cyberveille.decio.ch

7048 bookmarks

Custom sorting

Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models

At Project Zero, we constantly seek to expand the scope and effectiveness of our vulnerability research. Though much of our work still relies on traditional methods like manual source code audits and reverse engineering, we're always looking for new approaches. As the code comprehension and general reasoning ability of Large Language Models (LLMs) has improved, we have been exploring how these models can reproduce the systematic approach of a human security researcher when identifying and demonstrating security vulnerabilities. We hope that in the future, this can close some of the blind spots of current automated vulnerability discovery approaches, and enable automated detection of "unfuzzable" vulnerabilities.

#googleprojectzero #EN #2024 #Offensive #Project-Naptime #LLM

·googleprojectzero.blogspot.com·Jun 21, 2024

Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models

London hospital attackers started leaking blood test data

Cybercriminals behind attacks disrupting at least five London hospitals leaked nearly 400 gigabytes of data, which reportedly included blood test information. Qilin ransomware started leaking data stolen from England National Health Service (NHS) partner Synnovis labs. According to reports from the BBC, the data includes patient names, dates of birth, NHS numbers, descriptions of blood tests, and other information.

#cybernews #EN #2024 #London #hospital #Qilin #blood #NHS #data-leak

·cybernews.com·Jun 21, 2024

London hospital attackers started leaking blood test data

Russian spies' hacking campaign is 'endangering' French diplomatic interests

An alert from France's ANSSI confirms several incidents that had previously been publicly reported and attributed to the Kremlin-backed hacking group that the French agency tracks as Nobelium.

#therecord.media #EN #2024 #ANSSI #France #interests #Russia #NOBELIUM

·therecord.media·Jun 21, 2024

Russian spies' hacking campaign is 'endangering' French diplomatic interests

US bans sale of Kaspersky software citing security risk from Russia

U.S. officials imposed the “first of its kind” ban arguing that Kaspersky threatens U.S. national security because of its links to Russia.

#techcrunch #EN #2024 #US #ban #Kaspersky #Russia #Russia-Ukraine-war #risk

·techcrunch.com·Jun 21, 2024

US bans sale of Kaspersky software citing security risk from Russia

In China, AI transformed Ukrainian YouTuber into a Russian

Olga Loiek, a University of Pennsylvania student was looking for an audience on the internet – just not like this. Shortly after launching a YouTube channel in November last year, Loiek, a 21-year-old from Ukraine, found her image had been taken and spun through artificial intelligence to create alter egos on Chinese social media platforms. Her digital doppelgangers - like "Natasha" - claimed to be Russian women fluent in Chinese who wanted to thank China for its support of Russia and make a little money on the side selling products such as Russian candies.

#reuters #EN #2024 #AI #Ukrainian #YouTuber #Russia #China #fake

·reuters.com·Jun 21, 2024

In China, AI transformed Ukrainian YouTuber into a Russian

Attacco Informatico all'ASST Rhodense: Cicada3301 pubblica 1 TB di Dati Sensibili liberamente scaricabili

L'attacco informatico che ha colpito la ASST Rhodense è stato rivendicato dalla cybergang Cicada3301 che Ruba 1 TB di Dati Sensibili

#redhotcyber #IT #2024 #ASST #Rhodense #Cicada3301 #Dati #Sensibili

·redhotcyber.com·Jun 20, 2024

Attacco Informatico all'ASST Rhodense: Cicada3301 pubblica 1 TB di Dati Sensibili liberamente scaricabili

Russians told to mobilise to inflict 'maximum harm' on West in response to sanctions

One of Russia's top security officials called on Thursday for Russians to mobilise to inflict "maximum harm" on Western societies and infrastructure as payback for increasingly tough sanctions being imposed on Moscow by the U.S. and its allies.

#reuters #EN #2024 #maximum-harm #Russia #Russia-Ukraine-war

·reuters.com·Jun 20, 2024

Russians told to mobilise to inflict 'maximum harm' on West in response to sanctions

Ransom-War Part 3: Inflict Maximum Damage

Dmitry Medvedev’s June 13 call to do “maximum harm” to Western infrastructure is not so new: Russian strategists have thought about using ransomware to pressure adversary countries since at least 2016

#nattothoughts #EN #2024 #ransomware #war #maximum-harm

·nattothoughts.substack.com·Jun 20, 2024

Ransom-War Part 3: Inflict Maximum Damage

Aggiornamento attacco hacker 2024 - Croce Rossa Italiana

Come già comunicato, il 18 gennaio di quest’anno i sistemi informatici della Croce Rossa Italiana hanno subito un attacco hacker. Nonostante inizialmente,

#cri.it #IT #2024 #comunicato #attacco #hacker #Croce-Rossa

·cri.it·Jun 20, 2024

Aggiornamento attacco hacker 2024 - Croce Rossa Italiana

Zero-Click Critical Microsoft Outlook Vulnerability. What You Need to Know.

Critical Microsoft Outlook vulnerability, CVE-2024-30103, and step-by-step instructions to force an update to all your end points.

#ironscales #EN #2024 #CVE-2024-30103 #Microsoft #Outlook #vulnerability

·ironscales.com·Jun 19, 2024

Zero-Click Critical Microsoft Outlook Vulnerability. What You Need to Know.

La Croix-Rouge italienne touchée par une fuite massive de données, le CICR enquête

La Croix-Rouge italienne touchée par une fuite massive de données, le CICR enquête Un volume très important de données a été volé à la Croix-Rouge italienne. En 2022 déjà, des informations sensibles avaient été subtilisées au CICR. Lors de sa grande conférence d’octobre, l’organisation humanitaire va insister sur l'importance de protéger les données humanitaires

#letemps #CH #FR #Croix-Rouge #italienne #fuite #data-leak #darkweb

·letemps.ch·Jun 19, 2024

La Croix-Rouge italienne touchée par une fuite massive de données, le CICR enquête

UK Hospital Hackers Say They’ve Demanded $50 Million in Ransom - Bloomberg

A cohort of Russian-speaking hackers is demanding $50 million from a UK lab-services provider to end a ransomware attack that has paralyzed services at London hospitals for weeks, according to a representative for the group. #Britain #Cancer #Ciaran #Europe #Government #Great #HEALTH #Kingdom #London #Martin #NATIONAL #Regulation #SERVICE #United #business #cybersecni #cybersecurity #technology

#Cancer #Europe #Ciaran #Britain #Great #Martin #HEALTH #Regulation #SERVICE #Government #business #cybersecurity #NATIONAL #cybersecni #Kingdom #technology #United #London

·bloomberg.com·Jun 19, 2024

UK Hospital Hackers Say They’ve Demanded $50 Million in Ransom - Bloomberg

ChatGPT-4, Mistral, other AI chatbots spread Russian propaganda

A NewsGuard audit found that chatbots spewed misinformation from American fugitive John Mark Dougan. #AI #Axios #ChatGPT #Google #Illustrations #License #Microsoft #Misinformation #OpenAI #Visuals #genAI #generative #or

#Google #Illustrations #OpenAI #or #Misinformation #AI #Axios #Visuals #Microsoft #License #genAI #generative #ChatGPT

·axios.com·Jun 19, 2024

ChatGPT-4, Mistral, other AI chatbots spread Russian propaganda

SolarMarker Impersonates Job Employment Website, Indeed,…

Learn more about SolarMarker impersonating a job employment website, Indeed, and get security recommendations from our Threat Response Unit (TRU) to…

#esentire #2024 #SolarMarker #Impersonates #Job #Employment #Website

·esentire.com·Jun 19, 2024

SolarMarker Impersonates Job Employment Website, Indeed,…

All households in Scottish region to get alert about hackers publishing stolen medical data

The residents of Dumfries and Galloway are being warned their data was likely compromised in a February ransomware attack on the National Health Service (NHS).

#therecord.media #EN #2024 #NHS #Scotland #dataleak #medical #data #ransomware

·therecord.media·Jun 19, 2024

All households in Scottish region to get alert about hackers publishing stolen medical data

UNC3944 Targets SaaS Applications

UNC3944 is a financially motivated threat group that carries significant overlap with public reporting of "0ktapus," "Octo Tempest," "Scatter Swine," and "Scattered Spider" and has been observed adapting its tactics to include data theft from software-as-a-service (SaaS) applications to attacker-owned cloud storage objects (using cloud synchronization tools), persistence mechanisms against virtualization platforms, and lateral movement via SaaS permissions abuse. Active since at least May 2022, UNC3944 has leveraged underground communities like Telegram to acquire tools, services, and support to enhance their operations.

#Mandiant #EN #2024 #UNC3944 #SaaS #Applications #Scattered-Spider #TTPs

·cloud.google.com·Jun 19, 2024

UNC3944 Targets SaaS Applications

Attacco hacker all'Asst Rhodense, due settimane per il ripristino dei sistemi. Disservizi anche in altri ospedali per problemi al data center di Aria | Corriere.it

L'Agenzia per la cybersicurezza nazionale al lavoro. Ancora bloccati esami e interventi non urgenti

#milano.corriere.it #IT #attacco #hacker #asst #rhodense #due #ospedali #salute #Milano

·milano.corriere.it·Jun 19, 2024

Attacco hacker all'Asst Rhodense, due settimane per il ripristino dei sistemi. Disservizi anche in altri ospedali per problemi al data center di Aria | Corriere.it

Comment une nébuleuse, "The Comm", a engendré l’un des gangs les plus craints du moment, Scattered Spider

Enfin une bonne nouvelle à propos de Scattered Spider, ce gang de cybercriminels actif depuis le printemps 2022 ? La presse espagnole vient d’annoncer l’arrestation d’un Anglais présenté comme l’un des leaders de ce groupe informel de pirates informatiques. Le jeune homme de 22 ans s'apprêtait à s’envoler vers l’Italie quand il a été arrêté à Palma de Majorque, dans l’archipel des Baléares.

#usine-digitale #FR #2024 #Scattered-Spider #Lapsus$#ALPHV/BlackCat #alliance #gang #The-Comm

·usine-digitale.fr·Jun 19, 2024

Comment une nébuleuse, "The Comm", a engendré l’un des gangs les plus craints du moment, Scattered Spider

Security bug allows anyone to spoof Microsoft employee emails

A researcher has found a way to impersonate Microsoft corporate email accounts, which could make phishing attacks harder to spot.

#techcrunch #EN #2024 #microsoft #researcher #bug #email #phishing

·techcrunch.com·Jun 19, 2024

Security bug allows anyone to spoof Microsoft employee emails

Suspected 'Scattered Spider' hacker, 22, reportedly arrested in Spain

Spanish newspaper Murcia Today reported that a British man was detained at Palma Airport as he prepared to board a flight to Italy.

#therecord.media #EN #2024 #busted #arrested #Scattered-Spider #member

·therecord.media·Jun 18, 2024

Suspected 'Scattered Spider' hacker, 22, reportedly arrested in Spain

Les résultats et les suites de l’enquête administrative dans l’affaire Xplain

L'affaire Xplain a mis en évidence toutes les difficultés liées à la gestion d'un projet informatique complexe mené entre différents acteurs publics et privés. Plusieurs leçons ont pu être tirées pouvant certainement s'appliquer à d'autres situations comparables, quels que soient les acteurs concernés. Tour d'horizon des erreurs commises et des mesures ayant été prises

#swissprivacy #CH #FR #leal #Xplain #résultats #leçons

·swissprivacy.law·Jun 17, 2024

Les résultats et les suites de l’enquête administrative dans l’affaire Xplain

New Wi-Fi Takeover Attack—All Windows Users Warned To Update Now

Microsoft has released a critical security update for users of all supported Windows versions as a new Wi-Fi compromise requiring no authentication has been confirmed.

#forbes #EN #2024 #Wi-Fi #Wi-Fi-Attack #CVE-2024-30078 #Windows-Wi-Fi-Attack #Windows-Security #Patch-Tuesday #Windows-Wi-Fi-vulnerability

·forbes.com·Jun 17, 2024

New Wi-Fi Takeover Attack—All Windows Users Warned To Update Now

Hackers Detail How They Allegedly Stole Ticketmaster Data From Snowflake

A ShinyHunters hacker tells WIRED that they gained access to Ticketmaster’s Snowflake cloud account—and others—by first breaching a third-party contractor.

#wired #EN #2024 #ShinyHunters #Ticketmaster #Snowflake #Russia

·wired.com·Jun 17, 2024

Hackers Detail How They Allegedly Stole Ticketmaster Data From Snowflake

Newly discovered: BadSpace backdoor delivered by high-ranking websites

Threat actors deliver fake software updates on websites for popular browsers: Sites with a high search engine ranking are at an increased risk.

#gdatasoftware #EN #2024 #analysis #BadSpace #backdoor #high-ranking #websites

·gdatasoftware.com·Jun 17, 2024

Newly discovered: BadSpace backdoor delivered by high-ranking websites

Microsoft Refused to Fix Flaw Years Before SolarWinds Hack

Former employee says software giant dismissed his warnings about a critical flaw because it feared losing government business. Russian hackers later used the weakness to breach the National Nuclear Security Administration, among others.

#propublica #EN #2024 #Microsoft #problem #critical #flaw #losing #government #business #SolarWinds

·propublica.org·Jun 17, 2024

Microsoft Refused to Fix Flaw Years Before SolarWinds Hack

New ARM 'TIKTAG' attack impacts Google Chrome, Linux systems

A new speculative execution attack named

#bleepingcomputer #EN #2024 #ARM #Hardware #Memory #Processor #Speculative-Execution #TIKTAG

·bleepingcomputer.com·Jun 17, 2024

New ARM 'TIKTAG' attack impacts Google Chrome, Linux systems

Arm Warns of Actively Exploited Zero-Day Vulnerability in Mali GPU Drivers

Arm discloses a critical vulnerability (CVE-2024-4610) in Mali GPU Kernel Drivers. This flaw, actively exploited, affects versions from r34p0 to r40p0

#thehackernews #EN #2024 #ARM #CVE-2024-4610 #Mali #GPU #Kernel #Drivers #ero-Day #Vulnerability

·thehackernews.com·Jun 15, 2024

Arm Warns of Actively Exploited Zero-Day Vulnerability in Mali GPU Drivers

Black Basta ransomware gang linked to Windows zero-day attacks

The Cardinal cybercrime group (Storm-1811, UNC4394), who are the main operators of the Black Basta ransomware, is suspected of exploiting a Windows privilege escalation vulnerability, CVE-2024-26169, before a fix was made available.

#bleepingcomputer #en #2024 #Actively-Exploited #Black-Basta #Ransomware #Vulnerability #Zero-Day #CVE-2024-26169

·bleepingcomputer.com·Jun 15, 2024

Black Basta ransomware gang linked to Windows zero-day attacks

The mystery of an alleged data broker’s data breach

The breached data appears partly legitimate — if imperfect — but also widely available for sale by data brokers.

#techcrunch #EN #2024 #data-broker #breach #mistery

·techcrunch.com·Jun 15, 2024

The mystery of an alleged data broker’s data breach

New York Times warns freelancers of GitHub repo data breach

The New York Times notified an undisclosed number of contributors that some of their sensitive personal information was stolen and leaked after its GitHub repositories were breached in January 2024.

#bleepingcomputer #EN #2024 #Breach #Data-Breach #GitHub #Hack #The-New-York-Times

·bleepingcomputer.com·Jun 15, 2024

New York Times warns freelancers of GitHub repo data breach