cyberveille.decio.ch

7248 bookmarks

Newest

Oasis Security Research Team Discovers Microsoft Azure MFA Bypass

Oasis Security's research team uncovered a critical vulnerability in Microsoft's Multi-Factor Authentication (MFA) implementation, allowing attackers to bypass it and gain unauthorized access to the user’s account, including Outlook emails, OneDrive files, Teams chats, Azure Cloud, and more. Microsoft has more than 400 million paid Office 365 seats, making the consequences of this vulnerability far-reaching. The bypass was simple: it took around an hour to execute, required no user interaction and did not generate any notification or provide the account holder with any indication of trouble.

#oasis.security #EN #2024 #research #MFA #Microsoft #MFA-bypass

·oasis.security·Dec 14, 2024

Oasis Security Research Team Discovers Microsoft Azure MFA Bypass

Le Parlement favorable au "Swiss Governement Cloud"

L'administration fédérale doit avoir son propre service en nuage souverain. Suivant le National, le Conseil des Etats a accepté jeudi à l'unanimité un crédit de 246,9 millions de francs pour le "Swiss Governement Cloud" (SGC).

#parlament.ch #FR #CH #Suisse #administration #fédérale #SGC #Swiss-Governement-Cloud

·parlament.ch·Dec 13, 2024

Le Parlement favorable au "Swiss Governement Cloud"

He Investigates the Internet’s Most Vicious Hackers—From a Secret Location

In the increasingly dangerous world of cybercrime, Brian Krebs faces threats, manipulation and the odd chess challenge

#wsj #EN #2024 #BrianKrebs #Secret #Location

·wsj.com·Dec 13, 2024

He Investigates the Internet’s Most Vicious Hackers—From a Secret Location

NodeLoader Used to Deliver Malware

A technical analysis of how a malware campaign using a game cheat lure leverages Node.js to distribute XMRig, Lumma and Phemedrone Stealer.

#zscaler #EN #2024 #NodeLoader #analysis #Node.js #game-cheat

·zscaler.com·Dec 13, 2024

NodeLoader Used to Deliver Malware

Axpo annonce lancer le premier SOC suisse pour les infrastructures OT | ICTjournal

Axpo Systems annonce la mise en service de ce que l'entreprise décrit comme le premier Security Operation Cent

#ictjournal #FR #CH #2024 #Suisse #SOC #OT #AxpoSystems

·ictjournal.ch·Dec 13, 2024

Axpo annonce lancer le premier SOC suisse pour les infrastructures OT | ICTjournal

Citrix Denial of Service: Analysis of CVE-2024-8534

An analysis of CVE-2024-8534, a memory safety vulnerability leading to memory corruption and Denial of Service in NetScaler ADC and Gateway.

#assetnote #EN #2024 #CVE-2024-8534 #analysis #NetScaler #Gateway #ADC #vulnerability

·assetnote.io·Dec 13, 2024

Citrix Denial of Service: Analysis of CVE-2024-8534

Threat Actors Push ClickFix Fake Browser Updates Using Stolen Credentials

ClickFix fake browser updates are being distributed by bogus WordPress plugins. Learn about the common indicators of compromise.

#godaddy #EN #2024 #ClickFix #Fake #Browser #Updates #WordPress

·godaddy.com·Dec 12, 2024

Threat Actors Push ClickFix Fake Browser Updates Using Stolen Credentials

Unveiling Dark Internet Service Providers: Bulletproof Hosting | by team | Dec, 2024 | Medium

Bulletproof hosting services provide the infrastructure for cybercriminal activities, enabling criminals to evade legal constraints and are often used for malware, hacking attacks, fraudulent…

#Knownsec404 #medium #EN #2024 #Dark #Internet #Service #Providers #Bulletproof #hosting

·medium.com·Dec 11, 2024

Unveiling Dark Internet Service Providers: Bulletproof Hosting | by team | Dec, 2024 | Medium

NATO to launch new cyber center by 2028: Official

The center, called the NATO Integrated Cyber Defense Center, will have multiple locations, but will be headquartered in Mons, Belgium.

#breakingdefense.com #EN #2024 #NATO #Integrated-Cyber-Defense-Center #Belgium

·breakingdefense.com·Dec 11, 2024

NATO to launch new cyber center by 2028: Official

Publicités insérées entre les courriels : sanction de 50 millions d’euros à l’encontre de la société ORANGE

Le contexte ORANGE met à disposition de ses clients un service de messagerie électronique (« Mail Orange »). À la suite de plusieurs contrôles, la CNIL a constaté que la société affichait, entre les courriels présents au sein des boîtes de réception des utilisateurs, des annonces publicitaires prenant la forme de courriels.

#CNIL #FR #2024 #ORANGE #MailOrange #Publicités #sanction #France

·cnil.fr·Dec 11, 2024

Publicités insérées entre les courriels : sanction de 50 millions d’euros à l’encontre de la société ORANGE

'Operation Digital Eye' Attack Targets European IT Orgs

A Chinese threat actor infiltrated several IT and security companies in a bring-your-own VS code, with an eye to carrying out a supply-chain-based espionage attack.

#darkreading #EN #2024 #Cyberattacks #Data-Breaches #Application-Security #bring-your-own #VS #code #EU

·darkreading.com·Dec 10, 2024

'Operation Digital Eye' Attack Targets European IT Orgs

Compromising OpenWrt Supply Chain via Truncated SHA-256 Collision and Command Injection - Flatt Security Research

In this article, I explained how I could compromise the sysupgrade.openwrt.org service by exploiting the command injection and the SHA-256 collision. As I never found the hash collision attack in a real-world application, I was surprised that I could successfully exploit it by brute-forcing hashes.

#flatt.tech #EN #2024 #Hash-collision #OpenWrt #Command-injection #SHA-256 #Supply-chain

·flatt.tech·Dec 10, 2024

Compromising OpenWrt Supply Chain via Truncated SHA-256 Collision and Command Injection - Flatt Security Research

Fraudulent shopping sites tied to cybercrime marketplace taken offline

The investigation began in the autumn of 2022, following reports of fraudulent phone calls in which scammers impersonated bank employees to extract sensitive information, such as addresses and security answers, from victims. The stolen data was traced back to a specialised online marketplace that operated as a central hub for the trade of illegally obtained information.A central hub for cyber...

#europol #EN #2024 #Fraudulent #shopping #marketplace #MansonMarket

·europol.europa.eu·Dec 10, 2024

Fraudulent shopping sites tied to cybercrime marketplace taken offline

On These Apps, the Dark Promise of Mothers Sexually Abusing Children

Smartphone apps downloaded from Apple and Google can allow parents and other abusers to connect with pedophiles who pay to watch — and direct — criminal behavior.

#nytimes #EN #2024 #investigation #BigoLive #abuse #stream #child #Apps #Apple #Google #pedophiles #criminal

·nytimes.com·Dec 9, 2024

On These Apps, the Dark Promise of Mothers Sexually Abusing Children

BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA

KEY TAKEAWAYS Volexity discovered and reported a vulnerability in Fortinet's Windows VPN client, FortiClient, where user credentials remain in process memory after a user authenticates to the VPN. This vulnerability was abused by BrazenBamboo in their DEEPDATA malware. BrazenBamboo is the threat actor behind development of the LIGHTSPY malware family. LIGHTSPY variants have been discovered for all major operating systems, including iOS, and Volexity has recently discovered a new Windows variant. In July 2024, Volexity identified exploitation of a zero-day credential disclosure vulnerability in Fortinet’s Windows VPN client that allowed credentials to be stolen from the memory of the client’s process. This vulnerability was discovered while analyzing a recent sample of the DEEPDATA malware family. DEEPDATA is a modular post-exploitation tool for the Windows operating system that is used to gather a wide range of information from target devices. Analysis of the sample revealed a plugin that was designed to […]

#volexity #EN #VPN #analysis #FortiClient #Vulnerability #BrazenBamboo #DEEPDATA #stealer

·volexity.com·Dec 9, 2024

BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA

What a new threat report says about Mac malware in 2024

Apple's macOS has been under siege in 2024 as malware-as-a-service platforms and AI-driven threats make the year a turning point for Mac security.

#appleinsider #EN #2024 #Apple #macOS #AI-driven #Mac #security #malware-as-a-service

·appleinsider.com·Dec 9, 2024

What a new threat report says about Mac malware in 2024

Moonlock's 2024 macOS threat report

A deep dive into macOS malware this year.

#moonlock #EN #2024 #macOS #malware #report

·moonlock.com·Dec 9, 2024

Moonlock's 2024 macOS threat report

Why Phishers Love New TLDs Like .shop, .top and .xyz

Phishing attacks increased nearly 40 percent in the year ending August 2024, with much of that growth concentrated at a small number of new generic top-level domains (gTLDs) -- such as .shop, .top, .xyz -- that attract scammers with rock-bottom…

#krebsonsecurity #EN #2024 #TLDs #.shop #.top #.xyz #Phishing #scammers

·krebsonsecurity.com·Dec 9, 2024

Why Phishers Love New TLDs Like .shop, .top and .xyz

Zero-Day: How Attackers Use Corrupted Files to Bypass Detection

See technical analysis of a zero-day attack that uses corrupted malicious files to bypass detection by advanced security systems.

#any.run #EN #2024 #Corrupted #Files #Bypass #Detection #Analysis

·any.run·Dec 9, 2024

Zero-Day: How Attackers Use Corrupted Files to Bypass Detection

Unidentified Threat Actor Utilizes Android Malware to Target High-Value Assets in South Asia

The team at CYFIRMA analyzed a malicious Android sample designed to target high-value assets in Southern Asia. This sample, attributed to an unknown threat actor, was generated using the Spynote Remote Administration Tool. While the specifics of the targeted asset remain confidential, it is likely that such a target would attract the interest of APT groups. However, we are restricted from disclosing further details about the actual target and its specific region. For a comprehensive analysis, please refer to the detailed report

#cyfirma #EN #2024 #Unidentified #Threat #Actor #Malware #research #Android #Spynote #Remote #Administration #Tool

·cyfirma.com·Dec 9, 2024

Unidentified Threat Actor Utilizes Android Malware to Target High-Value Assets in South Asia

Log In POLITICO Pro Home Latest news Romanian elections War in Ukraine French political crisis Newsletters Podcasts Poll of Polls Policy news Events News Politics Hungarian CIA reportedly spied on EU officials

Officials from EU anti-fraud office were allegedly followed, wiretapped and had their laptops hacked by Hungary’s intelligence agency.

#politico #EN #2024 #Espionage #European-politics #Hungarian-politics #Hungary #Intelligence #Law-enforcement #MEPs #Spying #Spyware #Viktor-Orbán

·politico.eu·Dec 9, 2024

Tuta has suffered multiple DDoS attacks in one week – but it claims privacy has not been compromised

Some users are still lamenting issues in using the encrypted email service

#techradar #EN #2024 #DDoS #attacks #Tuta #mail

·techradar.com·Dec 9, 2024

Tuta has suffered multiple DDoS attacks in one week – but it claims privacy has not been compromised

Meeten Malware: A Cross-Platform Threat to Crypto Wallets on macOS and Windows

Cado Security Labs details the discovery of a new cross-platform information stealer malware dubbed "Meeten" targeting macOS and Windows users.

#cadosecurity #EN #2024 #Cross-Platform #Threat #Meeten #macOS #Windows

·cadosecurity.com·Dec 9, 2024

Meeten Malware: A Cross-Platform Threat to Crypto Wallets on macOS and Windows

Ransomware hackers target NHS hospitals with new cyberattacks

Two NHS trusts in England have been hacked in recent weeks, the latest attacks to hit the national health service.

#techcrunch #EN #2024 #INCRansomware #NHS #UK #health #ransomware

·techcrunch.com·Dec 9, 2024

Ransomware hackers target NHS hospitals with new cyberattacks

8 US telcos compromised, FBI advises Americans to use encrypted communications - Help Net Security

FBI and CISA officials have advised Americans to use encrypted call and messaging apps to protect their communications from threat actors.

#helpnetsecurity #EN #2024 #telcos #US #encrypted #call #advise #FBI #CISA

·helpnetsecurity.com·Dec 9, 2024

8 US telcos compromised, FBI advises Americans to use encrypted communications - Help Net Security

Enhanced Visibility and Hardening Guidance for Communications Infrastructure

This guide provides network engineers and defenders of communications infrastructure with best practices to strengthen their visibility and harden their network

#cisa #EN #2024 #guide #visibility #Hardening #US #Communications #Infrastructure

·cisa.gov·Dec 9, 2024

Enhanced Visibility and Hardening Guidance for Communications Infrastructure

2023 Anna Jaques Hospital data breach impacted +310K people

Anna Jaques Hospital revealed that the ransomware attack it suffered last year has exposed sensitive health data for over 316,000 patients.

#securityaffairs #EN #2024 #health #Hospital #AnnaJaques

·securityaffairs.com·Dec 9, 2024

2023 Anna Jaques Hospital data breach impacted +310K people

zizmor would have caught the Ultralytics workflow vulnerability

TL;DR: zizmor would have caught the vulnerability that caused this…mostly. Read on for details.

#yossarian #EN #2024 #Supply-Chain-Attack #zizmor #Ultralytics #vulnerability #workflow

·blog.yossarian.net·Dec 8, 2024

zizmor would have caught the Ultralytics workflow vulnerability

Ultralytics AI model hijacked to infect thousands with cryptominer

The popular Ultralytics YOLO11 AI model was compromised in a supply chain attack to deploy cryptominers on devices running versions 8.3.41 and 8.3.42 from the Python Package Index (PyPI)

#bleepingcomputer #EN #2024 #Artificial-Intelligence #Open-Source #Supply-Chain #Supply-Chain-Attack #Ultralytics

·bleepingcomputer.com·Dec 8, 2024

Ultralytics AI model hijacked to infect thousands with cryptominer

Unveiling Celular 007: An In-Depth Analysis of Brazilian Stalkerware and Strategies for Collective Protection

Key findings from our analysis include: Advanced Surveillance Capabilities: Utilizes technologies like WebRTC for real-time audio and video streaming. Abuses Accessibility Services to intercept user interactions. Comprehensive Data Exfiltration: Collects and transmits a wide range of personal data, including messages, call logs, and location information. Persistence Mechanisms: Employs techniques to remain active on the device, such as auto-start on boot and misuse of device administrator privileges. Abuse of Legitimate Services: Utilizes Firebase Cloud Messaging to establish command and control channels, disguising its communications as legitimate traffic. Indicators of Compromise (IoCs): Identified specific URLs, IP addresses, file hashes, and other artifacts associated with Celular 007. Need for Collective Protection: * Highlights the importance of collective defense strategies and community awareness to combat such invasive tools.

#interseclab #EN #2024 #spyware #Celular007 #Stalkerware #Brazil

·interseclab.org·Dec 8, 2024

Unveiling Celular 007: An In-Depth Analysis of Brazilian Stalkerware and Strategies for Collective Protection