Search cyberveille.decio.ch

Found 279 bookmarks

Custom sorting

LockBit ransomware suspect nabbed in Canada, faces charges in the US

Automation features make LockBit one of the more destructive pieces of ransomware. Federal prosecutors on Thursday charged a dual Russian and Canadian national for his alleged participation in a global campaign to spread ransomware known as LockBit. Mikhail Vasiliev, 33, of Bradford, Ontario, Canada, was taken into custody in late October by authorities in Ontario, officials at Interpol said. He is now in custody in Canada awaiting extradition to the US.

#arstechnica #EN #2022 #LockBit #Canada #member #arrest

·arstechnica.com·Nov 13, 2022

LockBit ransomware suspect nabbed in Canada, faces charges in the US

How Vice Society got away with a global ransomware spree | Ars Technica

Vice Society has a superpower that’s allowed it to quietly thrive: Mediocrity.

#arstechnica #EN #2022 #vice-society #mediocrity #opinion #school

·arstechnica.com·Oct 22, 2022

How Vice Society got away with a global ransomware spree | Ars Technica

How 3 hours of inaction from Amazon cost cryptocurrency holders $235,000

For 2nd time in 4 years, Amazon loses control of its IP space in BGP hijacking.

#arstechnica #EN #2022 #BGP #cryptocurrency #hijacking #Amazon

·arstechnica.com·Oct 5, 2022

How 3 hours of inaction from Amazon cost cryptocurrency holders $235,000

Breach of software maker used to backdoor as many as 200,000 servers

Hack of FishPig distribution server used to install Rekoobe on customer systems.

#arstechnica #EN #2022 #FishPig #Rekoobe

·arstechnica.com·Sep 14, 2022

Breach of software maker used to backdoor as many as 200,000 servers

Phishers who breached Twilio and targeted Cloudflare could easily get you, too

Unusually resourced threat actor has targeted multiple companies in recent days.

#arstechnica #EN #2022 #Twilio #cloudflare #phishing #threat

·arstechnica.com·Aug 14, 2022

Phishers who breached Twilio and targeted Cloudflare could easily get you, too

Discovery of new UEFI rootkit exposes an ugly truth: The attacks are invisible to us

Turns out they're not all that rare. We just don't know how to find them.

#arstechnica #EN #2022 #UEFI #rootkit #bootkit

·arstechnica.com·Jul 30, 2022

Discovery of new UEFI rootkit exposes an ugly truth: The attacks are invisible to us

Google Play hides app permissions in favor of developer-written descriptions

Let's hope nobody lies about what permissions their app uses.

#arstechnica #EN #2022 #google-play #app #permissions #developer-written

·arstechnica.com·Jul 17, 2022

Google Play hides app permissions in favor of developer-written descriptions

Ongoing phishing campaign can hack you even when you’re protected with MFA

Campaign that steals email has targeted at least 10,000 organizations since September.

#arstechnica #EN #2022 #phishing #microsoft #MFA #campaign

·arstechnica.com·Jul 17, 2022

Ongoing phishing campaign can hack you even when you’re protected with MFA

A new vulnerability in Intel and AMD CPUs lets hackers steal encryption keys

Hertzbleed attack targets power-conservation feature found on virtually all modern CPUs.

#arstechnica #2022 #EN #Microprocessors #Hertzbleed #power-conservation #AMD #Intel #DVFS #x86 #side-channel #attack #keys #vulnerabilies

·arstechnica.com·Jun 15, 2022

A new vulnerability in Intel and AMD CPUs lets hackers steal encryption keys

Researchers devise iPhone malware that runs even when device is turned off

Research is largely theoretical but exposes an overlooked security issue.

#arstechnica #EN #2022 #iPhone #study #malware #Bluetooth #Darmstadt #university

·arstechnica.com·May 18, 2022

Researchers devise iPhone malware that runs even when device is turned off

Zyxel silently patches command-injection vulnerability with 9.8 severity rating

Flaw makes it possible to install web shell to maintain control of affected devices.

#CVE-2022-30525 #Zyxel #arstechnica #vulnerability #Firewall

·arstechnica.com·May 13, 2022

Zyxel silently patches command-injection vulnerability with 9.8 severity rating

Researcher uses 379-year-old algorithm to crack crypto keys found in the wild

It takes only a second to crack the handful of weak keys. Are there more out there?

#CVE-2022-26320 #arstechnica #2022 #EN #RSA #crack #keys #SafeZone

·arstechnica.com·Apr 15, 2022

Researcher uses 379-year-old algorithm to crack crypto keys found in the wild

Russia’s Sandworm hackers attempted a third blackout in Ukraine

The attack was the first in five years to use Sandworm's Industroyer malware.

#Sandworm #Industroyer #arstechnica #2022 #EN #cyberwar #Ukraine #blackout #malware #ICS

·arstechnica.com·Apr 13, 2022

Russia’s Sandworm hackers attempted a third blackout in Ukraine

Explaining Spring4Shell: The Internet security disaster that wasn’t

Vulnerability in the Spring Java Framework is important, but it's no Log4Shell.

#arstechnica #2022 #EN #Spring4Shell #Java

·arstechnica.com·Apr 4, 2022

Explaining Spring4Shell: The Internet security disaster that wasn’t

Lapsus$ and SolarWinds hackers both use the same old trick to bypass MFA

Not all MFA is created equal, as script kiddies and elite hackers have shown recently.

#arstechnica #2022 #EN #MFA #prompt-bombing

·arstechnica.com·Mar 29, 2022

Lapsus$ and SolarWinds hackers both use the same old trick to bypass MFA

Behold, a password phishing site that can trick even savvy users

Just when you thought you'd seen every phishing trick out there, BitB comes along.

#Behold #password #arstechnica #EN #2022 #phishing #BitB

·arstechnica.com·Mar 27, 2022

Behold, a password phishing site that can trick even savvy users

Sabotage: Code added to popular NPM package wiped files in Russia and Belarus | Ars Technica

When code with millions of downloads nukes user files, bad things can happen.

#Sabotage #arstechnica #EN #2022 #NPM #Russia #cyberwar #node-ipc #package #CVE-2022-23812

·arstechnica.com·Mar 19, 2022

Sabotage: Code added to popular NPM package wiped files in Russia and Belarus | Ars Technica

New method that amplifies DDoSes by 4 billion-fold. What could go wrong?

New method also stretches out DDoS durations to 14 hours.

#DDoS #arstechnica #EN #2022 #amplification

·arstechnica.com·Mar 9, 2022

New method that amplifies DDoSes by 4 billion-fold. What could go wrong?

Cybercriminals who breached Nvidia issue one of the most unusual demands ever

Chipmaker has until Friday to comply or see its crown-jewel source code released.

#Nvidia #2022 #EN #ransom #demands #code #arstechnica

·arstechnica.com·Mar 6, 2022

Cybercriminals who breached Nvidia issue one of the most unusual demands ever

VMware Horizon servers are under active exploit by Iranian state hackers

Hackers aligned with the government of Iran are exploiting the critical Log4j vulnerability to infect unpatched VMware users with ransomware, researchers said on Thursday.

#arstechnica #log4shell #EN #2022 #TunnelVision #Iranian #VMware #Horizon #CVE-2021-44228

·arstechnica.com·Feb 18, 2022

VMware Horizon servers are under active exploit by Iranian state hackers

Flood of malicious junk traffic makes Ukrainian websites unreachable | Ars Technica

DDoS temporarily take out sites as Ukraine stares down Russian soldiers at its border.

#DDoS #2022 #EN #Ukraine #arstechnica

·arstechnica.com·Feb 16, 2022

Flood of malicious junk traffic makes Ukrainian websites unreachable | Ars Technica

Backdoor RAT for Windows, macOS, and Linux went undetected until now | Ars Technica

Never-before-seen, cross-platform SysJoker came from an "advanced threat actor."

#Backdoor #RAT #EN #arstechnica #SysJoker #APT

·arstechnica.com·Feb 15, 2022

Backdoor RAT for Windows, macOS, and Linux went undetected until now | Ars Technica

In a first, cryptographic keys protecting SSH connections stolen in new attack | Ars Technica

An error as small as a single flipped memory bit is all it takes to expose a private key. The vulnerability occurs when there are errors during the signature generation that takes place when a client and server are establishing a connection. It affects only keys using the RSA cryptographic algorithm, which the researchers found in roughly a third of the SSH signatures they examined. That translates to roughly 1 billion signatures out of the 3.2 billion signatures examined. Of the roughly 1 billion RSA signatures, about one in a million exposed the private key of the host.

#arstechnica #EN #2023 #SSH #RSA #cryptographic #algorithm #error #vulnerability

·arstechnica.com·Nov 16, 2023

In a first, cryptographic keys protecting SSH connections stolen in new attack | Ars Technica

Intel fixes high-severity CPU bug that causes “very strange behavior”

Among other things, bug allows code running inside a VM to crash hypervisors.

#arstechnica #EN #2023 #reptar #Intel #CPU #CVE-2023-23583 #bug

·arstechnica.com·Nov 16, 2023

Intel fixes high-severity CPU bug that causes “very strange behavior”