cyberveille.decio.ch

6938 bookmarks

Custom sorting

Malicious PyPI Packages Slip WhiteSnake InfoStealer Malware onto Windows Machines

Malicious code hiding in seemingly innocent PyPI packages steals your passwords, crypto & more #attacks #breach #computer #cyber #data #hack #hacker #hacking #how #information #malware #network #news #ransomware #security #software #the #to #today #updates #vulnerability

#hacking #attacks #information #network #data #to #updates #malware #cyber #today #news #ransomware #breach #security #software #hack #the #hacker #how #computer #vulnerability

·thehackernews.com·Jan 29, 2024

Malicious PyPI Packages Slip WhiteSnake InfoStealer Malware onto Windows Machines

How a mistakenly published password exposed Mercedes-Benz source code

Mercedes accidentally exposed a trove of sensitive data after a leaked security key gave “unrestricted access” to company’s source code.

#techcrunch #EN #2024 #Mercedes #exposed #password #Mercedes-Benz #Source-Code #GitHub

·techcrunch.com·Jan 29, 2024

How a mistakenly published password exposed Mercedes-Benz source code

Buzzing on Christmas Eve: Trigona Ransomware in 3 Hours

#thedfirreport #EN #2024 #DFIR #Trigona #Ransomware

·thedfirreport.com·Jan 29, 2024

Buzzing on Christmas Eve: Trigona Ransomware in 3 Hours

Malicious NPM Packages Exfiltrate Hundreds of Developer SSH Keys via GitHub

Did you download Warbeast2000 or Kodiak2k from npm? If so, your SSH keys might be compromised! These packages steal keys & upload them to GitHub.

#thehackernews #EN #2024 #NPM #Packages #Malicious #SSH #Keys #warbeast2000 #kodiak2k

·thehackernews.com·Jan 28, 2024

Malicious NPM Packages Exfiltrate Hundreds of Developer SSH Keys via GitHub

Trello API abused to link email addresses to 15 million accounts

An exposed Trello API allows linking private email addresses with Trello accounts, enabling the creation of millions of data profiles containing both public and private information.

#bleepingcomputer #EN #2024 #API #Atlassian #Data-Leak #Email-Address #Project-Management #Trello

·bleepingcomputer.com·Jan 28, 2024

Trello API abused to link email addresses to 15 million accounts

NSA is buying Americans’ internet browsing records without a warrant

Spy agency argues the practice is entirely legal — until a US court says otherwise

#techcrunch #EN #2024 #internet #browsing #records #data-brokers #NSA #US #Spy #legal

·techcrunch.com·Jan 27, 2024

NSA is buying Americans’ internet browsing records without a warrant

Researchers Say the Deepfake Biden Robocall Was Likely Made With Tools From AI Startup ElevenLabs

Two fake-audio experts say that the deepfake robocall of President Biden received by some voters last week was likely created with technology from Silicon Valley’s favorite voice-cloning startup.

#wired #EN #2024 #Biden #robocall #elevenlabs #deepfake #AI #President

·wired.com·Jan 27, 2024

Researchers Say the Deepfake Biden Robocall Was Likely Made With Tools From AI Startup ElevenLabs

Ransomware Cases Increased Greatly in 2023

As we move further into 2024, we must be cautious (maybe even fearful!) of ransomware cases increasing even more than in previous years. Though governments around the world are taking more interest in the worldwide threat, we can see from the increase of cases that our actions have not been enough to thwart the ransomware threat. As new groups continue to form, former groups continue to evolve into new brands, and the big players continue to ramp up their efforts, we must remain vigilant and focus on our preparation and early detection capabilities.

#sans #2024 #EN #ransomware #2023 #Stats

·sans.org·Jan 26, 2024

Ransomware Cases Increased Greatly in 2023

Russian developer of Trickbot malware sentenced to five years in prison

A Russian developer of Trickbot malware has been sentenced to five years and four months in prison, the U.S. Department of Justice said on Thursday.

#therecord #Trickbot #developer #sentenced #2024 #EN

·therecord.media·Jan 26, 2024

Russian developer of Trickbot malware sentenced to five years in prison

Midnight Blizzard: Guidance for responders on nation-state attack

The Microsoft security team detected a nation-state attack on our corporate systems on January 12, 2024, and immediately activated our response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access. The Microsoft Threat Intelligence investigation identified the threat actor as Midnight Blizzard, the Russian state-sponsored actor also known as NOBELIUM.

#microsoft #2024 #EN #Midnight #MidnightBlizzard #guide #attack #TTP

·microsoft.com·Jan 26, 2024

Midnight Blizzard: Guidance for responders on nation-state attack

23andMe data breach: Hackers stole raw genotype data, health reports

Genetic testing provider 23andMe confirmed that hackers stole health reports and raw genotype data of customers affected by a credential stuffing attack that went unnoticed for five months, from April 29 to September 27. #23andMe #Breach #Computer #Credential #DNA #Data #Genetics #Health #InfoSec #Leak #Security #Stuffing

#bleepingcomputer #EN #2024 #Stuffing #Credential #InfoSec #Data #Genetics #Leak #DNA #Breach #Security #Computer #23andMe #Health

·bleepingcomputer.com·Jan 26, 2024

23andMe data breach: Hackers stole raw genotype data, health reports

Inside a Global Phone Spy Tool Monitoring Billions

A wide-spanning investigation by 404 Media reveals more details about a secretive spy tool that can tracks billions of phone profiles through the advertising industry called Patternz. Google has taken action in response to 404 Media's inquiries.

#404media #EN #2024 #Spyware #Patternz

·404media.co·Jan 26, 2024

Inside a Global Phone Spy Tool Monitoring Billions

X is being flooded with graphic Taylor Swift AI images

Fake sexually explicit images of Taylor Swift have been circulating on X over the last day in the latest example of the proliferation of AI-generated pornography.

#theverge #EN #2024 #Taylor-Swift #X #fake #deepfake #pornography

·theverge.com·Jan 26, 2024

X is being flooded with graphic Taylor Swift AI images

HPE reveals Russian attackers accessed internal emails

Moscow-backed Cozy Bear may have had access to the green rectangular email cloud for six months

#theregister #EN #2024 #HPE #Russia #CozyBear #internal #emails #Data-Breach

·theregister.com·Jan 25, 2024

HPE reveals Russian attackers accessed internal emails

Over 5,300 GitLab servers exposed to zero-click account takeover attacks

Over 5,300 internet-exposed GitLab instances are vulnerable to CVE-2023-7028, a zero-click account takeover flaw GitLab warned about earlier this month.

#bleepingcomputer #EN #2024 #Account-Takeover #Alert #Exposed #GitLab #Password-Reset #Security #Vulnerability

·bleepingcomputer.com·Jan 24, 2024

Over 5,300 GitLab servers exposed to zero-click account takeover attacks

AI will make scam emails look genuine, UK cybersecurity agency warns

NCSC says generative AI tools will soon allow amateur cybercriminals to launch sophisticated phishing attacks

#theguardian #EN #2023 #AI #scam #phishing #email #gebuine #cybercriminals #warning #UK #NCSC

·theguardian.com·Jan 24, 2024

AI will make scam emails look genuine, UK cybersecurity agency warns

SEC says X account hack was due to SIM swapping

An “unauthorized party” hijacked the cell phone number of the person running the SEC’s X account before taking over the social media feed and posting messages. In a statement on Monday, an SEC spokesperson explained that two days after the January 9 account takeover, the government agency spoke to its telecom carrier and discovered that someone “obtained control of the SEC cell phone number associated with the account in an apparent ‘SIM swap’ attack.”

#therecord #EN #2023 #SEC #X #Twitter #SIM-swapping #hijacked

·therecord.media·Jan 24, 2024

SEC says X account hack was due to SIM swapping

CVE-2024-0204: Critical Authentication Bypass in Fortra GoAnywhere MFT | Rapid7 Blog

On 1/22/24, Fortra published a security advisory on CVE-2024-0204, a critical authentication bypass affecting its GoAnywhere MFT secure managed file transfer product prior to version 7.4.1.

#rapid7 #EN #2024 #Critical #Authentication #Bypass #CVE-2024-0204 #Fortra #GoAnywhere

·rapid7.com·Jan 23, 2024

CVE-2024-0204: Critical Authentication Bypass in Fortra GoAnywhere MFT | Rapid7 Blog

Info Stealing Packages Hidden in PyPI

An info-stealing PyPI malware author was identified discreetly uploading malicious packages.

#FortiGuard-Labs-Threat-Research #fortinet #2024 #EN #PyPI #malware #Supply-chain-attack

·fortinet.com·Jan 23, 2024

Info Stealing Packages Hidden in PyPI

Atlassian Confluence Server RCE attacks underway

If you're still running a vulnerable instance then 'assume a breach'

#theregister #en #2024 #RCE #mass-exploitation #CVE-2023-22527 #Atlassian #Confluence

·theregister.com·Jan 23, 2024

Atlassian Confluence Server RCE attacks underway

178,000 SonicWall firewalls are vulnerable to old DoS bugs

Majority of public-facing devices still unpatched against critical vulns from as far back as 2022

#theregister #EN #2024 #2022 #CVE-2022-22274 #CVE-2023-0656 #SonicWall #DoS

·theregister.com·Jan 22, 2024

178,000 SonicWall firewalls are vulnerable to old DoS bugs

Technology News Government News Get more insights with the Recorded Future Intelligence Cloud. Learn more. In alerting about two Citrix bugs, CISA recommends immediate attention for one

Two bugs in Citrix technology are drawing serious attention this week from the Cybersecurity and Infrastructure Security Agency. CISA says federal agencies much patch one of the vulnerabilities — tagged as CVE-2023-6548 — by January 24. It’s one of the rare times the cyber agency has put a remediation date of less than three weeks on a vulnerability. CISA did not respond to requests for comment about why the remediation timeline was shorter than most. The other bug — listed as CVE-2023-6548 — must be fixed by February 7. CISA’s alerts are aimed at federal agencies but often serve as general warnings for the public.

#therecord #EN #2024 #Citrix #CVE-2023-6548 #CISA

·therecord.media·Jan 22, 2024

Technology News Government News Get more insights with the Recorded Future Intelligence Cloud. Learn more. In alerting about two Citrix bugs, CISA recommends immediate attention for one

A backdoor with a cryptowallet stealer inside cracked macOS software

We review a new macOS backdoor that piggybacks on cracked software to replace Bitcoin and Exodus wallets with malware.

#securelist #EN #2024 #Apple #MacOS #Backdoor #Cryptocurrencies #DNS #Malware #Malware-Descriptions #Malware-Technologies #Trojan #Trojan-stealer

·securelist.com·Jan 22, 2024

A backdoor with a cryptowallet stealer inside cracked macOS software

Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard

#microsoft #EN #2024 #annonce #MidnightBlizzard #APT29

·msrc.microsoft.com·Jan 20, 2024

Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard

Balada Injector Infects Over 7,100 WordPress Sites Using Plugin Vulnerability

Over 7,100 WordPress sites have been hit by the 'Balada Injector' malware, which exploits sites using a vulnerable version of the Popup Builder plugin

#thehackernews #2024 #EN #Balada #WP #plugin #WordPress #malware #Injector #infected

·thehackernews.com·Jan 20, 2024

Balada Injector Infects Over 7,100 WordPress Sites Using Plugin Vulnerability

Microsoft network breached through password-spraying by Russian-state hackers

Senior execs' emails accessed in network breach that wasn't caught for 2 months.

#arstechnica #en #2024 #Microsoft #email #theft #Russia #APT29 #breached #password-spray

·arstechnica.com·Jan 20, 2024

Microsoft network breached through password-spraying by Russian-state hackers

Microsoft's Top Execs' Emails Breached in Sophisticated Russia-Linked APT Attack

Microsoft on Friday revealed that it was the target of a nation-state attack on its corporate systems that resulted in the theft of emails and attachments from senior executives and other individuals in the company's cybersecurity and legal departments. The Windows maker attributed the attack to a Russian advanced persistent threat (APT) group it tracks as Midnight Blizzard (formerly Nobelium), which is also known as APT29, BlueBravo, Cloaked Ursa, Cozy Bear, and The Dukes.

#thehackernews #en #2024 #Microsoft #APT29 #Russia #theft #mail #executives #attack #MidnightBlizzard

·thehackernews.com·Jan 20, 2024

Microsoft's Top Execs' Emails Breached in Sophisticated Russia-Linked APT Attack

La Russie est suspectée d’avoir largement brouillé les GPS en Pologne

Des perturbations GPS sont observées aux abords de Kaliningrad. La Russie est suspectée de tester un système de brouillage d'ondes d'un nouveau genre,

#numerama #FR #Russie #GPS #Pologne #perturbations #Kaliningrad #Tobol #brouilleur

·numerama.com·Jan 19, 2024

La Russie est suspectée d’avoir largement brouillé les GPS en Pologne

Jamf Threat Labs Discovers Pirated macOS Apps Similar to ZuRu Malware

Jamf Threat Labs discovers new pirated macOS applications that establish communication with attacker infrastructure, allowing the victim's computer to be controlled by the attacker.

#jamf #EN #2024 #macOS #Malware #pirated #applications

·jamf.com·Jan 19, 2024

Jamf Threat Labs Discovers Pirated macOS Apps Similar to ZuRu Malware

Ivanti Connect Secure VPN Exploitation: New Observations

On January 15, 2024, Volexity detailed widespread exploitation of Ivanti Connect Secure VPN vulnerabilities CVE-2024-21887 and CVE-2023-46805. In that blog post, Volexity detailed broader scanning and exploitation by threat actors using still non-public exploits to compromise numerous devices. Subsequently, Volexity has observed an increase in attacks from various threat actors against Ivanti Connect Secure VPN appliances beginning the same day.

#volexity #EN #2024 #CVE-2023-46805 #CVE-2024-21887 #Ivanti #Observations

·volexity.com·Jan 19, 2024

Ivanti Connect Secure VPN Exploitation: New Observations