cyberveille.decio.ch

cyberveille.decio.ch

7248 bookmarks
Custom sorting
US Treasury says China accessed government documents in 'major' cyberattack
US Treasury says China accessed government documents in 'major' cyberattack
Treasury officials attributed the December theft of unclassified documents to China. The Treasury said it was notified on December 8 by BeyondTrust, a company that provides identity access and remote support tech for large organizations and government departments, that hackers had “gained access to a key used by the vendor” for providing remote access technical support to Treasury employees. BeyondTrust disclosed the incident at the time, but did not say how the key was obtained.
·techcrunch.com·
US Treasury says China accessed government documents in 'major' cyberattack
Threat Response - Critical Authentication Bypass in PAN-OS Management Web Interface
Threat Response - Critical Authentication Bypass in PAN-OS Management Web Interface
On 18 November 2024, Palo Alto Networks issued a security advisory for an authentication bypass vulnerability in the PAN-OS management web interface. The vulnerability is tracked under CVE-2024-0012 [1] and has a CVSS score for this is 9.3 [2]. The vulnerability allows an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges. As the Northwave CERT has already observed mass exploitation by multiple threat actors, we urge all recipients to implement mitigation measures and patch their systems.
·northwave-cybersecurity.com·
Threat Response - Critical Authentication Bypass in PAN-OS Management Web Interface
Checking It Twice: Profiling Benign Internet Scanners — 2024 Edition
Checking It Twice: Profiling Benign Internet Scanners — 2024 Edition
An analysis of benign internet scanner behavior across 24 new sensors in November 2024, examining discovery speed, port coverage, and vulnerability scanning capabilities of major services like ONYPHE, Censys, and ShadowServer. The study reveals most scanners found new assets within 5 minutes, with Censys leading in port coverage and ShadowServer in vulnerability detection.
·greynoise.io·
Checking It Twice: Profiling Benign Internet Scanners — 2024 Edition
Malware trends: eBPF exploitation, malware configurations stored in unexpected places, and increased use of custom post-exploitation tools
Malware trends: eBPF exploitation, malware configurations stored in unexpected places, and increased use of custom post-exploitation tools
An investigation into an information security incident has allowed virus analysts at Doctor Web to uncover an ongoing campaign that incorporates many modern trends employed by cybercriminals.
·news.drweb.com·
Malware trends: eBPF exploitation, malware configurations stored in unexpected places, and increased use of custom post-exploitation tools
Palo Alto Releases Patch for PAN-OS DoS Flaw
Palo Alto Releases Patch for PAN-OS DoS Flaw
Palo Alto Networks has disclosed a high-severity vulnerability impacting PAN-OS software that could cause a denial-of-service (DoS) condition on susceptible devices. The flaw, tracked as CVE-2024-3393 (CVSS score: 8.7), impacts PAN-OS versions 10.X and 11.X, as well as Prisma Access running PAN-OS versions. It has been addressed in PAN-OS 10.1.14-h8, PAN-OS 10.2.10-h12, PAN-OS 11.1.5, PAN-OS 11.2.3, and all later PAN-OS versions.
·thehackernews.com·
Palo Alto Releases Patch for PAN-OS DoS Flaw
Russia is using bitcoin in foreign trade, finance minister says
Russia is using bitcoin in foreign trade, finance minister says
Russian companies have begun using bitcoin and other digital currencies in international payments following legislative changes that allowed such use in order to counter Western sanctions, Finance Minister Anton Siluanov said on Wednesday. Sanctions have complicated Russia's trade with its major partners such as China or Turkey, as local banks are extremely cautious with Russia-related transactions to avoid scrutiny from Western regulators.
·reuters.com·
Russia is using bitcoin in foreign trade, finance minister says
Astrill VPN and Remote Worker Fraud - Spur
Astrill VPN and Remote Worker Fraud - Spur
"Recently, various intelligence and threat analysis teams have identified a concerning trend: North Korean state actors are infiltrating companies and organizations around the world in an attempt to facilitate the clandestine transfer of funds to support North Korea’s state apparatus. Specifically, these actors have favored the use of Astrill VPN to obscure their digital footprints while applying for remote positions." "While it’s been several months since these articles were published, we continue to see reports from our customers of fraudulent re mote worker campaigns originating from Astrill VPN IP addresses."
·spur.us·
Astrill VPN and Remote Worker Fraud - Spur
Inside Operation Destabilise: How a ransomware investigation linked Russian money laundering and street-level drug dealing
Inside Operation Destabilise: How a ransomware investigation linked Russian money laundering and street-level drug dealing
U.K. investigators tell the story of how examining a cybercrime group's extortion funds helped to unravel a money-laundering network reaching from the illegal drug trade to Moscow's elite.
·therecord.media·
Inside Operation Destabilise: How a ransomware investigation linked Russian money laundering and street-level drug dealing
Câbles rompus en mer Baltique : Pékin n’a pas autorisé la Suède à mener son enquête à bord du cargo
Câbles rompus en mer Baltique : Pékin n’a pas autorisé la Suède à mener son enquête à bord du cargo
Deux câbles de télécommunications avaient été coupés les 17 et 18 novembre dans les eaux territoriales suédoises de la mer Baltique. Les soupçons s’étaient rapidement portés sur un navire battant pavillon chinois, le « Yi Peng 3 ».
·lemonde.fr·
Câbles rompus en mer Baltique : Pékin n’a pas autorisé la Suède à mener son enquête à bord du cargo
2024-12 Reference Advisory: Session Smart Router: Mirai malware found on systems when the default password remains unchanged
2024-12 Reference Advisory: Session Smart Router: Mirai malware found on systems when the default password remains unchanged
n Wednesday, December 11, 2024, several customers reported suspicious behavior on their Session Smart Network (SSN) platforms. These systems have been infected with the Mirai malware and were subsequently used as a DDOS attack source to other devices accessible by their network. The impacted systems were all using default passwords. Any customer not following recommended best practices and still using default passwords can be considered compromised as the default SSR passwords have been added to the virus database.
·supportportal.juniper.net·
2024-12 Reference Advisory: Session Smart Router: Mirai malware found on systems when the default password remains unchanged
Effective Phishing Campaign Targeting European Companies and Organizations
Effective Phishing Campaign Targeting European Companies and Organizations
A phishing campaign targeting European companies used fake forms made with HubSpot's Free Form Builder, leading to credential harvesting and Azure account takeover. A phishing campaign targeting European companies used fake forms made with HubSpot's Free Form Builder, leading to credential harvesting and Azure account takeover.
·unit42.paloaltonetworks.com·
Effective Phishing Campaign Targeting European Companies and Organizations
APT29 Hackers Target High-Value Victims Using Rogue RDP Servers and PyRDP
APT29 Hackers Target High-Value Victims Using Rogue RDP Servers and PyRDP
The Russia-linked APT29 threat actor has been observed repurposing a legitimate red teaming attack methodology as part of cyber attacks leveraging malicious Remote Desktop Protocol (RDP) configuration files. The activity, which has targeted governments and armed forces, think tanks, academic researchers, and Ukrainian entities, entails adopting a "rogue RDP" technique that was previously documented by Black Hills Information Security in 2022, Trend Micro said in a report.
·thehackernews.com·
APT29 Hackers Target High-Value Victims Using Rogue RDP Servers and PyRDP
BeyondTrust Remote Support SaaS Service Security Investigation
BeyondTrust Remote Support SaaS Service Security Investigation
BeyondTrust identified a security incident that involved a limited number of Remote Support SaaS customers. On December 5th, 2024, a root cause analysis into a Remote Support SaaS issue identified an API key for Remote Support SaaS had been compromised. BeyondTrust immediately revoked the API key, notified known impacted customers, and suspended those instances the same day while providing alternative Remote Support SaaS instances for those customers. 12/12/24 While the security incident forensics investigation remains ongoing, there are no material updates to provide at this time. We continue to pursue all possible paths as part of the forensic analysis, with the assistance of external forensic parties, to ensure we conduct as thorough an investigation as possible. We continue to communicate, and work closely with, all known affected customers. We will continue to provide updates here until our investigation is concluded.
·beyondtrust.com·
BeyondTrust Remote Support SaaS Service Security Investigation