cyberveille.decio.ch

cyberveille.decio.ch

7248 bookmarks
Custom sorting
Surge in Palo Alto Networks Scanner Activity Indicates Possible Upcoming Threats
Surge in Palo Alto Networks Scanner Activity Indicates Possible Upcoming Threats
GreyNoise has observed a significant surge in login scanning activity targeting Palo Alto Networks PAN-OS GlobalProtect portals. Over the last 30 days, nearly 24,000 unique IP addresses have attempted to access these portals. The pattern suggests a coordinated effort to probe network defenses and identify exposed or vulnerable systems, potentially as a precursor to targeted exploitation. Recent patterns observed by GreyNoise suggest that this activity may signal the emergence of new vulnerabilities in the near future: “Over the past 18 to 24 months, we’ve observed a consistent pattern of deliberate targeting of older vulnerabilities or well-worn attack and reconnaissance attempts against specific technologies,” said Bob Rudis, VP of Data Science at GreyNoise. “These patterns often coincide with new vulnerabilities emerging 2 to 4 weeks later.”
·greynoise.io·
Surge in Palo Alto Networks Scanner Activity Indicates Possible Upcoming Threats
TTP - Apple Offers Apps With Ties to Chinese Military
TTP - Apple Offers Apps With Ties to Chinese Military
Millions of Americans have downloaded apps that secretly route their internet traffic through Chinese companies, according to an investigation by the Tech Transparency Project (TTP), including several that were recently owned by a sanctioned firm with links to China’s military. TTP’s investigation found that one in five of the top 100 free virtual private networks in the U.S. App Store during 2024 were surreptitiously owned by Chinese companies, which are obliged to hand over their users’ browsing data to the Chinese government under the country’s national security laws. Several of the apps traced back to Qihoo 360, a firm declared by the Defense Department to be a “Chinese Military Company." Qihoo did not respond to questions about its app-related holdings.
·techtransparencyproject.org·
TTP - Apple Offers Apps With Ties to Chinese Military
Outlaw Linux Malware: Persistent, Unsophisticated, and Surprisingly Effective — Elastic Security Labs
Outlaw Linux Malware: Persistent, Unsophisticated, and Surprisingly Effective — Elastic Security Labs
OUTLAW is a persistent yet unsophisticated auto-propagating coinminer package observed across multiple versions over the past few years [1], [2], [3], [4]. Despite lacking stealth and advanced evasion techniques, it remains active and effective by leveraging simple but impactful tactics such as SSH brute-forcing, SSH key and cron-based persistence, and manually modified commodity miners and IRC channels. This persistence highlights how botnet operators can achieve widespread impact without relying on sophisticated techniques.
·elastic.co·
Outlaw Linux Malware: Persistent, Unsophisticated, and Surprisingly Effective — Elastic Security Labs
Royal Mail Group Loses 144GB to Infostealers: Same Samsung Hacker, Same 2021 Infostealer Log | InfoStealers
Royal Mail Group Loses 144GB to Infostealers: Same Samsung Hacker, Same 2021 Infostealer Log | InfoStealers
Just days after reporting on the Samsung Tickets data breach, another massive leak has surfaced, this time targeting Royal Mail Group, a British institution with over 500 years of history. On April 2, 2025, a threat actor known as “GHNA” posted on BreachForums, announcing the release of 144GB of data stolen from Royal Mail Group. The breach, once again facilitated through Spectos, a third-party service provider, exposes personally identifiable information (PII) of customers, confidential documents, internal Zoom meeting video recordings, delivery location datasets, a WordPress SQL database for mailagents.uk, Mailchimp mailing lists, and more.
·infostealers.com·
Royal Mail Group Loses 144GB to Infostealers: Same Samsung Hacker, Same 2021 Infostealer Log | InfoStealers
Global crackdown on Kidflix, a major child sexual exploitation platform with almost two million users | Europol
Global crackdown on Kidflix, a major child sexual exploitation platform with almost two million users | Europol
Kidflix, one of the largest paedophile platforms in the world, has been shut down in an international operation against child sexual exploitation. The investigation was supported by Europol and led by the State Criminal Police of Bavaria (Bayerisches Landeskriminalamt) and the Bavarian Central Office for the Prosecution of Cybercrime (ZCB). Over 35 countries worldwide participated in the operation. almost 1 400 suspects worldwide. So far, 79 of these individuals have been arrested...
·europol.europa.eu·
Global crackdown on Kidflix, a major child sexual exploitation platform with almost two million users | Europol
La criminalité numérique a plus que doublé depuis 2020
La criminalité numérique a plus que doublé depuis 2020
24.03.2025 - En 2024, la police a enregistré au total 563 633 infractions relevant du Code pénal (CP), soit environ 8% de plus que l'année précédente. Si l'on considère la criminalité par domaines, les infractions numériques ont, comme les années précédentes, affiché une forte hausse (+35%). Les infractions contre le patrimoine se sont accrues de 8% par rapport à 2023. Et les infractions de violence grave ont augmenté (+19%) pour la troisième année consécutive. Ce sont là quelques-uns des résultats de la statistique policière de la criminalité (SPC), établie par l'Office fédéral de la statistique (OFS).
·bfs.admin.ch·
La criminalité numérique a plus que doublé depuis 2020
Analyzing open-source bootloaders: Finding vulnerabilities faster with AI
Analyzing open-source bootloaders: Finding vulnerabilities faster with AI
By leveraging Microsoft Security Copilot to expedite the vulnerability discovery process, Microsoft Threat Intelligence uncovered several vulnerabilities in multiple open-source bootloaders, impacting all operating systems relying on Unified Extensible Firmware Interface (UEFI) Secure Boot as well as IoT devices. The vulnerabilities found in the GRUB2 bootloader (commonly used as a Linux bootloader) and U-boot and Barebox bootloaders (commonly used for embedded systems), could allow threat actors to gain and execute arbitrary code.
·microsoft.com·
Analyzing open-source bootloaders: Finding vulnerabilities faster with AI
CrushFTP Authentication Bypass - CVE-2025-2825
CrushFTP Authentication Bypass - CVE-2025-2825
Enterprise file transfer solutions are critical infrastructure for many organizations, facilitating secure data exchange between systems and users. CrushFTP, a widely used multi-protocol file transfer server, offers an extensive feature set including Amazon S3-compatible API access. However, a critical vulnerability (CVE-2025-2825) was discovered in versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0 that allows unauthenticated attackers to bypass authentication and gain unauthorized access
·projectdiscovery.io·
CrushFTP Authentication Bypass - CVE-2025-2825
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
This is the story of CVE-2022-0847, a vulnerability in the Linux kernel since 5.8 which allows overwriting data in arbitrary read-only files. This leads to privilege escalation because unprivileged processes can inject code into root processes. It is similar to CVE-2016-5195 “Dirty Cow” but is easier to exploit. The vulnerability was fixed in Linux 5.16.11, 5.15.25 and 5.10.102.
·dirtypipe.cm4all.com·
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
TCCing is Believing
TCCing is Believing
Apple finally adds TCC events to Endpoint Security! Since the majority of macOS malware circumvents TCC through explicit user approval, it would be incredibly helpful for any security tool to detect this — and possibly override the user’s risky decision. Until now the best (only?) option was to ingest log messages generated by the TCC subsystem. This approach was implemented in a tool dubbed Kronos, written by Calum Hall Luke Roberts (now, of Phorion fame). Unfortunately, as they note, this approach did have it drawbacks:
·objective-see.org·
TCCing is Believing
Blacklock Ransomware: A Late Holiday Gift with Intrusion into the Threat Actor
Blacklock Ransomware: A Late Holiday Gift with Intrusion into the Threat Actor
Dubbed “BlackLock” (aka "El Dorado" or "Eldorado"), the ransomware-as-a-service (RaaS) outfit has existed since March 2024. In Q4 of last year, it increased its number of data leak posts by a staggering 1,425% quarter-on-quarter. According to independent reporting, a relatively new group has rapidly accelerated attacks and could become the most dominant RaaS group in 2025. Fortunately, it will not happen due to certain events happening "behind the scenes." As you may know, Christmas and Winter Holidays are the best times for cybercriminals to attack, defraud, and extort victims globally. But in some cases, they may expect unexpected gifts too. Around that time, Resecurity identified a vulnerability present at the Data Leak Site (DLS) of BlackLock in the TOR network - successful exploitation of which allowed our analysts to collect substantial intelligence about their activity outside of the public domain.
·resecurity.com·
Blacklock Ransomware: A Late Holiday Gift with Intrusion into the Threat Actor
Why are North Korean hackers such good crypto-thieves?
Why are North Korean hackers such good crypto-thieves?
FEBRUARY 21st was a typical day, recalls Ben Zhou, the boss of ByBit, a Dubai-based cryptocurrency exchange. Before going to bed, he approved a fund transfer between the firm’s accounts, a “typical manoeuvre” performed while servicing more than 60m users around the world. Half an hour later he got a phone call. “Ben, there’s an issue,” his chief financial officer said, voice shaking. “We might be hacked…all of the Ethereum is gone.”
·archive.ph·
Why are North Korean hackers such good crypto-thieves?