Search cyberveille.decio.ch

Found 4945 bookmarks

Custom sorting

Turkish Citizens' Personal Data Offered Online After Govt Site Hacked

In a major digital security breach, a website is offering personal data about Turkish citizens including President Recep Tayyip Erdogan that appears to have been stolen by hackers from a government services website.

#balkaninsight #EN #2023 #PII #databreach #Turkey #citizens #Erdogan #stolen

·balkaninsight.com·Jun 10, 2023

Turkish Citizens' Personal Data Offered Online After Govt Site Hacked

Pro-Ukraine hackers bring Russian banking system to its knees

A team of hackers, hacked into several Russian businesses and the nation's largest ISP and service provider to the Central Bank of Russia. Because of the hack, the Russian banking system went down. The hackers also put up pro-Ukrainian posters on the hacked websites.

#firstpost #EN #2023 #ISP #Russian-banking-system #central-bank-of-Russia #russian-Infotel-JVC #russia-ukraine-war

·firstpost.com·Jun 9, 2023

Pro-Ukraine hackers bring Russian banking system to its knees

Another huge US medical data breach confirmed after Fortra mass-hack

Hackers stole another half a million people’s personal and health information during a ransomware attack on a technology vendor earlier this year. Intellihartx, a Tennessee-based company that handles patient payment balances and collections, said in a notice filed with the Maine attorney general’s office that 489,830 patients had information stolen in the cyberattack targeting its vendor, Fortra.

#techcrunch #EN #2023 #Fortra #Intellihartx #PHI #databreach

·techcrunch.com·Jun 9, 2023

Another huge US medical data breach confirmed after Fortra mass-hack

Clop Ransomware Likely Sitting on MOVEit Transfer Vulnerability (CVE-2023-34362) Since 2021

On June 5, 2023, the Clop ransomware group publicly claimed responsibility for exploitation of a zero-day vulnerability in the MOVEit Transfer secure file transfer web application (CVE-2023-34362). Learn more.

#kroll #EN #2023 #MOVEit #CVE-2023-34362 #Clop

·kroll.com·Jun 8, 2023

Clop Ransomware Likely Sitting on MOVEit Transfer Vulnerability (CVE-2023-34362) Since 2021

Analysis of CVE-2023-29336 Win32k Privilege Escalation

Analyzing CVE-2023-29336 Win32k vulnerability, its exploitation, and mitigation measures in the context of evolving security practices.

#numencyber #EN #2023 #Analysis #CVE-2023-29336 #Win32k #Privilege #Escalation

·numencyber.com·Jun 8, 2023

Analysis of CVE-2023-29336 Win32k Privilege Escalation

Unmasking the Darkrace Ransomware Gang

Cyble analyses Darkrace Ransomware, a new ransomware group shares similarities with infamous LockBit Ransomware.

#cyble #2023 #EN #Darkrace #Ransomware #Gang

·blog.cyble.com·Jun 8, 2023

Unmasking the Darkrace Ransomware Gang

CVE-2023-34362: MOVEit Transfer SQL Injection Vulnerability Threat Brief

On May 31, Progress Software posted a notification alerting customers of a critical Structured Query Language injection (SQLi) vulnerability (CVE-2023-34362) in their MOVEit Transfer product. MOVEit Transfer is a managed file transfer (MFT) application intended to provide secure collaboration and automated file transfers of sensitive data.

#paloaltonetworks #EN #2023 #MOVEit #SQL #Injection #Vulnerability #CVE-2023-34362

·unit42.paloaltonetworks.com·Jun 7, 2023

CVE-2023-34362: MOVEit Transfer SQL Injection Vulnerability Threat Brief

ChatGPT creates mutating malware that evades detection by EDR

A global sensation since its initial release at the end of last year, ChatGPT's popularity among consumers and IT professionals alike has stirred up cybersecurity nightmares about how it can be used to exploit system vulnerabilities. A key problem, cybersecurity experts have demonstrated, is the ability of ChatGPT and other large language models (LLMs) to generate polymorphic, or mutating, code to evade endpoint detection and response (EDR) systems.

#csoonline #EN #2023 #ChatGPT #LLMs #EDR #BlackMamba

·csoonline.com·Jun 7, 2023

ChatGPT creates mutating malware that evades detection by EDR

Service Rents Email Addresses for Account Signups

One of the most expensive aspects of any cybercriminal operation is the time and effort it takes to create large numbers of new throwaway email accounts. Now a new service offers to help dramatically cut costs associated with large-scale spam…

#krebsonsecurity #EN #2023 #Rents #Email #Addresses #large-scale #spam #Quotpw #Impulse-Team #Scam-Doc[.]com

·krebsonsecurity.com·Jun 7, 2023

Service Rents Email Addresses for Account Signups

Mass exploitation of critical MOVEit flaw is ransacking orgs big and small | Ars Technica

SQL injection attacks on MOVEit file-transfer service likely to get worse.

#arstechnica #EN #2023 #CVE-2023-34362 #MOVEit

·arstechnica.com·Jun 7, 2023

Mass exploitation of critical MOVEit flaw is ransacking orgs big and small | Ars Technica

Trustwave Action Response: Zero Day Exploitation of MOVEit (CVE-2023-34362)

On May 31, threat actors were discovered targeting a critical zero day in MOVEit Transfer software resulting in escalated privileges and unauthorized data access. The vulnerability being exploited is an SQL injection and has since been patched. Resources links, including one for the patch, are at the bottom of this post.

#trustwave #EN #2023 #0-day #MOVEit #CVE-2023-34362 #analysis

·trustwave.com·Jun 6, 2023

Trustwave Action Response: Zero Day Exploitation of MOVEit (CVE-2023-34362)

GobRAT malware written in Go language targeting Linux routers

JPCERT/CC has confirmed attacks that infected routers in Japan with malware around February 2023. This blog article explains the details of the attack confirmed by JPCERT/CC and GobRAT malware, which was used in the attack. ### Attack flow up to...

#jpcert #EN #20233 #GobRAT #malware #analysis #Linux #routers #Go

·blogs.jpcert.or.jp·Jun 5, 2023

GobRAT malware written in Go language targeting Linux routers

How malicious extensions hide running arbitrary code

Eight malicious extensions still remain in Chrome Web Store. These use some interesting tricks to keep running arbitrary code despite restrictions of Manifest V3.

#palant #EN #2023 #Chrome #Web #Store #extensions #malicious

·palant.info·Jun 5, 2023

How malicious extensions hide running arbitrary code

Hackers steal Swiss police and customs data

Hackers have published data from the federal police and customs offices on the Darknet, after an attack on the servers of the host company.

#swissinfo #EN #2023 #Hackers #Darknet #Fedpol #FOCBS #Xplain

·swissinfo.ch·Jun 5, 2023

Hackers steal Swiss police and customs data

Russian Radio Stations Hacked, Fake Putin Message Announcing Invasion of Russia Broadcast

The voice, very similar to President Putin’s, also announced martial law, general mobilisation and the evacuation of civilians in three regions bordering Ukraine.

#kyivpost #EN #2023 #Radio #russia-ukraine-war #fake #Broadcast #Putin

·kyivpost.com·Jun 5, 2023

Russian Radio Stations Hacked, Fake Putin Message Announcing Invasion of Russia Broadcast

MOVEit hack: BBC, BA and Boots among cyber attack victims

Staff at multiple organisations are warned of a payroll data breach after an IT supplier is hacked.

#bbc #EN #2023 #MOVEit #databreach #BritishAirways #UK

·bbc.com·Jun 5, 2023

MOVEit hack: BBC, BA and Boots among cyber attack victims

New Magecart-Style Campaign Abusing Legitimate Websites to Attack Others | Akamai

Akamai researchers have identified a new Magecart-style skimmer campaign that hides behind legitimate website domains to steal PII and credit card information.

#akamai #EN #2023 #Research #Magecart #skimmer #campaign #WP

·akamai.com·Jun 5, 2023

New Magecart-Style Campaign Abusing Legitimate Websites to Attack Others | Akamai

Rapid7 Observed Exploitation of Critical MOVEit Transfer Vulnerability

Rapid7 is observing exploitation of a critical vulnerability in Progress Software’s MOVEit Transfer solution across multiple customer environments.

#Rapid7 #EN #2023 #MOVEit #Transfer #Vulnerability

·rapid7.com·Jun 4, 2023

Rapid7 Observed Exploitation of Critical MOVEit Transfer Vulnerability

Enzo Biochem Ransomware Attack Exposes Information of 2.5M Individuals - SecurityWeek

Enzo Biochem says the clinical test information of roughly 2.47 million individuals was exposed in a recent ransomware attack.

#securityweek #EN #2023 #Enzo_Biochem #PHI #ransomware

·securityweek.com·Jun 4, 2023

Enzo Biochem Ransomware Attack Exposes Information of 2.5M Individuals - SecurityWeek

Bypassing SELinux with init_module

There are two Linux system calls for loading a kernel module - init_module and finit_module. By leveraging init_module, I bypassed a filesystem-based SELinux rule that prevented me from loading a kernel module through traditional means (e.g., insmod). I then disabled SELinux from kernel-space. Proof of concept code can be found on my GitHub.

#seanpesce #EN #2023 #SELinux #bypass

·seanpesce.blogspot.com·Jun 4, 2023

Bypassing SELinux with init_module

New macOS vulnerability, Migraine, could bypass System Integrity Protection | Microsoft Security Blog

A new vulnerability, which we refer to as “Migraine” for its involvement with macOS migration, could allow an attacker with root access to automatically bypass System Integrity Protection (SIP) in macOS and perform arbitrary operations on a device

#Microsoft #en #2023 #research #vulnerability #macOS #Migraine #bypass #SIP

·microsoft.com·Jun 4, 2023

New macOS vulnerability, Migraine, could bypass System Integrity Protection | Microsoft Security Blog

‘Gravity Forms’ WordPress Plugin Found Vulnerable to PHP Object Injection

Gravity Forms, a popular WordPress plugin, has been found vulnerable to unauthenticated PHP Object Injection attacks.

#bitdefender #EN #2023 #WP #WordPress #Plugin #gravity-forms #CVE-2023-28782

·bitdefender.com·Jun 4, 2023

‘Gravity Forms’ WordPress Plugin Found Vulnerable to PHP Object Injection

Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft

Analysis of a zero-day vulnerability in MOVEit Transfer, and containment and hardening guidance.

#mandiant #EN #2023 #0-day #MOVEit #Transfer #Vulnerability #analysis

·mandiant.com·Jun 3, 2023

Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft

“Clickless” iOS exploits infect Kaspersky iPhones with never-before-seen malware | Ars Technica

"Operation Triangulation" stole mic recordings, photos, geolocation, and more.

#arstechnica #EN #2023 #Triangulation #iOS #Apple #kaspersky #Russia #spyware #NSA

·arstechnica.com·Jun 2, 2023

“Clickless” iOS exploits infect Kaspersky iPhones with never-before-seen malware | Ars Technica

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Code-signing certificates are supposed to help authenticate the identity of software publishers, and provide cryptographic assurance that a signed piece of software has not been altered or tampered with. Both of these qualities make stolen or ill-gotten code-signing certificates attractive…

#krebsonsecurity #EN #2023 #Code-signing #trust #certificates #Megatraffer

·krebsonsecurity.com·Jun 2, 2023

Ask Fitis, the Bear: Real Crooks Sign Their Malware

A Matter of Triangulation.

Hi all, Today we have very big and important news. Kaspersky experts have discovered an extremely complex, professionally targeted cyberattack that uses Apple’s mobile devices. The purpose of this attack is the inconspicuous introduction of spyware into the iPhones of employees of the company – both top and middle-management. The attack is carried out using

#kaspersky #EN #2023 #iOS #0-Click #Triangulation #iphone #spyware #Apple

·eugene.kaspersky.com·Jun 2, 2023

A Matter of Triangulation.

Zero Day Initiative — CVE-2023-24941: Microsoft Network File System Remote Code Execution

In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Quinton Crist, Guy Lederfein, and Lucas Miller of the Trend Micro Research Team detail a recently patched remote code execution vulnerability in the Microsoft Network File Service (NFS). This bug was originally dis

#zerodayinitiative #EN #2023 #NFS #CVE-2023-2494 #RCE #analysis

·zerodayinitiative.com·Jun 1, 2023

Zero Day Initiative — CVE-2023-24941: Microsoft Network File System Remote Code Execution

Swiss real estate agency fails to put a password on its systems

A misconfiguration of Swiss real estate agency Neho’s systems exposed sensitive credentials to the public. * Using leaked data, threat actors could potentially breach the company’s internal systems and hijack official communication channels. * Real estate agencies handle sensitive data, including customers' personally identifiable information, bank account details, and other data highly valued by cybercriminals. Ensuring cybersecurity is vital. * Cybernews reached out to Neho and the company fixed the issue.

#cybernews #EN #2023 #Swiss #Neho #real-estate #agency #databreach #leak #CH

·cybernews.com·May 31, 2023

Swiss real estate agency fails to put a password on its systems

Millions of Gigabyte Motherboards Were Sold With a Firmware Backdoor | WIRED

Hidden code in hundreds of models of Gigabyte motherboards invisibly and insecurely downloads programs—a feature ripe for abuse, researchers say.

#wired #EN #2023 #security #malware #vulnerabilities #hacking #Gigabyte #Motherboards

·wired.com·May 31, 2023

Millions of Gigabyte Motherboards Were Sold With a Firmware Backdoor | WIRED

2023-05-31 // SITUATIONAL AWARENESS // Spyboy Defense Evasion Tool Advertised Online

On May 21, 2023, an online persona named spyboy began advertising an endpoint defense evasion tool for the Windows operating system via the Russian-language forum Ramp. The author claims that the software — seen in a demonstration video as being titled “Terminator” — can bypass twenty three (23) EDR and AV controls. At time of writing, spyboy is pricing the software from $300 USD (single bypass) to $3,000 USD (all-in-one bypass).

#CrowdStrike #reddit #EN #2023 #EDR #bypass #XDR

·reddit.com·May 31, 2023

2023-05-31 // SITUATIONAL AWARENESS // Spyboy Defense Evasion Tool Advertised Online