1Password Detects Suspicious Activity Following Okta Support Breach
1password detected suspicious activity following the Okta support system breach. After investigation, they determined no user data was accessed.
cyberveille.decio.ch
Spain police dismantled a cybercriminal group who stole data of 4 million individuals
The Spanish police have arrested 34 members of the cybercriminal group that is accused of having stolen data of over 4M individuals.
Okta stock falls after company says client files accessed by hackers via support system
Cybersecurity firm Okta said an unidentified hacker had accessed the company's support system and viewed client files.
How Cloudflare mitigated yet another Okta compromise
On Wednesday, October 18, 2023, we discovered attacks on our system that we were able to trace back to Okta. We have verified that no Cloudflare customer information or systems were impacted by this event because of our rapid response.
CVE-2023-38831 Exploited by Pro-Russia Hacking Groups in RU-UA Conflict Zone for Credential Harvesting Operations
Cluster25 analyzed an attack by APT28/FancyBear exploiting the WinRAR vulnerability CVE-2023-38831
Measures taken following the unprecedented cyber-attack on the ICC
Five weeks ago, the International Criminal Court detected a serious cyber security incident, thanks to the alert mechanism provided by its monitoring system. The ICC has made various and serious efforts to address this attack. The Court deems it is its responsibility to continue to inform about these efforts and to provide the relevant additional information on the attack itself.
Switzerland’s e-voting system has predictable implementation blunder
Last year, I published a 5-part series about Switzerland’s e-voting system. Like any internet voting system, it has inherent security
Know the Protocol! - How to Prevent Undetected Vote Manipulation on the Verified Swiss Post E-Voting System
I’m a Swiss voter living abroad, and like all Swiss expats from Basel-Stadt, St.Gallen or Thurgau, I’ve been invited to vote over the internet in this year’s national election. Switzerland’s e-voting system is supposed to have safeguards to protect the election against malicious actors, however as a computer scientist, I have found a flaw in the practical implementation of one of those safeguards.
Several websites of Belgian institutions disrupted yesterday by DDoS attack
Several websites of Belgian institutions (such as those of the Royal Palace, the Chancellery of the Prime Minister and the Senate) experienced some disruption late Thursday afternoon.
Big Data, un outil d’influence en période électorale
Grâce à l’usage du Big Data et des algorithmes dans les campagnes électorales et de votation, il devient possible d’influencer le comportement des électeurs et le résultat d’un suffrage. Cela soulève la question du droit à l’autodétermination des individus mais aussi des peuples.
Un cybercriminel russe membre du gang Ragnar Locker arrêté en France
Un membre russe du gang de hackers Ragnar Locker a été arrêté en France. Ce collectif de cybercriminels est responsable de nombreuses cyberattaques par
Cisco discloses new IOS XE zero-day exploited to deploy malware implant
Cisco disclosed a new high-severity zero-day (CVE-2023-20273) today, actively exploited to deploy malicious implants on IOS XE devices compromised using the CVE-2023-20198 zero-day unveiled earlier this week.
D-Link confirms data breach after employee phishing attack
Taiwanese networking equipment manufacturer D-Link confirmed a data breach linked to information stolen from its network and put up for sale on BreachForums earlier this month.
Ragnar Locker ransomware gang taken down by international police swoop
This action, coordinated at international level by Europol and Eurojust, targeted the Ragnar Locker ransomware group. The group were responsible for numerous high-profile attacks against critical infrastructure across the world. In an action carried out between 16 and 20 October, searches were conducted in Czechia, Spain and Latvia. The “key target” of this malicious ransomware strain was arrested in Paris,...
Critical SolarWinds RCE Bugs Enable Unauthorized Network Takeover
SolarWinds' access controls contain five high and three critical-severity security vulnerabilities that need to be patched yesterday.
Casio keyed up after data loss hits customers in 149 countries • The Register
Crooks broke into the ClassPad server and swiped online learning database Japanese electronics giant Casio said miscreants broke into its ClassPad server and stole a database with personal information belonging to customers in 149 countries. ClassPad is Casio's education web app, and in a Wednesday statement on its website, the firm said an intruder breached a ClassPad server and swiped hundreds of thousands of "items" belonging to individuals and organizations around the globe.
Ukrainian activists hack Trigona ransomware gang, wipe servers
A group of cyber activists under the Ukrainian Cyber Alliance banner has hacked the servers of the Trigona ransomware gang and wiped them clean after copying all the information available.
Ragnar Locker ransomware’s dark web extortion sites seized by police
The Ragnar Locker ransomware operation's Tor negotiation and data leak sites were seized Thursday morning as part of an international law enforcement operation.
CIA exposed to intelligence interception due to X's URL bug
Musk's mega-app-in-waiting goes from chopping headlines to profile URLs An ethical hacker has exploited a bug in the way X truncates URLs to take over a CIA Telegram channel used to receive intelligence. Kevin McSheehan, who uses the online handle "Pad," spotted the issue after hovering over the link to the CIA's Telegram channel displayed on its X social media profile.
Synology NAS DSM Account Takeover: When Random is not Secure
- Team82 has uncovered the use of a weak random number generator in Synology’s DiskStation Manager (DSM) Linux-based operating system running on the company’s network-attached storage (NAS) products The insecure Math.random() method was used to generate the password of the admin password for the NAS device itself. Under some rare conditions, an attacker could leak enough information to restore the seed of the pseudorandom number generator (PRNG), reconstruct the admin password, and remotely take over the admin account. * The vulnerability, tracked as CVE-2023-2729, has been addressed by Synology. Synology’s advisory is here.
The forgotten malvertising campaign
In recent weeks, we have noted an increase in malvertising campaigns via Google searches. Several of the threat actors we are tracking have improved their techniques to evade detection throughout the delivery chain. We believe this evolution will have a real world impact among corporate users getting compromised via malicious ads eventually leading to the deployment of malware and ransomware. In this blog post, we look at a malvertising campaign that seems to have flown under the radar entirely for at least several months. It is unique in its way to fingerprint users and distribute time sensitive payloads.
Hackers exploit critical flaw in WordPress Royal Elementor plugin
A critical severity vulnerability impacting Royal Elementor Addons and Templates up to version 1.3.78 is reported to be actively exploited by two WordPress security teams.
Active exploitation of Cisco IOS XE Software Web Management User Interface vulnerability
Cisco has identified active exploitation of a previously unknown vulnerability in the Web User Interface (Web UI) feature of Cisco IOS XE software (CVE-2023-20198) when exposed to the internet or untrusted networks.
Lausanne veut 2,24 millions pour sa sécurité IT
La Ville de Lausanne a sollicité un crédit d’investissement de 2,24 millions de francs pour poursuivre ses efforts
L’attaque contre Xplain bloque la modernisation de l’IT de la police vaudoise
Le projet «Odyssée» consiste à remplacer trois applications obsolètes utilisées par les polices vaudoises.
Breast Imaging During a Cyberattack and Global Pandemic: What We Did to Pick Up the Pieces - ScienceDirect
Cybersecurity in healthcare is a very real threat with the potential to severely disrupt patient care, place extra burden on an already strained system, and result in significant financial losses for a hospital or healthcare network. In October 2020, on the backdrop of the ongoing COVID-19 pandemic, our institution experienced one of the most significant cyberattacks on a healthcare system to date, lasting for nearly 40 days. By sharing our experience in radiology, and specifically in breast imaging, including the downtime procedures we relied upon and the lessons that we learned emerging from this cyberattack, we hope to help future victims of a healthcare cyberattack successfully weather such an experience.
Les polices vaudoises hésitent à numériser l’ensemble de leurs activités avec Xplain - rts.ch - Vaud
L'un des projets informatiques les plus importants des polices vaudoises est la victime collatérale d’une importante fuite de données, survenue chez la société Xplain, son principal partenaire, a appris le pôle enquête de la RTS. La collaboration avec cette entreprise bernoise est aujourd’hui sur la sellette.
Samba - Security Announcement Archive
The SMB 1/2/3 protocols allow clients to connect to named pipes via the IPC$ (Inter-Process Communication) share for the process of inter-process communication between SMB clients and servers.
Disclosing the BLOODALCHEMY backdoor
BLOODALCHEMY is a new, actively developed, backdoor that leverages a benign binary as an injection vehicle, and is a part of the REF5961 intrusion set.
Coordinated Disclosure: 1-Click RCE on GNOME (CVE-2023-43641)
CVE-2023-43641 is a vulnerability in libcue, which can lead to code execution by downloading a file on GNOME.