Search cyberveille.decio.ch

Found 6043 bookmarks

Custom sorting

smith (CVE-2023-32434)

This write-up presents an exploit for a vulnerability in the XNU kernel: Assigned CVE-2023-32434. Fixed in iOS 16.5.1 and macOS 13.4.1. Reachable from the WebContent sandbox and might have been actively exploited. *Note that this CVE fixed multiple integer overflows, so it is unclear whether or not the integer overflow used in my exploit was also used in-the-wild. Moreover, if it was, it might not have been exploited in the same way. The exploit has been successfully tested on: iOS 16.3, 16.3.1, 16.4 and 16.5 (iPhone 14 Pro Max) macOS 13.1 and 13.4 (MacBook Air M2 2022) All code snippets shown below are from xnu-8792.81.2.

#Poulin-Bélanger #EN #2023 #exploit #analysis #vulnerability #github #macos #ios #CVE-2023-32434

·github.com·Jan 3, 2024

smith (CVE-2023-32434)

D-Link D-View 8 Unauthenticated Probe-Core Server Communication

A security issue exists in D-Link D-View 8 v2.0.2.89 and prior that could allow an attacker to manipulate the probe inventory of the D-View service. This could result in the disclosure of info

#tenable #EN #2023 #D-Link #D-View #vulnerability #disclosure

·tenable.com·Jan 3, 2024

D-Link D-View 8 Unauthenticated Probe-Core Server Communication

Downfall - A Slay the Spire Fan Expansion :: Downfall (Steam Standalone) was Breached. Please read.

UPDATE 12/29 - While there is no new alerts regarding the Steam product or risk of downloads, the Discord account remains compromised. I have reports that the account is trying to DM people and either send malware to them impersonating themselves as a developer, or trying to gain sensitive information. Do not engage with this account and absolutely do not click on any links sent.

#steamcommunity #EN #2023 #Downfall #game #mod #hacked #breach

·steamcommunity.com·Jan 3, 2024

Downfall - A Slay the Spire Fan Expansion :: Downfall (Steam Standalone) was Breached. Please read.

Serbia Stays Silent About Alleged Ransomware Attack on EPS

Authorities have declined to comment on the reported ransomware attack ten days on Serbia's public energy company EPS.

#balkaninsight #EN #2024 #Serbia #ransomware #Critical-infrastructure #energy #EPS

·balkaninsight.com·Jan 3, 2024

Serbia Stays Silent About Alleged Ransomware Attack on EPS

Cyber attacks hit the Assembly of the Republic of Albania and telecom company One Albania

Cyber attacks hit the Assembly of the Republic of Albania and telecom company One Albania, a government agency reported.

#securityaffairs #EN #2024 #Albania #telecom #cyberattacks

·securityaffairs.com·Jan 3, 2024

Cyber attacks hit the Assembly of the Republic of Albania and telecom company One Albania

CVE-2023-46747 : Unauthenticated Remote Code Execution in F5 BIG-IP - Malware Analysis - Malware Analysis, News and Indicators

On 26th October, 2023 F5 released a security advisory about a critical unauthenticated remote code execution vulnerability, CVE-2023-46747, in F5’s BIG-IP configuration utility. This vulnerability could allow unauthent…

#malware.news #EN #2024 #F5 #analysis #CVE-2023-46747

·malware.news·Jan 3, 2024

CVE-2023-46747 : Unauthenticated Remote Code Execution in F5 BIG-IP - Malware Analysis - Malware Analysis, News and Indicators

Hackers Attack UK's Nuclear Waste Services Through LinkedIn

Fortunately for Radioactive Waste Management (RWM), the first-of-its-kind hacker attack on the project was unsuccessful.

#hackread #EN #2023 #UK #Radioactive #Waste #Management #LinkedIn

·hackread.com·Jan 2, 2024

Hackers Attack UK's Nuclear Waste Services Through LinkedIn

Victoria Courts Confront Unprecedented Ransomware Assault on AV Technology Network

Victoria's court system fell victim to a ransomware attack allegedly orchestrated by the Qilin ransomware gang. The Victoria court ransomware

#thecyberexpress #EN #2023 #Victoria #Courts #Qilin #ransomware #Australia

·thecyberexpress.com·Jan 2, 2024

Victoria Courts Confront Unprecedented Ransomware Assault on AV Technology Network

Objective-See's Blog

A comprehensive analysis of the year's new malware

#objective-see #EN #2024 #retrospective #macos #malware #year #analysis

·objective-see.org·Jan 2, 2024

Objective-See's Blog

A New Kind of AI Copy Can Fully Replicate Famous People. The Law Is Powerless.

New AI-generated digital replicas of real experts expose an unnerving policy gray zone. Washington wants to fix it, but it’s not clear how.

#politico #EN #2023 #AI #copy #legal #gray-zone #policy #people #persona

·politico.com·Jan 2, 2024

A New Kind of AI Copy Can Fully Replicate Famous People. The Law Is Powerless.

ChatGPT-aided ransomware in China results in four arrests as AI raises cybersecurity concerns | South China Morning Post

#scmp #EN #2023 #ChatGPT #ChatGPT-Based #ransomware #China

·scmp.com·Dec 31, 2023

ChatGPT-aided ransomware in China results in four arrests as AI raises cybersecurity concerns | South China Morning Post

New Black Basta decryptor exploits ransomware flaw to recover files

Researchers have created a decryptor that exploits a flaw in Black Basta ransomware, allowing victims to recover their files for free.

#bleepingcomputer #EN #2023 #Black-Basta #Decryptor #Encryption #Flaw #Ransomware #XOR

·bleepingcomputer.com·Dec 31, 2023

New Black Basta decryptor exploits ransomware flaw to recover files

Cloud Atlas' Spear-Phishing Attacks Target Russian Agro and Research Companies

Cloud Atlas spear-phishing attacks hit an agro-industrial enterprise and a state-owned research company.

#thehackernews #EN #2023 #CloudAtlas #spear-phishing #agro-industrial #state-owned #Russia

·thehackernews.com·Dec 31, 2023

Cloud Atlas' Spear-Phishing Attacks Target Russian Agro and Research Companies

Russian military hackers target Ukraine with new MASEPIE malware

Ukraine's Computer Emergency Response Team (CERT) is warning of a new phishing campaign that allowed Russia-linked hackers to deploy previously unseen malware on a network in under one hour.

#bleepingcomputer #EN #2023 #APT28 #Backdoor #Masepie #Oceanmap #Phishing #Russia #Steelhook #Ukraine

·bleepingcomputer.com·Dec 31, 2023

Russian military hackers target Ukraine with new MASEPIE malware

Ukraine war: What's the impact of cyber guerrillas?

In response to Russia's invasion, Ukraine called for support from volunteers operating in cyberspace. Since then, hackers have helped Kyiv's war effort. But this new phenomenon also draws criticism.

#dw #EN #2023 #cyberguerrilla #Ukraine #Russia-Ukraine-war #ITarmy #digital #warfare

·dw.com·Dec 30, 2023

Ukraine war: What's the impact of cyber guerrillas?

Things are about to get a lot worse for Generative AI

A full of spectrum of infringment The cat is out of the bag: Generative AI systems like DALL-E and ChatGPT have been trained on copyrighted materials; OpenAI, despite its name, has not been transparent about what it has been trained on. Generative AI systems are fully capable of producing materials that infringe on copyright. They do not inform users when they do so. They do not provide any information about the provenance of any of the images they produce. Users may not know when they produce any given image whether they are infringing.

#garymarcus #EN #2023 #DALL-E #ChatGPT #Copyright #infringment #AI #legal

·garymarcus.substack.com·Dec 30, 2023

Things are about to get a lot worse for Generative AI

Chinese Hackers Exploited New Zero-Day in Barracuda's ESG Appliances

Chinese threat actors exploited a new zero-day vulnerability in Barracuda's Email Security Gateway (ESG) appliances.

#thehackernews #EN #2023 #0-day #network #hacker #vulnerability #ESG #CVE-2023-7102 #appliance #Barracuda

·thehackernews.com·Dec 30, 2023

Chinese Hackers Exploited New Zero-Day in Barracuda's ESG Appliances

‘Wall of Flippers’ detects Flipper Zero Bluetooth spam attacks

A new Python project called 'Wall of Flippers' detects Bluetooth spam attacks launched by Flipper Zero and Android devices.

#bleepingcomputer #EN #2023 #Python #Wall #Flippers #Bluetooth #Denial #BLE #blespam #iphones #DoS #Spam

·bleepingcomputer.com·Dec 30, 2023

‘Wall of Flippers’ detects Flipper Zero Bluetooth spam attacks

Hackers stole $2 billion in crypto in 2023, data shows

Data shows hackers stole around $2 billion in crypto this year, according to data analyzed by blockchain security firms.

#TechCrunch #EN #2023 #stole #hackers #cyberattacks #crypto #Lazarus #DeFi #Finance

·techcrunch.com·Dec 30, 2023

Hackers stole $2 billion in crypto in 2023, data shows

Amnesty confirms Apple warning: Indian journalists’ iPhones infected with Pegasus spyware

Apple's warnings in late October that Indian journalists and opposition figures may have been targeted by state-sponsored attacks prompted a forceful Behind closed doors, senior officials from Modi's administration demanded that Apple soften the political impact of the state-sponsored warnings, according to Washington Post.

#techcrunch #EN #2023 #state-sponsored #attacks #Pegasus #Apple #India #Amnesty #spyware #iPhone

·techcrunch.com·Dec 30, 2023

Amnesty confirms Apple warning: Indian journalists’ iPhones infected with Pegasus spyware

Lockbit ransomware disrupts emergency care at German hospitals

German hospital network Katholische Hospitalvereinigung Ostwestfalen (KHO) has confirmed that recent service disruptions were caused by a Lockbit ransomware attack where the threat actors gained access to IT systems and encrypted devices on the network.

#bleepingcomputer #EN #2023 #Hospital #Computer #Ransomware #InfoSec #3.0 #Healthcare #Germany #Security #LockBit

·bleepingcomputer.com·Dec 30, 2023

Lockbit ransomware disrupts emergency care at German hospitals

Cybercriminals launched “Leaksmas” event in the Dark Web exposing massive volumes of leaked PII and compromised data

Even as the New Year approached and the world celebrated the festive Christmas season, the cybercriminal community did not pause their activities. Instead, they marked the holiday season in their unique way. On Christmas Eve, Resecurity observed multiple actors on the Dark Web releasing substantial data dumps. These were the result of data breaches and network intrusions to a variety of companies and government agencies. Numerous leaks disseminated in the underground cyber world were tagged with 'Free Leaksmas,' indicating that these significant leaks were shared freely among various cybercriminals as a form of mutual gratitude.

#resecurity #EN #2023 #Leaksmas #darkweb #leaks #data-breaches

·resecurity.com·Dec 28, 2023

Cybercriminals launched “Leaksmas” event in the Dark Web exposing massive volumes of leaked PII and compromised data

Lockbit ransomware attack interrupted medical emergencies gang at a German hospital network

A Lockbit ransomware attack against German hospital network Katholische Hospitalvereinigung Ostwestfalen caused service disruptions.

#securityaffairs #EN #2023 #German #hospital #network #ransomware #Lockbit #Germany

·securityaffairs.com·Dec 28, 2023

Lockbit ransomware attack interrupted medical emergencies gang at a German hospital network

Microsoft disables MSIX protocol handler abused in malware attacks

Microsoft has again disabled the MSIX ms-appinstaller protocol handler after multiple financially motivated threat groups abused it to infect Windows users with malware.

#bleepingcomputer #EN #2023 #App-Installer #Malware #Windows #Microsoft #MSIX #CVE-2021-43890

·bleepingcomputer.com·Dec 28, 2023

Microsoft disables MSIX protocol handler abused in malware attacks

This Clever New Idea Could Fix AirTag Stalking While Maximizing Privacy

Apple updated its location-tracking system in an attempt to cut down on AirTag abuse while still preserving privacy. Researchers think they’ve found a better balance.

#wired #EN #2023 #ios #apple #cryptography #privacy #AirTag

·wired.com·Dec 28, 2023

This Clever New Idea Could Fix AirTag Stalking While Maximizing Privacy

Operation Triangulation: The last (hardware) mystery

Recent iPhone models have additional hardware-based security protection for sensitive regions of the kernel memory. We discovered that to bypass this hardware-based security protection, the attackers used another hardware feature of Apple-designed SoCs.

#securelist #EN #2023 #Apple #Malware #Reverse-engineering #Targeted-attacks #Triangulation #0-days #iPhone

·securelist.com·Dec 27, 2023

Operation Triangulation: The last (hardware) mystery

The Times Sues OpenAI and Microsoft Over A.I. Use of Copyrighted Work

Millions of articles from The New York Times were used to train chatbots that now compete with it, the lawsuit said.

#nytimes #EN #2023 #chatgpt #legal #sued #openai #Mcrosoft #Copyright #chatbots

·nytimes.com·Dec 27, 2023

The Times Sues OpenAI and Microsoft Over A.I. Use of Copyrighted Work

The Disturbing Impact of the Cyberattack at the British Library

The library has been incapacitated since October, and the effects have spread beyond researchers and book lovers.

#newyorker #EN #2023 #British #Library #uk #impact

·newyorker.com·Dec 26, 2023

The Disturbing Impact of the Cyberattack at the British Library

GTA 5 source code reportedly leaked online a year after RockStar hack

The source code for Grand Theft Auto 5 was reportedly leaked on Christmas Eve, a little over a year after the Lapsus$ threat actors hacked Rockstar games and stole corporate data.

#bleepingcomputer #EN #2023 #Cyberattack #Grand-Theft-Auto-V #GTA-5 #GTA-6 #Lapsus$#Rockstar-Games #Source-Code #leak

·bleepingcomputer.com·Dec 25, 2023

GTA 5 source code reportedly leaked online a year after RockStar hack

Ubisoft says it's investigating reports of a new security breach

Ubisoft is investigating whether it suffered a breach after images of the company's internal software and developer tools were leaked online. Ubisoft is a French video game publisher known for well-known titles, including Assassin's Creed, FarCry, Tom Clancy's Rainbow Six Siege, and the new Avatar: Frontiers of Pandora. Ubisoft told BleepingComputer that they are investigating an alleged data security incident after security research collective VX-Underground shared screenshots of what appears to be the company's internal services.

#bleepingcomputer #EN #2023 #ubisoft #incident #Screenshots #vx-underground

·bleepingcomputer.com·Dec 25, 2023

Ubisoft says it's investigating reports of a new security breach