Google Ads Malware Wipes NFT Influencer's Crypto Wallet
NFT influencer @NFT_GOD downloaded malware through Google Ads while attempting to download OBS, an open-source video streaming software.
cyberveille.decio.ch
“MasquerAds” — Google’s Ad-Words Massively Abused by Threat Actors, Targeting Organizations, GPUs and Crypto Wallets
A newly uncovered technique to abuse Google’s ad-words powerful advertisement platform is spreading rogue promoted search results in mass. Pointing to allegedly credible advertisement sites that are fully controlled by threat actors, those are used to masquerade and redirect ad-clickers to malicious phishing pages gaining the powerful credibility and targeting capabilities of Google’s search results. Adding customized malware payloads, threat actors are raising the bar for successful malware deployments on Personal PCs with ad words like Grammarly, Malwarebytes, and Afterburner as well as with Visual Studio, Zoom, Slack, and even Dashlane to target organizations.
Cyberconseil: les clés USB peuvent servir de porte d'entrée pour les cyberattaques
Les clés USB font partie du paysage informatique depuis longtemps et sont utilisées pour stocker des données ou les transférer d'un ordinateur à un autre. De nombreuses personnes ignorent toutefois que ces clés peuvent également servir d'outil de piratage.
Supply Chain Attack Using Identical PyPI Packages, “colorslib”, “httpslib”, and “libhttps”
The FortiGuard Labs team discovered an attack embedded in three PyPI packages called ‘colorslib’, ‘httpslib’, and “libhttps”. Read our blog to learn more.
Vice Society ransomware leaks University of Duisburg-Essen’s data
The Vice Society ransomware gang has claimed responsibility for the November 2022 cyberattack that forced the University of Duisburg-Essen (UDE) to reconstruct its IT infrastructure, a process that's still ongoing.
NortonLifeLock warns that hackers breached Password Manager accounts
Gen Digital, formerly Symantec Corporation and NortonLifeLock, is sending data breach notifications to customers, informing them that hackers have successfully breached Norton Password Manager accounts in credential-stuffing attacks.
SQL Injection in Multiple WordPress Plugins
- Paid Memberships Pro : CVE-2023-23488 - Unauthenticated SQL Injection * Easy Digital Downloads: CVE-2023-23489 - Unauthenticated SQL Injection * Survey Maker: CVE-2023-23490 - Authenticated SQL Injection
Défense : les interrogations de l’état-major français face aux opérations cyber américaines en Europe
Depuis la guerre en Ukraine, les Etat-Unis ont envoyé plusieurs équipes spécialisées pour aider les pays se sentant vulnérables aux cyberattaques russes. Du côté français, on s’inquiète que ces démarches ouvrent la voie à des opérations plus larges d’espionnage.
Sustaining Digital Certificate Security - TrustCor Certificate Distrust
Google includes or removes CA certificates within the Chrome Root Store as it deems appropriate for user safety in accordance with our policies. The selection and ongoing inclusion of CA certificates is done to enhance the security of Chrome and promote interoperability.
MSI's (in)Secure Boot
On 2022-12-11, I decided to setup Secure Boot on my new desktop with a help of sbctl. Unfortunately I have found that my firmware was… accepting every OS image I gave it, no matter if it was trusted or not. It wasn't the first time that I have been self-signing Secure Boot, I wasn't doing it wrong. As I have later discovered on 2022-12-16, it wasn't just broken firmware, MSI had changed their Secure Boot defaults to allow booting on security violations(!!).
How Finland Is Teaching a Generation to Spot Misinformation
How Finland Is Teaching a Generation to Spot Misinformation The Nordic country is testing new ways to teach students about propaganda. Here’s what other countries can learn from its success.
Compromise of employee device, credentials led to CircleCI breach
CircleCI’s chief technology officer said malicious hackers infected one of their engineer’s laptops and stole elevated account privileges to breach the company’s systems and data late last year.
A Police App Exposed Secret Details About Raids and Suspects | WIRED
SweepWizard, an app that law enforcement used to coordinate raids, left sensitive information about hundreds of police operations publicly accessible.
Watch: Ukraine Army Video Tells Russians How to Surrender to a Drone
- Ukraine has released an instruction video for Russian soldiers on surrendering to a drone. * It's part of the "I Want to Live" hotline, which entices Russians to stop fighting in Ukraine. * The video suggests that surrendering via drone may become increasingly common.
Accidentally Crashing a Botnet
As part of our research into the cryptomining botnet kmsdbot, we rendered it useless.
Pro-Russia hackers use Telegram, GitHub to attack Czech presidential election
The Record by Recorded Future gives exclusive, behind-the-scenes access to leaders, policymakers, researchers, and the shadows of the cyber underground.
Royal Mail ransomware attackers threaten to publish stolen data
Postal service has been unable to send letters and parcels overseas since Wednesday due to hacking Royal Mail has been hit by a ransomware attack by a criminal group, which has threatened to publish the stolen information online. The postal service has received a ransom note purporting to be from LockBit, a hacker group widely thought to have close links to Russia.
NoName057(16) - The Pro-Russian Hacktivist Group Targeting NATO
In the name of Russia's war in Ukraine, NoName057(16) abuses GitHub and Telegram in an ongoing campaign to disrupt NATO's critical infrastructure.
StrongPity espionage campaign targeting Android users
ESET researchers uncover an active StrongPity campaign that spreads a trojanized version of the Android Telegram app posing as the Shagle video chat app.
Misconfigured PostgreSQL Used to Target Kubernetes Clusters
Researchers have found that Kinsing malware gained access to Kubernetes servers by exploiting misconfigured and exposed PostgreSQL servers. The threat actors gained
Zoom Patches High Risk Flaws on Windows, MacOS Platforms
Video messaging giant Zoom has released patches for multiple security vulnerabilities that expose both Windows and macOS users to malicious hacker attacks.
Raspberry Robin's botnet second life
Raspberry Robin appears to be a type of Pay-Per-Install botnet, likely to be used by cybercriminals to distribute other malware.
The OWASSRF + TabShell exploit chain
We see that one of our vulnerabilities is exploited in the wild Link. So we decided to public the detail analysis of our two bug chains. Any customer has enough information to mitigate these bugs. The vendor also released all patches a week ago. This blog post shares the detail
Nouvelles règles: Boom des enregistrements de pilotes de drone en Suisse
Quelques 10'000 pilotes se sont officiellement enregistrés auprès de l'Office fédéral de l'aviation civile (OFAC) depuis un mois, après l'annonce des nouvelles prescriptions. Environ autant d'utilisateurs ont passé un examen d'exploitation.
New Paper on Old Threema Protocol
This is a statement on the NZZ news article from January 9, 2023 about alleged weaknesses in Threema's encryption. But these are completely impractical and theoretical.
Three Lessons from Threema: Analysis of a Secure Messenger
Threema is a Swiss encrypted messaging application. It has more than 10 million users and more than 7000 on-premise customers. Prominent users of Threema include the Swiss Government and the Swiss Army, as well as the current Chancellor of Germany, Olaf Scholz. Threema has been widely advertised as a secure alternative to other messengers. In our work, we present seven attacks against the cryptographic protocols used by Threema, in three distinct threat models. All the attacks are accompanied by proof-of-concept implementations that demonstrate their feasibility in practice.
Advertising ID: APPLE DISTRIBUTION INTERNATIONAL fined 8 million euros
On 29 December 2022, the CNIL's restricted committee imposed an administrative fine of 8 million euros on the company APPLE DISTRIBUTION INTERNATIONAL because it did not collect the consent of iPhone's French users (iOS 14.6 version) before depositing and/or writing identifiers used for advertising purposes on their terminals.
Air France and KLM notify customers of account hacks
Air France and KLM have informed Flying Blue customers that some of their personal information was exposed after their accounts were breached.
I scanned every package on PyPi and found 57 live AWS keys
After inadvertently finding that InfoSys leaked an AWS key on PyPi I wanted to know how many other live AWS keys may be present on Python package index. After scanning every release published to PyPi I found 57 valid access keys from organisations like: Amazon themselves 😅 Intel Stanford, Portland and Louisiana University The Australian Government General Atomics fusion department Terradata Delta Lake And Top Glove, the worlds largest glove manufacturer 🧤
OPWNAI : Cybercriminals Starting to Use ChatGPT
At the end of November 2022, OpenAI released ChatGPT, the new interface for its Large Language Model (LLM), which instantly created a flurry of interest in AI and its possible uses. However, ChatGPT has also added some spice to the modern cyber threat landscape as it quickly became apparent that code generation can help less-skilled threat actors effortlessly launch cyberattacks. In Check Point Research’s (CPR) previous blog, we described how ChatGPT successfully conducted a full infection flow, from creating a convincing spear-phishing email to running a reverse shell, capable of accepting commands in English. The question at hand is whether this is just a hypothetical threat or if there are already threat actors using OpenAI technologies for malicious purposes. CPR’s analysis of several major underground hacking communities shows that there are already first instances of cybercriminals using OpenAI to develop malicious tools. As we suspected, some of the cases clearly showed that many cybercriminals using OpenAI have no development skills at all. Although the tools that we present in this report are pretty basic, it’s only a matter of time until more sophisticated threat actors enhance the way they use AI-based tools for bad.