cyberveille.decio.ch

7248 bookmarks

Newest

SEC notifies SolarWinds CISO and CFO of possible action in cyber investigation

The Securities and Exchange Commission has notified the chief financial officer and CISO of SolarWinds about potential enforcement actions related to the 2020 cyberattack against the company’s Orion software platform, the company disclosed in a regulatory filing with the agency.

#cybersecuritydive #EN #2023 #regulation #SolarWinds #CISO #CFO #cyberattack #action #justice #legal

·cybersecuritydive.com·Jun 29, 2023

SEC notifies SolarWinds CISO and CFO of possible action in cyber investigation

Tracing Ransomware Threat Actors Through Stylometric Analysis and Chat Log Examination

I stumbled upon an intriguing concept presented by Will Thomas (BushidoToken) in his blog post titled “Unmasking Ransomware Using Stylometric Analysis: Shadow, 8BASE, Rancoz.” This concept revolves around utilizing stylometry to identify potential modifications in new ransomware variants based on existing popular strains. If you’re interested, you can read the blog post here. (Notably, Will Thomas also appeared on Dark Net Diaries, discussing his tracking of the Revil ransomware.)

#callyso0414 #YUCA #medium #EN #2023 #ransomware #logs #log #chats #Stylometric #Analysis

·medium.com·Jun 28, 2023

Tracing Ransomware Threat Actors Through Stylometric Analysis and Chat Log Examination

Une équipe d’intervention cantonale épaulera les communes vaudoises en cas de cyberattaque

Via une convention avec les communes, l’IT du canton de Vaud va créer une équipe d’intervention chargée de leur prêter main forte aux niveaux organisationnel et technique en cas de cyberattaque. La force de réaction s'appuiera également sur des prestataires spécialisés locaux.

#ictjournal #CH #FR #VD #Vaud #convention #cyberattaque

·ictjournal.ch·Jun 28, 2023

Une équipe d’intervention cantonale épaulera les communes vaudoises en cas de cyberattaque

Akira Ransomware Extends Reach to Linux Platform

Cyble Research & Intelligence Labs examines the Linux variant of Akira Ransomware and assesses its impact on various sectors.

#cyble #EN #2023 #Akira #Ransomware #Linux

·blog.cyble.com·Jun 28, 2023

Akira Ransomware Extends Reach to Linux Platform

Swiss intelligence warns of fallout in cyberspace as West clamps down on spies

The efforts by governments in Europe and elsewhere to degrade Russia's human intelligence networks could have blowback in other areas, Swiss intelligence is warning.

#therecord #EN #2023 #switzerland #spies #Russia #Russia-Ukraine-war #intelligence #Warning

·therecord.media·Jun 28, 2023

Swiss intelligence warns of fallout in cyberspace as West clamps down on spies

Kazakhstan - the world's last SSLv2 superpower... and a country with potentially vulnerable last-mile internet infrastructure

Kazakhstan - the world's last SSLv2 superpower... and a country with potentially vulnerable last-mile internet infrastructure, Author: Jan Kopriva

#sans #EN #2023 #Kazakhstan #SSLv2 #vulnerable #internet

·isc.sans.edu·Jun 28, 2023

Kazakhstan - the world's last SSLv2 superpower... and a country with potentially vulnerable last-mile internet infrastructure

CHU de Rennes : un compte de prestataire détourné pour la cyberattaque

Les équipes d’Orange Cyberdefense ont détecté le trafic réseau anormal ayant trahi l’occurrence d’une cyberattaque. Celui-ci impliquait un compte VPN mis à disposition d’un tiers à fin de maintenance applicative.

#lemagit #FR #2023 #CHU #Rennes #prestataire #VPN #compromis

·lemagit.fr·Jun 28, 2023

CHU de Rennes : un compte de prestataire détourné pour la cyberattaque

Microsoft Teams vulnerability allows attackers to deliver malware to employees

Security researchers have found a bug that could allow attackers to deliver malware directly into employees' Microsoft Teams inbox.

#helpnetsecurity #EN #2023 #Microsoft #Teams #bug #malware

·helpnetsecurity.com·Jun 28, 2023

Microsoft Teams vulnerability allows attackers to deliver malware to employees

Dismantling encrypted criminal EncroChat communications leads to over 6 500 arrests and close to EUR 900 million seized

The dismantling of EncroChat in 2020 sent shockwaves across OCGs in Europe and beyond. It helped to prevent violent attacks, attempted murders, corruption and large-scale drug transports, as well as obtain large-scale information on organised crime. OCGs worldwide illegally used the encryption tool EncroChat for criminal purposes. Since the dismantling, investigators managed to intercept, share and analyse over 115...

#europol #EN #2023 #EncroChat #encrypted

·europol.europa.eu·Jun 27, 2023

Dismantling encrypted criminal EncroChat communications leads to over 6 500 arrests and close to EUR 900 million seized

Pour la loi suisse, le piratage éthique peut être licite

Toute personne qui pirate l'infrastructure IT d'autrui sans le consentement de l'exploitant est en p

#ictjournal #FR #CH #2023 #lio #suisse #piratage #ethique #NTC

·ictjournal.ch·Jun 27, 2023

Pour la loi suisse, le piratage éthique peut être licite

VMware ESXi Zero-Day Used by Chinese Espionage Actor to Perform Privileged Guest Operations on Compromised Hypervisors

Additional techniques UNC3886 utilized across multiple organizations to evade EDR solutions.

#mandiant #EN #2023 #ESXi #Zero-Day #CVE-2023-20867 #CVE-2022-22948 #VMware

·mandiant.com·Jun 27, 2023

VMware ESXi Zero-Day Used by Chinese Espionage Actor to Perform Privileged Guest Operations on Compromised Hypervisors

Siemens Energy confirms data breach after MOVEit data-theft attack

Siemens Energy has confirmed that data was stolen during the recent Clop ransomware data-theft attacks using a zero-day vulnerability in the MOVEit Transfer platform.

#bleepingcomputer #EN #2023 #MOVEit #Siemens-Energy #Cl0p #Clop #ransomware #data-theft

·bleepingcomputer.com·Jun 27, 2023

Siemens Energy confirms data breach after MOVEit data-theft attack

LetMeSpy, a phone tracking app spying on thousands, says it was hacked

A data breach reveals the spyware is built by a Polish developer

#techcrunch #EN #2023 #LetMeSpy #phone #spyware #hacked #databreach

·techcrunch.com·Jun 27, 2023

LetMeSpy, a phone tracking app spying on thousands, says it was hacked

Process Mockingjay: Echoing RWX In Userland To Achieve Code Execution

Our research team is committed to continuously identifying potential security vulnerabilities and techniques that threat actors may exploit to bypass existing security controls. In this blog post, our team is detailing on a comprehensive research specifically focused on process injection techniques utilized by attackers to deceive robust security products integrated into the security stack, such as EDRs and XDRs. Throughout the blog post, we will delve into various process injection techniques e

#securityjoes #EN #2023 #Mockingjay #EDR #bypass #technique #RWX #Code #Execution

·securityjoes.com·Jun 27, 2023

Process Mockingjay: Echoing RWX In Userland To Achieve Code Execution

PindOS: New JavaScript Dropper Delivering Bumblebee and IcedID

Deep Instinct’s Threat Research Lab recently noticed a new strain of a JavaScript-based dropper that is delivering Bumblebee and IcedID. The dropper contains comments in Russian and employs the unique user-agent string “PindOS”, which may be a reference to current (and past) anti-American sentiment in Russia. Bumblebee is a malware loader first discovered in March 2022. It was associated with Conti group and was being used as a replacement for BazarLoader. It acts as a primary vector for multiple types of other malware, including ransomware. IcedID is a modular banking malware designed to steal financial information. It has been seen in the wild since at least 2017 and has recently been observed shifting some of its focus to malware delivery.

#deepinstinct #EN #2023 #JavaScript #Dropper #PindOS #Bumblebee #analysis

·deepinstinct.com·Jun 26, 2023

PindOS: New JavaScript Dropper Delivering Bumblebee and IcedID

PyPI Attackers Still At It: Malicious Packages Drop Trojans and Info-stealers

Sonatype's malicious open source and malware detection systems found hundreds of malicious PyPI packages.

#sonatype #EN #2023 #PyPI #malware #Supply-Chain-Attack

·blog.sonatype.com·Jun 23, 2023

PyPI Attackers Still At It: Malicious Packages Drop Trojans and Info-stealers

Emerging Threat! Exposing JOKERSPY

Explore JOKERSPY, a recently discovered campaign that targets financial institutions with Python backdoors. This article covers reconnaissance, attack patterns, and methods of identifying JOKERSPY in your network.

#elastic.co #EN #2023 #JOKERSPY #macOS #Python #backdoor

·elastic.co·Jun 22, 2023

Emerging Threat! Exposing JOKERSPY

Fragments of Cross-Platform Backdoor Hint at Larger Mac OS Attack

During routine detection maintenance, our Mac researchers stumbled upon a small set of files with backdoor capabilities that seem to form part of a more complex malware toolkit. The following analysis is incomplete, as we are trying to identify the puzzle pieces that are still missing.

#bitdefender #EN #2023 #macOS #malware #Cross-Platform #Backdoor

·bitdefender.com·Jun 22, 2023

Fragments of Cross-Platform Backdoor Hint at Larger Mac OS Attack

IoT Under Siege: The Anatomy of the Latest Mirai Campaign Leveraging Multiple IoT Exploits

Since March 2023, Unit 42 researchers have observed threat actors leveraging several IoT vulnerabilities to spread a variant of the Mirai botnet.

#unit42 #EN #2023 #Mirai #analysis #IoT

·unit42.paloaltonetworks.com·Jun 22, 2023

IoT Under Siege: The Anatomy of the Latest Mirai Campaign Leveraging Multiple IoT Exploits

Dissecting TriangleDB, a Triangulation spyware implant

In researching Operation Triangulation, we set ourselves the goal to retrieve as many parts of the exploitation chain as possible. As of now, we have finished analyzing the spyware implant and are ready to share the details.

#securelist #EN #2023 #Apple #iOS #APT #Malware-Descriptions #Spyware #Targeted-attacks #Triangulation #malware

·securelist.com·Jun 21, 2023

Dissecting TriangleDB, a Triangulation spyware implant

Condi DDoS Botnet Spreads via TP-Link's CVE-2023-1389

FortiGuard Labs encountered recent samples of a DDoS-as-a-service botnet calling itself Condi. It attempted to spread by exploiting TP-Link Archer AX21 (AX1800) routers vulnerable to CVE-2023-1389, which was disclosed in mid-March of this year. Read more.

#fortinet #EN #2023 #research #botnet #DDoS #Condi #TP-Link #CVE-2023-1389

·fortinet.com·Jun 21, 2023

Condi DDoS Botnet Spreads via TP-Link's CVE-2023-1389

BlueDelta Exploits Ukrainian Government Roundcube Mail Servers to Support Espionage Activities | Recorded Future

Recorded Future's Insikt Group, in partnership with Ukraine's Computer Emergency Response Team (CERT-UA), has uncovered a campaign targeting high-profile entities in Ukraine that was cross-correlated with a spearphishing campaign uncovered by Recorded Future’s Network Traffic Intelligence. The campaign leveraged news about Russia’s war against Ukraine to encourage recipients to open emails, which immediately compromised vulnerable Roundcube servers (an open-source webmail software), using CVE-2020-35730, without engaging with the attachment. We found that the campaign overlaps with historic BlueDelta activity exploiting the Microsoft Outlook zero-day vulnerability CVE-2023-23397 in 2022.

#recordedfuture #EN #2023 #Russia-Ukraine-war #Ukraine #Roundcube #CVE-2023-23397 #CVE-2020-35730

·recordedfuture.com·Jun 20, 2023

BlueDelta Exploits Ukrainian Government Roundcube Mail Servers to Support Espionage Activities | Recorded Future

Unpacking RDStealer: An Exfiltration Malware Targeting RDP Workloads

In June 2023, Bitdefender Labs published a research paper about espionage operation in East Asia. This operation was ongoing since at least the beginning of 2022, showing a high level of sophistication typically associated with state-sponsored groups. Despite trying various methods, we have been unable to attribute these attacks to a specific threat actor, but the target aligns with the interest of China-based threat actors.

#bitdefender #EN #2023 #RDStealer #China #RDP #Exfiltration #Malware

·bitdefender.com·Jun 20, 2023

Unpacking RDStealer: An Exfiltration Malware Targeting RDP Workloads

chonked pt.2: exploiting cve-2023-33476 for remote code execution

second part in a two-part series going over heap overflow in MiniDLNA (CVE-2023-33476). this post provides a walkthrough of steps taken to write an exploit for this vulnerability in order to achieve remote code execution and pop a shell.

#coffinsec #EN #2023 #MiniDLNA #vulnerability #CVE-2023-33476 #rce

·blog.coffinsec.com·Jun 20, 2023

chonked pt.2: exploiting cve-2023-33476 for remote code execution

ASUS urges customers to patch critical router vulnerabilities

ASUS has released new firmware with cumulative security updates that address vulnerabilities in multiple router models, warning customers to immediately update their devices or restrict WAN access until they're secured.

#bleepingcomputer #EN #2023 #ASUS #Patch #Router #Security-Update #CVE-2022-26376 #CVE-2018-1160

·bleepingcomputer.com·Jun 19, 2023

ASUS urges customers to patch critical router vulnerabilities

KeePassXC Vulnerability CVE-2023-35866 allows attackers to change the master password and second-factor authentication settings

The core of CVE-2023-35866 lies in disturbing ease of access. A local attacker, within an authenticated KeePassXC Database session

#securityonline #EN #2023 #KeePassXC #Vulnerability #CVE-2023-35866

·securityonline.info·Jun 19, 2023

KeePassXC Vulnerability CVE-2023-35866 allows attackers to change the master password and second-factor authentication settings

Anonymous Sudan: Who are the hackers behind Microsoft’s cloud outages?

The highly aggressive ‘hacktivist’ group is thought to have links to the pro-Russian Killnet hacker collective

#itpro #EN #2023 #Anonymous-Sudan #aggressive #pro-Russian #collective

·itpro.com·Jun 19, 2023

Anonymous Sudan: Who are the hackers behind Microsoft’s cloud outages?

Le piratage de la société Xplain, une véritable bombe à retardement pour la Suisse

Dans l’ombre des attaques de sites web, le piratage du prestataire informatique Xplain a mis à nu 907 gigaoctets de données hautement sensibles, touchant plusieurs services de l’Etat

#letemps #FR #CH #2023 #xplain #sensibles #piratage

·letemps.ch·Jun 18, 2023

Le piratage de la société Xplain, une véritable bombe à retardement pour la Suisse

XSS Vulnerabilities in Azure Led to Unauthorized Access to User Sessions - SecurityWeek

Microsoft addressed two XSS vulnerabilities in Azure Bastion and Azure Container Registry (ACR) leading to unauthorized access to sessions.

#securityweek #EN #2023 #XSS #Azure #Bastion #ACR #unauthorized #access

·securityweek.com·Jun 18, 2023

XSS Vulnerabilities in Azure Led to Unauthorized Access to User Sessions - SecurityWeek

Des données personnelles aussi touchées lors de la cyberattaque contre la Confédération - rts.ch - Suisse

Outre des données opérationnelles de la Confédération, l'attaque informatique par rançongiciel contre l'entreprise bernoise Xplain a permis de mettre la main sur des informations concernant des particuliers, affirme Le Matin Dimanche.

#rts #FR #CH #2023 #xplain #rançongiciel #Confédération

·rts.ch·Jun 18, 2023

Des données personnelles aussi touchées lors de la cyberattaque contre la Confédération - rts.ch - Suisse