cyberveille.decio.ch

cyberveille.decio.ch

7248 bookmarks
Custom sorting
OCC Notifies Congress of Incident Involving Email System
OCC Notifies Congress of Incident Involving Email System
The Office of the Comptroller of the Currency (OCC) today notified Congress of a major information security incident, as required by the Federal Information Security Modernization Act. This finding is the result of internal and independent third-party reviews of OCC emails and email attachments that were subject to unauthorized access. On February 11, 2025, the OCC learned of unusual interactions between a system administrative account in its office automation environment and OCC user mailboxes. On February 12, the OCC confirmed the activity was unauthorized and immediately activated its incident response protocols which include initiating an independent third-party incident assessment and reporting the incident to the Cybersecurity and Infrastructure Security Agency. On February 12, the OCC disabled the compromised administrative accounts and confirmed that the unauthorized access had been terminated. The OCC provided public notice of the incident on February 26.
·occ.gov·
OCC Notifies Congress of Incident Involving Email System
1.6 Million People Impacted by Data Breach at Laboratory Services Cooperative - SecurityWeek
1.6 Million People Impacted by Data Breach at Laboratory Services Cooperative - SecurityWeek
Medical testing services provider Laboratory Services Cooperative (LSC) is notifying 1.6 million individuals that their personal information was stolen in an October 2024 data breach. As part of the cyberattack, which was identified on October 27, a threat actor accessed LSC’s network and accessed and exfiltrated certain files containing patient and employee information.
·securityweek.com·
1.6 Million People Impacted by Data Breach at Laboratory Services Cooperative - SecurityWeek
China admitted its role in Volt Typhoon cyberattacks on U.S. infrastructure
China admitted its role in Volt Typhoon cyberattacks on U.S. infrastructure
China admitted in a secret meeting with U.S. officials that it conducted Volt Typhoon cyberattacks on U.S. infrastructure, WSJ reports. China reportedly admitted in a secret meeting with U.S. officials that it carried out cyberattacks on U.S. infrastructure, linked to the Volt Typhoon campaign.
·securityaffairs.com·
China admitted its role in Volt Typhoon cyberattacks on U.S. infrastructure
Algerian hackers leak sensitive data from Morocco's CNSS and Ministry of Employment
Algerian hackers leak sensitive data from Morocco's CNSS and Ministry of Employment
Algerian hackers leak sensitive data from Morocco's CNSS and Ministry of Employment. Tensions between Algeria and Morocco are spilling over into the realm of cyber warfare. The Algerian hacker group JabaRoot DZ has claimed responsibility for an unprecedented series of intrusions into the computer systems of several
·en.yabiladi.com·
Algerian hackers leak sensitive data from Morocco's CNSS and Ministry of Employment
Don't open that file in WhatsApp for Windows just yet
Don't open that file in WhatsApp for Windows just yet
A bug in WhatsApp for Windows can be exploited to execute malicious code by anyone crafty enough to persuade a user to open a rigged attachment - and, to be fair, it doesn't take much craft to pull that off. The spoofing flaw, tracked as CVE-2025-30401, affects all versions of WhatsApp Desktop for Windows prior to 2.2450.6, and stems from a bug in how the app handles file attachments.
·theregister.com·
Don't open that file in WhatsApp for Windows just yet
SMS Pumping: How Criminals Turn Your Messaging Service into Their Cash Machine
SMS Pumping: How Criminals Turn Your Messaging Service into Their Cash Machine
  • A fraudster develops or uses an automated bot or low-skilled workforce to trigger actions such as fake account creation, OTP requests, or password resets. These bots or human bots mimic real user activity, often bypassing security measures through direct API calls. These actions trigger SMS messages, which are sent to phone numbers controlled by the fraudster, creating inflated traffic. The fraudster collaborates with a “rogue party,” often a corrupt telecom provider or intermediary with access to SMS routing infrastructure. The rogue party intercepts the inflated SMS traffic, typically avoiding message delivery to reduce costs. Instead, they route the traffic to numbers they control. The rogue party earns revenue by collecting funds from the inflated SMS traffic, benefiting from volume-based pricing or other arrangements.
·group-ib.com·
SMS Pumping: How Criminals Turn Your Messaging Service into Their Cash Machine
Anatomy of an LLM RCE
Anatomy of an LLM RCE
As large language models (LLMs) become more advanced and are granted additional capabilities by developers, security risks increase dramatically. Manipulated LLMs are no longer just a risk of...
·cyberark.com·
Anatomy of an LLM RCE
EncryptHub's dual life: Cybercriminal vs Windows bug-bounty researcher
EncryptHub's dual life: Cybercriminal vs Windows bug-bounty researcher
EncryptHub, a notorious threat actor linked to breaches at 618 organizations, is believed to have reported two Windows zero-day vulnerabilities to Microsoft, revealing a conflicted figure straddling the line between cybercrime and security research.
·bleepingcomputer.com·
EncryptHub's dual life: Cybercriminal vs Windows bug-bounty researcher
La Suisse signe la Convention du Conseil de l’Europe sur l’intelligence artificielle
La Suisse signe la Convention du Conseil de l’Europe sur l’intelligence artificielle
Le conseiller fédéral Albert Rösti signera aujourd’hui à Strasbourg la Convention-cadre du Conseil de l’Europe sur l’intelligence artificielle. Par cet acte, la Suisse rejoint les États signataires d’un premier instrument juridiquement contraignant au niveau international visant à encadrer le développement et l’utilisation de l’IA dans le respect des droits fondamentaux
·swissprivacy.law·
La Suisse signe la Convention du Conseil de l’Europe sur l’intelligence artificielle
Google Online Security Blog: Google announces Sec-Gemini v1, a new experimental cybersecurity model
Google Online Security Blog: Google announces Sec-Gemini v1, a new experimental cybersecurity model
Today, we’re announcing Sec-Gemini v1, a new experimental AI model focused on advancing cybersecurity AI frontiers. As outlined a year ago, defenders face the daunting task of securing against all cyber threats, while attackers need to successfully find and exploit only a single vulnerability. This fundamental asymmetry has made securing systems extremely difficult, time consuming and error prone. AI-powered cybersecurity workflows have the potential to help shift the balance back to the defenders by force multiplying cybersecurity professionals like never before.
·security.googleblog.com·
Google Online Security Blog: Google announces Sec-Gemini v1, a new experimental cybersecurity model
Europcar GitLab breach exposes data of up to 200,000 customers
Europcar GitLab breach exposes data of up to 200,000 customers
A hacker breached the GitLab repositories of multinational car-rental company Europcar Mobility Group and stole source code for Android and iOS applications, as well as some personal information belonging to up to 200,000 users. #Android #Breach #Code #Computer #Data #Europcar #GitLab #InfoSec #Security #Source #iOS
·bleepingcomputer.com·
Europcar GitLab breach exposes data of up to 200,000 customers
Someone is trying to recruit security researchers in bizarre hacking campaign  | TechCrunch
Someone is trying to recruit security researchers in bizarre hacking campaign  | TechCrunch
Are you willing to hack and take control of Chinese websites for a random person for up to $100,000 a month? Someone is making precisely that tantalizing, bizarre, and clearly sketchy job offer. The person is using what looks like a series of fake accounts with avatars displaying photos of attractive women and sliding into the direct messages of several cybersecurity professionals and researchers on X in the last couple of weeks.
·techcrunch.com·
Someone is trying to recruit security researchers in bizarre hacking campaign  | TechCrunch