cyberveille.decio.ch

5334 bookmarks

Custom sorting

ASyncRat surpasses Dridex, TrickBot and Emotet to become dominant email threat

Earlier this year Malwarebytes released its 2022 Threat Review, a review of the most important threats and cybersecurity trends of 2021, and what they could mean for 2022. Among other things it covers the year’s alarming rebound in malware detections, and a significant shift in the balance of email threats.

#malwarebytes #EN #2022 #analysis #email #threat #email-threat #Review #TrickBot #ASyncRat #Dridex

·blog.malwarebytes.com·Jun 13, 2022

ASyncRat surpasses Dridex, TrickBot and Emotet to become dominant email threat

People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices

Best Practices • Apply patches as soon as possible • Disable unnecessary ports and protocols • Replace end-of-life infrastructure • Implement a centralized patch management system

#CISA #EN #2022 #Advisory #uscert #csirt #cert #China #Alert #state-sponsored #exploited #PRC

·cisa.gov·Jun 9, 2022

People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices

Microsoft Diagnostic Tool "DogWalk" Package Path Traversal Gets Free Micropatches (0day/WontFix)

With the "Follina" / CVE-2022-30190 0day still hot, i.e., still waiting for an official fix while apparently already getting exploited by nation-backed attackers, another related unfixed vulnerability in Microsoft's Diagnostic Tool (MSDT) bubbled to the surface. In January 2020, security researcher Imre Rad published an article titled "The trouble with Microsoft’s Troubleshooters," describing a method for having a malicious executable file being saved to user's Startup folder, where it would subsequently get executed upon user's next login. What the user has to do for this to happen is open a "diagcab" file...

#0patch #EN #2022 #Follina #diagcab #CVE-2022-30190 #0-day #0day #Diagnostic #research

·blog.0patch.com·Jun 9, 2022

Microsoft Diagnostic Tool "DogWalk" Package Path Traversal Gets Free Micropatches (0day/WontFix)

Russian Cyberattack Hits Wales-Ukraine Football Broadcast

The broadcast of the Football World Cup 2022 qualifier game between Wales and Ukraine on Sunday was interrupted in Ukraine by a cyberattack that targeted OLL.TV...

#databreachtoday #EN #2022 #Russia-Ukraine-war #Cyberattack #Ukraine #Russia #OLL.TV #Wales #Football-Broadcast #Telecommunication #Misinformation #Propaganda

·databreachtoday.eu·Jun 8, 2022

Russian Cyberattack Hits Wales-Ukraine Football Broadcast

TrustPid is another worrying, imperfect attempt to replace tracking cookies

German ISPs are working on the introduction of TrustPid. A supercookie that is intended to replace tracking cookies.

#malwarebytes #EN #2022 #TrustPid #supercookie #privacy #ans #Germany #Vodafone

·blog.malwarebytes.com·Jun 6, 2022

TrustPid is another worrying, imperfect attempt to replace tracking cookies

Horde Webmail - Remote Code Execution via Email

We discovered vulnerabilities in Horde Webmail that allow an attacker to execute arbitrary code on Horde instances by having a victim open an email

#sonarsource #EN #2022 #Horde #Webmail #RCE #CVE-2022-30287

·blog.sonarsource.com·Jun 5, 2022

Horde Webmail - Remote Code Execution via Email

Analysis and Attribution of the Eternity Ransomware: Timeline and Emergence of the Eternity Group

XVigil discovered a financially motivated threat actor group, dubbed Eternity group, actively operating on the internet, selling worms, stealers, DDoS tools, and ransomware builders.

#cloudsek #2022 #en #ransomware #Eternity #group #research #selling #worms #stealers #Timeline

·cloudsek.com·Jun 5, 2022

Analysis and Attribution of the Eternity Ransomware: Timeline and Emergence of the Eternity Group

Deadly secret: Electronic warfare shapes Russia-Ukraine war

KYIV, Ukraine (AP) — On Ukraine’s battlefields , the simple act of powering up a cellphone can beckon a rain of deathly skyfall. Artillery radar and remote controls for unmanned aerial vehicles may also invite fiery shrapnel showers.

#Apnews #Russia-Ukraine-war #Electronic-warfare #electronic #warfare #en #2022

·apnews.com·Jun 4, 2022

Deadly secret: Electronic warfare shapes Russia-Ukraine war

Ex-NSA Chief: 'We Kill People Based on Metadata'

The U.S. government "kill[s] people based on metadata," but it doesn't do that with the trove of information collected on American communications, according to former head of the National Security Agency Gen. Michael Hayden.

#ABCnews #EN #2014 #Metadata #NSA #Military #kill

·abcnews.go.com·May 29, 2022

Ex-NSA Chief: 'We Kill People Based on Metadata'

Gimmick MacOS Malware Spreads Through Customized Files, Enables MacOS CodeSign Bypass - CloudSEK

We discovered that Gimmick MacOS malware communicates only through their C2 server hosted on Google Drive. The malware was discovered in the first week of May and it has been actively targeting macOS devices

#Cloudsek #EN #2022 #malware #macOS #Gimmick #C2

·cloudsek.com·May 27, 2022

Gimmick MacOS Malware Spreads Through Customized Files, Enables MacOS CodeSign Bypass - CloudSEK

Large-scale Analysis of DNS-based Tracking Evasion - broad data leaks included?

User tracking technologies are ubiquitous on the web. In recent times web browsers try to fight abuses. This led to an arms race where new tracking and anti-tracking measures are being developed. The use of one of such evasion techniques, the CNAME cloaking technique is recently quickly gaining popularity. Our evidence indicates that the use of the CNAME scheme threatens web security and privacy systematically and in general

#lukaszolejnik #EN #2022 #research #privacy #web-browser #web #w3c #consent #data-breach #gdpr #dns #cname #cloacking

·blog.lukaszolejnik.com·May 27, 2022

Large-scale Analysis of DNS-based Tracking Evasion - broad data leaks included?

Guerre en Ukraine : Anonymous déclare la cyberguerre à Killnet, un collectif de hackers pro-russes

En luttant contre le groupe Killnet, Anonymous espère réduire le nombre d'attaques en ligne portées par ce dernier à l'encontre des gouvernements de plusieurs pays membres de l'OTAN

#20minutesfr #FR #2022 #Anonymous #Killnet #hacker #piratage #pirate #Guerre-en-Ukraine #Russie

·20minutes.fr·May 26, 2022

Guerre en Ukraine : Anonymous déclare la cyberguerre à Killnet, un collectif de hackers pro-russes

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

This week, immensely popular PyPI package 'ctx' has been compromised and altered to steal environment variables from its users. Additionally, a forked PHP project 'phpass' also suffered a repo-hijacking attack with the project tained with identical malicious payload.

#PyPI #ctx #PHP #supplychain #attack #sonatype #EN #2022 #exfiltration #steal #Supply-chain-security

·blog.sonatype.com·May 25, 2022

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

Pegasus vs. Predator: Dissident's Doubly-Infected iPhone Reveals Cytrox Mercenary Spyware

Two Egyptians—exiled politician Ayman Nour and the host of a popular news program (who wishes to remain anonymous)—were hacked with Predator spyware, built and sold by the previously little-known mercenary spyware developer Cytrox. The phone of Ayman Nour was simultaneously infected with both Cytrox’s Predator and NSO Group’s Pegasus spyware, operated by two different government clients.

#citizenlab #2021 #EN #Pegasus #Predator #spyware #privacy #IoC #Cytrox

·citizenlab.ca·May 23, 2022

Pegasus vs. Predator: Dissident's Doubly-Infected iPhone Reveals Cytrox Mercenary Spyware

Protecting Android users from 0-Day attacks

To protect our users, Google’s Threat Analysis Group (TAG) routinely hunts for 0-day vulnerabilities exploited in-the-wild. In 2021, we reported nine 0-days affecting Chrome, Android, Apple and Microsoft, leading to patches to protect users from these attacks.

#GoogleTAG #EN #2022 #Android #0-day #0day #cytrox #CVE-2021-1048 #chrome

·blog.google·May 22, 2022

Protecting Android users from 0-Day attacks

Canada bans Huawei and ZTE from 5G networks over security concerns

The Government of Canada announced its intention to ban the use of Huawei and ZTE telecommunications equipment and services across the country's 5G and 4G networks.

#bleepingcomputer #EN #2022 #5G #Ban #Canada #Huawei #Telecommunications #ZTE

·bleepingcomputer.com·May 21, 2022

Canada bans Huawei and ZTE from 5G networks over security concerns

Policy Statement – Securing Canada’s Telecommunications System

The Government of Canada has serious concerns about suppliers such as Huawei and ZTE who could be compelled to comply with extrajudicial directions from foreign governments in ways that would conflict with Canadian laws or would be detrimental to Canadian interests.

#EN #2022 #Telecommunications-policy #Huawei #ZTE #Canada #Telecommunications #5G

·canada.ca·May 21, 2022

Policy Statement – Securing Canada’s Telecommunications System

Malicious PyPI package opens backdoors on Windows, Linux, and Macs

Yet another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike beacons and backdoors on Windows, Linux, and macOS systems.

#Backdoor #Cobalt-Strike #Cobalt-Strike-Beacon #Linux #macOS #PyPI #Python #Windows #supplychain

·bleepingcomputer.com·May 21, 2022

Malicious PyPI package opens backdoors on Windows, Linux, and Macs

President Rodrigo Chaves says Costa Rica is at war with Conti hackers

The president of Costa Rica says his country is "at war", as cyber-criminals cause major disruption to IT systems of numerous government ministries. Rodrigo Chaves said hackers infiltrated 27 government institutions, including municipalities and state-run utilities.

#BBC #EN #2022 #Conti #War #Costarica #ransomware #cybercriminals

·bbc.com·May 20, 2022

President Rodrigo Chaves says Costa Rica is at war with Conti hackers

Exploiting an Unbounded memcpy in Parallels Desktop

This post details the development of a guest-to-host virtualization escape for Parallels Desktop on macOS, as used in our successful Pwn2Own 2021 entry. Give...

#ret2 #EN #2022 #macOS #Parallels #Pwn2Own #escape #exploit #VM #vulnerability #research #reverseengineering #binary-exploitation #program-analysis

·blog.ret2.io·May 20, 2022

Exploiting an Unbounded memcpy in Parallels Desktop

KillNet: Pro-Russian Hacktivists.

The following is a closer look at one of the most active Pro-Russian ‘hacktivist’ groups currently operating during the Ukraine-Russia war…

#cyberknow #EN #2022 #Pro-Russian #russia-ukraine-war #KillNet

·cyberknow.medium.com·May 20, 2022

KillNet: Pro-Russian Hacktivists.

Le Centre national pour la cybersécurité deviendra un office fédéral

Décisions, communications et avis du Conseil fédéral. Les décisions prises par le Conseil fédéral lors de sa séance hebdomadaire sont publiées ici.

#CH #FR #2022 #Conseilfédéral #Communiqué #NCSC #DFF #GovCERT #cybersécurité

·admin.ch·May 19, 2022

Le Centre national pour la cybersécurité deviendra un office fédéral

Researchers devise iPhone malware that runs even when device is turned off

Research is largely theoretical but exposes an overlooked security issue.

#arstechnica #EN #2022 #iPhone #study #malware #Bluetooth #Darmstadt #university

·arstechnica.com·May 18, 2022

Researchers devise iPhone malware that runs even when device is turned off

Multi-factor Authentication to Generate $27 Billion Globally for Mobile Operators in 2022, Juniper Research Study Finds

A new study by Juniper Research has found operators will generate $27 billion from the termination of SMS messages related to multi-factor authentication in 2022; an increase from $25 billion in 2021. The research predicts this 5% growth will be driven by increased pressure on digital service providers to offer secure authentication that reduces risk of data breaches and protects user identity. Multi-factor authentication combines multiple credentials to verify a user or transaction. This includes sending an SMS that contains a one‑time password or code to a user’s unique phone number.

#businesswire #Juniper #EN #2022 #Multi-factor #MFA #SMS #Research #Study #Authentication #Mobile

·businesswire.com·May 17, 2022

Multi-factor Authentication to Generate $27 Billion Globally for Mobile Operators in 2022, Juniper Research Study Finds

US links Thanos and Jigsaw ransomware to 55-year-old doctor

The US Department of Justice today said that Moises Luis Zagala Gonzalez (Zagala), a 55-year-old cardiologist with French and Venezuelan citizenship residing in Ciudad Bolivar, Venezuela, created and rented Jigsaw and Thanos ransomware to cybercriminals.

#bleepingcomputer #EN #2022 #Department-of-Justice #DOJ #Thanos #Jigsaw #Ransomware #USA #Venezuela

·bleepingcomputer.com·May 16, 2022

US links Thanos and Jigsaw ransomware to 55-year-old doctor

A closer look at Eternity Malware

In this analysis, Cyble looks at the Eternity Malware suite, listing a wide variety of malware for sale on Telegram.

#Cyble #2022 #EN #Eternity #Malware #Telegram #analysis

·blog.cyble.com·May 16, 2022

A closer look at Eternity Malware

macOS Vulnerabilities Hiding in Plain Sight (Black Hat Asia 2022 presentation)

Sometimes when we publish details and writeups about vulnerabilities we are so focused on the actual bug, that we don't notice others, which might be still hidden inside the details. The same can happen when we read these issues, but if we keep our eyes open we might find hidden gems. Download Slides Download Whitepaper

#blackhat #2022 #session #bug #writeup #presentation #macos #hidden #Vulnerabilities #Fitzl #offensivesecurity #CVE-2021-1815 #CVE-2021-30972

·blackhat.com·May 16, 2022

macOS Vulnerabilities Hiding in Plain Sight (Black Hat Asia 2022 presentation)

Zyxel silently patches command-injection vulnerability with 9.8 severity rating

Flaw makes it possible to install web shell to maintain control of affected devices.

#CVE-2022-30525 #Zyxel #arstechnica #vulnerability #Firewall

·arstechnica.com·May 13, 2022

Zyxel silently patches command-injection vulnerability with 9.8 severity rating

Known macOS Vulnerabilities Led Researcher to Root Out New Flaws

Researcher shares how he unearthed newer bugs in Apple's operating system by closer scrutiny of previous research, including vulnerabilities that came out of the Pwn2Own competition.

#darkreading #macOS #EN #2022 #bugs #Apple #vulnerabilities #Fitzl #XCSSET

·darkreading.com·May 12, 2022

Known macOS Vulnerabilities Led Researcher to Root Out New Flaws

Costa Rica declares national emergency after Conti ransomware attacks

The Costa Rican President Rodrigo Chaves has declared a national emergency following cyber attacks from Conti ransomware group on multiple government bodies. BleepingComputer also observed Conti published most of the 672 GB dump that appears to contain data belonging to the Costa Rican government agencies. The declaration was signed into law by Chaves on Sunday, May 8th, same day as the economist and former Minister of Finance effectively became the country's 49th and current president.

#bleepingcomputer #EN #2022 #Conti #ransomware #leak #Costarica #emergency

·bleepingcomputer.com·May 10, 2022

Costa Rica declares national emergency after Conti ransomware attacks