cyberveille.decio.ch

7248 bookmarks

Custom sorting

Kasseika Ransomware Deploys BYOVD Attacks Abuses PsExec and Exploits Martini Driver

In this blog, we detail our investigation of the Kasseika ransomware and the indicators we found suggesting that the actors behind it have acquired access to the source code of the notorious BlackMatter ransomware.

#trendmicro #EN #2024 #reports #ransomware #research #BYOVD #PsExec #Kasseika #Akira #Martini

·trendmicro.com·Jan 31, 2024

Kasseika Ransomware Deploys BYOVD Attacks Abuses PsExec and Exploits Martini Driver

Qualys TRU Discovers Important Vulnerabilities in GNU C Library’s syslog()

The Qualys Threat Research Unit (TRU) has recently unearthed four significant vulnerabilities in the GNU C Library, a cornerstone for countless applications in the Linux environment. Before diving into the specific details of the vulnerabilities discovered by the Qualys Threat Research Unit in the GNU C Library, it’s crucial to understand these findings’ broader impact and importance. The GNU C Library, or glibc, is an essential component of virtually every Linux-based system, serving as the core interface between applications and the Linux kernel. The recent discovery of these vulnerabilities is not just a technical concern but a matter of widespread security implications.

#qualys #EN #2024 #report #research #GNU #C #Library #syslog #CVE-2023-6246 #CVE-2023-6779 #CVE-2023-6780

·blog.qualys.com·Jan 31, 2024

Qualys TRU Discovers Important Vulnerabilities in GNU C Library’s syslog()

GGerman police seizes $2.17 billion in bitcoin in 'most extensive' action ever

German police have confiscated 50,000 bitcoin worth $2.17 billion in the country's 'most extensive' cryptocurrency seizure ever, it said in a statement on Tuesday. "This is the most extensive seizure of bitcoins by law enforcement authorities in the Federal Republic of Germany to date," police in the city of Dresden said. The investigation was supported by the Federal Criminal Police Office (BKA), the FBI and a Munich-based forensic IT expert company, it said.

#reuters #EN #2024 #seizure #bitcoin #Germany #confiscated

·reuters.com·Jan 30, 2024

GGerman police seizes $2.17 billion in bitcoin in 'most extensive' action ever

Hundreds of network operators’ credentials found circulating in Dark Web

Following a recent and highly disruptive cyberattack on telecom carrier Orange España the cybersecurity community needs to rethink its approach to safeguarding the digital identity of staff involved in network engineering and IT infrastructure management. Orange España is the second-largest mobile operator in Spain. In early January, an attacker going by the alias ‘Snow’ hijacked Orange España’s RIPE Network Coordination Centre (NCC) account. RIPE is Europe’s regional Internet registry. After this initial breach, Snow sabotaged the telecommunications firm’s border gateway protocol (BGP) and resource public key infrastructure (RPKI) configurations.

#resecurity #EN #2024 #network #operators #credentials #darkweb #RIPE #BGP

·resecurity.com·Jan 30, 2024

Hundreds of network operators’ credentials found circulating in Dark Web

Hundreds of compromised credentials of customers of RIPE, APNIC, AFRINIC, and LACNIC available on the dark web, Resecurity warns.

#securityaffairs #EN #2024 #darkweb #RIPE #APNIC #AFRINIC #LACNIC #credential #compromised

·securityaffairs.com·Jan 30, 2024

Hundreds of network operators’ credentials found circulating in Dark Web

Public SSH keys can leak your private infrastructure

This article describes a minor security flaw in the SSH authentication protocol that can lead to unexpected private infrastructure disclosure. It also provides a PoC written in Python.

#rushter #EN #2019 #SSH #keys #github #leak

·rushter.com·Jan 30, 2024

Public SSH keys can leak your private infrastructure

Exclusive: US disabled Chinese hacking network targeting critical infrastructure

The U.S. government in recent months launched an operation to fight a pervasive Chinese hacking operation that successfully compromised thousands of internet-connected devices, according to two Western security officials and one person familiar with the matter. The Justice Department and Federal Bureau of Investigation sought and received legal authorization to remotely disable aspects of the Chinese hacking campaign, the sources told Reuters.

#reuters #EN #2024 #US #China #VoltTyphoon #remotely #disable

·reuters.com·Jan 30, 2024

Exclusive: US disabled Chinese hacking network targeting critical infrastructure

Energy giant Schneider Electric hit by Cactus ransomware attack

Energy management and automation giant Schneider Electric suffered a Cactus ransomware attack leading to the theft of corporate data, according to people familiar with the matter.

#bleepingcomputer #APC #Building-Automation #Cactus-Ransomware #Electric #Industrial-Control-Systems #Ransomware #Schneider-Electric #Cactus

·bleepingcomputer.com·Jan 30, 2024

Energy giant Schneider Electric hit by Cactus ransomware attack

New Go-based Malware Loader Discovered I Arctic Wolf

Arctic Wolf Labs has discovered, based on recent intrusion observations, a new Go-based malware loader named CherryLoader

#arcticwolf #EN #2024 #Go-based #Malware #Loader #analysis #CherryLoader

·arcticwolf.com·Jan 29, 2024

New Go-based Malware Loader Discovered I Arctic Wolf

Jenkins Security Advisory 2024-01-24

Arbitrary file read vulnerability through the CLI can lead to RCE

#jenkins #EN #2024 #CVE-2024-23897 #advisory

·jenkins.io·Jan 29, 2024

Jenkins Security Advisory 2024-01-24

Malicious PyPI Packages Slip WhiteSnake InfoStealer Malware onto Windows Machines

Malicious code hiding in seemingly innocent PyPI packages steals your passwords, crypto & more #attacks #breach #computer #cyber #data #hack #hacker #hacking #how #information #malware #network #news #ransomware #security #software #the #to #today #updates #vulnerability

#hacking #attacks #information #network #data #to #updates #malware #cyber #today #news #ransomware #breach #security #software #hack #the #hacker #how #computer #vulnerability

·thehackernews.com·Jan 29, 2024

Malicious PyPI Packages Slip WhiteSnake InfoStealer Malware onto Windows Machines

How a mistakenly published password exposed Mercedes-Benz source code

Mercedes accidentally exposed a trove of sensitive data after a leaked security key gave “unrestricted access” to company’s source code.

#techcrunch #EN #2024 #Mercedes #exposed #password #Mercedes-Benz #Source-Code #GitHub

·techcrunch.com·Jan 29, 2024

How a mistakenly published password exposed Mercedes-Benz source code

Buzzing on Christmas Eve: Trigona Ransomware in 3 Hours

#thedfirreport #EN #2024 #DFIR #Trigona #Ransomware

·thedfirreport.com·Jan 29, 2024

Buzzing on Christmas Eve: Trigona Ransomware in 3 Hours

Malicious NPM Packages Exfiltrate Hundreds of Developer SSH Keys via GitHub

Did you download Warbeast2000 or Kodiak2k from npm? If so, your SSH keys might be compromised! These packages steal keys & upload them to GitHub.

#thehackernews #EN #2024 #NPM #Packages #Malicious #SSH #Keys #warbeast2000 #kodiak2k

·thehackernews.com·Jan 28, 2024

Malicious NPM Packages Exfiltrate Hundreds of Developer SSH Keys via GitHub

Trello API abused to link email addresses to 15 million accounts

An exposed Trello API allows linking private email addresses with Trello accounts, enabling the creation of millions of data profiles containing both public and private information.

#bleepingcomputer #EN #2024 #API #Atlassian #Data-Leak #Email-Address #Project-Management #Trello

·bleepingcomputer.com·Jan 28, 2024

Trello API abused to link email addresses to 15 million accounts

NSA is buying Americans’ internet browsing records without a warrant

Spy agency argues the practice is entirely legal — until a US court says otherwise

#techcrunch #EN #2024 #internet #browsing #records #data-brokers #NSA #US #Spy #legal

·techcrunch.com·Jan 27, 2024

NSA is buying Americans’ internet browsing records without a warrant

Researchers Say the Deepfake Biden Robocall Was Likely Made With Tools From AI Startup ElevenLabs

Two fake-audio experts say that the deepfake robocall of President Biden received by some voters last week was likely created with technology from Silicon Valley’s favorite voice-cloning startup.

#wired #EN #2024 #Biden #robocall #elevenlabs #deepfake #AI #President

·wired.com·Jan 27, 2024

Researchers Say the Deepfake Biden Robocall Was Likely Made With Tools From AI Startup ElevenLabs

Ransomware Cases Increased Greatly in 2023

As we move further into 2024, we must be cautious (maybe even fearful!) of ransomware cases increasing even more than in previous years. Though governments around the world are taking more interest in the worldwide threat, we can see from the increase of cases that our actions have not been enough to thwart the ransomware threat. As new groups continue to form, former groups continue to evolve into new brands, and the big players continue to ramp up their efforts, we must remain vigilant and focus on our preparation and early detection capabilities.

#sans #2024 #EN #ransomware #2023 #Stats

·sans.org·Jan 26, 2024

Ransomware Cases Increased Greatly in 2023

Russian developer of Trickbot malware sentenced to five years in prison

A Russian developer of Trickbot malware has been sentenced to five years and four months in prison, the U.S. Department of Justice said on Thursday.

#therecord #Trickbot #developer #sentenced #2024 #EN

·therecord.media·Jan 26, 2024

Russian developer of Trickbot malware sentenced to five years in prison

Midnight Blizzard: Guidance for responders on nation-state attack

The Microsoft security team detected a nation-state attack on our corporate systems on January 12, 2024, and immediately activated our response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access. The Microsoft Threat Intelligence investigation identified the threat actor as Midnight Blizzard, the Russian state-sponsored actor also known as NOBELIUM.

#microsoft #2024 #EN #Midnight #MidnightBlizzard #guide #attack #TTP

·microsoft.com·Jan 26, 2024

Midnight Blizzard: Guidance for responders on nation-state attack

23andMe data breach: Hackers stole raw genotype data, health reports

Genetic testing provider 23andMe confirmed that hackers stole health reports and raw genotype data of customers affected by a credential stuffing attack that went unnoticed for five months, from April 29 to September 27. #23andMe #Breach #Computer #Credential #DNA #Data #Genetics #Health #InfoSec #Leak #Security #Stuffing

#bleepingcomputer #EN #2024 #Stuffing #Credential #InfoSec #Data #Genetics #Leak #DNA #Breach #Security #Computer #23andMe #Health

·bleepingcomputer.com·Jan 26, 2024

23andMe data breach: Hackers stole raw genotype data, health reports

Inside a Global Phone Spy Tool Monitoring Billions

A wide-spanning investigation by 404 Media reveals more details about a secretive spy tool that can tracks billions of phone profiles through the advertising industry called Patternz. Google has taken action in response to 404 Media's inquiries.

#404media #EN #2024 #Spyware #Patternz

·404media.co·Jan 26, 2024

Inside a Global Phone Spy Tool Monitoring Billions

X is being flooded with graphic Taylor Swift AI images

Fake sexually explicit images of Taylor Swift have been circulating on X over the last day in the latest example of the proliferation of AI-generated pornography.

#theverge #EN #2024 #Taylor-Swift #X #fake #deepfake #pornography

·theverge.com·Jan 26, 2024

X is being flooded with graphic Taylor Swift AI images

HPE reveals Russian attackers accessed internal emails

Moscow-backed Cozy Bear may have had access to the green rectangular email cloud for six months

#theregister #EN #2024 #HPE #Russia #CozyBear #internal #emails #Data-Breach

·theregister.com·Jan 25, 2024

HPE reveals Russian attackers accessed internal emails

Over 5,300 GitLab servers exposed to zero-click account takeover attacks

Over 5,300 internet-exposed GitLab instances are vulnerable to CVE-2023-7028, a zero-click account takeover flaw GitLab warned about earlier this month.

#bleepingcomputer #EN #2024 #Account-Takeover #Alert #Exposed #GitLab #Password-Reset #Security #Vulnerability

·bleepingcomputer.com·Jan 24, 2024

Over 5,300 GitLab servers exposed to zero-click account takeover attacks

AI will make scam emails look genuine, UK cybersecurity agency warns

NCSC says generative AI tools will soon allow amateur cybercriminals to launch sophisticated phishing attacks

#theguardian #EN #2023 #AI #scam #phishing #email #gebuine #cybercriminals #warning #UK #NCSC

·theguardian.com·Jan 24, 2024

AI will make scam emails look genuine, UK cybersecurity agency warns

SEC says X account hack was due to SIM swapping

An “unauthorized party” hijacked the cell phone number of the person running the SEC’s X account before taking over the social media feed and posting messages. In a statement on Monday, an SEC spokesperson explained that two days after the January 9 account takeover, the government agency spoke to its telecom carrier and discovered that someone “obtained control of the SEC cell phone number associated with the account in an apparent ‘SIM swap’ attack.”

#therecord #EN #2023 #SEC #X #Twitter #SIM-swapping #hijacked

·therecord.media·Jan 24, 2024

SEC says X account hack was due to SIM swapping

CVE-2024-0204: Critical Authentication Bypass in Fortra GoAnywhere MFT | Rapid7 Blog

On 1/22/24, Fortra published a security advisory on CVE-2024-0204, a critical authentication bypass affecting its GoAnywhere MFT secure managed file transfer product prior to version 7.4.1.

#rapid7 #EN #2024 #Critical #Authentication #Bypass #CVE-2024-0204 #Fortra #GoAnywhere

·rapid7.com·Jan 23, 2024

CVE-2024-0204: Critical Authentication Bypass in Fortra GoAnywhere MFT | Rapid7 Blog