cyberveille.decio.ch

7248 bookmarks

Newest

Hackers leak 2.7 billion data records with Social Security numbers

Almost 2.7 billion records of personal information for people in the United States were leaked on a hacking forum, exposing names, social security numbers, all known physical addresses, and possible aliases.

#bleepingcomputer #EN #2024 #Class-Action-Lawsuit #Data-Breach #National-Public-Data #Personal-Information #Social-Security-Number #US

·bleepingcomputer.com·Aug 12, 2024

Hackers leak 2.7 billion data records with Social Security numbers

Iran Targeting 2024 US Election

Discover how Iran is allegedly targeting the 2024 US election, the potential impacts, and the measures being taken to safeguard the democratic process.

#microsoft #EN #2024 #Iran #election #US

·blogs.microsoft.com·Aug 12, 2024

Iran Targeting 2024 US Election

Trump campaign confirms it was hacked after POLITICO received internal documents from "Robert"

The campaign suggested Iran was to blame. POLITICO has not independently verified the identity of the hacker or their motivation.

#politico #EN #2024 #Trump #campaign #leak #data-leak

·politico.com·Aug 12, 2024

Trump campaign confirms it was hacked after POLITICO received internal documents from "Robert"

Threat Actors’ Toolkit: Leveraging Sliver, PoshC2 & Batch Scripts

In early December of 2023, we discovered an open directory filled with batch scripts, primarily designed for defense evasion and executing command and control payloads. These scripts execute various actions, including disabling antivirus processes and stopping services related to SQL, Hyper-V, security tools, and Exchange servers. This report also highlights scripts responsible for erasing backups, wiping event logs, and managing the installation or removal of remote monitoring tools like Atera. Our investigation uncovered the use of additional tools, including Ngrok for proxy services, SystemBC, and two well-known command and control frameworks: Sliver and PoshC2. The observed servers show long term usage by the threat actors, appearing in The DFIR Report Threat Feeds as far back as September 2023. They have been active intermittently since then, with the most recent activity detected in August 2024. Ten new sigma rules were created from this report and added to our private sigma ruleset

#thedfirreport #EN #2024 #Toolkit #investigation #open-directory #PoshC2 #Batch-Scripts

·thedfirreport.com·Aug 12, 2024

Threat Actors’ Toolkit: Leveraging Sliver, PoshC2 & Batch Scripts

How a cybersecurity researcher befriended, then doxed, the leader of LockBit

Jon DiMaggio used sockpuppet accounts, then his own identity, to infiltrate LockBit and gain the trust of its alleged admin, Dmitry Khoroshev.

#techcrunch #en #2024 #LockBit #JonDiMaggio #doxing #ransomware #gang #infiltration

·techcrunch.com·Aug 12, 2024

How a cybersecurity researcher befriended, then doxed, the leader of LockBit

AMD won't patch all chips affected by severe data theft vulnerability — Ryzen 3000, 2000, and 1000 will not get patched for 'Sinkclose' | Tom's Hardware

AMD released patches to address the Sinkclose vulnerability, but not all chips are covered. The company also said 'No performance impact expected', which means that its likely still conducting final validation and testing of the patch and how it impacts the overall performance of the system.

#tomshardware #EN #2024 #AMD #Sinkclose #no-patch

·tomshardware.com·Aug 12, 2024

AMD won't patch all chips affected by severe data theft vulnerability — Ryzen 3000, 2000, and 1000 will not get patched for 'Sinkclose' | Tom's Hardware

Hackers Steal Trump’s JD Vance ‘Dirty Laundry’ Dossier As 2016 Strikes Again

Hackers tried to interfere with the 2016 and 2024 presidential election campaigns, but now the Trump 2024 campaign has been hacked and confidential Vance dossier stolen.

#Trump #Trump-2024 #Trump-2024-Campaign #Trump-Hacked #Trump-2024-Campaign-Hacked #JD-Vance-dirty-laundry-dossier #JD-Vance-dossier-hacked #2024-election-interference #Has-Iran-Hacked-the-Trump-2024-campaign #Russia-Russia-Russia-becomes-Iran-Iran-Iran

·forbes.com·Aug 11, 2024

Hackers Steal Trump’s JD Vance ‘Dirty Laundry’ Dossier As 2016 Strikes Again

New AMD SinkClose flaw helps install nearly undetectable malware

AMD is warning about a high-severity CPU vulnerability named SinkClose that impacts multiple generations of its EPYC, Ryzen, and Threadripper processors. The vulnerability allows attackers with Kernel-level (Ring 0) privileges to gain Ring -2 privileges and install malware that becomes nearly undetectable.

#bleepingcomputer #AMD #Ring #Processor #SinkClose #vulnerability #Threadripper #EPYC #Ryzen

·bleepingcomputer.com·Aug 9, 2024

New AMD SinkClose flaw helps install nearly undetectable malware

‘Sinkclose’ Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infections

Researchers warn that a bug in AMD’s chips would allow attackers to root into some of the most privileged portions of a computer—and that it has persisted in the company’s processors for decades.

#wired #EN #2024 #Sinkclose #AMD #CPU #Vulnerability #TClose

·wired.com·Aug 9, 2024

‘Sinkclose’ Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infections

From Limited file read to full access on Jenkins (CVE-2024-23897)

As a red teamer, you encountered a Jenkins instance that is vulnerable to CVE-2024-23897, which allowed for limited arbitrary file read. Without credentials and with the /script endpoint inaccessible, you sought to leverage this vulnerability by revealing Hudson to decypt the credentials.

#xphantom #EN #2024 #Jenkins #CVE-2024-23897

·xphantom.nl·Aug 9, 2024

From Limited file read to full access on Jenkins (CVE-2024-23897)

How Hackers Extracted the ‘Keys to the Kingdom’ to Clone HID Keycards

A team of researchers have developed a method for extracting authentication keys out of HID encoders, which could allow hackers to clone the types of keycards used to secure offices and other areas worldwide.

#wired #EN #2024 #Clone #HID #Keycards #black-hat #defcon2024 #encoders

·wired.com·Aug 9, 2024

How Hackers Extracted the ‘Keys to the Kingdom’ to Clone HID Keycards

ICANN approves use of .internal domain for your network

Vint Cerf revealed Google already uses the string, as do plenty of others

#theregister #EN #ICANN #.internal #DNS #domain #ratified

·theregister.com·Aug 9, 2024

ICANN approves use of .internal domain for your network

USPS Text Scammers Duped His Wife, So He Hacked Their Operation | WIRED

The Smishing Triad network sends up to 100,000 scam texts per day globally. One of those messages went to Grant Smith, who infiltrated their systems and exposed them to US authorities. #black #cybersecurity #defcon #hacking #hacks #hat #phishing #security

#hacks #black #cybersecurity #hacking #defcon #phishing #security #hat

·wired.com·Aug 8, 2024

USPS Text Scammers Duped His Wife, So He Hacked Their Operation | WIRED

Treasury Sanctions Leader and Primary Member of the Cyber Army of Russia Reborn | U.S. Department of the Treasury

The United States exposes the identity of and imposes sanctions on two members of the Russian government-aligned hacktivist group.WASHINGTON — Today, the United States designated Yuliya Vladimirovna Pankratova (Pankratova) and Denis Olegovich Degtyarenko (Degtyarenko), two members of the Russian hacktivist group Cyber Army of Russia Reborn (CARR) for their roles in cyber operations against U.S. critical infrastructure

#treasury.gov #EN #2024 #US #sanctions #Pankratova #Degtyarenko #CARR #Cyber-Army-of-Russia

·home.treasury.gov·Aug 8, 2024

Treasury Sanctions Leader and Primary Member of the Cyber Army of Russia Reborn | U.S. Department of the Treasury

Google Drawings and WhatsApp Zero-hour Open Redirection Phish exposed - Blog | Menlo Security

Menlo Security’s threat research team recently discovered a phishing link hosted in “Google Drawings.” Upon further investigation, we also identified these phis

·menlosecurity.com·Aug 8, 2024

Google Drawings and WhatsApp Zero-hour Open Redirection Phish exposed - Blog | Menlo Security

Akamai Blocked 419 TB of Malicious Traffic in a 24-Hour DDoS Attack

On July 15, 2024, Akamai prevented one of the largest distributed denial-of-service (DDoS) cyberattacks it has ever observed against a major financial services company in Israel. The highly sophisticated, high-volume attack lasted almost 24 hours. The attacker deployed larger-than-usual resources, indicating a serious risk for future attacks. Other Israeli financial institutions reportedly suffered outages and downtimes on the same day, potentially due to the same type of attack and the same aggressor.

#Akamai #EN #2024 #Blocked #DDoS #high-volume #attack

·akamai.com·Aug 8, 2024

Akamai Blocked 419 TB of Malicious Traffic in a 24-Hour DDoS Attack

WhatsUp Gold Pre-Auth RCE GetFileWithoutZip Primitive

I discovered an unauthenticated path traversal against the latest version of progress whatsup gold and turned it into a pre-auth RCE, following is how I did it, this is the story of CVE-2024-4885

#summoning #EN #2024 #PoC #CVE-2024-4885

·summoning.team·Aug 8, 2024

WhatsUp Gold Pre-Auth RCE GetFileWithoutZip Primitive

Jenkins Security Advisory 2024-08-07 CVE-2024-43044 CVE-2024-43045

Jenkins – an open source automation server which enables developers around the world to reliably build, test, and deploy their software

#jenkins #EN #2024 #advisory #security-advisory

·jenkins.io·Aug 8, 2024

Jenkins Security Advisory 2024-08-07 CVE-2024-43044 CVE-2024-43045

Windows Update Flaws Allow Undetectable Downgrade Attacks

Researcher showcases hack against Microsoft Windows Update architecture, turning fixed vulnerabilities into zero-days.

#securityweek #EN #2024 #Microsoft #Windows #Update #Downgrade

·securityweek.com·Aug 8, 2024

Windows Update Flaws Allow Undetectable Downgrade Attacks

Open letter to UK online service providers

Today we've published an open letter to online service providers operating in the UK about the increased risk of their platforms being used to stir up hatred, provoke violence and commit other offences under UK law, in the context of recent acts of violence in the UK.

#ofcom.org.uk #EN #2024 #open-letter #provoke #violence #legal #online #service #providers #UK

·ofcom.org.uk·Aug 8, 2024

Open letter to UK online service providers

INTERPOL recovers over $40 million stolen in a BEC attack

A global stop-payment mechanism created by INTERPOL successfully recovered over $40 million stolen in a BEC attack on a company in Singapore.

#bleepingcomputer #EN #2024 #BEC #Business-Email-Compromise #I-GRIP #INTERPOL

·bleepingcomputer.com·Aug 7, 2024

INTERPOL recovers over $40 million stolen in a BEC attack

Major Payment Disruption: Ransomware Strikes Indian Banking Infrastructure

CloudSEK's threat research team has uncovered a ransomware attack disrupting India's banking system, targeting banks and payment providers. Initiated through a misconfigured Jenkins server at Brontoo Technology Solutions, the attack is linked to the RansomEXX group.

#cloudsek #EN #ransomware #analysis #Jenkins #India #RansomEXX #CVE-2024-23897

·cloudsek.com·Aug 7, 2024

Major Payment Disruption: Ransomware Strikes Indian Banking Infrastructure

Critical Vulnerability in Apache OFBiz Requires Immediate Patching - Infosecurity Magazine

SonicWall discovered the Apache OFBiz flaw, identifying it as a critical issue enabling unauthenticated remote code execution

#infosecurity-magazine.#EN #2024 #SonicWall #Apache #OFBiz #flaw #critical #CVE-2024-38856

·infosecurity-magazine.com·Aug 7, 2024

Critical Vulnerability in Apache OFBiz Requires Immediate Patching - Infosecurity Magazine

CrowdStrike says it isn't to blame for Delta's flight cancellations after July outage

Delta CEO Ed Bastian said the company plans to seek compensation from Microsoft and CrowdStrike.

#cnbc #EN #2024 #Transportation #Business #Air #Lawsuits #Technology #Corp #defense #Life #Aerospace #Holdings #Airlines #Microsoft #Breaking #industry #Delta #CrowdStrike #outage

·cnbc.com·Aug 7, 2024

CrowdStrike says it isn't to blame for Delta's flight cancellations after July outage

Security Incident | August 2024

Mobile Guardian experienced a security incident that involved unauthorized access to the iOS and ChromeOS devices enrolled to the Mobile Guardian platform on the 4th of August. We have halted servers in order to prevent further disruption by the perpetrator. This is not related to an error in configuration that occurred on the 30th of July which affected Mobile Guardian iPads on our Singapore instance only.

#mobileguardian #EN #2024 #security #incident #MDM

·mobileguardian.com·Aug 7, 2024

Security Incident | August 2024

Hackers breached MDM firm Mobile Guardian and wiped thousands of devices

Threat actors breached the UK-based mobile device management (MDM) firm Mobile Guardian and remotely wiped thousands of devices.

#securityaffairs #EN #2024 #MDM #Mobile-Guardian #breached

·securityaffairs.com·Aug 7, 2024

Hackers breached MDM firm Mobile Guardian and wiped thousands of devices

Exploring Anti-Phishing Measures in Microsoft 365

In this post we will explore some of the anti-phishing measures employed by Microsoft 365 (formally Office 365) as well as their weaknesses. Certitude was able to identify an issue in that allows malicious actors to bypass anti-phishing measures.

#certitude #EN #2024 #antiphishing #Microsoft365 #weaknesses #research

·certitude.consulting·Aug 7, 2024

Exploring Anti-Phishing Measures in Microsoft 365

Cybersécurité : le Grand Palais et plusieurs musées dont le Louvre victimes d’une attaque par rançongiciel

Les attaquants ont chiffré une partie des données financières et menacent de les diffuser s’ils ne reçoivent pas une rançon. Une enquête a été ouverte.

#leparisien #FR #2024 #France #Ransomware #Louvre #musées

·leparisien.fr·Aug 6, 2024

Cybersécurité : le Grand Palais et plusieurs musées dont le Louvre victimes d’une attaque par rançongiciel

Threat Actors Capitalize On ServiceNow Vulnerability

Cyble observes how Dark Web forums reveal ServiceNow users falling victim to a Remote Code Execution vulnerability, which exposes sensitive data & escalates risks across sectors.

#cyble #EN #2024 #ServiceNow #darkweb #CVE-2024-4879 #CVE-2024-5178 #CVE-2024-5217

·cyble.com·Aug 6, 2024

Threat Actors Capitalize On ServiceNow Vulnerability

Ransomware gang targets IT workers with new SharpRhino malware

The Hunters International ransomware group is targeting IT workers with a new C# remote access trojan (RAT) called SharpRhino to breach corporate networks.

#bleepingcomputer #EN #2024 #Hunters-International #Malware #Ransomware #SharpRhino #Typo-Squatting

·bleepingcomputer.com·Aug 6, 2024

Ransomware gang targets IT workers with new SharpRhino malware