cyberveille.decio.ch

5334 bookmarks

Custom sorting

China’s iPhone ban expected to expand to more government agencies soon

A report yesterday revealed that China has banned government officials from using iPhones and other foreign technology within government agencies. Now, a report from Bloomberg says that this is only the start of China’s crackdown on iPhone, with a much broader set of restrictions also in the works.

#9to5mac #China #ban #iPhone #EN #2023 #government

·9to5mac.com·Sep 9, 2023

China’s iPhone ban expected to expand to more government agencies soon

Microsoft pledges legal protection for AI-generated copyright breaches

US tech giant will assume customers’ liability for material created by AI assistants in Word and coding tools

#ft #EN #2023 #Microsoft #AI #legal #AI-generated #copyright #breaches

·ft.com·Sep 8, 2023

Microsoft pledges legal protection for AI-generated copyright breaches

Code Vulnerabilities Put Proton Mails at Risk

The Sonar Research team discovered critical code vulnerabilities in Proton Mail, Skiff and Tutanota. This post covers the technical details of the XSS vulnerability in Proton Mail.

#sonarsource #EN #2023 #Code #Vulnerabilities #ProtonMail #XSS #Tutanota

·sonarsource.com·Sep 7, 2023

Code Vulnerabilities Put Proton Mails at Risk

MAR-10430311-1.v1 Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475

CISA received 4 files for analysis from an incident response engagement conducted at an Aeronautical Sector organization. 2 files (bitmap.exe, wkHPd.exe) are identified as variants of Metasploit (Meterpreter) and designed to connect and receive unencrypted payloads from their respective command and control (C2) servers. Note: Metasploit is an open source penetration testing software; Meterpreter is a Metasploit attack payload that runs an interactive shell. These executables are used as attack payloads to run interactive shells, allowing a malicious actor the ability to control and execute code on a system. 2 files (resource.aspx, ConfigLogin.aspx) are Active Server Pages (ASPX) web shells designed to execute remote JavaScript code on the victim server.

#cisa #EN #2023 #Multiple #Nation-State #Threat #Actors #Exploit #CVE-2022-47966 #CVE-2022-42475

·cisa.gov·Sep 7, 2023

MAR-10430311-1.v1 Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475

Mac users targeted in new malvertising campaign delivering Atomic Stealer

Malicious ads for Google searches are targeting Mac users Phishing sites trick victims into downloading what they believe is the app they want The malware is bundled in an ad-hoc signed app so it cannot be revoked by Apple * The payload is a new version of the recent Atomic Stealer for OSX

#malwarebytes #EN #2023 #macos #AtomicStealer #stealer #tradingview

·malwarebytes.com·Sep 7, 2023

Mac users targeted in new malvertising campaign delivering Atomic Stealer

W3LL oiled machine: Group-IB uncovers covert BEC phishing empire targeting Microsoft 365

The report details the operations of W3LL, a threat actor behind a phishing empire that has remained largely unknown until now. Group-IB’s Threat Intelligence and Cyber Investigations teams have tracked the evolution of W3LL and uncovered that they played a major role in compromising Microsoft 365 business email accounts over the past 6 years. The threat actor created a hidden underground market, named W3LL Store, that served a closed community of at least 500 threat actors who could purchase a custom phishing kit called W3LL Panel, designed to bypass MFA, as well as 16 other fully customized tools for business email compromise (BEC) attacks. Group-IB investigators identified that W3LL’s phishing tools were used to target over 56,000 corporate Microsoft 365 accounts in the USA, Australia and Europe between October 2022 and July 2023. According to Group-IB’s rough estimates, W3LL’s Store’s turnover for the last 10 months may have reached $500,000. All the information collected by Group-IB’s cyber investigators about W3LL has been shared with relevant law enforcement organizations. PDF Document

#group-ib #EN #2023 #BEC #phishing #W3LL #Microsoft365

·group-ib.com·Sep 7, 2023

W3LL oiled machine: Group-IB uncovers covert BEC phishing empire targeting Microsoft 365

Apple discloses 2 new zero-days exploited to attack iPhones, Macs

Apple released emergency security updates to fix two new zero-day vulnerabilities exploited in attacks targeting iPhone and Mac users, for a total of 13 exploited zero-days patched since the start of the year.

#bleepingcomputer #EN #2023 #Apple #Apple-Watch #Code-Execution #iOS #iPhone #Mac #watchOS #Zero-Day

·bleepingcomputer.com·Sep 7, 2023

Apple discloses 2 new zero-days exploited to attack iPhones, Macs

How China Demands Tech Firms Reveal Hackable Flaws in Their Products

Some foreign companies may be complying—potentially offering China’s spies hints for hacking their customers.

#wired #EN #2023 #China #Reveal #Hackable #Flaws #disclosure #product #disclosure-law

·wired.com·Sep 7, 2023

How China Demands Tech Firms Reveal Hackable Flaws in Their Products

Rockstar Games reportedly sold games with Razor 1911 cracks on Steam

In an ironic twist, Rockstar Games reportedly uses pirated software cracks to remove its DRM from some games they sell on Steam.

#bleepingcomputer #EN #2023 #Cracks #Piracy #Razor-1911 #Rockstar-Games #Warez #Gaming

·bleepingcomputer.com·Sep 7, 2023

Rockstar Games reportedly sold games with Razor 1911 cracks on Steam

Compromised Microsoft Key: More Impactful Than We Thought

Our investigation of the security incident disclosed by Microsoft and CISA and attributed to Chinese threat actor Storm-0558, found that this incident seems to have a broader scope than originally assumed. Organizations using Microsoft and Azure services should take steps to assess potential impact.

#wiz #EN #2023 #Microsoft #Key #OWA #postmortem #analysis #Storm-0558

·wiz.io·Sep 7, 2023

Compromised Microsoft Key: More Impactful Than We Thought

Results of Major Technical Investigations for Storm-0558 Key Acquisition

#msrc #microsoft #Storm-0558 #postmortem #Key #Acquisition #OWA #Outlook

·msrc.microsoft.com·Sep 6, 2023

Results of Major Technical Investigations for Storm-0558 Key Acquisition

Thinking about the security of AI systems

Why established cyber security principles are still important when developing or implementing machine learning models.

#NCSC.GOV.UK #AI #secuity #ai-security #injection #attacks #data-poisoning

·ncsc.gov.uk·Sep 6, 2023

Thinking about the security of AI systems

Developers Warned of Malicious PyPI, NPM, Ruby Packages Targeting Macs - SecurityWeek

Malicious packages uploaded to PyPI, NPM, and Ruby repositories are targeting macOS users with information stealing malware.

#securityweek #EN #2023 #macos #phylum #PyPI #NPM #Ruby #Supply-Chain-Attack

·securityweek.com·Sep 6, 2023

Developers Warned of Malicious PyPI, NPM, Ruby Packages Targeting Macs - SecurityWeek

Nascent Malware Campaign Targets npm, PyPI, and RubyGems Developers

Phylum has identified a malware campaign spanning PyPI, npm and RubyGems. Delivering early stage malware to users.

#phylum #EN #2023 #Supply-Chain-Attack #npm #PyPI #RubyGems #macOS

·blog.phylum.io·Sep 6, 2023

Nascent Malware Campaign Targets npm, PyPI, and RubyGems Developers

What's in a NoName? Researchers see a lone-wolf DDoS group

Every morning at roughly the same time, a Russian hacker group known as NoName057(16) carries out distributed denial-of-service (DDoS) attacks on European financial institutions, government websites or transportation services.

#therecord #EN #2023 #NoName057(16)#DDoS #analysis

·therecord.media·Sep 6, 2023

What's in a NoName? Researchers see a lone-wolf DDoS group

Okta customers targeted in social engineering scam

Help desk staff duped into resetting MFA on Okta super admin accounts, allowing threat actors to move laterally across targeted organizations.

#scmagazine #EN #2023 #Okta #phishing #MFA #scam

·scmagazine.com·Sep 6, 2023

Okta customers targeted in social engineering scam

Attackers access military data through fencing supplier

Irony, not barbed wire, cuts the deepest

#theregister #EN #2023 #Zaun #breach #windows-7 #win7 #military #LockBit

·theregister.com·Sep 6, 2023

Attackers access military data through fencing supplier

China Bans iPhone Use for Government Officials at Work

The directive is the latest step in Beijing’s campaign to cut reliance on foreign technology and could hurt Apple’s business in the country.

#wsj #EN #2023 #China #iPhone #ban #Apple #Officials

·wsj.com·Sep 6, 2023

China Bans iPhone Use for Government Officials at Work

Zaun Data Breach

Zaun Data Breach – Update. Zaun Ltd - fencing and gate manufacturers. Our ranges include perimeter and security fencing, gates and railings.

#zaun #EN #2023 #databreach

·zaun.co.uk·Sep 6, 2023

Zaun Data Breach

Is macOS’s new XProtect behavioural security preparing to go live?

Apple released its first update to its new behavioural security protection in XProtect Behaviour Service on 8 August, and again on 1 September. Here are the details.

#eclecticlight #EN #2023 #macOS #XProtect #Behaviour #Service

·eclecticlight.co·Sep 4, 2023

Is macOS’s new XProtect behavioural security preparing to go live?

Apple’s Decision to Kill Its CSAM Photo-Scanning Tool Sparks Fresh Controversy

Child safety group Heat Initiative plans to launch a campaign pressing Apple on child sexual abuse material scanning and user reporting. The company issued a rare, detailed response on Thursday.

#wired #EN #2023 #apple #CSAM #Decision #Controversy #privacy

·wired.com·Sep 3, 2023

Apple’s Decision to Kill Its CSAM Photo-Scanning Tool Sparks Fresh Controversy

The Emergence of Ransomed: An Uncertain Cyber Threat in the Making

Ransomed, originally an illicit forum, is a ransomware collective that is finding new ways to extort victims by leveraging GDPR laws.

#flashpoint #EN #2023 #Ransomed #illicit #forum #ransomware #GDPR

·flashpoint.io·Sep 2, 2023

The Emergence of Ransomed: An Uncertain Cyber Threat in the Making

Pay our ransom instead of a GDPR fine, cybercrime gang tells its targets

A group that operates through a data leak blog called Ransomed tells its alleged victims that shelling out an extortion payment is smarter than facing a government fine for a data breach.

#therecord #EN #2023 #GDPR #Ransomed #ransom

·therecord.media·Sep 2, 2023

Pay our ransom instead of a GDPR fine, cybercrime gang tells its targets

Healthcare Organizations Hit by Cyberattacks Last Year Reported Big Impact, Costs

Roughly 78% of healthcare organizations fell victim to a cyberattack over the past year and 60% of the incidents impacted care delivery

#securityweek #EN #2023 #Healthcare #Organizations #Cyberattacks #Hospitals

·securityweek.com·Sep 2, 2023

Healthcare Organizations Hit by Cyberattacks Last Year Reported Big Impact, Costs

VMConnect supply chain attack continues, evidence points to North Korea - Security Boulevard

In early August, ReversingLabs identified a malicious supply chain campaign that the research team dubbed “VMConnect.” That campaign consisted of two dozen malicious Python packages posted to the Python Package Index (PyPI) open-source repository. The packages mimicked popular open-source Python tools, including vConnector, a wrapper module for pyVmomi VMware vSphere bindings; eth-tester, a collection of tools for testing Ethereum-based applications; and databases, a tool that gives asynchronous support for a range of databases.

#securityboulevard #EN #2023 #Supply-Chain-Attack #VMConnect #PyPI

·securityboulevard.com·Sep 1, 2023

VMConnect supply chain attack continues, evidence points to North Korea - Security Boulevard

An Ongoing Open Source Attack Reveals Roots Dating Back To 2021

Developers in the cryptocurrency sphere are being targeted once again, as yet another threat actor has been exposed. This user has been publishing malicious NPM packages with the purpose of exfiltrating sensitive data such as source code and configuration files from the victim’s machines. The threat actor behind this campaign has been linked to malicious activity dating back to 2021. Since then, they have continuously published malicious code.

#checkmarx #EN #2023 #malicious #NPM #Supply-chain-security

·checkmarx.com·Sep 1, 2023

An Ongoing Open Source Attack Reveals Roots Dating Back To 2021

New Twitter scam in China: sextortion scammers

Chinese sextortion scam accounts flood X (previously Twitter) after the platform introduced a blue-check policy allowing users to buy verified badges.

#restofworld #EN #2023 #X #Twitter #China #scammers #sextortion #flood

·restofworld.org·Sep 1, 2023

New Twitter scam in China: sextortion scammers

Hackers modify open-source ‘SapphireStealer’ malware, leading to multiple variants

Hackers are modifying the open source code of a popular malware strain, adding tools and functions that make it easier to steal data.

#therecord #EN #2023 #SapphireStealer #open-source #malware

·therecord.media·Sep 1, 2023

Hackers modify open-source ‘SapphireStealer’ malware, leading to multiple variants

LogicMonitor customers hit by hackers, because of default passwords | TechCrunch

An unknown number of LogicMonitor's customers have been hacked due to the fact that the company set weak default passwords.

#techcrunch #EN #2023 #data-breach #logicmonitor #default-password

·techcrunch.com·Sep 1, 2023

LogicMonitor customers hit by hackers, because of default passwords | TechCrunch

Unmasking Trickbot, One of the World’s Top Cybercrime Gangs

A WIRED investigation into a cache of documents posted by an unknown figure lays bare the Trickbot ransomware gang’s secrets, including the identity of a central member.

#wired #EN #2023 #Trickbot #Russia #member #ransomware

·wired.com·Sep 1, 2023

Unmasking Trickbot, One of the World’s Top Cybercrime Gangs