Enhanced Visibility and Hardening Guidance for Communications Infrastructure
This guide provides network engineers and defenders of communications infrastructure with best practices to strengthen their visibility and harden their network
cyberveille.decio.ch
2023 Anna Jaques Hospital data breach impacted +310K people
Anna Jaques Hospital revealed that the ransomware attack it suffered last year has exposed sensitive health data for over 316,000 patients.
zizmor would have caught the Ultralytics workflow vulnerability
TL;DR: zizmor would have caught the vulnerability that caused this…mostly. Read on for details.
Ultralytics AI model hijacked to infect thousands with cryptominer
The popular Ultralytics YOLO11 AI model was compromised in a supply chain attack to deploy cryptominers on devices running versions 8.3.41 and 8.3.42 from the Python Package Index (PyPI)
Unveiling Celular 007: An In-Depth Analysis of Brazilian Stalkerware and Strategies for Collective Protection
Key findings from our analysis include: Advanced Surveillance Capabilities: Utilizes technologies like WebRTC for real-time audio and video streaming. Abuses Accessibility Services to intercept user interactions. Comprehensive Data Exfiltration: Collects and transmits a wide range of personal data, including messages, call logs, and location information. Persistence Mechanisms: Employs techniques to remain active on the device, such as auto-start on boot and misuse of device administrator privileges. Abuse of Legitimate Services: Utilizes Firebase Cloud Messaging to establish command and control channels, disguising its communications as legitimate traffic. Indicators of Compromise (IoCs): Identified specific URLs, IP addresses, file hashes, and other artifacts associated with Celular 007. Need for Collective Protection: * Highlights the importance of collective defense strategies and community awareness to combat such invasive tools.
Roumanie : la Cour constitutionnelle annule le premier tour de l’élection présidentielle du fait de graves manipulations sur TikTok
Cette décision est prise au lendemain de la déclassification de documents du renseignement national faisant état d’une opération d’envergure sur TikTok en faveur du candidat prorusse, Calin Georgescu, arrivé en tête du premier tour de l’élection présidentielle, à la surprise générale.
Le groupe Vidymed touché par une cyberattaque
Le groupe Vidymed, avec 100'000 consultations annuelles, fait face à une cyberattaque. Les autorités vaudoises sont mobilisées pour contenir l'incident. L'ampleur et les conséquences de l'attaque sont en cours d'évaluation.
Protecting Undersea Internet Cables: A Tech Challenge
A recent, alleged Baltic Sea sabotage highlights the system’s fragility
Veeam warns of critical RCE bug in Service Provider Console
Veeam released security updates today to address two Service Provider Console (VSPC) vulnerabilities, including a critical remote code execution (RCE) discovered during internal testing. VSPC, described by the company as a remote-managed BaaS (Backend as a Service) and DRaaS (Disaster Recovery as a Service) platform, is used by service providers to monitor the health and security of customer backups, as well as manage their Veeam-protected virtual, Microsoft 365, and public cloud workloads.
Cisco warns of continued exploitation of 10-year-old ASA bug
Cisco on Dec. 2 updated an advisory from March 18 about a 10-year-old vulnerability in the WebVPN login page of Cisco’s Adaptive Security Appliance (ASA) software that could let an unauthenticated remote attacker conduct a cross-site scripting (XSS) attack. In its recent update, the Cisco Product Security Incident Response Team (PSIRT) said it became aware of additional attempted exploitation of this vulnerability in the wild last month.
FBI, CISA urge Americans to use secure messaging apps in wake of massive cyberattack
Your unencrypted RCS messages between iPhones and Android devices can be spied on by foreign attackers. Here's how to protect yourself.
Train de mesures sur la cybersécurité: le Conseil adopte de nouvelles dispositions législatives pour renforcer les capacités de l'UE en matière de cybersécurité
Afin de renforcer la solidarité et les capacités dans l'UE en matière de détection, de préparation et de réaction face aux menaces et incidents de cybersécurité, le Conseil a adopté ce jour deux nouveaux actes législatifs dans le cadre du "paquet" législatif sur la cybersécurité, à savoir le "règlement sur la cybersolidarité" et une modification ciblée du règlement sur la cybersécurité.
Cloudflare’s developer domains increasingly abused by threat actors
Cloudflare's 'pages.dev' and 'workers.dev' domains, used for deploying web pages and facilitating serverless computing, are being increasingly abused by cybercriminals for phishing and other malicious activities.
Black Basta ransomware gang hit BT Group
BT Group (formerly British Telecom)'s Conferencing division shut down some of its servers following a Black Basta ransomware attack.
Where There’s Smoke, There’s Fire - Mitel MiCollab CVE-2024-35286, CVE-2024-41713 And An 0day
It is not just APTs that like to target telephone systems, but ourselves at watchTowr too. We can't overstate the consequences of an attacker crossing the boundary from the 'computer system' to the 'telephone system'. We've seen attackers realise this in 2024, with hacks against legal intercept systems widely reported
At least 8 US telcos, dozens of countries impacted by Salt Typhoon breaches, White House says | The Record from Recorded Future News
Senators briefed on the wide-ranging breaches by Chinese hackers called for action on Wednesday to protect the country's telecommunications networks.
Lateral Movement on macOS: Unique and Popular Techniques and In-the-Wild Examples
We uncover macOS lateral movement tactics, such as SSH key misuse and AppleScript exploitation. Strategies to counter this attack trend are also discussed. We uncover macOS lateral movement tactics, such as SSH key misuse and AppleScript exploitation. Strategies to counter this attack trend are also discussed.
Malicious Ads in Search Results Are Driving New Generations of Scams | WIRED
The scourge of “malvertising” is nothing new, but the tactic is still so effective that it's contributing to the rise of investment scams and the spread of new strains of malware.
iVerify Mobile Threat Investigation Uncovers New Pegasus Samples
iVerify’s Mobile Threat Hunting finds Pegasus spyware is more prevalent and capable of infecting a wide range of devices, not just devices of high-risk users.
Les services secrets suisses ont agi illégalement en traquant des hackers sans autorisation
Un rapport longtemps tenu secret ne présente pas le Service de renseignement de la Confédération sous un jour favorable. Les espions suisses ont agi de manière illégale et très peu professionnelle: pendant des années, ils ont traqué des hackers sans autorisation.
Criminals Use Generative Artificial Intelligence to Facilitate Financial Fraud
The FBI is warning the public that criminals exploit generative artificial intelligence (AI) to commit fraud on a larger scale which increases the believability of their schemes. Generative AI reduces the time and effort criminals must expend to deceive their targets. Generative AI takes what it has learned from examples input by a user and synthesizes something entirely new based on that information. These tools assist with content creation and can correct for human errors that might otherwise serve as warning signs of fraud. The creation or distribution of synthetic content is not inherently illegal; however, synthetic content can be used to facilitate crimes, such as fraud and extortion.1 Since it can be difficult to identify when content is AI-generated, the FBI is providing the following examples of how criminals may use generative AI in their fraud schemes to increase public recognition and scrutiny.
Police seize Matrix encrypted chat service after spying on criminals
An international law enforcement operation codenamed 'Operation Passionflower' has shut down MATRIX, an encrypted messaging platform used by cybercriminals to coordinate illegal activities while evading police.
CVE-2024-1212: Unauthenticated Command Injection In Progress Kemp LoadMaster - Rhino Security Labs
CVE-2024-1212 is an unauthenticated command injection found in Progress Kemp LoadMaster load balancer's administrator web interface by Rhino Security Labs.
Windows Server 2012 Mark of the Web Vulnerability (0day) - and Free Micropatches for it
Our researchers discovered a previously unknown vulnerability on Windows Server 2012 and Server 2012 R2 that allows an attacker to bypass a ...
Poland arrests former spy chief in Pegasus spyware probe
The former head of Poland’s internal security agency Piotr Pogonowski was forced to appear in front of a parliamentary committee investigating the alleged abuse of Pegasus spyware in the country.
Energy industry contractor says ransomware attack has limited access to IT systems | The Record from Recorded Future News
The company, ENGlobal Corporation, has restricted employee access to its IT system, limiting it to only essential business operations.
AWS launches an incident response service to combat cybersecurity threats | TechCrunch
Amazon has launched AWS Security Incident Response, a service to help triage and respond to cybersecurity threats.
Data broker exposes 600,000 sensitive files including background checks
A researcher has discovered a data broker had stored 644,869 PDF files in a publicly accessible cloud storage container.
UN, international orgs create advisory body for submarine cables after incidents | The Record from Recorded Future News
On Friday, the United Nations Agency for Digital Technologies said it is partnering with the International Telecommunication Union (ITU) and International Cable Protection Committee (ICPC) to create the International Advisory Body for Submarine Cable Resilience.
The Curious Case of an Egg-Cellent Resume
- Initial access was via a resume lure as part of a TA4557/FIN6 campaign. The threat actor abused LOLbins like ie4uinit.exe and msxsl.exe to run the more_eggs malware. Cobalt Strike and python-based C2 Pyramid were employed by the threat actor for post-exploitation activity. The threat actor abused CVE-2023-27532 to exploit a Veeam server and facilitate lateral movement and privilege escalation activities. The threat actor installed Cloudflared to assist in tunneling RDP traffic. This case was first published as a Private Threat Brief for customers in April of 2024. Eight new rules were created from this report and added to our Private Detection Ruleset.