Google ads lead to major malvertising campaign
Scammers go mainstream by hijacking top Google searches and replacing them with malicious ads.
cyberveille.decio.ch
China: Declaration by the Minister for Foreign Affairs on behalf of the Belgian Government urging Chinese authorities to take action against malicious cyber activities undertaken by Chinese actors
Declaration by the Minister for Foreign Affairs on behalf of the Belgian Government urging Chinese authorities to take action against malicious cyber activities undertaken by Chinese actors.
Busting browser fails: What attackers see when they hack your employees’ browser
Hackad hacker outlines why a browser is so vital in the cybercrime ecosystem and what CISOs can do to protect employees against browser hacks
CVE-2020-3433 : élévation de privilèges sur le client VPN Cisco AnyConnect
Cet article explique comment trois vulnérabilités supplémentaires ont été découvertes dans le client VPN Cisco AnyConnect pour Windows. Elles ont été trouvées suite au développement d’un exploit pour la CVE-2020-3153 (une élévation de privilèges, étudiée dans MISC n°111). Après un rappel du fonctionnement de ce logiciel, nous étudierons chacune de ces nouvelles vulnérabilités.
CVE-2022-30333
On May 6, 2022, Rarlab released version 6.17, which addresses CVE-2022-30333, a path traversal vulnerability reported to them by Sonar, who posted a write-up about it. Sonar specifically calls out Zimbra Collaboration Suite’s usage of unrar as vulnerable (specifically, the amavisd component, which is used to inspect incoming emails for spam and malware). Zimbra addressed this issue in 9.0.0 patch 25 and 8.5.15 patch 32 by replacing unrar with 7z.
Un malware, un cochon et un APT chinois
Par un heureux hasard, un fichier nommé libudev.so, apparemment malveillant, est apparu dans notre dossier Téléchargements, nous avons donc voulu en savoir plus. Entre reverse engineering, analyse réseau et OSINT, c’est cette quête d’information qui nous mènera à découvrir un mystérieux pirate, vouant une adoration à ses cochons, que nous allons relater dans cet article
Google Play hides app permissions in favor of developer-written descriptions
Let's hope nobody lies about what permissions their app uses.
Ongoing phishing campaign can hack you even when you’re protected with MFA
Campaign that steals email has targeted at least 10,000 organizations since September.
European Central Bank head targeted in hacking attempt
BERLIN (AP) — The European Central Bank said Tuesday that its president, Christine Lagarde, was targeted in a hacking attempt but no information was compromised. The attempt took place “recently,” the Frankfurt-based central bank for the 19 countries that use the euro said in an emailed response to a query about a report by Business Insider.
Vice Society: a discreet but steady double extortion ransomware group
Vice Society is a little-known double extortion group that exfiltrates its victims' data and threatens its victims to leak their information.
Verified Twitter accounts phished via hate speech warnings
We take a look at reports that verified Twitter accounts are being targeted by scammers with claims of hate speech.
Predatory Sparrow: Who are the hackers who say they started a fire in Iran?
Experts are asking who is behind Predatory Sparrow, the group which says it started a fire in an Iranian factory.
THREAT ALERT: Raspberry Robin Worm Abuses Windows Installer and QNAP Devices
Raspberry Robin involves a worm that spreads over USB devices or shared folders, leveraging compromised QNAP (Network Attached Storage or NAS) devices as stagers and an old but still effective method of using “LNK” shortcut files to lure its victims...
'I can fight with a keyboard': How one Ukrainian IT specialist exposed a notorious Russian ransomware gang
As Russian artillery began raining down on his homeland last month, one Ukrainian computer researcher decided to fight back the best way he knew how -- by sabotaging one of the most formidable ransomware gangs in Russia.
Hacktivists claiming attack on Iranian steel facilities dump tranche of 'top secret documents
Incident just the latest iteration of the back and forth between Israeli and Iranianian-aligned hackers.
Il malware EnvyScout (APT29) è stato veicolato anche in Italia
Il malware EnvyScout (APT29) è stato veicolato anche in Italia
Le NIST a choisi ses algorithmes de cryptographie post-quantiques
Ce mardi 5 juillet 2022, l'organisme de normalisation étatsunien NIST a annoncé qu'il avait choisi les algorithmes de cryptographie post-quantiques qu'il allait maintenant normaliser. Ce sont Kyber pour l'échange de clés et Dilithium pour les signatures.
Cybersecurity experts question Microsoft's Ukraine report
Leading cybersecurity experts and foreign policy scholars raise serious questions and concerns about Microsoft's report on the Ukraine war.
Microsoft finds Raspberry Robin worm in hundreds of Windows networks
Microsoft says that a recently spotted Windows worm has been found on the networks of hundreds of organizations from various industry sectors.
Ransomware review: June 2022
LockBit remained the most active threat in June, and “the costliest strain of ransomware ever documented” went dark while others surged.
Mandiant Finds Possible Link Between Kremlin, Pro-Russian ‘Hacktivists’
US officials and allies have warned about attacks from XakNet and related groups.
Flubot: the evolution of a notorious Android Banking Malware
Flubot is an Android based malware that has been distributed in the past 1.5 years in Europe, Asia and Oceania affecting thousands of devices of mostly unsuspecting victims. Like the majority of Android banking malware, Flubot abuses Accessibility Permissions and Services in order to steal the victim’s credentials, by detecting when the official banking application is open to show a fake web injection, a phishing website similar to the login form of the banking application. An important part of the popularity of Flubot is due to the distribution strategy used in its campaigns, since it has been using the infected devices to send text messages, luring new victims into installing the malware from a fake website. In this article we detail its development over time and recent developments regarding its disappearance, including new features and distribution campaigns.
ZuoRAT Hijacks SOHO Routers to Silently Stalk Networks
Black Lotus Labs, is currently tracking elements of what appears to be a sophisticated campaign leveraging infected SOHO routers to target predominantly NA and European networks of interest.
FBI warns hackers are using deepfakes to apply for jobs
Hackers are stealing PII to apply for remote jobs and then using deepfakes to pass the interview.
Unrar Path Traversal Vulnerability affects Zimbra Mail
We discovered a vulnerability in Zimbra Enterprise Email that allows an unauthenticated, remote attacker fully take over Zimbra instances via a flaw in unrar.
LockBit 3.0 introduces the first ransomware bug bounty program
The LockBit ransomware operation has released 'LockBit 3.0,' introducing the first ransomware bug bounty program and leaking new extortion tactics and Zcash cryptocurrency payment options.
Python packages upload your AWS keys, env vars, secrets to the web
Multiple Python packages caught by Sonatype were seen uploading secrets such as AWS keys and environment variables to a web endpoint.
From NtObjectManager to PetitPotam
Windows RPC enumeration, discovery, and auditing via NtObjectManager. We will audit the vulnerable RPC interfaces that lead to PetitPotam, discover how they have changed over the past year, and overcome some common RPC auditing pitfalls.
Conti ransomware finally shuts down data leak, negotiation sites
The Conti ransomware operation has finally shut down its last public-facing infrastructure, consisting of two Tor servers used to leak data and negotiate with victims, closing the final chapter of the notorious cybercrime brand.
7-zip now supports Windows ‘Mark-of-the-Web’ security feature
7-zip has finally added support for the long-requested 'Mark-of-the-Web' Windows security feature, providing better protection from malicious downloaded files.