cyberveille.decio.ch

7248 bookmarks

Custom sorting

How Lazarus Group laundered $200M from 25+ crypto hacks to fiat …

Bluenoroff or APT38, more commonly referred to as Lazarus Group is a threat group which has been tied to the North Korean government since as early as 2009 primarily being financially motivated utilizing malware custom built for each target. Early on, the threat group gained notoriety for cyberattacks such as Sony Pictures Hack in 2014 and $81M Bangladesh Bank heist in 2016 and in more recent years has shifted focus to targets in the cryptocurrency industry. Analytics firms such as TRM and Chainalysis release annual reports summarizing crypto related incidents linked to DPRK and since 2017 they estimate between $3B to $4.1B has been stolen.

#zachxbt #EN #2024 #Bluenoroff #APT38 #LazarusGroup #NorthKorean #laundering #money

·zachxbt.mirror.xyz·Sep 17, 2024

How Lazarus Group laundered $200M from 25+ crypto hacks to fiat …

IoT Thermostat Bug Allows Hackers to Turn Up the Heat | by NewSky Security | NewSky Security

With the ever-increasing impact of smart and connected devices in our daily lives, Cybersecurity has a variety of security challenges to deal with. The field of traditional computer security deals…

·blog.newskysecurity.com·Sep 17, 2024

IoT Thermostat Bug Allows Hackers to Turn Up the Heat | by NewSky Security | NewSky Security

An Offer You Can Refuse: UNC2970 Backdoor Deployment Using Trojanized PDF Reader

UNC2970 is a cyber espionage group suspected to have a North Korea nexus.

#Mandiant #2024 #UNC2970 #Backdoor #PDF #PDF-Reader #North #North-Korea

·cloud.google.com·Sep 17, 2024

An Offer You Can Refuse: UNC2970 Backdoor Deployment Using Trojanized PDF Reader

Qilin ransomware attack on Synnovis impacted over 900K patients

The personal information of a million individuals was leaked online following a ransomware attack that in June hit NHS hospitals in London.

#securityaffairs #EN #2024 #Qilin #Synnovis #PII #NHS #ransomware #data-leak #London #Healthcare #UK

·securityaffairs.com·Sep 17, 2024

Qilin ransomware attack on Synnovis impacted over 900K patients

The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation

This is the story of CVE-2022-0847, a vulnerability in the Linux kernel since 5.8 which allows overwriting data in arbitrary read-only files. This leads to privilege escalation because unprivileged processes can inject code into root processes. It is similar to CVE-2016-5195 “Dirty Cow” but is easier to exploit. The vulnerability was fixed in Linux 5.16.11, 5.15.25 and 5.10.102.

#CVE-2022-0847 #dirtypipe #Linux #Kernel #arbitrary #privilege #escalation #vulnerability #EN #2022

·dirtypipe.cm4all.com·Mar 7, 2022

The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation

Microsoft working on OS update to prevent another IT outage

Existing low-level access for security solutions will undergo a rework

#theregister #EN #2024 #crowdstrike #cyberincident #microsoft #Kernel #EDR #update

·theregister.com·Sep 16, 2024

Microsoft working on OS update to prevent another IT outage

Hadooken Malware Targets Weblogic Applications

Nautilus researchers identified a new Linux malware targeting Weblogic servers with running Hadooken malware

#aquasec #EN #2024 #Hadooken #Malware #Weblogic #Applications #Oracle #weak-password

·aquasec.com·Sep 16, 2024

Hadooken Malware Targets Weblogic Applications

Apple is well on its way to making iPhones theft-proof

Apple’s latest theft-prevention measure went live for beta testers yesterday: Activation Lock for iPhone components. The move is likely to...

#9to5mac #EN #2024 #Apple #iPhone #Activation-Lock #parts #components #theft-proof

·9to5mac.com·Sep 16, 2024

Apple is well on its way to making iPhones theft-proof

SolarWinds fixed critical RCE CVE-2024-28991 in Access Rights Manager

SolarWinds addressed a critical remote code execution vulnerability, tracked as CVE-2024-28991, in Access Rights Manager.

#securityaffairs #EN #2024 #SolarWinds #RCE #CVE-2024-28991 #ARM #Access #Rights #Manager

·securityaffairs.com·Sep 16, 2024

SolarWinds fixed critical RCE CVE-2024-28991 in Access Rights Manager

Multiple attacks forces CISA to order agencies to upgrade or remove end-of-life Ivanti appliance

The nation’s top cyber watchdogs urged federal agencies to either remove or upgrade an Ivanti appliance that is no longer being updated and has been exploited in attacks.

#therecord.media #EN #2024 #CISA #Ivanti #remove #appliances #End-of-Life

·therecord.media·Sep 16, 2024

Multiple attacks forces CISA to order agencies to upgrade or remove end-of-life Ivanti appliance

German radio station forced to broadcast 'emergency tape' following cyberattack

Radio Geretsried, a local station in Bavaria, said it was trying to save music files and restore systems after an apparent ransomware attack.

#therecord.media #EN #2024 #Radio #Geretsried #Germany #ransomware

·therecord.media·Sep 16, 2024

German radio station forced to broadcast 'emergency tape' following cyberattack

23andMe Agrees To $30 Million Settlement For Last Year's Data Breach

Affected users can try to claim up to $10,000 if the breach at 23andMe led to financial fraud or paying up for security or mental health services.

#pcmag #EN #2024 #23andMe #Settlement #Data-Breach

·au.pcmag.com·Sep 16, 2024

23andMe Agrees To $30 Million Settlement For Last Year's Data Breach

Scammers advertise fake AppleCare+ service via GitHub repos

Beware before calling Apple for assistance as scammers are creating malicious ads and fake pages to lure you in.

#malwarebytes #EN #2024 #Scammers #AppleCare+#GitHub #repos

·malwarebytes.com·Sep 14, 2024

Scammers advertise fake AppleCare+ service via GitHub repos

'Vo1d' Trojan Malware Infects 1.3 Million Android-Based TV Boxes Globally

Antivirus firm Dr.Web has flagged a type of Android malware known as Android.Vo1d that has infected about 1.3 million TV boxes across 197 countries. The malware effectively enables a backdoor into the TV box's system that allows an attacker to download and install malicious third-party software. The R4 TV box model running Android 7.1.2, a TV Box running Android 12.1, and the KJ-SMART4KVIP TV box running Android 10.1 were the types of devices reportedly impacted.

#pcmag #EN #2024 #Vo1d #androidTV #TV #Box #KJ-SMART4KVIP #Trojan #Malware

·pcmag.com·Sep 14, 2024

'Vo1d' Trojan Malware Infects 1.3 Million Android-Based TV Boxes Globally

UK arrests teen linked to Transport for London cyber attack

U.K.'s National Crime Agency says it arrested a 17-year-old teenager who is suspected of being connected to the cyberattack on Transport for London, the city's public transportation agency.

#bleepingcomputer #EN #2024 #Arrest #Cyberattack #London #Teenager #TfL #Transport-for-London #United-Kingdom #UK

·bleepingcomputer.com·Sep 14, 2024

UK arrests teen linked to Transport for London cyber attack

Zero-Click Calendar invite — Critical zero-click vulnerability chain in macOS

I found a zero-click vulnerability in macOS Calendar, which allows an attacker to add or delete arbitrary files inside the Calendar sandbox environment. This could lead to many bad things including malicious code execution which can be combined with security protection evasion with Photos to compromise users’ sensitive Photos iCloud Photos data. Apple has fixed all of the vulnerabilities between October 2022 and September 2023.

#mikko-kenttala #EN #2024 #Critical #zero-click #macos #vulnerability

·mikko-kenttala.medium.com·Sep 14, 2024

Zero-Click Calendar invite — Critical zero-click vulnerability chain in macOS

Distributed Denial of Truth (DDoT): The Mechanics of Influence Operations and The Weaponization of Social Media

With the US election on the horizon, it’s a good time to explore the concept of social media weaponization and its use in manipulating public opinion.

#trustwave #EN #2024 #DDoT #Distributed #Denial #Truth #US #election #manipulating #disinformation

·trustwave.com·Sep 14, 2024

Distributed Denial of Truth (DDoT): The Mechanics of Influence Operations and The Weaponization of Social Media

Apple Suddenly Drops NSO Group Spyware Lawsuit

Apple said there’s “too significant a risk” of exposing the anti-exploit work needed to fend off the very adversaries involved in the case.

#securityweek #EN #2024 #Apple #NSO #Group #Spyware #Lawsuit

·securityweek.com·Sep 14, 2024

Apple Suddenly Drops NSO Group Spyware Lawsuit

Ils réclament 3 millions à la Banque cantonale de Zurich: 4 jeunes arrêtés

Quatre jeunes Suisses ont été arrêtés pour avoir tenté de faire chanter la Banque cantonale de Zurich (ZKB). Ils ont exigé des bitcoins d'une valeur de trois millions de francs, faute de quoi les données de clients de la banque seraient publiées.

#bluewin #FR #2024 #zurich #banque #chantage #suisse

·bluewin.ch·Sep 14, 2024

Ils réclament 3 millions à la Banque cantonale de Zurich: 4 jeunes arrêtés

Chinese APT Abuses VSCode to Target Government in Asia

A first in our telemetry: Chinese APT Stately Taurus uses Visual Studio Code to maintain a reverse shell in victims' environments for Southeast Asian espionage. A first in our telemetry: Chinese APT Stately Taurus uses Visual Studio Code to maintain a reverse shell in victims' environments for Southeast Asian espionage.

#unit42 #EN #2024 #China #APT #StatelyTaurus #VisualStudio

·unit42.paloaltonetworks.com·Sep 14, 2024

Chinese APT Abuses VSCode to Target Government in Asia

In Wake of Durov Arrest, Some Cybercriminals Ditch Telegram

Hackers, fraudsters, and drug dealers are all leaving the platform in one way or another. Some are worried that Telegram may start providing user data to the authorities.

#404media #EN #2024 #Telegram #Hackers #fraudsters #Durov #leaving

·404media.co·Sep 14, 2024

In Wake of Durov Arrest, Some Cybercriminals Ditch Telegram

RansomHub claims Kawasaki cyberattack, threatens to leak stolen data

Kawasaki Motors Europe has announced that it's recovering from a cyberattack that caused service disruptions as the RansomHub ransomware gang threatens to leak stolen data.

#bleepingcomputer #EN #2024 #Data-Breach #Kawasaki #RansomHub #Ransomware

·bleepingcomputer.com·Sep 14, 2024

RansomHub claims Kawasaki cyberattack, threatens to leak stolen data

Kawasaki’s European HQ recovers from cyber attack

At the start of September, Kawasaki Motors Europe, (KME) was the subject of a cyber-attack which, although not successful, resulted in the company’s servers being temporarily isolated until a strategic recovery plan was initiated later on the same day. KME and its country Branches operate a large number of servers and, as a precaution, it was decided to isolate each one and put a cleansing process in place whereby all data was checked and any suspicious material identified and dealt with.

#kawasaki #EN #2024 #cyberattack #annonce #ransomware

·kawasaki.eu·Sep 14, 2024

Kawasaki’s European HQ recovers from cyber attack

Data centres as vital as NHS and power grid, government says

Data centres in the UK are to be classified as critical national infrastructure, joining the emergency services, finance and healthcare systems, and energy and water supplies. It means they would get extra government support during a major incident, such as a cyber attack, an IT outage or extreme weather, in order to minimise disruption.

#bbc #EN #2024 #Critical-infrastructure #datacenters #UK

·bbc.com·Sep 14, 2024

Data centres as vital as NHS and power grid, government says

CVE-2024-29847 Deep Dive: Ivanti Endpoint Manager AgentPortal Deserialization of Untrusted Data Remote Code Execution Vulnerability – Horizon3.ai

CVE-2024-29847 Ivanti Endpoint Manager AgentPortal Deserialization of Untrusted Data Remote Code Execution Vulnerability.

#horizon3 #EN #2024 #CVE-2024-29847 #Ivanti #Endpoint #Manager #AgentPortal #Deserialization #analysis

·horizon3.ai·Sep 13, 2024

CVE-2024-29847 Deep Dive: Ivanti Endpoint Manager AgentPortal Deserialization of Untrusted Data Remote Code Execution Vulnerability – Horizon3.ai

TfL confirms 5,000 customers' bank data exposed

Transport for London's ongoing cyber incident has taken a dark turn as the organization confirmed that some data, including bank details, might have been accessed, and 30,000 employees' passwords will need to be reset via in-person appointments.

#theregister #EN #2024 #Transport #for #London #incident #UK #data #exposed #Data-Breach

·theregister.com·Sep 13, 2024

TfL confirms 5,000 customers' bank data exposed

Hold – Verify – Execute: Rise of Malicious POCs Targeting Security Researchers

Overview While investigating CVE-2024-5932, a code injection vulnerability in the GiveWP WordPress plugin, our team encountered a malicious Proof of Concept (POC) targeting cybersecurity professionals. This has become a growing threat to cybersecurity professionals from […]

#blog.sonicwall #EN #2024 #CVE-2024-5932 #malicious-POC #POC #Researchers #cybersecurity #professionals

·blog.sonicwall.com·Sep 12, 2024

Hold – Verify – Execute: Rise of Malicious POCs Targeting Security Researchers

Transport for London confirms customer data stolen in cyberattack

Transport for London (TfL) has determined that the cyberattack on September 1 impacts customer data, including names, contact details, email addresses, and home addresses. #Breach #Computer #Customer #Data #InfoSec #London #Security #TfL #Transport #for