cyberveille.decio.ch

cyberveille.decio.ch

7248 bookmarks
Custom sorting
Operation PANDORA shuts down 12 phone fraud call centres
Operation PANDORA shuts down 12 phone fraud call centres
Operation PANDORA started with a bank teller in Freiburg, Germany. When in December 2023 a customer asked to withdraw over EUR 100 000 in cash, the bank teller grew suspicious and quickly learned the customer had fallen victim to a ‘fake police officer scam’. He informed the real police, which prevented the victim from handing the money over to the...
·europol.europa.eu·
Operation PANDORA shuts down 12 phone fraud call centres
Eight Arms to Hold You: The Cuttlefish Malware
Eight Arms to Hold You: The Cuttlefish Malware
Executive Summary: The Black Lotus Labs team at Lumen Technologies is tracking a malware platform we’ve named Cuttlefish, that targets networking equipment, specifically enterprise-grade small office/home office (SOHO) routers. This malware is modular, designed primarily to steal authentication material found in web requests that transit the router from the adjacent local area network (LAN). A
·blog.lumen.com·
Eight Arms to Hold You: The Cuttlefish Malware
From IcedID to Dagon Locker Ransomware in 29 Days
From IcedID to Dagon Locker Ransomware in 29 Days
  • In late August 2023, we observed an intrusion that started with a phishing campaign using PrometheusTDS to distribute IcedID. IcedID dropped and executed a Cobalt Strike beacon, which was then used through-out the intrusion. The threat actor leveraged a bespoke PowerShell tool known as AWScollector to facilitate a range of malicious activities including discovery, lateral movement, data exfiltration, and ransomware deployment. Group Policy was used to distribute Cobalt Strike beacons at login to a specific privileged user group. The threat actor utilized a suite of tools to support their activities, deploying Rclone, Netscan, Nbtscan, AnyDesk, Seatbelt, Sharefinder, and AdFind. * This case had a TTR (time to ransomware) of 29 days.
·thedfirreport.com·
From IcedID to Dagon Locker Ransomware in 29 Days
PS4/PS5: TheFloW discloses Kernel vulnerability relying on old bug from 2006, impacts PS4 up to 11.00 & PS5 up to 8.20, more details in May
PS4/PS5: TheFloW discloses Kernel vulnerability relying on old bug from 2006, impacts PS4 up to 11.00 & PS5 up to 8.20, more details in May
A few months ago, I wrote about a rumor that TheFloW‘s yet-to-be-disclosed PS4/PS5 Kernel exploit was relying on an 18 year old vulnerability. What sounded like an obvious troll initially, then looked more and...
·wololo.net·
PS4/PS5: TheFloW discloses Kernel vulnerability relying on old bug from 2006, impacts PS4 up to 11.00 & PS5 up to 8.20, more details in May
Chinese Keyboard App Vulnerabilities Explained
Chinese Keyboard App Vulnerabilities Explained
We analyzed third-party keyboard apps Tencent QQ, Baidu, and iFlytek, on the Android, iOS, and Windows platforms. Along with Tencent Sogou, they comprise over 95% of the market share for third-party keyboard apps in China. This is an FAQ for the full report titled "The not-so-silent type: Vulnerabilities across keyboard apps reveal keystrokes to network eavesdroppers."
·citizenlab.ca·
Chinese Keyboard App Vulnerabilities Explained
ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices
ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices
ArcaneDoor is a campaign that is the latest example of state-sponsored actors targeting perimeter network devices from multiple vendors. Coveted by these actors, perimeter network devices are the perfect intrusion point for espionage-focused campaigns.
·blog.talosintelligence.com·
ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices
 The LockBit’s Attempt to Stay Relevant, Its Imposters and New Opportunistic Ransomware Groups
 The LockBit’s Attempt to Stay Relevant, Its Imposters and New Opportunistic Ransomware Groups
The Trellix Advanced Research Center has recently observed an uptick of LockBit-related cyber activity surrounding vulnerabilities in ScreenConnect. This surge suggests that despite the Law Enforcement's (LE) "Operation Cronos" aimed at dismantling LockBit's infrastructure, the ransomware operators somehow managed to survive and stay a float. It appears that the cybercriminals group behind LockBit ransomware partially restored their infrastructure and created an impression that the LE actions did not affect their normal operation. Concurrently, alongside the resurgence of LockBit's exploitation of ScreenConnect vulnerabilities, we have seen other threat actors have either impersonated LockBit ransomware or incorporated LockBit into their own cyber attack campaigns.
·trellix.com·
 The LockBit’s Attempt to Stay Relevant, Its Imposters and New Opportunistic Ransomware Groups
Advanced Cyber Threats Impact Even the Most Prepared
Advanced Cyber Threats Impact Even the Most Prepared
Foreign nation-state cyber adversaries are tenacious. Their attacks are evolving to get around the industry’s most sophisticated defenses. Last year was exploitation of routers, and this year’s theme has been compromise of edge protection devices. MITRE, a company that strives to maintain the highest cybersecurity possible, is not immune. Despite our commitment to safeguarding our digital assets, we’ve experienced a breach that underscores the nature of modern threats. In this blog post, we provide an initial account of the incident, outlining the tactics, techniques, and procedures (TTPs) employed by the adversaries, as well as some of our ongoing incident response efforts and recommendations for future steps to fortify your defenses.
·medium.com·
Advanced Cyber Threats Impact Even the Most Prepared
Kapeka: A novel backdoor spotted in Eastern Europe
Kapeka: A novel backdoor spotted in Eastern Europe
This report provides an in-depth technical analysis of the backdoor and its capabilities, and analyzes the connection between Kapeka and Sandworm group. The purpose of this report is to raise awareness amongst businesses, governments, and the broader security community. WithSecure has engaged governments and select customers with advanced copies of this report. In addition to the report, we are releasing several artifacts developed as a result of our research, including a registry-based & hardcoded configuration extractor, a script to decrypt and emulate the backdoor’s network communication, and as might be expected, a list of indicators of compromise, YARA rules, and MITRE ATT&CK mapping
·labs.withsecure.com·
Kapeka: A novel backdoor spotted in Eastern Europe