Search cyberveille.decio.ch

Found 4945 bookmarks

Custom sorting

Raising Online Defenses Through Transparency and Collaboration | Meta

We're sharing a look into our defense strategy and the latest news on how we build it into our products. A recent study shows that de-platforming hate networks reduces consumption and production of hateful content on Facebook and diminishes the ability of these hate networks to operate online. We’re sharing new threat research on two of the largest known covert influence operations in the world from China and Russia, targeting 50+ apps and countries, including the US. * We added new transparency features to Threads, including state-controlled media labels to help people know exactly who they interact with on the new app.

#Facebook #EN #2023 #meta #threat #research #de-platforming #influence-operation #covert

·about.fb.com·Aug 31, 2023

Raising Online Defenses Through Transparency and Collaboration | Meta

How NightOwl for Mac Added a Botnet

NightOwl was supposed to make Macs work in dark mode. After a recent update, one developer discovered it was siphoning users’ data through a botnet.

#gizmodo #EN #2023 #macOS #App-Store #NightOwl

·gizmodo.com·Aug 31, 2023

How NightOwl for Mac Added a Botnet

Exposing DuckTail

A comprehensive exploration of DuckTail's sophisticated infrastructure and insights gained from months of monitoring.

#zscaler #EN #2023 #DuckTail #insights #analysis #threat-actor

·zscaler.com·Aug 30, 2023

Exposing DuckTail

Qakbot botnet infrastructure shattered after international operation

Active since 2007, this prolific malware (also known as QBot or Pinkslipbot) evolved over time using different techniques to infect users and compromise systems. Qakbot infiltrated victims’ computers through spam emails containing malicious attachments or hyperlinks. Once installed on the targeted computer, the malware allowed for infections with next-stage payloads such as ransomware. Additionally, the infected computer became part of...

#europol #EN #2023 #QakBot #international #operation

·europol.europa.eu·Aug 30, 2023

Qakbot botnet infrastructure shattered after international operation

Telekopye: Hunting Mammoths using Telegram bot

ESET researchers uncover a toolkit that operates as a Telegram bot and helps scammers target victims on online marketplaces, mainly in Russia.

#welivesecurity #EN #2023 #telegram #bot #ESET #scammers #Russia

·welivesecurity.com·Aug 30, 2023

Telekopye: Hunting Mammoths using Telegram bot

The Cheap Radio Hack That Disrupted Poland’s Railway System

The sabotage of more than 20 trains in Poland by apparent supporters of Russia was carried out with a simple “radio-stop” command anyone could broadcast with $30 in equipment.

#wired #EN #2023 #Poland #sabotage #cyberwar #Russia-Ukraine-war #radio-stop

·wired.com·Aug 29, 2023

The Cheap Radio Hack That Disrupted Poland’s Railway System

Qakbot botnet dismantled after infecting over 700,000 computers

Qakbot, one of the largest and longest-running botnets to date, was taken down following a multinational law enforcement operation spearheaded by the FBI and known as Operation 'Duck Hunt.'

#bleepingcomputer #2023 #EN #Botnet #Malware #QakBot #Qbot #dismantled

·bleepingcomputer.com·Aug 29, 2023

Qakbot botnet dismantled after infecting over 700,000 computers

Diving Deep into UNC4841 Operations Following Barracuda ESG Zero-Day Remediation (CVE-2023-2868)

UNC4841 has continued operations despite Barracuda ESG zero-day remediation efforts.

#mandiant #EN #2023 #UNC4841 #Barracuda #ESG #0-day #CVE-2023-2868

·mandiant.com·Aug 29, 2023

Diving Deep into UNC4841 Operations Following Barracuda ESG Zero-Day Remediation (CVE-2023-2868)

Attacks on Citrix NetScaler systems linked to ransomware actor

A threat actor believed to be tied to the FIN8 hacking group exploits the CVE-2023-3519 remote code execution flaw to compromise unpatched Citrix NetScaler systems in domain-wide attacks.

#bleepingcomputer #EN #2023 #CVE-2023-3519 #Citrix #FIN8 #Citrix-ADC #Citrix-Gateway #Code-Injection #Ransomware #Remote-Code-Execution

·bleepingcomputer.com·Aug 29, 2023

Attacks on Citrix NetScaler systems linked to ransomware actor

Adversary On The Defense: ANTIBOT.PW

Discover the lifecycle of a commercial web traffic filtering service originating from a GitHub project and how it found success within phishing operations, including how it evolved into a commercial platform offering under new branding.

#inquest #EN #2023 #analysis #ANTIBOT.PW #phishing

·inquest.net·Aug 28, 2023

Adversary On The Defense: ANTIBOT.PW

GTA 6 Hacker Found To Be Teen With Amazon Fire Stick In Small Town Hotel Room

International cybercrime, as portrayed by the movies and mass media, is a high-stakes game of shadowy government agencies and state-sponsored hacking groups. Hollywood casting will wheel out a charact...

#hackaday #EN #Lapsus$#Teen #Amazon #Fire #Stick

·hackaday.com·Aug 28, 2023

GTA 6 Hacker Found To Be Teen With Amazon Fire Stick In Small Town Hotel Room

Lapsus$: Court finds teenagers carried out hacking spree

The 18 year old leaked clips of the unreleased Grand Theft Auto 6 game while on police bail.

#BBC #EN #2023 #Lapsus$#teenagers #GTA6

·bbc.com·Aug 28, 2023

Lapsus$: Court finds teenagers carried out hacking spree

Security advisory: malicious crate rustdecimal

The Rust Security Response WG and the crates.io team were notified on 2022-05-02 of the existence of the malicious crate rustdecimal, which contained malware. The crate name was intentionally similar to the name of the popular rust_decimal crate, hoping that potential victims would misspell its name (an attack called "typosquattin

#rust-lang #EN #2022 #malicious #crate #rustdecimal

·blog.rust-lang.org·Aug 28, 2023

Security advisory: malicious crate rustdecimal

Poland investigates cyber-attack on rail network - BBC News

olish intelligence services are investigating a hacking attack on the country's railways, Polish media say. Hackers broke into railway frequencies to disrupt traffic in the north-west of the country overnight, the Polish Press Agency (PAP) reported on Saturday. The signals were interspersed with recording of Russia's national anthem and a speech by President Vladimir Putin, the report says.

#BBC #2023 #EN #Poland #rail #network #cyber-attack

·bbc.com·Aug 27, 2023

Poland investigates cyber-attack on rail network - BBC News

Met Police admits details of officers at risk of exposure after warrant card supplier was hacked

The security breach took place when cybercriminals successfully breached the IT systems of a contractor in charge of producing warrant cards and staff passes.

#sky #EN #2023 #police #breached

·news.sky.com·Aug 26, 2023

Met Police admits details of officers at risk of exposure after warrant card supplier was hacked

CVE-2023-36844 And Friends: RCE In Juniper Devices

As part of our Continuous Automated Red Teaming and Attack Surface Management technology - the watchTowr Platform - we're incredibly proud of our ability to discover nested, exploitable vulnerabilities across huge attack surfaces. Through our rapid PoC process, we enable our clients to understand if they are vulnerable to emerging

#labs.watchtowr #EN #2023 #CVE-2023-36844 #Juniper #RCE #analysis

·labs.watchtowr.com·Aug 26, 2023

CVE-2023-36844 And Friends: RCE In Juniper Devices

MOVEit, the biggest hack of the year, by the numbers

The mass-exploitation of MOVEit file transfer servers — the largest hack of the year so far — now affects at least 60 million people.

#techcrunch #EN #2023 #MOVEit #cyberattack #mass-exploitation #Clop

·techcrunch.com·Aug 26, 2023

MOVEit, the biggest hack of the year, by the numbers

Technical Advisory – SonicWall Global Management System (GMS) & Analytics – Multiple Critical Vulnerabilities

Multiple Unauthenticated SQL Injection Issues & Security Filter Bypass – CVE-2023-34133 Title: Multiple Unauthenticated SQL Injection Issues & Security Filter Bypass Risk: 9.8 (Critic…

#nccgroup #EN #SonicWall #GMS #CVE-2023-34133 #CVE-2023-34124

·research.nccgroup.com·Aug 25, 2023

Technical Advisory – SonicWall Global Management System (GMS) & Analytics – Multiple Critical Vulnerabilities

Lazarus Group exploits ManageEngine vulnerability to deploy QuiteRAT

This is the third documented campaign attributed to this actor in less than a year, with the actor reusing the same infrastructure throughout these operations.

#talosintelligence #EN #2023 #analysis #ManageEngine #CVE-2022-47966

·blog.talosintelligence.com·Aug 25, 2023

Lazarus Group exploits ManageEngine vulnerability to deploy QuiteRAT

Time keeps on slippin’ slippin’ slippin’: The 2023 Active Adversary Report for Tech Leaders – Sophos News

Compromised credentials are a gift that keeps on giving (your stuff away) MFA is your mature, sensible friend Dwell time is sinking faster than RMS Titanic Criminals don’t take time off; neither can you
- Active Directory servers: The ultimate attacker tool RDP: High time to decline the risk Missing telemetry just makes things harder

#sophos #EN #2023 #report #adversary

·news.sophos.com·Aug 25, 2023

Time keeps on slippin’ slippin’ slippin’: The 2023 Active Adversary Report for Tech Leaders – Sophos News

Resecurity | Cl0p Ups the Ante with Massive MOVEit Transfer Supply-Chain Exploit

The supply-chain cyberattack that targeted Progress Software’s MOVEit Transfer application has compromised over 963 private and public-sector organizations worldwide. The ransomware group, Cl0p, launched this attack campaign over Memorial Day weekend. Some higher-profile victims of the hack include Maximus, Deloitte, TIAA, Ernst & Young, Shell, Deutsche Bank, PricewaterhouseCoopers, Sony, Siemens, BBC, British Airways, the U.S. Department of Energy, the U.S. Department of Agriculture, the Louisiana Office of Motor Vehicles, the Colorado Department of Health Care Policy and Financing, and other U.S. government agencies. Thus far, the personal data of over 58 million people is believed to have been exposed in this exploit campaign.

#resecurity #EN #2023 #MOVEit #Supply-Chain #Exploit #cyberattack

·resecurity.com·Aug 25, 2023

Resecurity | Cl0p Ups the Ante with Massive MOVEit Transfer Supply-Chain Exploit

Ransomware infection wipes all CloudNordic servers

IT outfit says it can't — and won't — pay the ransom demand

#theregister #EN #2023 #Ransomware #CloudNordic

·theregister.com·Aug 24, 2023

Ransomware infection wipes all CloudNordic servers

Fake Roblox packages target npm with Luna Grabber information-stealing malware

ReversingLabs researchers have identified more than a dozen malicious packages targeting Roblox API users on the npm repository. This latest campaign recalls a 2021 attack.

#reversinglabs #EN #2023 #Roblox #API #npm #LunaGrabber

·reversinglabs.com·Aug 24, 2023

Fake Roblox packages target npm with Luna Grabber information-stealing malware

WinRAR 0-day that uses poisoned JPG and TXT files under exploit since April | Ars Technica

Vulnerability allows hackers to execute malicious code when targets open malicious ZIP files.

#arstechnica #EN #WinRAR #0-day #CVE-2023-38831

·arstechnica.com·Aug 24, 2023

WinRAR 0-day that uses poisoned JPG and TXT files under exploit since April | Ars Technica

#NoFilter - Abusing Windows Filtering Platform for Privilege Escalation

This blog is based on a session we presented at DEF CON 2023 on Sunday, August 13, 2023, in Las Vegas. Privilege escalation is a common attack vector in the Windows OS. There are multiple offensive tools in the wild that can execute code as “NT AUTHORITY\SYSTEM” (Meterpreter, CobaltStrike, Potato tools), and they all usually do so by duplicating tokens and manipulating services. This allows them to perform attacks like LSASS Shtinkering.

#deepinstinct #EN #2023 #NoFilter #DEFCON2023 #Privilege #escalation

·deepinstinct.com·Aug 24, 2023

#NoFilter - Abusing Windows Filtering Platform for Privilege Escalation

British court convicts two teen Lapsus$ members of hacking tech firms

Two teenagers, ages 18 and 17, were found guilty of hacking into major corporations. The cases involved Uber, Nvidia and more.

#therecord #EN #2023 #Lapsus$#teenagers #busted

·therecord.media·Aug 23, 2023

British court convicts two teen Lapsus$ members of hacking tech firms

macOS 0day: App Management

App Management is a new macOS security feature in Ventura introduced at WWDC last year: If an app is modified by something that isn't signed by the same development team and isn't allowed by an NSUpdateSecurityPolicy, macOS will block the modification and notify the user that an app wants to manage other apps. Clicking on the notification sends people to System Settings, where they can allow an app to update and modify other apps.

#lapcatsoftware #EN #2023 #macOS #0-day #AppManagement

·lapcatsoftware.com·Aug 22, 2023

macOS 0day: App Management

XLoader's Latest Trick | New macOS Variant Disguised as Signed OfficeNote App

Notorious botnet and infostealer XLoader makes a return to macOS with a new dropper and malware payload.

#sentinelone #EN #2023 #XLoader #macOS #dropper #payload

·sentinelone.com·Aug 22, 2023

XLoader's Latest Trick | New macOS Variant Disguised as Signed OfficeNote App

Ecuador’s national election agency says cyberattacks caused absentee voting issues

Absentee voters flooded social media to express their frustration at not being able to cast votes through an online system created by the government.

#therecord #EN #2023 #Ecuador #voting #election #cyberattacks

·therecord.media·Aug 22, 2023

Ecuador’s national election agency says cyberattacks caused absentee voting issues

CVE-2023-34127

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SonicWall GMS, SonicWall Analytics enables an authe…

#attackerkb #EN #2023 #rapid7 #SonicWall #CVE-2023-34127 #vulnerability #PoC

·attackerkb.com·Aug 21, 2023

CVE-2023-34127