cyberveille.decio.ch

cyberveille.decio.ch

7248 bookmarks
Custom sorting
Risk assessment report on cyber resilience on EU’s telecommunications and electricity sectors
Risk assessment report on cyber resilience on EU’s telecommunications and electricity sectors
EU Member States, with the support of the European Commission and ENISA, the EU Agency for Cybersecurity, published the first report on the cybersecurity and resilience of Europe’s telecommunications and electricity sectors.
·digital-strategy.ec.europa.eu·
Risk assessment report on cyber resilience on EU’s telecommunications and electricity sectors
Certificate Revocation Incident
Certificate Revocation Incident
DigiCert will be revoking certificates that did not have proper Domain Control Verification (DCV). Before issuing a certificate to a customer, DigiCert validates the customer’s control or ownership over the domain name for which they are requesting a certificate using one of several methods approved by the CA/Browser Forum (CABF). One of these methods relies on the customer adding a DNS CNAME record which includes a random value provided to them by DigiCert. DigiCert then does a DNS lookup for the domain and verifies the same random value, thereby proving domain control by the customer..
·digicert.com·
Certificate Revocation Incident
'Fortune 50' Company Made Record-Breaking $75M Ransomware Payment
'Fortune 50' Company Made Record-Breaking $75M Ransomware Payment
A major company made a staggering $75 million ransomware payment to hackers earlier this year, according to cybersecurity vendor Zscaler. Zscaler made the claim in a Tuesday report examining the latest trends in ransomware attacks, which continue to ensnare companies, hospitals, and schools across the country.
·pcmag.com·
'Fortune 50' Company Made Record-Breaking $75M Ransomware Payment
Nouvelles vagues de vandalisme sur les fibres optiques : Internet perturbé en France - Next
Nouvelles vagues de vandalisme sur les fibres optiques : Internet perturbé en France - Next
Cette nuit, de nouveaux actes de vandalisme viennent perturber l’accès à Internet cette fois-ci. Selon nos informations, des fibres « longhaul » (longues distances, généralement plusieurs centaines de kilomètres) sont coupées à plusieurs endroits, provoquant des perturbations au niveau national. Les fibres relient des grandes villes – Paris, Lille, Strasbourg, Marseille, Lyon… – et servent d’artères pour Internet.
·next.ink·
Nouvelles vagues de vandalisme sur les fibres optiques : Internet perturbé en France - Next
CrowdStrike is sued by shareholders over huge software outage
CrowdStrike is sued by shareholders over huge software outage
CrowdStrike (CRWD.O), opens new tab has been sued by shareholders who said the cybersecurity company defrauded them by concealing how its inadequate software testing could cause the July 19 global outage that crashed more than 8 million computers. In a proposed class action filed on Tuesday night in the Austin, Texas federal court, shareholders said they learned that CrowdStrike's assurances about its technology were materially false and misleading when a flawed software update disrupted airlines, banks, hospitals and emergency lines around the world.
·reuters.com·
CrowdStrike is sued by shareholders over huge software outage
'Error' in Microsoft's DDoS defenses amplified Azure outage
'Error' in Microsoft's DDoS defenses amplified Azure outage
o you have problems configuring Microsoft's Defender? You might not be alone: Microsoft admitted that whatever it's using for its defensive implementation exacerbated yesterday's Azure instability. No one has blamed the actual product named "Windows Defender," we must note. According to Microsoft, the initial trigger event for yesterday's outage, which took out great swathes of the web, was a distributed denial-of-service (DDoS) attack. Such attacks are hardly unheard of, and an industry has sprung up around warding them off.
·theregister.com·
'Error' in Microsoft's DDoS defenses amplified Azure outage
Cyberattack hits blood-donation nonprofit OneBlood
Cyberattack hits blood-donation nonprofit OneBlood
A cyberattack has hit a blood-donation nonprofit that serves hundreds of hospitals in the southeastern US. The hack, which was first reported by CNN, has raised concerns about potential impacts on OneBlood’s service to some hospitals, multiple sources familiar with the matter said, and the incident is being investigated as a potential ransomware attack.
·edition.cnn.com·
Cyberattack hits blood-donation nonprofit OneBlood
CrowdStrike's Impact on Aviation
CrowdStrike's Impact on Aviation
Just after midnight Eastern Time on July 19, 2024, the enterprise cybersecurity company CrowdStrike YOLOed a software update to millions of Windows machines. Or as they put it: On July 19, 2024 at 04:09 UTC, as part of ongoing operations, CrowdStrike released a sensor configuration update to Windows systems. That sensor configuration update caused the largest IT outage in history.
·heavymeta.org·
CrowdStrike's Impact on Aviation
Ransomware operators exploit ESXi hypervisor vulnerability for mass encryption | Microsoft Security Blog
Ransomware operators exploit ESXi hypervisor vulnerability for mass encryption | Microsoft Security Blog
Microsoft researchers have uncovered a vulnerability in ESXi hypervisors being exploited by several ransomware operators to obtain full administrative permissions on domain-joined ESXi hypervisors. ESXi is a bare-metal hypervisor that is installed directly onto a physical server and provides direct access and control of underlying resources. ESXi hypervisors host virtual machines that may include critical servers in a network. In a ransomware attack, having full administrative permission on an ESXi hypervisor can mean that the threat actor can encrypt the file system, which may affect the ability of the hosted servers to run and function. It also allows the threat actor to access hosted VMs and possibly to exfiltrate data or move laterally within the network.
·microsoft.com·
Ransomware operators exploit ESXi hypervisor vulnerability for mass encryption | Microsoft Security Blog
LummaC2 Malware Abusing the Game Platform 'Steam' - ASEC BLOG
LummaC2 Malware Abusing the Game Platform 'Steam' - ASEC BLOG
LummaC2 is an Infostealer that is being actively distributed, disguised as illegal programs (e.g. cracks, keygens, and game hacking programs) available from distribution websites, YouTube, and LinkedIn using the SEO poisoning technique. Recently, it has also been distributed via search engine ads, posing as web pages of Notion, Slack, Capcut, etc. Reference: Distribution of MSIX Malware Disguised as Notion Installer
·asec.ahnlab.com·
LummaC2 Malware Abusing the Game Platform 'Steam' - ASEC BLOG
Meta nukes massive Instagram sextortion network of 63,000 accounts
Meta nukes massive Instagram sextortion network of 63,000 accounts
Meta has removed 63,000 Instagram accounts from Nigeria that were involved in sextortion scams, including a coordinated network of 2,500 accounts linked to 20 individuals targeting primarily adult men in the United States. #Computer #Facebook #InfoSec #Instagram #Media #Meta #Scam #Security #Sextortion #Social
·bleepingcomputer.com·
Meta nukes massive Instagram sextortion network of 63,000 accounts
SwRI evaluates cybersecurity risks associated with EV fast-charging equipment | Southwest Research Institute
SwRI evaluates cybersecurity risks associated with EV fast-charging equipment | Southwest Research Institute
Engineers at Southwest Research Institute have identified cybersecurity vulnerabilities with electric vehicles (EVs) using direct current fast-charging systems, the quickest, commonly used way to charge electric vehicles. The high-voltage technology relies on power line communication (PLC) technology to transmit smart-grid data between vehicles and charging equipment. In a laboratory, the SwRI team exploited vulnerabilities in the PLC layer, gaining access to network keys and digital addresses on both the charger and the vehicle.
·swri.org·
SwRI evaluates cybersecurity risks associated with EV fast-charging equipment | Southwest Research Institute
Mid-year Doppelgänger information operations in Europe and the US
Mid-year Doppelgänger information operations in Europe and the US
This report delves into Doppelgänger information operations conducted by Russian actors, focusing on their activities from early June to late-July 2024. Our investigation was motivated by the unexpected snap general election in France, prompting a closer look at Doppelgänger activities during this period. While recent activities have been described since1,2, our first dive into the information operations topic offers a complementary threat-intelligence analysts’ perspective on the matter, brings additional knowledge on associated infrastructure, tactics and motivation in Europe and the United States.
·harfanglab.io·
Mid-year Doppelgänger information operations in Europe and the US
Malicious Python Package Targets macOS Developers
Malicious Python Package Targets macOS Developers
  • A package called “lr-utils-lib” was uploaded to PyPi in early June 2024, containing malicious code that executes automatically upon installation. The malware uses a list of predefined hashes to target specific macOS machines and attempts to harvest Google Cloud authentication data. The harvested credentials are sent to a remote server.
·checkmarx.com·
Malicious Python Package Targets macOS Developers
SeleniumGreed Cryptomining Campaign Exploiting Grid Services | Wiz Blog
SeleniumGreed Cryptomining Campaign Exploiting Grid Services | Wiz Blog
SeleniumGreed is an active crypto-mining campaign targeting older versions of Grid services. Explore the risks, attack methods, and essential security measures. Wiz Research has detected an ongoing threat campaign that exploits exposed Selenium Grid services for cryptomining, dubbed “SeleniumGreed”. Selenium is among the most commonly used testing frameworks. Our data shows that the technology can be found in 30% of cloud environments, and the official selenium/hub docker image has over 100 million pulls in Docker Hub. Unbeknownst to most users, Selenium WebDriver API enables full interaction with the machine itself, including reading and downloading files, and running remote commands. By default, authentication is not enabled for this service. This means that many publicly accessible instances are misconfigured and can be accessed by anyone and abused for malicious purposes. We have identified a threat actor targeting publicly exposed instances of Selenium Grid and leveraging features of Selenium WebDriver API to run Python with a reverse shell to deploy scripts that download a XMRig miner. The threat actor is still active as of this blog post’s date of publication. * We believe this is the first documentation of this misconfiguration being exploited in the wild.
·wiz.io·
SeleniumGreed Cryptomining Campaign Exploiting Grid Services | Wiz Blog
Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services
Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services
Google says it recently fixed an authentication weakness that allowed crooks to circumvent the email verification required to create a Google Workspace account, and leverage that to impersonate a domain holder at third-party services that allow logins through Google’s “Sign in with Google” feature.
·krebsonsecurity.com·
Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services
Windows Security best practices for integrating and managing security tools
Windows Security best practices for integrating and managing security tools
In this blog post, we examine the recent CrowdStrike outage and provide a technical overview of the root cause. We also explain why security products use kernel-mode drivers today and the safety measures Windows provides for third-party solutions. In addition, we share how customers and security vendors can better leverage the integrated security capabilities of Windows for increased security and reliability. Lastly, we provide a look into how Windows will enhance extensibility for future security products.
·microsoft.com·
Windows Security best practices for integrating and managing security tools