FBI Disrupts Cyclops Blink Botnet Used by Russian Intelligence Directorate
The Cyclops Blink botnet was controlled by the Russian Fed. Intelligence Directorate (GRU) and compromised thousands of devices worldwide.
DoS attacks hit Finnish websites during Zelenskyy address • The Register
Cyberattacks took down Finnish government websites on Friday while Ukrainian President Volodymyr Zelenskyy addressed Finland's members of parliament (MPs).
Svizzera, covo di spie russe
"Svizzera, covo di spie russe" - Parla un ex agente del KGB scappato a Parigi: questo è un paradiso per le spie del Cremlino e non solo
U.S. Says It Secretly Removed Malware Worldwide, Pre-empting Russian Cyberattacks - The New York Times
The operation is the latest effort by the Biden administration to thwart actions by Russia by making them public before Moscow can strike.
Chinese hackers abuse VLC Media Player to launch malware loader
Security researchers have uncovered a long-running malicious campaign from hackers associated with the Chinese government who are using VLC Media Player to launch a custom malware loader.
MacOS SUHelper Root Privilege Escalation Vulnerability A Deep Dive Into CVE-2022-22639
We discovered a now-patched vulnerability in macOS SUHelper, designated as CVE-2022-22639. If exploited, the vulnerability could allow malicious actors to gain root privilege escalation.
Hackers breach MailChimp's internal tools to target crypto customers
Email marketing firm MailChimp disclosed on Sunday that they had been hit by hackers who gained access to internal customer support and account management tools to steal audience data and conduct phishing attacks.
Hackers Breach Mailchimp Email Marketing Firm to Launch Crypto Phishing Scams
Email marketing service Mailchimp on Monday revealed a data breach that resulted in the compromise of an internal tool to gain unauthorized access to customer accounts and stage phishing attacks.
Ongoing phishing attacks on Trezor users
Trezor users have reported being targeted by a malicious phishing attack on April 3.
Explaining Spring4Shell: The Internet security disaster that wasn’t
Vulnerability in the Spring Java Framework is important, but it's no Log4Shell.
Faille Spring4shell, encore un cauchemar pour les entreprises
Quelques semaines après l'exploit Log4Shell, une autre vulnérabilité zero day concernant cette fois le framework de développement Java Spring a été découverte. Un PoC d'exploit a été publié brièvement et il n'existe pour l'heure pas de correctif.
En Russie, des informations sur la police secrète fuitent à cause d'une appli de livraison
Après une fuite de données massive, l'une des applications de livraison de repas les plus populaires de Russie a révélé d'importantes informations sur les membres de la police secrète du pays.
Complete dissection of an APK with a suspicious C2 Server
During our analysis of the Penquin-related infrastructure we reported in our previous post, we paid special attention to the malicious binaries contacting these IP addresses, since as we showed in the analysis, they had been used as C2 of other threats used by Turla.
Lapsus$: Two UK teenagers charged with hacking for gang
The actions of the relatively new group have led to an international police hunt.
Apple releases macOS 12.3.1, iOS 15.4.1, watchOS 8.5.1 and more - The Mac Security Blog
Apple has just released fixes for two actively exploited vulnerabilities affecting macOS Monterey, iOS 15, and iPadOS 15.
Chinese Hackers Target VMware Horizon Servers with Log4Shell to Deploy Rootkit
A Chinese advanced persistent threat tracked as Deep Panda has been observed exploiting the Log4Shell vulnerability in VMware Horizon servers to deploy a backdoor and a novel rootkit on infected machines with the goal of stealing sensitive data.
New Python-based Ransomware Targeting JupyterLab Web Notebooks
Researchers have disclosed what they say is the first-ever Python-based ransomware strain specifically designed to target exposed Jupyter notebooks, a web-based interactive computing platform that allows editing and running programs via a browser. "The attackers gained initial access via misconfigured environments, then ran a ransomware script that encrypts every file on a given path on the server and deletes itself after execution to conceal the attack," Assaf Morag, a data analyst at Aqua Security, said in a report.
QNAP warns severe OpenSSL bug affects most of its NAS devices
Taiwan-based network-attached storage (NAS) maker QNAP warned on Tuesday that most of its NAS devices are impacted by a high severity OpenSSL bug disclosed two weeks ago. Attackers can exploit the vulnerability, tracked as CVE-2022-0778, to trigger a denial of service state and remotely crash unpatched devices.
Putin's hackers gained full access to Hungary's foreign ministry networks, the Orbán government has been unable to stop them
On December 30, 2021, in Moscow, Russian Foreign Minister Sergey Lavrov pinned the Order of Friendship on the suit of his Hungarian counterpart Péter Szijjártó. Although the medal was presented by Lavrov, it was Russian President Vladimir Putin himself who decided to award it. Not coincidentally, the medal, which is in the form of a wreath of olive branches encircling a globe, includes the inscription “Peace and Friendship” in Cyrillic on the back, is the highest Russian state decoration that can be awarded to a foreigner.
Apple and Meta Gave User Data to Hackers Who Used Forged Legal Requests
Apple Inc. and Meta Platforms Inc., the parent company of Facebook, provided customer data to hackers who masqueraded as law enforcement officials, according to three people with knowledge of the matter. Apple and Meta provided basic subscriber details, such as a customer’s address, phone number and IP address, in mid-2021 in response to the forged “emergency data requests.” Normally, such requests are only provided with a search warrant or subpoena signed by a judge, according to the people. However, the emergency requests don’t require a court order.
Lapsus$ and SolarWinds hackers both use the same old trick to bypass MFA
Not all MFA is created equal, as script kiddies and elite hackers have shown recently.
New Lapsus$ Hack Documents Make Okta’s Response Look More Bizarre
Documents shed some light on how Okta and its subprocessor Sitel reacted to a breach, but they don’t explain the apparent lack of urgency.
Sophos patches critical remote code execution vulnerability in Firewall
Sophos Firewall is a network protection solution for the enterprise market.
When Nokia Pulled Out of Russia, a Vast Surveillance System Remained
The Finnish company played a key role in enabling Russia’s cyberspying, documents show, raising questions of corporate responsibility.
Chrome Releases: Stable Channel Update for Desktop
High CVE-2022-1096: Type Confusion in V8. Reported by anonymous on 2022-03-23 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel. Google is aware that an exploit for CVE-2022-1096 exists in the wild.
Behold, a password phishing site that can trick even savvy users
Just when you thought you'd seen every phishing trick out there, BitB comes along.
Lapsus$: Oxford teen accused of being multi-millionaire cyber-criminal
Police say they've arrested seven teenagers as part of their investigation into a hacking group.
Storm Cloud on the Horizon: GIMMICK Malware Strikes at macOS
In late 2021, Volexity discovered an intrusion in an environment monitored as part of its Network Security Monitoring service. Volexity detected a system running frp, otherwise known as fast reverse proxy, and subsequently detected internal port scanning shortly afterward. This traffic was determined to be unauthorized and the system, a MacBook Pro running macOS 11.6 (Big Sur), was isolated for further forensic analysis. Volexity was able to run Surge Collect to acquire system memory (RAM) and select files of interest from the machine for analysis. This led to the discovery of a macOS variant of a malware implant Volexity calls GIMMICK. Volexity has encountered Windows versions of the malware family on several previous occasions. GIMMICK is used in targeted attacks by Storm Cloud, a Chinese espionage threat actor known to attack organizations across Asia. It is a feature-rich, multi-platform malware family that uses public cloud hosting services (such as Google […]
A Closer Look at the LAPSUS$ Data Extortion Group
Microsoft and identity management platform Okta both this week disclosed breaches involving LAPSUS$, a relatively new cybercrime group that specializes in stealing data from big companies and threatening to publish it unless a ransom demand is paid. Here’s a closer look at LAPSUS$, and some of the low-tech but high-impact methods the group uses to gain access to targeted organizations.
Lapsus$: when kiddies play in the big league
You may not have missed all the noises recently caused by Lapsus$, a group that seems to specialize in extortion without necessarily leveraging ransomware. At first glance, Lapsus$ check marks all elements that would make researchers put them in the low priority threats, especially considering their readiness to make dramas and OpSec failures. Except that the group has successfully managed to significantly enrich its victim list with high profile corporations, thus drawing all our attention. In the following, we will describe the threat actor profile that was drawn by our investigations based either on OSINT, dark web or infrastructure analysis.