cyberveille.decio.ch

7248 bookmarks

Custom sorting

Critical Flaws in Cacti Framework Could Let Attackers Execute Malicious Code

The maintainers of the Cacti open-source network monitoring and fault management framework have addressed a dozen security flaws, including two critical issues that could lead to the execution of arbitrary code.

#thehackernews #EN #cacti #vulnerability #CVE-2024-25641 #CVE-2024-29895

·thehackernews.com·May 20, 2024

Critical Flaws in Cacti Framework Could Let Attackers Execute Malicious Code

Così le autorità sono arrivate Dmitry Yuryevich Khoroshev, il leader di LockBit

USA, UK e Australia dicono di aver trovate il leader russo della più pericolosa organizzazione di ransomware al mondo. Ma avranno davvero ragione?

#securityinfo #IT #2024 #Khoroshev #LockBitSupp

·securityinfo.it·May 20, 2024

Così le autorità sono arrivate Dmitry Yuryevich Khoroshev, il leader di LockBit

'Got that boomer!': How cybercriminals steal one-time passcodes for SIM swap attacks and raiding bank accounts | TechCrunch

The incoming phone call flashes on a victim’s phone. It may only last a few seconds, but can end with the victim handing over codes that give cybercriminals the ability to hijack their online accounts or drain their crypto and digital wallets. “This is the PayPal security team here. We’ve detected some unusual activity on your account and are calling you as a precautionary measure,” the caller’s robotic voice says. “Please enter the six-digit security code that we’ve sent to your mobile device.”

#techcrunch #EN #2024 #scam #passcode #PayPal #SIM #swap #attacks #SIM-swapping

·techcrunch.com·May 20, 2024

'Got that boomer!': How cybercriminals steal one-time passcodes for SIM swap attacks and raiding bank accounts | TechCrunch

QNAPping At The Wheel (CVE-2024-27130 and friends)

Infosec is, at it’s heart, all about that data. Obtaining access to it (or disrupting access to it) is in every ransomware gang and APT group’s top-10 to-do-list items, and so it makes sense that our research voyage would, at some point, cross paths with products intended to manage - and safeguard - this precious resource.

#watchtowr #EN #2024 #CVE-2024-27130 #QNAPping #QNAP #NAS #IoT #vulnerability

·labs.watchtowr.com·May 20, 2024

QNAPping At The Wheel (CVE-2024-27130 and friends)

Andrew Tate’s The Real World exposes 22M user messages

The Real World, a learning platform from the controversial social media personality Andrew Tate, has leaked nearly a million users and over 22 million messages. Hundreds of thousands of exposed users, millions of messages, and session tokens – that’s the reality that The Real World finds itself in. The Cybernews research team has uncovered an exposed MongoDB instance with 88GB from one of The Real World’s servers.

#cybernews #EN #2024 #The-Real-World #Andrew-Tate #dataleak #messages #MongoDB

·cybernews.com·May 20, 2024

Andrew Tate’s The Real World exposes 22M user messages

Exclusive: Flutterwave loses ₦11 billion in security breach

One month after obtaining a court order to recover $24 million lost to unauthorised POS transactions, Flutterwave suffered another security breach that allowed unknown persons to divert billions of naira to several bank accounts. The perpetrators illegally transferred ₦11 billion ($7 million) to several accounts in April 2024, one financial services insider with direct knowledge of the incident said. A second insider claimed the amount involved was at least ₦20 billion ($13.5 million).

#techcabal #EN #2024 #Flutterwave #POS #transactions #breach

·techcabal.com·May 20, 2024

Exclusive: Flutterwave loses ₦11 billion in security breach

Arup revealed as victim of $25 million deepfake scam involving Hong Kong employee | CNN Business

A British multinational design and engineering company behind world-famous buildings such as the Sydney Opera House has confirmed that it was the target of a deepfake scam that led to one of its Hong Kong employees paying out $25 million to fraudsters. A spokesperson for London-based Arup told CNN on Friday that it notified Hong Kong police in January about the fraud incident, and confirmed that fake voices and images were used. “Unfortunately, we can’t go into details at this stage as the incident is still the subject of an ongoing investigation. However, we can confirm that fake voices and images were used,” the spokesperson said in an emailed statement.

#cnn #EN #2024 #deepfake #Arup #CEO-fraud #Hong-Kong

·edition.cnn.com·May 20, 2024

Arup revealed as victim of $25 million deepfake scam involving Hong Kong employee | CNN Business

Microsoft will require MFA for all Azure users

Multi-factor authentication makes you, your company and your cloud investments safer

#microsoft #EN #2024 #announce #announcement #MFA #Azure #Multi-factor #authentication

·techcommunity.microsoft.com·May 18, 2024

Microsoft will require MFA for all Azure users

Cybercriminals Exploit Docusign With Customizable Phishing Templates

Cybercriminals are abusing Docusign by selling customizable phishing templates on cybercrime forums, allowing attackers to steal credentials for phishing…

#abnormalsecurity #EN #2024 #phishing #customizable #templates #credentials #business #docusign #selling #cybercrime #forums #Docusign

·abnormalsecurity.com·May 17, 2024

Cybercriminals Exploit Docusign With Customizable Phishing Templates

Russian hackers use new Lunar malware to breach a European govt's agencies

Security researchers discovered two previously unseen backdoors dubbed LunarWeb and LunarMail that were used to compromise a European government's diplomatic institutions abroad.

#bleepingcomputer #EN #2024 #APT #Lunar #LunarMail #LunarWeb #Malware #Turla

·bleepingcomputer.com·May 17, 2024

Russian hackers use new Lunar malware to breach a European govt's agencies

To the Moon and back(doors): Lunar landing in diplomatic missions

ESET researchers provide technical analysis of the Lunar toolset, likely used by the Turla APT group, that infiltrated a European ministry of foreign affairs

#welivesecurity #EN #2024 #Lunar #toolset #Turla #APT #EU #European #ministry #analysis

·welivesecurity.com·May 17, 2024

To the Moon and back(doors): Lunar landing in diplomatic missions

Log4j Exploited by XMRig Cryptominer Malware: Analysis & Mitigation

Learn how the Log4j vulnerability (CVE-2021-44228) is exploited by XMRig cryptominer malware. Discover attack methods, indicators, and effective mitigation strategies.

#uptycs #EN #2024 #Log4j #XMRig #Cryptominer #Malware #CVE-2021-44228

·uptycs.com·May 16, 2024

Log4j Exploited by XMRig Cryptominer Malware: Analysis & Mitigation

Threat actors misusing Quick Assist in social engineering attacks leading to ransomware

Microsoft Threat Intelligence has observed Storm-1811 misusing the client management tool Quick Assist to target users in social engineering attacks that lead to malware like Qakbot followed by Black Basta ransomware deployment.

#microsoft #EN #2024 #QuickAssist #Ransomware #Qakbot #BlackBasta

·microsoft.com·May 16, 2024

Threat actors misusing Quick Assist in social engineering attacks leading to ransomware

Employee Personal GitHub Repos Expose Internal Azure and Red Hat Secrets

Our research reveals that personal repositories often expose sensitive corporate data, leading to severe security breaches

#aquasec #EN #2024 #GitHub #Repos #Exposed #Redhat #Microsoft #tokens

·aquasec.com·May 16, 2024

Employee Personal GitHub Repos Expose Internal Azure and Red Hat Secrets

Cyber Official Speaks Out, Reveals Mobile Network Attacks in U.S.

A CISA official breaks with the government narrative and tells the FCC that SS7 and similar networks and protocols have been used to track people in the U.S. in recent years.

#404media #EN #2024 #SS7 #spy #tracking #position #people #US

·404media.co·May 16, 2024

Cyber Official Speaks Out, Reveals Mobile Network Attacks in U.S.

Popular Cyber Crime Forum Breach Forums Seized by Police

The cybercrime and hacker forum Breach Forums has been seized by the Federal Bureau of Investigation (FBI) and the Department of Justice.

#hackread #EN #2024 #BreachForums #seized #FBI

·hackread.com·May 16, 2024

An Infostealer's Brewin': Cuckoo & AtomicStealer Get Creative

Recent infostealer malware campaign utilizing fake Homebrew websites to deliver Cuckoo and AtomicStealer.

#alden #EN #2024 #macOS #Malware #RE #CTI #AMOS #Infostealer #Homebrew

·alden.io·May 15, 2024

An Infostealer's Brewin': Cuckoo & AtomicStealer Get Creative

Santander reports customer, employee data breach in Spain, Chile, Uruguay

Spanish bank Santander said on Tuesday some customer and employee data in a database hosted by an outside provider was accessed by an unauthorized party, but that the bank's own operations and systems have not been affected.

#reuters #EN #2024 #Santander #Spain #data-breach #Chile #Uruguay

·reuters.com·May 15, 2024

Santander reports customer, employee data breach in Spain, Chile, Uruguay

Investigation into Helsinki Education Division data breach proceeds | City of Helsinki

On 2 May 2024, the City of Helsinki issued a notice of a data breach targeted at its Education Division. Investigation into the data breach proceeds through a cooperative effort by the City´s own and external experts. On Monday, 13 May 2024, the City of Helsinki held a press conference on the progress of this investigation.

#hel.fi #EN #2024 #Finland #Helsinki #data-breach #Education

·hel.fi·May 15, 2024

Investigation into Helsinki Education Division data breach proceeds | City of Helsinki

N. Korean hacking group stole massive amount of personal info from S. Korean court computer network

A North Korean hacking group had stolen a massive amount of personal information from a South Korean court computer network, probe results showed on Saturday. A total of 1,014 gigabytes worth of data and documents were leaked from Seoul's court computer network between January 2021 and February 2023 by the hacking group, presumed to be Lazarus, according to the joint probe by the police, the prosecution and the National Intelligence Service.

#m-en.yna.co.kr #North-Korea #stolen #Seoul #Lazarus #Court #South-Korea

·m-en.yna.co.kr·May 15, 2024

N. Korean hacking group stole massive amount of personal info from S. Korean court computer network

PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers

The D-Link EXO AX4800 (DIR-X4860) router is vulnerable to remote unauthenticated command execution that could lead to complete device takeovers by attackers with access to the HNAP port.

#bleepingcomputer #EN #2024 #Authentication-Bypass #D-Link #Exploit #Proof-of-Concept #Remote-Command-Execution #Router #Vulnerability #Zero-Day #Security #InfoSec #Computer-Security

·bleepingcomputer.com·May 14, 2024

PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers

VMware fixes three zero-day bugs exploited at Pwn2Own 2024

VMware fixed four security vulnerabilities in the Workstation and Fusion desktop hypervisors, including three zero-days exploited during the Pwn2Own Vancouver 2024 hacking contest. #Computer #Hypervisor #InfoSec #Pwn2Own #Security #VMware #Zero-Day

#Zero-Day #Pwn2Own #Computer #VMware #InfoSec #Hypervisor #Security

·bleepingcomputer.com·May 14, 2024

VMware fixes three zero-day bugs exploited at Pwn2Own 2024

Leveraging DNS Tunneling for Tracking and Scanning

This article presents a case study on new applications of domain name system (DNS) tunneling we have found in the wild. These techniques expand beyond DNS tunneling only for command and control (C2) and virtual private network (VPN) purposes. Malicious actors occasionally employ DNS tunneling as a covert communications channel, because it can bypass conventional network firewalls. This allows C2 traffic and data exfiltration that can remain hidden from some traditional detection methods.

#unit42 #EN #2024 #DNS #Tunneling #Tracking #Scanning #research #analysis

·unit42.paloaltonetworks.com·May 14, 2024

Leveraging DNS Tunneling for Tracking and Scanning

2023 Kaspersky Incident Response report

The report shares statistics and observations from incident response practice in 2023, analyzes trends and gives cybersecurity recommendations. #Cybersecurity #Incident #Internal #LockBit #Ransomware #Security #Statistics #Threats #response #services

#securelist #2024 #2023 #EN #Threats #Cybersecurity #Security #Incident #LockBit #response #Internal #services #Statistics #Ransomware

·securelist.com·May 14, 2024

2023 Kaspersky Incident Response report

Malicious Go Binary Delivered via Steganography in PyPI

On May 10, 2024, Phylum’s automated risk detection platform alerted us to a suspicious publication on PyPI. The package was called requests-darwin-lite and appeared to be a fork of the ever-popular requests package with a few key differences, most notably the inclusion of a malicious Go binary packed into

#phylum #EN #2024 #Steganography #macOS #Go

·blog.phylum.io·May 14, 2024

Malicious Go Binary Delivered via Steganography in PyPI

Ongoing Malvertising Campaign leads to Ransomware

Rapid7 has observed an ongoing campaign to distribute trojanized installers for WinSCP and PuTTY via malicious ads on commonly used search engines, where clicking on the ad leads to typo squatted domains.

#rapid7 #EN #2024 #Malvertising #Campaign #Ransomware #WinSCP #PuTTY

·rapid7.com·May 14, 2024

Ongoing Malvertising Campaign leads to Ransomware

Distribution of DanaBot Malware via Word Files Detected by AhnLab EDR

There are two types of malicious documents that are distributed via email recently: those exploiting equation editor and those including external link URLs. This post will describe the infection flow of the DanaBot malware that is distributed through documents containing external links, the latter method, as well as the evidence and detection process with the AhnLab EDR product’s diagram. Figure 1 shows the content of a spam email with a Word document attached that contains an external link. As you can see, it is a sophisticatedly disguised email pretending to be a job application form to deceive the recipient. The attached file (.docx) is a Word document that contains an external link.

#ahnlab #EN #2024 #DanaBot #email #Word

·asec.ahnlab.com·May 14, 2024

Distribution of DanaBot Malware via Word Files Detected by AhnLab EDR

My life as a Chinese spy: Secret police agent tells all - ABC News

A Chinese spy who is now on Australian soil has revealed his incredible story to Four Corners.

#abc #EN #2024 #spy #secret-police #china #agent #spying

·abc.net.au·May 13, 2024

My life as a Chinese spy: Secret police agent tells all - ABC News

Stolen children’s health records posted online in extortion bid

Cybercriminals have published another batch of data stolen from NHS Dumfries and Galloway in Scotland, this time including information about children.

#therecord.media #EN #2024 #Scotland #NHS #health #extortion #ransomware #childrens

·therecord.media·May 13, 2024

Stolen children’s health records posted online in extortion bid

Europol confirms web portal breach, says no operational data stolen

Europol, the European Union's law enforcement agency, confirmed that its Europol Platform for Experts (EPE) portal was breached and is now investigating the incident after a threat actor claimed they stole For Official Use Only (FOUO) documents containing classified data. #Breach #Computer #Data #EPE #Europol #InfoSec #Leak #Security #Theft

#bleepingcomputer #EN #2024 #Europol #Security #EPE #Theft #Leak #InfoSec #Data #Breach #Computer

·bleepingcomputer.com·May 13, 2024

Europol confirms web portal breach, says no operational data stolen