cyberveille.decio.ch

5334 bookmarks

Custom sorting

Hacktivists Plot Attacks on Russia With Ukraine Government's Urging

Hackers are coming to Ukraine’s aid in an effort to target Russian government websites and officials with disruptive counterattacks, according to six people involved in the activity.

#bloomberg #EN #2022 #Cyberwar #hackivists #Ukraine #volunteers #organization

·bloomberg.com·Feb 27, 2022

Hacktivists Plot Attacks on Russia With Ukraine Government's Urging

Top 10 des vulnérabilités de 2021

Ce bulletin d’actualité exceptionnel propose une analyse des 10 vulnérabilités les plus critiques traitées par l’ANSSI au cours de l’année 2021. Document PDF

#CERTFR #2022 #FR #top10 #vulnérabilités #2021 #liste #pdf

·cert.ssi.gouv.fr·Feb 26, 2022

Top 10 des vulnérabilités de 2021

Conti ransomware group announces support of Russia, threatens retaliatory attacks

An infamous ransomware group with potential ties to Russian intelligence and known for attacking health care providers and hundreds of other targets posted a warning Friday saying it was “officially announcing a full support of Russian government.”

#cyberscoop #Conti #attribution #intelligence #Russia #gang #EN #2022 #announce

·cyberscoop.com·Feb 26, 2022

Conti ransomware group announces support of Russia, threatens retaliatory attacks

TrickBot malware operation shuts down, devs move to BazarBackdoor

The TrickBot malware operation has shut down after its core developers move to the Conti ransomware gang to focus development on the stealthy BazarBackdoor and Anchor malware families.

#BazarBackdoor #Conti #Malware #Ransomware #TrickBot #2002 #EN #bleepingcomputer

·bleepingcomputer.com·Feb 26, 2022

TrickBot malware operation shuts down, devs move to BazarBackdoor

Ukraine links phishing targeting military to Belarusian hackers

The Computer Emergency Response Team of Ukraine (CERT-UA) warned today of a spearphishing campaign targeting private email accounts belonging to Ukrainian armed forces personnel.

#bleepingcomputer #Belarus #EN #2022 #cyberwar #Military #Phishing #Ukraine #CERT-UA #UNC1151

·bleepingcomputer.com·Feb 25, 2022

Ukraine links phishing targeting military to Belarusian hackers

Aquarium Leaks. Inside the GRU’s Psychological Warfare Program

In this exclusive and groundbreaking report, Free Russia Foundation has translated and published five documents from the GRU, Russia’s military intelligence agency. The documents, obtained and analyzed by Free Russia Foundation’s Director of Special Investigations Michael Weiss, details the...

#4freerussia #EN #2022 #GRU #Leak #report #Warfare #Aquarium #Program

·4freerussia.org·Feb 25, 2022

Aquarium Leaks. Inside the GRU’s Psychological Warfare Program

New data-wiping malware used in destructive attacks on Ukraine

Cybersecurity firms have found a new data wiper used in destructive attacks today against Ukrainian networks just as Russia moves troops into regions of Ukraine.

#bleepingcomputer #HermeticWiper #Russia #Ukraine #cyberwar #2022 #EN #datawiping

·bleepingcomputer.com·Feb 25, 2022

New data-wiping malware used in destructive attacks on Ukraine

Horde Webmail 5.2.22 - Account Takeover via Email

We recently discovered a code vulnerability in Horde Webmail that can be used by attackers to take over email accounts by sending a malicious email.

#Horde #Webmail #Takeover #openoffice #preview #EN #2022 #sonarsource

·blog.sonarsource.com·Feb 22, 2022

Horde Webmail 5.2.22 - Account Takeover via Email

Cosa sappiamo di sLoad e perchè è così elusivo? –

Cosa sappiamo di sLoad e perchè è così elusivo?

#CERTAGID #IT #2022 #sLoad #PEC #Italy

·cert-agid.gov.it·Feb 21, 2022

Cosa sappiamo di sLoad e perchè è così elusivo? –

Pegasus spyware scandal uncovered by fake image file on an iPhone

The scandal over NSO Group's Pegasus spyware was uncovered by a single fake image file mistakenly left on an activist's iPhone, a report states, a discovery that prompted international outcry over privacy.

#appleinsider #Pegasus #Spyware #NSO #EN #2022 #iphone

·appleinsider.com·Feb 20, 2022

Pegasus spyware scandal uncovered by fake image file on an iPhone

Cyberattack targets Vodafone Portugal, disrupts services

Vodafone Portugal, one of the country’s leading telecommunications companies, said Tuesday it had been hacked though no confidential customer data was compromised

#apnews #EN #2022 #Vodafone #Portugal #attack #cyberattack #mobile

·apnews.com·Feb 19, 2022

Cyberattack targets Vodafone Portugal, disrupts services

‘Zero-Click’ Hacks Are Growing in Popularity. There’s Practically No Way to Stop Them

As a journalist working for the Arab news network Alaraby, Rania Dridi said she’s taken precautions to avoid being targeted by hackers, keeping an eye out for suspicious messages and avoiding clicking on links or opening attachments from people she doesn’t know.

#Bloomberg #EN #2022 #zeroclick #spyware #NSO #governement #spy #privacy #attack

·bloombergquint.com·Feb 19, 2022

‘Zero-Click’ Hacks Are Growing in Popularity. There’s Practically No Way to Stop Them

VMware Horizon servers are under active exploit by Iranian state hackers

Hackers aligned with the government of Iran are exploiting the critical Log4j vulnerability to infect unpatched VMware users with ransomware, researchers said on Thursday.

#arstechnica #log4shell #EN #2022 #TunnelVision #Iranian #VMware #Horizon #CVE-2021-44228

·arstechnica.com·Feb 18, 2022

VMware Horizon servers are under active exploit by Iranian state hackers

Twitter cans 2FA service provider over surveillance claims

Twitter is changing its 2FA service provider after allegations emerged that it sold access to its networks to surveillance companies.

#malwarebytes #2FA #Mitto #Twitter #surveillance #EN #2022

·blog.malwarebytes.com·Feb 17, 2022

Twitter cans 2FA service provider over surveillance claims

Flood of malicious junk traffic makes Ukrainian websites unreachable | Ars Technica

DDoS temporarily take out sites as Ukraine stares down Russian soldiers at its border.

#DDoS #2022 #EN #Ukraine #arstechnica

·arstechnica.com·Feb 16, 2022

Flood of malicious junk traffic makes Ukrainian websites unreachable | Ars Technica

Vaud – Etudiant débouté en raison de son inactivité en ligne

Un trentenaire estime que le journal des connexions à la plateforme des supports de cours de son école a été utilisé contre lui abusivement.

#EDU #CH #VD #20min #confidentialité #secretdefonction #logs #Moodle #FR #2022 #syndicats

·20min.ch·Feb 16, 2022

Vaud – Etudiant débouté en raison de son inactivité en ligne

Apple's AirTag uncovers a secret German intelligence agency

A researcher has sent one of Apple's AirTags to a mysterious "federal authority" in Germany to locate its true offices — and to help prove that it's really part of an intelligence agency.

#Apple #appleinsider #EN #AirTags #intelligence #Germany #Wittmann

·appleinsider.com·Feb 15, 2022

Apple's AirTag uncovers a secret German intelligence agency

New DeadBolt ransomware targets QNAP devices, asks 50 BTC for master key

A new DeadBolt ransomware group is encrypting QNAP NAS devices worldwide using what they claim is a zero-day vulnerability in the device's software.

#DeadBolt #NAS #QNAP #Ransomware #EN #bleepingcomputer #0-day #2022

·bleepingcomputer.com·Feb 15, 2022

New DeadBolt ransomware targets QNAP devices, asks 50 BTC for master key

Linux-Targeted Malware Increases by 35% in 2021

CrowdStrike has observed that malware targeting Linux-based systems increased by 35% in 2021. XorDDoS, Mirai and Mozi were the most common malware families.

#CrowdStrike #2021 #EN #Linux #XorDDoS #Mirai #Mozi #malware

·crowdstrike.com·Feb 15, 2022

Linux-Targeted Malware Increases by 35% in 2021

BGP leaks and cryptocurrencies

Over the few last hours, a dozen news stories have broken about how an attacker attempted (and perhaps managed) to steal cryptocurrencies using a BGP leak.

#cloudflare #EN #2018 #BGPhijack #crypto

·blog.cloudflare.com·Feb 15, 2022

BGP leaks and cryptocurrencies

Twitter, Google, WhatsApp, Telegram... pourquoi la double authentification n'est finalement pas si sécurisée

La double authentification permet de sécuriser ses comptes en ligne et les données personnelles qui y sont attachées. Néanmoins, l'entreprise suisse Mitto AG, qui fournit les plus grands noms de la tech comme Twitter , Google, WhatsApp ou encore Telegram , s'en sert également pour ses activités de cybersurveillance…

#clubic #FR #Mitto #Twitter

·clubic.com·Feb 15, 2022

Twitter, Google, WhatsApp, Telegram... pourquoi la double authentification n'est finalement pas si sécurisée

Analyzing a watering hole campaign using macOS exploits

To protect our users, TAG routinely hunts for 0-day vulnerabilities exploited in-the-wild. In late August 2021, TAG discovered watering hole attacks targeting visitors to Hong Kong websites for a media outlet and a prominent pro-democracy labor and political group. The watering hole served an XNU privilege escalation vulnerability (CVE-2021-30869) unpatched in macOS Catalina, which led to the installation of a previously unreported backdoor.

#macOS #EN #google #wateringhole #exploit #CVE-2021-30869

·blog.google·Feb 15, 2022

Analyzing a watering hole campaign using macOS exploits

Backdoor RAT for Windows, macOS, and Linux went undetected until now | Ars Technica

Never-before-seen, cross-platform SysJoker came from an "advanced threat actor."

#Backdoor #RAT #EN #arstechnica #SysJoker #APT

·arstechnica.com·Feb 15, 2022

Backdoor RAT for Windows, macOS, and Linux went undetected until now | Ars Technica

Google Docs Comment Exploit Allows for Distribution of Phishing and Malware

An exploit in the Google Docs comment feature allows hackers to easily spread malware and phishing.

#Googledocs #EN #phishing #attack #vector

·avanan.com·Feb 15, 2022

Google Docs Comment Exploit Allows for Distribution of Phishing and Malware

Le piratage d'une société américaine a des conséquences en Suisse

La société américaine iBasis a subi une attaque informatique ces derniers jours. Elle pourrait être utilisée comme transporteur de données appartenant à des opérateurs suisses.

#iBasis #CH #FR #piratage #blick #Swisscom #Sunrise #UPC #Salt

·blick.ch·Feb 14, 2022

Le piratage d'une société américaine a des conséquences en Suisse

[LEAK] Maze + Egregor + Sekhmet keys along with m0yv (expiro) source code

Hello, Its developer. It was decided to release keys to the public for Egregor, Maze, Sekhmet ransomware families. also there is a little bit harmless source code of polymorphic x86/x64 modular EPO file infector m0yv detected in the wild as Win64/Expiro virus, but it is not expiro actually, but AV engines detect it like this, so no single thing in common with...

#leak #Maze #Egregor #Sekhmet #keys #decryptor #EN #forum #bleepingcomputer

·bleepingcomputer.com·Feb 13, 2022

[LEAK] Maze + Egregor + Sekhmet keys along with m0yv (expiro) source code

Why is the Zoom app listening on my microphone...

I'm running MacOS Monterey. Several times in the last few weeks, I've noticed the orange dot indicating the microphone is being used by an app, and I click on the Control Center and see that Zoom is accessing the microphone. I'm not in a meeting and simply have the Zoom app open. Why would Zoom be accessing the microphone when I'm not in a meeting?

#zoom #EN #macOS #bug #microphone

·community.zoom.com·Feb 13, 2022

Why is the Zoom app listening on my microphone...

PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)

The Qualys Research Team has discovered a memory corruption vulnerability in polkit's pkexec, a SUID-root program that is installed by default on every major…

#Qualys #EN #PwnKit #Linux #CVE-2021-4034 #polkit #pkexec

·blog.qualys.com·Feb 13, 2022

PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)

Utilisation de Google Analytics et transferts de données vers les États-Unis : la CNIL met en demeure un gestionnaire de site web

Google Analytics est une fonctionnalité qui peut être intégrée par les gestionnaires de sites web tels que des sites de vente en ligne afin d’en mesurer la fréquentation par les internautes. Dans ce cadre, un identifiant unique est attribué à chaque visiteur. Cet identifiant (qui constitue une donnée personnelle) et les données qui lui sont associées sont transférés par Google aux États-Unis.

#CNIL #FR #google #googleanalytics #RGPD #GDPR

·cnil.fr·Feb 13, 2022

Utilisation de Google Analytics et transferts de données vers les États-Unis : la CNIL met en demeure un gestionnaire de site web

Google Project Zero: Vendors are now quicker at fixing zero-days

Google's Project Zero has published a report showing that organizations took less time to address the zero-day vulnerabilities that the team reported last year.

#googleprojectzero #EN #0-day #metrics #bleepingcomputer

·bleepingcomputer.com·Feb 11, 2022

Google Project Zero: Vendors are now quicker at fixing zero-days