cyberveille.decio.ch

7048 bookmarks

Custom sorting

MacOS X Malware Development

In today’s post, We’ll explore the process of designing and developing malware for macOS, which is a Unix-based operating system. We’ll use a classic approach to understanding Apple’s internals. To follow along, you should have a basic understanding of exploitation, as well as knowledge of C and Python programming, and some familiarity with low-level assembly language. While the topics may be advanced, I’ll do my best to present them smoothly.

#0xf00sec #EN #2024 #MacOS #Malware #Development #process #Python #technique

·0xf00sec.github.io·Aug 25, 2024

MacOS X Malware Development

OpenSSH Backdoors

Imagine this: an OpenSSH backdoor is discovered, maintainers rush to push out a fixed release package, security researchers trade technical details on mailing lists to analyze the backdoor code. Speculation abounds on the attribution and motives of the attacker, and the tech media pounces on the story. A near miss of epic proportions, a blow to the fabric of trust underlying open source development, a stark reminder of the risks of supply-chain attacks. Equal measures brilliant and devious.

#blog.isosceles.com #EN #2024 #openssh #backdoor #analysis #supply-chain

·blog.isosceles.com·Aug 25, 2024

OpenSSH Backdoors

Unveiling sedexp: A Stealthy Linux Malware Exploiting udev Rules

Stroz Friedberg identified a stealthy malware, dubbed “sedexp,” utilizing Linux udev rules to achieve persistence and evade detection. This advanced threat, active since 2022, hides in plain sight while providing attackers with reverse shell capabilities and advanced concealment tactics.

#aon #EN #2024 #sedexp #Linux #Malware #udev #Rules

·aon.com·Aug 25, 2024

Unveiling sedexp: A Stealthy Linux Malware Exploiting udev Rules

Cyberattaque contre Swisscom:  L'attaque DDos repoussée

Swisscom a été visé vendredi vers 11h30 par une cyberattaque qui a paralysé les services de paiement comme Twint. L'attaque DDos a été repoussée vers 16h00. Les experts continuaient toutefois à observer attentivement l'évolution de la situation.

#bluewin #FR #CH #2024 #Swisscom #DDoS #twint #paralysé #paiement

·bluewin.ch·Aug 24, 2024

Cyberattaque contre Swisscom:  L'attaque DDos repoussée

Microsoft Copilot Studio Vulnerability Led to Information Disclosure

A vulnerability in Microsoft Copilot Studio could be exploited to access sensitive information on the internal infrastructure used by the service, Tenable reports. The flaw, tracked as CVE-2024-38206 (CVSS score of 8.5) and described as a ‘critical’ information disclosure bug, has been fully mitigated, Microsoft said in an August 6 advisory.

#securityweek #EN #2024 #Microsoft #Copilot #Studio #Vulnerability #information #disclosure #bug #CVE-2024-38206

·securityweek.com·Aug 24, 2024

Microsoft Copilot Studio Vulnerability Led to Information Disclosure

MIFARE Classic: exposing the static encrypted nonce variant... and a few hardware backdoors

We studied the most secure static encrypted nonce variant of "MIFARE Classic compatible" cards -- meant to resist all known card-only attacks -- and developed new attacks defeating it, uncovering a hardware backdoor in the process. And that's only the beginning...

#quarkslab #NFC #RFID #Proxmark3 #MIFARE #cryptography #backdoor #2024 #FM11RF08S #Fudan #Microelectronics

·blog.quarkslab.com·Aug 24, 2024

MIFARE Classic: exposing the static encrypted nonce variant... and a few hardware backdoors

Major Backdoor in Millions of RFID Cards Allows Instant Cloning

French security services firm Quarkslab has made an eye-popping discovery: a significant backdoor in millions of contactless cards made by Shanghai Fudan Microelectronics Group, a leading chip manufacturer in China.

#securityweek #EN #2024 #RFID #cards #cloned #Quarkslab #backdoor #Shanghai #Fudan #Microelectronics #Group

·securityweek.com·Aug 24, 2024

Major Backdoor in Millions of RFID Cards Allows Instant Cloning

Xeon Sender | SMS Spam Shipping Multi-Tool Targeting SaaS Credentials

Cloud attack tool has been repurposed by multiple threat actors to push SMS spam and smishing campaigns through major SaaS providers.

#sentinelone #EN #python #script #Cloud-attack-tool #SMS #spam #SaaS #Xeon-Sender

·sentinelone.com·Aug 24, 2024

Xeon Sender | SMS Spam Shipping Multi-Tool Targeting SaaS Credentials

Finding Malware: Unveiling NUMOZYLOD with Google Security Operations

Welcome to the Finding Malware Series The “Finding Malware,“ blog series is authored to empower the Google Security Operations community to

#googlecloudcommunity #EN #2024 #NUMOZYLOD #analysis #malvertising

·googlecloudcommunity.com·Aug 24, 2024

Finding Malware: Unveiling NUMOZYLOD with Google Security Operations

TodoSwift Disguises Malware Download Behind Bitcoin PDF

A new piece of malware that we're calling TodoSwift downloads its malicious payload alongside a seemingly legitimate piece of content about cryptocurrency.

#kandji #EN #2024 #TodoSwift #Malware #Bitcoin #PDF

·kandji.io·Aug 24, 2024

TodoSwift Disguises Malware Download Behind Bitcoin PDF

Cthulhu Stealer malware aimed to take macOS user data

Researchers have discovered another data-seizing macOS malware, with "Cthulhu Stealer" sold to online criminals for just $500 a month.

#appleinsider #EN #2024 #Cthulhu-Stealer #MaaS #macos

·appleinsider.com·Aug 24, 2024

Cthulhu Stealer malware aimed to take macOS user data

From the Depths: Analyzing the Cthulhu Stealer Malware for macOS

Cado Security has identified a malware-as-a-service (MaaS) targeting macOS users named “Cthulhu Stealer”.

#cadosecurity #EN #2024 #Cthulhu-Stealer #macos #analysis #MaaS #malware-as-a-service

·cadosecurity.com·Aug 24, 2024

From the Depths: Analyzing the Cthulhu Stealer Malware for macOS

FIN7: The Truth Doesn't Need to be so STARK

First and foremost, our thanks go to the threat research team at Silent Push and the security team at Stark Industries Solutions (referred to as “Stark” from this point forwards) for their enthusiastic cooperation in the ‘behind the scenes’ efforts of this blog post.IntroductionIn our opening statement, we also introduce the subject of this post: the cross-team and cross-organization collaborative efforts of Silent Push, Stark, and Team Cymru in taking action against a common and well-known adve

#team-cymru #EN #2024 #FIN7 #Stark-Industries-Solutions #STARK #PostLtd #SmartApe #investigation

·team-cymru.com·Aug 24, 2024

FIN7: The Truth Doesn't Need to be so STARK

Unmasking Styx Stealer: How a Hacker's Slip Led to an Intelligence Treasure Trove - Check Point Research

Check Point Research (CPR) recently uncovered Styx Stealer, a new malware capable of stealing browser data, instant messenger sessions from Telegram and Discord, and cryptocurrency. Even though it only recently appeared, it has already been noticed in attacks, including those targeting our customers. The developer of Styx Stealer was found to be linked to one of Agent Tesla threat actors, Fucosreal, who was involved in a spam campaign also targeting our customers. During the debugging of Styx Stealer, the developer made a fatal error and leaked data from his computer, which allowed CPR to obtain a large amount of intelligence, including the number of clients, profit information, nicknames, phone numbers, and email addresses, as well as similar data about the actor behind the Agent Tesla campaign.

#checkpoint #2024 #investigation #OPSEC-fail #StyxStealer #Telegram

·research.checkpoint.com·Aug 24, 2024

Unmasking Styx Stealer: How a Hacker's Slip Led to an Intelligence Treasure Trove - Check Point Research

Qilin ransomware caught stealing credentials stored in Google Chrome

Familiar ransomware develops an appetite for passwords to third-party sites

#sophos #EN #2024 #ransomware #Qilin #Chrome #passwords

·news.sophos.com·Aug 23, 2024

Qilin ransomware caught stealing credentials stored in Google Chrome

Touché par un ransomware, Schlatter Industries a relancé ses systèmes (update) | ICTjournal

Le réseau informatique de l'entreprise suisse de fabrication de machines Schlatter a été attaqué via un logici

#ictjournal #FR #CH #2024 #Suisse #Schlatter #ransomware

·ictjournal.ch·Aug 23, 2024

Touché par un ransomware, Schlatter Industries a relancé ses systèmes (update) | ICTjournal

NGate Android malware relays NFC traffic to steal cash

ESET Research uncovers Android malware that relays NFC data from victims’ payment cards, via victims’ mobile phones, to the device of a perpetrator waiting at an ATM.

#ESET #welivesecurity #EN #2024 #Android #malware #NFC #ATM

·welivesecurity.com·Aug 23, 2024

NGate Android malware relays NFC traffic to steal cash

No one’s ready for this

With AI photo editing getting easy and convincing, the world isn’t prepared for an era where photographs aren’t to be trusted.

#theverge #EN #2024 #photo-editing #AI #fake #trust #images

·theverge.com·Aug 23, 2024

No one’s ready for this

Security Advisory CVE-2024-40766

An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.

#sonicwall #EN #2024 #Advisory #CVE-2024-40766

·psirt.global.sonicwall.com·Aug 22, 2024

Security Advisory CVE-2024-40766

Un mail frauduleux signé par Swisscom est en circulation

Les escrocs par hameçonnage sont de plus en plus sophistiqués. Actuellement, des e-mails circulent au nom de Swisscom, promettant des remboursements de factures trop élevées.

#blick #FR #CH #2024 #escrocs #hameçonnage #Swisscom #Suisse

·blick.ch·Aug 22, 2024

Un mail frauduleux signé par Swisscom est en circulation

Les CFF ont du mal à se débarrasser d'un logiciel russe

Après que la Confédération a mis en garde contre les cyberattaques, les CFF ont décidé de remplacer leur logiciel russe Infotrans. Plus facile à dire qu'à faire: la Suisse manque de compétences pour développer son système et cela est très coûteux.

#blick #FR #CH #CFF #Russie #2024 #Infotrans #logiciel #russe

·blick.ch·Aug 22, 2024

Les CFF ont du mal à se débarrasser d'un logiciel russe

SolarWinds Trust Center Security Advisories | CVE-2024-28987

The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.

#solarwinds #EN #2024 #CVE-2024-28987 #hardcoded #credential #Advisorie #WHD #WebHelpDesk

·solarwinds.com·Aug 22, 2024

SolarWinds Trust Center Security Advisories | CVE-2024-28987

Windows 0-day was exploited by North Korea to install advanced rootkit

FudModule rootkit burrows deep into Windows, where it can bypass key security defenses.

#arstechnica #EN #2024 #FudModule #rootkit #Lazarus #CVE-2024-38193

·arstechnica.com·Aug 21, 2024

Windows 0-day was exploited by North Korea to install advanced rootkit

Litespeed Cache bug exposes millions of WordPress sites to takeover attacks

A critical vulnerability in the LiteSpeed Cache WordPress plugin can let attackers take over millions of websites after creating rogue admin accounts. #Admin #Cache #Computer #InfoSec #LiteSpeed #Plugin #Security #Takeover #Website #WordPress

#bleepingcomputer #EN #2024 #Plugin #Computer #LiteSpeed #InfoSec #Takeover #WordPress #Cache #Security #Website #Admin

·bleepingcomputer.com·Aug 21, 2024

Litespeed Cache bug exposes millions of WordPress sites to takeover attacks

Iran Reportedly Grapples With Major Cyberattack on Banking Systems

The last known cyberattack waged against Iranian infrastructure took place last December with blame placed on Israel and the US.

#darkreading #EN #2024 #Iran #cyberattack #Banking #Systems

·darkreading.com·Aug 21, 2024

Iran Reportedly Grapples With Major Cyberattack on Banking Systems

Widespread Cloud Exposure: Extortion Campaign Used Exposed AWS ENV Files To Target 110,000 Domains

A cloud extortion campaign exploited misconfigured AWS .env files to target 110,000 domains, stealing credentials and ransoming cloud storage data.

#cyble #EN #2024 #Cloud #Exposure #env #.env #AWS #extortion

·cyble.com·Aug 21, 2024

Widespread Cloud Exposure: Extortion Campaign Used Exposed AWS ENV Files To Target 110,000 Domains

Microchip August 20, 2024

#sec.gov #EN #2024 #SEC #filing #Microchip

·sec.gov·Aug 21, 2024

Microchip August 20, 2024

Chipmaker Microchip reveals cyber attack

Defense contractor gets hacked – what's the worst that could happen

#theregister #EN #2024 #SEC #Microchip #cyber-attack #hacked #defense-contractor

·theregister.com·Aug 21, 2024

Chipmaker Microchip reveals cyber attack

MITRE Marks Major Milestone, Minting 400 CNAs as NVD Backlog Grows - Socket

MITRE has just minted its 400th CNA, as the NVD struggles to tame its backlog of CVEs awaiting analysis, which has increased by 30% since June.

#socket.dev #EN #2024 #MITRE #Backlog #CNA

·socket.dev·Aug 21, 2024

MITRE Marks Major Milestone, Minting 400 CNAs as NVD Backlog Grows - Socket

Data Exfiltration from Slack AI via indirect prompt injection

This vulnerability can allow attackers to steal anything a user puts in a private Slack channel by manipulating the language model used for content generation. This was responsibly disclosed to Slack (more details in Responsible Disclosure section at the end).

#promptarmor #EN #2024 #Slack #prompt-injection #LLM #vulnerability #steal #indirect-prompt #injection

·promptarmor.substack.com·Aug 20, 2024

Data Exfiltration from Slack AI via indirect prompt injection