cyberveille.decio.ch

7248 bookmarks

Newest

[Security Update] Incident Details

As a result, today we are publishing details of activity by a sophisticated nation-state sponsored threat actor that gained unauthorized access to our systems to target a small and specific set of our customers. Prior to sharing this information, we notified and worked with the impacted customers. We have also been working with our incident response (IR) partners and law enforcement on both our investigation and steps designed to make our systems and our customers’ operations even more secure. The attack vector used by the threat actor has been mitigated.

#jumpcloud #EN #2023 #compromise #APT #Incident

·jumpcloud.com·Jul 17, 2023

[Security Update] Incident Details

WormGPT - The Generative AI Tool Cybercriminals Are Using to Launch BEC Attacks

In this blog post, we'll look at the use of generative AI, including OpenAI's ChatGPT, and the cybercrime tool WormGPT, in BEC attacks.

#slashnext #EN #2023 #WormGPT #ChatGPT #bec #email-protection #threat-discovery

·slashnext.com·Jul 16, 2023

WormGPT - The Generative AI Tool Cybercriminals Are Using to Launch BEC Attacks

Microsoft takes pains to obscure role in 0-days that caused email breach

Critics also decry Microsoft's "pay-to-play" monitoring that detected intrusions.

#arstechnica #EN #2023 #Storm0558 #intrusion #token #AAD

·arstechnica.com·Jul 15, 2023

Microsoft takes pains to obscure role in 0-days that caused email breach

Inside the subsea cable firm secretly helping American take on China

SubCom is laying deepwater internet cables to boost U.S. economic and military might, including a secret mission to a remote island naval base, Reuters found.

#reuters #EN #2023 #investigation #SubCom #cables #US

·reuters.com·Jul 15, 2023

Inside the subsea cable firm secretly helping American take on China

WormGPT: New AI Tool Allows Cybercriminals to Launch Sophisticated Cyber Attacks

A new generative AI cybercrime tool called WormGPT is making waves in underground forums. It empowers cybercriminals to automate phishing attacks.

#thehackernews #EN #2023 #WormGPT #AI #ChatGPT #cybercrime #automate #phishing #attacks

·thehackernews.com·Jul 15, 2023

WormGPT: New AI Tool Allows Cybercriminals to Launch Sophisticated Cyber Attacks

WordPress plugin installed on 1 million+ sites logged plaintext passwords

AIOS bills itself as an "all-in-one" security solution. A just-fixed bug undermined that.

#arstechnica #EN #2023 #WordPress #plugin #AIOS #bug #plaintext #passwords

·arstechnica.com·Jul 15, 2023

WordPress plugin installed on 1 million+ sites logged plaintext passwords

AVrecon malware infects 70,000 Linux routers to build botnet

Since at least May 2021, stealthy Linux malware called AVrecon was used to infect over 70,000 Linux-based small office/home office (SOHO) routers and add them to a botnet designed to steal bandwidth and provide a hidden residential proxy service.

#bleepingcomputer #EN #2023 #AVrecon #Botnet #Linux #Malware #RAT #Router

·bleepingcomputer.com·Jul 15, 2023

AVrecon malware infects 70,000 Linux routers to build botnet

BlackLotus UEFI Bootkit Source Code Leaked on GitHub

The source code for the BlackLotus UEFI bootkit has been shared publicly on GitHub, albeit with several modifications compared to the original malware. Designed specifically for Windows, the bootkit emerged on hacker forums in October last year, being advertised with APT-level capabilities such as secure boot and user access control (UAC) bypass and the ability to disable security applications and defense mechanisms on victim systems.

#securityweek #EN #2023 #BlackLotus #UEFI #Bootkit #Source #Code #Leaked #GitHub

·securityweek.com·Jul 15, 2023

BlackLotus UEFI Bootkit Source Code Leaked on GitHub

Cybercriminalité : sept suspects identifiés pour du « phishing / hameçonnage »

Entre avril 2022 et juin 2023, une quarantaine de plaintes relatives à des cas de « phishing / hameçonnage », pour un montant de plus de 170'000…

#vd #CH #FR #2023 #Cybercriminalité #SMS #Smishing #phishing #suspects #identifiés

·vd.ch·Jul 15, 2023

Cybercriminalité : sept suspects identifiés pour du « phishing / hameçonnage »

Piratage de Xplain: La Confédération menacée par une vague de plaintes

Depuis le piratage de la société Xplain, les données personnelles de plus de 760 personnes circulent sur le Darknet. Problème: elles auraient dû être effacées depuis 2015, mais sont restées stockées dans des serveurs. Une vague de plaintes se prépare.

#blick #FR #Confédération #xplain #2015 #databreach #données #effacées

·blick.ch·Jul 15, 2023

Piratage de Xplain: La Confédération menacée par une vague de plaintes

Microsoft changes signing key system breached by Chinese hackers to steal US gov’t data

Microsoft has announced changes to a system that was exploited by Chinese hackers over the last month that allowed them to access email accounts and spy on the inner workings of two dozen organizations, including government agencies, a lawmaker’s staff and even Commerce Secretary Gina Raimondo.

#therecord #EN #2023 #Microsoft #breached #Storm0558 #key #AAD

·therecord.media·Jul 14, 2023

Microsoft changes signing key system breached by Chinese hackers to steal US gov’t data

ShadowVault is the latest Mac data-stealer malware, reportedly

ShadowVault data stealer Mac malware made headlines in the Apple press this week. Here is what we know about it so far.

#intego #EN #2023 #macOS #ShadowVault #Mac #malware

·intego.com·Jul 14, 2023

ShadowVault is the latest Mac data-stealer malware, reportedly

Uncovering weaknesses in Apple macOS and VMWare vCenter: 12 vulnerabilities in RPC implementation

Cisco Talos discovered 12 memory corruption vulnerabilities in MSRPC implementations on Apple macOS and VMWare vCenter. - Seven vulnerabilities affect Apple macOS only. - Two vulnerabilities affect VMWare vCenter. - Three vulnerabilities affect both.

#talosintelligence #EN #2023 #MSRPC #macOS #VMWare #vCenter #vulnerabilities

·blog.talosintelligence.com·Jul 14, 2023

Uncovering weaknesses in Apple macOS and VMWare vCenter: 12 vulnerabilities in RPC implementation

Chinese hackers breached US government email accounts, Microsoft and White House say | CNN Politics

China-based hackers have breached email accounts at two-dozen organizations, including some United States government agencies, in an apparent spying campaign aimed at acquiring sensitive information, according to statements from Microsoft and the White House late Tuesday.

#cnn #EN #2023 #China #US #Microsoft #breached #Storm0558

·edition.cnn.com·Jul 13, 2023

Chinese hackers breached US government email accounts, Microsoft and White House say | CNN Politics

Chinese hackers breached U.S. and European government email through Microsoft bug

A Chinese hacking group exploited a bug in Microsoft’s cloud email service to spy on two-dozen organizations, including some government agencies, the tech giant said late Tuesday.

#therecord #EN #2023 #China #US #EU #hacking #spy #Outlook #token #Storm-0558

·therecord.media·Jul 12, 2023

Chinese hackers breached U.S. and European government email through Microsoft bug

Les données de hooligans ayant sévi en Suisse publiées sur le darknet (update) | ICTjournal

Différentes données ultra sensibles pour la sécurité de la Suisse font partie des données volées au prestataire Xpl

#ictjournal #FR #CH #2023 #xplain #HOOGAN #hooligans #darkweb #ransomware #leak

·ictjournal.ch·Jul 12, 2023

Les données de hooligans ayant sévi en Suisse publiées sur le darknet (update) | ICTjournal

Loader activity for Formbook "QM18"

Loader activity for Formbook "QM18", Author: Brad Duncan

#SANS #EN #2023 #QM18 #Formbook #Loader

·isc.sans.edu·Jul 12, 2023

Loader activity for Formbook "QM18"

The Spies Who Loved You: Infected USB Drives to Steal Secrets

In the first half of 2023, we observed a threefold increase in the number of attacks using infected USB drives to steal secrets.

#mandiant #EN #2023 #USB #drives #steal #SOGU #Malware #SNOWYDRIVE

·mandiant.com·Jul 12, 2023

The Spies Who Loved You: Infected USB Drives to Steal Secrets

Hackers exploit gaping Windows loophole to give their malware kernel access

Microsoft blocks a new batch of system drivers, but the loophole empowering them remains.

#arstechnica #EN #2023 #Windows #malicious #drivers #loophole #2015

·arstechnica.com·Jul 12, 2023

Hackers exploit gaping Windows loophole to give their malware kernel access

Microsoft Revokes Malicious Drivers in Patch Tuesday Culling

In December 2022, Microsoft published their monthly Windows Update packages that included an advisory about malicious drivers, signed by Microsoft and other code-signing authorities, that Sophos X-…

#sophos #EN #2023 #malicious #drivers #Microsoft-signed

·news.sophos.com·Jul 12, 2023

Microsoft Revokes Malicious Drivers in Patch Tuesday Culling

Apple confirms WebKit security updates break browsing on some sites

Apple confirmed today that emergency security updates released on Monday to address a zero-day bug exploited in attacks break browsing on some websites, and new ones will be released soon to address this known issue.

#bleepingcomputer #Apple #iOS #macOS #Rapid-Security-Response #Security-Update #WebKit

·bleepingcomputer.com·Jul 12, 2023

Apple confirms WebKit security updates break browsing on some sites

Apple & Microsoft Patch Tuesday, July 2023 Edition

Microsoft Corp. today released software updates to quash 130 security bugs in its Windows operating systems and related software, including at least five flaws that are already seeing active exploitation. Meanwhile, Apple customers have their own zero-day woes again this…

#krebsonsecurity #EN #2023 #PatchTuesday #july23023 #Microsoft

·krebsonsecurity.com·Jul 12, 2023

Apple & Microsoft Patch Tuesday, July 2023 Edition

Apple releases emergency update to fix zero-day exploited in attacks

Apple has issued a new round of Rapid Security Response (RSR) updates to address a new zero-day bug exploited in attacks and impacting fully-patched iPhones, Macs, and iPads.

#bleepingcomputer #EN #2023 #CVE-2023-37450 #Apple #iOS #iPad #iPhone #Mac #macOS #Rapid-Security-Response #Zero-Day

·bleepingcomputer.com·Jul 12, 2023

Apple releases emergency update to fix zero-day exploited in attacks

Inside the secret cyberwar against Putin’s regime

Breaches in Russia’s digital defences show the West is not alone in its vulnerability to hackers

#telegraph.co.uk #Russia #Russia-Ukraine-war #cyberwar #deepfake #Kaspersky

·archive.md·Jul 12, 2023

Inside the secret cyberwar against Putin’s regime

KB5029033: Notice of additions to the Windows Driver.STL revocation list - Microsoft Support

The Microsoft Windows Hardware Compatibility Program (WHCP) certifies that drivers, and other products, run reliably on Windows and on Windows certified hardware. First reported by Sophos, and later Trend Micro and Cisco, Microsoft has investigated and confirmed a list of third-party WHCP-certified drivers used in cyber threat campaigns. Because of the drivers’ intent and functionality, Microsoft has added them to the Windows Driver.STL revocation list.

#microsoft #EN #2023 #drivers #signed #Microsof-signed #blocklist

·support.microsoft.com·Jul 12, 2023

KB5029033: Notice of additions to the Windows Driver.STL revocation list - Microsoft Support

Storm-0978 attacks reveal financial and espionage motives

Microsoft has identified a phishing campaign conducted by the threat actor tracked as Storm-0978 targeting defense and government entities in Europe and North America. The campaign involved the abuse of CVE-2023-36884, which included a zero-day remote code execution vulnerability exploited via Microsoft Word documents.

#microsoft #EN #2023 #Storm-0978 #Follina #CVE-2023-36884 #ero-day #remote #phishing

·microsoft.com·Jul 11, 2023

Storm-0978 attacks reveal financial and espionage motives

HCA Healthcare patient data stolen and for sale by hackers

The health-care giant claimed no "clinical" information was breached by the hackers, a claim undercut by sample data provided to an industry analyst.

#cnbc #EN #2023 #PHI #Databreach #Health-care-industry #HCA #US

·cnbc.com·Jul 11, 2023

HCA Healthcare patient data stolen and for sale by hackers

Six Malicious Python Packages in the PyPI Targeting Windows Users

Malicious packages on PyPI copy W4SP attacks to steal users’ credentials and crypto wallet data. This incident illustrates issues in open-source ecosystems.

#unit42 #EN #2023 #PyPI #W4SP #attacks #packages #Supply-Chain-Attack

·unit42.paloaltonetworks.com·Jul 11, 2023

Six Malicious Python Packages in the PyPI Targeting Windows Users

It’s Raining Phish and Scams – How Cloudflare Pages.dev and Workers.dev Domains Get Abused | Trustwave

As they say, when it rains, it pours. Recently, we observed more than 3,000 phishing emails containing phishing URLs abusing services at workers.dev and pages.dev domains.

#trustwave #EN #2023 #Phish #Scams #Cloudflare #Pages.dev #Workers.dev

·trustwave.com·Jul 11, 2023

It’s Raining Phish and Scams – How Cloudflare Pages.dev and Workers.dev Domains Get Abused | Trustwave

GTA, Uber and Nvidia Hackers: Lapsus$ Teens Face Blackmail, Fraud Charges

Two UK teenagers were accused of being key members of the notorious hacking group Lapsus$, with prosecutors alleging that the pair were involved in attacks on companies including Nvidia Corp., Rockstar Games Inc., and Uber Technologies Inc.

#Bloomberg #2023 #EN #London #UK #teenagers #Lapsus$#accused #Blackmail #Fraud #Charges

·archive.ph·Jul 11, 2023

GTA, Uber and Nvidia Hackers: Lapsus$ Teens Face Blackmail, Fraud Charges