cyberveille.decio.ch

7248 bookmarks

Custom sorting

Security Update for Ivanti Connect Secure and Ivanti Policy Secure Gateways

At Ivanti, our top priority is upholding our commitment to deliver and maintain secure products for our customers. Our team has been working around the clock to aggressively review all code and is singularly focused on bringing full resolution to the issues affecting Ivanti Connect Secure (formerly Pulse Connect Secure), Ivanti Policy Secure and ZTA gateways. We have been following our product incident response process and rigorously assessing our products and code alongside world-class security experts and collaborating with the broader security ecosystem to share intelligence. We are committed to communicating findings openly with customers, consistent with our commitment to security and responsible disclosure.

#ivanti #EN #2024 #CVE-2024-22024 #Security #Update

·ivanti.com·Feb 8, 2024

Security Update for Ivanti Connect Secure and Ivanti Policy Secure Gateways

Fortinet warns of new FortiSIEM RCE bugs in confusing disclosure

Fortinet is warning of two new unpatched patch bypasses for a critical remote code execution vulnerability in FortiSIEM, Fortinet's SIEM solution.

#bleepingcomputer #EN #204 #Fortinet #FortiSIEM #Remote-Code-Execution #Vulnerability

·bleepingcomputer.com·Feb 8, 2024

Fortinet warns of new FortiSIEM RCE bugs in confusing disclosure

Raspberry Pi Pico cracks BitLocker in under a minute

We're very familiar with the many projects in which Raspberry Pi hardware is used, from giving old computers a new lease of life through to running the animated displays so beloved by retailers. But cracking BitLocker? We doubt the company will be bragging too much about that particular application. The technique was documented in a YouTube video over the weekend, which demonstrated how a Raspberry Pi Pico can be used to gain access to a BitLocker-secured device in under a minute, provided you have physical access to the device.

#theregister #EN #2024 #Raspberry-Pi #Pico #BitLocker #cracked

·theregister.com·Feb 8, 2024

Raspberry Pi Pico cracks BitLocker in under a minute

Ransomware Hit $1 Billion in 2023

In 2023, ransomware actors intensified their operations, targeting high-profile institutions and critical infrastructure, including hospitals, schools, and government agencies. Major ransomware supply chain attacks were carried out exploiting the ubiquitous file transfer software MOVEit, impacting companies ranging from the BBC to British Airways. As a result of these attacks and others, ransomware gangs reached an unprecedented milestone, surpassing $1 billion in extorted cryptocurrency payments from victims. Last year’s developments highlight the evolving nature of this cyber threat and its increasing impact on global institutions and security at large.

#chainalysis #En #2024 #Ransomware #Statistics #2023 #report

·chainalysis.com·Feb 8, 2024

Ransomware Hit $1 Billion in 2023

Security Researcher Allegedly Hacked Apple’s Backend, Scammed $2.5 Million

Staggeringly, Apple thanked the defendant, Noah Roskin-Frazee, in a security update less than two weeks after he was arrested.

#404media #EN #2024 #Apple #Hacked #Scammed #security #researcher

·404media.co·Feb 7, 2024

Security Researcher Allegedly Hacked Apple’s Backend, Scammed $2.5 Million

Chinese spies hacked Dutch defence network last year - intelligence agencies

Chinese state-backed cyber spies gained access to a Dutch military network last year, Dutch intelligence agencies said on Tuesday, calling it part of a trend of Chinese political espionage against the Netherlands and its allies.

#reuters #EN #2024 #Fortigate #NL #Netherlands #China #malware #spy

·reuters.com·Feb 7, 2024

Chinese spies hacked Dutch defence network last year - intelligence agencies

Thanksgiving 2023 security incident

On Thanksgiving Day, November 23, 2023, Cloudflare detected a threat actor on our self-hosted Atlassian server. Our security team immediately began an investigation, cut off the threat actor’s access, and no Cloudflare customer data or systems were impacted by this event.

#cloudflare #EN #2024 #CrowdStrike #Atlassian #Confluence #Jira #Okta #incident

·blog.cloudflare.com·Feb 7, 2024

Thanksgiving 2023 security incident

Chinese hackers infect Dutch armed forces network with malware

A Chinese cyber-espionage group breached the Dutch Ministry of Defence last year and deployed malware on compromised devices, according to the Military Intelligence and Security Service (MIVD) of the Netherlands.

#bleepingcomputer #EN #2024 #Army #China #COATHANGER #Cyber-espionage #Defense #Fortigate #Fortinet #Malware #Netherlands

·bleepingcomputer.com·Feb 6, 2024

Chinese hackers infect Dutch armed forces network with malware

Fingerprint photo led investigators to therapy centre hacking suspect

Police said their first big break in the case was provided by the suspect's carelessness.

#yle.fi #EN #2024 #Fingerprint #suspect #photo #Vastaamo

·yle.fi·Feb 6, 2024

Fingerprint photo led investigators to therapy centre hacking suspect

Zero Day Initiative — CVE-2023-46263: Ivanti Avalanche Arbitrary File Upload Vulnerability

In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Lucas Miller and Dusan Stevanovic of the Trend Micro Research Team detail a recently patched remote code execution vulnerability in the Ivanti Avalanche enterprise mobility management program. Other Ivanti products

#zerodayinitiative #EN #2024 #CVE-2023-46263 #Ivanti #Avalanche #analysis

·zerodayinitiative.com·Feb 6, 2024

Zero Day Initiative — CVE-2023-46263: Ivanti Avalanche Arbitrary File Upload Vulnerability

Government hackers targeted iPhones owners with zero-days, Google says

One of the hacking campaigns used exploits developed by Variston, a Barcelona-based startup. Sources say the spyware maker is losing staff.

#techcrunch #EN #2024 #security #apple #cybersecurity #google #hackers #infosec #ios #iphone #spyware #surveillance #variston #zero-days

·techcrunch.com·Feb 6, 2024

Government hackers targeted iPhones owners with zero-days, Google says

Ransomware Retrospective 2024: Unit 42 Leak Site Analysis

Analysis of ransomware gang leak site data reveals significant activity over 2023. As groups formed — or dissolved — and tactics changed, we synthesize our findings.

#unit42 #2024 #EN #Retrospective #Analysis #ransomware #Data-Leak-Site

·unit42.paloaltonetworks.com·Feb 6, 2024

Ransomware Retrospective 2024: Unit 42 Leak Site Analysis

Datasport subi un vol de données: 900’000 Suisses concernés

Datasport, prestataire de services suisse pour les événements sportifs, a été victime d'une attaque informatiq

#ictjournal #2024 #FR #CH #Datasport #suisse #dataleak #cyberattaque

·ictjournal.ch·Feb 5, 2024

Datasport subi un vol de données: 900’000 Suisses concernés

45,000 Jenkins servers remain vulnerable to RCE attacks

Multiple publicly available exploits have since been published for the critical flaw

#theregister #EN #2024 #Jenkins #CVE-2024-23897 #RCE

·theregister.com·Feb 5, 2024

45,000 Jenkins servers remain vulnerable to RCE attacks

Finance worker pays out $25 million after video call with deepfake ‘chief financial officer’

A finance worker at a multinational firm was tricked into paying out $25 million to fraudsters using deepfake technology to pose as the company’s chief financial officer in a video conference call, according to Hong Kong police.

#cnn #2024 #EN #deepfake #CFO-scam #scam #HongKong

·edition.cnn.com·Feb 4, 2024

Finance worker pays out $25 million after video call with deepfake ‘chief financial officer’

Leaky Vessels flaws allow hackers to escape Docker, runc containers

Four vulnerabilities collectively called "Leaky Vessels" allow hackers to escape containers and access data on the underlying host operating system. The flaws were discovered by Snyk security researcher Rory McNamara in November 2023, who reported them to impacted parties for fixing. Snyk has found no signs of active exploitation of the Leaky Vessels flaws in the wild, but the publicity could change the exploitation status, so all impacted system admins are recommended to apply the available security updates as soon as possible.

#bleepingcomputer #EN #2024 #Cloud #Container #Container-Escape #Docker #Leaky-Vessels #Vulnerability #CVE-2024-21626 #CVE-2024-23651 #CVE-2024-23652 #CVE-2024-23653

·bleepingcomputer.com·Feb 4, 2024

Leaky Vessels flaws allow hackers to escape Docker, runc containers

Zyxel VPN Series Pre-auth Remote Command Execution

Summary Chaining of three vulnerabilities allows unauthenticated attackers to execute arbitrary command with root privileges on Zyxel VPN firewall (VPN50, VPN100, VPN300, VPN500, VPN1000). Due to recent attack surface changes in Zyxel, the chain described below broke and become unusable – we have decided to disclose this even though it is no longer exploitable. Credit … SSD Advisory – Zyxel VPN Series Pre-auth Remote Command Execution Read More »

#ssd-disclosure #EN #2024 #Advisory #Zyxel #VPN #Series #Pre-auth #RCE

·ssd-disclosure.com·Feb 4, 2024

Zyxel VPN Series Pre-auth Remote Command Execution

“Scammers Paradise” Exploring Telegram’s Dark Markets, Breeding Ground for Modern Phishing Operations

Explore the shift in phishing from Dark web to Telegram, where cybercriminals trade tools and data, and uncover Guardio's insights on countering this menace.

#labs.guard.io #EN #2024 #Scammers #Telegram #cybercriminals #Dark-Market

·labs.guard.io·Feb 4, 2024

“Scammers Paradise” Exploring Telegram’s Dark Markets, Breeding Ground for Modern Phishing Operations

Une action civile à la suite d’une cyberattaque

À la suite d’une cyberattaque ayant touché SolarWinds Corp., la SEC a déposé une action civile contre la société qui aurait trompé les investisseurs sur ses pratiques en matière de cybersécurité. Cette action civile met en évidence, d’une part, les mauvaises pratiques adoptées par la société, et d’autre part, l’importance accrue que la SEC porte sur les informations en matière de cybersécurité que les sociétés publient à l’attention des investisseurs.

#swissprivacy #FR #Legal #cyberattaque #SEC #SolarWinds #bourse #analyse

·swissprivacy.law·Feb 4, 2024

Une action civile à la suite d’une cyberattaque

AnyDesk Incident: Customer Credentials Leaked and Published for Sale on the Dark Web

Resecurity identified bad actors offering a significant number of AnyDesk customer credentials for sale on the Dark Web.

#securityaffairs #EN #2024 #AnyDesk #incident #darkweb #credentials

·securityaffairs.com·Feb 4, 2024

AnyDesk Incident: Customer Credentials Leaked and Published for Sale on the Dark Web

Investigation: Apparent Russian disinformation group posing as ex-president Poroshenko targets foreign fighters in Ukraine

An apparent Russian state-aligned group is targeting Ukraine’s International Legion in a disinformation campaign The Kyiv Independent obtained and analyzed exclusive video that shows the group used doctored footage to pose as the Ukrainian ex-president on a Zoom call that took place in early January Legion members are being tricked into agreeing with incendiary statements against Zelensky Lack of cultural context, morale issues and low pay in some units have made the International Legion more susceptible to such attacks The attack appears linked to the Russian government-aligned provocateurs Vladimir Kuznetsov and Alexey Stolyarov, known as Vovan and Lexus * The effort highlights ongoing disinformation threats in the Ukraine-Russia war as well as possible information security vulnerabilities of Ukraine’s foreign fighters

#kyivindependent #EN #2024 #Russia-Ukraine-war #deepfake #TA499 #Zoom

·kyivindependent.com·Feb 4, 2024

Investigation: Apparent Russian disinformation group posing as ex-president Poroshenko targets foreign fighters in Ukraine

AnyDesk says hackers breached its production servers, resets passwords

AnyDesk confirmed today that it suffered a recent cyberattack that allowed hackers to gain access to the company's production systems. BleepingComputer has learned that source code and private code signing keys were stolen during the attack.

#bleepingcomputer #En #2024 #AnyDesk #Code-Signing-Certificate #Cyberattack #Source-Code

·bleepingcomputer.com·Feb 2, 2024

AnyDesk says hackers breached its production servers, resets passwords

There Are Too Many Damn Honeypots

VulnCheck faces a horde of honeypots while assessing the potential impact of Atlassian Confluence's CVE-2023-22527. This blog delves into Shodan queries to filter out honeypots and uncover the actual on-premise Confluence install base.

#vulncheck #EN #2024 #honeypots #shodan #Case-study #filter

·vulncheck.com·Feb 2, 2024

There Are Too Many Damn Honeypots

Here is Apple's official 'jailbroken' iPhone for security researchers | TechCrunch

A security researchers shared a picture of the instructions that go along Apple's Security Research Device and more details about this special iPhone.

#techcrunch #EN #2024 #apple #bugs #cybersecurity #iphone #vulnerabilities #Jailbreak

·techcrunch.com·Feb 1, 2024

Here is Apple's official 'jailbroken' iPhone for security researchers | TechCrunch

How Memory Forensics Revealed Exploitation of Ivanti Connect Secure VPN Zero-Day Vulnerabilities

Volexity regularly prioritizes memory forensics when responding to incidents. This strategy improves investigative capabilities in many ways across Windows, Linux, and macOS. This blog post highlights some specific ways memory forensics played a key role in determining how two zero-day vulnerabilities were being chained together to achieve unauthenticated remote code execution in Ivanti Connect Secure VPN devices.

#volexity #EN #2024 #Ivanti #Connect #Secure #VPN #Zero-Day #Vulnerabilities

·volexity.com·Feb 1, 2024

How Memory Forensics Revealed Exploitation of Ivanti Connect Secure VPN Zero-Day Vulnerabilities

Apple fixes zero-day bug in Apple Vision Pro that 'may have been exploited'

Apple said the vulnerability, which is being exploited in the wild, allows malicious code to run on an affected device.

#techcrunch #EN #2024 #security #apple-vision-pro #cybersecurity #exploit #vulnerability

·techcrunch.com·Feb 1, 2024

Apple fixes zero-day bug in Apple Vision Pro that 'may have been exploited'

DarkGate malware delivered via Microsoft Teams - detection and response

While most end users are well-acquainted with the dangers of traditional phishing attacks, such as those delivered via email or other media, a large proportion are likely unaware that Microsoft Teams chats could be a phishing vector. Most Teams activity is intra-organizational, but Microsoft enables External Access by default, which allows members of one organization to add users outside the organization to their Teams chats. Perhaps predictably, this feature has provided malicious actors a new avenue by which to exploit untrained or unaware users.

#cybersecurity.att.com #EN #2024 #Microsoft #Teams #phishing #malware

·cybersecurity.att.com·Feb 1, 2024

DarkGate malware delivered via Microsoft Teams - detection and response

The "EventLogCrasher" 0day For Remotely Disabling Windows Event Log, And a Free Micropatch For It

If you ever troubleshooted anything on Windows or investigated a suspicious event, you know that Windows store various types of events in Windows Event Log. An application crashed and you want to know more about it? Launch the Event Viewer and check the Application log. A service behaving strangely? See the System log. A user account got unexpectedly blocked? The Security log may reveal who or what blocked it. All these events are getting stored to various logs through the Windows Event Log service. Unsurprisingly, this service's description says: "Stopping this service may compromise security and reliability of the system." The Windows Event Log service performs many tasks. Not only is it responsible for writing events coming from various source to persistent file-based logs (residing in %SystemRoot%\System32\Winevt\Logs), it also provides structured access to these stored events through applications like Event Viewer. Furthermore, this service also performs "event forwarding" if you want your events sent to a central log repository like Splunk or Sumo Logic, an intrusion detection system or a SIEM server. Therefore, Windows Event Log service plays an important role in many organizations' intrusion detection and forensic capabilities. And by extension, their compliance check boxes.

#0patch #EN #2024 #EventLogCrasher #Windows #Event #Log

·blog.0patch.com·Jan 31, 2024

The "EventLogCrasher" 0day For Remotely Disabling Windows Event Log, And a Free Micropatch For It