Act Now: CISA Flags Active Exploitation of Microsoft SharePoint Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security vulnerability impacting Microsoft SharePoint Server to its
cyberveille.decio.ch
SharePoint Pre-Auth RCE chain (CVE-2023–29357 & CVE-2023–24955) | STAR Labs
Brief I may have achieved successful exploitation of a SharePoint target during Pwn2Own Vancouver 2023. While the live demonstration lasted only approximately 30 seconds, it is noteworthy that the process of discovering and crafting the exploit chain consumed nearly a year of meticulous effort and research to complete the full exploit chain. This exploit chain leverages two vulnerabilities to achieve pre-auth remote code execution (RCE) on the SharePoint server: Authentication Bypass – An unauthenticated attacker can impersonate as any SharePoint user by spoofing valid JSON Web Tokens (JWTs), using the none signing algorithm to subvert signature validation checks when verifying JWT tokens used for OAuth authentication.
Follow-On Extortion Campaign Targeting Victims of Akira and Royal Ransomware
Arctic Wolf Labs has investigated several cases where ransomware victims are being targeted for follow-on extortion attempts by threat actors who are aware of ransom attack details.
Linux devices are under attack by a never-before-seen worm | Ars Technica
Based on Mirai malware, self-replicating NoaBot installs cryptomining app on infected devices.
AirDrop 'Cracked' By Chinese Authorities to Identify Senders
Apple's AirDrop feature has reportedly been cracked by a Chinese state-backed institution, allowing authorities to identify senders who share...
Active Exploitation of Two Zero-Day Vulnerabilities in Ivanti Connect Secure VPN
Volexity has uncovered active in-the-wild exploitation of two vulnerabilities allowing unauthenticated remote code execution in Ivanti Connect Secure VPN appliances. An official security advisory and knowledge base article have been released by Ivanti that includes mitigation that should be applied immediately. However, a mitigation does not remedy a past or ongoing compromise. Systems should simultaneously be thoroughly analyzed per details in this post to look for signs of a breach.
Le service de renseignement suisse surveille aussi le trafic de données national
Avec l'entrée en vigueur de la nouvelle loi sur le renseignement en 2017, le Service de renseignement de la Confédération (SRC) s'est vu doté de nouvelles capacités de surveillance. Contrairement aux promesses faites lors de la campagne électorale, celles-ci sont également utilisées pour surveiller le trafic de données en Suisse.
NSA official: hackers use AI bots like ChatGPT to perfect English
NSA Cybersecurity Director Rob Joyce said the spy agency has seen hackers use chatbots like ChatGPT to perfect their English for phishing schemes.
SEC Has Not Approved Bitcoin ETFs, but Its Hacked X Account Briefly Said Otherwise
The X account of the U.S. Securities and Exchange Commission, which is deciding whether to approve bitcoin ETFs, "was compromised," the regulator told CoinDesk.
AI aides nation-state hackers but also helps US spies to find them, says NSA cyber director | TechCrunch
"AI, machine learning [and] deep learning is absolutely making us better at finding malicious activity," said NSA's Rob Joyce.
Avast Updates Babuk Ransomware Decryptor in Cooperation with Cisco Talos and Dutch Police
Avast is releasing an updated version of the Avast Babuk decryption tool, capable of restoring files encrypted by the Babuk variant called Tortilla.
Netgear, Hyundai latest X accounts hacked to push crypto drainers
The official Netgear and Hyundai MEA Twitter/X accounts (together with over 160,000 followers) are the latest hijacked to push scams designed to infect potential victims with cryptocurrency wallet drainer malware.
Meet Ika & Sal: The Bulletproof Hosting Duo from Hell
In 2020, the United States brought charges against four men accused of building a bulletproof hosting empire that once dominated the Russian cybercrime industry and supported multiple organized cybercrime groups. All four pleaded guilty to conspiracy and racketeering charges. But…
Ransomware gang takes credit for Christmas attack on global Lutheran organization
The World Council of Churches reported an incident in December, and the Lutheran World Federation said it experienced a related incident. The Rhysida gang claimed it carried out the attack on the federation.
WCC hit by ransomware attack
The World Council of Churches (WCC) communications systems have been hacked by a ransomware group.
Revealed: How a secret Dutch mole aided the U.S.-Israeli Stuxnet cyberattack on Iran
For years, an enduring mystery has surrounded the Stuxnet virus attack that targeted Iran’s nuclear program: How did the U.S. and Israel get their malware onto computer systems at the highly secured uranium-enrichment plant?
Compromising Google Accounts: Malwares Exploiting Undocumented OAuth2 Functionality for session hijacking
A detailed blog on Analysis of the Global Malware Trend: Exploiting Undocumented OAuth2 Functionality to Regenerate Google Service Cookies Regardless of IP or Password Reset.
Dutch man sabotaged Iranian nuclear program without Dutch government's knowledge: report
In 2008, a Dutchman played a crucial role in the United States and Israeli-led operation to sabotage Iran’s nuclear program. The then 36-year-old Erik van Sabben infiltrated an Iranian nuclear complex and released the infamous Stuxnet virus, paralyzing the country’s nuclear program. The AIVD recruited the man, but Dutch politicians knew nothing about the operation, the Volkskrant reports after investigating the sabotage for two years.
Multiple vulnerabilities in Lantronix EDS-MD IoT gateway for medical devices
The Lantronix EDS-MS is an "IoT gateway for mission critical medical devices and equipment connectivity". It is affected by multiple vulnerabilities.
LastPass to enforce a 12-character requirement for master passwords
Security pros say while the 12-character requirement by LastPass is a step in the right direction, teams still need to enforce multi-factor authentication and practice continuous monitoring.
CVE-2023-27532
Veeam Backup & Replication is a data backup and replication solution. On March 7, 2023, Veeam published an advisory, along with patches, for https://nvd.nist.g…
ALPHV Ransomware Claims Cyberattack on US Firm Ultra Intelligence and Communications
Russian-speaking BlackCat/ALPHV ransomware group has claimed to have carried out a cyberattack on Ultra Intelligence and Communications, a US-based company
L’UDC Andreas Glarner contraint de payer les frais de justice occasionnés par son «deepfake» de Sibel Arslan
Avant les élections fédérales, le conseiller national argovien avait publié sur les réseaux sociaux une vidéo générée par intelligence artificielle qui montrait l’élue verte appelant à voter pour lui. Saisie par l’écologiste bâloise, la justice donne raison à cette dernière
Du nouveau dans la (l'in) sécurité de l'Internet ?
Le 3 janvier 2024, une partie du trafic IP à destination de la filiale espagnole d'Orange n'a pas été transmis, en raison d'un problème BGP, le système dont dépend tout l'Internet. Une nouveauté, par rapport aux nombreux autres cas BGP du passé, est qu'il semble que le problème vienne du piratage d'un compte utilisé par Orange. Quelles leçons tirer de cette apparente nouveauté ?
Three New Malicious PyPI Packages Deploy CoinMiner on Linux Devices | FortiGuard Labs
FortiGuard Labs cover the attack phases of three new PyPI packages that bear a resemblance to the culturestreak PyPI package discovered earlier this year. Learn more.
Bitwarden Heist - How to Break Into Password Vaults Without Using Passwords
Sometimes, making particular security design decisions can have unexpected consequences. For security-critical software, such as password managers, this can easily lead to catastrophic failure: In this blog post, we show how Bitwarden’s Windows Hello …
Analyzing DPRK's SpectralBlur
In both his twitter (err, X) thread and in a subsequent posting he provided a comprehensive background and triage of the malware dubbed SpectralBlur. In terms of its capabilities he noted: SpectralBlur is a moderately capable backdoor, that can upload/download files, run a shell, update its configuration, delete files, hibernate or sleep, based on commands issued from the C2. -Greg He also pointed out similarities to/overlaps with the DPRK malware known as KandyKorn (that we covered in our “Mac Malware of 2024” report), while also pointing out there was differences, leading him to conclude: We can see some similarities ... to the KandyKorn. But these feel like families developed by different folks with the same sort of requirements. -Greg
Canton de Berne: Suite à une faille de sécurité dans un système informatique: plusieurs personnes prévenues identifiées et perquisitions effectuées
Suite à une faille de sécurité, l’été dernier, dans l’application «MobileIron», également utilisée par la Police cantonale bernoise, des données d’utilisatrices et d’utilisateurs avaient manifestement pu être téléchargées et consultées. Une enquête a permis d’identifier plusieurs personnes prévenues. De plus amples investigations sont en cours.
Ivanti warns critical EPM bug lets hackers hijack enrolled devices
Ivanti fixed a critical remote code execution (RCE) vulnerability in its Endpoint Management software (EPM) that can let unauthenticated attackers hijack enrolled devices or the core server.
Weak password and infostealer blamed for Orange Spain outage
No 2FA or special characters to prevent database takeover and BGP hijack