Search cyberveille.decio.ch

Found 3149 bookmarks

Custom sorting

On Bypassing eBPF Security Monitoring

There are many security solutions available today that rely on the Extended Berkeley Packet Filter (eBPF) features of the Linux kernel to monitor kernel functions. Such a paradigm shift in the latest monitoring technologies is being driven by a variety of reasons

#doyensec #doyensecurity #EN #2022 #vulnerability #exploit #eBPF #bypass #research

·blog.doyensec.com·Oct 13, 2022

On Bypassing eBPF Security Monitoring

Black Basta Ransomware Gang Infiltrates networks via QAKBOT, Brute Ratel, and Cobalt Strike

We analyzed a QAKBOT-related case leading to a Brute Ratel C4 and Cobalt Strike payload that can be attributed to the threat actors behind the Black Basta ransomware.

#trendmicro #EN #2022 #malware #research #network #reports #cyber-threats #QAKBOT #BruteRatelC4 #BlackBasta

·trendmicro.com·Oct 13, 2022

Black Basta Ransomware Gang Infiltrates networks via QAKBOT, Brute Ratel, and Cobalt Strike

POLONIUM targets Israel with Creepy malware

ESET researchers analyzed previously undocumented custom backdoors and cyberespionage tools deployed in Israel by the POLONIUM APT group.

#welivesecurity #EN #2022 #research #POLONIUM #Israel #malware #APT

·welivesecurity.com·Oct 13, 2022

POLONIUM targets Israel with Creepy malware

Malicious WhatsApp mod distributed through legitimate apps

The malicious version of YoWhatsApp messenger, containing Triada trojan, was spreading through ads in the popular Snaptube app and the Vidmate app's internal store.

#securelist #EN #2022 #Trojan #WhatsApp #malicious #Snaptube

·securelist.com·Oct 12, 2022

Malicious WhatsApp mod distributed through legitimate apps

Ransomware : qui paie et pourquoi ?

Assurément passionné, le débat sur l’indemnisation des rançons par les assurances cyber souffre d’absents majeurs : les victimes de cyberattaque avec ransomware ayant cédé au chantage. Mais qui sont-elles ?

#lemagit #FR #2022 #ransomware #cyberattaque #PME #payer

·lemagit.fr·Oct 12, 2022

Ransomware : qui paie et pourquoi ?

The Fresh Phish Market: Behind the Scenes of the Caffeine Phishing-as-a-Service Platform

Bad actors are using a shared Phishing-as-a-Service platform called “Caffeine”.

#mandiant #EN #2022 #Caffeine #Phishing-as-a-Service #Platform

·mandiant.com·Oct 11, 2022

The Fresh Phish Market: Behind the Scenes of the Caffeine Phishing-as-a-Service Platform

New US Executive Order unlikely to satisfy EU law

Today, the US government published an executive order, allegedly limiting US surveillance. This is a first statement by noyb.

#noyb #EN #2022 #EU #US #privacy-shield #privacy #statement #executive-order #surveillance

·noyb.eu·Oct 10, 2022

New US Executive Order unlikely to satisfy EU law

Fake Ransomware Infection Under widespread

Cyble Research and Intelligence Labs analyzes Fake ransomware, a destructive malware capable of wiping out system drives.

#cyble #EN #2022 #Fake #Ransomware #dell.exe #Analysis

·blog.cyble.com·Oct 10, 2022

Fake Ransomware Infection Under widespread

Software Supply Chain Attackers; Organized, Persistent, and Operating for over a Year

Checkmarx discovered ~200 malicious NPM packages with thousands of installations linked to an attack group called “LofyGang”.

#Medium #LofyGang #EN #2022 #Jossef_Harush #npm #supply-chain #attack

·medium.com·Oct 10, 2022

Software Supply Chain Attackers; Organized, Persistent, and Operating for over a Year

On Agent Compromise in the Field

In 2017, a team of New York Times journalists revealed that, beginning in 2010, Beijing’s counterintelligence apparatus had systematically rolled up the CIA’s sources in China.

#thebrushpass #projectbrazen #EN #2022 #China #US #spy #Compromise #2017 #counterintelligence

·thebrushpass.projectbrazen.com·Oct 9, 2022

On Agent Compromise in the Field

Major Mexican Government Hack Reveals Military Abuse and Spying

Hackers infiltrated the Mexican Defense Ministry, publishing millions of emails that detail the military’s growing influence over the civilian government.

#nytimes #EN #2022 #hacktivism #Mexico #leak #Military #Spying #Government

·nytimes.com·Oct 9, 2022

Major Mexican Government Hack Reveals Military Abuse and Spying

Hackers release data after LAUSD refuses to pay ransom

Hackers released data from Los Angeles Unified School District on Saturday, a day after Supt. Alberto Carvalho said he would not negotiate with or pay a ransom to the criminal syndicate.

#latimes #2022 #LAUSD #leak #ransom #school #edu #vice-society

·latimes.com·Oct 9, 2022

Hackers release data after LAUSD refuses to pay ransom

The Majority of PostgreSQL Servers on the Internet are Insecure

At most 15% of the approximately 820,000 PostgreSQL servers listening on the Internet require encryption. In fact, only 36% even support encryption. This puts PostgreSQL servers well behind the rest of the Internet in terms of security. In comparison, according to Google, over 96% of page loads in Chrome on a Mac are encrypted. The top 100 websites support encryption, and 97 of those default to encryption.

#innerjoin.bit.io #EN #2022 #PostgreSQL #research #Insecure #internet #medium

·innerjoin.bit.io·Oct 8, 2022

The Majority of PostgreSQL Servers on the Internet are Insecure

Fake CISO Profiles on LinkedIn Target Fortune 500s

Someone has recently created a large number of fake LinkedIn profiles for Chief Information Security Officer (CISO) roles at some of the world’s largest corporations. It’s not clear who’s behind this network of fake CISOs or what their intentions may…

#krebsonsecurity #2022 #EN #CISO #LinkedIn #fake #profiles

·krebsonsecurity.com·Oct 8, 2022

Fake CISO Profiles on LinkedIn Target Fortune 500s

Jamf Threat Labs identifies macOS Archive Utility vulnerability allowing for Gatekeeper bypass (CVE-2022-32910)

Read how macOS vulnerability in Archive Utility could lead to the execution of an unsigned and unnotarized application without displaying security prompts.

#jamf #EN #2022 #Archive #Utility #macOS #vulnerability #CVE-2022-32910 #Gatekeeper #bypass

·jamf.com·Oct 8, 2022

Jamf Threat Labs identifies macOS Archive Utility vulnerability allowing for Gatekeeper bypass (CVE-2022-32910)

White House announces new surveillance guardrails to meet EU Privacy Shield expectations

The executive order will give EU citizens redress for intelligence collection that violates U.S. laws.

#cyberscoop #EN #2022 #privacy #privacy-shield #EU #US #intelligence #legal

·cyberscoop.com·Oct 8, 2022

White House announces new surveillance guardrails to meet EU Privacy Shield expectations

CVE-2022-40684: Critical Authentication Bypass in FortiOS and FortiProxy

Fortinet has patched a critical authentication bypass in its FortiOS and FortiProxy products that could lead to administrator access.

#tenable #EN #2022 #CVE-2022-40684

·tenable.com·Oct 7, 2022

CVE-2022-40684: Critical Authentication Bypass in FortiOS and FortiProxy

CVE-2022-41352

On September 25, 2022, CVE-2022-41352 was filed for Zimbra Collaboration Suite. The vulnerability is a remote code execution flaw that arises from unsafe usage…

#attackerkb #EN #2022 #CVE-2022-41352 #Zimbra #vulnerability

·attackerkb.com·Oct 7, 2022

CVE-2022-41352

Man arrested for alleged data breach SMS scam

A Sydney man, 19, has been charged for allegedly attempting to misuse stolen Optus customer data in a text message blackmail scam.

#afp.gov.au #blackmail #scam #Optus #leak #EN #2022

·afp.gov.au·Oct 6, 2022

Man arrested for alleged data breach SMS scam

MSSQL, meet Maggie. A novel backdoor for Microsoft SQL…

Continuing our monitoring of signed binaries, DCSO CyTec recently found a novel backdoor malware targeting Microsoft SQL servers. The malware comes in form of an “Extended Stored Procedure” DLL, a…

#DCSO_CyTec #EN #2022 #Medium #Maggie #backdoor #malware #MicrosoftSQL #servers

·medium.com·Oct 5, 2022

MSSQL, meet Maggie. A novel backdoor for Microsoft SQL…

How 3 hours of inaction from Amazon cost cryptocurrency holders $235,000

For 2nd time in 4 years, Amazon loses control of its IP space in BGP hijacking.

#arstechnica #EN #2022 #BGP #cryptocurrency #hijacking #Amazon

·arstechnica.com·Oct 5, 2022

How 3 hours of inaction from Amazon cost cryptocurrency holders $235,000

Remove All The Callbacks – BlackByte Ransomware Disables EDR Via RTCore64.sys Abuse

A fresh exploration of the malware uncovers a new tactic for bypassing security products by abusing a known driver vulnerability

#sophos #EN #2022 #BlackByte #Ransomware #Disables #EDR #RTCore64.sys

·news.sophos.com·Oct 5, 2022

Remove All The Callbacks – BlackByte Ransomware Disables EDR Via RTCore64.sys Abuse

MAR-10365227-3.v1 China Chopper Webshells

CISA analyzed 15 files associated with China Chopper malware. The files are modified Offline Address Book (OAB) Virtual Directory (VD) configuration files for Microsoft Exchange servers. The files have been modified with a variant of the China Chopper webshell. The webshells allow an attacker to remotely access the server and execute arbitrary code on the system(s).referenced in this bulletin or otherwise.

#uscert #csirt #cert #en #2022 #CISA #China #Chopper #malware #Analysis

·cisa.gov·Oct 5, 2022

MAR-10365227-3.v1 China Chopper Webshells

MAR-10365227-2.v1 HyperBro

CISA analyzed 4 files associated with HyperBro malware. The files creates a backdoor program that is capable of uploading and downloading files to and from the system. The RAT is also capable of logging keystrokes and executing commands on the system.

#uscert #csirt #cert #CISA #HyperBro #malware #Analysis #RAT #EN #2022

·cisa.gov·Oct 5, 2022

MAR-10365227-2.v1 HyperBro

PHP Supply Chain Attack on Composer

We recently discovered a vulnerability in Composer, the main package manager for PHP, and were able to use it to take over the central repository, packagist.org.

#sonarsource #EN #2022 #php #supplychain #supply-chain #packagist.org

·blog.sonarsource.com·Oct 5, 2022

PHP Supply Chain Attack on Composer

Bumblebee: increasing its capacity and evolving its TTPs

The spring of 2022 saw a spike in activity of Bumblebee loader, a recent threat that has garnered a lot of attention due to its many links to several well-known malware families.

#checkpoint #EN #2022 #Bumblebee #loader #malware #Analysis

·research.checkpoint.com·Oct 4, 2022

Bumblebee: increasing its capacity and evolving its TTPs

Malicious Tor Browser spreads through YouTube

Kaspersky researchers detected OnionPoison campaign: malicious Tor Browser installer spreading through a popular YouTube channel and targeting Chinese users.

#securelist #EN #2022 #Kaspersky #Malware-Descriptions #Onion #Social-engineering #Targeted-attacks #TOR #YouTube #Chine

·securelist.com·Oct 4, 2022

Malicious Tor Browser spreads through YouTube

A glimpse into the shadowy realm of a Chinese APT: detailed analysis of a ShadowPad intrusion – NCC Group Research

This post explores some of the TTPs employed by a threat actor who was observed deploying ShadowPad during an incident response engagement.

#nccgroup #EN #2022 #TTP #research #ShadowPad #CVE-2022-29464 #secur32.dll

·research.nccgroup.com·Oct 3, 2022

A glimpse into the shadowy realm of a Chinese APT: detailed analysis of a ShadowPad intrusion – NCC Group Research

DeftTorero TTPs in 2019–2021

Earlier this year, we started hunting for possible new DeftTorero (aka Lebanese Cedar, Volatile Cedar) artifacts. This threat actor is believed to originate from the Middle East and was publicly disclosed to the cybersecurity community as early as 2015. Notably, no other intelligence was shared until 2021, which led us to speculate on a possible shift by the threat actor to more fileless/LOLBINS techniques, and the use of known/common offensive tools publicly available on the internet that allows them to blend in.

#securelist #EN #2022 #DeftTorero #LebaneseCedar #Lebanon #webshell

·securelist.com·Oct 3, 2022

DeftTorero TTPs in 2019–2021

Bad VIB(E)s Part One: Investigating Novel Malware Persistence Within ESXi Hypervisors | Mandiant

Earlier this year, Mandiant identified a novel malware ecosystem impacting VMware ESXi, Linux vCenter servers, and Windows virtual machines that enables a threat actor to take the following actions: 1) Maintain persistent administrative access to the hypervisor 2) Send commands to the hypervisor that will be routed to the guest VM for execution 3) Transfer files between the ESXi hypervisor and guest machines running beneath it 4) Tamper with logging services on the hypervisor

#mandiant #EN #2022 #esxi #hypervisors #malware #BadVIB(E)s #0-day

·mandiant.com·Oct 3, 2022

Bad VIB(E)s Part One: Investigating Novel Malware Persistence Within ESXi Hypervisors | Mandiant