cyberveille.decio.ch

cyberveille.decio.ch

7248 bookmarks
Custom sorting
dirDevil: Hiding Code and Content Within Folder…
dirDevil: Hiding Code and Content Within Folder…
You can hide data in directory structures, and it will be more or less invisible without knowing how to decode it. It won't even show up as taking up space on disk. However, its real-world applications may be limited because it is the code execution itself which is often the difficulty with AV/EDR evasion.
·trustedsec.com·
dirDevil: Hiding Code and Content Within Folder…
Spanish Police Arrests NoName Hackers
Spanish Police Arrests NoName Hackers
Spanish Police arrested three individuals on July 20, 2024, who are suspected of participating in a series of cyberattacks targeting critical infrastructure and government institutions in Spain and other NATO countries. The detainees are believed to be affiliated with the hacktivist group NoName057(16), known for its pro-Russian ideology and launching DDoS attacks against entities supporting Ukraine in the ongoing conflict.
·thecyberexpress.com·
Spanish Police Arrests NoName Hackers
Technical Details: Falcon Update for Windows Hosts
Technical Details: Falcon Update for Windows Hosts
On July 19, 2024 at 04:09 UTC, as part of ongoing operations, CrowdStrike released a sensor configuration update to Windows systems. Sensor configuration updates are an ongoing part of the protection mechanisms of the Falcon platform. This configuration update triggered a logic error resulting in a system crash and blue screen (BSOD) on impacted systems. The sensor configuration update that caused the system crash was remediated on Friday, July 19, 2024 05:27 UTC. This issue is not the result of or related to a cyberattack.
·crowdstrike.com·
Technical Details: Falcon Update for Windows Hosts
Helping our customers through the CrowdStrike outage
Helping our customers through the CrowdStrike outage
On July 18, CrowdStrike, an independent cybersecurity company, released a software update that began impacting IT systems globally. Although this was not a Microsoft incident, given it impacts our ecosystem, we want to provide an update on the steps we’ve taken with CrowdStrike and others to remediate and support our customers.
·blogs.microsoft.com·
Helping our customers through the CrowdStrike outage
Trump shooter used Android phone from Samsung; cracked by Cellebrite in 40 minutes - 9to5Mac
Trump shooter used Android phone from Samsung; cracked by Cellebrite in 40 minutes - 9to5Mac
Earlier this week, the FBI announced that it had accessed the locked phone of Thomas Matthew Crooks, the man who opened fire at a Trump rally last Saturday. A new report from Bloomberg today reveals more details about this process and the phone used by Crooks. After Saturday’s Trump rally shooting, the FBI said on Sunday that it had been unsuccessful in unlocking Crooks’ phone. The phone was then sent to the FBI lab in Quanitco, Virginia, and on Tuesday the bureau confirmed that it had successfully unlocked the phone in question.
·9to5mac.com·
Trump shooter used Android phone from Samsung; cracked by Cellebrite in 40 minutes - 9to5Mac
Our Statement on Today's Outage
Our Statement on Today's Outage
I want to sincerely apologize directly to all of you for today’s outage. All of CrowdStrike understands the gravity and impact of the situation. We quickly identified the issue and deployed a fix, allowing us to focus diligently on restoring customer systems as our highest priority. The outage was caused by a defect found in a Falcon content update for Windows hosts. Mac and Linux hosts are not impacted. This was not a cyberattack.
·crowdstrike.com·
Our Statement on Today's Outage
APT41 Has Arisen From the DUST
APT41 Has Arisen From the DUST
  • In collaboration with Google’s Threat Analysis Group (TAG), Mandiant has observed a sustained campaign by the advanced persistent threat group APT41 targeting and successfully compromising multiple organizations operating within the global shipping and logistics, media and entertainment, technology, and automotive sectors. The majority of organizations were operating in Italy, Spain, Taiwan, Thailand, Turkey, and the United Kingdom. APT41 successfully infiltrated and maintained prolonged, unauthorized access to numerous victims' networks since 2023, enabling them to extract sensitive data over an extended period. APT41 used a combination of ANTSWORD and BLUEBEAM web shells for the execution of DUSTPAN to execute BEACON backdoor for command-and-control communication. Later in the intrusion, APT41 leveraged DUSTTRAP, which would lead to hands-on keyboard activity. APT41 used publicly available tools SQLULDR2 for copying data from databases and PINEGROVE to exfiltrate data to Microsoft OneDrive
·cloud.google.com·
APT41 Has Arisen From the DUST
Office of Public Affairs | Two Foreign Nationals Plead Guilty to Participating in LockBit Ransomware Group
Office of Public Affairs | Two Foreign Nationals Plead Guilty to Participating in LockBit Ransomware Group
Two foreign nationals pleaded guilty today to participating in the LockBit ransomware group—at various times the most prolific ransomware variant in the world—and to deploying LockBit attacks against victims in the United States and worldwide.
·justice.gov·
Office of Public Affairs | Two Foreign Nationals Plead Guilty to Participating in LockBit Ransomware Group
Critical Cisco bug lets hackers add root users on SEG devices
Critical Cisco bug lets hackers add root users on SEG devices
Cisco has fixed a critical severity vulnerability that lets attackers add new users with root privileges and permanently crash Security Email Gateway (SEG) appliances using emails with malicious attachments. Tracked as CVE-2024-20401, this arbitrary file write security flaw in the SEG content scanning and message filtering features is caused by an absolute path traversal weakness that allows replacing any file on the underlying operating system.
·bleepingcomputer.com·
Critical Cisco bug lets hackers add root users on SEG devices
Fake AWS Packages Ship Command and Control Malware In JPEG Files
Fake AWS Packages Ship Command and Control Malware In JPEG Files
On July 13, 2024, the Phylum platform alerted us to a series of odd packages published to the npm package registry. At first glance, these packages appear entirely legitimate; however, as our system automatically noted, they contained sophisticated command and control functionality hidden in image files that would be executed
·blog.phylum.io·
Fake AWS Packages Ship Command and Control Malware In JPEG Files
Brief technical analysis of the "Poseidon Stealer" malware
Brief technical analysis of the "Poseidon Stealer" malware
11.07.2024 - At the end of June 2024, cybercriminals spread the malware "Poseidon Stealer" in German-speaking Switzerland by email, using AGOV as a lure with the aim of infecting computers with the macOS operating system. The NCSC has now produced and published a brief technical analysis of the malware. #news
·ncsc.admin.ch·
Brief technical analysis of the "Poseidon Stealer" malware
Uncoordinated Vulnerability Disclosure: The Continuing Issues with CVD
Uncoordinated Vulnerability Disclosure: The Continuing Issues with CVD
On patch Tuesday last week, Microsoft released an update for CVE-2024-38112, which they said was being exploited in the wild. We at the Trend Micro Zero Day Initiative (ZDI) agree with them because that’s what we told them back in May when we detected this exploit in the wild and reported it to Microsoft. However, you may notice that no one from Trend or ZDI was acknowledged by Microsoft. This case has become a microcosm of the problems with coordinated vulnerability disclosure (CVD) as vendors push for coordinated disclosure from researchers but rarely practice any coordination regarding the fix. This lack of transparency from vendors often leaves researchers who practice CVD with more questions than answers.
·zerodayinitiative.com·
Uncoordinated Vulnerability Disclosure: The Continuing Issues with CVD
Kaspersky Lab Closing U.S. Division; Laying Off Workers
Kaspersky Lab Closing U.S. Division; Laying Off Workers
Russian cybersecurity firm, Kaspersky Lab, has told workers in its U.S.-based division that they are being laid off this week and that it is closing its U.S. business, according to several sources. The sudden move comes after the U.S. Commerce Department announced last month that it was banning the sale of Kaspersky software in the U.S. beginning July 20. The company has been selling its software here since 2005.
·zetter-zeroday.com·
Kaspersky Lab Closing U.S. Division; Laying Off Workers