cyberveille.decio.ch

cyberveille.decio.ch

7248 bookmarks
Custom sorting
Security Update for Ivanti Connect Secure and Ivanti Policy Secure Gateways
Security Update for Ivanti Connect Secure and Ivanti Policy Secure Gateways
At Ivanti, our top priority is upholding our commitment to deliver and maintain secure products for our customers. Our team has been working around the clock to aggressively review all code and is singularly focused on bringing full resolution to the issues affecting Ivanti Connect Secure (formerly Pulse Connect Secure), Ivanti Policy Secure and ZTA gateways. We have been following our product incident response process and rigorously assessing our products and code alongside world-class security experts and collaborating with the broader security ecosystem to share intelligence. We are committed to communicating findings openly with customers, consistent with our commitment to security and responsible disclosure.
·ivanti.com·
Security Update for Ivanti Connect Secure and Ivanti Policy Secure Gateways
Raspberry Pi Pico cracks BitLocker in under a minute
Raspberry Pi Pico cracks BitLocker in under a minute
We're very familiar with the many projects in which Raspberry Pi hardware is used, from giving old computers a new lease of life through to running the animated displays so beloved by retailers. But cracking BitLocker? We doubt the company will be bragging too much about that particular application. The technique was documented in a YouTube video over the weekend, which demonstrated how a Raspberry Pi Pico can be used to gain access to a BitLocker-secured device in under a minute, provided you have physical access to the device.
·theregister.com·
Raspberry Pi Pico cracks BitLocker in under a minute
Ransomware Hit $1 Billion in 2023
Ransomware Hit $1 Billion in 2023
In 2023, ransomware actors intensified their operations, targeting high-profile institutions and critical infrastructure, including hospitals, schools, and government agencies. Major ransomware supply chain attacks were carried out exploiting the ubiquitous file transfer software MOVEit, impacting companies ranging from the BBC to British Airways. As a result of these attacks and others, ransomware gangs reached an unprecedented milestone, surpassing $1 billion in extorted cryptocurrency payments from victims. Last year’s developments highlight the evolving nature of this cyber threat and its increasing impact on global institutions and security at large.
·chainalysis.com·
Ransomware Hit $1 Billion in 2023
Zero Day Initiative — CVE-2023-46263: Ivanti Avalanche Arbitrary File Upload Vulnerability
Zero Day Initiative — CVE-2023-46263: Ivanti Avalanche Arbitrary File Upload Vulnerability
In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Lucas Miller and Dusan Stevanovic of the Trend Micro Research Team detail a recently patched remote code execution vulnerability in the Ivanti Avalanche enterprise mobility management program. Other Ivanti products
·zerodayinitiative.com·
Zero Day Initiative — CVE-2023-46263: Ivanti Avalanche Arbitrary File Upload Vulnerability
Leaky Vessels flaws allow hackers to escape Docker, runc containers
Leaky Vessels flaws allow hackers to escape Docker, runc containers
Four vulnerabilities collectively called "Leaky Vessels" allow hackers to escape containers and access data on the underlying host operating system. The flaws were discovered by Snyk security researcher Rory McNamara in November 2023, who reported them to impacted parties for fixing. Snyk has found no signs of active exploitation of the Leaky Vessels flaws in the wild, but the publicity could change the exploitation status, so all impacted system admins are recommended to apply the available security updates as soon as possible.
·bleepingcomputer.com·
Leaky Vessels flaws allow hackers to escape Docker, runc containers
Zyxel VPN Series Pre-auth Remote Command Execution
Zyxel VPN Series Pre-auth Remote Command Execution
Summary Chaining of three vulnerabilities allows unauthenticated attackers to execute arbitrary command with root privileges on Zyxel VPN firewall (VPN50, VPN100, VPN300, VPN500, VPN1000). Due to recent attack surface changes in Zyxel, the chain described below broke and become unusable – we have decided to disclose this even though it is no longer exploitable. Credit … SSD Advisory – Zyxel VPN Series Pre-auth Remote Command Execution Read More »
·ssd-disclosure.com·
Zyxel VPN Series Pre-auth Remote Command Execution
Une action civile à la suite d’une cyberattaque
Une action civile à la suite d’une cyberattaque
À la suite d’une cyberattaque ayant touché SolarWinds Corp., la SEC a déposé une action civile contre la société qui aurait trompé les investisseurs sur ses pratiques en matière de cybersécurité. Cette action civile met en évidence, d’une part, les mauvaises pratiques adoptées par la société, et d’autre part, l’importance accrue que la SEC porte sur les informations en matière de cybersécurité que les sociétés publient à l’attention des investisseurs.
·swissprivacy.law·
Une action civile à la suite d’une cyberattaque
Investigation: Apparent Russian disinformation group posing as ex-president Poroshenko targets foreign fighters in Ukraine
Investigation: Apparent Russian disinformation group posing as ex-president Poroshenko targets foreign fighters in Ukraine
  • An apparent Russian state-aligned group is targeting Ukraine’s International Legion in a disinformation campaign The Kyiv Independent obtained and analyzed exclusive video that shows the group used doctored footage to pose as the Ukrainian ex-president on a Zoom call that took place in early January Legion members are being tricked into agreeing with incendiary statements against Zelensky Lack of cultural context, morale issues and low pay in some units have made the International Legion more susceptible to such attacks The attack appears linked to the Russian government-aligned provocateurs Vladimir Kuznetsov and Alexey Stolyarov, known as Vovan and Lexus * The effort highlights ongoing disinformation threats in the Ukraine-Russia war as well as possible information security vulnerabilities of Ukraine’s foreign fighters
·kyivindependent.com·
Investigation: Apparent Russian disinformation group posing as ex-president Poroshenko targets foreign fighters in Ukraine
How Memory Forensics Revealed Exploitation of Ivanti Connect Secure VPN Zero-Day Vulnerabilities
How Memory Forensics Revealed Exploitation of Ivanti Connect Secure VPN Zero-Day Vulnerabilities
Volexity regularly prioritizes memory forensics when responding to incidents. This strategy improves investigative capabilities in many ways across Windows, Linux, and macOS. This blog post highlights some specific ways memory forensics played a key role in determining how two zero-day vulnerabilities were being chained together to achieve unauthenticated remote code execution in Ivanti Connect Secure VPN devices.
·volexity.com·
How Memory Forensics Revealed Exploitation of Ivanti Connect Secure VPN Zero-Day Vulnerabilities
DarkGate malware delivered via Microsoft Teams - detection and response
DarkGate malware delivered via Microsoft Teams - detection and response
While most end users are well-acquainted with the dangers of traditional phishing attacks, such as those delivered via email or other media, a large proportion are likely unaware that Microsoft Teams chats could be a phishing vector. Most Teams activity is intra-organizational, but Microsoft enables External Access by default, which allows members of one organization to add users outside the organization to their Teams chats. Perhaps predictably, this feature has provided malicious actors a new avenue by which to exploit untrained or unaware users.
·cybersecurity.att.com·
DarkGate malware delivered via Microsoft Teams - detection and response
The "EventLogCrasher" 0day For Remotely Disabling Windows Event Log, And a Free Micropatch For It
The "EventLogCrasher" 0day For Remotely Disabling Windows Event Log, And a Free Micropatch For It
If you ever troubleshooted anything on Windows or investigated a suspicious event, you know that Windows store various types of events in Windows Event Log. An application crashed and you want to know more about it? Launch the Event Viewer and check the Application log. A service behaving strangely? See the System log. A user account got unexpectedly blocked? The Security log may reveal who or what blocked it. All these events are getting stored to various logs through the Windows Event Log service. Unsurprisingly, this service's description says: "Stopping this service may compromise security and reliability of the system." The Windows Event Log service performs many tasks. Not only is it responsible for writing events coming from various source to persistent file-based logs (residing in %SystemRoot%\System32\Winevt\Logs), it also provides structured access to these stored events through applications like Event Viewer. Furthermore, this service also performs "event forwarding" if you want your events sent to a central log repository like Splunk or Sumo Logic, an intrusion detection system or a SIEM server. Therefore, Windows Event Log service plays an important role in many organizations' intrusion detection and forensic capabilities. And by extension, their compliance check boxes.
·blog.0patch.com·
The "EventLogCrasher" 0day For Remotely Disabling Windows Event Log, And a Free Micropatch For It