Government hackers targeted iPhones owners with zero-days, Google says
One of the hacking campaigns used exploits developed by Variston, a Barcelona-based startup. Sources say the spyware maker is losing staff.
cyberveille.decio.ch
Ransomware Retrospective 2024: Unit 42 Leak Site Analysis
Analysis of ransomware gang leak site data reveals significant activity over 2023. As groups formed — or dissolved — and tactics changed, we synthesize our findings.
Datasport subi un vol de données: 900’000 Suisses concernés
Datasport, prestataire de services suisse pour les événements sportifs, a été victime d'une attaque informatiq
45,000 Jenkins servers remain vulnerable to RCE attacks
Multiple publicly available exploits have since been published for the critical flaw
Finance worker pays out $25 million after video call with deepfake ‘chief financial officer’
A finance worker at a multinational firm was tricked into paying out $25 million to fraudsters using deepfake technology to pose as the company’s chief financial officer in a video conference call, according to Hong Kong police.
Leaky Vessels flaws allow hackers to escape Docker, runc containers
Four vulnerabilities collectively called "Leaky Vessels" allow hackers to escape containers and access data on the underlying host operating system. The flaws were discovered by Snyk security researcher Rory McNamara in November 2023, who reported them to impacted parties for fixing. Snyk has found no signs of active exploitation of the Leaky Vessels flaws in the wild, but the publicity could change the exploitation status, so all impacted system admins are recommended to apply the available security updates as soon as possible.
Zyxel VPN Series Pre-auth Remote Command Execution
Summary Chaining of three vulnerabilities allows unauthenticated attackers to execute arbitrary command with root privileges on Zyxel VPN firewall (VPN50, VPN100, VPN300, VPN500, VPN1000). Due to recent attack surface changes in Zyxel, the chain described below broke and become unusable – we have decided to disclose this even though it is no longer exploitable. Credit … SSD Advisory – Zyxel VPN Series Pre-auth Remote Command Execution Read More »
“Scammers Paradise” Exploring Telegram’s Dark Markets, Breeding Ground for Modern Phishing Operations
Explore the shift in phishing from Dark web to Telegram, where cybercriminals trade tools and data, and uncover Guardio's insights on countering this menace.
Une action civile à la suite d’une cyberattaque
À la suite d’une cyberattaque ayant touché SolarWinds Corp., la SEC a déposé une action civile contre la société qui aurait trompé les investisseurs sur ses pratiques en matière de cybersécurité. Cette action civile met en évidence, d’une part, les mauvaises pratiques adoptées par la société, et d’autre part, l’importance accrue que la SEC porte sur les informations en matière de cybersécurité que les sociétés publient à l’attention des investisseurs.
AnyDesk Incident: Customer Credentials Leaked and Published for Sale on the Dark Web
Resecurity identified bad actors offering a significant number of AnyDesk customer credentials for sale on the Dark Web.
Investigation: Apparent Russian disinformation group posing as ex-president Poroshenko targets foreign fighters in Ukraine
- An apparent Russian state-aligned group is targeting Ukraine’s International Legion in a disinformation campaign The Kyiv Independent obtained and analyzed exclusive video that shows the group used doctored footage to pose as the Ukrainian ex-president on a Zoom call that took place in early January Legion members are being tricked into agreeing with incendiary statements against Zelensky Lack of cultural context, morale issues and low pay in some units have made the International Legion more susceptible to such attacks The attack appears linked to the Russian government-aligned provocateurs Vladimir Kuznetsov and Alexey Stolyarov, known as Vovan and Lexus * The effort highlights ongoing disinformation threats in the Ukraine-Russia war as well as possible information security vulnerabilities of Ukraine’s foreign fighters
AnyDesk says hackers breached its production servers, resets passwords
AnyDesk confirmed today that it suffered a recent cyberattack that allowed hackers to gain access to the company's production systems. BleepingComputer has learned that source code and private code signing keys were stolen during the attack.
There Are Too Many Damn Honeypots
VulnCheck faces a horde of honeypots while assessing the potential impact of Atlassian Confluence's CVE-2023-22527. This blog delves into Shodan queries to filter out honeypots and uncover the actual on-premise Confluence install base.
Here is Apple's official 'jailbroken' iPhone for security researchers | TechCrunch
A security researchers shared a picture of the instructions that go along Apple's Security Research Device and more details about this special iPhone.
How Memory Forensics Revealed Exploitation of Ivanti Connect Secure VPN Zero-Day Vulnerabilities
Volexity regularly prioritizes memory forensics when responding to incidents. This strategy improves investigative capabilities in many ways across Windows, Linux, and macOS. This blog post highlights some specific ways memory forensics played a key role in determining how two zero-day vulnerabilities were being chained together to achieve unauthenticated remote code execution in Ivanti Connect Secure VPN devices.
Apple fixes zero-day bug in Apple Vision Pro that 'may have been exploited'
Apple said the vulnerability, which is being exploited in the wild, allows malicious code to run on an affected device.
DarkGate malware delivered via Microsoft Teams - detection and response
While most end users are well-acquainted with the dangers of traditional phishing attacks, such as those delivered via email or other media, a large proportion are likely unaware that Microsoft Teams chats could be a phishing vector. Most Teams activity is intra-organizational, but Microsoft enables External Access by default, which allows members of one organization to add users outside the organization to their Teams chats. Perhaps predictably, this feature has provided malicious actors a new avenue by which to exploit untrained or unaware users.
.png?width=92&height=&ar=&mode=&format=avif&dpr=2)
The "EventLogCrasher" 0day For Remotely Disabling Windows Event Log, And a Free Micropatch For It
If you ever troubleshooted anything on Windows or investigated a suspicious event, you know that Windows store various types of events in Windows Event Log. An application crashed and you want to know more about it? Launch the Event Viewer and check the Application log. A service behaving strangely? See the System log. A user account got unexpectedly blocked? The Security log may reveal who or what blocked it. All these events are getting stored to various logs through the Windows Event Log service. Unsurprisingly, this service's description says: "Stopping this service may compromise security and reliability of the system." The Windows Event Log service performs many tasks. Not only is it responsible for writing events coming from various source to persistent file-based logs (residing in %SystemRoot%\System32\Winevt\Logs), it also provides structured access to these stored events through applications like Event Viewer. Furthermore, this service also performs "event forwarding" if you want your events sent to a central log repository like Splunk or Sumo Logic, an intrusion detection system or a SIEM server. Therefore, Windows Event Log service plays an important role in many organizations' intrusion detection and forensic capabilities. And by extension, their compliance check boxes.
Evolution of UNC4990: Uncovering USB Malware's Hidden Depths
UNC4990 uses USB devices for initial infection, and is likely motivated by financial gain.
Binance Code and Internal Passwords Exposed on GitHub for Months
A takedown request said the GitHub account was “hosting and distributing leaks of internal code which poses significant risk to BINANCE.”
Kasseika Ransomware Deploys BYOVD Attacks Abuses PsExec and Exploits Martini Driver
In this blog, we detail our investigation of the Kasseika ransomware and the indicators we found suggesting that the actors behind it have acquired access to the source code of the notorious BlackMatter ransomware.
Qualys TRU Discovers Important Vulnerabilities in GNU C Library’s syslog()
The Qualys Threat Research Unit (TRU) has recently unearthed four significant vulnerabilities in the GNU C Library, a cornerstone for countless applications in the Linux environment. Before diving into the specific details of the vulnerabilities discovered by the Qualys Threat Research Unit in the GNU C Library, it’s crucial to understand these findings’ broader impact and importance. The GNU C Library, or glibc, is an essential component of virtually every Linux-based system, serving as the core interface between applications and the Linux kernel. The recent discovery of these vulnerabilities is not just a technical concern but a matter of widespread security implications.
%2Fcloudfront-us-east-2.images.arcpublishing.com%2Freuters%2FZTUXGF5APVKW5KVYICVZLNLZUQ.jpg?width=92&height=&ar=&mode=&format=avif&dpr=2)
GGerman police seizes $2.17 billion in bitcoin in 'most extensive' action ever
German police have confiscated 50,000 bitcoin worth $2.17 billion in the country's 'most extensive' cryptocurrency seizure ever, it said in a statement on Tuesday. "This is the most extensive seizure of bitcoins by law enforcement authorities in the Federal Republic of Germany to date," police in the city of Dresden said. The investigation was supported by the Federal Criminal Police Office (BKA), the FBI and a Munich-based forensic IT expert company, it said.
Hundreds of network operators’ credentials found circulating in Dark Web
Following a recent and highly disruptive cyberattack on telecom carrier Orange España the cybersecurity community needs to rethink its approach to safeguarding the digital identity of staff involved in network engineering and IT infrastructure management. Orange España is the second-largest mobile operator in Spain. In early January, an attacker going by the alias ‘Snow’ hijacked Orange España’s RIPE Network Coordination Centre (NCC) account. RIPE is Europe’s regional Internet registry. After this initial breach, Snow sabotaged the telecommunications firm’s border gateway protocol (BGP) and resource public key infrastructure (RPKI) configurations.
Hundreds of network operators’ credentials found circulating in Dark Web
Hundreds of compromised credentials of customers of RIPE, APNIC, AFRINIC, and LACNIC available on the dark web, Resecurity warns.
Public SSH keys can leak your private infrastructure
This article describes a minor security flaw in the SSH authentication protocol that can lead to unexpected private infrastructure disclosure. It also provides a PoC written in Python.
%2Fcloudfront-us-east-2.images.arcpublishing.com%2Freuters%2FKT4T34WKHNKQ3HH6KRGVWKGA3Q.jpg?width=92&height=&ar=&mode=&format=avif&dpr=2)
Exclusive: US disabled Chinese hacking network targeting critical infrastructure
The U.S. government in recent months launched an operation to fight a pervasive Chinese hacking operation that successfully compromised thousands of internet-connected devices, according to two Western security officials and one person familiar with the matter. The Justice Department and Federal Bureau of Investigation sought and received legal authorization to remotely disable aspects of the Chinese hacking campaign, the sources told Reuters.
Energy giant Schneider Electric hit by Cactus ransomware attack
Energy management and automation giant Schneider Electric suffered a Cactus ransomware attack leading to the theft of corporate data, according to people familiar with the matter.
New Go-based Malware Loader Discovered I Arctic Wolf
Arctic Wolf Labs has discovered, based on recent intrusion observations, a new Go-based malware loader named CherryLoader
Jenkins Security Advisory 2024-01-24
Arbitrary file read vulnerability through the CLI can lead to RCE