Russia Steps Up a Covert Sabotage Campaign Aimed at Europe
Russian military intelligence, the G.R.U., is behind arson attacks aimed at undermining support for Ukraine’s war effort, security officials say.
cyberveille.decio.ch
Exploiting the Cloud: How SMS Scammers are using Amazon, Google and IBM Cloud Services to Steal Customer Data
Discover how SMS scammers are exploiting cloud storage to host scam websites with the intention of stealing sensitive information
New ShrinkLocker ransomware uses BitLocker to encrypt your files
A new ransomware strain called ShrinkLocker creates a new boot partition to encrypt corporate systems using Windows BitLocker.
Cyber Criminals Exploit GitHub and FileZilla to Deliver Malware Cocktail
A "multi-faceted campaign" has been observed abusing legitimate services like GitHub and FileZilla to deliver an array of stealer malware and banking trojans such as Atomic (aka AMOS), Vidar, Lumma (aka LummaC2), and Octo by impersonating credible software like 1Password, Bartender 5, and Pixelmator Pro.
Foxit PDF “Flawed Design” Exploitation
PDF (Portable Document Format) files have become an integral part of modern digital communication. Renowned for their universality and fidelity, PDFs offer a robust platform for sharing documents across diverse computing environments. PDFs have evolved into a standard format for presenting text, images, and multimedia content with consistent layout and formatting, irrespective of the software, hardware, or operating system used to view them. This versatility has made PDFs indispensable in fields ranging from business and academia to government and personal use, serving as a reliable means of exchanging information in a structured and accessible manner.
Invisible miners: unveiling GHOSTENGINE’s crypto mining operations — Elastic Security Labs
Elastic Security Labs has identified REF4578, an intrusion set incorporating several malicious modules and leveraging vulnerable drivers to disable known security solutions (EDRs) for crypto mining.
A Catalog of Hazardous AV Sites – A Tale of Malware Hosting
In mid-April 2024, Trellix Advanced Research Center team members observed multiple fake AV sites hosting highly sophisticated malicious files such as APK, EXE and Inno setup installer that includes Spy and Stealer capabilities. Hosting malicious software through sites which look legitimate is predatory to general consumers, especially those who look to protect their devices from cyber-attacks. The hosted websites made to look legitimate are listed below.
Putin hijacked Austria’s spy service. Now he's going after its government
Intelligence officials suspect Wirecard COO Jan Marsalek of colluding with the far-right Freedom Party on Moscow’s behalf.
How ransomware abuses BitLocker | Securelist
The Kaspersky GERT has detected a VBS script that has been abusing Microsoft Windows features by modifying the system to lower the defenses and using the local MS BitLocker utility to encrypt entire drives and demand a ransom. #BitLocker #Data #Descriptions #Encryption #Incident #Malware #Microsoft #Ransomware #Technologies #Windows #response
Hacker defaces spyware app’s site, dumps database and source code
A hacker has defaced the website of the pcTattletale spyware application, found on the booking systems of several Wyndham hotels in the United States, and leaked over a dozen archives containing database and source code data.
Stark Industries Solutions: An Iron Hammer in the Cloud
Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government and commercial targets in Ukraine and…
Why Your Wi-Fi Router Doubles as an Apple AirTag
Apple and the satellite-based broadband service Starlink each recently took steps to address new research into the potential security and privacy implications of how their services geo-locate devices. Researchers from the University of Maryland say they relied on publicly available…
Malicious PyPI packages targeting highly specific MacOS machines
In this post, we analyze a cluster of malicious PyPI packages targeting specific MacOS machines.
How Apple Wi-Fi Positioning System can be abused to track people around the globe
Academics have suggested that Apple's Wi-Fi Positioning System (WPS) can be abused to create a global privacy nightmare. In a paper titled, "Surveilling the Masses with Wi-Fi-Based Positioning Systems," Erik Rye, a PhD student at the University of Maryland (UMD) in the US, and Dave Levin, associate professor at UMD, describe how the design of Apple's WPS facilitates mass surveillance, even of those not using Apple devices.
A root-server at the Internet’s core lost touch with its peers. We still don’t know why.
For 4 days, the c-root server maintained by Cogent lost touch with its 12 peers.
Les retards du serveur racine C
On fait souvent remarquer que c'est pendant les pannes qu'on peut le mieux observer comment un système marche. Les perturbations qui affectent le serveur racine du DNS identifié par la lettre C sont donc l'occasion d'apprendre comment fonctionne ce système des serveurs racine.
CVE-2024-4978: Backdoored Justice AV Solutions Viewer Software Used in Apparent Supply Chain Attack | Rapid7 Blog
Justice AV Solutions (JAVS) is a U.S.-based company specializing in digital audio-visual recording solutions for courtroom environments. According to the vendor’s website, JAVS technologies are used in courtrooms, chambers and jury rooms, jail and prison facilities, and council, hearing, and lecture rooms. Their company website cites over 10,000 installations of their technologies worldwide.
When privacy expires: how I got access to tons of sensitive citizen data after buying cheap domains
Cybersecurity has always been transient: what is deemed to be secure today, may be considered easily hackable tomorrow. Domain names in web and e-mail addresses, such as info@inti.io, are leased in time. This means that if nobody thinks of renewing them after they expire, they will be put up for sale. It made me wonder what would happen to the graveyard of cloud accounts attached to the e-mail addresses that once belonged to these expired domains.
Criminal record database of millions of Americans dumped online
A notorious cybercriminal involved in breaches has released a database containing 70 million US criminal records.
CVE-2023-34992: Fortinet FortiSIEM Command Injection Deep-Dive
CVE-2023-34992 Fortinet FortiSIEM Command Injection Deep-Dive and Indicators of Compromise. This blog details a command injection vulnerability which allows an unauthenticated attacker to access the FortiSIEM server as root to execute arbitrary commands.
Critical Flaws in Cacti Framework Could Let Attackers Execute Malicious Code
The maintainers of the Cacti open-source network monitoring and fault management framework have addressed a dozen security flaws, including two critical issues that could lead to the execution of arbitrary code.
Così le autorità sono arrivate Dmitry Yuryevich Khoroshev, il leader di LockBit
USA, UK e Australia dicono di aver trovate il leader russo della più pericolosa organizzazione di ransomware al mondo. Ma avranno davvero ragione?
'Got that boomer!': How cybercriminals steal one-time passcodes for SIM swap attacks and raiding bank accounts | TechCrunch
The incoming phone call flashes on a victim’s phone. It may only last a few seconds, but can end with the victim handing over codes that give cybercriminals the ability to hijack their online accounts or drain their crypto and digital wallets. “This is the PayPal security team here. We’ve detected some unusual activity on your account and are calling you as a precautionary measure,” the caller’s robotic voice says. “Please enter the six-digit security code that we’ve sent to your mobile device.”
QNAPping At The Wheel (CVE-2024-27130 and friends)
Infosec is, at it’s heart, all about that data. Obtaining access to it (or disrupting access to it) is in every ransomware gang and APT group’s top-10 to-do-list items, and so it makes sense that our research voyage would, at some point, cross paths with products intended to manage - and safeguard - this precious resource.
Andrew Tate’s The Real World exposes 22M user messages
The Real World, a learning platform from the controversial social media personality Andrew Tate, has leaked nearly a million users and over 22 million messages. Hundreds of thousands of exposed users, millions of messages, and session tokens – that’s the reality that The Real World finds itself in. The Cybernews research team has uncovered an exposed MongoDB instance with 88GB from one of The Real World’s servers.
Exclusive: Flutterwave loses ₦11 billion in security breach
One month after obtaining a court order to recover $24 million lost to unauthorised POS transactions, Flutterwave suffered another security breach that allowed unknown persons to divert billions of naira to several bank accounts. The perpetrators illegally transferred ₦11 billion ($7 million) to several accounts in April 2024, one financial services insider with direct knowledge of the incident said. A second insider claimed the amount involved was at least ₦20 billion ($13.5 million).
Arup revealed as victim of $25 million deepfake scam involving Hong Kong employee | CNN Business
A British multinational design and engineering company behind world-famous buildings such as the Sydney Opera House has confirmed that it was the target of a deepfake scam that led to one of its Hong Kong employees paying out $25 million to fraudsters. A spokesperson for London-based Arup told CNN on Friday that it notified Hong Kong police in January about the fraud incident, and confirmed that fake voices and images were used. “Unfortunately, we can’t go into details at this stage as the incident is still the subject of an ongoing investigation. However, we can confirm that fake voices and images were used,” the spokesperson said in an emailed statement.
Microsoft will require MFA for all Azure users
Multi-factor authentication makes you, your company and your cloud investments safer
Cybercriminals Exploit Docusign With Customizable Phishing Templates
Cybercriminals are abusing Docusign by selling customizable phishing templates on cybercrime forums, allowing attackers to steal credentials for phishing…
Russian hackers use new Lunar malware to breach a European govt's agencies
Security researchers discovered two previously unseen backdoors dubbed LunarWeb and LunarMail that were used to compromise a European government's diplomatic institutions abroad.