cyberveille.decio.ch

6938 bookmarks

Custom sorting

Europol coordinates global action against criminal abuse of Cobalt Strike

Abuse by cybercriminals Cobalt Strike is a popular commercial tool provided by the cybersecurity software company Fortra. It is designed to help legitimate IT security experts perform attack simulations that identify weaknesses in security operations and incident responses. In the wrong hands, however, unlicensed copies of Cobalt Strike can provide a malicious actor with a wide range of attack capabilities.Fortra...

#europol #EN #2024 #crackdown #CobaltStrike #cybercriminals

·europol.europa.eu·Jul 5, 2024

Europol coordinates global action against criminal abuse of Cobalt Strike

blog.ethereum.org mailing list incident

On 2024-06-23, 00:19 AM UTC, a phishing email was sent out to 35,794 email addresses by updates@blog.ethereum.org with the following content

#blog.ethereum.org #EN #incident #spam #mailing

·blog.ethereum.org·Jul 5, 2024

blog.ethereum.org mailing list incident

A Hacker Stole OpenAI Secrets, Raising Fears That China Could, Too

Early last year, a hacker gained access to the internal messaging systems of OpenAI, the maker of ChatGPT, and stole details about the design of the company’s A.I. technologies. The hacker lifted details from discussions in an online forum where employees talked about OpenAI’s latest technologies, according to two people familiar with the incident, but did not get into the systems where the company houses and builds its artificial intelligence.

#nytimes #EN #OpenAI #data-leak #hacked #internal-messaging-systems

·nytimes.com·Jul 5, 2024

A Hacker Stole OpenAI Secrets, Raising Fears That China Could, Too

Sonar

We discovered 4 critical code vulnerabilities in Gogs, a source code hosting solution, which are still unpatched. Read about the details and how to protect yourself.

#sonarsource #EN #2024 #Gogs #vulnerabilities #developers #Supply-Chain

·sonarsource.com·Jul 4, 2024

Sonar

Caught in the Net: Using Infostealer Logs to Unmask CSAM Consumers

Discover how Recorded Future uses infostealer logs to identify CSAM consumers and trends. Learn key findings and mitigation strategies.

#recordedfuture #EN #2024 #Unmask #CSAM #Infostealer #Logs

·recordedfuture.com·Jul 4, 2024

Caught in the Net: Using Infostealer Logs to Unmask CSAM Consumers

OpenAI’s ChatGPT Mac app was storing conversations in plain text

OpenAI updated its ChatGPT macOS app on Friday after users discovered it stored conversations insecurely in plain text.

#theverge #EN #2024 #OpenAI #chatgpt #macOS #app #plain-text

·theverge.com·Jul 4, 2024

OpenAI’s ChatGPT Mac app was storing conversations in plain text

Twilio says hackers identified cell phone numbers of two-factor app Authy users

Twilio says "threat actors were able to identify" phone numbers of people who use the two-factor app Authy.

#techcrunch #EN #2024 #Twilio #phone #numbers #Authy #data-leak

·techcrunch.com·Jul 4, 2024

Twilio says hackers identified cell phone numbers of two-factor app Authy users

Europol coordinates global action against criminal abuse of Cobalt Strike | Europol

#europol #EN #2024 #CobaltStrike #action

·europol.europa.eu·Jul 3, 2024

Europol coordinates global action against criminal abuse of Cobalt Strike | Europol

Arnaque aux codes QR sur les horodateurs de la Ville de Nyon

À la suite d’une arnaque aux codes QR récemment découverte, La Police Nyon Région (PNR) met en garde la population et les visiteurs de passage en Ville de Nyon.

#police-nyon-region #FR #CH #QR #arnaque #horodateurs

·police-nyon-region.ch·Jul 3, 2024

Arnaque aux codes QR sur les horodateurs de la Ville de Nyon

CVE-2024-29510 - Exploiting Ghostscript using format strings

A format string vulnerability in Ghostscript ≤ 10.03.0 which enables attackers to gain Remote Code Execution (#RCE) while also bypassing sandbox protections. CVE-2024-29510 has significant impact on web-applications and other services offering document conversion and preview functionalities as these often use Ghostscript under the hood. We recommend verifying whether your solution (indirectly) makes use of Ghostscript and if so, update it to the latest version!

#codeanlabs #EN #2024 #CVE-2024-29510 #Ghostscript #RCE

·codeanlabs.com·Jul 3, 2024

CVE-2024-29510 - Exploiting Ghostscript using format strings

3 million iOS and macOS apps were exposed to potent supply-chain attacks

Apps that used code libraries hosted on CocoaPods were vulnerable for about 10 years.

#arstechnica #EN #macOS #iOS #CVE-2024-38367 #CocoaPods

·arstechnica.com·Jul 3, 2024

3 million iOS and macOS apps were exposed to potent supply-chain attacks

Figma Disables AI App Design Tool After It Copied Apple’s Weather App

“Ultimately it is my fault for not insisting on a better QA process for this work and pushing our team hard to hit a deadline,” Figma’s CEO said.

#404media #EN #Figma #disabled #AI #copyright #legal #issue #design

·404media.co·Jul 3, 2024

Figma Disables AI App Design Tool After It Copied Apple’s Weather App

Poland to probe Russia-linked cyberattack on state news agency

In May, hackers published fake news on the website of the Polish Press Agency claiming the country’s authorities had announced a partial mobilization of 200,000 men to be sent to fight in a war in Ukraine.

#therecordmedia #EN #2024 #Poland #Russia #cyberattack #Polish-Press-Agency #Russia-Ukraine-war

·therecord.media·Jul 3, 2024

Poland to probe Russia-linked cyberattack on state news agency

Cisco NX-OS Command Injection Vulnerability CVE-2024-20399: Insights and Defense Strategies

Discover key insights into the recently disclosed Cisco NX-OS software CLI vulnerability (CVE-2024-20399) affecting numerous Cisco Nexus devices.

#sygnia #EN #2024 #CVE-2024-20399 #Cisco #NX-OS #Command #Injection #Nexus

·sygnia.co·Jul 2, 2024

Cisco NX-OS Command Injection Vulnerability CVE-2024-20399: Insights and Defense Strategies

Vulnerabilities in CocoaPods Open the Door to Supply Chain Attacks Against Thousands of iOS and MacOS Applications

E.V.A Information Security researchers uncovered several vulnerabilities in the CocoaPods dependency manager that allows any malicious actor to claim ownership over thousands of unclaimed pods and insert malicious code into many of the most popular iOS and MacOS applications. These vulnerabilities have since been patched. Such an attack on the mobile app ecosystem could infect almost every Apple device, leaving thousands of organizations vulnerable to catastrophic financial and reputational damage. One of the vulnerabilities could also enable zero day attacks against the most advanced and secure organizations’ infrastructure. Developers and DevOps teams that have used CocoaPods in recent years should verify the integrity of open source dependencies used in their application code. * Dependency managers are an often-overlooked aspect of software supply chain security. Security leaders should explore ways to increase governance and oversight over the use these tools.

#evasec #EN #2024 #CocoaPods #Supply #Chain #Attacks #macOS #iOS #CVE-2024-38368

·evasec.io·Jul 2, 2024

Vulnerabilities in CocoaPods Open the Door to Supply Chain Attacks Against Thousands of iOS and MacOS Applications

TeamViewer: Hackers copied employee directory data and encrypted passwords

TeamViewer says that a recently discovered breach appears to be limited to its internal corporate IT network. The software company has attributed it to a hacking operation associated with Russian intelligence.

#therecord.media #EN #2024 #TeamViewer #encrypted #passwords #incident #APT29

·therecord.media·Jul 2, 2024

TeamViewer: Hackers copied employee directory data and encrypted passwords

Halcyon Identifies New Ransomware Operator Volcano Demon Serving Up LukaLocker

Halcyon Identifies New Ransomware Operator Volcano Demon Serving Up LukaLocker #Demon #Halcyon #Identifies #LukaLocker #New #Operator #Ransomware #Volcano

#Halcyon #Demon #Volcano #Ransomware #New #LukaLocker #Identifies #Operator

·halcyon.ai·Jul 2, 2024

Halcyon Identifies New Ransomware Operator Volcano Demon Serving Up LukaLocker

Analysis of the Phishing Campaign: Behind the Incident

See the results of our investigation into the phishing campaign encountered by our company and get information to defend against it. Here are some key findings: We found around 72 phishing domains pretending to be real or fake companies. These domains created believable websites that tricked people into sharing their login details. The attack was sophisticated, using advanced techniques like direct human interaction to deceive targets. We analyzed several fake websites and reverse-engineered their web-facing application. At the end of the post, you will find a list of IOCs that can be used for improving your organization’s security.

#any.run #EN #2024 #incident #phishing #spear-phishing #IoCs

·any.run·Jul 2, 2024

Analysis of the Phishing Campaign: Behind the Incident

Startups scramble to assess fallout from Evolve Bank data breach

Fintech-friendly Evolve Bank disclosed a data breach, saying it may have impacted customers and partners.

#techcrunch #EN #2024 #Evolve-Bank #data-breach #LockBit3.0 #impact #startups

·techcrunch.com·Jul 1, 2024

Startups scramble to assess fallout from Evolve Bank data breach

Cisco warns of NX-OS zero-day exploited to deploy custom malware

Cisco has patched an NX-OS zero-day exploited in April attacks to install previously unknown malware as root on vulnerable switches.

#bleepingcomputer #EN #2024 #China #Cisco #Command-Injection #Malware #NX-OS #Root #Switch #Velvet-Ant #Zero-Day

·bleepingcomputer.com·Jul 1, 2024

Cisco warns of NX-OS zero-day exploited to deploy custom malware

Polyfill, Cloudflare trade barbs after reports of supply chain attack threatening 100k websites

Tech giant Cloudflare urged customers to remove a popular open source library used to support older browsers after reports emerged this week that the tool is being used to distribute malware.

#therecord.media #EN #2024 #polyfill #Polyfill.io #Cloudflare #malware

·therecord.media·Jul 1, 2024

Polyfill, Cloudflare trade barbs after reports of supply chain attack threatening 100k websites

regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server

The Qualys Threat Research Unit (TRU) has discovered a Remote Unauthenticated Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) in glibc-based Linux…

#qualys #EN #2024 #OpenSSH #regreSSHion #CVE-2024-6387

·blog.qualys.com·Jul 1, 2024

regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server

Meet Brain Cipher — The new ransomware behind Indonesia's data center attack

The new Brain Cipher ransomware operation has begun targeting organizations worldwide, gaining media attention for a recent attack on Indonesia's temporary National Data Center.

#bleepingcomputer #EN #2024 #Brain-Cipher #Data-Theft #Double-Extortion #LockBit #Ransomware #Indonesia

·bleepingcomputer.com·Jun 30, 2024

Meet Brain Cipher — The new ransomware behind Indonesia's data center attack

Des cybercriminels diffusent des maliciels pour macOS au nom d’AGOV

28.06.2024 - Le soir du 27 juin 2024, des cybercriminels ont lancé une campagne de « malspam » à grande échelle contre des citoyennes et citoyens de Suisse alémanique. Par le biais d’un e-mail dont l’expéditeur présumé est AGOV, ils tentent d’infecter les appareils des utilisatrices et utilisateurs de macOS avec un maliciel (malware en anglais) du nom de « Poseidon Stealer ».

#ncsc #admin.ch #FR #CH #suisse #campagne #malspam #macOS #AGOV #PoseidonStealer

·ncsc.admin.ch·Jun 30, 2024

Des cybercriminels diffusent des maliciels pour macOS au nom d’AGOV

New SnailLoad Attack Exploits Network Latency to Spy on Users' Web Activities

Researchers unveil SnailLoad, a new side-channel attack exploiting network latency to infer web activity remotely, achieving up to 98% accuracy in vid

#thehackernews #EN #2024 #SnailLoad #Attack #side-channel #attack #network #latency

·thehackernews.com·Jun 30, 2024

New SnailLoad Attack Exploits Network Latency to Spy on Users' Web Activities

New Medusa malware variants target Android users in seven countries

The Medusa banking trojan for Android has re-emerged after almost a year of keeping a lower profile in campaigns targeting France, Italy, the United States, Canada, Spain, the United Kingdom, and Turkey.

#bleepingcomputer #EN #2024 #Android #Banking-Trojan #Malware #Medusa #Mobile #Smishing

·bleepingcomputer.com·Jun 30, 2024

New Medusa malware variants target Android users in seven countries

Polyfill claims it has been 'defamed', returns after domain shut down

The owners of Polyfill.io have relaunched the JavaScript CDN service on a new domain after polyfill.io was shut down as researchers exposed it was delivering malicious code on upwards of 100,000 websites.. The Polyfill service claims that it has been

#bleepingcomputer #EN #2024 #CDN #Polyfill.io #Supply-Chain-Attack

·bleepingcomputer.com·Jun 30, 2024

Polyfill claims it has been 'defamed', returns after domain shut down

ID Verification Service for TikTok, Uber, X Exposed Driver Licenses

As social networks and porn sites move towards a verified identity model, the actions of one cybersecurity researcher show that ID verification services themselves could get hacked too.

#404media #EN #data-leak #TikTok #Uber #X #identity #verification #driver-licences

·404media.co·Jun 30, 2024

ID Verification Service for TikTok, Uber, X Exposed Driver Licenses

LockBit lied: Stolen data is from a bank, not US Federal Reserve

Recently-disrupted LockBit ransomware group, in a desperate attempt to make a comeback, claimed this week that it had hit the Federal Reserve, the central bank of the United States. Except, the rumor has been quashed.

#bleepingcomputer #EN #2024 #Federal-Reserve-Bank #LockBit #LockBit-2.0 #LockBit-3.0

·bleepingcomputer.com·Jun 30, 2024

LockBit lied: Stolen data is from a bank, not US Federal Reserve

CVE-2024-5261 | LibreOffice - Free and private office suite - Based on OpenOffice - Compatible with Microsoft

LibreOfficeKit can be used for accessing LibreOffice functionality through C/C++. Typically this is used by third party components to reuse LibreOffice as a library to convert, view or otherwise interact with documents. LibreOffice internally makes use of "curl" to fetch remote resources such as images hosted on webservers.

#libreoffice #EN #2024 #LibreOfficeKit #advisroy #CVE-2024-5261 #LibreOffice

·libreoffice.org·Jun 29, 2024

CVE-2024-5261 | LibreOffice - Free and private office suite - Based on OpenOffice - Compatible with Microsoft