cyberveille.decio.ch

cyberveille.decio.ch

7248 bookmarks
Custom sorting
AI bots hallucinate software packages and devs download them
AI bots hallucinate software packages and devs download them
Not only that but someone, having spotted this reoccurring hallucination, had turned that made-up dependency into a real one, which was subsequently downloaded and installed thousands of times by developers as a result of the AI's bad advice, we've learned. If the package was laced with actual malware, rather than being a benign test, the results could have been disastrous.
·theregister.com·
AI bots hallucinate software packages and devs download them
US offers $10 million bounty for info on 'Blackcat' hackers who hit UnitedHealth
US offers $10 million bounty for info on 'Blackcat' hackers who hit UnitedHealth
The U.S. State Department on Wednesday offered up to $10 million for information on the "Blackcat" ransomware gang who hit the UnitedHealth Group's tech unit and snarled insurance payments across America. "The ALPHV Blackcat ransomware-as-a-service group compromised computer networks of critical infrastructure sectors in the United States and worldwide," the department said in a statement announcing the reward offer.
·reuters.com·
US offers $10 million bounty for info on 'Blackcat' hackers who hit UnitedHealth
As Threats in Space Mount, U.S. Lags in Protecting Key Services
As Threats in Space Mount, U.S. Lags in Protecting Key Services
The United States and China are locked in a new race, in space and on Earth, over a fundamental resource: time itself. And the United States is losing. Global positioning satellites serve as clocks in the sky, and their signals have become fundamental to the global economy — as essential for telecommunications, 911 services and financial exchanges as they are for drivers and lost pedestrians.
·nytimes.com·
As Threats in Space Mount, U.S. Lags in Protecting Key Services
Seven Hackers Associated with Chinese Government Charged with Computer Intrusions Targeting Perceived Critics of China and U.S. Businesses and Politicians
Seven Hackers Associated with Chinese Government Charged with Computer Intrusions Targeting Perceived Critics of China and U.S. Businesses and Politicians
Defendants Operated as Part of the APT31 Hacking Group in Support of China’s Ministry of State Security’s Transnational Repression, Economic Espionage and Foreign Intelligence Objectives
·justice.gov·
Seven Hackers Associated with Chinese Government Charged with Computer Intrusions Targeting Perceived Critics of China and U.S. Businesses and Politicians
Flipping Pages: An analysis of a new Linux vulnerability in nf_tables and hardened exploitation techniques
Flipping Pages: An analysis of a new Linux vulnerability in nf_tables and hardened exploitation techniques
A tale about exploiting KernelCTF Mitigation, Debian, and Ubuntu instances with a double-free in nf_tables in the Linux kernel, using novel techniques like Dirty Pagedirectory. All without even having to recompile the exploit for different kernel targets once.
·pwning.tech·
Flipping Pages: An analysis of a new Linux vulnerability in nf_tables and hardened exploitation techniques
Recent ‘MFA Bombing’ Attacks Targeting Apple Users – Krebs on Security
Recent ‘MFA Bombing’ Attacks Targeting Apple Users – Krebs on Security
Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple's password reset feature. In this scenario, a target's Apple devices are forced to display dozens of system-level prompts that…
·krebsonsecurity.com·
Recent ‘MFA Bombing’ Attacks Targeting Apple Users – Krebs on Security
Des citoyens traquent les pédocriminels sur les réseaux sociaux avec des faux profils d'enfants
Des citoyens traquent les pédocriminels sur les réseaux sociaux avec des faux profils d'enfants
La Team Moore est un collectif citoyen qui pourchasse les pédocriminels sur les réseaux sociaux en créant de faux profils d'enfants. Depuis quelques mois, il est également actif en Suisse. Deux hommes ont déjà été dénoncés aux polices cantonales.
·rts.ch·
Des citoyens traquent les pédocriminels sur les réseaux sociaux avec des faux profils d'enfants
U.S. Sanctions 3 Cryptocurrency Exchanges for Helping Russia Evade Sanctions
U.S. Sanctions 3 Cryptocurrency Exchanges for Helping Russia Evade Sanctions
The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) sanctioned three cryptocurrency exchanges for offering services used to evade economic restrictions imposed on Russia following its invasion of Ukraine in early 2022. This includes Bitpapa IC FZC LLC, Crypto Explorer DMCC (AWEX), and Obshchestvo S Ogranichennoy Otvetstvennostyu Tsentr Obrabotki Elektronnykh Platezhey (TOEP).
·thehackernews.com·
U.S. Sanctions 3 Cryptocurrency Exchanges for Helping Russia Evade Sanctions
Why X86 Needs To Die
Why X86 Needs To Die
As I'm sure many of you know, x86 architecture has been around for quite some time. It has its roots in Intel's early 8086 processor, the first in the family. Indeed, even the original 8086 inherits a...
·hackaday.com·
Why X86 Needs To Die
ZenHammer: Rowhammer Attacks on AMD Zen-based Platforms
ZenHammer: Rowhammer Attacks on AMD Zen-based Platforms
Our work shows that it is possible to trigger Rowhammer bit flips on DDR4 devices on AMD Zen 2 and Zen 3 systems despite deployed TRR mitigations. This result proves that AMD systems are equally vulnerable to Rowhammer as Intel systems, which greatly increases the attack surface, considering today’s AMD market share of around 36%… Read
·comsec.ethz.ch·
ZenHammer: Rowhammer Attacks on AMD Zen-based Platforms
US sanctions APT31 hackers behind critical infrastructure attacks
US sanctions APT31 hackers behind critical infrastructure attacks
The U.S. Treasury Department has sanctioned a Wuhan-based company used by the Chinese Ministry of State Security (MSS) as cover in attacks against U.S. critical infrastructure organizations. #APT31 #China #Computer #Critical #InfoSec #Infrastructure #Sanctions #Security #USA
·bleepingcomputer.com·
US sanctions APT31 hackers behind critical infrastructure attacks
Release: VM Escape Exploit for Parallels Desktop Hypervisor (Pwn2Own 2021)
Release: VM Escape Exploit for Parallels Desktop Hypervisor (Pwn2Own 2021)
In April 2021 I participated in Pwn2Own Vancouvver competition as a single player, and successfully demonstrated a 0-day virtual machine escape exploit with code execution on Parallels hypervisor. Today I am finally releasing the exploit source code together with a technical walkthrough video talk that I gave on Zero Day Engineering livestream in November 2021.
·zerodayengineering.com·
Release: VM Escape Exploit for Parallels Desktop Hypervisor (Pwn2Own 2021)