Plus de 2000 serveurs Exchange suisses vulnérables à une faille
Environ 97’000 serveurs Exchange dans le monde sont potentiellement concernés par une faille permettant d'effe
cyberveille.decio.ch
Police arrests LockBit ransomware members, release decryptor in global crackdown
Law enforcement arrested two operators of the LockBit ransomware gang in Poland and Ukraine, created a decryption tool to recover encrypted files for free, and seized over 200 crypto-wallets after hacking the cybercrime gang's servers in an international crackdown operation.
Law enforcement disrupt world’s biggest ransomware operation
LockBit is widely recognised as the world’s most prolific and harmful ransomware, causing billions of euros worth of damage.This international sweep follows a complex investigation led by the UK National Crime Agency in the framework of an international taskforce known as ‘Operation Cronos’, coordinated at European level by Europol and Eurojust.The months-long operation has resulted in the compromise of LockBit’s...
Cactus ransomware claim to steal 1.5TB of Schneider Electric data
The Cactus ransomware gang claims they stole 1.5TB of data from Schneider Electric after breaching the company's network last month.
Ransomware Experts See Problems With Banning Ransom Payments
As the damage caused by ransomware and profits flowing to attackers reaches record levels, a panel of cybersecurity and policy experts reviewed what it might take
LockBit ransomware gang disrupted by international law enforcement operation
LockBit — the most prolific ransomware group in the world — had its website seized Monday as part of an international law enforcement operation that involved the U.K.’s National Crime Agency, the FBI, Europol and several international police agencies.
Several Ukrainian media outlets attacked by Russian hackers
Russian hackers attacked several popular Ukrainian media outlets over the weekend, posting fake news related to the war.
How I Hacked the Dutch Government: Exploiting an Innocent Image for Remote Code Execution | by Mukund Bhuva
I began my search for opportunities and stumbled upon a list of eligible websites for bug hunting at https://gist.github.com/R0X4R/81e6c50c091a20b060afe5c259b58cfa. This list became my starting…
LockBit ransomware disrupted by global police operation
Law enforcement agencies from 11 countries have disrupted the notorious LockBit ransomware operation in a joint operation known as ''Operation Cronos.
Lockbit cybercrime gang disrupted by international police operation
Lockbit, a notorious cybercrime gang that holds its victims' data to ransom, has been disrupted in a rare international law enforcement operation by Britain’s National Crime Agency and the U.S. Federal Bureau of Investigation, according to a post on the gang’s extortion website on Monday.
GitHub leak exposes Chinese offensive cyber operations – researchers
The leaked documents supposedly discuss spyware developed by I-Soon, a Chinese infosec company, that’s targeting social media platforms, telecommunications companies, and other organizations worldwide. Researchers suspect the operations are orchestrated by the Chinese government. Unknown individuals allegedly leaked a trove of Chinese government documents on GitHub. The documents reveal how China conducts offensive cyber operations with spyware developed by I-Soon, Taiwanese threat intelligence researcher Azaka Sekai claims.
Serious Vulnerability in the Internet Infrastructure Fundamental design flaw in DNSSEC discovered
he National Research Center for Applied Cybersecurity ATHENE has uncovered a critical flaw in the design of DNSSEC, the Security Extensions of DNS (Domain Name System). DNS is one of the fundamental building blocks of the Internet. The design flaw has devastating consequences for essentially all DNSSEC-validating DNS implementations and public DNS providers, such as Google and Cloudflare. The ATHENE team, led by Prof. Dr. Haya Schulmann from Goethe University Frankfurt, developed “KeyTrap”, a new class of attacks: with just a single DNS packet hackers could stall all widely used DNS implementations and public DNS providers. Exploitation of this attack would have severe consequences for any application using the Internet including unavailability of technologies such as web-browsing, e-mail, and instant messaging. With KeyTrap, an attacker could completely disable large parts of the worldwide Internet. The researchers worked with all relevant vendors and major public DNS providers over several months, resulting in a number of vendor-specific patches, the last ones published on Tuesday, February 13. It is highly recommended for all providers of DNS services to apply these patches immediately to mitigate this critical vulnerability.
ESET fixed high-severity local privilege escalation bug in Windows products
Cybersecurity firm ESET has addressed a high-severity elevation of privilege vulnerability in its Windows security solution.
US agency says it was alerted to breach by contractor CGI Federal | Reuters
The U.S. Government Accountability Office said Monday that CGI Federal, an IT contractor and unit of CGI Inc , notified the agency of a data breach last month affecting about 6,000 current and former GAO employees.
Poland's PM says authorities in the previous government widely and illegally used Pegasus spyware | AP News
Poland’s new prime minister says he has documentation proving that state authorities under the previous government used the powerful Pegasus spyware illegally and targeted a “very long” list of hacking victims.
Cyberattaque : le Centre Hospitalier d’Armentières communique
Après la cyberattaque dont a été victime le Centre Hospitalier d’Armentières dans la nuit du 10 au 11 février 2024, la direction commune CHU de Lille / CH d’Armentières a engagé des mesures d’urgence et de sécurité pour assurer la continuité des soins, garantir la sécurité des patients, et protéger les données face aux attaques des pirates informatiques.
Air Canada must honor refund policy invented by airline’s chatbot
Air Canada appears to have quietly killed its costly chatbot support.
Code injection or backdoor: A new look at Ivanti’s CVE-2021-44529
In 2021, Ivanti patched a vulnerability that they called “code injection”. Rumors say it was a backdoor in an open source project. Let’s find out what actually happened!
Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign
Insikt Group has observed TAG-70 leveraging cross-site scripting (XSS) vulnerabilities against Roundcube webmail servers in Europe, targeting government, military, and national infrastructure.
Magika: AI powered fast and efficient file type identification
Today we are open-sourcing Magika, Google’s AI-powered file-type identification system, to help others accurately detect binary and textual file types. Under the hood, Magika employs a custom, highly optimized deep-learning model, enabling precise file identification within milliseconds, even when running on a CPU.
Google launches AI Cyber Defense Initiative to improve security infrastructure
Today, many seasoned security professionals will tell you they’ve been fighting a constant battle against cybercriminals and state-sponsored attackers. They will also tell you that any clear-eyed assessment shows that most of the patches, preventative measures and public awareness campaigns can only succeed at mitigating yesterday’s threats — not the threats waiting in the wings. That could be changing. As the world focuses on the potential of AI — and governments and industry work on a regulatory approach to ensure AI is safe and secure — we believe that AI represents an inflection point for digital security. We’re not alone. More than 40% of people view better security as a top application for AI — and it’s a topic that will be front and center at the Munich Security Conference this weekend.
New ‘Magic’ Gmail Security Uses AI And Is Here Now, Google Says
Google has confirmed a new security scheme which, it says, will help “secure, empower and advance our collective digital future” using AI. Part of this AI Cyber Defence Initiative includes open-sourcing the new, AI-powered, Magika tool that is already being used to help protect Gmail users from potentially problematic content.
BMW security lapse exposed sensitive company information, researcher finds | TechCrunch
A misconfigured cloud storage server belonging to BMW exposed sensitive company information, including private keys and internal data
Threat Actor Leverages Compromised Account of Former Employee to Access State Government Organization | CISA
The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) conducted an incident response assessment of a state government organization’s network environment after documents containing host and user information, including metadata, were posted on a dark web brokerage site. Analysis confirmed that an unidentified threat actor compromised network administrator credentials through the account of a former employee—a technique commonly leveraged by threat actors—to successfully authenticate to an internal virtual private network (VPN) access point, further navigate the victim’s on-premises environment, and execute various lightweight directory access protocol (LDAP) queries against a domain controller.[1] Analysis also focused on the victim’s Azure environment, which hosts sensitive systems and data, as well as the compromised on-premises environment. Analysis determined there were no indications the threat actor further compromised the organization by moving laterally from the on-premises environment to the Azure environment.
Vulnerable Fortinet Devices: Low-hanging Fruit for Threat Actors
Cyble analyzes the increasing incidences of vulnerabilities in Fortinet, highlighting the impact they have on Critical Infrastructure.
Spyware startup Variston is losing staff — some say it’s closing | TechCrunch
In July 2021, someone sent Google a batch of malicious code that could be used to hack Chrome, Firefox, and PCs running Microsoft Defender. That code was
Ukrainian national pleads guilty for roles in Zeus, IcedID malware operations
Vyacheslav Igorevich Penchukov pleaded guilty to two counts, each of which carries a possible 20-year prison term.
Gold Rush is back to APAC: Group-IB unveils first iOS trojan stealing your face
Group-IB, a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime, has uncovered a new iOS Trojan designed to steal users’ facial recognition data, identity documents, and intercept SMS. The Trojan, dubbed GoldPickaxe.iOS by Group-IB’s Threat Intelligence unit, has been attributed to a Chinese-speaking threat actor codenamed GoldFactory, responsible for developing a suite of highly sophisticated banking Trojans that also includes the earlier discovered GoldDigger and newly identified GoldDiggerPlus, GoldKefu, and GoldPickaxe for Android. To exploit the stolen biometric data, the threat actor utilizes AI face-swapping services to create deepfakes by replacing their faces with those of the victims. This method could be used by cybercriminals to gain unauthorized access to the victim’s banking account – a new fraud technique, previously unseen by Group-IB researchers. The GoldFactory Trojans target the Asia-Pacific region, specifically — Thailand and Vietnam impersonating local banks and government organizations. Group-IB’s discovery also marks a rare instance of malware targeting Apple’s mobile operating system. The detailed technical description of the Trojans, analysis of their technical capabilities, and the list of relevant indicators of compromise can be found in Group-IB’s latest blog post.
Threat Intel Accelerates Detection & Response
Evidence of a pre-existing exploit was rendered when the Huntress agent was added to an endpoint. Within minutes, and in part through the use of previously published threat intelligence, analysts were able to identify the issue and make recommendations to the customer to remediate the root cause.
Disrupting malicious uses of AI by state-affiliated threat actors
We terminated accounts associated with state-affiliated threat actors. Our findings show our models offer only limited, incremental capabilities for malicious cybersecurity tasks.