Plusieurs tentatives: L'État luxembourgeois visé par des cyberattaques
Après une première attaque au printemps, les sites de l'État luxembourgeois ont été à nouveau visés le 23 octobre dernier par une attaque "DDoS".
cyberveille.decio.ch
Gaming Engines: An Undetected Playground for Malware Loaders
- Check Point Research discovered a new technique taking advantage of Godot Engine, a popular open-source game engine, to execute crafted GDScript, code which triggers malicious commands and delivers malware. The technique remains undetected by almost all antivirus engines in VirusTotal. Check Point identified GodLoader, a loader that employs this new technique. The threat actor behind this malware has been utilizing it since June 29, 2024, infecting over 17,000 machines The malicious GodLoader is distributed by the Stargazers Ghost Network, a GitHub network that distributes malware as a service. Throughout September and October, approximately 200 repositories and over 225 Stargazers were used to legitimize the repositories distributing the malware. This new technique allows threat actors to target and infect devices across multiple platforms, such as Windows, macOS, Linux, Android, and iOS. Check Point Research demonstrates how this multi-platform technique can successfully drop payloads in Linux and MacOS. * A potential attack can target over 1.2 million users of Godot-developed games. These scenarios involve taking advantage of legitimate Godot executables to load malicious scripts in the form of mods or other downloadable content.
Starbucks, grocery stores impacted by Blue Yonder ransomware attack - Help Net Security
Supply chain management SaaS vendor Blue Yonder experienced a ransomware attack that impacted big companies like Starbucks.
RobotDropper Automates the Delivery of Multiple Infostealers
BlackBerry is tracking a new campaign that delivers Trojanized MSI files that utilize DLL sideloading to execute LegionLoader, a malicious program typically used to distribute multiple infostealers on the victim’s system.
PHP Reinfector and Backdoor Malware Target WordPress Sites
Understand the threat of PHP reinfector malware on WordPress sites, compromising plugins like Imagify and using malicious admin users.
Python Crypto Library Updated to Steal Private Keys
Yesterday, Phylum's automated risk detection platform discovered that the PyPI package aiocpa was updated to include malicious code that steals private keys by exfiltrating them through Telegram when users initialize the crypto library. While the attacker published this malicious update to PyPI, they deliberately kept the package's GitHub repository clean
11 arrested in Europol shutdown of illegal IPTV streaming networks
In the takedown announced on Wednesday, Europol said it investigated 102 suspects and arrested 11 of them on accusations they were distributing content from streaming services illegally.
UK hospital network postpones procedures after cyberattack
Major UK healthcare provider Wirral University Teaching Hospital (WUTH), part of the NHS Foundation Trust, has suffered a cyberattack that caused a systems outage leading to postponing appointments and scheduled procedures.
Attacco ransomware al Bologna FC, rubati migliaia di documenti (anche sui calciatori) | Wired Italia
I pirati del gruppo RansomHub pubblicano su Dark Web alcuni dei documenti sottratti e chiedono al club di Serie A di pagare un riscatto
Bootkitty: Analyzing the first UEFI bootkit for Linux
ESET's discovery of the first UEFI bootkit designed for Linux sendss an important message: UEFI bootkits are no longer confined to Windows systems alone.
Zello asks users to reset passwords after security incident
Zello is warning customers to reset their passwords if their account was created before November 2nd in what appears to be another security breach.
Gergely's hack blog – badmalloc (CVE-2023-32428) - a macOS LPE
I recently realised that I still owe you guys some writeups, so since OBTSv7 is around the corner here's the one for badmalloc. I found this back in March 2023, and it got fixed in October. About the bug There's a bug in MallocStackLogging, Apple's "magical" framework that allows developers …
The hidden network report
Since February 2024, the World Watch Cyber Threat Intelligence team has been working on an extensive study of the private and public relationships within the Chinese cyber offensive ecosystem. This includes: An online map showcasing the links between 300+ entities; Historical context on the Chinese state entities dedicated to cyber offensive operations; An analysis of the role of universities and private companies in terms of capacity building; A focus on the ecosystem facilitating the acquisition of vulnerabilities for government use in cyber espionage campaigns.
Source Code of $3,000-a-Month macOS Malware ‘Banshee Stealer’ Leaked
The Banshee Stealer macOS malware operation, which emerged earlier this year, was reportedly shut down following a source code leak.
When Guardians Become Predators: How Malware Corrupts the Protectors
We often trust our security software to stand as an unbreakable wall against malware and attacks, but what happens when that very wall is weaponized against us? Our Trellix Advanced Research Center team recently uncovered a malicious campaign that does just that. Instead of bypassing defenses, this malware takes a more sinister route: it drops a legitimate Avast Anti-Rootkit driver (aswArPot.sys) and manipulates it to carry out its destructive agenda. The malware exploits the deep access provided by the driver to terminate security processes, disable protective software, and seize control of the infected system.
UK drinking water supplies disrupted by record number of undisclosed cyber incidents
A record number of cyber incidents impacted Britain’s critical drinking water supplies this year without being publicly disclosed, according to information obtained by Recorded Future News. The exact nature of these incidents is unclear, and they may include operational failures as well as attacks. Under British cybersecurity laws — known as the NIS Regulations — critical infrastructure companies are required to report “significant incidents” to the government within three days or face a fine of up to £17 million ($21 million).
Here’s how simple it is for script kiddies to stand up DDoS services
How plug-and-play hacking tools and lax configs helped a Russian script kiddie start a scheme.
Matrix Unleashes A New Widespread DDoS Campaign
Aqua Nautilus researchers uncovered a new and widespread DDoS campaign orchestrated by a threat actor named Matrix.
Raspberry Robin Analysis
A comprehensive analysis of the inner workings of Raspberry Robin | Multiple layers that use numerous techniques to evade detection & analysis #2024 #Analysis #EN #Raspberry #Robin #zscaler
Yakuza Victim Data Leaked in Japanese Agency Attack
A local government resource for helping Japanese citizens cut ties with organized crime was successfully phished in a tech support scam, and could have dangerous consequences.
Microsoft Power Pages: Data Exposure Reviewed
This blog post discusses a data exposure risk in Microsoft Power Pages due to misconfigured access controls, highlighting the need for better security and monitoring.
Emerging Details of Chinese Hack Leave U.S. Officials Increasingly Concerned
Leaders of the big telecommunications companies were summoned to the White House to discuss strategies for overhauling the security of the nation’s telecommunications networks amid growing alarm at the scope of a Chinese hack.
CyberVolk | A Deep Dive into the Hacktivists, Tools and Ransomware Fueling Pro-Russian Cyber Attacks
A loose collective of mostly low-skilled actors, CyberVolk absorbs and adapts a wide array of destructive malware for use against political targets.
7-Zip flaw enables code smuggling with manipulated archives
Attackers can use manipulated archives to try to inject malicious code into 7-Zip users. An update is available.
China-Nexus TAG-112 Compromises Tibetan Websites to Distribute Cobalt Strike
In a recent cyber campaign, the Chinese state-sponsored threat group TAG-112 compromised two Tibetan websites, Tibet Post and Gyudmed Tantric University, to deliver the Cobalt Strike malware. Recorded Future’s Insikt Group discovered that the attackers embedded malicious JavaScript in these sites, which spoofed a TLS certificate error to trick visitors into downloading a disguised security certificate. This malware, often used by threat actors for remote access and post-exploitation, highlights a continued cyber-espionage focus on Tibetan entities. TAG-112’s infrastructure, concealed using Cloudflare, links this campaign to other China-sponsored operations, particularly TAG-102 (Evasive Panda).
Fintech Giant Finastra Investigating Data Breach
The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. Finastra, which provides software and services to 45 of the world’s top 50 banks, notified customers of the security incident after a cybercriminal began selling more than 400 gigabytes of data purportedly stolen from the company.
Apple fixes two zero-days used in attacks on Intel-based Macs
Apple released emergency security updates to fix two zero-day vulnerabilities that were exploited in attacks on Intel-based Mac systems. "Apple is aware of a report that this issue may have been exploited," the company said in an advisory issued on Tuesday. The two bugs were found in the macOS Sequoia JavaScriptCore (CVE-2024-44308) and WebKit (CVE-2024-44309) components of macOS.
Qualys TRU Uncovers Five Local Privilege Escalation Vulnerabilities in needrestart | Qualys Security Blog
The Qualys Threat Research Unit (TRU) has identified five Local Privilege Escalation (LPE) vulnerabilities within the needrestart component, which is installed by default on Ubuntu Server. These vulnerabilities can be exploited by any unprivileged user to gain full root access without requiring user interaction. The identified flaws have been assigned the CVE identifiers CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224, and CVE-2024-11003, highlighting the need for immediate remediation to protect system integrity. Our TRU team has successfully developed functional exploits for these vulnerabilities. While we will not disclose our exploits, please be aware that these vulnerabilities are easily exploitable, and other researchers may release working exploits shortly following this coordinated disclosure. These vulnerabilities have been present since the introduction of interpreter support in needrestart version 0.8, released in April 2014.
Plusieurs comptes Telegram de députés ont été piratés
Les services de l’Assemblée nationale ont alerté l’ensemble des députés après le piratage.
Feds Charge Five Men in ‘Scattered Spider’ Roundup – Krebs on Security
Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. technology companies between 2021 and 2023, including LastPass, MailChimp, Okta,…