cyberveille.decio.ch

cyberveille.decio.ch

7248 bookmarks
Custom sorting
ESET themed wiper Targets Israel
ESET themed wiper Targets Israel
It all started with an ESET statement on their official account on "X", wherein they mentioned that their partner company in Israel has gone under a targeted malicious email campaign that they managed to block within 10 minutes.
·blu3eye.gitbook.io·
ESET themed wiper Targets Israel
ESET Distributor’s Systems Abused to Deliver Wiper Malware
ESET Distributor’s Systems Abused to Deliver Wiper Malware
ESET has launched an investigation after the systems of its official product distributor in Israel were abused to send out emails delivering wiper malware. The targeted users received an email — signed by ESET’s Advanced Threat Defense (ATD) team — informing them about government-backed attackers trying to compromise their devices.
·securityweek.com·
ESET Distributor’s Systems Abused to Deliver Wiper Malware
Lynx Ransomware: A Rebranding of INC Ransomware
Lynx Ransomware: A Rebranding of INC Ransomware
Discover recent attacks using Lynx ransomware, a rebrand of INC, targeting multiple crucial sectors in the U.S. and UK with prevalent double-extortion tactics. Discover recent attacks using Lynx ransomware, a rebrand of INC, targeting multiple crucial sectors in the U.S. and UK with prevalent double-extortion tactics.
·unit42.paloaltonetworks.com·
Lynx Ransomware: A Rebranding of INC Ransomware
Burning Zero Days: Suspected Nation-State Adversary Targets Ivanti CSA
Burning Zero Days: Suspected Nation-State Adversary Targets Ivanti CSA
A case where an advanced adversary was observed exploiting three vulnerabilities affecting the Ivanti Cloud Services Appliance (CSA). This incident is a prime example of how threat actors chain zero-day vulnerabilities to gain initial access to a victim’s network. Learn more.
·fortinet.com·
Burning Zero Days: Suspected Nation-State Adversary Targets Ivanti CSA
Perfecting Ransomware on AWS — Using ‘keys to the kingdom’ to change the locks
Perfecting Ransomware on AWS — Using ‘keys to the kingdom’ to change the locks
If someone asked me what was the best way to make money from a compromised AWS Account (assume root access even) — I would have answered “dump the data and hope that no-one notices you before you finish it up.” This answer would have been valid until ~8 months ago when I stumbled upon a lesser known feature of AWS KMS which allows an attacker to do devastating ransomware attacks on a compromised AWS account. Now I know that ransomware attacks using cross-account KMS keys is already known (checkout the article below)— but even then, the CMK is managed by AWS and they can just block the attackers access to the CMK and decrypt data for the victim because the key is OWNED by AWS and attacker is just given API access to it under AWS TOS. Also there’s no way to delete the CMK but only schedule the key deletion (min 7 days) which means there’s ample time for AWS to intervene.
·medium.com·
Perfecting Ransomware on AWS — Using ‘keys to the kingdom’ to change the locks
Cisco Event Response: Reports of Security Incident
Cisco Event Response: Reports of Security Incident
Version 1.1: October 18, 2024 Based on our investigations, we are confident that there has been no breach of our systems. We have determined that the data in question is on a public-facing DevHub environment—a Cisco resource center that enables us to support our community by making available software code, scripts, etc. for customers to use as needed. At this stage in our investigation, we have determined that a small number of files that were not authorized for public download may have been published. As of now, we have not observed any confidential information such as sensitive PII or financial data to be included but continue to investigate to confirm. Out of an abundance of caution, we have disabled public access to the site while we continue the investigation. * Meanwhile, Cisco will engage directly with customers if we determine they have been impacted by this event.
·sec.cloudapps.cisco.com·
Cisco Event Response: Reports of Security Incident
Microsoft creates fake Azure tenants to pull phishers into honeypots
Microsoft creates fake Azure tenants to pull phishers into honeypots
Microsoft is using deceptive tactics against phishing actors by spawning realistic-looking honeypot tenants with access to Azure and lure cybercriminals in to collect intelligence about them. #Accounts #Computer #Fake #Honeypot #InfoSec #Microsoft #Phishing #Security
·bleepingcomputer.com·
Microsoft creates fake Azure tenants to pull phishers into honeypots
HijackLoader evolution: abusing genuine signing certificates
HijackLoader evolution: abusing genuine signing certificates
Since mid-September 2024, our telemetry has revealed a significant increase in “Lumma Stealer”1 malware deployments via the “HijackLoader”2 malicious loader. On October 2, 2024, HarfangLab EDR detected and blocked yet another HijackLoader deployment attempt – except this time, the malware sample was properly signed with a genuine code-signing certificate. In response, we initiated a hunt for code-signing certificates (ab)used to sign malware samples. We identified and reported more of such certificates. This report briefly presents the associated stealer threat, outlines the methodology for hunting these certificates, and providees indicators of compromise.
·harfanglab.io·
HijackLoader evolution: abusing genuine signing certificates
Anonymous Sudan Takedown: Akamai's Role
Anonymous Sudan Takedown: Akamai's Role
The United States Department of Justice (DOJ) recently announced the takedown of Anonymous Sudan, a prolific entity in the distributed denial-of-service (DDoS) space who are known especially for their politically motivated hacktivism. This takedown is a huge step toward making the internet a safer place, and it required significant effort from multiple parties, including Akamai.
·akamai.com·
Anonymous Sudan Takedown: Akamai's Role
Two Sudanese Nationals Indicted for Alleged Role in Anonymous Sudan Cyberattacks on Hospitals, Government Facilities, and Other Critical Infrastructure in Los Angeles and Around the World
Two Sudanese Nationals Indicted for Alleged Role in Anonymous Sudan Cyberattacks on Hospitals, Government Facilities, and Other Critical Infrastructure in Los Angeles and Around the World
A federal grand jury indictment unsealed today charges two Sudanese nationals with operating and controlling Anonymous Sudan, an online cybercriminal group responsible for tens of thousands of Distributed Denial of Service (DDoS) attacks against critical infrastructure, corporate networks, and government agencies in the United States and around the world.
·justice.gov·
Two Sudanese Nationals Indicted for Alleged Role in Anonymous Sudan Cyberattacks on Hospitals, Government Facilities, and Other Critical Infrastructure in Los Angeles and Around the World