cyberveille.decio.ch

6938 bookmarks

Custom sorting

The Risks of the #MonikerLink Bug in Microsoft Outlook and the Big Picture

Recently, Check Point Research released a white paper titled “The Obvious, the Normal, and the Advanced: A Comprehensive Analysis of Outlook Attack Vectors”, detailing various attack vectors on Outlook to help the industry understand the security risks the popular Outlook app may bring into organizations. As mentioned in the paper, we discovered an interesting security issue in Outlook when the app handles specific hyperlinks. In this blog post, we will share our research on the issue with the security community and help defend against it. We will also highlight the broader impact of this bug in other software.

#checkpoint #EN #2024 #Outlook #CVE-2024-21413 #MonikerLink

·research.checkpoint.com·Feb 14, 2024

The Risks of the #MonikerLink Bug in Microsoft Outlook and the Big Picture

Zoom fixed critical flaw CVE-2024-24691 in Windows software

Zoom fixed 7 flaws in its desktop and mobile applications, including a critical bug (CVE-2024-24691) affecting the Windows software

#securityaffairs #CVE-2024-24691 #EN #2024 #Zoom #Windows #critical

·securityaffairs.com·Feb 14, 2024

Zoom fixed critical flaw CVE-2024-24691 in Windows software

Clinique privée à Genève victime d'une cyberattaque

Cible de hackers, l'établissement de La Colline fonctionne cependant normalement, selon son propriétaire. Celui-ci n'a pas constaté de vols de données des patients.

#20min #FR #CH #clinique #Genève #ransomware

·20min.ch·Feb 14, 2024

Clinique privée à Genève victime d'une cyberattaque

CVE-2024-21412: Water Hydra Targets Traders with Microsoft Defender SmartScreen Zero-Day

The APT group Water Hydra has been exploiting the Microsoft Defender SmartScreen vulnerability CVE-2024-21412 in its campaigns targeting financial market traders. This vulnerability, which has now been patched by Microsoft, was discovered and disclosed by the Trend Micro Zero Day Initiative.

#trendmicro #EN #2024 #CVE-2024-21412 #Water-Hydra #exploits-&-vulnerabilities #research #report #apt-&-targeted-attacks

·trendmicro.com·Feb 14, 2024

CVE-2024-21412: Water Hydra Targets Traders with Microsoft Defender SmartScreen Zero-Day

Portal Kombat : un réseau structuré et coordonné de propagande prorusse

VIGINUM dévoile l’activité d’un réseau baptisé « Portal Kombat », constitué de « portails d’information » numériques diffusant des contenus pro-russes, couvrant positivement l’invasion russe en Ukraine et dénigrant les autorités de Kiev, afin d’influencer les opinions publiques notamment françaises.

#VIGINUM #FR #2024 #Portal-Kombat #réseau-structuré #propagande #prorusse

·sgdsn.gouv.fr·Feb 13, 2024

Portal Kombat : un réseau structuré et coordonné de propagande prorusse

Hackers exploit Ivanti SSRF flaw to deploy new DSLog backdoor

Hackers are exploiting a server-side request forgery (SSRF) vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy the new DSLog backdoor on vulnerable devices.

#bleepingcomputer #EN #2024 #Backdoor #Ivanti #Malware #SSRF #Vulnerability #Security #InfoSec #Computer-Security

·bleepingcomputer.com·Feb 13, 2024

Hackers exploit Ivanti SSRF flaw to deploy new DSLog backdoor

Community Alert: Ongoing Malicious Campaign Impacting Azure Cloud Environments

Over the past weeks, Proofpoint researchers have been monitoring an ongoing cloud account takeover campaign impacting dozens of Microsoft Azure environments and compromising hundreds of user accoun...

#proofpoint #EN #2024 #Microsoft #Azure #Campaign #compromise #cloud-security #phishing #MFA

·proofpoint.com·Feb 13, 2024

Community Alert: Ongoing Malicious Campaign Impacting Azure Cloud Environments

International Cybercrime Malware Service Dismantled by Federal Authorities: Key Malware Sales and Support Actors in Malta and Nigeria Charged in Federal Indictments

The Justice Department announced today that, as part of an international law enforcement effort, federal authorities in Boston seized internet domains that were used to sell computer malware used by cybercriminals to secretly access and steal data from victims’ computers. Federal authorities in Atlanta and Boston also unsealed indictments charging individuals in Malta and Nigeria, respectively, for their alleged involvement in selling the malware and supporting cybercriminals seeking to use the malware for malicious purposes.

#justice.gov #US #warzoneRAT #FBI #Dismantled #RAT

·justice.gov·Feb 13, 2024

International Cybercrime Malware Service Dismantled by Federal Authorities: Key Malware Sales and Support Actors in Malta and Nigeria Charged in Federal Indictments

New MacOS Backdoor Written in Rust Shows Possible Link with Windows Ransomware Group

Bitdefender researchers have discovered a new backdoor targeting Mac OS users.

#bitdefender #EN #2024 #macOS #Backdoor #rust #Trojan.MAC.RustDoor #analysis

·bitdefender.com·Feb 13, 2024

New MacOS Backdoor Written in Rust Shows Possible Link with Windows Ransomware Group

EU capitals fear Russian retaliation and cyberattacks after asset freezes

G7 is drafting a workaround to use frozen assets to rebuild Ukraine.

·politico.eu·Feb 12, 2024

EU capitals fear Russian retaliation and cyberattacks after asset freezes

Fake LastPass App Sneaks Past Apple's Review Team

Popular password management app LastPass is warning customers about a fraudulent app that uses a similar name and icon to attempt to trick LastPass...

#macrumors #EN #2024 #App-Store #LastPass #fake #fraudulent

·macrumors.com·Feb 12, 2024

Fake LastPass App Sneaks Past Apple's Review Team

KV-Botnet: Don’t call it a Comeback - Lumen

Executive Summary On December 13, 2023, Lumen’s Black Lotus Labs reported our findings on the KV-botnet, a covert data transfer network used by state-sponsored actors based in China to conduct espionage and intelligence activities targeting U.S. critical infrastructure. Around the time of the first publication, we identified a spike in activity that we assess aligns

#lumen #EN #2024 #KV-Botnet #China #espionnage #report

·blog.lumen.com·Feb 12, 2024

KV-Botnet: Don’t call it a Comeback - Lumen

European Commission to open investigation into TikTok, Bloomberg reports | Reuters

the European Commission will open an investigation into TikTok in the coming weeks over concerns that changes the firm made to comply with the bloc's Digital Services Act (DSA) were not enough to protect under-age users, Bloomberg News reported on Friday. TikTok has not received notice from the European Commission of an investigation and is in regular dialogue with European Union authorities, a spokesperson told Reuters when asked about the Bloomberg report. The EC declined to comment.

#reuters #EU #TikTok #DSA #investigation

·reuters.com·Feb 11, 2024

European Commission to open investigation into TikTok, Bloomberg reports | Reuters

Vaud: le canton rompt un contrat à 6 millions avec Xplain

Le Conseil d’État vaudois a décidé de mettre fin au contrat avec le prestataire informatique bernois en raison de retards et de prestations insuffisantes.

#24heures #CH #FR #2024 #Vaud #Xplain #contrat

·24heures.ch·Feb 9, 2024

Vaud: le canton rompt un contrat à 6 millions avec Xplain

New RustDoor macOS malware impersonates Visual Studio update

A new Rust-based macOS malware spreading as a Visual Studio update to provide backdoor access to compromised systems uses infrastructure linked to the infamous ALPHV/BlackCat ransomware gang.

#bleepingcomputer #EN #2024 #ALPHV #Backdoor #BlackCat #Data-Exfiltration #macOS #Malware #Ransomware

·bleepingcomputer.com·Feb 9, 2024

New RustDoor macOS malware impersonates Visual Studio update

World Govs, Tech Giants Sign Spyware Responsibility Pledge

France, the UK, the US, and others will work on a framework for the responsible use of tools like NSO Group's Pegasus, and Shadowserver Foundation gains £1 million investment.

#darkreading #EN #2024 #shadowserver #Spyware #Pledge

·darkreading.com·Feb 8, 2024

World Govs, Tech Giants Sign Spyware Responsibility Pledge

Hyundai Motor Europe hit by Black Basta ransomware attack

Car maker Hyundai Motor Europe suffered a Black Basta ransomware attack, with the threat actors claiming to have stolen three terabytes of corporate data.

#bleepingcomputer #EN #2024 #Black-Basta #Data-Theft #Hyundai #Hyundai-Motor-Europe #Ransomware

·bleepingcomputer.com·Feb 8, 2024

Hyundai Motor Europe hit by Black Basta ransomware attack

Reward Offers for Information to Bring Hive Ransomware Variant Co-Conspirators To Justice - United States Department of State

Today, the Department of State is announcing a reward offer of up to $10,000,000 for information leading to the identification and/or location of any individual(s) who hold a key leadership position in the Hive ransomware variant transnational organized crime group. In addition, we are also announcing a reward of up to $5,000,000 for information leading […]

#state.gov #US #2024 #Reward #Hive #Ransomware

·state.gov·Feb 8, 2024

Reward Offers for Information to Bring Hive Ransomware Variant Co-Conspirators To Justice - United States Department of State

Ivanti: Patch new Connect Secure auth bypass bug immediately

Today, Ivanti warned of a new authentication bypass vulnerability impacting Connect Secure, Policy Secure, and ZTA gateways, urging admins to secure their appliances immediately.

#bleepingcomputer #EN #2024 #CVE-2024-22024 #Authentication-Bypass #Connect-Secure #Ivanti #Policy-Secure #Warning #Security #InfoSec #Computer-Security

·bleepingcomputer.com·Feb 8, 2024

Ivanti: Patch new Connect Secure auth bypass bug immediately

CVE-2024-22024 (XXE) for Ivanti Connect Secure and Ivanti Policy Secure

As part of our ongoing investigation into the vulnerabilities impacting Ivanti Connect Secure, Ivanti Policy Secure and ZTA gateways, we have discovered a new vulnerability. This vulnerability only affects a limited number of supported versions – Ivanti Connect Secure (version 9.1R14.4, 9.1R17.2, 9.1R18.3, 22.4R2.2 and 22.5R1.1), Ivanti Policy Secure version 22.5R1.1 and ZTA version 22.6R1.3. A patch is available now for Ivanti Connect Secure (versions 9.1R14.5, 9.1R17.3, 9.1R18.4, 22.4R2.3, 22.5R1.2, 22.5R2.3 and 22.6R2.2), Ivanti Policy Secure (versions 9.1R17.3, 9.1R18.4 and 22.5R1.2) and ZTA gateways (versions 22.5R1.6, 22.6R1.5 and 22.6R1.7).

#ivanti #EN #advisory #CVE-2024-22024

·forums.ivanti.com·Feb 8, 2024

CVE-2024-22024 (XXE) for Ivanti Connect Secure and Ivanti Policy Secure

Security Update for Ivanti Connect Secure and Ivanti Policy Secure Gateways

At Ivanti, our top priority is upholding our commitment to deliver and maintain secure products for our customers. Our team has been working around the clock to aggressively review all code and is singularly focused on bringing full resolution to the issues affecting Ivanti Connect Secure (formerly Pulse Connect Secure), Ivanti Policy Secure and ZTA gateways. We have been following our product incident response process and rigorously assessing our products and code alongside world-class security experts and collaborating with the broader security ecosystem to share intelligence. We are committed to communicating findings openly with customers, consistent with our commitment to security and responsible disclosure.

#ivanti #EN #2024 #CVE-2024-22024 #Security #Update

·ivanti.com·Feb 8, 2024

Security Update for Ivanti Connect Secure and Ivanti Policy Secure Gateways

Fortinet warns of new FortiSIEM RCE bugs in confusing disclosure

Fortinet is warning of two new unpatched patch bypasses for a critical remote code execution vulnerability in FortiSIEM, Fortinet's SIEM solution.

#bleepingcomputer #EN #204 #Fortinet #FortiSIEM #Remote-Code-Execution #Vulnerability

·bleepingcomputer.com·Feb 8, 2024

Fortinet warns of new FortiSIEM RCE bugs in confusing disclosure

Raspberry Pi Pico cracks BitLocker in under a minute

We're very familiar with the many projects in which Raspberry Pi hardware is used, from giving old computers a new lease of life through to running the animated displays so beloved by retailers. But cracking BitLocker? We doubt the company will be bragging too much about that particular application. The technique was documented in a YouTube video over the weekend, which demonstrated how a Raspberry Pi Pico can be used to gain access to a BitLocker-secured device in under a minute, provided you have physical access to the device.

#theregister #EN #2024 #Raspberry-Pi #Pico #BitLocker #cracked

·theregister.com·Feb 8, 2024

Raspberry Pi Pico cracks BitLocker in under a minute

Ransomware Hit $1 Billion in 2023

In 2023, ransomware actors intensified their operations, targeting high-profile institutions and critical infrastructure, including hospitals, schools, and government agencies. Major ransomware supply chain attacks were carried out exploiting the ubiquitous file transfer software MOVEit, impacting companies ranging from the BBC to British Airways. As a result of these attacks and others, ransomware gangs reached an unprecedented milestone, surpassing $1 billion in extorted cryptocurrency payments from victims. Last year’s developments highlight the evolving nature of this cyber threat and its increasing impact on global institutions and security at large.

#chainalysis #En #2024 #Ransomware #Statistics #2023 #report

·chainalysis.com·Feb 8, 2024

Ransomware Hit $1 Billion in 2023

Security Researcher Allegedly Hacked Apple’s Backend, Scammed $2.5 Million

Staggeringly, Apple thanked the defendant, Noah Roskin-Frazee, in a security update less than two weeks after he was arrested.

#404media #EN #2024 #Apple #Hacked #Scammed #security #researcher

·404media.co·Feb 7, 2024

Security Researcher Allegedly Hacked Apple’s Backend, Scammed $2.5 Million

Chinese spies hacked Dutch defence network last year - intelligence agencies

Chinese state-backed cyber spies gained access to a Dutch military network last year, Dutch intelligence agencies said on Tuesday, calling it part of a trend of Chinese political espionage against the Netherlands and its allies.

#reuters #EN #2024 #Fortigate #NL #Netherlands #China #malware #spy

·reuters.com·Feb 7, 2024

Chinese spies hacked Dutch defence network last year - intelligence agencies

Thanksgiving 2023 security incident

On Thanksgiving Day, November 23, 2023, Cloudflare detected a threat actor on our self-hosted Atlassian server. Our security team immediately began an investigation, cut off the threat actor’s access, and no Cloudflare customer data or systems were impacted by this event.

#cloudflare #EN #2024 #CrowdStrike #Atlassian #Confluence #Jira #Okta #incident

·blog.cloudflare.com·Feb 7, 2024

Thanksgiving 2023 security incident

Chinese hackers infect Dutch armed forces network with malware

A Chinese cyber-espionage group breached the Dutch Ministry of Defence last year and deployed malware on compromised devices, according to the Military Intelligence and Security Service (MIVD) of the Netherlands.

#bleepingcomputer #EN #2024 #Army #China #COATHANGER #Cyber-espionage #Defense #Fortigate #Fortinet #Malware #Netherlands

·bleepingcomputer.com·Feb 6, 2024

Chinese hackers infect Dutch armed forces network with malware

Fingerprint photo led investigators to therapy centre hacking suspect

Police said their first big break in the case was provided by the suspect's carelessness.

#yle.fi #EN #2024 #Fingerprint #suspect #photo #Vastaamo

·yle.fi·Feb 6, 2024

Fingerprint photo led investigators to therapy centre hacking suspect

Zero Day Initiative — CVE-2023-46263: Ivanti Avalanche Arbitrary File Upload Vulnerability

In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Lucas Miller and Dusan Stevanovic of the Trend Micro Research Team detail a recently patched remote code execution vulnerability in the Ivanti Avalanche enterprise mobility management program. Other Ivanti products

#zerodayinitiative #EN #2024 #CVE-2023-46263 #Ivanti #Avalanche #analysis

·zerodayinitiative.com·Feb 6, 2024

Zero Day Initiative — CVE-2023-46263: Ivanti Avalanche Arbitrary File Upload Vulnerability