Found 6043 bookmarks
Custom sorting
Microsoft's Top Execs' Emails Breached in Sophisticated Russia-Linked APT Attack
Microsoft's Top Execs' Emails Breached in Sophisticated Russia-Linked APT Attack
Microsoft on Friday revealed that it was the target of a nation-state attack on its corporate systems that resulted in the theft of emails and attachments from senior executives and other individuals in the company's cybersecurity and legal departments. The Windows maker attributed the attack to a Russian advanced persistent threat (APT) group it tracks as Midnight Blizzard (formerly Nobelium), which is also known as APT29, BlueBravo, Cloaked Ursa, Cozy Bear, and The Dukes.
#thehackernews#en#2024#Microsoft#APT29#Russia#theft#mail#executives#attack#MidnightBlizzard
·thehackernews.com·
Microsoft's Top Execs' Emails Breached in Sophisticated Russia-Linked APT Attack
Ivanti Connect Secure VPN Exploitation: New Observations
Ivanti Connect Secure VPN Exploitation: New Observations
On January 15, 2024, Volexity detailed widespread exploitation of Ivanti Connect Secure VPN vulnerabilities CVE-2024-21887 and CVE-2023-46805. In that blog post, Volexity detailed broader scanning and exploitation by threat actors using still non-public exploits to compromise numerous devices. Subsequently, Volexity has observed an increase in attacks from various threat actors against Ivanti Connect Secure VPN appliances beginning the same day.
#volexity#EN#2024#CVE-2023-46805#CVE-2024-21887#Ivanti#Observations
·volexity.com·
Ivanti Connect Secure VPN Exploitation: New Observations
Why Join The Navy If You Can Be A Pirate?
Why Join The Navy If You Can Be A Pirate?
Analyzing a pirated application, that contains a (malicious) surprise A few days ago, malwrhunterteam tweeted about pirated macOS application that appeared to contain malware And even though as noted in the tweet the sample appeared to be from 2023, it was new to me so I decided to take some time to dig in deeper. Plus, I’m always interested in seeing if Objective-See’s free open-source tools can provide protection against recent macOS threats. In this blog post we’ll start with the disk image, then hone in on a malicious dynamic library, which turns out just to be the start!
#objective-see#EN#2024#macOS#pirated#malicious#UltraEdit
·objective-see.org·
Why Join The Navy If You Can Be A Pirate?
LeftoverLocals: Listening to LLM responses through leaked GPU local memory
LeftoverLocals: Listening to LLM responses through leaked GPU local memory
By Tyler Sorensen and Heidy Khlaaf We are disclosing LeftoverLocals: a vulnerability that allows recovery of data from GPU local memory created by another process on Apple, Qualcomm, AMD, and Imagination GPUs. LeftoverLocals impacts the security posture of GPU applications as a whole, with particular significance to LLMs and ML models run on impacted GPU…
#trailofbits#EN#2024#Apple#LeftoverLocals#AMD#GPU#Qualcomm#leak#memory
·blog.trailofbits.com·
LeftoverLocals: Listening to LLM responses through leaked GPU local memory
Bigpanzi Exposed: The Hidden Cyber Threat Behind Your Set-Top Box
Bigpanzi Exposed: The Hidden Cyber Threat Behind Your Set-Top Box
Some time ago, we intercepted a dubious ELF sample exhibiting zero detection on VirusTotal. This sample, named pandoraspear and employing a modified UPX shell, has an MD5 signature of 9a1a6d484297a4e5d6249253f216ed69. Our analysis revealed that it hardcoded nine C2 domain names, two of which had lapsed beyond their expiration protection period. We seized this opportunity to register these domains to gauge the botnet's scale. At its peak, we noted approximately 170,000 daily active bots, predominantly in Brazil.employing a modified UPX shell, has an MD5 signature of 9a1a6d484297a4e5d6249253f216ed69. Our analysis revealed that it hardcoded nine C2 domain names, two of which had lapsed beyond their expiration protection
#xlab.qianxin.com#EN#2024#Hidden#Cyber#Threat#Android#TV#Set-Top#Box
·blog.xlab.qianxin.com·
Bigpanzi Exposed: The Hidden Cyber Threat Behind Your Set-Top Box
Ivanti Connect Secure VPN Exploitation Goes Global
Ivanti Connect Secure VPN Exploitation Goes Global
On January 10, 2024, Volexity publicly shared details of targeted attacks by UTA00178 exploiting two zero-day vulnerabilities (CVE-2024-21887 and CVE-2023-46805) in Ivanti Connect Secure (ICS) VPN appliances. On the same day, Ivanti published a mitigation that could be applied to ICS VPN appliances to prevent exploitation of these vulnerabilities. Since publication of these details, Volexity has continued to monitor its existing customers for exploitation. Volexity has also been contacted by multiple organizations that saw signs of compromise by way of mismatched file detections. Volexity has been actively working multiple new cases of organizations with compromised ICS VPN appliances.
#volexity#EN#2024#CVE-2024-21887#CVE-2023-46805#Ivanti#Connect#Secure#Exploitation#mass-exploitation
·volexity.com·
Ivanti Connect Secure VPN Exploitation Goes Global
Chrome Users Now Worth 30% Less Money Thanks to Google's Cookie Killing, Ad Firm Says
Chrome Users Now Worth 30% Less Money Thanks to Google's Cookie Killing, Ad Firm Says
A week into phase one of Google’s cookie killing project in Chrome, early tests show how it could hit the web’s bottom line.
#gizmodo#EN#2024#Google#Business#Finance#Online-advertising#G/O-Media#Tracking#Jason-Kint#Technology#Internet#Paul-Bannister#Targeted-advertising#Walmart#Google-Chrome#World-Wide-Web#Privacy-Sandbox#Safari#Web-browsers#disney#META#HTTP-cookie#Internet-privacy#Alphabet-Inc
·gizmodo.com·
Chrome Users Now Worth 30% Less Money Thanks to Google's Cookie Killing, Ad Firm Says
Welcome To 2024, The SSLVPN Chaos Continues - Ivanti CVE-2023-46805 & CVE-2024-21887
Welcome To 2024, The SSLVPN Chaos Continues - Ivanti CVE-2023-46805 & CVE-2024-21887
Did you have a good break? Have you had a chance to breathe? Wake up. It’s 2024, and the chaos continues - thanks to Volexity (Volexity’s writeup), the industry has been alerted to in-the-wild exploitation of 2 incredibly serious 0days (CVE-2023-46805 and CVE-2024-21887 - two bugs, Command Injection
#watchtowr.com#EN#2024#CVE-2024-21887#CVE-2023-46805#SSLVPN#Ivanti
·labs.watchtowr.com·
Welcome To 2024, The SSLVPN Chaos Continues - Ivanti CVE-2023-46805 & CVE-2024-21887
Further analysis of Denmark attacks leads to warning about unpatched network gear
Further analysis of Denmark attacks leads to warning about unpatched network gear
What happened in Denmark can also happen to you, cybersecurity researchers are warning in a new report that examines attacks against the country’s energy sector last year. Waves of incidents in May that seemed like a highly-targeted effort by a nation-state actor — perhaps Russia’s Sandworm hacking group — might have been less connected than originally thought, according to a new report by Forescout. The researchers say their analysis found two distinct waves against Danish energy providers, and evidence suggests they were unrelated.
#therecord#EN#2024#Denmark#Sandworm#unpatched#SektorCERT
·therecord.media·
Further analysis of Denmark attacks leads to warning about unpatched network gear
CVE-2024-21591 - Juniper J-Web OOB Write vulnerability
CVE-2024-21591 - Juniper J-Web OOB Write vulnerability
  • Juniper Networks recently patched a critical pre-authentication Remote Code Execution (RCE) vulnerability in the J-Web configuration interface across all versions of Junos OS on SRX firewalls and EX switches. Unauthenticated actors could exploit this vulnerability to gain root access or initiate Denial of Service (DoS) attacks on devices that have not been patched. Ensure your systems are updated promptly to mitigate this risk. Check for exposed J-Web configuration interfaces using this Censys Search query: services.software.uniform_resource_identifier: cpe:2.3:a:juniper:jweb:*:*:*:*:*:*:*:*. * As emphasized last year in CISA’s BOD 23-02 guidance, exposed network management interfaces continue to pose a significant risk. Restrict access to these interfaces from the public internet wherever possible.
#censys#EN#2024#CVE-2024-21591#Juniper#J-Web#OOB#vulnerability#RCE#exposed
·censys.com·
CVE-2024-21591 - Juniper J-Web OOB Write vulnerability
Cryptojacker arrested in Ukraine over EUR 1.8 million mining scheme
Cryptojacker arrested in Ukraine over EUR 1.8 million mining scheme
The 29-year-old individual was apprehended in Mykolaiv, Ukraine, on 9 January. Three properties were searched to gather evidence against the main suspect. The arrest comes after months of intensive collaboration between Ukrainian authorities, Europol and a cloud provider, who worked tirelessly to identify and locate the individual behind the widespread cryptojacking operation.The suspect is believed to have mined over USD...
#europol#EN#2024#apprehended#Ukraine#Cryptojacker#arrested
·europol.europa.eu·
Cryptojacker arrested in Ukraine over EUR 1.8 million mining scheme
Attack of the week: Airdrop tracing – A Few Thoughts on Cryptographic Engineering
Attack of the week: Airdrop tracing – A Few Thoughts on Cryptographic Engineering
It's been a while since I wrote an "attack of the week" post, and the fault for this is entirely mine. I've been much too busy writing boring posts about Schnorr signatures! But this week's news brings an exciting story with both technical and political dimensions: new reports claim that Chinese security agencies have developed…
#cryptographyengineering#EN#2023#Airdrop#Cryptographic#analysis#tracing
·blog.cryptographyengineering.com·
Attack of the week: Airdrop tracing – A Few Thoughts on Cryptographic Engineering