cyberveille.decio.ch

5334 bookmarks

Custom sorting

CVE-2022-35650 Analysis

CVE-2022-35650 The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature is only available to teachers, managers and admins by default.

#Anna #0x1337 #CVE-2022-35650 #Analysis #Moodle #vulnerability #PHP

·0x1337.ninja·Aug 4, 2022

CVE-2022-35650 Analysis

Manjusaka: A Chinese sibling of Sliver and Cobalt Strike

Cisco Talos recently discovered a new attack framework called "Manjusaka" being used in the wild that has the potential to become prevalent across the threat landscape. This framework is advertised as an imitation of the Cobalt Strike framework. The implants for the new malware family are written in the Rust language for Windows and Linux. A fully functional version of the command and control (C2), written in GoLang with a User Interface in Simplified Chinese, is freely available and can generate new implants with custom configurations with ease, increasing the likelihood of wider adoption of this framework by malicious actors. We recently discovered a campaign in the wild using lure documents themed around COVID-19 and the Haixi Mongol and Tibetan Autonomous Prefecture, Qinghai Province. These maldocs ultimately led to the delivery of Cobalt Strike beacons on infected endpoints. We have observed the same threat actor using the Cobalt Strike beacon and implants from the Manjusaka framework.

#talosintelligence #EN #2022 #manjusaka #CobaltStrike #framework #imitation #C2

·blog.talosintelligence.com·Aug 3, 2022

Manjusaka: A Chinese sibling of Sliver and Cobalt Strike

Discovery of new UEFI rootkit exposes an ugly truth: The attacks are invisible to us

Turns out they're not all that rare. We just don't know how to find them.

#arstechnica #EN #2022 #UEFI #rootkit #bootkit

·arstechnica.com·Jul 30, 2022

Discovery of new UEFI rootkit exposes an ugly truth: The attacks are invisible to us

Microsoft links Raspberry Robin malware to Evil Corp attacks

Microsoft has discovered that an access broker it tracks as DEV-0206 uses the Raspberry Robin Windows worm to deploy a malware downloader on networks where it also found evidence of malicious activity matching Evil Corp tactics.

#Evil-Corp #bleepingcomputer #EN #2022 #DEV-206 #DEV-243 #FakeUpdates #Malware #Ransomware #Raspberry-Robin #Worm

·bleepingcomputer.com·Jul 30, 2022

Microsoft links Raspberry Robin malware to Evil Corp attacks

Largest European DDoS Attack on Record

The risk of distributed denial-of-service attacks (DDoS) has never been greater. Over the past several years, organizations have encountered a deluge of DDoS extortion, novel threats, state-sponsored hacktivism, and unprecedented innovation in the threat landscape.

#Akamai #DDoS #EN #2022 #report #record #Europe

·akamai.com·Jul 29, 2022

Largest European DDoS Attack on Record

SEKOIA.IO Mid-2022 Ransomware Threat Landscape

SEKOIA.IO presents its Ransomware threat landscape for the first semester of 2022, with the following key points: Ransomware victimology – recent evolutions A busy first half of the year – several newcomers in the ransomware neighborhood Cross-platform ransomware features trend New extortion techniques State-nexus groups carrying out ransomware campaigns Ransomware threat groups’ Dark Web activities * A shift towards extortion without encryption?

#sekoia #EN #2022 #ransomware #threat #landscape #statistcs

·blog.sekoia.io·Jul 29, 2022

SEKOIA.IO Mid-2022 Ransomware Threat Landscape

LockBit Implements New Technique by Leaking Victim Negotiations

While many ransomware groups come and go, LockBit seems to be the one that persists. First discovered in September 2019 using the name ABCD, and then gaining notoriety as LockBit in April 2020, the group has outlasted many of their competitors

#ankura #EN #2022 #lockbit #lockbit3.0 #Bug-Bounty #Program

·angle.ankura.com·Jul 28, 2022

LockBit Implements New Technique by Leaking Victim Negotiations

The Return of Candiru: Zero-days in the Middle East - Avast Threat Labs

We recently discovered a zero-day vulnerability in Google Chrome (CVE-2022-2294) when it was exploited in the wild in an attempt to attack Avast users in the Middle East. The vulnerability was a memory corruption in WebRTC that was abused to achieve shellcode execution in Chrome’s renderer process. We reported this vulnerability to Google, who patched it on July 4, 2022.

#avast #EN #2022 #Candiru #spyware #CVE-2022-2294 #webRTC

·decoded.avast.io·Jul 22, 2022

The Return of Candiru: Zero-days in the Middle East - Avast Threat Labs

Google ads lead to major malvertising campaign

Scammers go mainstream by hijacking top Google searches and replacing them with malicious ads.

#malwarebytes #EN #2022 #ads #Google #abuse #malvertising #scammers

·blog.malwarebytes.com·Jul 20, 2022

Google ads lead to major malvertising campaign

China: Declaration by the Minister for Foreign Affairs on behalf of the Belgian Government urging Chinese authorities to take action against malicious cyber activities undertaken by Chinese actors

Declaration by the Minister for Foreign Affairs on behalf of the Belgian Government urging Chinese authorities to take action against malicious cyber activities undertaken by Chinese actors.

#Belgium #EN #2022 #Minister #Foreign #Affairs #China #APT #APT27 #APT30 #APT31 #attribution #official #statement

·diplomatie.belgium.be·Jul 20, 2022

China: Declaration by the Minister for Foreign Affairs on behalf of the Belgian Government urging Chinese authorities to take action against malicious cyber activities undertaken by Chinese actors

Busting browser fails: What attackers see when they hack your employees’ browser

Hackad hacker outlines why a browser is so vital in the cybercrime ecosystem and what CISOs can do to protect employees against browser hacks

#detectify #EN #2022 #browser #attacker #hacks #HackBrowserData #recommendations

·blog.detectify.com·Jul 19, 2022

Busting browser fails: What attackers see when they hack your employees’ browser

CVE-2020-3433 : élévation de privilèges sur le client VPN Cisco AnyConnect

Cet article explique comment trois vulnérabilités supplémentaires ont été découvertes dans le client VPN Cisco AnyConnect pour Windows. Elles ont été trouvées suite au développement d’un exploit pour la CVE-2020-3153 (une élévation de privilèges, étudiée dans MISC n°111). Après un rappel du fonctionnement de ce logiciel, nous étudierons chacune de ces nouvelles vulnérabilités.

#ed-diamond #FR #2020 #CVE-2020-3433 #Cisco #AnyConnect #analysis

·connect.ed-diamond.com·Jul 19, 2022

CVE-2020-3433 : élévation de privilèges sur le client VPN Cisco AnyConnect

CVE-2022-30333

On May 6, 2022, Rarlab released version 6.17, which addresses CVE-2022-30333, a path traversal vulnerability reported to them by Sonar, who posted a write-up about it. Sonar specifically calls out Zimbra Collaboration Suite’s usage of unrar as vulnerable (specifically, the amavisd component, which is used to inspect incoming emails for spam and malware). Zimbra addressed this issue in 9.0.0 patch 25 and 8.5.15 patch 32 by replacing unrar with 7z.

#attackerkb #CVE-2022-30333 #analysis #zimbra #Rapid7

·attackerkb.com·Jul 19, 2022

CVE-2022-30333

Un malware, un cochon et un APT chinois

Par un heureux hasard, un fichier nommé libudev.so, apparemment malveillant, est apparu dans notre dossier Téléchargements, nous avons donc voulu en savoir plus. Entre reverse engineering, analyse réseau et OSINT, c’est cette quête d’information qui nous mènera à découvrir un mystérieux pirate, vouant une adoration à ses cochons, que nous allons relater dans cet article

#ilearned #FR #analyse #formation #maltego #xorddos

·blog.ilearned.eu·Jul 18, 2022

Un malware, un cochon et un APT chinois

Google Play hides app permissions in favor of developer-written descriptions

Let's hope nobody lies about what permissions their app uses.

#arstechnica #EN #2022 #google-play #app #permissions #developer-written

·arstechnica.com·Jul 17, 2022

Google Play hides app permissions in favor of developer-written descriptions

Ongoing phishing campaign can hack you even when you’re protected with MFA

Campaign that steals email has targeted at least 10,000 organizations since September.

#arstechnica #EN #2022 #phishing #microsoft #MFA #campaign

·arstechnica.com·Jul 17, 2022

Ongoing phishing campaign can hack you even when you’re protected with MFA

European Central Bank head targeted in hacking attempt

BERLIN (AP) — The European Central Bank said Tuesday that its president, Christine Lagarde, was targeted in a hacking attempt but no information was compromised. The attempt took place “recently,” the Frankfurt-based central bank for the 19 countries that use the euro said in an emailed response to a query about a report by Business Insider.

#apnews #EN #2022 #whaling #Christine-Lagarde #Europe #Angela-Merkel #European-Central-Bank #WhatsApp

·apnews.com·Jul 17, 2022

European Central Bank head targeted in hacking attempt

Vice Society: a discreet but steady double extortion ransomware group

Vice Society is a little-known double extortion group that exfiltrates its victims' data and threatens its victims to leak their information.

#sekoia #EN #2022 #vice-society #extortion #leak

·blog.sekoia.io·Jul 15, 2022

Vice Society: a discreet but steady double extortion ransomware group

Verified Twitter accounts phished via hate speech warnings

We take a look at reports that verified Twitter accounts are being targeted by scammers with claims of hate speech.

#malwarebytes #EN #2022 #Social-Engineering #Twitter #phishing #hate-speech #verified

·blog.malwarebytes.com·Jul 12, 2022

Verified Twitter accounts phished via hate speech warnings

Predatory Sparrow: Who are the hackers who say they started a fire in Iran?

Experts are asking who is behind Predatory Sparrow, the group which says it started a fire in an Iranian factory.

#BBC #EN #2022 #Predatory-Sparrow #Iran #Israel #fire #hackers

·bbc.com·Jul 11, 2022

Predatory Sparrow: Who are the hackers who say they started a fire in Iran?

THREAT ALERT: Raspberry Robin Worm Abuses Windows Installer and QNAP Devices

Raspberry Robin involves a worm that spreads over USB devices or shared folders, leveraging compromised QNAP (Network Attached Storage or NAS) devices as stagers and an old but still effective method of using “LNK” shortcut files to lure its victims...

#cybereason #2022 #EN #Raspberry-Robin #report

·cybereason.com·Jul 11, 2022

THREAT ALERT: Raspberry Robin Worm Abuses Windows Installer and QNAP Devices

'I can fight with a keyboard': How one Ukrainian IT specialist exposed a notorious Russian ransomware gang

As Russian artillery began raining down on his homeland last month, one Ukrainian computer researcher decided to fight back the best way he knew how -- by sabotaging one of the most formidable ransomware gangs in Russia.

#CNN #EN #2022 #Russia-Ukraine-war #Danylo #Conti #leak #hacker #FBI

·cnn.com·Jul 10, 2022

'I can fight with a keyboard': How one Ukrainian IT specialist exposed a notorious Russian ransomware gang

Hacktivists claiming attack on Iranian steel facilities dump tranche of 'top secret documents

Incident just the latest iteration of the back and forth between Israeli and Iranianian-aligned hackers.

#Cyberscoop #EN #2022 #Iran #Israel #dump #data #hack #secret

·cyberscoop.com·Jul 10, 2022

Hacktivists claiming attack on Iranian steel facilities dump tranche of 'top secret documents

Il malware EnvyScout (APT29) è stato veicolato anche in Italia

#govit #IT #2022 #APT29 #Italia #malware #EnvyScout #IoC #report

·cert-agid.gov.it·Jul 9, 2022

Il malware EnvyScout (APT29) è stato veicolato anche in Italia

Le NIST a choisi ses algorithmes de cryptographie post-quantiques

Ce mardi 5 juillet 2022, l'organisme de normalisation étatsunien NIST a annoncé qu'il avait choisi les algorithmes de cryptographie post-quantiques qu'il allait maintenant normaliser. Ce sont Kyber pour l'échange de clés et Dilithium pour les signatures.

#bortzmeyer #FR #2022 #algorithmes #NIST #post-quantiques #cryptographie

·bortzmeyer.org·Jul 8, 2022

Le NIST a choisi ses algorithmes de cryptographie post-quantiques

Cybersecurity experts question Microsoft's Ukraine report

Leading cybersecurity experts and foreign policy scholars raise serious questions and concerns about Microsoft's report on the Ukraine war.

#Cyberscoop #EN #2022 #Microsoft #report #Russia-Ukraine-war

·cyberscoop.com·Jul 8, 2022

Cybersecurity experts question Microsoft's Ukraine report

Microsoft finds Raspberry Robin worm in hundreds of Windows networks

Microsoft says that a recently spotted Windows worm has been found on the networks of hundreds of organizations from various industry sectors.

#Bleepingcomputer #EN #2022 #Malware #Microsoft #Raspberry-Robin #raspberryrobin #USB #Windows #Worm #Security #Detection

·bleepingcomputer.com·Jul 3, 2022

Microsoft finds Raspberry Robin worm in hundreds of Windows networks

Ransomware review: June 2022

LockBit remained the most active threat in June, and “the costliest strain of ransomware ever documented” went dark while others surged.

#malwarebytes #en #2022 #review #june2022 #threat #ransomware #rank

·blog.malwarebytes.com·Jul 3, 2022

Ransomware review: June 2022

Mandiant Finds Possible Link Between Kremlin, Pro-Russian ‘Hacktivists’

US officials and allies have warned about attacks from XakNet and related groups.

#bnnbloomberg #EN #2022 #XakNet #attacks #Russia-Ukraine-war #russia #Kremlin #Mandiant

·bnnbloomberg.ca·Jul 2, 2022

Mandiant Finds Possible Link Between Kremlin, Pro-Russian ‘Hacktivists’

Flubot: the evolution of a notorious Android Banking Malware

Flubot is an Android based malware that has been distributed in the past 1.5 years in Europe, Asia and Oceania affecting thousands of devices of mostly unsuspecting victims. Like the majority of Android banking malware, Flubot abuses Accessibility Permissions and Services in order to steal the victim’s credentials, by detecting when the official banking application is open to show a fake web injection, a phishing website similar to the login form of the banking application. An important part of the popularity of Flubot is due to the distribution strategy used in its campaigns, since it has been using the infected devices to send text messages, luring new victims into installing the malware from a fake website. In this article we detail its development over time and recent developments regarding its disappearance, including new features and distribution campaigns.

#foxit #EN #2022 #Flubot #Android #Banking #Malware #evolution #research

·blog.fox-it.com·Jul 1, 2022

Flubot: the evolution of a notorious Android Banking Malware