cyberveille.decio.ch

7248 bookmarks

Custom sorting

US Treasury says China accessed government documents in 'major' cyberattack

Treasury officials attributed the December theft of unclassified documents to China. The Treasury said it was notified on December 8 by BeyondTrust, a company that provides identity access and remote support tech for large organizations and government departments, that hackers had “gained access to a key used by the vendor” for providing remote access technical support to Treasury employees. BeyondTrust disclosed the incident at the time, but did not say how the key was obtained.

#techcrunch #EN #2024 #US #Treasury #China #BeyondTrust #cyberattack #attribution

·techcrunch.com·Dec 30, 2024

US Treasury says China accessed government documents in 'major' cyberattack

Thousands of widely-used public workspaces are leaking data

Following disclosure, Postman implemented additional safeguards

#techradar #EN #2024 #postman #data-leak #workspaces #safeguards #public

·techradar.com·Dec 29, 2024

Thousands of widely-used public workspaces are leaking data

Massive VW Data Leak Exposed 800,000 EV Owners’ Movements, From Homes To Private Spaces | Carscoops

The sensitive information of VW, Audi, Seat, and Skoda EV owners was stored on a poorly secured Amazon cloud account for months

#carscoops #EN #2024 #data-leak #Exposed #car #Skoda #EV #Seat #Audi #VW #Amazon

·carscoops.com·Dec 28, 2024

Massive VW Data Leak Exposed 800,000 EV Owners’ Movements, From Homes To Private Spaces | Carscoops

Clop ransomware is now extorting 66 Cleo data-theft victims

The Clop ransomware gang started to extort victims of its Cleo data theft attacks and announced on its dark web portal that 66 companies have 48 hours to respond to the demands.

#bleepingcomputer #EN #2024 #Cleo #Clop #Double-Extortion #Extortion #Ransomware

·bleepingcomputer.com·Dec 28, 2024

Clop ransomware is now extorting 66 Cleo data-theft victims

Cyber firm's Chrome extension hijacked to steal user passwords

The data-loss startup says it was targeted as part of a "wider campaign to target Chrome extension developers."

#techcrunch #EN #2024 #Chrome #extension #hijacked #Cyberhaven

·techcrunch.com·Dec 28, 2024

Cyber firm's Chrome extension hijacked to steal user passwords

Threat Response - Critical Authentication Bypass in PAN-OS Management Web Interface

On 18 November 2024, Palo Alto Networks issued a security advisory for an authentication bypass vulnerability in the PAN-OS management web interface. The vulnerability is tracked under CVE-2024-0012 [1] and has a CVSS score for this is 9.3 [2]. The vulnerability allows an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges. As the Northwave CERT has already observed mass exploitation by multiple threat actors, we urge all recipients to implement mitigation measures and patch their systems.

#northwave-cybersecurity #EN #2024 #Critical #Authentication #Bypass #CVE-2024-0012

·northwave-cybersecurity.com·Dec 28, 2024

Threat Response - Critical Authentication Bypass in PAN-OS Management Web Interface

Checking It Twice: Profiling Benign Internet Scanners — 2024 Edition

An analysis of benign internet scanner behavior across 24 new sensors in November 2024, examining discovery speed, port coverage, and vulnerability scanning capabilities of major services like ONYPHE, Censys, and ShadowServer. The study reveals most scanners found new assets within 5 minutes, with Censys leading in port coverage and ShadowServer in vulnerability detection.

#greynoise #EN #2024 #analysis #Benign #Internet #Scanners

·greynoise.io·Dec 27, 2024

Checking It Twice: Profiling Benign Internet Scanners — 2024 Edition

LockBit Ransomware Group Plots Comeback With 4.0 Release

The LockBit ransomware group will soon launch a comeback with the planned release of LockBit 4.0 in February 2025, Cyble

#thecyberexpress #EN #2024 #LockBit #ransomware #LockBit4.0 #comeback #announce #RaaS

·thecyberexpress.com·Dec 27, 2024

LockBit Ransomware Group Plots Comeback With 4.0 Release

Apple sends spyware victims to this nonprofit security lab

Cybersecurity experts, who work with human rights defenders and journalists, agree that Apple is doing the right thing by sending notifications to victims of mercenary spyware — and at the same time refusing to forensically analyze the devices.

#techcrunch #EN #2024 #Apple #accessnow #spyware #victims

·techcrunch.com·Dec 27, 2024

Apple sends spyware victims to this nonprofit security lab

European Space Agency's official store hacked to steal payment cards

European Space Agency's official web shop was hacked as it started to load a piece of JavaScript code that generates a fake Stripe payment page at checkout.

#bleepingcomputer #EN #2024 #Credit-Card #ESA #European-Space-Agency #JavaScript #MageCart #Payment-card #Stripe

·bleepingcomputer.com·Dec 27, 2024

European Space Agency's official store hacked to steal payment cards

Airline hit by a cyberattack, delaying flights during the year-end holiday season

Japan Airlines has been hit by a cyberattack that caused delays to more than 20 domestic flights, but it managed to restore its systems within hours.

#apnews #EN #2024 #cyberattack #DDoS #flights #Japan #Airlines

·apnews.com·Dec 27, 2024

Airline hit by a cyberattack, delaying flights during the year-end holiday season

Malware trends: eBPF exploitation, malware configurations stored in unexpected places, and increased use of custom post-exploitation tools

An investigation into an information security incident has allowed virus analysts at Doctor Web to uncover an ongoing campaign that incorporates many modern trends employed by cybercriminals.

#drweb #EN #2024 #eBPF #exploitation

·news.drweb.com·Dec 27, 2024

Malware trends: eBPF exploitation, malware configurations stored in unexpected places, and increased use of custom post-exploitation tools

Botnets Continue to Target Aging D-Link Vulnerabilities

FortiGuard Labs recently noticed that attackers still use and deliver two different botnets via D-Link exposing a HNAP interface weakness. Learn more.

#fortinet #EN #2024 #D-Link #botnet #HNAP #CAPSAICIN #FICORA

·fortinet.com·Dec 27, 2024

Botnets Continue to Target Aging D-Link Vulnerabilities

Russia's GRU possibly behind cyberattack on Ukraine's government, SBU says

"All the Justice Ministry's data has been saved. Recovery is underway," Deputy PM and Justice Minister Olha Stefanishyna said.

#kyivindependent #EN #2024 #GRU #cyberattack #Ukraine #Justice #Ministry #Russia-Ukraine-war

·kyivindependent.com·Dec 27, 2024

Russia's GRU possibly behind cyberattack on Ukraine's government, SBU says

Palo Alto Releases Patch for PAN-OS DoS Flaw

Palo Alto Networks has disclosed a high-severity vulnerability impacting PAN-OS software that could cause a denial-of-service (DoS) condition on susceptible devices. The flaw, tracked as CVE-2024-3393 (CVSS score: 8.7), impacts PAN-OS versions 10.X and 11.X, as well as Prisma Access running PAN-OS versions. It has been addressed in PAN-OS 10.1.14-h8, PAN-OS 10.2.10-h12, PAN-OS 11.1.5, PAN-OS 11.2.3, and all later PAN-OS versions.

#thehackernews #EN #2024 #PaloAlto #PAN-OS #DoS #Flaw #CVE-2024-3393

·thehackernews.com·Dec 27, 2024

Palo Alto Releases Patch for PAN-OS DoS Flaw

Finnish authorities board ship suspected of cutting subsea Internet and power cables

Four Internet cables cut in latest Baltic Sea incident

#datacenterdynamics #EN #2024 #Finland #Baltic #cables #internet #disrupted #subsea #Russia

·datacenterdynamics.com·Dec 27, 2024

Finnish authorities board ship suspected of cutting subsea Internet and power cables

Russia is using bitcoin in foreign trade, finance minister says

Russian companies have begun using bitcoin and other digital currencies in international payments following legislative changes that allowed such use in order to counter Western sanctions, Finance Minister Anton Siluanov said on Wednesday. Sanctions have complicated Russia's trade with its major partners such as China or Turkey, as local banks are extremely cautious with Russia-related transactions to avoid scrutiny from Western regulators.

#reuters #EN #2024 #crypto #Russia #currencies #sanctions #trade

·reuters.com·Dec 26, 2024

Russia is using bitcoin in foreign trade, finance minister says

Israel's Mossad spent years orchestrating Hezbollah pager plot

Retired Israeli case agents behind Mossad's boobytrapped pagers and walkie-talkies in Lebanon explain how they got Hezbollah to buy the devices and the plots' impact on the Middle East.

#cbsnews #EN #2024 #Israel #Hezbollah #Lebanon #Mossad #boobytrapped #pagers #plot

·cbsnews.com·Dec 24, 2024

Israel's Mossad spent years orchestrating Hezbollah pager plot

EPFL: des failles de sécurité dans les modèles d'IA

Les modèles d'intelligence artificielle (IA) peuvent être manipulés malgré les mesures de protection existantes. Avec des attaques ciblées, des scientifiques lausannois ont pu amener ces systèmes à générer des contenus dangereux ou éthiquement douteux.

#swissinfo #FR #2024 #EPFL #IA #chatgpt #Jailbreak #failles #LLM #vulnerabilités #Manipulation

·swissinfo.ch·Dec 23, 2024

EPFL: des failles de sécurité dans les modèles d'IA

Astrill VPN and Remote Worker Fraud - Spur

"Recently, various intelligence and threat analysis teams have identified a concerning trend: North Korean state actors are infiltrating companies and organizations around the world in an attempt to facilitate the clandestine transfer of funds to support North Korea’s state apparatus. Specifically, these actors have favored the use of Astrill VPN to obscure their digital footprints while applying for remote positions." "While it’s been several months since these articles were published, we continue to see reports from our customers of fraudulent re mote worker campaigns originating from Astrill VPN IP addresses."

#spur.us #EN #2024 #Astrill #VPN #IP #addresses #IoC #North-Korea #infiltrating

·spur.us·Dec 23, 2024

Astrill VPN and Remote Worker Fraud - Spur

Inside Operation Destabilise: How a ransomware investigation linked Russian money laundering and street-level drug dealing

U.K. investigators tell the story of how examining a cybercrime group's extortion funds helped to unravel a money-laundering network reaching from the illegal drug trade to Moscow's elite.

#therecord.media #EN #2024 #Operation-Destabilise #ransomware #Russia #UK #cybercrime #money-laundering

·therecord.media·Dec 23, 2024

Inside Operation Destabilise: How a ransomware investigation linked Russian money laundering and street-level drug dealing

Câbles rompus en mer Baltique : Pékin n’a pas autorisé la Suède à mener son enquête à bord du cargo

Deux câbles de télécommunications avaient été coupés les 17 et 18 novembre dans les eaux territoriales suédoises de la mer Baltique. Les soupçons s’étaient rapidement portés sur un navire battant pavillon chinois, le « Yi Peng 3 ».

#lemonde #FR #2024 #Chine #câbles #rompus #Baltique #investiation #YiPeng3

·lemonde.fr·Dec 23, 2024

Câbles rompus en mer Baltique : Pékin n’a pas autorisé la Suède à mener son enquête à bord du cargo

2024-12 Reference Advisory: Session Smart Router: Mirai malware found on systems when the default password remains unchanged

n Wednesday, December 11, 2024, several customers reported suspicious behavior on their Session Smart Network (SSN) platforms. These systems have been infected with the Mirai malware and were subsequently used as a DDOS attack source to other devices accessible by their network. The impacted systems were all using default passwords. Any customer not following recommended best practices and still using default passwords can be considered compromised as the default SSR passwords have been added to the virus database.

#juniper #EN #2024 #advisory #SessionSmart #Router #SSN #Mirai #default-password

·supportportal.juniper.net·Dec 22, 2024

2024-12 Reference Advisory: Session Smart Router: Mirai malware found on systems when the default password remains unchanged

Malicious ads push Lumma infostealer via fake CAPTCHA pages

A large-scale malvertising campaign distributed the Lumma Stealer info-stealing malware through fake CAPTCHA verification pages that prompt users to run PowerShell commands to verify they are not a bot.

#bleepingcomputer #EN #2024 #Captcha #ClickFix #Information-Stealer #Lumma #Malvertising #Malware #PowerShell #Security #InfoSec #Computer-Security

·bleepingcomputer.com·Dec 22, 2024

Malicious ads push Lumma infostealer via fake CAPTCHA pages

Effective Phishing Campaign Targeting European Companies and Organizations

A phishing campaign targeting European companies used fake forms made with HubSpot's Free Form Builder, leading to credential harvesting and Azure account takeover. A phishing campaign targeting European companies used fake forms made with HubSpot's Free Form Builder, leading to credential harvesting and Azure account takeover.

#unit42 #EN #2024 #Phishing #Campaign #EU #Azure #takeover #HubSpot #analysis

·unit42.paloaltonetworks.com·Dec 22, 2024

Effective Phishing Campaign Targeting European Companies and Organizations

APT29 Hackers Target High-Value Victims Using Rogue RDP Servers and PyRDP

The Russia-linked APT29 threat actor has been observed repurposing a legitimate red teaming attack methodology as part of cyber attacks leveraging malicious Remote Desktop Protocol (RDP) configuration files. The activity, which has targeted governments and armed forces, think tanks, academic researchers, and Ukrainian entities, entails adopting a "rogue RDP" technique that was previously documented by Black Hills Information Security in 2022, Trend Micro said in a report.

#thehackernews #EN #2024 #rogue #RDP #APT29

·thehackernews.com·Dec 22, 2024

APT29 Hackers Target High-Value Victims Using Rogue RDP Servers and PyRDP

Judge rules NSO Group is liable for spyware hacks targeting 1,400 WhatsApp user devices

The precedent-setting ruling from a Northern California federal judge could lead to massive damages against NSO Group, whose notorious spyware has been reportedly used by various governments worldwide.

#therecord.media #EN #2024 #NSO #Group #liable #WhatsApp #spyware

·therecord.media·Dec 22, 2024

Judge rules NSO Group is liable for spyware hacks targeting 1,400 WhatsApp user devices

BeyondTrust Remote Support SaaS Service Security Investigation

BeyondTrust identified a security incident that involved a limited number of Remote Support SaaS customers. On December 5th, 2024, a root cause analysis into a Remote Support SaaS issue identified an API key for Remote Support SaaS had been compromised. BeyondTrust immediately revoked the API key, notified known impacted customers, and suspended those instances the same day while providing alternative Remote Support SaaS instances for those customers. 12/12/24 While the security incident forensics investigation remains ongoing, there are no material updates to provide at this time. We continue to pursue all possible paths as part of the forensic analysis, with the assistance of external forensic parties, to ensure we conduct as thorough an investigation as possible. We continue to communicate, and work closely with, all known affected customers. We will continue to provide updates here until our investigation is concluded.

#beyondtrust #EN #2024 #SaaS #Investigation #incident #API-key #root-cause

·beyondtrust.com·Dec 22, 2024

BeyondTrust Remote Support SaaS Service Security Investigation

Medion hack? BlackBasta ransomware has allegedly copied 1.5 TB of data | heise online

Cyber criminals claim to have successfully attacked Medion, a distributor of electronic products.

#heise #EN #2024 #BlackBasta #Cyberangriff #Hacking #MEDION #Ransomware

·heise.de·Dec 20, 2024

Medion hack? BlackBasta ransomware has allegedly copied 1.5 TB of data | heise online

'AI mafia' gang bombards London restaurant with scathing fake Google reviews to extort £10,000

A shell-shocked owner woke to find a barrage of one-star reviews had dragged her Google rating from 4.9 to 2.3 virtually overnight.

#dailymail.co.uk #EN #2024 #AImafia #Google #rating #London #Extortion #restaurant

·dailymail.co.uk·Dec 20, 2024

'AI mafia' gang bombards London restaurant with scathing fake Google reviews to extort £10,000