cyberveille.decio.ch

5334 bookmarks

Custom sorting

QNAP warns severe OpenSSL bug affects most of its NAS devices

Taiwan-based network-attached storage (NAS) maker QNAP warned on Tuesday that most of its NAS devices are impacted by a high severity OpenSSL bug disclosed two weeks ago. Attackers can exploit the vulnerability, tracked as CVE-2022-0778, to trigger a denial of service state and remotely crash unpatched devices.

#QNAP #bleepingcomputer #EN #2022 #OpenSSL #bug #CVE-2022-0778 #NAS

·bleepingcomputer.com·Mar 31, 2022

QNAP warns severe OpenSSL bug affects most of its NAS devices

Putin's hackers gained full access to Hungary's foreign ministry networks, the Orbán government has been unable to stop them

On December 30, 2021, in Moscow, Russian Foreign Minister Sergey Lavrov pinned the Order of Friendship on the suit of his Hungarian counterpart Péter Szijjártó. Although the medal was presented by Lavrov, it was Russian President Vladimir Putin himself who decided to award it. Not coincidentally, the medal, which is in the form of a wreath of olive branches encircling a globe, includes the inscription “Peace and Friendship” in Cyrillic on the back, is the highest Russian state decoration that can be awarded to a foreigner.

#Direkt36 #Hungary #EN #2022 #Russia #cyberattack #FSB #ministry

·direkt36.hu·Mar 31, 2022

Putin's hackers gained full access to Hungary's foreign ministry networks, the Orbán government has been unable to stop them

Apple and Meta Gave User Data to Hackers Who Used Forged Legal Requests

Apple Inc. and Meta Platforms Inc., the parent company of Facebook, provided customer data to hackers who masqueraded as law enforcement officials, according to three people with knowledge of the matter. Apple and Meta provided basic subscriber details, such as a customer’s address, phone number and IP address, in mid-2021 in response to the forged “emergency data requests.” Normally, such requests are only provided with a search warrant or subpoena signed by a judge, according to the people. However, the emergency requests don’t require a court order.

#bloomberg #EN #2022 #RecursionTeam #Lapsus$#Apple #Meta #privacy #forged #datarequest

·bloomberg.com·Mar 31, 2022

Apple and Meta Gave User Data to Hackers Who Used Forged Legal Requests

Lapsus$ and SolarWinds hackers both use the same old trick to bypass MFA

Not all MFA is created equal, as script kiddies and elite hackers have shown recently.

#arstechnica #2022 #EN #MFA #prompt-bombing

·arstechnica.com·Mar 29, 2022

Lapsus$ and SolarWinds hackers both use the same old trick to bypass MFA

Chrome Releases: Stable Channel Update for Desktop

High CVE-2022-1096: Type Confusion in V8. Reported by anonymous on 2022-03-23 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel. Google is aware that an exploit for CVE-2022-1096 exists in the wild.

#CVE-2022-1096 #chrome #update #EN #2022

·chromereleases.googleblog.com·Mar 28, 2022

Chrome Releases: Stable Channel Update for Desktop

Behold, a password phishing site that can trick even savvy users

Just when you thought you'd seen every phishing trick out there, BitB comes along.

#Behold #password #arstechnica #EN #2022 #phishing #BitB

·arstechnica.com·Mar 27, 2022

Behold, a password phishing site that can trick even savvy users

Lapsus$: Oxford teen accused of being multi-millionaire cyber-criminal

Police say they've arrested seven teenagers as part of their investigation into a hacking group.

#Lapsus$#EN #2022 #bbc #Oxford #teenagers

·bbc.com·Mar 25, 2022

Lapsus$: Oxford teen accused of being multi-millionaire cyber-criminal

Cloudflare’s investigation of the January 2022 Okta compromise

Today, March 22, 2022 at 03:30 UTC we learnt of a compromise of Okta. We use Okta internally for employee identity as part of our authentication stack. We have investigated this compromise carefully and do not believe we have been compromised as a result. We do not use Okta for customer accounts; customers do not need to take any action unless they themselves use Okta.

#cloudflare #Okta #EN #2022 #compromise #investigation

·blog.cloudflare.com·Mar 23, 2022

Cloudflare’s investigation of the January 2022 Okta compromise

Lapsus$ hackers leak 37GB of Microsoft's alleged source code

The Lapsus$ hacking group claims to have leaked the source code for Bing, Cortana, and other projects stolen from Microsoft's internal Azure DevOps server.

#Bing #Cortana #Extortion #Lapsus$#Microsoft #Source-Code #EN #2022 #leak

·bleepingcomputer.com·Mar 22, 2022

Lapsus$ hackers leak 37GB of Microsoft's alleged source code

Exposing initial access broker with ties to Conti

Threat Analysis Group (TAG) observed a financially motivated threat actor we refer to as EXOTIC LILY, exploiting a 0day in Microsoft MSHTML (CVE-2021-40444). Investigating this group's activity, we determined they are an Initial Access Broker (IAB) who appear to be working with the Russian cyber crime gang known as FIN12 (Mandiant, FireEye) / WIZARD SPIDER (CrowdStrike).

#GoogleTAG #EXOTICLILY #CVE-2021-40444 #0day #reseller #Conti #IAB

·blog.google·Mar 20, 2022

Exposing initial access broker with ties to Conti

Sabotage: Code added to popular NPM package wiped files in Russia and Belarus | Ars Technica

When code with millions of downloads nukes user files, bad things can happen.

#Sabotage #arstechnica #EN #2022 #NPM #Russia #cyberwar #node-ipc #package #CVE-2022-23812

·arstechnica.com·Mar 19, 2022

Sabotage: Code added to popular NPM package wiped files in Russia and Belarus | Ars Technica

PROPHET SPIDER Exploits Citrix ShareFile

At the start of 2022, CrowdStrike Intelligence and CrowdStrike Services investigated an incident in which PROPHET SPIDER exploited CVE-2021-22941 — a remote code execution (RCE) vulnerability impacting Citrix ShareFile Storage Zones Controller — to compromise a Microsoft Internet Information Services (IIS) web server. The adversary exploited the vulnerability to deploy a webshell that enabled the downloading of additional tools. This incident highlights how PROPHET SPIDER continues to evolve their tradecraft while continuing to exploit known web-server vulnerabilities.

#CrowdStrike #PROPHETSPIDER #EN #2022 #CVE-2021-22941RCE #webshell #ShareFile #vulnerability #Citrix

·crowdstrike.com·Mar 16, 2022

PROPHET SPIDER Exploits Citrix ShareFile

Raccoon Stealer: “Trash panda” abuses Telegram

We recently came across a stealer, called Raccoon Stealer, a name given to it by its author. Raccoon Stealer uses the Telegram infrastructure to store and update actual C&C addresses. Raccoon Stealer is a password stealer capable of stealing not just passwords, but various types of data, including: Cookies, saved logins and forms data from […]

#avast #stealer #EN #2022 #RaccoonStealer #Telegram #research #malware #passwordstealer

·decoded.avast.io·Mar 13, 2022

Raccoon Stealer: “Trash panda” abuses Telegram

Denmark: Datatilsynet publishes guidance on use of cloud technologies

The Danish data protection authority ('Datatilsynet') announced, on 9 March 2022, that it had published a new guide on the use of cloud services, as well as a short overview of frequently asked questions ('FAQs'). In particular, the Datatilsynet stated that the new guide is targeted at data controllers and notes the considerations which data controllers must keep in mind when using a cloud service, including an outline of the pitfalls, opportunities, and obligations that arise when using such technologies. Document PDF

#Denmark #dataguidance #EN #2022 #guidance #cloud #privacy #legal #EU #Datatilsynet

·dataguidance.com·Mar 11, 2022

Denmark: Datatilsynet publishes guidance on use of cloud technologies

Iranian linked conglomerate MuddyWater comprised of regionally focused subgroups

Cisco Talos has observed new cyber attacks targeting Turkey and other Asian countries we believe with high confidence are from groups operating under the MuddyWater umbrella of APT groups. U.S. Cyber Command recently connected MuddyWater to Iran's Ministry of Intelligence and Security (MOIS).

#talosintelligence #Iranian #EN #2022 #APT #research #MuddyWater #Turkey #SloughRAT #RAT

·blog.talosintelligence.com·Mar 10, 2022

Iranian linked conglomerate MuddyWater comprised of regionally focused subgroups

CVE-2022-26143: TP240PhoneHome Reflection/Amplification DDoS Attack Vector

A new reflection/amplification distributed denial of service (DDoS) vector with a record-breaking potential amplification ratio of 4,294,967,296:1 has been abused by attackers in the wild to launch multiple high-impact DDoS attacks.

#CVE-2022-26143 #Akamai #reflection #amplification #DDoS #attacks #EN #2022

·akamai.com·Mar 9, 2022

CVE-2022-26143: TP240PhoneHome Reflection/Amplification DDoS Attack Vector

New method that amplifies DDoSes by 4 billion-fold. What could go wrong?

New method also stretches out DDoS durations to 14 hours.

#DDoS #arstechnica #EN #2022 #amplification

·arstechnica.com·Mar 9, 2022

New method that amplifies DDoSes by 4 billion-fold. What could go wrong?

NSA Releases Network Infrastructure Security Guidance

The National Security Agency (NSA) has released a new Cybersecurity Technical Report (CTR): Network Infrastructure Security Guidance. The report captures best practices based on the depth and breadth of experience in supporting customers and responding to threats. Recommendations include perimeter and internal network defenses to improve monitoring and access controls throughout the network. PDF Document

#uscert #csirt #CISA #NSA #Guidance #Network #howto #bestpractices #2022 #EN

·cisa.gov·Mar 9, 2022

NSA Releases Network Infrastructure Security Guidance

An update on the threat landscape

Online security is extremely important for people in Ukraine and the surrounding region right now. Government agencies, independent newspapers and public service providers need it to function and individuals need to communicate safely. Google’s Threat Analysis Group (TAG) has been working around the clock, focusing on the safety and security of our users and the platforms that help them access and share important information.

#google #threat #analysis #2022 #EN #Ukraine #TAG #GoogleTAG #informations #APT28 #UNC1151 #Ghostwriter #FancyBear #MustangPanda

·blog.google·Mar 8, 2022

An update on the threat landscape

Samsung confirms hackers stole Galaxy devices source code

Samsung Electronics confirmed on Monday that its network was breached and the hackers stole confidential information, including source code present in Galaxy smartphones.

#bleepingcomputer #Lapsus$#Samsung #Galaxy #EN #2022 #confidential #DataBreach #sourcecode

·bleepingcomputer.com·Mar 7, 2022

Samsung confirms hackers stole Galaxy devices source code

The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation

This is the story of CVE-2022-0847, a vulnerability in the Linux kernel since 5.8 which allows overwriting data in arbitrary read-only files. This leads to privilege escalation because unprivileged processes can inject code into root processes. It is similar to CVE-2016-5195 “Dirty Cow” but is easier to exploit. The vulnerability was fixed in Linux 5.16.11, 5.15.25 and 5.10.102.

#CVE-2022-0847 #dirtypipe #Linux #Kernel #arbitrary #privilege #escalation #vulnerability #EN #2022

·dirtypipe.cm4all.com·Mar 7, 2022

The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation

Hackers leak 190GB of alleged Samsung data, source code

The Lapsus$ data extortion group leaked today a huge collection of confidential data they claim to be from Samsung Electronics, the South Korean giant consumer electronics company.

#DataBreach #DataLeak #Lapsus$#Samsung #bleepingcomputer #2022 #EN #confidential

·bleepingcomputer.com·Mar 6, 2022

Hackers leak 190GB of alleged Samsung data, source code

Cybercriminals who breached Nvidia issue one of the most unusual demands ever

Chipmaker has until Friday to comply or see its crown-jewel source code released.

#Nvidia #2022 #EN #ransom #demands #code #arstechnica

·arstechnica.com·Mar 6, 2022

Cybercriminals who breached Nvidia issue one of the most unusual demands ever

Malware now using stolen NVIDIA code signing certificates

Threat actors are using stolen NVIDIA code signing certificates to sign malware to appear trustworthy and allow malicious drivers to be loaded in Windows. This week, NVIDIA confirmed that they suffered a cyberattack that allowed threat actors to steal employee credentials and proprietary data.

#bleepingcomputer #Nvidia #certificates #malware #EN #2022 #code #signing

·bleepingcomputer.com·Mar 6, 2022

Malware now using stolen NVIDIA code signing certificates

Tensions internationales – Menace cyber

Les tensions internationales actuelles causées par l’invasion de l’Ukraine par la Russie s’accompagnent d’effets dans le cyberespace. Si les combats en Ukraine sont principalement conventionnels, l’ANSSI constate l’usage de cyberattaques dans le cadre du conflit. Dans un espace numérique sans frontières, ces cyberattaques peuvent affecter des entités françaises et il convient sans céder à la panique de l’anticiper et de s’y préparer. Aussi, afin de réduire au maximum la probabilité de tels événements et d’en limiter les effets, l’ANSSI partage des bonnes pratiques de sécurité ainsi que des éléments sur la menace et invite l’ensemble des acteurs à s’en saisir. A cette fin, ce bulletin centralise et diffuse les éléments d’intérêt cyber en lien avec le contexte actuel pour favoriser le renforcement du niveau de protection de l’ensemble des entités françaises. Il sera mis à jour régulièrement.

#ANSSI #CERTFR #FR #2022 #cybermenace #Russie #Kaspersky #rapport #menace

·cert.ssi.gouv.fr·Mar 4, 2022

Tensions internationales – Menace cyber

Phishing attacks target countries aiding Ukrainian refugees

A spear-phishing campaign likely coordinated by a state-backed threat actor has been targeting European government personnel providing logistics support to Ukrainian refugees.

#Belarus #Europe #Ghostwriter #Malware #Phishing #TA445 #Ukraine #UNC1151 #bleepingcomputer #EN #2022 #refugees

·bleepingcomputer.com·Mar 2, 2022

Phishing attacks target countries aiding Ukrainian refugees

Destructive Malware Targeting Organizations in Ukraine

Actions to Take Today: • Set antivirus and antimalware programs to conduct regular scans. • Enable strong spam filters to prevent phishing emails from reaching end users. • Filter network traffic. • Update software. • Require multifactor authentication. Leading up to Russia’s unprovoked attack against Ukraine, threat actors deployed destructive malware against organizations in Ukraine to destroy computer systems and render them inoperable.

#uscert #csirt #cert #CISA #EN #2022 #alert #WhisperGate #HermeticWiper #malware

·cisa.gov·Mar 1, 2022

Destructive Malware Targeting Organizations in Ukraine

Ukrainian Researcher Leaks Conti Ransomware Gang Data

A Ukrainian cybersecurity researcher has released a huge batch of data that came from the internal systems of the Conti ransomware gang. The researcher released the