cyberveille.decio.ch

5334 bookmarks

Custom sorting

#NoFilter - Abusing Windows Filtering Platform for Privilege Escalation

This blog is based on a session we presented at DEF CON 2023 on Sunday, August 13, 2023, in Las Vegas. Privilege escalation is a common attack vector in the Windows OS. There are multiple offensive tools in the wild that can execute code as “NT AUTHORITY\SYSTEM” (Meterpreter, CobaltStrike, Potato tools), and they all usually do so by duplicating tokens and manipulating services. This allows them to perform attacks like LSASS Shtinkering.

#deepinstinct #EN #2023 #NoFilter #DEFCON2023 #Privilege #escalation

·deepinstinct.com·Aug 24, 2023

#NoFilter - Abusing Windows Filtering Platform for Privilege Escalation

British court convicts two teen Lapsus$ members of hacking tech firms

Two teenagers, ages 18 and 17, were found guilty of hacking into major corporations. The cases involved Uber, Nvidia and more.

#therecord #EN #2023 #Lapsus$#teenagers #busted

·therecord.media·Aug 23, 2023

British court convicts two teen Lapsus$ members of hacking tech firms

macOS 0day: App Management

App Management is a new macOS security feature in Ventura introduced at WWDC last year: If an app is modified by something that isn't signed by the same development team and isn't allowed by an NSUpdateSecurityPolicy, macOS will block the modification and notify the user that an app wants to manage other apps. Clicking on the notification sends people to System Settings, where they can allow an app to update and modify other apps.

#lapcatsoftware #EN #2023 #macOS #0-day #AppManagement

·lapcatsoftware.com·Aug 22, 2023

macOS 0day: App Management

XLoader's Latest Trick | New macOS Variant Disguised as Signed OfficeNote App

Notorious botnet and infostealer XLoader makes a return to macOS with a new dropper and malware payload.

#sentinelone #EN #2023 #XLoader #macOS #dropper #payload

·sentinelone.com·Aug 22, 2023

XLoader's Latest Trick | New macOS Variant Disguised as Signed OfficeNote App

Ecuador’s national election agency says cyberattacks caused absentee voting issues

Absentee voters flooded social media to express their frustration at not being able to cast votes through an online system created by the government.

#therecord #EN #2023 #Ecuador #voting #election #cyberattacks

·therecord.media·Aug 22, 2023

Ecuador’s national election agency says cyberattacks caused absentee voting issues

CVE-2023-34127

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SonicWall GMS, SonicWall Analytics enables an authe…

#attackerkb #EN #2023 #rapid7 #SonicWall #CVE-2023-34127 #vulnerability #PoC

·attackerkb.com·Aug 21, 2023

CVE-2023-34127

Sneaky Amazon Google ad leads to Microsoft support scam

A legitimate-looking ad for Amazon in Google search results redirects visitors to a Microsoft Defender tech support scam that locks up their browser.

#bleepingcomputer #EN #2023 #GoogleAds #technical-support #scam

·bleepingcomputer.com·Aug 21, 2023

Sneaky Amazon Google ad leads to Microsoft support scam

Ivanti warns of new actively exploited MobileIron zero-day bug

US-based IT software company Ivanti warned customers today that a critical Sentry API authentication bypass vulnerability is being exploited in the wild.

#bleepingcomputer #Ivanti #Actively-Exploited #Authentication-Bypass #MobileIron #Warning #Zero-Day #0-day

·bleepingcomputer.com·Aug 21, 2023

Ivanti warns of new actively exploited MobileIron zero-day bug

Brazilian hacker claims Bolsonaro asked him to hack into the voting system ahead of 2022 vote | AP News

A Brazilian hacker claimed at a congressional hearing Thursday that then-President Jair Bolsonaro wanted him to hack into the country’s electronic voting system to expose its alleged weaknesses ahead of the 2022 presidential election.

#apnews #EN #2023 #Brazil #Bolsanero #hacker #voting #system

·apnews.com·Aug 21, 2023

Brazilian hacker claims Bolsonaro asked him to hack into the voting system ahead of 2022 vote | AP News

2023-08 Out-of-Cycle Security Bulletin: Junos OS: SRX Series and EX Series: Multiple vulnerabilities in J-Web can be combined to allow a preAuth Remote Code Execution

#juniper #EN #2023 #bulletin #vulnerability #Out-of-Cycle #CVE-2023-36844 #CVE-2023-36845 #CVE-2023-36846 #CVE-2023-36847

·supportportal.juniper.net·Aug 20, 2023

2023-08 Out-of-Cycle Security Bulletin: Junos OS: SRX Series and EX Series: Multiple vulnerabilities in J-Web can be combined to allow a preAuth Remote Code Execution

Data Theft Via MOVEit: 4.5 Million More Individuals Affected

The fallout from the Clop cybercrime group's mass theft of data from MOVEit servers continues to increase. Colorado's state healthcare agency alone is now notifying

#databreachtoday #EN #2023 #MOVEit #Clop #Colorado #US #healthcare

·databreachtoday.com·Aug 20, 2023

Data Theft Via MOVEit: 4.5 Million More Individuals Affected

Chinese Microsoft hackers also hit GOP Rep. Don Bacon of Nebraska

Rep. Don Bacon tweeted Monday that he had been notified by the FBI that his emails had been hacked.

#washingtonpost #EN #2023 #US #Microsoft #cloud #DonBacon #FBI #emails #hacked #outlook #China

·washingtonpost.com·Aug 20, 2023

Chinese Microsoft hackers also hit GOP Rep. Don Bacon of Nebraska

Threat actors use beta apps to bypass mobile app store security

The FBI is warning of a new tactic used by cybercriminals where they promote malicious "beta" versions of cryptocurrency investment apps on popular mobile app stores that are then used to steal crypto.

#bleepingcomputer #EN #2023 #FBI #beta #mobile #apps #cryptocurrency

·bleepingcomputer.com·Aug 19, 2023

Threat actors use beta apps to bypass mobile app store security

New Apple iOS 16 Exploit Enables Stealthy Cellular Access Under Fake Airplane Mode

Cybersecurity researchers have documented a novel post-exploit persistence technique on iOS 16 that could be abused to fly under the radar and maintain access to an Apple device even when the victim believes it is offline. The method "tricks the victim into thinking their device's Airplane Mode works when in reality the attacker (following successful device exploit) has planted an artificial Airplane Mode which edits the UI to display Airplane Mode icon and cuts internet connection to all apps except the attacker application," Jamf Threat Labs researchers Hu Ke and Nir Avraham said in a report shared with The Hacker News.

#thehackernews #EN #2023 #iOS #apple #airplanemode #exploit

·thehackernews.com·Aug 19, 2023

New Apple iOS 16 Exploit Enables Stealthy Cellular Access Under Fake Airplane Mode

Approximately 2000 Citrix NetScalers backdoored in mass-exploitation campaign

Fox-IT (part of NCC Group) has uncovered a large-scale exploitation campaign of Citrix NetScalers in a joint effort with the Dutch Institute of Vulnerability Disclosure (DIVD). An adversary appears to have exploited CVE-2023-3519 in an automated fashion, placing webshells on vulnerable NetScalers to gain persistent access. The adversary can execute arbitrary commands with this webshell, even when a NetScaler is patched and/or rebooted. At the time of writing, more than 1900 NetScalers remain backdoored. Using the data supplied by Fox-IT, the Dutch Institute of Vulnerability Disclosure has notified victims.

#fox-it #EN #2023 #CVE-2023-3519 #citrix #NetScalers #backdoored

·blog.fox-it.com·Aug 19, 2023

Approximately 2000 Citrix NetScalers backdoored in mass-exploitation campaign

Discord.io confirms breach after hacker steals data of 760K users

The Discord.io custom invite service has temporarily shut down after suffering a data breach exposing the information of 760,000 members.

#bleepingcomputer #EN #2023 #discord #databreach

·bleepingcomputer.com·Aug 19, 2023

Discord.io confirms breach after hacker steals data of 760K users

Piratage des numéros de téléphone des policiers bernois

Une faille dans l'application MobileIron très répandue dans les services publiques et entreprises a été exploitée par des hackers.

#20min #CH #FR #police #MobileIron #faille #databreach #policiers

·20min.ch·Aug 19, 2023

Piratage des numéros de téléphone des policiers bernois

Des pirates informatiques s'emparent des données de 2800 policiers bernois

Une faille de sécurité dans une application utilisée par la police bernoise a entraîné une importante fuite de données. Des pirates ont pu s'emparer de l'identité et des numéros de téléphone de l'ensemble des 2800 employés de la police cantonale.

#rts #FR #CH #2023 #police #MobileIron #databreach #policiers

·rts.ch·Aug 19, 2023

Des pirates informatiques s'emparent des données de 2800 policiers bernois

The New Frontline of Geopolitics | Understanding the Rise of State-Sponsored Cyber Attacks

Understanding the complex threat landscape facing businesses today from state-sponsored cyber attacks is crucial to effective cyber defense.

#sentinelone #EN #2023 #APT #research #state-sponsored #cyberdefense

·sentinelone.com·Aug 18, 2023

The New Frontline of Geopolitics | Understanding the Rise of State-Sponsored Cyber Attacks

Phishing pages placed on hacked websites

Scammers are hacking websites powered by WordPress and placing phishing pages inside hidden directories. We share some statistics and tips on recognizing a hacked site.

#securelist #EN #2023 #Data-theft #Phishing #websites #Website-Hacks #Wordpress

·securelist.com·Aug 18, 2023

Phishing pages placed on hacked websites

Users of cybercrime forums often fall victim to info-stealers, researchers find

After analyzing millions of computers infected with info-stealing malware, researchers at Hudson Rock said they identified 120,000 that contained credentials used for logging into cybercrime forums.

#therecord #EN #2023 #cybercrime #InfoStealer #credentials

·therecord.media·Aug 18, 2023

Users of cybercrime forums often fall victim to info-stealers, researchers find

Prominent Threat Actor Accidentally Infects Own Computer with Info-Stealer

Threat actor “La_Citrix” is known for hacking companies — he accidentally infected his own computer and likely ended up selling it without noticing.

#hudsonrock #EN #2023 #La_Citrix #pwoned #InfoStealer #Accidentally

·hudsonrock.com·Aug 18, 2023

Prominent Threat Actor Accidentally Infects Own Computer with Info-Stealer

Notorious phishing platform shut down, arrests in international police operation

The platform sold hacking tools to more than 70,000 users in 43 countries

#interpol #EN #2023 #Cybercrime-Organized-Crime #shutdown #16Shop

·interpol.int·Aug 18, 2023

Notorious phishing platform shut down, arrests in international police operation

Karma Catches Up to Global Phishing Service 16Shop

You've probably never heard of "16Shop," but there's a good chance someone using it has tried to phish you. Last week, the international police organization INTERPOL said it had shuttered the notorious 16Shop, a popular phishing-as-a-service platform launched in 2017…

#krebsonsecurity #EN #2023 #16Shop #pwoned #InfoStealer #INTERPOL

·krebsonsecurity.com·Aug 18, 2023

Karma Catches Up to Global Phishing Service 16Shop

LinkedIn under attack, malicious hackers seize accounts

Security researchers have identified that a widespread LinkedIn hacking campaign has seen many users locked out of their accounts worldwide.

#tripwire #EN #2023 #Linkedin #hacking #campaign #social #locked

·tripwire.com·Aug 18, 2023

LinkedIn under attack, malicious hackers seize accounts

PowerHell: Active Flaws in PowerShell Gallery Expose Users to Attacks

Recent findings by Aqua Nautilus have exposed significant flaws that are still active in the PowerShell Gallery's policy regarding package names and owners. These flaws make typosquatting attacks inevitable in this registry, while also making it extremely difficult for users to identify the true owner of a package. Consequently, these flaws pave the way for potential supply chain attacks on the registry's vast user base.

#aquasec #EN #2023 #PowerHell #PowerShell #Gallery #typosquatting

·blog.aquasec.com·Aug 18, 2023

PowerHell: Active Flaws in PowerShell Gallery Expose Users to Attacks

Dark Web Profile: 8Base Ransomware

In this article, we will focus on 8Base Ransomware, which ranked in the top 5 most active groups last month according to Daily Dark Web...

#socradar #EN #2023 #8Base #Ransomware #Profile

·socradar.io·Aug 16, 2023

Dark Web Profile: 8Base Ransomware

Raccoon Stealer Announce Return After Hiatus

Raccoon Stealer, the InfoStealer that has been used to obtain 50M+ unique credentials is back with new features and updates.

#cyberint #EN #2023 #Raccoon #raccoon-stealer #InfoStealer #Return

·cyberint.com·Aug 16, 2023

Raccoon Stealer Announce Return After Hiatus

'DoubleDrive' attack turns Microsoft OneDrive into ransomware

Microsoft's OneDrive file-sharing program can be used as ransomware to encrypt most of the files on a target machine without possibility of recovery, partly because the program is inherently trusted by Windows and endpoint detection and response programs (EDRs). Presentation blackhat

#scmagazine #EN #2023 #OneDrive #Microsoft #ransomware

·scmagazine.com·Aug 16, 2023

'DoubleDrive' attack turns Microsoft OneDrive into ransomware

This $70 device can spoof an Apple device and trick you into sharing your password

Attendees at Def Con, one of the world’s largest hacking conferences, are used to weird shenanigans, such as a seemingly innocuous wall of computer screens that display people’s passwords sniffed over the conference Wi-Fi network. But at this year’s event, even conference veterans were confused and concerned when their iPhones started showing pop-up messages prompting them to connect their Apple ID or share a password with a nearby Apple TV.

#techcrunch #EN #2023 #defcon #Apple #iPhone #pop-up #messages #AppleTV

·techcrunch.com·Aug 16, 2023

This $70 device can spoof an Apple device and trick you into sharing your password