Citrix Denial of Service: Analysis of CVE-2024-8534
An analysis of CVE-2024-8534, a memory safety vulnerability leading to memory corruption and Denial of Service in NetScaler ADC and Gateway.
cyberveille.decio.ch
Threat Actors Push ClickFix Fake Browser Updates Using Stolen Credentials
ClickFix fake browser updates are being distributed by bogus WordPress plugins. Learn about the common indicators of compromise.
Unveiling Dark Internet Service Providers: Bulletproof Hosting | by team | Dec, 2024 | Medium
Bulletproof hosting services provide the infrastructure for cybercriminal activities, enabling criminals to evade legal constraints and are often used for malware, hacking attacks, fraudulent…
NATO to launch new cyber center by 2028: Official
The center, called the NATO Integrated Cyber Defense Center, will have multiple locations, but will be headquartered in Mons, Belgium.
Publicités insérées entre les courriels : sanction de 50 millions d’euros à l’encontre de la société ORANGE
Le contexte ORANGE met à disposition de ses clients un service de messagerie électronique (« Mail Orange »). À la suite de plusieurs contrôles, la CNIL a constaté que la société affichait, entre les courriels présents au sein des boîtes de réception des utilisateurs, des annonces publicitaires prenant la forme de courriels.
'Operation Digital Eye' Attack Targets European IT Orgs
A Chinese threat actor infiltrated several IT and security companies in a bring-your-own VS code, with an eye to carrying out a supply-chain-based espionage attack.
Compromising OpenWrt Supply Chain via Truncated SHA-256 Collision and Command Injection - Flatt Security Research
In this article, I explained how I could compromise the sysupgrade.openwrt.org service by exploiting the command injection and the SHA-256 collision. As I never found the hash collision attack in a real-world application, I was surprised that I could successfully exploit it by brute-forcing hashes.
Fraudulent shopping sites tied to cybercrime marketplace taken offline
The investigation began in the autumn of 2022, following reports of fraudulent phone calls in which scammers impersonated bank employees to extract sensitive information, such as addresses and security answers, from victims. The stolen data was traced back to a specialised online marketplace that operated as a central hub for the trade of illegally obtained information.A central hub for cyber...
On These Apps, the Dark Promise of Mothers Sexually Abusing Children
Smartphone apps downloaded from Apple and Google can allow parents and other abusers to connect with pedophiles who pay to watch — and direct — criminal behavior.
BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA
KEY TAKEAWAYS Volexity discovered and reported a vulnerability in Fortinet's Windows VPN client, FortiClient, where user credentials remain in process memory after a user authenticates to the VPN. This vulnerability was abused by BrazenBamboo in their DEEPDATA malware. BrazenBamboo is the threat actor behind development of the LIGHTSPY malware family. LIGHTSPY variants have been discovered for all major operating systems, including iOS, and Volexity has recently discovered a new Windows variant. In July 2024, Volexity identified exploitation of a zero-day credential disclosure vulnerability in Fortinet’s Windows VPN client that allowed credentials to be stolen from the memory of the client’s process. This vulnerability was discovered while analyzing a recent sample of the DEEPDATA malware family. DEEPDATA is a modular post-exploitation tool for the Windows operating system that is used to gather a wide range of information from target devices. Analysis of the sample revealed a plugin that was designed to […]
What a new threat report says about Mac malware in 2024
Apple's macOS has been under siege in 2024 as malware-as-a-service platforms and AI-driven threats make the year a turning point for Mac security.
Moonlock's 2024 macOS threat report
A deep dive into macOS malware this year.
Why Phishers Love New TLDs Like .shop, .top and .xyz
Phishing attacks increased nearly 40 percent in the year ending August 2024, with much of that growth concentrated at a small number of new generic top-level domains (gTLDs) -- such as .shop, .top, .xyz -- that attract scammers with rock-bottom…
Zero-Day: How Attackers Use Corrupted Files to Bypass Detection
See technical analysis of a zero-day attack that uses corrupted malicious files to bypass detection by advanced security systems.
Unidentified Threat Actor Utilizes Android Malware to Target High-Value Assets in South Asia
The team at CYFIRMA analyzed a malicious Android sample designed to target high-value assets in Southern Asia. This sample, attributed to an unknown threat actor, was generated using the Spynote Remote Administration Tool. While the specifics of the targeted asset remain confidential, it is likely that such a target would attract the interest of APT groups. However, we are restricted from disclosing further details about the actual target and its specific region. For a comprehensive analysis, please refer to the detailed report
Log In POLITICO Pro Home Latest news Romanian elections War in Ukraine French political crisis Newsletters Podcasts Poll of Polls Policy news Events News Politics Hungarian CIA reportedly spied on EU officials
Officials from EU anti-fraud office were allegedly followed, wiretapped and had their laptops hacked by Hungary’s intelligence agency.
Tuta has suffered multiple DDoS attacks in one week – but it claims privacy has not been compromised
Some users are still lamenting issues in using the encrypted email service
Meeten Malware: A Cross-Platform Threat to Crypto Wallets on macOS and Windows
Cado Security Labs details the discovery of a new cross-platform information stealer malware dubbed "Meeten" targeting macOS and Windows users.
Ransomware hackers target NHS hospitals with new cyberattacks
Two NHS trusts in England have been hacked in recent weeks, the latest attacks to hit the national health service.
8 US telcos compromised, FBI advises Americans to use encrypted communications - Help Net Security
FBI and CISA officials have advised Americans to use encrypted call and messaging apps to protect their communications from threat actors.
Enhanced Visibility and Hardening Guidance for Communications Infrastructure
This guide provides network engineers and defenders of communications infrastructure with best practices to strengthen their visibility and harden their network
2023 Anna Jaques Hospital data breach impacted +310K people
Anna Jaques Hospital revealed that the ransomware attack it suffered last year has exposed sensitive health data for over 316,000 patients.
zizmor would have caught the Ultralytics workflow vulnerability
TL;DR: zizmor would have caught the vulnerability that caused this…mostly. Read on for details.
Ultralytics AI model hijacked to infect thousands with cryptominer
The popular Ultralytics YOLO11 AI model was compromised in a supply chain attack to deploy cryptominers on devices running versions 8.3.41 and 8.3.42 from the Python Package Index (PyPI)
Unveiling Celular 007: An In-Depth Analysis of Brazilian Stalkerware and Strategies for Collective Protection
Key findings from our analysis include: Advanced Surveillance Capabilities: Utilizes technologies like WebRTC for real-time audio and video streaming. Abuses Accessibility Services to intercept user interactions. Comprehensive Data Exfiltration: Collects and transmits a wide range of personal data, including messages, call logs, and location information. Persistence Mechanisms: Employs techniques to remain active on the device, such as auto-start on boot and misuse of device administrator privileges. Abuse of Legitimate Services: Utilizes Firebase Cloud Messaging to establish command and control channels, disguising its communications as legitimate traffic. Indicators of Compromise (IoCs): Identified specific URLs, IP addresses, file hashes, and other artifacts associated with Celular 007. Need for Collective Protection: * Highlights the importance of collective defense strategies and community awareness to combat such invasive tools.
Roumanie : la Cour constitutionnelle annule le premier tour de l’élection présidentielle du fait de graves manipulations sur TikTok
Cette décision est prise au lendemain de la déclassification de documents du renseignement national faisant état d’une opération d’envergure sur TikTok en faveur du candidat prorusse, Calin Georgescu, arrivé en tête du premier tour de l’élection présidentielle, à la surprise générale.
Le groupe Vidymed touché par une cyberattaque
Le groupe Vidymed, avec 100'000 consultations annuelles, fait face à une cyberattaque. Les autorités vaudoises sont mobilisées pour contenir l'incident. L'ampleur et les conséquences de l'attaque sont en cours d'évaluation.
Protecting Undersea Internet Cables: A Tech Challenge
A recent, alleged Baltic Sea sabotage highlights the system’s fragility
Veeam warns of critical RCE bug in Service Provider Console
Veeam released security updates today to address two Service Provider Console (VSPC) vulnerabilities, including a critical remote code execution (RCE) discovered during internal testing. VSPC, described by the company as a remote-managed BaaS (Backend as a Service) and DRaaS (Disaster Recovery as a Service) platform, is used by service providers to monitor the health and security of customer backups, as well as manage their Veeam-protected virtual, Microsoft 365, and public cloud workloads.
Cisco warns of continued exploitation of 10-year-old ASA bug
Cisco on Dec. 2 updated an advisory from March 18 about a 10-year-old vulnerability in the WebVPN login page of Cisco’s Adaptive Security Appliance (ASA) software that could let an unauthenticated remote attacker conduct a cross-site scripting (XSS) attack. In its recent update, the Cisco Product Security Incident Response Team (PSIRT) said it became aware of additional attempted exploitation of this vulnerability in the wild last month.