cyberveille.decio.ch

cyberveille.decio.ch

5334 bookmarks
Custom sorting
The Race to Patch: Attackers Leverage Sample Exploit Code in Wordpress Plugin | Akamai
The Race to Patch: Attackers Leverage Sample Exploit Code in Wordpress Plugin | Akamai
The time for attackers to respond to known vulnerabilities is shrinking. See an example of an attacker using sample code. * The Akamai Security Intelligence Group (SIG) has been analyzing attack attempt activity following the announcement of a critical vulnerability in a WordPress custom fields plug-in affecting more than 2 million sites. * Exploiting this vulnerability could lead to a reflected cross-site scripting (XSS) attack, in which malicious code is injected into a victim site and pushed to its visitors. * On May 4, 2023, the WP Engine team announced the security fix in version 6.1.6, including sample exploit code as a proof of concept (PoC). * Starting on May 6, less than 48 hours after the announcement, the SIG observed significant attack attempt activity, scanning for vulnerable sites using the sample code provided in the technical write-up. * This highlights that the response time for attackers is rapidly decreasing, increasing the need for vigorous and prompt patch management.
#akamai#EN#2023#XSS#vulnerability#WordPress#plugin#third-party-risk#CVE-2023-30777
·akamai.com·
The Race to Patch: Attackers Leverage Sample Exploit Code in Wordpress Plugin | Akamai
Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG
Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG
The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) in response to the active exploitation of CVE-2023-27350. This vulnerability occurs in certain versions of PaperCut NG and PaperCut MF and enables an unauthenticated actor to execute malicious code remotely without credentials. PaperCut released a patch in March 2023.
#cisa#EN#2023#PaperCut#CVE-2023-27350#advisory
·cisa.gov·
Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG
Critical Privilege Escalation in Essential Addons for Elementor Plugin Affecting 1+ Million Sites
Critical Privilege Escalation in Essential Addons for Elementor Plugin Affecting 1+ Million Sites
This blog post is about the Essential Addons for Elementor plugin vulnerability. If you’re a Essential Addons for Elementor user, please update the plugin to at least version 5.7.2. Patchstack Developer and Business plan users are protected from the vulnerability. You can also sign up for the Patchstack Community plan to be notified about vulnerabilities […]
#patchstack#EN#2023#WP#Wordpress#Elementor
·patchstack.com·
Critical Privilege Escalation in Essential Addons for Elementor Plugin Affecting 1+ Million Sites
Uncovering RedStinger - Undetected APT cyber operations in Eastern Europe since 2020
Uncovering RedStinger - Undetected APT cyber operations in Eastern Europe since 2020
While the official conflict between Russia and Ukraine began in February 2022, there is a long history of physical conflict between the two nations, including the 2014 annexation of Crimea by Russia and when the regions of Donetsk and Luhansk declared themselves independent from Ukraine and came under Russia's umbrella. Given this context, it would not be surprising that the cybersecurity landscape between these two countries has also been tense.
#malwarebytes#EN#2023#APT#RedStinger
·malwarebytes.com·
Uncovering RedStinger - Undetected APT cyber operations in Eastern Europe since 2020
Google will provide dark web monitoring to all US Gmail users
Google will provide dark web monitoring to all US Gmail users
Google announced the opening of the dark web monitoring report security feature to all Gmail users in the United States. Google is going to offer dark web monitoring to all U.S. Gmail users, the feature allows them to search for their email addresses on the dark web. Dark web scans for Gmail address was previously […]
#securityaffairs#EN#Intelligence#Google#Gmail#darkweb#monitoring
·securityaffairs.com·
Google will provide dark web monitoring to all US Gmail users
Ghost in the network
Ghost in the network
Our investigation shows how Fink has built a surveillance apparatus that he has put at the disposal of governments and companies around the world – including Israel’s Rayzone Group, a top-tier cyber intelligence company. Fink’s set-up is capable of exploiting loopholes in mobile phone connection protocols to track the location of phone users and even redirect their SMS messages to crack internet accounts.
#lighthousereports#EN#2023#switzerland#Fink#surveillance#SMS#Telecoms
·lighthousereports.com·
Ghost in the network
Cybersecurity Firm Breach Exposes Tobacco Giant Philip Morris
Cybersecurity Firm Breach Exposes Tobacco Giant Philip Morris
The data appears to have been dumped by an anonymous user. Data from Philip Morris USA, the nation’s leading cigarette manufacturer, has been exposed online following an apparent breach at a cybersecurity firm. The data, taken from the cybersecurity risk assessment company OptimEyes, was located within a 68GB cache posted to the notorious imageboard 4chan on Tuesday.
#dailydot#EN#2023#PhilipMorris#Leak#4chan
·dailydot.com·
Cybersecurity Firm Breach Exposes Tobacco Giant Philip Morris
Tennessee, Georgia colleges respond to cyberattacks as school year wraps up
Tennessee, Georgia colleges respond to cyberattacks as school year wraps up
Hackers infiltrated networks of at least two colleges over the last week, disrupting the schools during the season of final exams and commencement ceremonies. Tennessee’s Chattanooga State Community College has been responding to a cyberattack since Saturday, forcing the school to cancel classes on Monday and modify schedules for staff members. The school serves more than 11,000 students.
#therecord#EN#2023#Schools#cyberattack#colleges#disrupting#US#chattanooga
·therecord.media·
Tennessee, Georgia colleges respond to cyberattacks as school year wraps up
New phishing-as-a-service tool “Greatness” already seen in the wild
New phishing-as-a-service tool “Greatness” already seen in the wild
  • A previously unreported phishing-as-a-service (PaaS) offering named “Greatness” has been used in several phishing campaigns since at least mid-2022. Greatness incorporates features seen in some of the most advanced PaaS offerings, such as multi-factor authentication (MFA) bypass, IP filtering and integration with Telegram bots. * Greatness, for now, is only focused on Microsoft 365 phishing pages, providing its affiliates with an attachment and link builder that creates highly convincing decoy and login pages. It contains features such as having the victim’s email address pre-filled and displaying their appropriate company logo and background image, extracted from the target organization’s real Microsoft 365 login page. This makes Greatness particularly well-suited for phishing business users. * An analysis of the domains targeted in several ongoing and past campaigns revealed the victims were almost exclusively companies in the U.S., U.K., Australia, South Africa, and Canada, and the most commonly targeted sectors were manufacturing, health care and technology. The exact distribution of victims in each country and sector varies slightly between campaigns. * To use Greatness, affiliates must deploy and configure a provided phishing kit with an API key that allows even unskilled threat actors to easily take advantage of the service’s more advanced features. The phishing kit and API work as a proxy to the Microsoft 365 authentication system, performing a “man-in-the-middle” attack and stealing the victim’s authentication credentials or cookies.
#talosintelligence#EN#2023#Greatness#Phishing#phishing-kits#analysis
·blog.talosintelligence.com·
New phishing-as-a-service tool “Greatness” already seen in the wild
Leak of Intel Boot Guard Keys Could Have Security Repercussions for Years
Leak of Intel Boot Guard Keys Could Have Security Repercussions for Years
While Intel is still investigating the incident, the security industry is bracing itself for years of potential firmware insecurity if the keys indeed were exposed. The potential leak from MSI Gaming of signing keys for an important security feature in Intel-based firmware could cast a shadow on firmware security for years to come and leave devices that use the keys highly vulnerable to cyberattacks, security experts say.
#darkreading#EN#2023#MSI#leak#Intel#firmware
·darkreading.com·
Leak of Intel Boot Guard Keys Could Have Security Repercussions for Years
Global Surveillance: The Secretive Swiss Dealer Enabling Israeli Spy Firms - National Security & Cyber
Global Surveillance: The Secretive Swiss Dealer Enabling Israeli Spy Firms - National Security & Cyber
The International Mobile System Is Exposed and a Loophole Allows Hackers, Cybercriminals and States to Geolocate Targets and Even Hijack Email and Web Accounts. Israelis Can Be Found Among the Victims - and the Attackers
#haaretz#EN#2023#privacy#surveillance#Geolocation#Cyber-Warfare#Spy#Israel-arms-exports#Swiss
·haaretz.com·
Global Surveillance: The Secretive Swiss Dealer Enabling Israeli Spy Firms - National Security & Cyber
Justice Department Announces Court-Authorized Disruption of the Snake Malware Network Controlled by Russia's Federal Security Service
Justice Department Announces Court-Authorized Disruption of the Snake Malware Network Controlled by Russia's Federal Security Service
“Russia used sophisticated malware to steal sensitive information from our allies, laundering it through a network of infected computers in the United States in a cynical attempt to conceal their crimes.  Meeting the challenge of cyberespionage requires creativity and a willingness to use all lawful means to protect our nation and our allies,” stated United States Attorney Peace.  “The court-authorized remote search and remediation announced today demonstrates my Office and our partners’ commitment to using all of the tools at our disposal to protect the American people.”
#justice.gov#US#2023#EN#Operation-MEDUSA#Snake#Malware#Network#FBI#cyberespionage#espionnage#PERSEUS#Russia#FSB
·justice.gov·
Justice Department Announces Court-Authorized Disruption of the Snake Malware Network Controlled by Russia's Federal Security Service
Snake: Coming soon in Mac OS X flavour – Fox-IT International blog
Snake: Coming soon in Mac OS X flavour – Fox-IT International blog
Summary Snake, also known as Turla, Uroburos and Agent.BTZ, is a relatively complex malware framework used for targeted attacks. Over the past year Fox-IT has been involved in multiple incident response cases where the Snake framework was used to steal sensitive information. Targets include government institutions, military and large corporates. Researchers who have previously analyzed…
#fox-it#2017#EN#Snake#Turla#Uroburos#malware#framework#macos#OSX
·blog.fox-it.com·
Snake: Coming soon in Mac OS X flavour – Fox-IT International blog
Hunting Russian Intelligence “Snake” Malware
Hunting Russian Intelligence “Snake” Malware
The Snake implant is considered the most sophisticated cyber espionage tool designed and used by Center 16 of Russia’s Federal Security Service (FSB) for long-term intelligence collection on sensitive targets. To conduct operations using this tool, the FSB created a covert peer-to-peer (P2P) network of numerous Snake-infected computers worldwide. Many systems in this P2P network serve as relay nodes which route disguised operational traffic to and from Snake implants on the FSB’s ultimate targets. Snake’s custom communications protocols employ encryption and fragmentation for confidentiality and are designed to hamper detection and collection efforts.
#cisa#EN#2023#Snake#Malware#Russia#Intelligence#FSB#espionnage#implant#PERSEUS
·cisa.gov·
Hunting Russian Intelligence “Snake” Malware
Leaked Intel Boot Guard keys:What happened? How does it affect the software supply chain?
Leaked Intel Boot Guard keys:What happened? How does it affect the software supply chain?
Binarly is the world's most advanced automated firmware supply chain security platform. Using cutting-edge machine-learning techniques, Binary identifies both known and unknown vulnerabilities, misconfigurations, and malicious code in firmware and hardware components.
#binarly#EN#2023#MSI#BootGuard#Leaked#Intel#supplychain
·binarly.io·
Leaked Intel Boot Guard keys:What happened? How does it affect the software supply chain?
Microsoft May 2023 Patch Tuesday
Microsoft May 2023 Patch Tuesday
This month we got patches for 49 vulnerabilities. Of these, 6 are critical, and 2 are already being exploited, according to Microsoft. One of the exploited vulnerabilities is a Win32k Elevation of Privilege Vulnerability (CVE-2023-29336). This vulnerability has low attack complexity, low privilege, and none user interaction. The attack vector is local, the CVSS is 7.8, and the severity is Important.
#sansedu#EN#2023#May2023#vulnerabilities#PatchTuesday
·isc.sans.edu·
Microsoft May 2023 Patch Tuesday
oss-sec: [CVE-2023-32233] Linux kernel use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary reads and writes in kernel memory
oss-sec: [CVE-2023-32233] Linux kernel use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary reads and writes in kernel memory
An issue has been discovered in the Linux kernel that can be abused by unprivileged local users to escalate privileges. The issue is about Netfilter nf_tables accepting some invalid updates to its configuration.
#seclists.org#EN#2023#CVE-2023-32233#Linux#Kernel#Netfilter#nf_tables#arbitrary#memory#vulnerability
·seclists.org·
oss-sec: [CVE-2023-32233] Linux kernel use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary reads and writes in kernel memory