Livraison de chars à l’Ukraine: des cyberpirates russes publient un document du Seco
Des cyberpirates russes ont publié un document interne du Seco.
cyberveille.decio.ch
UK Electoral Commission had an unpatched Microsoft Exchange Server vulnerability
You have have read about the hack of the Electoral Commission recently. In this piece we take a look at what happened, show they were running Microsoft Exchange Server with Outlook Web App (OWA) facing the internet, and the unpatched vulnerability that presented.
![Ransomware tracker: The latest figures [August 2023]](https://rdl.ink/render/https%3A%2F%2Fcms.therecord.media%2Fuploads%2F2023_1109_Ransomware_Tracker_Victim_Data_Released_on_Ransomware_Extortion_Sites_83bf44398c.jpg?width=92&height=69&ar=&mode=crop&format=avif&dpr=2){kind=tracking}
Ransomware tracker: The latest figures [August 2023]
The number of ransomware attacks posted on extortion websites shot up to a record high in July, with ransomware gangs publicly claiming more than 15 attacks per day on average. In total there were 484 ransomware attacks in July, compared to 408 the previous month, according to data collected by Recorded Future from extortion sites, government agencies, news reports, hacking forums, and other sources.
Faire de la cybersécurité une tâche régalienne
La réputation de la Suisse est ternie et sa souveraineté menacée par le piratage de Xplain, prestataire informatique pour divers services de sécurité, notamment de la police fédérale. Les leçons systémiques de cette débâcle doivent être tirées, au-delà des responsabilités individuelles
Meet NoEscape: Avaddon ransomware gang's likely successor
The new NoEscape ransomware operation is believed to be a rebrand of Avaddon, a ransomware gang that shut down and released its decryption keys in 2021.
Stealth Mode: Chinese Cyber Espionage Actors Continue to Evolve Tactics to Avoid Detection | Mandiant
Ways Chinese cyber espionage activity has increasingly leveraged strategies to evade detection.
Mac systems turned into proxy exit nodes by AdLoad
AdLoad malware is still infecting Mac systems years after its first appearance in 2017. AdLoad, a package bundler, has been observed delivering a wide range of payloads throughout its existence. During AT&T Alien Labs’ investigation of its most recent payload, it was discovered that the most common component dropped by AdLoad during the past year has been a proxy application turning MacOS AdLoad victims into a giant, residential proxy botnet.
An Apple Malware-Flagging Tool Is ‘Trivially’ Easy to Bypass
The macOS Background Task Manager tool is supposed to spot potentially malicious software on your machine. But a researcher says it has troubling flaws.
Want to pwn a satellite? Turns out it's surprisingly easy
A study into the feasibility of hacking low-Earth orbit satellites has revealed that it's worryingly easy to do. In a presentation at the Black Hat security conference in Las Vegas, Johannes Willbold, a PhD student at Germany's Ruhr University Bochum, explained he had been investigating the security of satellites. He studied three types of orbital machinery and found that many were utterly defenseless against remote takeover because they lack the most basic security systems.
New ‘Downfall’ Flaw Exposes Valuable Data in Generations of Intel Chips
The vulnerability could allow attackers to take advantage of an information leak to steal sensitive details like private messages, passwords, and encryption keys.
%2Fcloudfront-us-east-2.images.arcpublishing.com%2Freuters%2FBFBOB6X6AZP2XAQFRZ5IJO3HDE.jpg?width=92&height=69&ar=&mode=crop&format=avif&dpr=2)
Analysis: MOVEit hack spawned over 600 breaches but is not done yet -cyber analysts | Reuters
A hydra-headed breach centered on a single American software maker has compromised data at more than 600 organizations worldwide, according to cyber analyst tallies corroborated by Reuters.
Biden-Harris Administration Launches Artificial Intelligence Cyber Challenge to Protect America’s Critical Software | The White House
Several leading AI companies – Anthropic, Google, Microsoft, and OpenAI – to partner with DARPA in major competition to make software more secure The Biden-Harris Administration today launched a major two-year competition that will use artificial intelligence (AI) to protect the United States’ most important software, such as code that helps run the internet and…
Cyber-attack on UK's electoral registers revealed
The Electoral Commission warns the public to be vigilant for unauthorised use of their personal data.
5 arrested in Poland for running bulletproof hosting service for cybercrime gangs | Europol
Five of its administrators were arrested, and all of its servers seized, rendering LolekHosted.net no longer available. This latest success in the fight against cybercrime follows a complex investigation supported by Europol and the US Federal Bureau of Investigation (FBI). Criminal hideouts for lease Bulletproof hosting is a service in which an online infrastructure is offered, and operators will generally...
Des hackers ont accédé aux données client d’une banque en ligne
La filiale d’un établissement à Genève a récemment subi une cyberattaque. Un cas a priori bénin qui illustre comment les hackers s’attaquent aux banques.
Des pirates informatiques russes ont publié un document sensible de la Confédération
Des pirates informatiques russes ont publié un document interne de la Confédération concernant une possible livraison indirecte de chars Piranha à l'Ukraine. Le Secrétariat d'Etat à l'économie (Seco) a confirmé l'authenticité du document à Keystone-ATS.
Microsoft’s Role in Email Breach by Suspected Chinese Hackers Part of US Inquiry
A US cybersecurity advisory panel will investigate risks in cloud computing, including Microsoft Corp.’s role in a recent breach of government officials’ email accounts by suspected Chinese hackers, according to two people familiar with the matter. The Cyber Safety Review Board, which was created by the Biden administration to investigate major cybersecurity events, will focus on risks to cloud computing infrastructure broadly, including identity and authentication management, and will examine all relevant cloud service providers, according to a Department of Homeland Security official. The issue was brought into focus by the breach of Microsoft’s email systems, the official said. Both people asked not to be named so they could discuss sensitive information.
MoustachedBouncer: Espionage against foreign diplomats in Belarus
MoustachedBouncer is a cyberespionage group discovered by ESET Research and first publicly disclosed in this blogpost. The group has been active since at least 2014 and only targets foreign embassies in Belarus. Since 2020, MoustachedBouncer has most likely been able to perform adversary-in-the-middle (AitM) attacks at the ISP level, within Belarus, in order to compromise its targets. The group uses two separate toolsets that we have named NightClub and Disco.
“Please do not make it public”: Vulnerabilities in Sogou Keyboard encryption expose keypresses to network eavesdropping
- We analyzed Tencent’s Sogou Input Method, which, with over 450 million monthly active users, is the most popular Chinese input method in China. Analyzing the Windows, Android, and iOS versions of the software, we discovered troubling vulnerabilities in Sogou Input Method’s custom-designed “EncryptWall” encryption system and in how it encrypts sensitive data. We found that network transmissions containing sensitive data such as those containing users’ keystrokes are decipherable by a network eavesdropper, revealing what users are typing as they type. We disclosed these vulnerabilities to Sogou developers, who released fixed versions of the affected software as of July 20, 2023 (Windows version 13.7, Android version 11.26, and iOS version 11.25). These findings underscore the importance for software developers in China to use well-supported encryption implementations such as TLS instead of attempting to custom design their own.
Researchers watched 100 hours of hackers hacking honeypot computers
Imagine being able to sit behind a hacker and observe them take control of a computer and play around with it. That’s pretty much what two security researchers did thanks to a large network of computers set up as a honeypot for hackers. The researchers deployed several Windows servers deliberately exposed on the internet, set up with Remote Desktop Protocol, or RDP, meaning that hackers could remotely control the compromised servers as if they were regular users, being able to type and click around.
Interpol takes down 16shop phishing-as-a-service platform
A joint operation between Interpol and cybersecurity firms has led to an arrest and shutdown of the notorious 16shop phishing-as-a-service (PhaaS) platform.
Nearly every AMD CPU since 2017 vulnerable to Inception bug
AMD processor users, you have another data-leaking vulnerability to deal with: like Zenbleed, this latest hole can be to steal sensitive data from a running vulnerable machine.
Electoral Commission apologises for security breach involving UK voters’ data | Electoral Commission | The Guardian
Names and addresses of 40 million registered voters were accessible as far back as 2021 after cyber-attack
Pro-Russia Facebook Disinfo Network Targets Francophone Africa
The pages promote Russia’s line on the war in Ukraine to more than 4 million followers, casting doubt on Meta’s pledge to combat foreign influence campaigns.
The untold history of today’s Russian-speaking hackers
Clop, a Russian-speaking hacking group specialising in ransomware, has its own website. Yes, this is a thing — criminals openly encouraging their victims to negotiate a ransom for the return of their data as though it were a legitimate commercial deal.
Spyware maker LetMeSpy shuts down after hacker deletes server data
A June data breach wiped out the spyware maker's servers
Don’t you (forget NLP): Prompt injection with control characters in ChatGPT
Like many companies, Dropbox has been experimenting with large language models (LLMs) as a potential backend for product and research initiatives. As interest in leveraging LLMs has increased in recent months, the Dropbox Security team has been advising on measures to harden internal Dropbox infrastructure for secure usage in accordance with our AI principles. In particular, we’ve been working to mitigate abuse of potential LLM-powered products and features via user-controlled input.
Midnight Blizzard conducts targeted social engineering over Microsoft Teams
Microsoft Threat Intelligence has identified highly targeted social engineering attacks using credential theft phishing lures sent as Microsoft Teams chats by the threat actor that Microsoft tracks as Midnight Blizzard (previously tracked as NOBELIUM).
Tenable CEO accuses Microsoft of negligence in addressing security flaw
Cybersecurity veteran Amit Yoran says Microsoft has a culture of toxic obfuscation when it comes to addressing security threats.
CVE-2023-35082 - MobileIron Core Unauthenticated API Access Vulnerability | Rapid7 Blog
Rapid7 discovered a new vulnerability that allows unauthenticated attackers to access the API in unsupported versions of MobileIron Core (11.2 and below).