cyberveille.decio.ch

6938 bookmarks

Custom sorting

Un prestataire des missions locales victime d’un acte de cyber-malveillance

Le ministère du Travail et de l’Emploi a pris connaissance de la violation du système d’information, porté par un prestataire de services, utilisé par le réseau des Missions locales. Cette cyber-attaque a eu lieu dans la nuit du 23 octobre 2024 au 24 octobre 2024. Des investigations sont en cours chez le prestataire pour connaître l’origine de cet évènement. La sécurité des systèmes d’information du réseau des Missions locales elles-mêmes n’est pas en cause.

#travail-emploi.gouv.fr #FR #2024 #Communiqué #ministère #Missions #locales #prestataire

·travail-emploi.gouv.fr·Nov 4, 2024

Un prestataire des missions locales victime d’un acte de cyber-malveillance

Cyber attack on pharmaceutical distributor AEP

AEP GmbH was the victim of a targeted cyber attack on October 28, which led to the partial encryption of the company's IT systems. The company's own security systems detected the attack. The company provides information about this on its website.

#heise #EN #2024 #Germany #ransomware #Digital #Pharmaindustrie #Lösegeld #Health #Apotheken

·heise.de·Nov 4, 2024

Cyber attack on pharmaceutical distributor AEP

DDoS site Dstat.cc seized and two suspects arrested in Germany

The Dstat.cc DDoS review platform has been seized by law enforcement, and two suspects have been arrested after the service helped fuel distributed denial-of-service attacks for years.

#bleepingcomputer #EN #2024 #Arrest #BKA #DDoS #Dstat.cc #Germany #Operation-PowerOff

·bleepingcomputer.com·Nov 1, 2024

DDoS site Dstat.cc seized and two suspects arrested in Germany

Zero-Click Flaw Exposes Potentially Millions of Popular Storage Devices to Attack

A vulnerability categorized as “critical” in a photo app installed by default on Synology network-attached storage devices could give attackers the ability to steal data and worse.

#wired #EN #2024 #Synology #photos #vulnerabilities #RCE #Pwn2Own #critical #vulnerability

·wired.com·Nov 1, 2024

Zero-Click Flaw Exposes Potentially Millions of Popular Storage Devices to Attack

Inside Sophos' 5-Year War With the Chinese Hackers Hijacking Its Devices

Sophos went so far as to plant surveillance “implants” on its own devices to catch the hackers at work—and in doing so, revealed a glimpse into China's R&D pipeline of intrusion techniques.

#cybersecurity #hacking #malware #vulnerabilities #security #china

·wired.com·Nov 1, 2024

Inside Sophos' 5-Year War With the Chinese Hackers Hijacking Its Devices

Botnet 7777: Are You Betting on a Compromised Router?

Discover the latest insights on the Quad7 / 7777 botnet in our detailed analysis. Learn about the expansion of this resilient threat, its targeting patterns, and proactive measures to defend against compromised routers. Stay informed with our up-to-date findings and recommendations.

#team-cymru #EN #2024 #Quad7 #analysis #botnet

·team-cymru.com·Nov 1, 2024

Botnet 7777: Are You Betting on a Compromised Router?

Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network

Since August 2023, Microsoft has observed intrusion activity targeting and successfully stealing credentials from multiple Microsoft customers that is enabled by highly evasive password spray attacks. Microsoft has linked the source of these password spray attacks to a network of compromised devices we track as CovertNetwork-1658, also known as xlogin and Quad7 (7777). Microsoft is […]

#microsoft #EN #2024 #Storm-0940 #Quad7 #CovertNetwork-1658 #analysis

·microsoft.com·Nov 1, 2024

Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network

Exclusive: Chinese researchers develop AI model for military use on back of Meta's Llama

Papers show China reworked Llama model for military tool China's top PLA-linked Academy of Military Science involved Meta says PLA 'unauthorised' to use Llama model * Pentagon says it is monitoring competitors' AI capabilities

#reuters #EN #China #Llama #model #military #tool #Meta #AI #LLM #Pentagon

·reuters.com·Nov 1, 2024

Exclusive: Chinese researchers develop AI model for military use on back of Meta's Llama

Jumpy Pisces Engages in Play Ransomware

A first-ever collaboration between DPRK-based Jumpy Pisces and Play ransomware signals a possible shift in tactics.

#paloaltonetworks #unit42 #Play #Ransomware #DPRK #North-Korea

·unit42.paloaltonetworks.com·Oct 31, 2024

Jumpy Pisces Engages in Play Ransomware

Pacific Rim: Inside the Counter-Offensive—The TTPs Used to Neutralize China-Based Threats

Sophos X-Ops unveils five-year investigation tracking China-based groups targeting perimeter devices

#sophos #EN #2024 #investigation #China-based #perimeter #devices #TTPs #China #APT

·news.sophos.com·Oct 31, 2024

Pacific Rim: Inside the Counter-Offensive—The TTPs Used to Neutralize China-Based Threats

Every Doggo Has Its Day: Unleashing the Xiū Gǒu Phishing Kit

Key data This article explores Netcraft’s research into Xiū gǒu (修狗), a phishing kit in use since at least September 2024 to deploy phishing campaigns ...

#netcraft #EN #2024 #analysis #Xiū-gǒu #phishing #kit

·netcraft.com·Oct 31, 2024

Every Doggo Has Its Day: Unleashing the Xiū Gǒu Phishing Kit

Update your iPhone, Mac, Watch: Apple issues patches for several vulnerabilities | Malwarebytes

Apple has issued patches for several of its operating systems. The ones for iOS and iPadOS deserve your immediate attention.

#malwarebytes #EN #2024 #Apple #macOS #iOS #patch #iPadOS #CVE-2024-44274 #CVE-2024-44282 #CVE-2024-40867

·malwarebytes.com·Oct 31, 2024

Update your iPhone, Mac, Watch: Apple issues patches for several vulnerabilities | Malwarebytes

Amazon identified internet domains abused by APT29

APT29 aka Midnight Blizzard recently attempted to phish thousands of people. Building on work by CERT-UA, Amazon recently identified internet domains abused by APT29, a group widely attributed to Russia’s Foreign Intelligence Service (SVR). In this instance, their targets were associated with government agencies, enterprises, and militaries, and the phishing campaign was apparently aimed at […]

#amazon #EN #2024 #APT29 #MidnightBlizzard #attribution #rdp #spear-phishing

·aws.amazon.com·Oct 31, 2024

Amazon identified internet domains abused by APT29

Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files

Since October 22, 2024, Microsoft Threat Intelligence has observed Russian threat actor Midnight Blizzard sending a series of highly targeted spear-phishing emails to individuals in government, academia, defense, non-governmental organizations, and other sectors. This activity is ongoing, and Microsoft will continue to investigate and provide updates as available. Based on our investigation of previous Midnight […]

#microsoft #EN #2024 #APT29 #MidnightBlizzard #rdp #spear-phishing

·microsoft.com·Oct 31, 2024

Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files

ClickFix tactic: The Phantom Meet

Analyse the ClickFix tactic and related campaigns. Uncover a ClickFix campaign impersonating Google Meet and cybercrime infrastructure.

#sekoia #EN #2024 #ClickFix #campaigns #Google #Meet

·blog.sekoia.io·Oct 30, 2024

ClickFix tactic: The Phantom Meet

Attacker Abuses Victim Resources to Reap Rewards from Titan Network

Trend Micro researchers observed an attacker exploiting the Atlassian Confluence vulnerability CVE-2023-22527 to achieve remote code execution for cryptomining via the Titan Network. The malicious actor used public IP lookup services and various system commands to gather details about the compromised machine. The attack involved downloading and executing multiple shell scripts to install Titan binaries and connect to the Titan Network with the attacker’s identity. * The malicious actor connects compromised machines to the Cassini Testnet, which allows them to participate in the delegated proof of stake system for reward tokens.

#trendmicro #EN #2024 #Titan #Network #Confluence #exploitation #Atlassian #vulnerability #CVE-2023-22527

·trendmicro.com·Oct 30, 2024

Attacker Abuses Victim Resources to Reap Rewards from Titan Network

Elon Musk-Funded PAC Supercharges ‘Progress 2028’ Democrat Impersonation Ad Campaign

An Elon Musk-funded PAC is targeting Republicans with ads that depict a fever-dream caricature of what Harris would do if elected president.

#404media #EN #2024 #Misinformation #X #PAC #Elon-Musk #US #presidential #abusing #social-media

·404media.co·Oct 30, 2024

Elon Musk-Funded PAC Supercharges ‘Progress 2028’ Democrat Impersonation Ad Campaign

ReliaQuest Uncovers New Black Basta Social Engineering Technique - ReliaQuest

ReliaQuest has observed a new Black Basta social engineering campaign targeting users via Microsoft Teams and malicious QR codes.

#reliaquest #EN #2024 #social-engineering #BlackBasta #Microsoft #Teams #QRCode #analysis

·reliaquest.com·Oct 30, 2024

ReliaQuest Uncovers New Black Basta Social Engineering Technique - ReliaQuest

Change Healthcare says 100 million people impacted by February ransomware attack

Change Healthcare updated filings with the federal government to warn that about 100 million people had information accessed by hackers during a ransomware attack in February. The Department of Health and Human Services’s (HHS) Office for Civil Rights said Change Healthcare notified them on October 22 that “approximately 100 million individual notices have been sent regarding this breach.”

#therecord.media #EN #2024 #Change #Healthcare #Data-Breach #HHS #ransomware #health #PII

·therecord.media·Oct 29, 2024

Change Healthcare says 100 million people impacted by February ransomware attack

US names and charges Maxim Rudometov with developing the Redline infostealer

An unsealed criminal complaint says U.S. investigators used public evidence from various online platforms to identify a Russian national as the alleged creator of the Redline malware.

#therecord.media #EN #2024 #Redline #stealer #complaint #US

·therecord.media·Oct 29, 2024

US names and charges Maxim Rudometov with developing the Redline infostealer

LightSpy: Implant for iOS

ThreatFabric’s latest insights on LightSpy malware, targeting both iOS and macOS. Learn about the evolving tactics, new destructive features, and the importance of keeping devices updated to defend against these advanced cyber threats.

#threatfabric #EN #2024 #LightSpy #iOS

·threatfabric.com·Oct 29, 2024

LightSpy: Implant for iOS

31 new ransomware groups were discovered in 2024

A report by Secureworks revealed a 30% year-over-year rise in active ransomware groups, which demonstrates fragmentation of an established criminal ecosystem.

#securitymagazine #EN #2024 #threat-actor #threat-analysis #threat-alerts #fragmentation #ransomware #groups #report

·securitymagazine.com·Oct 29, 2024

31 new ransomware groups were discovered in 2024

Update on Windows Downdate

Downgrade attacks: researchers took over the Windows Update process to make the term “fully patched” meaningless on any Windows machine.

#safebreach #EN #2024 #Windows #Update #Downgrade #attacks

·safebreach.com·Oct 29, 2024

Update on Windows Downdate

Cyberattaque: la panne de Onelog persiste (update)

Mise à jour du 28 octobre 2024: Depuis le jeudi 24 octobre, il est impossible de se connecter et de s'enregistrer via Onelog, Single Sign-On porté conjointement par plusieurs entreprises de médias suisses, en raison d'une cyber-attaque. Les répercussions de la cyberattaque se poursuivent, indique un communiqué daté d'aujourd'hui 28 octobre. Onelog souligne collaborer intensivement avec les entreprises concernées pour rétablir les services affectés dans les prochains jours. Des enquêtes sont menées pour évaluer l'ampleur de l'attaque, en coordination avec les autorités suisses et européennes. En raison de l’enquête en cours, aucun autre détail ne peut être divulgué. Onelog promet de communiquer des informations complémentaires dès que possible.

#ictjournal #FR #2024 #cyberattaque #Suisse #Onelog

·ictjournal.ch·Oct 28, 2024

Cyberattaque: la panne de Onelog persiste (update)

Hacker Returns $19.3 Million to Drained US Government Crypto Wallet

Most of the funds drained from a U.S. government crypto wallet in an apparent attack Thursday were sent back early Friday.

#decrypt #EN #2024 #hack #US #government #wallet #Ethereum #Breaking-Push #United-States #us-government #USDC #ZachXBT

·decrypt.co·Oct 28, 2024

Hacker Returns $19.3 Million to Drained US Government Crypto Wallet

Self-contained HTML phishing attachment using Telegram to exfiltrate stolen credentials - SANS Internet Storm Center

Self-contained HTML phishing attachment using Telegram to exfiltrate stolen credentials, Author: Jan Kopriva

#isc.sans.edu #EN #2024 #phishing #analysis #telegram #Self-contained #SHTML #HTML #attachement #Telegram

·isc.sans.edu·Oct 28, 2024

Self-contained HTML phishing attachment using Telegram to exfiltrate stolen credentials - SANS Internet Storm Center

Inside the Open Directory of the “You Dun” Threat Group

Analysis of an open directory found a Chinese speaking threat actor’s toolkit and history of activity. The threat actor displayed extensive scanning and exploitation using WebLogicScan, Vulmap, and Xray, targeting organizations in South Korea, China, Thailand, Taiwan, and Iran. The Viper C2 framework was present as well as a Cobalt Strike kit which included TaoWu and Ladon extensions. * The Leaked LockBit 3 builder was used to create a LockBit payload with a custom ransom note that included reference to a Telegram group which we investigated further in the report.