cyberveille.decio.ch

cyberveille.decio.ch

7248 bookmarks
Newest
Une entreprise genevoise au cœur d’une vaste opération d’influence des Emirats arabes unis
Une entreprise genevoise au cœur d’une vaste opération d’influence des Emirats arabes unis
Collecte de données privées, désinformation et tentative d’influence politique: entre 2017 et au moins 2020, l’entreprise Alp Services à Genève orchestre dans le plus grand secret plusieurs actions pour le compte des Emirats arabes unis, révèlent des documents confidentiels obtenus par Mediapart, et partagés notamment avec la RTS
·rts.ch·
Une entreprise genevoise au cœur d’une vaste opération d’influence des Emirats arabes unis
Chinese Threat Actors Targeting Europe in SmugX Campaign
Chinese Threat Actors Targeting Europe in SmugX Campaign
In the last couple of months, Check Point Research (CPR) has been tracking the activity of a Chinese threat actor targeting Foreign Affairs ministries and embassies in Europe. Combined with other Chinese activity previously reported by Check Point Research, this represents a larger trend within the Chinese ecosystem, pointing to a shift to targeting European entities, with a focus on their foreign policy. The activity described in this report, utilizes HTML Smuggling to target governmental entities in Eastern Europe. This specific campaign has been active since at least December 2022, and is likely a direct continuation of a previously reported campaign attributed to RedDelta (and also to Mustang Panda, to some extent).
·research.checkpoint.com·
Chinese Threat Actors Targeting Europe in SmugX Campaign
Malvertising Used as Entry Vector for BlackCat Actors Also Leverage SpyBoy Terminator
Malvertising Used as Entry Vector for BlackCat Actors Also Leverage SpyBoy Terminator
We found that malicious actors used malvertising to distribute malware via cloned webpages of legitimate organizations. The distribution involved a webpage of the well-known application WinSCP, an open-source Windows application for file transfer. We were able to identify that this activity led to a BlackCat (aka ALPHV) infection, and actors also used SpyBoy, a terminator that tampers with protection provided by agents.
·trendmicro.com·
Malvertising Used as Entry Vector for BlackCat Actors Also Leverage SpyBoy Terminator
Decrypted: Akira Ransomware
Decrypted: Akira Ransomware
Researchers for Avast have developed a decryptor for the Akira ransomware and released it for public download. The Akira ransomware appeared in March 2023 and since then, the gang claims successful attacks on various organizations in the education, finance and real estate industries, amongst others.
·decoded.avast.io·
Decrypted: Akira Ransomware
TSMC Says Supplier Hacked After Ransomware Group Claims Attack on Chip Giant
TSMC Says Supplier Hacked After Ransomware Group Claims Attack on Chip Giant
The LockBit ransomware group claims to have hacked Taiwan Semiconductor Manufacturing Company (TSMC), but the chip giant says only one of its suppliers was breached. The notorious cybercrime group announced on Thursday on its website that it targeted TSMC, suggesting — based on the $70 million ransom demand — that it has stolen vast amounts of sensitive information. The victim was initially given seven days to respond, but the deadline has been extended to August 6 at the time of writing.
·securityweek.com·
TSMC Says Supplier Hacked After Ransomware Group Claims Attack on Chip Giant
Des données confidentielles sur des conseillers fédéraux volées lors de la cyberattaque
Des données confidentielles sur des conseillers fédéraux volées lors de la cyberattaque
Des pirates informatiques ont dérobé des documents confidentiels du Service fédéral de sécurité (SFS) lors de l'attaque contre le prestataire de la Confédération Xplain, selon des informations concordantes des médias. Des fichiers ont été publiés sur le DarkNet.
·rts.ch·
Des données confidentielles sur des conseillers fédéraux volées lors de la cyberattaque
CVE-2023-27997 is Exploitable, and 69% of FortiGate…
CVE-2023-27997 is Exploitable, and 69% of FortiGate…
Bishop Fox internally developed an exploit for CVE-2023-27997, a heap overflow in FortiOS—the OS behind FortiGate firewalls—that allows remote code execution. There are 490,000 affected SSL VPN interfaces exposed on the internet, and roughly 69% of them are currently unpatched. You should patch yours now
·bishopfox.com·
CVE-2023-27997 is Exploitable, and 69% of FortiGate…
Malware Execution Method Using DNS TXT Record
Malware Execution Method Using DNS TXT Record
AhnLab Security Emergency response Center (ASEC) has confirmed instances where DNS TXT records were being utilized during the execution process of malware. This is considered meaningful from various perspectives, including analysis and detection as this method has not been widely utilized as a means of executing malware.
·asec.ahnlab.com·
Malware Execution Method Using DNS TXT Record