cyberveille.decio.ch

cyberveille.decio.ch

7248 bookmarks
Custom sorting
Ascension: Health data of 5.6 million stolen in ransomware attack
Ascension: Health data of 5.6 million stolen in ransomware attack
​Ascension, one of the largest private U.S. healthcare systems, is notifying over 5.6 million patients and employees that their personal and health data was stolen in a May cyberattack linked to the Black Basta ransomware operation.
·bleepingcomputer.com·
Ascension: Health data of 5.6 million stolen in ransomware attack
DigiEver Fix That IoT Thing!
DigiEver Fix That IoT Thing!
  • A vulnerability in DigiEver DS-2105 Pro DVRs is being exploited to spread malware. The Akamai Security Intelligence Research Team (SIRT) noticed this activity in their honeypots on November 18, 2024. The vulnerability was originally discovered by Ta-Lun Yen and a CVE identifier has been requested by the Akamai SIRT. The malware is a Mirai variant that has been modified to use improved encryption algorithms. We have included a list of indicators of compromise (IoCs) in this blog post to assist in defense against this threat.
·akamai.com·
DigiEver Fix That IoT Thing!
Three Months After the Storm: Did Cybercriminals Move to Telegram Alternatives? • KELA Cyber Threat Intelligence
Three Months After the Storm: Did Cybercriminals Move to Telegram Alternatives? • KELA Cyber Threat Intelligence
Introduction Telegram, as previously reported by KELA, is a popular and legitimate messaging platform that has evolved in the past few years into a major platform for cybercriminal activities. Its lack of strict content moderation has made the platform cybercriminals’ playground. They use the platform for distribution of stolen data and hacking tools, publicizing their […]
·kelacyber.com·
Three Months After the Storm: Did Cybercriminals Move to Telegram Alternatives? • KELA Cyber Threat Intelligence
Commission opens formal proceedings against TikTok under DSA
Commission opens formal proceedings against TikTok under DSA
Today, the Commission has opened formal proceedings against TikTok for a suspected breach of the DSA in relation to TikTok's obligation to properly assess and mitigate systemic risks linked to election integrity, notably in the context of the recent Romanian presidential elections on 24 November.
·ec.europa.eu·
Commission opens formal proceedings against TikTok under DSA
ConnectOnCall.com, LLC Provides Notice of Data Security Incident
ConnectOnCall.com, LLC Provides Notice of Data Security Incident
ConnectOnCall.com, LLC provides a product (“ConnectOnCall”) that healthcare providers purchase to improve their after-hours call process and enhance communications between the providers and their patients. ConnectOnCall discovered an incident that involved personal information related to communications between patients and healthcare providers that use ConnectOnCall. On May 12, 2024, ConnectOnCall learned of an issue impacting ConnectOnCall and immediately began an investigation and took steps to secure the product and ensure the overall security of its environment. ConnectOnCall’s investigation revealed that between February 16, 2024, and May 12, 2024, an unknown third party had access to ConnectOnCall and certain data within the application, including certain information in provider-patient communications.
·businesswire.com·
ConnectOnCall.com, LLC Provides Notice of Data Security Incident
“DeceptionAds” — Fake Captcha Driving Infostealer Infections and a Glimpse to the Dark Side of Internet Advertising
“DeceptionAds” — Fake Captcha Driving Infostealer Infections and a Glimpse to the Dark Side of Internet Advertising
Guardio Labs tracked and analyzed a large-scale fake captcha campaign distributing a disastrous Lumma info-stealer malware that circumvents general security measures like Safe Browsing. Entirely reliant on a single ad network for propagation, this campaign showcases the core mechanisms of malvertising — delivering over 1 million daily “ad impressions” and causing thousands of daily victims to lose their accounts and money through a network of 3,000+ content sites funneling traffic. Our research dissects this campaign and provides insights into the malvertising industry’s infrastructure, tactics, and key players. Through a detailed analysis of redirect chains, obfuscated scripts, and Traffic Distribution Systems (TDS) — in collaboration with our friends at Infoblox — we traced the campaign’s origins to Monetag, a part of ProepllerAds’ network previously tracked by Infoblox under the name “Vane Viper.” Further investigation reveals how threat actors leveraged services like BeMob ad-tracking to cloak their malicious intent, showcasing the fragmented accountability in the ad ecosystem. This lack of oversight leaves internet users vulnerable and enables malvertising campaigns to flourish at scale.
·labs.guard.io·
“DeceptionAds” — Fake Captcha Driving Infostealer Infections and a Glimpse to the Dark Side of Internet Advertising
The CVE-2024-11053 Sunday shenanigans
The CVE-2024-11053 Sunday shenanigans
I just wanted to make you all aware of what happened over the weekend. On Sunday afternoon, Harry Sintonenen made us aware that several security related websites posted articles about the "CRITICAL curl security flaw". We announced that as severity LOW earlier this week. How and why did this massive severiy level bump happen?
·curl.se·
The CVE-2024-11053 Sunday shenanigans
DrayTek Routers Exploited in Massive Ransomware Campaign - Forescout
DrayTek Routers Exploited in Massive Ransomware Campaign - Forescout
  • Our 2024 Dray:Break report revealed 14 new vulnerabilities in DrayTek devices See our upcoming presentation at Black Hat Europe for more details PRODAFT shared threat intelligence from 2023 on a ransomware campaign exploiting DrayTek devices This is the first time this campaign is discussed publicly Our analysis shows sophisticated attack workflows to deploy ransomware including possible: Zero-day vulnerabilities Credential harvesting and password cracking VPN and tunneling abuse
·forescout.com·
DrayTek Routers Exploited in Massive Ransomware Campaign - Forescout
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
This is the story of CVE-2022-0847, a vulnerability in the Linux kernel since 5.8 which allows overwriting data in arbitrary read-only files. This leads to privilege escalation because unprivileged processes can inject code into root processes. It is similar to CVE-2016-5195 “Dirty Cow” but is easier to exploit. The vulnerability was fixed in Linux 5.16.11, 5.15.25 and 5.10.102.
·dirtypipe.cm4all.com·
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation