cyberveille.decio.ch

5334 bookmarks

Custom sorting

ZINC weaponizing open-source software - Microsoft Security Blog

In recent months, Microsoft has detected a wide range of social engineering campaigns using weaponized legitimate open-source software by an actor we track as ZINC. Microsoft Threat Intelligence Center (MSTIC) observed activity targeting employees in organizations across multiple industries including media, defense and aerospace, and IT services in the US, UK, India, and Russia. Based on the observed tradecraft, infrastructure, tooling, and account affiliations, MSTIC attributes this campaign with high confidence to ZINC, a state-sponsored group based out of North Korea with objectives focused on espionage, data theft, financial gain, and network destruction.

#microsoft #EN #2022 #Microsoft #weaponized #ZINC #open-source #MSTIC #apt #North-Korea

·microsoft.com·Dec 28, 2022

ZINC weaponizing open-source software - Microsoft Security Blog

ZetaNile: Open source software trojans from North Korea

ReversingLabs Malware Researcher Joseph Edwards takes a deep dive into ZetaNile, a set of open-source software trojans being used by Lazarus/ZINC.

#reversinglabs #EN #2022 #ZetaNile #Malware #deepdive #apt #Lazarus #ZINC #open-source #trojans

·reversinglabs.com·Dec 28, 2022

ZetaNile: Open source software trojans from North Korea

New RisePro Stealer distributed by the prominent PrivateLoader

PrivateLoader is an active malware in the loader market, used by multiple threat actors to deliver various payloads, mainly information stealer. Since our previous investigation, we keep tracking the malware to map its ecosystem and delivered payloads. Starting from this tria.ge submission, we recognized a now familiar first payload, namely PrivateLoader. However, the dropped stealer was not part of our stealer growing collection, notably including RedLine or Raccoon. Eventually SEKOIA.IO realised it was a new undocumented stealer, known as RisePro. This article aims at presenting SEKOIA.IO RisePro information stealer analysis.

#sekoia #EN #2022 #PrivateLoader #malware #stealer #RisePro #analysis

·blog.sekoia.io·Dec 28, 2022

New RisePro Stealer distributed by the prominent PrivateLoader

Cost of data breaches to surpass US$5mn per incident in 2023

Acronis’ end-of-year cyberthreats report found that the proportion of phishing attacks has risen by 1.3x, accounting for 76% of all cyber attacks

#technologymagazine #2022 #EN #Acronis #end-of-year #report #phishing

·technologymagazine.com·Dec 28, 2022

Cost of data breaches to surpass US$5mn per incident in 2023

What’s in a PR statement: LastPass breach explained

The LastPass statement on their latest breach is full of omissions, half-truths and outright lies. I’m providing the necessary context for some of their claims.

#palant.info #EN #2022 #LastPass #breach #explained #omissions #context #claims

·palant.info·Dec 28, 2022

What’s in a PR statement: LastPass breach explained

ProxyNotRelay - An Exchange Vulnerability Encore

In this blog post we will dive into the latest Microsoft Exchange 0-day vulnerability, dubbed #ProxyNotShell, how it relates to other Exchange vulnerabilities and finally demonstrate how ProxyRelay can combined with ProxyNotShell, even with Extended Protection and IIS rewrite rules enabled.

#rw.md #EN #2022 #ProxyNotRelay #ProxyNotShell #analysis #CVE-2022–41082 #CVE-2022–41040

·rw.md·Dec 28, 2022

ProxyNotRelay - An Exchange Vulnerability Encore

Shlayer Malware: Continued Use of Flash Updates

Although Flash Player reached end of life for macOS in 2020, this has not stopped Shlayer operators from continuing to abuse it for malvertising campaigns.

#crowdstrike #EN #2021 #Flash #Player #macOS #Shlayer #malvertising #analysis #IoCs

·crowdstrike.com·Dec 28, 2022

Shlayer Malware: Continued Use of Flash Updates

Shlayer malware abusing Gatekeeper bypass on macOS

Shlayer malware bypasses Gatekeeper security protections on macOS to execute unauthorized software without requiring approval.

#jamf #EN #2021 #Gatekeeper #bypass #macOS #Shlayer #malware

·jamf.com·Dec 28, 2022

Shlayer malware abusing Gatekeeper bypass on macOS

L’art de l’évasion How Shlayer hides its configuration inside Apple proprietary DMG files

While conducting routine threat hunting for macOS malware on Ad networks, I stumbled upon an unusual Shlayer sample. Upon further analysis, it became clear that this variant was different from the known Shlayer variants such as OSX/Shlayer.D, OSX/Shlayer.E, or ZShlayer. We have dubbed it OSX/Shlayer.F.

#objective-see #2022 #EN #Shlayer #macos #malware #IoCs #analysis

·objective-see.org·Dec 28, 2022

L’art de l’évasion How Shlayer hides its configuration inside Apple proprietary DMG files

Hacker claims to be selling Twitter data of 400 million users

A threat actor claims to be selling public and private data of 400 million Twitter users scraped in 2021 using a now-fixed API vulnerability. They're asking $200,000 for an exclusive sale.

#bleepingcomputer #EN #2022 #Twitter #threat #API #vulnerability #ransom

·bleepingcomputer.com·Dec 27, 2022

Hacker claims to be selling Twitter data of 400 million users

Cracking encrypted Lastpass vaults

The recent (2022) compromise of Lastpass included email addresses, home addresses, names, and encrypted customer vaults. In this post I will demonstrate how attackers may leverage tools like Hashcat to crack an encrypted vault with a weak password.

#Markuta #EN #2022 #password-cracking #lastpass #compromise #Hashcat #crack #PoC

·markuta.com·Dec 26, 2022

Cracking encrypted Lastpass vaults

Threat Spotlight: XLLing in Excel - threat actors using malicious add-ins

As more and more users adopt new versions of Microsoft Office, it is likely that threat actors will turn away from VBA-based malicious documents to other formats such as XLLs or rely on exploiting newly discovered vulnerabilities to launch malicious code.

#talosintelligence #EN #2022 #Excel #XLLing #malicious #add-ins #XLL #analysis

·blog.talosintelligence.com·Dec 26, 2022

Threat Spotlight: XLLing in Excel - threat actors using malicious add-ins

Raspberry Robin Malware Targets Telecom, Governments

We found samples of the Raspberry Robin malware spreading in telecommunications and government office systems beginning September. The main payload itself is packed with more than 10 layers for obfuscation and is capable of delivering a fake payload once it detects sandboxing and security analytics tools.

#trendmicro #EN #2022 #malware #apt #endpoints #RaspberryRobin #obfuscation #analysis

·trendmicro.com·Dec 26, 2022

Raspberry Robin Malware Targets Telecom, Governments

Custom-Branded Ransomware: The Vice Society Group and the Threat of Outsourced Development - SentinelOne

New PolyVice ransomware is likely in use by multiple threat actors building re-branded payloads with the same custom encryption scheme.

#sentinelone #EN #2022 #ransomware #PolyVice #ViceSociety #analysis

·sentinelone.com·Dec 26, 2022

Custom-Branded Ransomware: The Vice Society Group and the Threat of Outsourced Development - SentinelOne

An infostealer comes to town: Dissecting a highly evasive malware targeting Italy

Cluster25 researchers analyzed several campaigns (also publicly reported by CERT-AGID) that used phishing emails to spread an InfoStealer malware written in .NET through an infection chain that involves Windows Shortcut (LNK) files and Batch Scripts (BAT). Taking into account the used TTPs and extracted evidence, the attacks seem perpetrated by the same adversary (internally named AUI001).

#cluster25 #EN #2022 #infostealer #Italy #phishing #Campaigns #analysis #Alibaba2044 #IoCs

·blog.cluster25.duskrise.com·Dec 23, 2022

An infostealer comes to town: Dissecting a highly evasive malware targeting Italy

Notice of Recent Security Incident

We are working diligently to understand the scope of the incident and identify what specific information has been accessed.

#lastpass #EN #2022 #incident #backup #hack #exfiltration

·blog.lastpass.com·Dec 22, 2022

Notice of Recent Security Incident

New Ransomware Strains Emerging from Leaked Conti’s Source Code  

Cyble Research and Intelligence Labs analyzes multiple ransomware strains created based on leaked source code of Conti Ransomware.

#cyble #EN #2022 #Conti #Leaked #sourcecode #ransomware #strains #analysis

·blog.cyble.com·Dec 22, 2022

New Ransomware Strains Emerging from Leaked Conti’s Source Code  

EXCLUSIVE: TikTok Spied On Forbes Journalists

ByteDance confirmed it used TikTok to monitor journalists’ physical location using their IP addresses, as first reported by Forbes in October.

#forbes #2022 #TikTok #ByteDance #China #mattis-et-ultricies-eget #Mauris-felis-urna

·forbes.com·Dec 22, 2022

EXCLUSIVE: TikTok Spied On Forbes Journalists

Meddler-in-the-Middle Phishing Attacks Explained MitM

Meddler-in-the-Middle (MitM) phishing attacks show how threat actors find ways to get around traditional defenses and advice.

#unit42 #EN #2022 #MitM #phishing #Meddler-in-the-Middle #explanation #analysis

·unit42.paloaltonetworks.com·Dec 22, 2022

Meddler-in-the-Middle Phishing Attacks Explained MitM

Stolen certificates in two waves of ransomware and wiper attacks | Securelist

In this report, we compare the ROADSWEEP ransomware and ZEROCLEARE wiper versions used in two waves of attacks against Albanian government organizations.

#securelist #2022 #EN #Malware #Malware-Descriptions #Malware-Technologies #Ransomware #Targeted-attacks #Trojan #Wiper #Albania

·securelist.com·Dec 22, 2022

Stolen certificates in two waves of ransomware and wiper attacks | Securelist

New Kiss-a-dog Cryptojacking Campaign Targets Docker and Kubernetes

CrowdStrike has uncovered a new cryptojacking campaign targeting vulnerable Docker and Kubernetes infrastructure using an obscure domain from the payload, container escape attempt and anonymized “dog” mining pools. Called “Kiss-a-dog,” the campaign used multiple command-and-control (C2) servers to launch attacks that attempted to mine cryptocurrency, utilize user and kernel mode rootkits to hide the activity, backdoor compromised containers, move laterally in the network and gain persistence. The CrowdStrike Falcon® platform helps protect organizations of all sizes from sophisticated breaches, including cryptojacking campaigns such as this.

#crowdstrike #EN #2022 #Kiss-a-dog #Cryptojacking #docker #kubernetes

·crowdstrike.com·Dec 22, 2022

New Kiss-a-dog Cryptojacking Campaign Targets Docker and Kubernetes

A Roomba recorded a woman on the toilet. How did screenshots end up on Facebook?

Robot vacuum companies say your images are safe, but a sprawling global supply chain for data from our devices creates risk.

#technologyreview #EN #2022 #privacy #robots #robot-vacuums #iRobot #Roomba #Amazon #artificial-intelligence #machine-learning #computer-vision #internet-of-things #surveillance #Federal-Trade-Commission

·technologyreview.com·Dec 21, 2022

A Roomba recorded a woman on the toilet. How did screenshots end up on Facebook?

Guardian hit by serious IT incident believed to be ransomware attack

Incident has hit parts of media company’s technology infrastructure, with staff told to work from home

#theguardian #EN #2022 #incident #ransomware #attack

·theguardian.com·Dec 21, 2022

Guardian hit by serious IT incident believed to be ransomware attack

Okta's source code stolen after GitHub repositories hacked

In a 'confidential' email notification sent by Okta and seen by BleepingComputer, the company states that attackers gained access to its GitHub repositories this month and stole the company's source code.

#bleepingcomputer #en #2022 #GitHub #Okta #Source-Code #Theft

·bleepingcomputer.com·Dec 21, 2022

Okta's source code stolen after GitHub repositories hacked

2022: A Look Back On A Year Of Mass Exploitation

Researchers at GreyNoise Intelligence have added over 230 tags since January 1, 2022, which include detections for over 160 CVEs. In today’s release of the GreyNoise Intelligence 2022 "Year of Mass Exploits" retrospective report, we showcase four of 2022's most pernicious and pwnable vulnerabilities.

#greynoise #2022 #EN #review #Intelligence #retrospective

·greynoise.io·Dec 20, 2022

2022: A Look Back On A Year Of Mass Exploitation

SentinelSneak: Malicious PyPI module poses as security software development kit

A malicious Python file found on the PyPI repo adds backdoor and data exfiltration features to what appears to be a legitimate SDK client from SentinelOne.

#reversinglabs #EN #2022 #PyPI #Supply-chain-security #Python #exfiltration #module #kit

·blog.reversinglabs.com·Dec 20, 2022

SentinelSneak: Malicious PyPI module poses as security software development kit

CVE-2022-41040 and CVE-2022-41082 – zero-days in MS Exchange

At the end of September, GTSC reported the finding of two 0-day vulnerabilities in Microsoft Exchange Server, CVE-2022-41040 and CVE-2022-41082. The cybersecurity community dubbed the pair of vulnerabilities ProxyNotShell.

#securelist #EN #2022 #DLL-hijacking #Malware-Descriptions #Microsoft-Exchange #Trojan #Vulnerabilities-and-exploits #Zero-day #CVE-2022-41040 #CVE-2022-41082 #analysis

·securelist.com·Dec 20, 2022

CVE-2022-41040 and CVE-2022-41082 – zero-days in MS Exchange

Get root on macOS 13.0.1 with CVE-2022-46689, the macOS Dirty Cow bug

Get root on macOS 13.0.1 with CVE-2022-46689 (macOS equivalent of the Dirty Cow bug), using the testcase extracted from Apple’s XNU source.

#worthdoingbadly #EN #2022 #CVE-2022-46689 #macOS #dirtycow

·worthdoingbadly.com·Dec 19, 2022

Get root on macOS 13.0.1 with CVE-2022-46689, the macOS Dirty Cow bug

GoTrim: Go-based Botnet Actively Brute Forces WordPress Websites

FortiGuard Labs encountered an unreported CMS scanner and brute forcer written in the Go programming language. Read our analysis of the malware and how this active botnet scans and compromises websites.

#fortinet #EN #2022 #analysis #malware #scanner #Wordpress #go #brute-force-attack #FortiGuards-Labs #Threat-Research #botnet

·fortinet.com·Dec 19, 2022

GoTrim: Go-based Botnet Actively Brute Forces WordPress Websites

À propos du chiffrement côté client - Aide Administrateur Google Workspace

Vous pouvez chiffrer les données de votre organisation à l'aide de vos propres clés de chiffrement, en plus du chiffrement par défaut fourni par Google Workspace. Avec le chiffrement côté client (CSE) Google Workspace, le chiffrement du contenu est géré dans le navigateur du client avant la transmission ou le stockage des données dans le cloud via Google Drive. De cette façon, les serveurs Google ne peuvent pas accéder à vos clés de chiffrement ni déchiffrer vos données. Après avoir configuré le CSE, vous pouvez choisir quels utilisateurs peuvent créer du contenu chiffré côté client et le partager en interne ou en externe.

#Google #Workspace #2022 #FR #chiffrement

·support.google.com·Dec 18, 2022

À propos du chiffrement côté client - Aide Administrateur Google Workspace