cyberveille.decio.ch

cyberveille.decio.ch

7248 bookmarks
Custom sorting
Improving Apache httpd Protections Proactively with Orange Tsai of DEVCORE
Improving Apache httpd Protections Proactively with Orange Tsai of DEVCORE
  • In collaboration with renowned security researcher Orange Tsai and DEVCORE, Akamai researchers have issued early-release remediations to Apache CVEs for our Akamai App & API Protector customers. Tsai presented his research at Black Hat USA 2024 and outlined the details for many Apache HTTP Server (httpd) vulnerabilities that were recently patched. Before his Black Hat presentation, the Akamai Security Intelligence Group (SIG) proactively contacted Tsai to facilitate the sharing of technique details for proactive defense for our customers. * App & API Protector customers who are in automatic mode have existing and updated protections.
·akamai.com·
Improving Apache httpd Protections Proactively with Orange Tsai of DEVCORE
Chained for attack: OpenVPN vulnerabilities discovered leading to RCE and LPE | Microsoft Security Blog
Chained for attack: OpenVPN vulnerabilities discovered leading to RCE and LPE | Microsoft Security Blog
Microsoft researchers found multiple vulnerabilities in OpenVPN that could lead to an attack chain allowing remote code execution and local privilege escalation. This attack chain could enable attackers to gain full control over targeted endpoints, potentially resulting in data breaches, system compromise, and unauthorized access to sensitive information.
·microsoft.com·
Chained for attack: OpenVPN vulnerabilities discovered leading to RCE and LPE | Microsoft Security Blog
A Dive into Earth Baku’s Latest Campaign
A Dive into Earth Baku’s Latest Campaign
Since late 2022, Earth Baku has broadened its scope from the Indo-Pacific region to Europe, the Middle East, and Africa. Their latest operations demonstrate sophisticated techniques, such as exploiting public-facing applications like IIS servers for initial access and deploying the Godzilla webshell for command and control.
·trendmicro.com·
A Dive into Earth Baku’s Latest Campaign
Hackers leak 2.7 billion data records with Social Security numbers
Hackers leak 2.7 billion data records with Social Security numbers
Almost 2.7 billion records of personal information for people in the United States were leaked on a hacking forum, exposing names, social security numbers, all known physical addresses, and possible aliases.
·bleepingcomputer.com·
Hackers leak 2.7 billion data records with Social Security numbers
Threat Actors’ Toolkit: Leveraging Sliver, PoshC2 & Batch Scripts
Threat Actors’ Toolkit: Leveraging Sliver, PoshC2 & Batch Scripts
  • In early December of 2023, we discovered an open directory filled with batch scripts, primarily designed for defense evasion and executing command and control payloads. These scripts execute various actions, including disabling antivirus processes and stopping services related to SQL, Hyper-V, security tools, and Exchange servers. This report also highlights scripts responsible for erasing backups, wiping event logs, and managing the installation or removal of remote monitoring tools like Atera. Our investigation uncovered the use of additional tools, including Ngrok for proxy services, SystemBC, and two well-known command and control frameworks: Sliver and PoshC2. The observed servers show long term usage by the threat actors, appearing in The DFIR Report Threat Feeds as far back as September 2023. They have been active intermittently since then, with the most recent activity detected in August 2024. Ten new sigma rules were created from this report and added to our private sigma ruleset
·thedfirreport.com·
Threat Actors’ Toolkit: Leveraging Sliver, PoshC2 & Batch Scripts
AMD won't patch all chips affected by severe data theft vulnerability — Ryzen 3000, 2000, and 1000 will not get patched for 'Sinkclose' | Tom's Hardware
AMD won't patch all chips affected by severe data theft vulnerability — Ryzen 3000, 2000, and 1000 will not get patched for 'Sinkclose' | Tom's Hardware
AMD released patches to address the Sinkclose vulnerability, but not all chips are covered. The company also said 'No performance impact expected', which means that its likely still conducting final validation and testing of the patch and how it impacts the overall performance of the system.
·tomshardware.com·
AMD won't patch all chips affected by severe data theft vulnerability — Ryzen 3000, 2000, and 1000 will not get patched for 'Sinkclose' | Tom's Hardware
Hackers Steal Trump’s JD Vance ‘Dirty Laundry’ Dossier As 2016 Strikes Again
Hackers Steal Trump’s JD Vance ‘Dirty Laundry’ Dossier As 2016 Strikes Again
Hackers tried to interfere with the 2016 and 2024 presidential election campaigns, but now the Trump 2024 campaign has been hacked and confidential Vance dossier stolen.
·forbes.com·
Hackers Steal Trump’s JD Vance ‘Dirty Laundry’ Dossier As 2016 Strikes Again
New AMD SinkClose flaw helps install nearly undetectable malware
New AMD SinkClose flaw helps install nearly undetectable malware
AMD is warning about a high-severity CPU vulnerability named SinkClose that impacts multiple generations of its EPYC, Ryzen, and Threadripper processors. The vulnerability allows attackers with Kernel-level (Ring 0) privileges to gain Ring -2 privileges and install malware that becomes nearly undetectable.
·bleepingcomputer.com·
New AMD SinkClose flaw helps install nearly undetectable malware
Treasury Sanctions Leader and Primary Member of the Cyber Army of Russia Reborn | U.S. Department of the Treasury
Treasury Sanctions Leader and Primary Member of the Cyber Army of Russia Reborn | U.S. Department of the Treasury
The United States exposes the identity of and imposes sanctions on two members of the Russian government-aligned hacktivist group.WASHINGTON — Today, the United States designated Yuliya Vladimirovna Pankratova (Pankratova) and Denis Olegovich Degtyarenko (Degtyarenko), two members of the Russian hacktivist group Cyber Army of Russia Reborn (CARR) for their roles in cyber operations against U.S. critical infrastructure
·home.treasury.gov·
Treasury Sanctions Leader and Primary Member of the Cyber Army of Russia Reborn | U.S. Department of the Treasury
Akamai Blocked 419 TB of Malicious Traffic in a 24-Hour DDoS Attack
Akamai Blocked 419 TB of Malicious Traffic in a 24-Hour DDoS Attack
On July 15, 2024, Akamai prevented one of the largest distributed denial-of-service (DDoS) cyberattacks it has ever observed against a major financial services company in Israel. The highly sophisticated, high-volume attack lasted almost 24 hours. The attacker deployed larger-than-usual resources, indicating a serious risk for future attacks. Other Israeli financial institutions reportedly suffered outages and downtimes on the same day, potentially due to the same type of attack and the same aggressor.
·akamai.com·
Akamai Blocked 419 TB of Malicious Traffic in a 24-Hour DDoS Attack
Major Payment Disruption: Ransomware Strikes Indian Banking Infrastructure
Major Payment Disruption: Ransomware Strikes Indian Banking Infrastructure
CloudSEK's threat research team has uncovered a ransomware attack disrupting India's banking system, targeting banks and payment providers. Initiated through a misconfigured Jenkins server at Brontoo Technology Solutions, the attack is linked to the RansomEXX group.
·cloudsek.com·
Major Payment Disruption: Ransomware Strikes Indian Banking Infrastructure