In Wake of Durov Arrest, Some Cybercriminals Ditch Telegram
Hackers, fraudsters, and drug dealers are all leaving the platform in one way or another. Some are worried that Telegram may start providing user data to the authorities.
cyberveille.decio.ch
RansomHub claims Kawasaki cyberattack, threatens to leak stolen data
Kawasaki Motors Europe has announced that it's recovering from a cyberattack that caused service disruptions as the RansomHub ransomware gang threatens to leak stolen data.
Kawasaki’s European HQ recovers from cyber attack
At the start of September, Kawasaki Motors Europe, (KME) was the subject of a cyber-attack which, although not successful, resulted in the company’s servers being temporarily isolated until a strategic recovery plan was initiated later on the same day. KME and its country Branches operate a large number of servers and, as a precaution, it was decided to isolate each one and put a cleansing process in place whereby all data was checked and any suspicious material identified and dealt with.
Data centres as vital as NHS and power grid, government says
Data centres in the UK are to be classified as critical national infrastructure, joining the emergency services, finance and healthcare systems, and energy and water supplies. It means they would get extra government support during a major incident, such as a cyber attack, an IT outage or extreme weather, in order to minimise disruption.
CVE-2024-29847 Deep Dive: Ivanti Endpoint Manager AgentPortal Deserialization of Untrusted Data Remote Code Execution Vulnerability – Horizon3.ai
CVE-2024-29847 Ivanti Endpoint Manager AgentPortal Deserialization of Untrusted Data Remote Code Execution Vulnerability.
TfL confirms 5,000 customers' bank data exposed
Transport for London's ongoing cyber incident has taken a dark turn as the organization confirmed that some data, including bank details, might have been accessed, and 30,000 employees' passwords will need to be reset via in-person appointments.
Hold – Verify – Execute: Rise of Malicious POCs Targeting Security Researchers
Overview While investigating CVE-2024-5932, a code injection vulnerability in the GiveWP WordPress plugin, our team encountered a malicious Proof of Concept (POC) targeting cybersecurity professionals. This has become a growing threat to cybersecurity professionals from […]
Transport for London confirms customer data stolen in cyberattack
Transport for London (TfL) has determined that the cyberattack on September 1 impacts customer data, including names, contact details, email addresses, and home addresses. #Breach #Computer #Customer #Data #InfoSec #London #Security #TfL #Transport #for
Fortinet suffers third-party data breach affecting Asia-Pacific customers - Cyber Daily
International cyber security giant Fortinet has disclosed that it has suffered a data breach.
Europe’s privacy watchdog probes Google over data used for AI training
Meta and X have already paused some AI training over same set of concerns.
Telegram: 'The dark web in your pocket'
The arrest of Telegram’s chief executive in France has ignited a debate about moderation on his app. About nine months ago while researching a story, I found myself added to a large Telegram channel which was focused on selling drugs. I was then added to one about hacking and then one about stolen credit cards. I realised my Telegram settings had made it possible for people to add me to their channels without me doing anything. I kept the settings the same to see what would happen.
Enquête ESET : le cybergang CosmicBeetle cible des entreprises françaises et devient affilié de RansomHub | UnderNews
ESET découvre que le groupe CosmicBeetle s'associe à d'autres gangs de ransomwares et cible des entreprises en France. Tribune ESET. Les chercheurs d'ESET ont mené l’enquête sur ScRansom, un nouveau ransomware développé par le groupe CosmicBeetle. CosmicBeetle a débuté avec les outils Lockbit qui ont fuité. CosmicBeetle est probablement devenu récement un affilié RansomHub ScRansom
Microsoft Says Windows Update Zero-Day Being Exploited to Undo Security Fixes
Microsoft on Tuesday raised an alarm for in-the-wild exploitation of a critical flaw in Windows Update, warning that attackers are rolling back security fixes on certain versions of its flagship operating system.
We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI
We recently performed research that started off "well-intentioned" (or as well-intentioned as we ever are) - to make vulnerabilities in WHOIS clients and how they parse responses from WHOIS servers exploitable in the real world (i.e. without needing to MITM etc). As part of our research, we discovered that a few years ago the WHOIS server for the .MOBI TLD migrated from whois.dotmobiregistry.net to whois.nic.mobi – and the dotmobiregistry.net domain had been left to expire seemingly in December 2023.
A glimpse into the Quad7 operators' next moves and associated botnets
Uncover the secrets of the Quad7 botnet and its ever-evolving toolset. Learn about the new backdoors and protocols used by these operators.
Tracking Ransomware - August 2024 - CYFIRMA
August 2024 witnessed a noticeable increase in ransomware activity, with emerging groups like Lynx and RansomHub showing dramatic...
Wifi routers and VPN appliances targeted by notorious botnet Quad7
The mysterious Quad7 botnet has evolved its tactics to compromise several brands of Wi-Fi routers and VPN appliances. It’s armed with new backdoors, multiple vulnerabilities, some of which were previously unknown, and new staging servers and clusters, according to a report by Sekoia, a cybersecurity firm.
Arctic Wolf Observes Akira Ransomware Campaign Targeting SonicWall SSLVPN Accounts
In recent threat activity observed by Arctic Wolf, Akira ransomware affiliates carried out ransomware attacks with an initial access vector involving the compromise of SSLVPN user accounts on SonicWall devices.
Critical SonicWall SSLVPN bug exploited in ransomware attacks
Ransomware affiliates exploit a critical security vulnerability in SonicWall SonicOS firewall devices to breach victims' networks.
Data Privacy Framework – swissprivacy.law
À l'occasion d'un communiqué de presse publié le 14 août 2024, le Conseil fédéral a approuvé le Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) et arrêté son en vigueur au 15 septembre 2024. Selon cette décision, les entreprises américaines participant au Swiss-U.S. DPF garantissent un niveau adéquat de protection des données en vertu de la LPD, de sorte que les données personnelles peuvent être transférées aux entreprises américaines participantes sans avoir à conclure de clauses contractuelles types adoptées par la Commission Européenne (SCC) et sans qu'il soit nécessaire de procéder à une analyse d'impact du transfert de données.
Veeam Backup & Response - RCE With Auth, But Mostly Without Auth (CVE-2024-40711)
Every sysadmin is familiar with Veeam’s enterprise-oriented backup solution, ‘Veeam Backup & Replication’. Unfortunately, so is every ransomware operator, given it's somewhat 'privileged position' in the storage world of most enterprise's networks. There's no point deploying cryptolocker malware on a target unless you can also deny access to backups, and so, this class of attackers absolutely loves to break this particular software. With so many eyes focussed on it, then, it is no huge surprise that it has a rich history of CVEs. Today, we're going to look at the latest episode - CVE-2024-40711. Well, that was a complex vulnerability, requiring a lot of code-reading! We’ve successfully shown how multiple bugs can be chained together to gain RCE in a variety of versions of Veeam Backup & Replication.
Sextortion scams now use your "cheating" spouse’s name as a lure
A new variant of the ongoing sextortion email scams is now targeting spouses, saying that their husband or wife is cheating on them, with links to the alleged proof.
New Android SpyAgent Campaign Steals Crypto Credentials via Image Recognition
Authored by SangRyol Ryu Recently, McAfee’s Mobile Research Team uncovered a new type of mobile malware that targets mnemonic keys by scanning for images
Russia focusing on US social media stars to covertly influence voters
Russia is increasingly turning to American social media stars to covertly influence voters ahead of the 2024 presidential election, according to U.S. officials and recently unveiled criminal charges. “What we see them doing is relying on witting and unwitting Americans to seed, promote and add credibility to narratives that serve these foreign actors’ interest,” a senior intelligence official said in a briefing on Friday. “These foreign countries typically calculate that Americans are more likely to believe other Americans’ views.”
Major US car rental breach exposes hundreds of thousands
Attackers roamed the systems of Avis Car Rental, a major car rental service provider, for several days, accessing data of nearly 300,000 individuals. Malicious actors breached Avis systems on August 3rd and roamed inside the system for three days until the company secured its networks. The company’s data breach notification letter, submitted to the Maine Attorney General’s Office, states that Avis discovered the breach on August 5th, indicating it took at least one day to kick the malicious actors out.
Une faille dans le HDMI permet de voler des mots de passe et des informations sensibles
Il existe une méthode pour intercepter des informations sensibles en exploitant les émissions électromagnétiques des câbles HDMI ! Cette technique, qui s'appuie sur l'intelligence artificielle, permet de reconstituer ce qui est affiché sur un écran avec une précision inquiétante.
Progress LoadMaster vulnerable to 10/10 severity RCE flaw
Progress Software has issued an emergency fix for a maximum (10/10) severity vulnerability impacting its LoadMaster and LoadMaster Multi-Tenant (MT) Hypervisor products that allows attackers to remotely execute commands on the device.
Free Russia Foundation to investigate data breach after internal documents published online — Novaya Gazeta Europe
One of Russia’s most prominent pro-democracy organisations, the Free Russia Foundation, announced that it was investigating a potential cyberattack on Friday, following a leak of thousands of emails and documents related to its work.
The state of sandbox evasion techniques in 2024
This post is about sandbox evasion techniques and their usefulness in more targeted engagements. There's a lot of sandbox evasion techniques, some are simple: query WMI, some are cool: parsing SMBIOS tables, most try to detect sandbox artifacts. I wanted to know if these techniques are still effective for detecting sandboxes, or if the sandboxes have since been updated to counter them.
Swiss found to be gullible regarding fake news
The Swiss do not seem to be particularly good at separating truth from lies, according to a study by the Organisation for Economic Co-operation and Development (OECD). The Truth Quest Survey involved 40,765 participants in 21 countries. The 1,531 participants from Switzerland came third from last. Only Colombia and Brazil did worse. The US and France were also in the bottom third of the international comparison. By contrast, the best results were achieved by participants from Finland, the UK and Norway.