cyberveille.decio.ch

7248 bookmarks

Custom sorting

Blackcat ransomware site reportedly seized but UK agency denies responsibility

website used by hackers responsible for a breach at UnitedHealth Group (UNH.N), opens new tab has been replaced by a notice saying it has been seized by international law enforcement. But at least one of the agencies allegedly responsible said it had nothing to do with the seizure, raising the possibility that the hackers - who also go by the moniker ALPHV - faked their own takedown. A message posted to the website of the Blackcat hacking gang on Tuesday said it had been impounded "as part of a coordinated law enforcement action" by U.S. authorities and other law enforcement agencies. Among the logos of non-American agencies involved were those of Europol and Britain's National Crime Agency.

#reuters #EN #2024 #AlphV #UnitedHealth-Group #BlackCat #ransomware #UK #denies

·reuters.com·Mar 5, 2024

Blackcat ransomware site reportedly seized but UK agency denies responsibility

Developing: AlphV allegedly scammed Change Healthcare and its own affiliate (1)

Developing: Someone claiming to be an “affiliate plus” for AlphV claims they were responsible for the Change Healthcare attack but that AlphV stole the payment Change Healthcare had made and suspended the affiliate’s account. The affiliate’s claims appeared on Ramp Forum and have been circulating since then. The post can be seen below, via @vx-underground:

#databreaches.net #EN #2024 #AlphV #affiliate #scam #Change #Healthcare

·databreaches.net·Mar 5, 2024

Developing: AlphV allegedly scammed Change Healthcare and its own affiliate (1)

BlackCat ransomware shuts down in exit scam, blames the "feds"

The BlackCat ransomware gang is pulling an exit scam, trying to shut down and run off with affiliates' money by pretending the FBI seized their site and infrastructure.

#bleepingcomputer #EN #2024 #ALPHV #BlackCat #Exit-Scam #Ransomware

·bleepingcomputer.com·Mar 5, 2024

BlackCat ransomware shuts down in exit scam, blames the "feds"

Ukraine Claims it Hacked Russian MoD - Infosecurity Magazine

Hackers operating from Ukraine’s Main Intelligence Directorate (GUR) have claimed another scalp; the Russian Ministry of Defense (MoD). The GUR, part of Kyiv’s Ministry of Defense, said a “special operation” enabled it to breach the servers of the Russian MoD (Minoborony) to obtain sensitive documents. These included orders and reports apparently circulated among over 2000 structural units of the ministry.

#infosecurity-magazine #EN #2024 #Minoborony #MoD #Russia-Ukraine-war #GUR #breach

·infosecurity-magazine.com·Mar 5, 2024

Ukraine Claims it Hacked Russian MoD - Infosecurity Magazine

CVE-2024-21762 Vulnerability Scanner for FortiGate…

Discover vulnerable FortiGate firewalls with the Bishop Fox CVE-2024-21762 vulnerability scanner. Learn more here!

#Bishop-Fox #bishopfox #EN #2024 #CVE-2024-21762 #FortiGate

·bishopfox.com·Mar 5, 2024

CVE-2024-21762 Vulnerability Scanner for FortiGate…

How AMOS macOS Stealer Avoids Detection

Kandji threat analysis reveals how the AMOS macOS stealer constantly changes its hash signatures while maintaining its functionality.

#kandji #EN #2024 #AMOS #macOS #Stealer

·blog.kandji.io·Mar 5, 2024

How AMOS macOS Stealer Avoids Detection

CVE-2024-27198 and CVE-2024-27199: JetBrains TeamCity Multiple Authentication Bypass Vulnerabilities (FIXED)

In February 2024, Rapid7’s vulnerability research team identified two new vulnerabilities affecting JetBrains TeamCity CI/CD server: CVE-2024-27198 is an authentication bypass vulnerability in the web component of TeamCity that arises from an alternative path issue (CWE-288) and has a CVSS base score of 9.8 (Critical). CVE-2024-27199 is an authentication bypass vulnerability in the web component of TeamCity that arises from a path traversal issue (CWE-22) and has a CVSS base score of 7.3 (High).

#rapid7 #EN #2024 #research #JetBrains #TeamCity #CVE-2024-27198 #CVE-2024-27199

·rapid7.com·Mar 4, 2024

CVE-2024-27198 and CVE-2024-27199: JetBrains TeamCity Multiple Authentication Bypass Vulnerabilities (FIXED)

Police seized Crimemarket, the largest German-speaking cybercrime marketplace

German police seized the largest German-speaking cybercrime marketplace Crimemarket and arrested one of its operators.

#securityaffairs #EN #2024 #Germany #Crimemarket #seized #police

·securityaffairs.com·Mar 4, 2024

Police seized Crimemarket, the largest German-speaking cybercrime marketplace

BlackCat ransomware turns off servers amid claim they stole $22 million ransom

The ALPHV/BlackCat ransomware gang has shut down its servers amid claims that they scammed the affiliate responsible for the attack on Optum, the operator of the Change Healthcare platform, of $22 million.

#bleepingcomputer #EN #2024 #ALPHV #BlackCat #Healthcare #Optum #Ransomware #UnitedHealth-Group

·bleepingcomputer.com·Mar 4, 2024

BlackCat ransomware turns off servers amid claim they stole $22 million ransom

Hackers Behind the Change Healthcare Ransomware Attack Just Received a $22 Million Payment

The transaction, visible on Bitcoin's blockchain, suggests the victim of one of the worst ransomware attacks in years may have paid a very large ransom.

#wired #EN #2024 #ransomware #bitcoin #blockchain #crime #healthcare #ALPHV #Alphv-BlackCat

·wired.com·Mar 4, 2024

Hackers Behind the Change Healthcare Ransomware Attack Just Received a $22 Million Payment

Russia’s chief propagandist leaks intercepted German military Webex conversation

Russia has been accused of attempting to inflame divisions in Germany by publishing an intercepted conversation in which Bundeswehr officials discuss the country’s support for Ukraine, particularly around the supply of Taurus cruise missiles. The 38-minute conversation, which took place on February 19, was first published on social media platform Telegram by Margarita Simonyan, the editor-in-chief of RT and a sanctioned propagandist, who said the recording had been provided to her by “comrades in uniform.”

#therecord.media #EN #2024 #Russia #Germany #air-force #leak #webex #Russia-Ukraine-war

·therecord.media·Mar 4, 2024

Russia’s chief propagandist leaks intercepted German military Webex conversation

Ubiquiti owners warned Moscow may build another botnet • The Register

Non-techies told to master firmware upgrades and firewall rules. For the infosec hardheads: have some IOCs Original joint-cybersecurity-advisory

#theregister #EN #2024 #Ubiquiti-EdgeRouter #Ubiquiti #joint-advosiry

·theregister.com·Mar 4, 2024

Ubiquiti owners warned Moscow may build another botnet • The Register

ALPHV/BlackCat hits healthcare after retaliation threat, FBI says

The gang claimed responsibility for a high-profile attack against Change Healthcare Wednesday.

#scmagazine #EN #2024 #CISA #ALPHV #BlackCat #FBI #Healthcare

·scmagazine.com·Mar 4, 2024

ALPHV/BlackCat hits healthcare after retaliation threat, FBI says

Popular video doorbells can be easily hijacked, researchers find

Walmart and Temu pulled the affected doorbell cameras from their stores. Amazon and others have taken no action.

#techcrunch #EN #2024 #doorbells #Walmart #IoT #EKEN

·techcrunch.com·Mar 3, 2024

8,000+ Domains of Trusted Brands Hijacked for Massive Spam Operation

Over 8,000 subdomains belonging to recognized brands and organizations are being exploited for malicious email distribution.

#thehackernews #malware #attacks #subdomains #brands #Guardio #Labs

·thehackernews.com·Mar 3, 2024

8,000+ Domains of Trusted Brands Hijacked for Massive Spam Operation

Russian hackers hijack Ubiquiti routers to launch stealthy attacks

Russian APT28 military hackers are using compromised Ubiquiti EdgeRouters to evade detection, the FBI says in a joint advisory issued with the NSA, the U.S. Cyber Command, and international partners. #APT28 #Computer #FBI #InfoSec #Router #Russia #Security #Ubiquiti

#Security #Computer #InfoSec #APT28 #FBI #Ubiquiti #Router #Russia

·bleepingcomputer.com·Mar 3, 2024

Russian hackers hijack Ubiquiti routers to launch stealthy attacks

FBI’s LockBit Takedown Postponed a Ticking Time Bomb in Fulton County, Ga. – Krebs on Security

The FBI’s takedown of the LockBit ransomware group last week came as LockBit was preparing to release sensitive data stolen from government computer systems in Fulton County, Ga. But LockBit is now regrouping, and the gang says it will publish the stolen Fulton County data on March 2 unless paid a ransom. LockBit claims the cache includes documents tied to the county’s ongoing criminal prosecution of former President Trump, but court watchers say teaser documents published by the crime gang suggest a total leak of the Fulton County data could put lives at risk and jeopardize a number of other criminal trials

#krebsonsecurity #EN #2024 #lockbit #Fulton-County #leak #Trump #FBI #claim

·krebsonsecurity.com·Mar 3, 2024

FBI’s LockBit Takedown Postponed a Ticking Time Bomb in Fulton County, Ga. – Krebs on Security

LoanDepot Ransomware Attack Exposed 16.9 Million Individuals - SecurityWeek

Lending firm LoanDepot said the personal information of 16.9 million individuals was stolen in a ransomware attack in early January 2024.

#securityweek #EN #2024 #LoanDepot #ransomware #attack #data-breach

·securityweek.com·Mar 3, 2024

LoanDepot Ransomware Attack Exposed 16.9 Million Individuals - SecurityWeek

US prescription market hamstrung for 9 days (so far) by ransomware attack | Ars Technica

Patients having trouble getting lifesaving meds have the AlphV crime group to thank.

#arstechnica #EN #2024 #AlphV #ransomware #US #prescription #Healthcare

·arstechnica.com·Mar 3, 2024

US prescription market hamstrung for 9 days (so far) by ransomware attack | Ars Technica

Mail in the middle – a tool to automate spear phishing campaigns

The idea is simple; take advantage of the typos that people make when they enter email addresses. If we positioned ourselves in between the sender of an email (be it a person or a system) and the legitimate recipient, we may be able to capture plenty of information about the business, including personally identifiable information, email verification processes, etc. This scenario is effectively a Person-in-the-Middle (PiTM), but for email communications.

#Orange-Cyberdefence #sensepost #2024 #EN #Typosquatting #tool #mail #domain

·sensepost.com·Mar 3, 2024

Mail in the middle – a tool to automate spear phishing campaigns

Russia publishes German army meeting on Ukraine

German chancellor promises probe after leak of officers discussing the supply of long-range missiles.

#bbc #EN #2024 #Russia #Germany #Russia-Ukraine-war #leak #webex #military

·bbc.com·Mar 2, 2024

Russia publishes German army meeting on Ukraine

NoName057(16) DDoSia project: 2024 updates and behavioural shifts

Learn about NoName057(16), a pro-Russian hacktivist group behind Project DDoSia targeting entities supporting Ukraine. Discover an overview of the changes made by the group, both from the perspective of the software shared by the group to generate DDoS attacks and the specifics of the evolution of the C2 servers. It also provides an overview of the country and sectors targeted by the group for 2024.

#sekoia #EN #2024 #NoName057(16)#DDoSia #Analysis

·blog.sekoia.io·Mar 1, 2024

NoName057(16) DDoSia project: 2024 updates and behavioural shifts

Here Come the AI Worms

Security researchers created an AI worm in a test environment that can automatically spread between generative AI agents—potentially stealing data and sending spam emails along the way.

#wired #EN #2024 #artificial-intelligence #openai #google #worm

·wired.com·Mar 1, 2024

Here Come the AI Worms

GitHub besieged by millions of malicious repositories in ongoing attack | Ars Technica

GitHub keeps removing malware-laced repositories, but thousands remain.

#arstechnica #EN #2024 #github #malicious #repositories #attack

·arstechnica.com·Mar 1, 2024

GitHub besieged by millions of malicious repositories in ongoing attack | Ars Technica

CISA cautions against using hacked Ivanti VPN gateways even after factory resets

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) revealed today that attackers who hack Ivanti VPN appliances using one of multiple actively exploited vulnerabilities may be able to maintain root persistence even after performing factory resets.

#bleepingcomputer #EN #2024 #CISA #FBI #Ivanti #Warning

·bleepingcomputer.com·Mar 1, 2024

CISA cautions against using hacked Ivanti VPN gateways even after factory resets

Failles d’Ivanti : une centaine d’organisations victimes en France

Dans la plupart des cas, les attaquants n’ont pas tenté d’aller plus loin, sauf quelques exceptions. Il s’agissait vraisemblablement pour les attaquants de mettre d’abord un premier pied chez leur cible.

#zdnet #EN #2024 #Ivanti #France #victimes #attaquants

·zdnet.fr·Mar 1, 2024

Failles d’Ivanti : une centaine d’organisations victimes en France

Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Connect and Policy Secure Gateways | CISA

Based upon the authoring organizations’ observations during incident response activities and available industry reporting, as supplemented by CISA’s research findings, the authoring organizations recommend that the safest course of action for network defenders is to assume a sophisticated threat actor may deploy rootkit level persistence on a device that has been reset and lay dormant for an arbitrary amount of time. For example, as outlined in PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure), sophisticated actors may remain silent on compromised networks for long periods. The authoring organizations strongly urge all organizations to consider the significant risk of adversary access to, and persistence on, Ivanti Connect Secure and Ivanti Policy Secure gateways when determining whether to continue operating these devices in an enterprise environment.

#CISA #EN #2024 #Ivanti #Vulnerabilities #Connect #persistence #Warning

·cisa.gov·Feb 29, 2024

Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Connect and Policy Secure Gateways | CISA

The Predator spyware ecosystem is not dead

Discover our TDR team's revelations about Predator spyware: its C2 infrastructure and list of countries still using its cyber espionage tool.

#sekoia #En #2024 #Predator #spyware #Angola #Madagascar #Indonesia #Kazakhstan #Egypt #Botswana #Mongolia #Sudan

·blog.sekoia.io·Feb 29, 2024

The Predator spyware ecosystem is not dead

DNS Used to Hide Fake Investment Platform Schemes | Infoblox

Learn how the threat actor Savvy Seahorse Facebook ads to lure users to fake investment platforms and leverages DNS to allow their attacks to persist for years.

#infoblox #EN #2024 #SavvySeahorse #CNAME #facebook #scam #crypto-scam #DNS

·blogs.infoblox.com·Feb 29, 2024

DNS Used to Hide Fake Investment Platform Schemes | Infoblox

BlackCat Ransomware Affiliate TTPs

This blog post provides a detailed look at the TTPs of a ransomware affiliate operator. In this case, the endpoint had been moved to another infrastructure (as illustrated by various command lines, and confirmed by the partner), so while Huntress SOC analysts reported the activity to the partner, no Huntress customer was impacted by the ransomware deployment.

#huntress #EN #2024 #BlackCat #Ransomware #TTPs #ScreenConnect

·huntress.com·Feb 29, 2024

BlackCat Ransomware Affiliate TTPs