macOS FlexibleFerret | Further Variants of DPRK Malware Family Unearthed
DPRK 'Contagious Interview' campaign continues to target Mac users with new variants of FERRET malware and Github devs with repo spam.
cyberveille.decio.ch
Une cyberattaque paralyse Radio Top et Tele Top à Winterthour
La radio et la chaîne télévisée du groupe TOP à Winterthour sont à l'arrêt après avoir été piratées ce week-end. Les diffusions en direct n'étaient plus possibles dimanche en milieu de journée.
How Switzerland is caught up in Russia’s propaganda machine
How Russian propaganda challenges Switzerland's neutrality, using disinformation to sway public opinion in the Ukraine war.
Recent Jailbreaks Demonstrate Emerging Threat to DeepSeek
Evaluation of three jailbreaking techniques on DeepSeek shows risks of generating prohibited content. Evaluation of three jailbreaking techniques on DeepSeek shows risks of generating prohibited content.
Live Chat Blog #2: Cisco Webex Connect - Access to millions of chats histories
In July 2024, we identified a vulnerability that resulted in access to millions of live customer support messages for organizations using Cisco Webex Connect.
Exposed SMB: The Hidden Risk Behind ‘WantToCry’ Ransomware Attacks
Learn how the WantToCry ransomware group is exploiting vulnerable SMB (Server Message Block) services to launch devastating attacks. Understand the risks of misconfigured SMB and discover best practices to protect your organization from ransomware.
Eradicating trivial vulnerabilities, at scale
A new NCSC research paper aims to reduce the presence of ‘unforgivable’ vulnerabilities.
DeepSeek’s Popular AI App Is Explicitly Sending US Data to China | WIRED
Amid ongoing fears over TikTok, Chinese generative AI platform DeepSeek says it’s sending heaps of US user data straight to its home country, potentially setting the stage for greater scrutiny.
Tbilisi public transport hacked, playing pro-European messages
Ticket machines for public transport in Georgia’s capital city of Tbilisi, including buses and mini-buses, were reportedly hacked on January 24, playing a series...
Tata Technologies says ransomware attack hit IT assets, investigation ongoing
India's Tata Technologies has disclosed a ransomware attack affecting its IT assets.
X Phishing | Campaign Targeting High Profile Accounts Returns, Promoting Crypto Scams
SentinelLABS has observed an active phishing campaign targeting high-profile X accounts to hijack and exploit them for fraudulent activity.
Swiss tax authority forced to buy Bahamas domain name after URL typo
What do you do if a web address you printed on a physical flyer contains a typo, and you send that flyer to more than 100,000 households? Well, if you're
South Africa’s government-run weather service knocked offline by cyberattack | The Record from Recorded Future News
A cyberattack has forced the government-run South African Weather Service (SAWS) offline, limiting access to a critical service used by the country’s airlines, farmers and allies. The website for SAWS has been down since Sunday evening, according to a statement posted to social media. SAWS has had to use Facebook, X and other sites to share daily information on thunderstorms, wildfires and other weather events.
Active Exploitation of Zero-day Zyxel CPE Vulnerability (CVE-2024-40891)
After identifying a significant overlap between IPs exploiting CVE-2024-40891 and those classified as Mirai, the team investigated a recent variant of Mirai and confirmed that the ability to exploit CVE-2024-40891 has been incorporated into some Mirai strains. GreyNoise is observing active exploitation attempts targeting a zero-day critical command injection vulnerability in Zyxel CPE Series devices tracked as CVE-2024-40891. At this time, the vulnerability is not patched, nor has it been publicly disclosed. Attackers can leverage this vulnerability to execute arbitrary commands on affected devices, leading to complete system compromise, data exfiltration, or network infiltration. At publication, Censys is reporting over 1,500 vulnerable devices online.
Norway seizes ship suspected of sabotage, says crew are Russian nationals
The Silver Dania is the third ship detained in recent weeks over concerns of intentional damage to subsea infrastructure in the Baltic Sea.
10,000 WordPress Websites Found Delivering MacOS and Windows Malware
Third-party scripts are a key part of the supply chain, giving 3rd party access to sensitive data or allowing malicious actions in the browser of your user. c/side helps you regain control over your website.
Hacker forums Cracked, Nulled and others, seized under FBI's 'Operation Talent'
Hacker forums Cracked[.]io, Nulled[.]to, MySellIX[.]io, and StarkRDP[.]io on Wednesday are seized by the FBI, Europol, and international law enforcement as part of ‘Operation Talent.’ A large ‘‘Operation Talent’ seizure poster was splashed across most of the shady websites by Wednesday afternoon.
Wiz Research Uncovers Exposed DeepSeek Database Leaking Sensitive Information, Including Chat History | Wiz Blog
A publicly accessible database belonging to DeepSeek allowed full control over database operations, including the ability to access internal data. The exposure includes over a million lines of log streams with highly sensitive information.
(Non-US) :: DSL-3788 :: H/W Rev. Ax/Bx :: F/W v1.01R1B036_EU_EN :: Unauthenticated Remote Code Execution (RCE) Vulnerability
On November 25, 2024, a third party, from SECURE NETWORK BVTECH, reported the D-Link DSL-3788 hardware revision B2 with firmware version vDSL-3788_fw_revA1_1.01R1B036_EU_EN or below, of a Unauthenticated Remote Code Execution (RCE) vulnerability. When D-Link became aware of the reported security issues, we promptly started investigating and developing security patches. Patches were release within the 90-day of the report of the vulnerabilities.
New TorNet backdoor seen in widespread campaign
Cisco Talos discovered an ongoing malicious campaign operated by a financially motivated threat actor targeting users, predominantly in Poland and Germany. The actor has delivered different payloads, including Agent Tesla, Snake Keylogger, and a new undocumented backdoor we are calling TorNet, dropped by PureCrypter malware. The actor is running a Windows scheduled task on victim machines—including on endpoints with a low battery—to achieve persistence. The actor also disconnects the victim machine from the network before dropping the payload and then connects it back to the network, allowing them to evade detection by cloud antimalware solutions. We also found that the actor connects the victim’s machine to the TOR network using the TorNet backdoor for stealthy command and control (C2) communications and detection evasion.
Cyber-attacks: three individuals added to EU sanctions list for malicious cyber activities against Estonia
The Council imposed restrictive measures on three individuals involved in cyber-attacks against Estonia.
After security breach at D-Trust: CCC speaks of "cyber window-dressing" | heise online
The Chaos Computer Club demands that the trust service provider D-Trust take responsibility and abolish the hacker paragraph.
Salt Typhoon: An Analysis of Vulnerabilities Exploited by this State-Sponsored Actor
Salt Typhoon, a state-sponsored actor linked to the People’s Republic of China, has breached at least nine U.S.-based telecommunications companies with the intent to target high profile government and political figures. Tenable Research examines the tactics, techniques and procedures of this threat actor.
Updated: Frederick Health takes systems offline due to ransomware attack
Frederick Health Hospital's emergency department was not accepting new patients on Monday morning, according to a state emergency medical services website.
Unmasking FleshStealer: A New Infostealer Threat in 2025
We dive into FleshStealer, a new strain of information-stealing malware—explaining what it is and its potential impact on organizations.
OpenAI launches ChatGPT Gov for U.S. government agencies
OpenAI on Tuesday announced the launch of ChatGPT for government agencies in the U.S. ...It allows government agencies, as customers, to feed “non-public, sensitive information” into OpenAI’s models while operating within their own secure hosting environments, OpenAI CPO Kevin Weil told reporters during a briefing Monday.
Apple fixes this year’s first actively exploited zero-day bug
Apple has released security updates to fix this year's first zero-day vulnerability, tagged as actively exploited in attacks targeting iPhone users.
Cobalt Strike and a Pair of SOCKS Lead to LockBit Ransomware
Key Takeaways This intrusion began with the download and execution of a Cobalt Strike beacon that impersonated a Windows Media Configuration Utility. The threat actor used Rclone to exfiltrate data…
UnitedHealth updates number of data breach victims to 190 million
The 2024 ransomware attack on Change Healthcare exposed the data of about 190 million people, according to an update from parent company UnitedHealth Group.
Mysterious backdoor found on select Juniper routers
Someone has been quietly backdooring selected Juniper routers around the world in key sectors including semiconductor, energy, and manufacturing, since at least mid-2023. The devices were infected with what appears to be a variant of cd00r, a publicly available "invisible backdoor" designed to operate stealthily on a victim's machine by monitoring network traffic for specific conditions before activating.