Search cyberveille.decio.ch

Found 3153 bookmarks

Custom sorting

EvilProxy Phishing-as-a-Service with MFA Bypass Emerged in Dark Web

Following the recent Twilio hack leading to the leakage of 2FA (OTP) codes, cybercriminals continue to upgrade their attack arsenal to orchestrate advanced phishing campaigns targeting users worldwide. Resecurity has recently identified a new Phishing-as-a-Service (PhaaS) called EvilProxy advertised in the Dark Web. On some sources the alternative name is Moloch, which has some connection to a phishing-kit developed by several notable underground actors who targeted the financial institutions and e-commerce sector before.

#Resecurity #EN #2022 #EvilProxy #Phishing-as-a-Service #MFA #Bypass #2FA

·resecurity.com·Sep 5, 2022

EvilProxy Phishing-as-a-Service with MFA Bypass Emerged in Dark Web

Malicious Cookie Stuffing Chrome Extensions with 1.4 Million Users

A few months ago, we blogged about malicious extensions redirecting users to phishing sites and inserting affiliate IDs into cookies of eCommerce sites. Since that time, we have investigated several other malicious extensions and discovered 5 extensions with a total install base of over 1,400,000 "...the extensions also track the user’s browsing activity."

#mcafee #2022 #EN #malicious #extensions #Chrome #Analysis #privacy #browser #cookie #Stuffing

·mcafee.com·Sep 5, 2022

Malicious Cookie Stuffing Chrome Extensions with 1.4 Million Users

Sharkbot is back in Google Play

Authored by Alberto Segura (main author) and Mike Stokkel (co-author) Introduction After we discovered in February 2022 the SharkBotDropper in Google Play posing as a fake Android antivirus and cleaner, now we have detected a new version of this dropper active in the Google Play and dropping a new version of Sharkbot.This new dropper doesn't…

#fox-it #EN #2022 #sharkbot #SharkBotDropper #GooglePlay #antivirus #cleaner #fake

·blog.fox-it.com·Sep 5, 2022

Sharkbot is back in Google Play

Peut-on encore, en Suisse, recourir à des services cloud offerts par Microsoft ?

Dans une prise de position publiée le 13 juin 2022, le Préposé fédéral à la protection des données et à la transparence a estimé que le recours aux services cloud M365 de Microsoft serait susceptible de violer la Loi fédérale sur la protection des données, quand bien même le projet de la Caisse nationale suisse d'assurance en cas d'accidents (SUVA) envisage que les données soient hébergées en Suisse et que le cocontractant du responsable du traitement soit une entité européenne du Groupe Microsoft.

#swissprivacy #FR #2022 #CH #Suisse #Préposé-fédéral #Microsoft #cloud #protection #données #Cloud-Act

·swissprivacy.law·Sep 5, 2022

Peut-on encore, en Suisse, recourir à des services cloud offerts par Microsoft ?

Adoption de l’OPDo et confirmation de l’entrée en vigueur de la nLPD

Comme cela était attendu, le Conseil fédéral a adopté les projets d’Ordonnance sur la protection des données (OPDo) et d’Ordonnance sur les certifications en matière de protection des données (OCPD) Plus rien ne s’oppose donc à l’entrée en vigueur de la Loi sur la protection des données révisée (nLPD) le 1er septembre 2023. Le Conseil fédéral a en effet souhaité laisser encore un peu de temps aux petites et moyennes entreprises pour se mettre en conformité.

#smetille #CH #FR #2022 #legal #nLPD #lois #protection #OPDo #données #Suisse #Switzerland #law

·smetille.ch·Sep 3, 2022

Adoption de l’OPDo et confirmation de l’entrée en vigueur de la nLPD

Hackers Create Traffic Jam in Moscow by Ordering Dozens of Taxis at Once Through App

Attackers attempted to disrupt ride-hailing app service on Thursday, the company confirmed.

#vice #EN #2022 #Yandex #Moscow #Taxis #app #hacked #traffic #jam #Hackers

·vice.com·Sep 3, 2022

Hackers Create Traffic Jam in Moscow by Ordering Dozens of Taxis at Once Through App

PyPI Phishing Campaign | JuiceLedger Threat Actor Pivots From Fake Apps to Supply Chain Attacks

A new threat actor is spreading infostealer malware through targeted attacks on developers and fraudulent cryptotrading applications.

#sentinelone #EN #2022 #PyPI #JuiceLedger #infostealer #malware #ANALYSIS

·sentinelone.com·Sep 3, 2022

PyPI Phishing Campaign | JuiceLedger Threat Actor Pivots From Fake Apps to Supply Chain Attacks

Tech tool offers police ‘mass surveillance on a budget’

Local law enforcement agencies from suburban Southern California to rural North Carolina have been using an obscure cellphone tracking tool, at times without search warrants, that gives them the power to follow people’s movements months back in time, according to public records and internal emails obtained by The Associated Press.

#ApNews #EN #2022 #AP-Investigations #Technology #Police #California #Arkansas #Weekend-Reads #North-Carolina #privacy #Government-surveillance #Law-enforcement-agencies #Criminal-investigations

·apnews.com·Sep 3, 2022

Tech tool offers police ‘mass surveillance on a budget’

Researchers found one-click exploits in Discord and Teams

A group of security researchers found a series of vulnerabilities in the software underlying popular apps like Discord, Microsoft Teams, Spotify and many others

#malwarebytes #EN #2022 #Electron #vulnerability

·malwarebytes.com·Aug 31, 2022

Researchers found one-click exploits in Discord and Teams

Zimbra Open Bucket Data Leak – Responsible Disclosure

Hundreds of millions use Zimbra, an all-in-one business productivity suite for micro, small, medium & enterprise in-office and remote work teams. The Zimbra Inc company was acquired by Synacor Inc

#backbox #EN #2022 #Leak #Zimbra #Disclosure #Bucket

·members.backbox.org·Aug 31, 2022

Zimbra Open Bucket Data Leak – Responsible Disclosure

Traffers: a deep dive into the information stealer ecosystem

Traffers are responsible for redirecting user traffic to malicious content (malware, fraud, phishing, scam) exploited by other threat actors.

#sekoia #EN #2022 #Traffers #traffic #web #stealer

·blog.sekoia.io·Aug 31, 2022

Traffers: a deep dive into the information stealer ecosystem

Cette entreprise vend des données aussi sensibles que des visites dans des centres IVG - Numerama

La Federal Trade Commission, l'agence responsables des bonnes pratiques commerciales aux États-Unis, a lancé une procédure judiciaire contre Kocheva, un groupe chargé du traitement de données de milliers d'entreprises, dont Googles Ads, TikTok ou Tinder. Cette société est accusée de revendre des informations très

#numerama #FR #2022 #Ftc #US #Kochava #data-broker #privacy

·numerama.com·Aug 31, 2022

Cette entreprise vend des données aussi sensibles que des visites dans des centres IVG - Numerama

FTC says data broker sold consumers’ precise geolocation, including presence at sensitive healthcare facilities

When people seek medical care or visit other sensitive locations, they may think their presence is confidential.

#ftc #US #EN #2022 #Kochava #data-broker #locations #privacy

·ftc.gov·Aug 31, 2022

FTC says data broker sold consumers’ precise geolocation, including presence at sensitive healthcare facilities

Notice of Recent Security Incident

We have no evidence that this incident involved any access to customer data or encrypted password vaults. Our products and services are operating normally.

#lastpass #EN #2022 #incident #unauthorized #access

·blog.lastpass.com·Aug 29, 2022

Notice of Recent Security Incident

Detecting Scatter Swine: Insights into a relentless phishing campaign

Twilio recently identified unauthorized access to information related to 163 Twilio customers, including Okta.

#okta #2022 #EN #unauthorized #access #Twilio #phishing

·sec.okta.com·Aug 29, 2022

Detecting Scatter Swine: Insights into a relentless phishing campaign

Kimsuky’s GoldDragon cluster and its C2 operations | Securelist

Kimsuky is a prolific and active threat actor primarily targeting Korea-related entities. In early 2022, we observed this group was attacking the media and a think-tank in South Korea.

#securelist #2022 #EN #APT #Keyloggers #Kimsuky #Malware-Descriptions #Microsoft-Word #Spear-phishing #Targeted-attacks #North-Korea

·securelist.com·Aug 28, 2022

Kimsuky’s GoldDragon cluster and its C2 operations | Securelist

Spyware italiano nel mondo.

La sorveglianza europea parte da un’azienda italiana

#investigation #spyware #Italia #IT #2022 #Hermit #Tykelab

·telegra.ph·Aug 28, 2022

Spyware italiano nel mondo.

Revealing Europe's NSO

An Italian surveillance company is tracking people all over the world on a grand scale on behalf of its clients – including in countries with a recent history of corruption and human rights abuses. Its powerful spyware was recently found in Kazakhstan and Romania. Europe’s parliamentarians voice growing concern about an out-of-control surveillance industry and call for it to be regulated.

#lighthousereports #EN #2022 #Investigation #Tykelab #Hermit #spyware

·lighthousereports.nl·Aug 28, 2022

Revealing Europe's NSO

IAM Whoever I Say IAM :: Infiltrating VMWare Workspace ONE Access Using a 0-Click Exploit

On March 2nd, I reported several security vulnerabilities to VMWare impacting their Identity Access Management (IAM) solution. In this blog post I will discu...

#srcincite #EN #2022 #0-Click #VMWare #IAM #WorkspaceOne #vulnerabilities

·srcincite.io·Aug 27, 2022

IAM Whoever I Say IAM :: Infiltrating VMWare Workspace ONE Access Using a 0-Click Exploit

An interview with initial access broker Wazawaka: 'There is no such money anywhere as there is in ransomware

Editor’s Note: Last April, a ransomware group threatened to expose police informants and other sensitive information if the Washington, D.C. Metropolitan Police Department did not pay a demand. The brazen attack was the work of a gang known as Babuk, which in early 2021 gained a reputation for posting stolen databases on its website from victims that refused to pay a ransom. Just days after it tried to extort the Metropolitan Police Department, Babuk announced it was closing its ransomware affiliate program, and would focus on data theft and extortion instead.

#therecord #EN #2022 #Wazawaka #Babuk #interview #ransomware #criminal

·therecord.media·Aug 27, 2022

An interview with initial access broker Wazawaka: 'There is no such money anywhere as there is in ransomware

Linux Kernel Exploit (CVE-2022-32250) with mqueue

Netfilter is a framework in the Linux kernel for implementing various networking-related tasks with user-defined handlers. Netfilter provides various functions for packet filtering, network address translation and port translation, and packet logging. Netfilter represents a set of hooks that allow other kernel modules to register callback functions in the kernel’s networking stack.

#theori #EN #2022 #exploit #Linux #mqueue #CVE-2022-32250 #Kernel

·blog.theori.io·Aug 26, 2022

Linux Kernel Exploit (CVE-2022-32250) with mqueue

Roasting 0ktapus: The phishing campaign going after Okta identity credentials

Over 130 organizations have been compromised in a sophisticated attack using simple phishing kits

#group-ib #EN #2022 #phishing #Okta #0ktapus #identity #campaign

·blog.group-ib.com·Aug 25, 2022

Roasting 0ktapus: The phishing campaign going after Okta identity credentials

Looking for the ‘Sliver’ lining: Hunting for emerging command-and-control frameworks - Microsoft Security Blog

Threat actors evade detection by adopting the Sliver command-and-control (C2) framework in intrusion campaigns.

#microsoft #EN #2022 #Sliver #C2 #framework #command-and-control #threat-actor

·microsoft.com·Aug 25, 2022

Looking for the ‘Sliver’ lining: Hunting for emerging command-and-control frameworks - Microsoft Security Blog

MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone

Microsoft security researchers have discovered a post-compromise capability we’re calling MagicWeb, which is used by a threat actor we track as NOBELIUM to maintain persistent access to compromised environments.

#Microsoft #MagicWeb #EN #2022 #NOBELIUM #APT29 #CozyBear

·microsoft.com·Aug 24, 2022

MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone

Legitimate SaaS Platforms Being Used to Host Phishing Attacks

Platform-abuse phishing is on the rise. We analyze how attackers use services such as website builders to host phishing pages.

#unit42 #paloaltonetworks #EN #2022 #phishing #attack #SaaS #abuse #website-builders

·unit42.paloaltonetworks.com·Aug 24, 2022

Legitimate SaaS Platforms Being Used to Host Phishing Attacks

XCSSET Malware Update | macOS Threat Actors Prepare for Life Without Python

New domains and new behavioral indicators, but malware authors stick to tried and tested architecture despite Apple’s updates.

#sentinelone #EN #2022 #XCSSET #macOS #Threat

·sentinelone.com·Aug 23, 2022

XCSSET Malware Update | macOS Threat Actors Prepare for Life Without Python

Vulnerability in Linux containers – investigation and mitigation

Operating system access controls, that constrain which programs can open which files, have existed for almost as long as computers themselves. Access controls are still widely used and are more flexible and efficient when compared to cryptographically protecting files. Despite the long history, ther

#benthamsgaze #EN #2022 #constrain #Linux #containers #investigation #Access #controls

·benthamsgaze.org·Aug 23, 2022

Vulnerability in Linux containers – investigation and mitigation

Break me out of sandbox in old pipe - CVE-2022-22715 Windows Dirty Pipe

In February 2022, Microsoft patched the vulnerability I used in TianfuCup 2021 for escaping Adobe Reader sandbox, assigned CVE-2022-22715. The vulnerability existed in Named Pipe File System nearly 10 years since the AppContainer was born. We called it "Windows Dirty Pipe". In this article, I will share the root cause and exploitation of Windows Dirty Pipe. So let's start our journey.

#whereisk0shl #EN #2022 #CVE-2022-22715 #Windows #Dirty-Pipe #PoC #ANALYSIS

·whereisk0shl.top·Aug 23, 2022

Break me out of sandbox in old pipe - CVE-2022-22715 Windows Dirty Pipe

A Dad Took Photos of His Naked Toddler for the Doctor. Google Flagged Him as a Criminal.

Google has an automated tool to detect abusive images of children. But the system can get it wrong, and the consequences are serious.

#nytimes #EN #2022 #CSAM #scan #Photos #Naked #Toddler #Google #children #Criminal

·nytimes.com·Aug 22, 2022

A Dad Took Photos of His Naked Toddler for the Doctor. Google Flagged Him as a Criminal.

THREAT ANALYSIS REPORT: Bumblebee Loader – The High Road to Enterprise Domain Control

Cybereason GSOC observed distribution of the Bumblebee Loader and post-exploitation activities including privilege escalation, reconnaissance and credential theft. Bumblebee operators use the Cobalt Strike framework throughout the attack and abuse credentials for privilege escalation to access Active Directory, as well as abusing a domain administrator account to move laterally, create local user accounts and exfiltrate data...

#cybereason #EN #2022 #THREAT #ANALYSIS #REPORT #Bumblebee #Loader #CobaltStrike

·cybereason.com·Aug 22, 2022

THREAT ANALYSIS REPORT: Bumblebee Loader – The High Road to Enterprise Domain Control