cyberveille.decio.ch

6798 bookmarks

Custom sorting

Microsoft shares latest intelligence on North Korean and Chinese threat actors at CYBERWARCON | Microsoft Security Blog

At CYBERWARCON 2024, Microsoft Threat Intelligence analysts will share research and insights on North Korean and Chinese threat actors representing years of threat actor tracking, infrastructure monitoring and disruption, and their attack tooling.

#microsoft #EN #2024 #CYBERWARCON #DPRK #North-Korea #China #analysis #intlligence

·microsoft.com·Nov 22, 2024

Microsoft shares latest intelligence on North Korean and Chinese threat actors at CYBERWARCON | Microsoft Security Blog

Seeing Through a GLASSBRIDGE: Understanding the Digital Marketing Ecosystem Spreading Pro-PRC Influence Operations

GLASSBRIDGE is an umbrella group of four different companies that operate networks of inauthentic news sites and newswire services.

#Mandiant #EN #2024 #GLASSBRIDGE #fake #news #newswire #services #Haixun #fake-news #China

·cloud.google.com·Nov 22, 2024

Seeing Through a GLASSBRIDGE: Understanding the Digital Marketing Ecosystem Spreading Pro-PRC Influence Operations

Russian Spies Jumped From One Network to Another Via Wi-Fi in an Unprecedented Hack | WIRED

In a first, Russia's APT28 hacking group appears to have remotely breached the Wi-Fi of an espionage target by hijacking a laptop in another building across the street.

#wired #EN #2024 #russia #hacking #Wi-Fi #espionage #hijacking #APT28

·wired.com·Nov 22, 2024

Russian Spies Jumped From One Network to Another Via Wi-Fi in an Unprecedented Hack | WIRED

PROSPERO & Proton66: Tracing Uncovering the links between bulletproof networks

The Russian autonomous system PROSPERO (AS200593) could be linked with a high level of confidence to Proton66 (AS198953), another Russian AS, that we believe to be connected to the bulletproof services named ‘SecureHost‘ and ‘BEARHOST‘. We notably observed that both network’s configurations are almost identical in terms of peering agreements and their respective share of loads throughout time. Amongst the activities shared by the two networks, we noticed that both GootLoader and SpyNote malwares recently changed their infrastructure of command-and-control servers and phishing pages from to Proton66. Additionally, the domains hosting the phishing pages deploying SpyNote were hosted on either one of the two AS and had already been used in previous campaigns delivering revoked AnyDesk and LiveChat versions for both Windows and Mac. Regarding the other malicious activities found on PROSPERO’s IPs, we found that throughout September, multiple SMS spam campaigns targeting citizens from various countries were leading to phishing domains hosted on PROSPERO and Proton66. While most phishing templates were usurping bank login pages to steal credit card details, we also noticed that some of them were used to deploy android spywares such as Coper (a.k.a. Octo). * SocGholish, another initial access broker (IAB) that we found to be hosting a major part of its infrastructure on Proton66, continues to leverage this autonomous system to host fingerprinting scripts contained on the websites it infects. Along SocGholish, we found out that FakeBat, another loader that infects systems through compromised websites, was using the same IPs to host both screening and redirection script

#intrinsec #EN #2024 #AS200593 #AS198953 #PROSPERO #GootLoader #SpyNote #Russia #bulletproof #BEARHOST #SocGholish

·intrinsec.com·Nov 21, 2024

PROSPERO & Proton66: Tracing Uncovering the links between bulletproof networks

FortiClient VPN Logging Blind Spot Revealed

Security research that presents a method to automatically validate credentials against Fortinet VPN servers by uncovering an exploit that attackers can use to compromise countless organizations.

#pentera #EN #research #Fortinet #VPN #Logging #Blind #Spot #brute-force

·pentera.io·Nov 21, 2024

FortiClient VPN Logging Blind Spot Revealed

Cinq membres du groupe de pirates Scattered Spider arrêtés

Quatre Américains et un Britannique sont désormais poursuivis pour leur implication dans ce groupe, accusé notamment d’avoir piraté les casinos MGM Resorts. Spécialisé dans l’hameçonnage, ce collectif pourrait être l’émanation d’une vaste communauté de pirates anglophones.

#pixels #FR #2024 #lemonde #ScatteredSpider #busted #arrêtés #cybercriminels #jeunes

·lemonde.fr·Nov 21, 2024

Cinq membres du groupe de pirates Scattered Spider arrêtés

INPS Servizi sotto attacco ransomware. Dati a rischio e sito irraggiungibile | DDay.it

L’attacco è avvenuto il 18 novembre ma è stato comunicato il giorno dopo attraverso l’avviso di un ente che si serve di INPS Servizi

#dday #IT #1014 #Italia #INPS #Servizi #ransomware

·dday.it·Nov 21, 2024

INPS Servizi sotto attacco ransomware. Dati a rischio e sito irraggiungibile | DDay.it

Ruag développe un smartphone pour l'armée suisse

Dans le cadre d'un nouveau projet, le groupe technologique Ruag modifie un smartphone Samsung pour les institutions gouvernementales et les autorités telles que l'armée et les organisations à gyrophare. Un smartphone appelé "Guardian" est un nouveau projet de communication sécurisée. C'est l'entreprise d'armement Ruag MRO qui en est responsable. Le prototype actuel devrait également fonctionner par satellite dans un avenir proche. Ruag collabore avec Wisekey, une société de sécurité genevoise, pour la connexion par satellite. C'est ce que rapportent plusieurs médias suisses comme le "Walliser Bote" et "Watson".

#digitec #FR #2024 #Ruag #smartphone #armée #suisse

·digitec.ch·Nov 21, 2024

Ruag développe un smartphone pour l'armée suisse

750 000 fichiers et dossiers patients sensibles français en fuite sur le dark web, que se passe-t-il ?

[Article mis à jour le 19 novembre 2024 à 17h40] Un cybercriminel a mis en ligne, mardi, une base de données contenant les informations hospitalières et personnelles de plus de 750 000 personnes. Celui-ci revendique une fuite de données du logiciel de gestion médicale Mediboard.

#clubic #FR #2024 #santé #médicaux #hôpitaux #near2tlg #dataleak #Mediboard #softway

·clubic.com·Nov 21, 2024

750 000 fichiers et dossiers patients sensibles français en fuite sur le dark web, que se passe-t-il ?

Threat Actors Hijack Misconfigured Servers for Live Sports Streaming

Learn how Nautilus threat-hunting operation analyzed attackers exploiting misconfigured JupyterLab for illegal stream ripping with Traceeshark.

#aquasec #EN #2024 #JupyterLab #illegal #streaming #hacked #Traceeshark

·aquasec.com·Nov 21, 2024

Threat Actors Hijack Misconfigured Servers for Live Sports Streaming

Picard victime d’une fuite de données, des milliers de clients touchés

L’enseigne de surgelés a averti mardi une partie des clients de son programme de fidélité que leurs données sont dans la nature.

#lefigaro #FR #2024 #Picard #fuite #données

·lefigaro.fr·Nov 20, 2024

Picard victime d’une fuite de données, des milliers de clients touchés

Exploit attempts for unpatched Citrix vulnerability

Exploit attempts for unpatched Citrix vulnerability, Author: Johannes Ullrich

#sans #EN #2024 #Exploit #unpatched #Citrix #vulnerability

·isc.sans.edu·Nov 20, 2024

Exploit attempts for unpatched Citrix vulnerability

FrostyGoop’s Zoom-In: A Closer Look into the Malware Artifacts, Behaviors and Network Communications

We analyze FrostyGoop malware, which targets OT systems. This article walks through newly discovered samples, indicators, and also examines configurations and network communications. We analyze FrostyGoop malware, which targets OT systems. This article walks through newly discovered samples, indicators, and also examines configurations and network communications.

#unit42.paloaltonetworks #FrostyGoop #EN #2024 #analysis #malware

·unit42.paloaltonetworks.com·Nov 20, 2024

FrostyGoop’s Zoom-In: A Closer Look into the Malware Artifacts, Behaviors and Network Communications

Abnormal Security

Discover how Dropbox was exploited in a sophisticated phishing attack that leveraged AiTM tactics to steal credentials during the open enrollment period.

#abnormalsecurity #EN #2024 #exploited #sophisticated #phishing #attack #leveraged #aitm #tactics #steal #credentials #open #dropbox #enrollment #discover #period

·abnormalsecurity.com·Nov 20, 2024

Abnormal Security

Office of Public Affairs | Phobos Ransomware Administrator Extradited from South Korea to Face Cybercrime Charge

The Justice Department unsealed criminal charges today against Evgenii Ptitsyn, 42, a Russian national, for allegedly administering the sale, distribution, and operation of Phobos ransomware.

#justice.gov #US #2024 #EN #Phobos #Ransomware #Administrator #Extradited

·justice.gov·Nov 20, 2024

Office of Public Affairs | Phobos Ransomware Administrator Extradited from South Korea to Face Cybercrime Charge

Microsoft 365 Admin portal abused to send sextortion emails

The Microsoft 365 Admin Portal is being abused to send sextortion emails, making the emails appear trustworthy and bypassing email security platforms.

#bleepingcomputer #EN #2024 #Email #Extortion #Mail-Filters #Microsoft-365 #Microsoft-365-Admin-Portal #Sextortion #Security #InfoSec #Computer-Security

·bleepingcomputer.com·Nov 20, 2024

Microsoft 365 Admin portal abused to send sextortion emails

Extracting Plaintext Credentials from Palo Alto Global Protect

In C:\Users\username\AppData\Local\Palo Alto Networks\GlobalProtect there was a file called panGPA.log that contained something interesting:

#shells.systems #EN #PoC #Plaintext #Credentials #Palo #Alto #Global #Protect

·shells.systems·Nov 20, 2024

Extracting Plaintext Credentials from Palo Alto Global Protect

Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474

This is a pair of vulnerabilities, described as ‘Authentication Bypass in the Management Web Interface’ and a ‘Privilege Escalation‘ respectively, strongly suggesting they are used as a chain to gain superuser access, a pattern that we’ve seen before with Palo Alto appliances. Before we’ve even dived into to code, we’ve already ascertained that we’re looking for a chain of vulnerabilities to achieve that coveted pre-authenticated Remote Code Execution.

#watchtowr #EN #2024 #CVE-2024-0012 #CVE-2024-9474 #Palo #Alto #PAN-OS

·labs.watchtowr.com·Nov 20, 2024

Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474

T-Mobile finally managed to thwart a data breach before it occured

T-Mobile was able to prevent a recent hack before escalating. Hackers were able to enter T-Mobile's network but didn't get too far. No data breaches occurred this time.

#androidpolice #EN #2024 #T-Mobile

·androidpolice.com·Nov 20, 2024

T-Mobile finally managed to thwart a data breach before it occured

Anyone Can Buy Data Tracking US Soldiers and Spies to Nuclear Vaults and Brothels in Germany | WIRED

More than 3 billion phone coordinates collected by a US data broker expose the detailed movements of US military and intelligence workers in Germany—and the Pentagon is powerless to stop it.

#wired #EN #2024 #surveillance #Datastream #data-broker #security #nsa #military #national-security #germany #pentagon

·wired.com·Nov 20, 2024

Anyone Can Buy Data Tracking US Soldiers and Spies to Nuclear Vaults and Brothels in Germany | WIRED

Leaked Documents Show What Phones Secretive Tech ‘Graykey’ Can Unlock

The documents provide never-been-seen insight into the current cat-and-mouse game between forensics companies and phone manufacturers Apple and Google.

#404media #EN #2024 #Graykey #leak #analysis #Apple #Google #ios #Android #forensics

·404media.co·Nov 19, 2024

Leaked Documents Show What Phones Secretive Tech ‘Graykey’ Can Unlock

Major security audit of critical FreeBSD components now available - Help Net Security

The FreeBSD Foundation has released an extensive security audit of two critical FreeBSD components: bhyve and Capsicum.

#helpnetsecurity #EN #2024 #FreeBSD #security #audit #Capsicum #bhyve

·helpnetsecurity.com·Nov 19, 2024

Major security audit of critical FreeBSD components now available - Help Net Security

German Stats Body Says Suffered Possible Data Breach | Barron's

Germany's national statistics agency Destatis said Friday it had been the victim of a suspected data leak, following a media report that the organisation had been attacked by pro-Russian hackers.

#barrons #EN #2024 #SYND #Germany #Destatis #Data-Leak #pro-Russian

·barrons.com·Nov 18, 2024

German Stats Body Says Suffered Possible Data Breach | Barron's

Turkey fines Amazon's Twitch 2 mln lira for data breach | Reuters

Turkey's Personal Data Protection Board (KVKK) has fined Amazon.com's gaming platform Twitch 2 million lira ($58,000) over a data breach, the official Anadolu Agency reported on Saturday.

#reuters #EN #2024 #Turkey #Twitch #data-breach #fined

·reuters.com·Nov 18, 2024

Turkey fines Amazon's Twitch 2 mln lira for data breach | Reuters

Snowflake hackers identified and charged with stealing 50 billion AT&T records | TechCrunch

The U.S. Department of justice indicted two hackers for breaking into the systems of AT&T and several other companies.

#techcrunch #EN #2024 #snowflake #US #indicted #busted

·techcrunch.com·Nov 18, 2024

Snowflake hackers identified and charged with stealing 50 billion AT&T records | TechCrunch

T-Mobile confirms it was hacked in recent wave of telecom breaches

T-Mobile confirms it was hacked in the wave of recently reported telecom breaches conducted by Chinese threat actors to gain access to private communications, call records, and law enforcement information requests.

#bleepingcomputer #EN #2024 #China #Cyber-espionage #Cyberattack #Salt-Typhoon #T-Mobile #Telecommunications #Security #InfoSec #Computer-Security

·bleepingcomputer.com·Nov 16, 2024

T-Mobile confirms it was hacked in recent wave of telecom breaches

My Habit Was Collecting

A cyber prodigy defended companies against intrusion while continuing to amass data through a series of his own hacks.

#bloomberg #EN #2024 #cyber #prodigy #PepijnVanderStap #arested

·bloomberg.com·Nov 14, 2024

My Habit Was Collecting

The State of Cloud Ransomware in 2024

In this new report, learn how threat actors are leveraging cloud services to target web services with ransomware attackers.

#sentinelone #EN #2024 #Ransomware #report #cloud #services

·sentinelone.com·Nov 14, 2024

The State of Cloud Ransomware in 2024

Stealthy Attributes of APT Lazarus: Evading Detection with Extended Attributes

APT Lazarus has begun attempting to smuggle code using custom extended attributes. Extended attributes are metadata that can be associated with files and directories in various file systems. They allow users to store additional information about a file beyond the standard attributes like file size, timestamps, and permissions.

#group-ib #EN #2024 #Extended #attributes #macos #Smuggling #APT #Lazarus

·group-ib.com·Nov 13, 2024

Stealthy Attributes of APT Lazarus: Evading Detection with Extended Attributes

CVE-2024-47575

On October 23, 2024, Fortinet published an advisory for CVE-2024-47575, a missing authentication vulnerability affecting FortiManager and FortiManager Cloud de…

#attackerkb #EN #2024 #CVE-2024-47575 #analysis #FortiManager

·attackerkb.com·Nov 13, 2024

CVE-2024-47575