cyberveille.decio.ch

5334 bookmarks

Custom sorting

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

This week, immensely popular PyPI package 'ctx' has been compromised and altered to steal environment variables from its users. Additionally, a forked PHP project 'phpass' also suffered a repo-hijacking attack with the project tained with identical malicious payload.

#PyPI #ctx #PHP #supplychain #attack #sonatype #EN #2022 #exfiltration #steal #Supply-chain-security

·blog.sonatype.com·May 25, 2022

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

Pegasus vs. Predator: Dissident's Doubly-Infected iPhone Reveals Cytrox Mercenary Spyware

Two Egyptians—exiled politician Ayman Nour and the host of a popular news program (who wishes to remain anonymous)—were hacked with Predator spyware, built and sold by the previously little-known mercenary spyware developer Cytrox. The phone of Ayman Nour was simultaneously infected with both Cytrox’s Predator and NSO Group’s Pegasus spyware, operated by two different government clients.

#citizenlab #2021 #EN #Pegasus #Predator #spyware #privacy #IoC #Cytrox

·citizenlab.ca·May 23, 2022

Pegasus vs. Predator: Dissident's Doubly-Infected iPhone Reveals Cytrox Mercenary Spyware

Protecting Android users from 0-Day attacks

To protect our users, Google’s Threat Analysis Group (TAG) routinely hunts for 0-day vulnerabilities exploited in-the-wild. In 2021, we reported nine 0-days affecting Chrome, Android, Apple and Microsoft, leading to patches to protect users from these attacks.

#GoogleTAG #EN #2022 #Android #0-day #0day #cytrox #CVE-2021-1048 #chrome

·blog.google·May 22, 2022

Protecting Android users from 0-Day attacks

Canada bans Huawei and ZTE from 5G networks over security concerns

The Government of Canada announced its intention to ban the use of Huawei and ZTE telecommunications equipment and services across the country's 5G and 4G networks.

#bleepingcomputer #EN #2022 #5G #Ban #Canada #Huawei #Telecommunications #ZTE

·bleepingcomputer.com·May 21, 2022

Canada bans Huawei and ZTE from 5G networks over security concerns

Policy Statement – Securing Canada’s Telecommunications System

The Government of Canada has serious concerns about suppliers such as Huawei and ZTE who could be compelled to comply with extrajudicial directions from foreign governments in ways that would conflict with Canadian laws or would be detrimental to Canadian interests.

#EN #2022 #Telecommunications-policy #Huawei #ZTE #Canada #Telecommunications #5G

·canada.ca·May 21, 2022

Policy Statement – Securing Canada’s Telecommunications System

Malicious PyPI package opens backdoors on Windows, Linux, and Macs

Yet another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike beacons and backdoors on Windows, Linux, and macOS systems.

#Backdoor #Cobalt-Strike #Cobalt-Strike-Beacon #Linux #macOS #PyPI #Python #Windows #supplychain

·bleepingcomputer.com·May 21, 2022

Malicious PyPI package opens backdoors on Windows, Linux, and Macs

President Rodrigo Chaves says Costa Rica is at war with Conti hackers

The president of Costa Rica says his country is "at war", as cyber-criminals cause major disruption to IT systems of numerous government ministries. Rodrigo Chaves said hackers infiltrated 27 government institutions, including municipalities and state-run utilities.

#BBC #EN #2022 #Conti #War #Costarica #ransomware #cybercriminals

·bbc.com·May 20, 2022

President Rodrigo Chaves says Costa Rica is at war with Conti hackers

Exploiting an Unbounded memcpy in Parallels Desktop

This post details the development of a guest-to-host virtualization escape for Parallels Desktop on macOS, as used in our successful Pwn2Own 2021 entry. Give...

#ret2 #EN #2022 #macOS #Parallels #Pwn2Own #escape #exploit #VM #vulnerability #research #reverseengineering #binary-exploitation #program-analysis

·blog.ret2.io·May 20, 2022

Exploiting an Unbounded memcpy in Parallels Desktop

KillNet: Pro-Russian Hacktivists.

The following is a closer look at one of the most active Pro-Russian ‘hacktivist’ groups currently operating during the Ukraine-Russia war…

#cyberknow #EN #2022 #Pro-Russian #russia-ukraine-war #KillNet

·cyberknow.medium.com·May 20, 2022

KillNet: Pro-Russian Hacktivists.

Le Centre national pour la cybersécurité deviendra un office fédéral

Décisions, communications et avis du Conseil fédéral. Les décisions prises par le Conseil fédéral lors de sa séance hebdomadaire sont publiées ici.

#CH #FR #2022 #Conseilfédéral #Communiqué #NCSC #DFF #GovCERT #cybersécurité

·admin.ch·May 19, 2022

Le Centre national pour la cybersécurité deviendra un office fédéral

Researchers devise iPhone malware that runs even when device is turned off

Research is largely theoretical but exposes an overlooked security issue.

#arstechnica #EN #2022 #iPhone #study #malware #Bluetooth #Darmstadt #university

·arstechnica.com·May 18, 2022

Researchers devise iPhone malware that runs even when device is turned off

Multi-factor Authentication to Generate $27 Billion Globally for Mobile Operators in 2022, Juniper Research Study Finds

A new study by Juniper Research has found operators will generate $27 billion from the termination of SMS messages related to multi-factor authentication in 2022; an increase from $25 billion in 2021. The research predicts this 5% growth will be driven by increased pressure on digital service providers to offer secure authentication that reduces risk of data breaches and protects user identity. Multi-factor authentication combines multiple credentials to verify a user or transaction. This includes sending an SMS that contains a one‑time password or code to a user’s unique phone number.

#businesswire #Juniper #EN #2022 #Multi-factor #MFA #SMS #Research #Study #Authentication #Mobile

·businesswire.com·May 17, 2022

Multi-factor Authentication to Generate $27 Billion Globally for Mobile Operators in 2022, Juniper Research Study Finds

US links Thanos and Jigsaw ransomware to 55-year-old doctor

The US Department of Justice today said that Moises Luis Zagala Gonzalez (Zagala), a 55-year-old cardiologist with French and Venezuelan citizenship residing in Ciudad Bolivar, Venezuela, created and rented Jigsaw and Thanos ransomware to cybercriminals.

#bleepingcomputer #EN #2022 #Department-of-Justice #DOJ #Thanos #Jigsaw #Ransomware #USA #Venezuela

·bleepingcomputer.com·May 16, 2022

US links Thanos and Jigsaw ransomware to 55-year-old doctor

A closer look at Eternity Malware

In this analysis, Cyble looks at the Eternity Malware suite, listing a wide variety of malware for sale on Telegram.

#Cyble #2022 #EN #Eternity #Malware #Telegram #analysis

·blog.cyble.com·May 16, 2022

A closer look at Eternity Malware

macOS Vulnerabilities Hiding in Plain Sight (Black Hat Asia 2022 presentation)

Sometimes when we publish details and writeups about vulnerabilities we are so focused on the actual bug, that we don't notice others, which might be still hidden inside the details. The same can happen when we read these issues, but if we keep our eyes open we might find hidden gems. Download Slides Download Whitepaper

#blackhat #2022 #session #bug #writeup #presentation #macos #hidden #Vulnerabilities #Fitzl #offensivesecurity #CVE-2021-1815 #CVE-2021-30972

·blackhat.com·May 16, 2022

macOS Vulnerabilities Hiding in Plain Sight (Black Hat Asia 2022 presentation)

Zyxel silently patches command-injection vulnerability with 9.8 severity rating

Flaw makes it possible to install web shell to maintain control of affected devices.

#CVE-2022-30525 #Zyxel #arstechnica #vulnerability #Firewall

·arstechnica.com·May 13, 2022

Zyxel silently patches command-injection vulnerability with 9.8 severity rating

Known macOS Vulnerabilities Led Researcher to Root Out New Flaws

Researcher shares how he unearthed newer bugs in Apple's operating system by closer scrutiny of previous research, including vulnerabilities that came out of the Pwn2Own competition.

#darkreading #macOS #EN #2022 #bugs #Apple #vulnerabilities #Fitzl #XCSSET

·darkreading.com·May 12, 2022

Known macOS Vulnerabilities Led Researcher to Root Out New Flaws

Costa Rica declares national emergency after Conti ransomware attacks

The Costa Rican President Rodrigo Chaves has declared a national emergency following cyber attacks from Conti ransomware group on multiple government bodies. BleepingComputer also observed Conti published most of the 672 GB dump that appears to contain data belonging to the Costa Rican government agencies. The declaration was signed into law by Chaves on Sunday, May 8th, same day as the economist and former Minister of Finance effectively became the country's 49th and current president.

#bleepingcomputer #EN #2022 #Conti #ransomware #leak #Costarica #emergency

·bleepingcomputer.com·May 10, 2022

Costa Rica declares national emergency after Conti ransomware attacks

Dissecting Saintstealer

Cyble Analyzes Saintstealer, an infostealer using a C&C server with known links to other popular infostealers.

#Cyble #2022 #EN #Saintstealer #infostealer

·blog.cyble.com·May 10, 2022

Dissecting Saintstealer

Apple, Google, and Microsoft commit to expanded support for FIDO standard

Faster, easier, and more secure sign-ins will be available to consumers across leading devices and platforms.

#Apple #newsroom #EN #2022 #FIDO #standard

·apple.com·May 10, 2022

Apple, Google, and Microsoft commit to expanded support for FIDO standard

MacOS Two-machine Kernel Debugging

Diverto is an information security company. We provide consulting and managed services.

#MacOS #diverto #2022 #EN #howto #kernel #Debugging

·diverto.hr·May 6, 2022

MacOS Two-machine Kernel Debugging

Operation CuckooBees: Cybereason Uncovers Massive Chinese Intellectual Property Theft Operation

Cybereason recently an attack assessed to be the work of Chinese APT Winnti that operated undetected, siphoning intellectual property and sensitive data - the two companion reports examine the tactics and techniques of the overall campaign as well as more detailed analysis of the malware arsenal and exploits used...

#cybereason #2022 #EN #CuckooBees #Winnti #APT #APT41 #intellectual #property #siphoning #Theft

·cybereason.com·May 6, 2022

Operation CuckooBees: Cybereason Uncovers Massive Chinese Intellectual Property Theft Operation

Update on cyber activity in Eastern Europe

An update on cyber activity in eastern Europe.

#GoogleTAG #Eastern #Europe #APT28 #Turla #COLDRIVER #Ghostwriter

·blog.google·May 4, 2022

Update on cyber activity in Eastern Europe

How the French fiber optic cable attacks accentuate critical infrastructure vulnerabilities

The pictures show neatly trimmed fiber optic cables dug up from underground behind what appears to be a well-hidden grate. The apparent simplicity of the sabotage is all the more harrowing in light of how extensively it disrupted Internet service in France, experts said.

#cyberscoop #2022 #en #fiber #optical #cable #attack #French

·cyberscoop.com·May 1, 2022

How the French fiber optic cable attacks accentuate critical infrastructure vulnerabilities

OverWatch Insights: Reviewing a New Intrusion Targeting Mac Systems

While Mac enterprise networks are not as common as Windows, and subject to less targeting by adversaries, recent CrowdStrike Falcon Overwatch observations shed light on sophisticated tactics, techniques and procedures (TTPs) targeting Mac environments.

#crowdstrike #2018 #EN #Mac #macos #tactics #TTP #Intrusion

·crowdstrike.com·Apr 28, 2022

OverWatch Insights: Reviewing a New Intrusion Targeting Mac Systems

2021 Top Routinely Exploited Vulnerabilities | CISA

This joint Cybersecurity Advisory (CSA) was coauthored by cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom: the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS),

#cisa #uscert #csirt #cert #U.-S.-Computer-Emergency-Readiness #top #2021 #top2021 #EN #2022 #Vulnerabilities

·cisa.gov·Apr 28, 2022

2021 Top Routinely Exploited Vulnerabilities | CISA

Securing Cloudflare Using Cloudflare

When a new security threat arises — a publicly exploited vulnerability (like log4j) or the shift from corporate-controlled environments to remote work or a potential threat actor — it is the Security team’s job to respond to protect Cloudflare’s network, customers, and employees. And as security threats evolve, so should our defense system. Cloudflare is committed to bolstering our security posture with best-in-class solutions — which is why we often turn to our own products as any other Cloudflare customer would?

#cloudflare #2022 #EN #FIDO2 #access #control #management

·blog.cloudflare.com·Apr 24, 2022

Securing Cloudflare Using Cloudflare

CatalanGate: Extensive Mercenary Spyware Operation against Catalans Using Pegasus and Candiru

The Citizen Lab, in collaboration with Catalan civil society groups, has identified at least 65 individuals targeted or infected with mercenary spyware, including members of the European Parliament, Catalan Presidents, legislators, jurists, and members of civil society organisations.

#citizenlab #CatalanGate #EN #2022 #Pagasus #Catalan #spyware #EU

·citizenlab.ca·Apr 18, 2022

CatalanGate: Extensive Mercenary Spyware Operation against Catalans Using Pegasus and Candiru

GitHub: Attacker breached dozens of orgs using stolen OAuth tokens

GitHub revealed today that an attacker is using stolen OAuth user tokens (issued to Heroku and Travis-CI) to download data from private repositories.

#Breach #GitHub #OAuth #Warning #bleepingcomputer #EN #2022

·bleepingcomputer.com·Apr 18, 2022

GitHub: Attacker breached dozens of orgs using stolen OAuth tokens

Increased Enterprise Use of iOS, Mac Means More Malware

As use of Apple devices has grown in the enterprise, the company has increasingly become a target for malware threats and other attacks. ISMG spoke with experts and

#Apple #iOS #macOS #MDM #malware-threats #bankinfosecurity #EN #2022 #entreprise

·bankinfosecurity.com·Apr 16, 2022

Increased Enterprise Use of iOS, Mac Means More Malware