Chrome Users Now Worth 30% Less Money Thanks to Google's Cookie Killing, Ad Firm Says
A week into phase one of Google’s cookie killing project in Chrome, early tests show how it could hit the web’s bottom line.
cyberveille.decio.ch
Framework Data Breach - General Topics - Framework Community
Copypasta’d from an email from FW: Hello, Keating Consulting, Framework’s primary external accounting partner, brought to our attention at 8:13am PST on January 11th, 2024, that one of their accountants fell victim to…
Volt Typhoon Compromises 30% of Cisco RV320/325 Devices in 37 Days
SecurityScorecard has discovered the threat actor group Volt Typhoon has compromised 30% of Cisco RV320/325 Devices in 37 Days. Learn more.
Welcome To 2024, The SSLVPN Chaos Continues - Ivanti CVE-2023-46805 & CVE-2024-21887
Did you have a good break? Have you had a chance to breathe? Wake up. It’s 2024, and the chaos continues - thanks to Volexity (Volexity’s writeup), the industry has been alerted to in-the-wild exploitation of 2 incredibly serious 0days (CVE-2023-46805 and CVE-2024-21887 - two bugs, Command Injection
Further analysis of Denmark attacks leads to warning about unpatched network gear
What happened in Denmark can also happen to you, cybersecurity researchers are warning in a new report that examines attacks against the country’s energy sector last year. Waves of incidents in May that seemed like a highly-targeted effort by a nation-state actor — perhaps Russia’s Sandworm hacking group — might have been less connected than originally thought, according to a new report by Forescout. The researchers say their analysis found two distinct waves against Danish energy providers, and evidence suggests they were unrelated.
QNAP Patches High-Severity Flaws in QTS, Video Station, QuMagie, Netatalk Products
QNAP has released patches for a dozen vulnerabilities in its products, including several high-severity flaws.
Beware! YouTube Videos Promoting Cracked Software Distribute Lumma Stealer
Beware of YouTube videos offering cracked software! They might be a gateway to the Lumma malware, stealing your sensitive information
Turkish Hackers Exploiting Poorly Secured MS SQL Servers Across the Globe
Turkish hackers targeting poorly secured MS SQL servers across the U.S., European Union, and Latin America.
ShinyHunters member gets 3 years in prison for breaching 60 firms
The U.S. District Court in Seattle sentenced ShinyHunters member Sebastien Raoult to three years in prison and ordered a restitution of $5,000,000. #Broker #Computer #Customer #Data #Hackers #InfoSec #Legal #Prison #Security #ShinyHunters #Theft
Turkish hackers targeting database servers with Mimic ransomware
The “RE#TURGENCE” campaign is targeting victims in the E.U., U.S. and Latin America by going after Microsoft SQL, researchers with Securonix found.
Anthropic researchers find that AI models can be trained to deceive
A study co-authored by researchers at Anthropic finds that AI models can be trained to deceive -- and that this deceptive behavior is difficult to combat.
CVE-2024-21591 - Juniper J-Web OOB Write vulnerability
- Juniper Networks recently patched a critical pre-authentication Remote Code Execution (RCE) vulnerability in the J-Web configuration interface across all versions of Junos OS on SRX firewalls and EX switches. Unauthenticated actors could exploit this vulnerability to gain root access or initiate Denial of Service (DoS) attacks on devices that have not been patched. Ensure your systems are updated promptly to mitigate this risk. Check for exposed J-Web configuration interfaces using this Censys Search query: services.software.uniform_resource_identifier:
cpe:2.3:a:juniper:jweb:*:*:*:*:*:*:*:*. * As emphasized last year in CISA’s BOD 23-02 guidance, exposed network management interfaces continue to pose a significant risk. Restrict access to these interfaces from the public internet wherever possible.
Hackers can infect network-connected wrenches to install ransomware
Researchers identify 23 vulnerabilities, some of which can exploited with no authentication.
Cryptojacker arrested in Ukraine over EUR 1.8 million mining scheme
The 29-year-old individual was apprehended in Mykolaiv, Ukraine, on 9 January. Three properties were searched to gather evidence against the main suspect. The arrest comes after months of intensive collaboration between Ukrainian authorities, Europol and a cloud provider, who worked tirelessly to identify and locate the individual behind the widespread cryptojacking operation.The suspect is believed to have mined over USD...
CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign
This blog delves into the Phemedrone Stealer campaign's exploitation of CVE-2023-36025, the Windows Defender SmartScreen Bypass vulnerability, for its defense evasion and investigates the malware's payload.
Attack of the week: Airdrop tracing – A Few Thoughts on Cryptographic Engineering
It's been a while since I wrote an "attack of the week" post, and the fault for this is entirely mine. I've been much too busy writing boring posts about Schnorr signatures! But this week's news brings an exciting story with both technical and political dimensions: new reports claim that Chinese security agencies have developed…
Act Now: CISA Flags Active Exploitation of Microsoft SharePoint Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security vulnerability impacting Microsoft SharePoint Server to its
SharePoint Pre-Auth RCE chain (CVE-2023–29357 & CVE-2023–24955) | STAR Labs
Brief I may have achieved successful exploitation of a SharePoint target during Pwn2Own Vancouver 2023. While the live demonstration lasted only approximately 30 seconds, it is noteworthy that the process of discovering and crafting the exploit chain consumed nearly a year of meticulous effort and research to complete the full exploit chain. This exploit chain leverages two vulnerabilities to achieve pre-auth remote code execution (RCE) on the SharePoint server: Authentication Bypass – An unauthenticated attacker can impersonate as any SharePoint user by spoofing valid JSON Web Tokens (JWTs), using the none signing algorithm to subvert signature validation checks when verifying JWT tokens used for OAuth authentication.
Follow-On Extortion Campaign Targeting Victims of Akira and Royal Ransomware
Arctic Wolf Labs has investigated several cases where ransomware victims are being targeted for follow-on extortion attempts by threat actors who are aware of ransom attack details.
Linux devices are under attack by a never-before-seen worm | Ars Technica
Based on Mirai malware, self-replicating NoaBot installs cryptomining app on infected devices.
AirDrop 'Cracked' By Chinese Authorities to Identify Senders
Apple's AirDrop feature has reportedly been cracked by a Chinese state-backed institution, allowing authorities to identify senders who share...
Active Exploitation of Two Zero-Day Vulnerabilities in Ivanti Connect Secure VPN
Volexity has uncovered active in-the-wild exploitation of two vulnerabilities allowing unauthenticated remote code execution in Ivanti Connect Secure VPN appliances. An official security advisory and knowledge base article have been released by Ivanti that includes mitigation that should be applied immediately. However, a mitigation does not remedy a past or ongoing compromise. Systems should simultaneously be thoroughly analyzed per details in this post to look for signs of a breach.
Le service de renseignement suisse surveille aussi le trafic de données national
Avec l'entrée en vigueur de la nouvelle loi sur le renseignement en 2017, le Service de renseignement de la Confédération (SRC) s'est vu doté de nouvelles capacités de surveillance. Contrairement aux promesses faites lors de la campagne électorale, celles-ci sont également utilisées pour surveiller le trafic de données en Suisse.
NSA official: hackers use AI bots like ChatGPT to perfect English
NSA Cybersecurity Director Rob Joyce said the spy agency has seen hackers use chatbots like ChatGPT to perfect their English for phishing schemes.
SEC Has Not Approved Bitcoin ETFs, but Its Hacked X Account Briefly Said Otherwise
The X account of the U.S. Securities and Exchange Commission, which is deciding whether to approve bitcoin ETFs, "was compromised," the regulator told CoinDesk.
AI aides nation-state hackers but also helps US spies to find them, says NSA cyber director | TechCrunch
"AI, machine learning [and] deep learning is absolutely making us better at finding malicious activity," said NSA's Rob Joyce.
Avast Updates Babuk Ransomware Decryptor in Cooperation with Cisco Talos and Dutch Police
Avast is releasing an updated version of the Avast Babuk decryption tool, capable of restoring files encrypted by the Babuk variant called Tortilla.
Netgear, Hyundai latest X accounts hacked to push crypto drainers
The official Netgear and Hyundai MEA Twitter/X accounts (together with over 160,000 followers) are the latest hijacked to push scams designed to infect potential victims with cryptocurrency wallet drainer malware.
Meet Ika & Sal: The Bulletproof Hosting Duo from Hell
In 2020, the United States brought charges against four men accused of building a bulletproof hosting empire that once dominated the Russian cybercrime industry and supported multiple organized cybercrime groups. All four pleaded guilty to conspiracy and racketeering charges. But…
Ransomware gang takes credit for Christmas attack on global Lutheran organization
The World Council of Churches reported an incident in December, and the Lutheran World Federation said it experienced a related incident. The Rhysida gang claimed it carried out the attack on the federation.