Search cyberveille.decio.ch

Found 4945 bookmarks

Custom sorting

Condi DDoS Botnet Spreads via TP-Link's CVE-2023-1389

FortiGuard Labs encountered recent samples of a DDoS-as-a-service botnet calling itself Condi. It attempted to spread by exploiting TP-Link Archer AX21 (AX1800) routers vulnerable to CVE-2023-1389, which was disclosed in mid-March of this year. Read more.

#fortinet #EN #2023 #research #botnet #DDoS #Condi #TP-Link #CVE-2023-1389

·fortinet.com·Jun 21, 2023

Condi DDoS Botnet Spreads via TP-Link's CVE-2023-1389

BlueDelta Exploits Ukrainian Government Roundcube Mail Servers to Support Espionage Activities | Recorded Future

Recorded Future's Insikt Group, in partnership with Ukraine's Computer Emergency Response Team (CERT-UA), has uncovered a campaign targeting high-profile entities in Ukraine that was cross-correlated with a spearphishing campaign uncovered by Recorded Future’s Network Traffic Intelligence. The campaign leveraged news about Russia’s war against Ukraine to encourage recipients to open emails, which immediately compromised vulnerable Roundcube servers (an open-source webmail software), using CVE-2020-35730, without engaging with the attachment. We found that the campaign overlaps with historic BlueDelta activity exploiting the Microsoft Outlook zero-day vulnerability CVE-2023-23397 in 2022.

#recordedfuture #EN #2023 #Russia-Ukraine-war #Ukraine #Roundcube #CVE-2023-23397 #CVE-2020-35730

·recordedfuture.com·Jun 20, 2023

BlueDelta Exploits Ukrainian Government Roundcube Mail Servers to Support Espionage Activities | Recorded Future

Unpacking RDStealer: An Exfiltration Malware Targeting RDP Workloads

In June 2023, Bitdefender Labs published a research paper about espionage operation in East Asia. This operation was ongoing since at least the beginning of 2022, showing a high level of sophistication typically associated with state-sponsored groups. Despite trying various methods, we have been unable to attribute these attacks to a specific threat actor, but the target aligns with the interest of China-based threat actors.

#bitdefender #EN #2023 #RDStealer #China #RDP #Exfiltration #Malware

·bitdefender.com·Jun 20, 2023

Unpacking RDStealer: An Exfiltration Malware Targeting RDP Workloads

chonked pt.2: exploiting cve-2023-33476 for remote code execution

second part in a two-part series going over heap overflow in MiniDLNA (CVE-2023-33476). this post provides a walkthrough of steps taken to write an exploit for this vulnerability in order to achieve remote code execution and pop a shell.

#coffinsec #EN #2023 #MiniDLNA #vulnerability #CVE-2023-33476 #rce

·blog.coffinsec.com·Jun 20, 2023

chonked pt.2: exploiting cve-2023-33476 for remote code execution

ASUS urges customers to patch critical router vulnerabilities

ASUS has released new firmware with cumulative security updates that address vulnerabilities in multiple router models, warning customers to immediately update their devices or restrict WAN access until they're secured.

#bleepingcomputer #EN #2023 #ASUS #Patch #Router #Security-Update #CVE-2022-26376 #CVE-2018-1160

·bleepingcomputer.com·Jun 19, 2023

ASUS urges customers to patch critical router vulnerabilities

KeePassXC Vulnerability CVE-2023-35866 allows attackers to change the master password and second-factor authentication settings

The core of CVE-2023-35866 lies in disturbing ease of access. A local attacker, within an authenticated KeePassXC Database session

#securityonline #EN #2023 #KeePassXC #Vulnerability #CVE-2023-35866

·securityonline.info·Jun 19, 2023

KeePassXC Vulnerability CVE-2023-35866 allows attackers to change the master password and second-factor authentication settings

Anonymous Sudan: Who are the hackers behind Microsoft’s cloud outages?

The highly aggressive ‘hacktivist’ group is thought to have links to the pro-Russian Killnet hacker collective

#itpro #EN #2023 #Anonymous-Sudan #aggressive #pro-Russian #collective

·itpro.com·Jun 19, 2023

Anonymous Sudan: Who are the hackers behind Microsoft’s cloud outages?

XSS Vulnerabilities in Azure Led to Unauthorized Access to User Sessions - SecurityWeek

Microsoft addressed two XSS vulnerabilities in Azure Bastion and Azure Container Registry (ACR) leading to unauthorized access to sessions.

#securityweek #EN #2023 #XSS #Azure #Bastion #ACR #unauthorized #access

·securityweek.com·Jun 18, 2023

XSS Vulnerabilities in Azure Led to Unauthorized Access to User Sessions - SecurityWeek

Hijacking S3 Buckets: New Attack Technique

Without altering a single line of code, attackers poisoned the NPM package “bignum” by hijacking the S3 bucket serving binaries necessary for its function and replacing them with malicious ones

#checkmarx #EN #2023 #Hijacking #S3 #Buckets #NPM #Supply-Chain-Attack

·checkmarx.com·Jun 18, 2023

Hijacking S3 Buckets: New Attack Technique

Microsoft says early June disruptions to Outlook, cloud platform, were cyberattacks

Microsoft says the early June disruptions to its Microsoft’s flagship office suite — including the Outlook email apps — were denial-of-service attacks by a shadowy new hacktivist group. In a blog post published Friday evening after The Associated Press sought clarification on the sporadic but serious outages, Microsoft confirmed that that they were DDoS attacks by a group calling itself Anonymous Sudan, which some security researchers believe is Russia-affiliated. The software giant offered few details on the attack. It did not comment on how many customers were affected.

#apnews #EN #2023 #Microsoft #Outlook #denial-of-service #attacks #DoS #DDoS

·apnews.com·Jun 17, 2023

Microsoft says early June disruptions to Outlook, cloud platform, were cyberattacks

A simple bug exposed access to thousands of smart security alarm systems

The vulnerability — now fixed — was discovered in a cloud-based system that allows customers to remotely manage their security alarm systems.

#techcrunch #EN #2023 #security #cybersecurity #home-security-systems #smart #alarm #systems #IoT #vulnerability

·techcrunch.com·Jun 17, 2023

A simple bug exposed access to thousands of smart security alarm systems

A Shady Chinese Firm’s Encryption Chips Got Inside NATO and NASA

The US government warns encryption chipmaker Hualan has suspicious ties to China’s military. Yet US agencies still use one of its subsidiary’s chips, raising fears of a backdoor.

#wired #EN #2023 #US #China #chipmaker #cybersecurity #china #encryption #national-security #Supply-Chain #backdoor

·wired.com·Jun 17, 2023

A Shady Chinese Firm’s Encryption Chips Got Inside NATO and NASA

‘Several’ US federal agencies affected by MOVEit breach

Top U.S. cybersecurity officials confirmed Thursday that several federal agencies have been impacted by cyberattacks on the widely used MOVEit file transfer tool. Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly told reporters that her team and the FBI are working to provide assistance to federal agencies that used MOVEit, which is being exploited by the Russia-based Clop ransomware gang in a widespread breach that appears to have compromised dozens of entities. “We’ve been working closely with Progress Software [which makes MOVEit], the FBI and our federal partners to understand its prevalence within federal agencies,” she said. Earlier in the day, CNN first reported that several government agencies were compromised in the hacks. Easterly said that CISA is providing support to “several agencies that have experienced intrusions of their MOVEit applications.”

#therecord #EN #2023 #MOVEit #cl0p #US #federal #agencies #affected

·therecord.media·Jun 16, 2023

‘Several’ US federal agencies affected by MOVEit breach

Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China

Mandiant is investigating a Barracuda ESG appliance zero-day vulnerability being exploited in the wild.

#mandiant #EN #2023 #Barracuda #ESG #Zero-Day #CVE-2023-2868 #China

·mandiant.com·Jun 15, 2023

Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China

Suspected LockBit ransomware affiliate arrested, charged in US

Russian national Ruslan Magomedovich Astamirov was arrested in Arizona and charged by the U.S. Justice Department for allegedly deploying LockBit ransomware on the networks of victims in the United States and abroad.

#bleepingcomputer #EN #2023 #Affiliates #LockBit #Ransomware #Security #arrested

·bleepingcomputer.com·Jun 15, 2023

Suspected LockBit ransomware affiliate arrested, charged in US

Fake Security Researcher GitHub Repositories Deliver Malicious Implant

VulnCheck discovers a network of fake security researcher accounts promoting hidden malware.

#vulncheck #EN #2023 #fake #researcher #malware #GitHub #Repositories #Implant

·vulncheck.com·Jun 15, 2023

Fake Security Researcher GitHub Repositories Deliver Malicious Implant

Ransomware gang lists first victims of MOVEit mass-hacks, including US banks and universities | TechCrunch

The hackers responsible for exploiting a flaw to target users of a popular file transfer tool has begun listing victims of the mass-attacks

#techcrunch #EN #2023 #ransomware #MOVEit #cl0p #victims

·techcrunch.com·Jun 15, 2023

Ransomware gang lists first victims of MOVEit mass-hacks, including US banks and universities | TechCrunch

Microsoft Encrypted Restricted Permission Messages Deliver Phishing | Trustwave

Over the past few days, we have seen phishing attacks that use a combination of compromised Microsoft 365 accounts and .rpmsg encrypted emails to deliver the phishing message.

#trustwave #EN #2023 #Phishing #Microsoft #Email #Microsoft-365 #rpmsg #encrypted #M365

·trustwave.com·Jun 15, 2023

Microsoft Encrypted Restricted Permission Messages Deliver Phishing | Trustwave

Cadet Blizzard emerges as a novel and distinct Russian threat actor | Microsoft Security Blog

Microsoft attributes several campaigns to a distinct Russian state-sponsored threat actor tracked as Cadet Blizzard (DEV-0586), including the WhisperGate destructive attack, Ukrainian website defacements, and the hack-and-leak front “Free Civilian”.

#microsoft #EN #2023 #CadetBlizzard #DEV-0586 #Russia #analysis

·microsoft.com·Jun 14, 2023

Cadet Blizzard emerges as a novel and distinct Russian threat actor | Microsoft Security Blog

The Phantom Menace: Brute Ratel remains rare and targeted

The commercial attack tool’s use by bad actors has faded after an initial flurry, while Cobalt Strike remains the go-to post-exploitation tool for many.

#sophos #EN #2023 #BruteRatel #faded #analysis

·news.sophos.com·Jun 14, 2023

The Phantom Menace: Brute Ratel remains rare and targeted

Switzerland under cyberattack

The Swiss government is under DDoS attacks, but several ransomware gangs have also turned their sights on other Swiss organizations.

#helpnetsecurity #EN #2023 #CH #Swiss #DDoS #attacks #ransomware #russia-ukraine-war

·helpnetsecurity.com·Jun 14, 2023

Switzerland under cyberattack

Microsoft June 2023 Patch Tuesday fixes 78 flaws, 38 RCE bugs

Today is Microsoft's June 2023 Patch Tuesday, with security updates for 78 flaws, including 38 remote code execution vulnerabilities.

#bleepingcomputer #EN #2023 #patch-tuesday #June2023

·bleepingcomputer.com·Jun 13, 2023

Microsoft June 2023 Patch Tuesday fixes 78 flaws, 38 RCE bugs

Analysis of CVE-2023-27997 and Clarifications on Volt Typhoon Campaign

Affected Platforms: FortiOS Impacted Users: Targeted at government, manufacturing, and critical infrastructure Impact: Data loss and OS and file corruption Severity Level: Critical Today, Fortinet published a CVSS Critical PSIRT Advisory (FG-IR-23-097 / CVE-2023-27997) along with several other SSL-VPN related fixes. This blog adds context to that advisory, providing our customers with additional details to help them make informed, risk-based decisions, and provides our perspective relative to recent events involving malicious actor activity.

#fortinet #EN #2023 #patch #CVE-2023-27997 #analysis #VoltTyphoon #Clarifications

·fortinet.com·Jun 13, 2023

Analysis of CVE-2023-27997 and Clarifications on Volt Typhoon Campaign

Xortigate, or CVE-2023-27997 - The Rumoured RCE That Was

When Lexfo Security teased a critical pre-authentication RCE bug in FortiGate devices on Saturday 10th, many people speculated on the practical impact of the bug. Would this be a true, sky-is-falling level vulnerability like the recent CVE-2022-42475? Or was it some edge-case hole, requiring some unusual and exotic requisite before any exposure? Others even went further, questioning the legitimacy of the bug itself. Details were scarce and guesswork was rife.

#labs.watchtowr #EN #2023 #Xortigate #XOR #RCE #CVE-2023-27997 #FortiGate #analysis

·labs.watchtowr.com·Jun 13, 2023

Xortigate, or CVE-2023-27997 - The Rumoured RCE That Was

CVE-2023-34362

On May 31, 2023, Progress Software disclosed a critical SQL injection vulnerability that was later assigned CVE-2023-34362. Rapid7 has observed exploitation in…

#attackerkb #EN #2023 #MOVEit #CVE-2023-34362

·attackerkb.com·Jun 12, 2023

CVE-2023-34362

How North Korea’s Hacker Army Stole $3 Billion in Crypto, Funding Nuclear Program

Regime has trained cybercriminals to impersonate tech workers or employers, amid other schemes

#WSJ #EN #2023 #North-Korea #crypto #stolen #Funding #Nuclear

·archive.ph·Jun 12, 2023

How North Korea’s Hacker Army Stole $3 Billion in Crypto, Funding Nuclear Program

Shell Recharge security lapse exposed EV drivers’ data

Oil giant Shell said it is investigating after a security researcher found an exposed internal database spilling the personal information of drivers who use the company’s electric vehicle charging stations.

#techcrunch #EN #2023 #Leak #Shell #DataLeak #database

·techcrunch.com·Jun 12, 2023

Shell Recharge security lapse exposed EV drivers’ data

Les CFF et le canton d'Argovie aussi concernés par la cyberattaque qui a touché la société Xplain

Les CFF et le canton d'Argovie sont à leur tour concernés par la cyberattaque qui a touché la société informatique bernoise Xplain. Des données ont été volées, ont indiqué l'entreprise ferroviaire et le canton. Une fuite a entraîné le vol des données, ont confirmé dimanche les CFF, suite à un article de la NZZ am Sonntag. De leur côté, les autorités argoviennes font savoir qu'"un petit volume de données opérationnelles liées à des protocoles d'erreur qui étaient analysées chez Xplain" est concerné par la fuite, ainsi que "de la correspondance commerciale".

#rts #EN #2023 #Xplain #CFF #Argovie

·rts.ch·Jun 11, 2023

Les CFF et le canton d'Argovie aussi concernés par la cyberattaque qui a touché la société Xplain

Cyber Extortion activity reached the highest volume ever recorded in Q1 2023 after a decline of 8% in 2022, reveals new Orange Cyberdefense report

The shift previously observed in the geographical location of cyber extortion (Cy-X) victims continues to accelerate, moving from the United States (-21%), and Canada (-28%) to Southeast Asia region (+42%), the Nordics (+40%) & Latin America (+32%). * Whilst Manufacturing continues to be the biggest industry impacted, the number of victims decreased (-39%), with a shift towards the Utilities sector (+51%), Educational Services (+41%) and Finance and Insurance Sectors (+11%). * Businesses in 96 different countries were impacted by Cy-X in 2022, equating to nearly half (49%) the countries in the world. Since 2020 Orange Cyberdefense has recorded victims in over 70% of all countries worldwide * Over 2,100 organizations in the world were publicly shamed as a victim of Cy-X in 2022, across an almost even distribution of business sizes.

#orange.com #EN #2023 #Cy-X #CyberExtortion #Orange #Cyberdefense #report

·newsroom.orange.com·Jun 11, 2023

Cyber Extortion activity reached the highest volume ever recorded in Q1 2023 after a decline of 8% in 2022, reveals new Orange Cyberdefense report

MOVEit Transfer and MOVEit Cloud Vulnerability

This page provides the latest information on the MOVEit Transfer and MOVEit Cloud vulnerabilities. As we continue our investigation and new details are uncovered, this page will be updated. Please check back frequently for updates. CVE-PENDING (June 9, 2023) CVE-2023-34362 (May 31, 2023)

#progress.com #EN #2023 #CVE-2023-34362 #MOVEit #Cloud

·progress.com·Jun 11, 2023

MOVEit Transfer and MOVEit Cloud Vulnerability