Search cyberveille.decio.ch

Found 4945 bookmarks

Custom sorting

Fake CISO Profiles on LinkedIn Target Fortune 500s

Someone has recently created a large number of fake LinkedIn profiles for Chief Information Security Officer (CISO) roles at some of the world’s largest corporations. It’s not clear who’s behind this network of fake CISOs or what their intentions may…

#krebsonsecurity #2022 #EN #CISO #LinkedIn #fake #profiles

·krebsonsecurity.com·Oct 8, 2022

Fake CISO Profiles on LinkedIn Target Fortune 500s

Jamf Threat Labs identifies macOS Archive Utility vulnerability allowing for Gatekeeper bypass (CVE-2022-32910)

Read how macOS vulnerability in Archive Utility could lead to the execution of an unsigned and unnotarized application without displaying security prompts.

#jamf #EN #2022 #Archive #Utility #macOS #vulnerability #CVE-2022-32910 #Gatekeeper #bypass

·jamf.com·Oct 8, 2022

Jamf Threat Labs identifies macOS Archive Utility vulnerability allowing for Gatekeeper bypass (CVE-2022-32910)

White House announces new surveillance guardrails to meet EU Privacy Shield expectations

The executive order will give EU citizens redress for intelligence collection that violates U.S. laws.

#cyberscoop #EN #2022 #privacy #privacy-shield #EU #US #intelligence #legal

·cyberscoop.com·Oct 8, 2022

White House announces new surveillance guardrails to meet EU Privacy Shield expectations

CVE-2022-40684: Critical Authentication Bypass in FortiOS and FortiProxy

Fortinet has patched a critical authentication bypass in its FortiOS and FortiProxy products that could lead to administrator access.

#tenable #EN #2022 #CVE-2022-40684

·tenable.com·Oct 7, 2022

CVE-2022-40684: Critical Authentication Bypass in FortiOS and FortiProxy

CVE-2022-41352

On September 25, 2022, CVE-2022-41352 was filed for Zimbra Collaboration Suite. The vulnerability is a remote code execution flaw that arises from unsafe usage…

#attackerkb #EN #2022 #CVE-2022-41352 #Zimbra #vulnerability

·attackerkb.com·Oct 7, 2022

CVE-2022-41352

Man arrested for alleged data breach SMS scam

A Sydney man, 19, has been charged for allegedly attempting to misuse stolen Optus customer data in a text message blackmail scam.

#afp.gov.au #blackmail #scam #Optus #leak #EN #2022

·afp.gov.au·Oct 6, 2022

Man arrested for alleged data breach SMS scam

MSSQL, meet Maggie. A novel backdoor for Microsoft SQL…

Continuing our monitoring of signed binaries, DCSO CyTec recently found a novel backdoor malware targeting Microsoft SQL servers. The malware comes in form of an “Extended Stored Procedure” DLL, a…

#DCSO_CyTec #EN #2022 #Medium #Maggie #backdoor #malware #MicrosoftSQL #servers

·medium.com·Oct 5, 2022

MSSQL, meet Maggie. A novel backdoor for Microsoft SQL…

How 3 hours of inaction from Amazon cost cryptocurrency holders $235,000

For 2nd time in 4 years, Amazon loses control of its IP space in BGP hijacking.

#arstechnica #EN #2022 #BGP #cryptocurrency #hijacking #Amazon

·arstechnica.com·Oct 5, 2022

How 3 hours of inaction from Amazon cost cryptocurrency holders $235,000

Remove All The Callbacks – BlackByte Ransomware Disables EDR Via RTCore64.sys Abuse

A fresh exploration of the malware uncovers a new tactic for bypassing security products by abusing a known driver vulnerability

#sophos #EN #2022 #BlackByte #Ransomware #Disables #EDR #RTCore64.sys

·news.sophos.com·Oct 5, 2022

Remove All The Callbacks – BlackByte Ransomware Disables EDR Via RTCore64.sys Abuse

MAR-10365227-3.v1 China Chopper Webshells

CISA analyzed 15 files associated with China Chopper malware. The files are modified Offline Address Book (OAB) Virtual Directory (VD) configuration files for Microsoft Exchange servers. The files have been modified with a variant of the China Chopper webshell. The webshells allow an attacker to remotely access the server and execute arbitrary code on the system(s).referenced in this bulletin or otherwise.

#uscert #csirt #cert #en #2022 #CISA #China #Chopper #malware #Analysis

·cisa.gov·Oct 5, 2022

MAR-10365227-3.v1 China Chopper Webshells

MAR-10365227-2.v1 HyperBro

CISA analyzed 4 files associated with HyperBro malware. The files creates a backdoor program that is capable of uploading and downloading files to and from the system. The RAT is also capable of logging keystrokes and executing commands on the system.

#uscert #csirt #cert #CISA #HyperBro #malware #Analysis #RAT #EN #2022

·cisa.gov·Oct 5, 2022

MAR-10365227-2.v1 HyperBro

PHP Supply Chain Attack on Composer

We recently discovered a vulnerability in Composer, the main package manager for PHP, and were able to use it to take over the central repository, packagist.org.

#sonarsource #EN #2022 #php #supplychain #supply-chain #packagist.org

·blog.sonarsource.com·Oct 5, 2022

PHP Supply Chain Attack on Composer

Bumblebee: increasing its capacity and evolving its TTPs

The spring of 2022 saw a spike in activity of Bumblebee loader, a recent threat that has garnered a lot of attention due to its many links to several well-known malware families.

#checkpoint #EN #2022 #Bumblebee #loader #malware #Analysis

·research.checkpoint.com·Oct 4, 2022

Bumblebee: increasing its capacity and evolving its TTPs

Malicious Tor Browser spreads through YouTube

Kaspersky researchers detected OnionPoison campaign: malicious Tor Browser installer spreading through a popular YouTube channel and targeting Chinese users.

#securelist #EN #2022 #Kaspersky #Malware-Descriptions #Onion #Social-engineering #Targeted-attacks #TOR #YouTube #Chine

·securelist.com·Oct 4, 2022

Malicious Tor Browser spreads through YouTube

A glimpse into the shadowy realm of a Chinese APT: detailed analysis of a ShadowPad intrusion – NCC Group Research

This post explores some of the TTPs employed by a threat actor who was observed deploying ShadowPad during an incident response engagement.

#nccgroup #EN #2022 #TTP #research #ShadowPad #CVE-2022-29464 #secur32.dll

·research.nccgroup.com·Oct 3, 2022

A glimpse into the shadowy realm of a Chinese APT: detailed analysis of a ShadowPad intrusion – NCC Group Research

DeftTorero TTPs in 2019–2021

Earlier this year, we started hunting for possible new DeftTorero (aka Lebanese Cedar, Volatile Cedar) artifacts. This threat actor is believed to originate from the Middle East and was publicly disclosed to the cybersecurity community as early as 2015. Notably, no other intelligence was shared until 2021, which led us to speculate on a possible shift by the threat actor to more fileless/LOLBINS techniques, and the use of known/common offensive tools publicly available on the internet that allows them to blend in.

#securelist #EN #2022 #DeftTorero #LebaneseCedar #Lebanon #webshell

·securelist.com·Oct 3, 2022

DeftTorero TTPs in 2019–2021

Bad VIB(E)s Part One: Investigating Novel Malware Persistence Within ESXi Hypervisors | Mandiant

Earlier this year, Mandiant identified a novel malware ecosystem impacting VMware ESXi, Linux vCenter servers, and Windows virtual machines that enables a threat actor to take the following actions: 1) Maintain persistent administrative access to the hypervisor 2) Send commands to the hypervisor that will be routed to the guest VM for execution 3) Transfer files between the ESXi hypervisor and guest machines running beneath it 4) Tamper with logging services on the hypervisor

#mandiant #EN #2022 #esxi #hypervisors #malware #BadVIB(E)s #0-day

·mandiant.com·Oct 3, 2022

Bad VIB(E)s Part One: Investigating Novel Malware Persistence Within ESXi Hypervisors | Mandiant

Lazarus hackers abuse Dell driver bug using new FudModule rootkit

The notorious North Korean hacking group 'Lazarus' was seen installing a Windows rootkit that abuses a Dell hardware driver in a Bring Your Own Vulnerable Driver attack.

#bleepingcomputer #EN #2022 #CVE-2021-21551 #BYOVD #Dell #Driver #Lazarus-Group #Malware #North-Korea #Rootkit

·bleepingcomputer.com·Oct 2, 2022

Lazarus hackers abuse Dell driver bug using new FudModule rootkit

Amazon‑themed campaigns of Lazarus in the Netherlands and Belgium

ESET researchers have discovered Lazarus attacks against targets in the Netherlands and Belgium that use spearphishing emails connected to fake job offers.

#welivesecurity #EN #2022 #Lazarus #report #campaign #Netherlands #Belgium #spearphishing

·welivesecurity.com·Oct 2, 2022

Amazon‑themed campaigns of Lazarus in the Netherlands and Belgium

ProxyNotShell— the story of the claimed zero days in Microsoft Exchange

Yesterday, cybersecurity vendor GTSC Cyber Security dropped a blog saying they had detected exploitation of a new Microsoft Exchange zero…

#ProxyNotShell #doublepulsar #EN #2022 #Medium #KevinBeaumont #CVE-2022–41040 #CVE-2022–41082

·doublepulsar.com·Oct 2, 2022

ProxyNotShell— the story of the claimed zero days in Microsoft Exchange

Ukraine warns of 'massive cyberattacks' coming from Russia on critical infrastructure sites

The Russian government is planning “massive cyberattacks” against Ukrainian critical infrastructure facilities to “increase the effect of missile strikes on electrical supply facilities,” the Ukrainian government said Monday.

#cyberscoop #EN #2022 #massive #cyberattacks #geopolitics #Russia-Ukraine-war #Ukraine #government #threat #infrastructures

·cyberscoop.com·Oct 2, 2022

Ukraine warns of 'massive cyberattacks' coming from Russia on critical infrastructure sites

Mystery Hackers Are ‘Hyperjacking’ Targets for Insidious Spying

For decades, security researchers warned about techniques for hijacking virtualization software. Now one group has put them into practice.

#wired #2022 #EN #hacking #virtualization #Hyperjacking #malware #Blue-Pill #Mandiant

·wired.com·Sep 30, 2022

Mystery Hackers Are ‘Hyperjacking’ Targets for Insidious Spying

Chaos is a Go-based Swiss army knife of malware

Black Lotus Labs, the threat intelligence arm of Lumen Technologies, recently uncovered a multifunctional Go-based malware developed for Windows and Linux

#lumen #EN #2022 #Chaos #Go #malware #Windows #Linux #IoCs

·blog.lumen.com·Sep 30, 2022

Chaos is a Go-based Swiss army knife of malware

Warning: New attack campaign utilized a new 0-day RCE vulnerability on Microsoft Exchange Server

Circa the beginning of August 2022, while doing security monitoring & incident response services, GTSC SOC team discovered that a critical infrastructure was being attacked, specifically to their Microsoft Exchange application. During the investigation, GTSC Blue Team experts determined that the attack utilized an unpublished Exchange security vulnerability, i.e., a 0-day vulnerability, thus immediately came up with a temporary containment plan.

#gteltsc.vn #EN #2022 #Microsoft-Exchange #Exchange #0-day #RCE #vulnerability #campaign #IoCs

·gteltsc.vn·Sep 30, 2022

Warning: New attack campaign utilized a new 0-day RCE vulnerability on Microsoft Exchange Server

Witchetty: Group Uses Updated Toolset in Attacks on Governments in Middle East

Espionage group begins using new backdoor that leverages rarely seen steganography technique.

#symantec #EN #2022 #Witchetty #Espionage #backdoor #steganography #LookingFrog #IoCs

·symantec-enterprise-blogs.security.com·Sep 30, 2022

Witchetty: Group Uses Updated Toolset in Attacks on Governments in Middle East

ZINC weaponizing open-source software

In recent months, Microsoft detected weaponization of legitimate open-source software by an actor the Microsoft Threat Intelligence Center (MSTIC) tracks as ZINC, targeting employees at media, defense and aerospace, and IT service provider organizations in the US, UK, India, and Russia.

#microsoft #EN #2022 #ZINC #open-source #software #MSTIC #aerospace #weaponizing

·microsoft.com·Sep 29, 2022

ZINC weaponizing open-source software

Lindy Cameron at Chatham House security and defence conference 2022

The National Cyber Security Centre’s CEO Lindy Cameron delivered a keynote speech at the Chatham House security and defence conference 2022. Lindy Cameron discussed the cyber dimension of the Russia-Ukraine conflict, focusing on what the NCSC has observed and the UK’s response.

#ncsc #UK #EN #2022 #Russia-Ukraine-war #cyber #warfare

·ncsc.gov.uk·Sep 29, 2022

Lindy Cameron at Chatham House security and defence conference 2022

BumbleBee: Round Two

In this intrusion from May 2022, the threat actors used BumbleBee as the initial access vector. BumbleBee has been identified as an initial access vector utilized by several ransomware affiliates. …

#thedfirreport #EN #2022 #BumbleBee #ransomware #RDP #IoCs

·thedfirreport.com·Sep 28, 2022

BumbleBee: Round Two

NullMixer drops Redline Stealer, SmokeLoader and other malware | Securelist

NullMixer is a dropper delivering a number of Trojans, such as RedLine Stealer, SmokeLoader, Satacom, and others.

#securelist #EN #2022 #NullMixer #dropper #Malware #Malware-Descriptions #Malware-Technologies #Trojan #Trojan-Dropper #Trojan-stealer

·securelist.com·Sep 28, 2022

NullMixer drops Redline Stealer, SmokeLoader and other malware | Securelist

MAR-10400779-1.v1 – Zimbra 1

CISA received seven files for analysis. Six Java Server Pages (JSP) webshells and a Bourne Again SHell (bash) file. Five JSP webshell files are designed to parse inbound requests for commands for execution, download files, and upload files. One JSP webshell file contains a form with input fields that prompts the attacker to enter the command in the input box and click "run" to execute. The command output will be displayed in a JSP page. The bash file is designed to perform ldapsearch queries and store the output into a newly created directory.

#uscert #csirt #cert #EN #2022 #Malware #Analysis #Report #AR22-270A #Zimbra

·cisa.gov·Sep 28, 2022

MAR-10400779-1.v1 – Zimbra 1