and cyber attack against the victim organization is provided in Appendices A and B.

#cisa #EN #2022 #uscert #csirt #cert #US #Iran #Albania #attribution #IoCs #FBI

·cisa.gov·Sep 22, 2022

Iranian State Actors Conduct Cyber Operations Against the Government of Albania

Apple Kills Passwords in iOS 16 and macOS Ventura | WIRED

With iOS 16 and macOS Ventura, Apple is introducing passkeys—a more convenient and secure alternative to passwords.

#wired #EN #2022 #apple #privacy #passwords #ios #macOS #iOS #passkeys

·wired.com·Sep 22, 2022

Apple Kills Passwords in iOS 16 and macOS Ventura | WIRED

Domain Shadowing: A Stealthy Use of DNS Compromise for Cybercrime

Domain shadowing is a special case of DNS hijacking where attackers stealthily create malicious subdomains under compromised domain names.

#paloaltonetworks #EN #2022 #DNS #hijacking #Domain #shadowing #analysis #IoCs #Domain-shadowing

·unit42.paloaltonetworks.com·Sep 22, 2022

Domain Shadowing: A Stealthy Use of DNS Compromise for Cybercrime

Revealed: US Military Bought Mass Monitoring Tool That Includes Internet Browsing, Email Data

The “Augury” platform includes highly sensitive network data that Team Cymru, a private company, is selling to the military. “It’s everything. There’s nothing else to capture except the smell of electricity,” one cybersecurity expert said.

#vice #EN #2022 #Augury #Cymru #U.S.#military #NCIS #privacy

·vice.com·Sep 22, 2022

Revealed: US Military Bought Mass Monitoring Tool That Includes Internet Browsing, Email Data

Los Angeles School District Hit by Ransomware Attack

California's largest public school district and the second-largest in the U.S. is undergoing a ransomware attack. The attack has disrupted the district's email

#databreachtoday #EN #2022 #ransomware #Los-Angeles #PYSA #Ryuk #School #K-12

·databreachtoday.com·Sep 22, 2022

Los Angeles School District Hit by Ransomware Attack

Online Attack Disrupts Michigan School District for 2nd Day

School is out for more than 3,000 students of a suburban Detroit district undergoing its second day of forensics analysis following an online attack. Students have