Linux-Targeted Malware Increases by 35% in 2021
CrowdStrike has observed that malware targeting Linux-based systems increased by 35% in 2021. XorDDoS, Mirai and Mozi were the most common malware families.
cyberveille.decio.ch
BGP leaks and cryptocurrencies
Over the few last hours, a dozen news stories have broken about how an attacker attempted (and perhaps managed) to steal cryptocurrencies using a BGP leak.
Twitter, Google, WhatsApp, Telegram... pourquoi la double authentification n'est finalement pas si sécurisée
La double authentification permet de sécuriser ses comptes en ligne et les données personnelles qui y sont attachées. Néanmoins, l'entreprise suisse Mitto AG, qui fournit les plus grands noms de la tech comme Twitter , Google, WhatsApp ou encore Telegram , s'en sert également pour ses activités de cybersurveillance…
Analyzing a watering hole campaign using macOS exploits
To protect our users, TAG routinely hunts for 0-day vulnerabilities exploited in-the-wild. In late August 2021, TAG discovered watering hole attacks targeting visitors to Hong Kong websites for a media outlet and a prominent pro-democracy labor and political group. The watering hole served an XNU privilege escalation vulnerability (CVE-2021-30869) unpatched in macOS Catalina, which led to the installation of a previously unreported backdoor.
Backdoor RAT for Windows, macOS, and Linux went undetected until now | Ars Technica
Never-before-seen, cross-platform SysJoker came from an "advanced threat actor."
Google Docs Comment Exploit Allows for Distribution of Phishing and Malware
An exploit in the Google Docs comment feature allows hackers to easily spread malware and phishing.
Le piratage d'une société américaine a des conséquences en Suisse
La société américaine iBasis a subi une attaque informatique ces derniers jours. Elle pourrait être utilisée comme transporteur de données appartenant à des opérateurs suisses.
![[LEAK] Maze + Egregor + Sekhmet keys along with m0yv (expiro) source code](https://rdl.ink/render/https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fmeta_image.png?width=92&height=&ar=&mode=&format=avif&dpr=2)
[LEAK] Maze + Egregor + Sekhmet keys along with m0yv (expiro) source code
Hello, Its developer. It was decided to release keys to the public for Egregor, Maze, Sekhmet ransomware families. also there is a little bit harmless source code of polymorphic x86/x64 modular EPO file infector m0yv detected in the wild as Win64/Expiro virus, but it is not expiro actually, but AV engines detect it like this, so no single thing in common with...
Why is the Zoom app listening on my microphone...
I'm running MacOS Monterey. Several times in the last few weeks, I've noticed the orange dot indicating the microphone is being used by an app, and I click on the Control Center and see that Zoom is accessing the microphone. I'm not in a meeting and simply have the Zoom app open. Why would Zoom be accessing the microphone when I'm not in a meeting?
PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)
The Qualys Research Team has discovered a memory corruption vulnerability in polkit's pkexec, a SUID-root program that is installed by default on every major…
Utilisation de Google Analytics et transferts de données vers les États-Unis : la CNIL met en demeure un gestionnaire de site web
Google Analytics est une fonctionnalité qui peut être intégrée par les gestionnaires de sites web tels que des sites de vente en ligne afin d’en mesurer la fréquentation par les internautes. Dans ce cadre, un identifiant unique est attribué à chaque visiteur. Cet identifiant (qui constitue une donnée personnelle) et les données qui lui sont associées sont transférés par Google aux États-Unis.
Google Project Zero: Vendors are now quicker at fixing zero-days
Google's Project Zero has published a report showing that organizations took less time to address the zero-day vulnerabilities that the team reported last year.
UPnProxy: Eternal Silence
UPnProxy is alive and well. There are 277,000 devices, out of a pool of 3.5 million, running vulnerable implementations of UPnP. Of those, Akamai can confirm that more than 45,000 have been compromised in a widely distributed UPnP NAT injection campaign.
FritzFrog: P2P Botnet Hops Back on the Scene
FritzFrog is a peer-to-peer botnet, which means its command and control server is not limited to a single, centralized machine, but rather can be done from every machine in its distributed network. In other words, every host running the malware process becomes part of the network, and is capable of sending, receiving, and executing the commands to control machines in the network.
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerability listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.
Thousands of Ivanti VPN Appliances Impacted by Recent Vulnerability
The Shadowserver Foundation identifies thousands of Ivanti VPN instances likely impacted by a recent remote code execution flaw.
XZ Utils backdoor
This page is short for now but it will get updated as I learn more about the incident. Most likely it will be during the first week of April 2024. The Git repositories of XZ projects are on git.tukaani.org. xz.tukaani.org DNS name (CNAME) has been removed. The XZ projects currently don’t have a home page. This will be fixed in a few days.
Les attaques informatiques contre les ENT continuent dans le Nord ...
La semaine dernière, des menaces d'attentats ont été envoyés aux élèves, aux personnels et aux familles suite au piratage de l'environnement numérique de travail de la région Ile de France. Cette fois, c'est l'académie de Lille qui est touchée, et ce dans un contexte sécuritaire inquiétant.
PHP Obfuscator with Backdoor
An online tool offers a service to obfuscate PHP code, but it also silently inserts a backdoor into the code that allows any other PHP code to be executed!
Easy privilege escalation exploit lands for Linux kernels
CVE-2024-1086 turns the page tables on system admins
Urgent security alert for Fedora 41 and Fedora Rawhide users
Red Hat Information Risk and Security and Red Hat Product Security learned that the latest versions of the “xz” tools and libraries contain malicious code that appears to be intended to allow unauthorized access.
Ransomware gang leaks stolen Scottish healthcare patient data in extortion bid
A cybercrime group has published information stolen from NHS Dumfries and Galloway.
AI bots hallucinate software packages and devs download them
Not only that but someone, having spotted this reoccurring hallucination, had turned that made-up dependency into a real one, which was subsequently downloaded and installed thousands of times by developers as a result of the AI's bad advice, we've learned. If the package was laced with actual malware, rather than being a benign test, the results could have been disastrous.
Cybercriminals Transform Raspberry Pi into a Tool for Fraud and Anonymization: GEOBOX Discovery
Decade-old Linux ‘wall’ bug helps make fake SUDO prompts, steal passwords
A vulnerability has been discovered in the 'util-linux' library that could allow unprivileged users to put arbitrary text on other users' terminals using the 'wall' command.
PyPI halted new users and projects while it fended off supply-chain attack
Automation is making attacks on open source code repositories harder to fight.
Jeffrey Epstein's Island Visitors Exposed by Data Broker
A WIRED investigation uncovered coordinates collected by a controversial data broker that reveal sensitive information about visitors to an island once owned by Epstein, the notorious sex offender.
.png?width=92&height=&ar=&mode=&format=avif&dpr=2)
Diving Deeper into AI Package Hallucinations
Lass Security's recent research on AI Package Hallucinations extends the attack technique to GPT-3.5-Turbo, GPT-4, Gemini Pro (Bard), and Coral (Cohere).
Lighter Ransomware Locks Users Out of System
Overview This week, the Sonicwall Capture Labs threat research team analyzed a ransomware calling itself Lighter Ransomware. Upon execution, it opens up a window with a countdown timer instructing the victim to reach out immediately […]
US offers $10 million bounty for info on 'Blackcat' hackers who hit UnitedHealth
The U.S. State Department on Wednesday offered up to $10 million for information on the "Blackcat" ransomware gang who hit the UnitedHealth Group's tech unit and snarled insurance payments across America. "The ALPHV Blackcat ransomware-as-a-service group compromised computer networks of critical infrastructure sectors in the United States and worldwide," the department said in a statement announcing the reward offer.