cyberveille.decio.ch

cyberveille.decio.ch

7248 bookmarks
Custom sorting
Decrypting Encrypted files from Akira Ransomware (Linux/ESXI variant 2024) using a bunch of GPUs
Decrypting Encrypted files from Akira Ransomware (Linux/ESXI variant 2024) using a bunch of GPUs
I recently helped a company recover their data from the Akira ransomware without paying the ransom. I’m sharing how I did it, along with the full source code. The code is here: https://github.com/yohanes/akira-bruteforce To clarify, multiple ransomware variants have been named Akira over the years, and several versions are currently circulating. The variant I encountered has been active from late 2023 to the present (the company was breached this year).
·tinyhack.com·
Decrypting Encrypted files from Akira Ransomware (Linux/ESXI variant 2024) using a bunch of GPUs
Akira ransomware can be cracked with sixteen RTX 4090 GPUs in around ten hours — new counterattack breaks encryption | Tom's Hardware
Akira ransomware can be cracked with sixteen RTX 4090 GPUs in around ten hours — new counterattack breaks encryption | Tom's Hardware
Tinyhack publishes a full how-to guide on brute-forcing past the Akira ransomware's encryption attack and freeing captive files.
·tomshardware.com·
Akira ransomware can be cracked with sixteen RTX 4090 GPUs in around ten hours — new counterattack breaks encryption | Tom's Hardware
Inside BRUTED: Black Basta (RaaS) Members Used Automated Brute Forcing Framework to Target Edge Network Devices
Inside BRUTED: Black Basta (RaaS) Members Used Automated Brute Forcing Framework to Target Edge Network Devices
On February 11, 2025, a Russian speaking actor using the Telegram handle @ExploitWhispers [1], leaked internal chat logs of Black Basta Ransomware-as-a-Service (RaaS) members [2]. These communications, spanning from September 2023 to September 2024, provide an insider look on the group's operational tactics.
·blog.eclecticiq.com·
Inside BRUTED: Black Basta (RaaS) Members Used Automated Brute Forcing Framework to Target Edge Network Devices
Apple Drops Another WebKit Zero-Day Bug
Apple Drops Another WebKit Zero-Day Bug
For the third time in as many months, Apple has released an emergency patch to fix an already exploited zero-day vulnerability impacting a wide range of its products. The new vulnerability, identified as CVE-2025-24201, exists in Apple's WebKit open source browser engine for rendering Web pages in Safari and other apps across macOS, iOS, and iPadOS. WebKit is a frequent target for attackers because of how deeply integrated it is with Apple's ecosystem.
·darkreading.com·
Apple Drops Another WebKit Zero-Day Bug
New Ransomware Operator Exploits Fortinet Vulnerability Duo
New Ransomware Operator Exploits Fortinet Vulnerability Duo
Between late January and early March, Forescout Research – Vedere Labs identified a series of intrusions based on two Fortinet vulnerabilities. It began with the exploitation of Fortigate firewall appliances — culminating in the deployment of a newly discovered ransomware strain we have dubbed SuperBlack.
·forescout.com·
New Ransomware Operator Exploits Fortinet Vulnerability Duo
ICANN moves to retire Soviet-era .SU country domain name - Domain Name Wire
ICANN moves to retire Soviet-era .SU country domain name - Domain Name Wire
Domain system overseer plans to retire .su in 2030. ICANN has notified the operator of the legacy Soviet Union country code domain, .su, of its plans to retire the domain in five years, Domain Name Wire has learned. The .su namespace, which remains open for new registrations and currently has around 100,000 domain names, is […]
·domainnamewire.com·
ICANN moves to retire Soviet-era .SU country domain name - Domain Name Wire
Rapport menaces et incidents - CERT-FR
Rapport menaces et incidents - CERT-FR
Dans cette quatrième édition du panorama de la menace, l’Agence nationale de la sécurité des systèmes d’information (ANSSI) revient sur les grandes tendances de la menace informatique ainsi que sur les éléments et incidents marquants dont elle a eu connaissance en 2024. Dans la continuité des années précédentes, l’ANSSI estime aujourd’hui que les attaquants liés à l’écosystème cybercriminel ou réputés liés à la Chine et la Russie constituent les trois principales menaces tant pour les systèmes d’information les plus critiques que pour l’écosystème national de manière systémique. L’année 2024 aura également été marquée par l’organisation des Jeux Olympiques et Paralympiques de Paris ainsi que par le nombre et l’impact des vulnérabilités affectant les équipements de sécurité situés en bordure de SI.
·cert.ssi.gouv.fr·
Rapport menaces et incidents - CERT-FR
GreyNoise Detects Mass Exploitation of Critical PHP-CGI Vulnerability (CVE-2024-4577)
GreyNoise Detects Mass Exploitation of Critical PHP-CGI Vulnerability (CVE-2024-4577)
‍GreyNoise data confirms that exploitation of CVE-2024-4577 extends far beyond initial reports. Attack attempts have been observed across multiple regions, with notable spikes in the United States, Singapore, Japan, and other countries throughout January 2025.
·greynoise.io·
GreyNoise Detects Mass Exploitation of Critical PHP-CGI Vulnerability (CVE-2024-4577)
ENQUETE. "TrackingFiles" : comment la vie privée de militaires, de diplomates et du personnel politique français est exposée par les données de géolocalisation
ENQUETE. "TrackingFiles" : comment la vie privée de militaires, de diplomates et du personnel politique français est exposée par les données de géolocalisation
En collaboration avec "L'Œil du 20 heures", franceinfo a enquêté sur des données de géolocalisation de millions de téléphones en France, permettant d'identifier la vie privée de salariés de l'armée, de la DGSE, de lieux de pouvoir ou d'autres sites sensibles.
·francetvinfo.fr·
ENQUETE. "TrackingFiles" : comment la vie privée de militaires, de diplomates et du personnel politique français est exposée par les données de géolocalisation
Silk Typhoon targeting IT supply chain
Silk Typhoon targeting IT supply chain
Silk Typhoon is a Chinese state actor focused on espionage campaigns targeting a wide range of industries in the US and throughout the world. In recent months, Silk Typhoon has shifted to performing IT supply chain attacks to gain access to targets. In this blog, we provide an overview of the threat actor along with insight into their recent activity as well as their longstanding tactics, techniques, and procedures (TTPs), including a persistent interest in the exploitation of zero-day vulnerabilities in various public-facing appliances and moving from on-premises to cloud environments.
·microsoft.com·
Silk Typhoon targeting IT supply chain
District of Columbia | Chinese Nationals with Ties to the PRC Government and “APT27” Charged in a Computer Hacking Campaign for Profit, Targeting Numerous U.S. Companies, Institutions, and Municipalities | United States Department of Justice
District of Columbia | Chinese Nationals with Ties to the PRC Government and “APT27” Charged in a Computer Hacking Campaign for Profit, Targeting Numerous U.S. Companies, Institutions, and Municipalities | United States Department of Justice
A federal judge in Washington, D.C., today, unsealed two separate indictments that allege Chinese nationals Yin Kecheng, 38, (尹 可成) a/k/a “YKC” (“YIN”) and Zhou Shuai, 45, (周帅) a/k/a “Coldface” (“ZHOU”) violated various federal statutes by participating in years-long, sophisticated computer hacking conspiracies that successfully targeted a wide variety of U.S.-based victims
·justice.gov·
District of Columbia | Chinese Nationals with Ties to the PRC Government and “APT27” Charged in a Computer Hacking Campaign for Profit, Targeting Numerous U.S. Companies, Institutions, and Municipalities | United States Department of Justice