cyberveille.decio.ch

5334 bookmarks

Custom sorting

Support King, banned by FTC, linked to new phone spying operation

year after it was banned by the Federal Trade Commission, a notorious phone surveillance company is back in all but name, a TechCrunch investigation has found. A groundbreaking FTC order in 2021 banned the stalkerware app SpyFone, its parent company Support King, and its chief executive Scott Zuckerman from the surveillance industry. The order, unanimously approved by the regulator’s five sitting commissioners, also demanded that Support King delete the phone data it illegally collected and notify victims that its app was secretly installed on their device.

#techcrunch #EN #2022 #SupportKing #stalkerware #SpyFone #FTC #banned

·techcrunch.com·Dec 18, 2022

Support King, banned by FTC, linked to new phone spying operation

Google ads lead to fake software pages pushing IcedID (Bokbot)

Fake sites for popular software have occasionally been used by cyber criminal groups to push malware. Campaigns pushing IcedID malware (also known as Bokbot) also use this method as a distribution technique (we also commonly see IcedID sent through email).

#SANS #EN #2022 #googleads #bokbot #fake #software #ads #abusing #delivery #IceID

·isc.sans.edu·Dec 18, 2022

Google ads lead to fake software pages pushing IcedID (Bokbot)

New Ransom Payment Schemes Target Executives, Telemedicine

Ransomware groups are constantly devising new methods for infecting victims and convincing them to pay up, but a couple of strategies tested recently seem especially devious. The first centers on targeting healthcare organizations that offer consultations over the Internet and sending them booby-trapped medical records for the “patient.” The other involves carefully editing email inboxes of public company executives to make it appear that some were involved in insider trading.

#krebsonsecurity #EN #2022 #executives #ransom #healthcare #Venus #CL0P #infiltration

·krebsonsecurity.com·Dec 18, 2022

New Ransom Payment Schemes Target Executives, Telemedicine

Using OpenAI Chat to Generate Phishing Campaigns

OpenAI chat has exploded in popularity over the last couple of weeks. People are using it to do all sorts of interesting things. If you are unfamiliar with OpenAI Chat and GPT-3, you can find a primer here. The gist is that it’s an artificial intelligence model that you can chat with as if it were a person. It can do all kinds of things like answer questions, write code, find bugs in code, and more. It also remembers context, so you can refer to something you already mentioned at it is able to follow along. I thought maybe this could be a useful tool for building email phishing campaigns for my pentesting work, so I thought I’d try it out and see what I could get it to do.

#richardosgood #ChatGPT #Phishing #Campaigns

·richardosgood.com·Dec 16, 2022

Using OpenAI Chat to Generate Phishing Campaigns

How ChatGPT can turn anyone into a ransomware and malware threat actor  

Ever since OpenAI launched ChatGPT at the end of November, commentators on all sides have been concerned about the impact AI-driven content-creation will have, particularly in the realm of cybersecurity. In fact, many researchers are concerned that generative AI solutions will democratize cybercrime.

#venturebeat #EN #2022 #ChatGPT #cybercrime #generative #AI

·venturebeat-com.cdn.ampproject.org·Dec 16, 2022

How ChatGPT can turn anyone into a ransomware and malware threat actor  

Global crackdown against DDoS services shuts down most popular platforms

Known as Operation Power Off, this operation saw law enforcement in the United States, the United Kingdom, the Netherlands, Poland and Germany take action against these types of attacks which can paralyse the internet. The services seized were by far the most popular DDoS booter services on the market, receiving top billing on search engines. One such service taken...

#europol #EN #2022 #DDoS #crackdown #platforms

·europol.europa.eu·Dec 15, 2022

Global crackdown against DDoS services shuts down most popular platforms

Très courtisées, les sociétés suisses de cybersécurité s’arrachent

En l’espace de quelques jours, Hacknowledge a été rachetée par La Poste, alors que SCRT a été acquise par Orange Cyberdefense. Le manque d’experts et la demande croissante des PME motivent ces opérations

#letemps #FR #CH #2022 #Sécurité #SCRT #Hacknowledge #Cyberdefense #Poste #compétences #rachats #experts

·letemps.ch·Dec 15, 2022

Très courtisées, les sociétés suisses de cybersécurité s’arrachent

Microsoft-signed malicious Windows drivers used in ransomware attacks

Microsoft has revoked several Chardware developer accounts after drivers signed through their profiles were used in cyberattacks, including ransomware incidents.

#bleepingcomputer #EN #2022 #Microsoft-signed #Microsoft #cyberattacks #drivers

·bleepingcomputer.com·Dec 14, 2022

Microsoft-signed malicious Windows drivers used in ransomware attacks

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

InfraGard, a program run by the U.S. Federal Bureau of Investigation (FBI) to build cyber and physical threat information sharing partnerships with the private sector, this week saw its database of contact information on more than 80,000 members go up…

#krebsonsecurity #2022 #EN #InfraGard #FBI #leak #database

·krebsonsecurity.com·Dec 14, 2022

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

A Custom Python Backdoor for VMWare ESXi Servers

Juniper Threat Labs analyzes a backdoor installed on a compromised VMware ESXi server that can execute arbitrary commands and launch reverse shells.

#juniper #EN #2022 #VMware #ESXi #python

·blogs.juniper.net·Dec 14, 2022

A Custom Python Backdoor for VMWare ESXi Servers

Apple fixes 'actively exploited' zero-day security vulnerability affecting most iPhones

The iPhone security flaw was discovered by a Google unit that uncovers nation-state spyware, hacking and cyberattacks.

#Apple #EN #2022 #security #cyberattack #iphone #spyware

·techcrunch.com·Dec 14, 2022

Apple fixes 'actively exploited' zero-day security vulnerability affecting most iPhones

Mallox Ransomware showing signs of Increased Activity

“TargetCompany” is a type of ransomware that was first identified in June 2021. The researchers named it TargetCompany ransomware because it adds the targeted company name as a file extension to the encrypted files. In September 2022, researchers identified a TargetCompany ransomware variant targeting Microsoft SQL servers and adding the “Fargo” extension to the encrypted files. TargetCompany ransomware is also known to add a “Mallox” extension after encrypting the files.

#cyble #en #2022 #mallox #Ransomware #analysis

·blog.cyble.com·Dec 13, 2022

Mallox Ransomware showing signs of Increased Activity

State-sponsored attackers actively exploiting RCE in Citrix devices, patch ASAP! (CVE-2022-27518)

An unauthenticated RCE flaw (CVE-2022-27518) is being leveraged by APT5 to compromise Citrix ADC deployments.

#helpnetsecurity #2022 #CVE-2022-27518 #Citrix #ADC #APT5 #attackers

·helpnetsecurity.com·Dec 13, 2022

State-sponsored attackers actively exploiting RCE in Citrix devices, patch ASAP! (CVE-2022-27518)

Released: Citrix ADC and Citrix Gateway (security bulletin CTX474995) security update

Learn about security updates for versions 12.1 (including FIPS and NDcPP) and 13.0 before 13.0-58.32 of Citrix ADC and Citrix Gateway and get fixes for both (security bulletin CTX474995).

#citrix #EN #2022 #citrix-adc #citrix-gateway #netscaler #netscaler-gateway #ctx474995 #citrix-vulnerability #CVE-2022-27518

·citrix.com·Dec 13, 2022

Released: Citrix ADC and Citrix Gateway (security bulletin CTX474995) security update

Patrol and Persuade - A follow up on 110 Overseas investigation

This latest release documents further extensive evidence of the establishment by local PRC Public Security authorities of at least 102 “Chinese Overseas Police Service Centers” in 53 countries around the world and how some of them have been partaking in the execution of "persuasions to return" operations. Patrol and Persuade (PDF) also documents the (silent) complicity of a number of host countries, instilling a further sense of fear into targeted communities and severely undermining the international rules-based order .

#safeguarddefenders #EN #2022 #PRC #operations #Chinese #Overseas #Police #Service #Centers

·safeguarddefenders.com·Dec 13, 2022

Patrol and Persuade - A follow up on 110 Overseas investigation

Check Point Research analyzes files on the Dark Web and finds millions of records available

Check Point Research (CPR) has analyzed the files that are for sale on the Dark Web, whose sellers claim are from WhatsApp users, revealing the leak includes 360 million phone numbers from 108 countries * Full list went on sale for 4 days, and is now being distributed freely amongst Dark Web users * Users are advised to be aware of links and unknown senders, while using any messaging services

#checkpoint #EN #2022 #WhatsApp #darkweb #dump

·blog.checkpoint.com·Dec 13, 2022

Check Point Research analyzes files on the Dark Web and finds millions of records available

PSIRT Advisories

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.

#fortiguard #EN #2022 #Advisory #CWE-122 #FortiOS #SSL-VPN

·fortiguard.com·Dec 12, 2022

PSIRT Advisories

Pulling the Curtains on Azov Ransomware: Not a Skidsware but Polymorphic Wiper - Check Point Research

Check Point Research (CPR) provides under-the-hood details of its analysis of the infamous Azov Ransomware * Investigation shows that Azov is capable of modifying certain 64-bit executables to execute its own code * Azov is designed to inflict impeccable damage to the infected machine it runs on * CPR sees over 17K of Azov-related samples submitted to VirusTotal

#checkpoint #EN #2022 #Azov #analysis #Ransomware

·research.checkpoint.com·Dec 12, 2022

Pulling the Curtains on Azov Ransomware: Not a Skidsware but Polymorphic Wiper - Check Point Research

Scammers Are Scamming Other Scammers Out of Millions of Dollars

On cybercrime forums, user complaints about being duped may accidentally expose their real identities.

#wired #EN #2022 #malware #security #dark-web #crime #Scammers #cybercrime #forums

·wired.com·Dec 12, 2022

Scammers Are Scamming Other Scammers Out of Millions of Dollars

Phylum Detects Ongoing Typosquat/Ransomware Campaign in PyPI and NPM

Malicious packages that download ransomware binaries written in Golang published today, with more expected in the coming hours.

#phylum #EN #2022 #Typosquat #Ransomware #PyPI #NPM #Supply-chain-security

·blog.phylum.io·Dec 12, 2022

Phylum Detects Ongoing Typosquat/Ransomware Campaign in PyPI and NPM

Apple announces 3 new security features

Apple has announced three new security features that will help protect logins, iMessage conversations, and data snyced by iCloud.

#malwarebytes #2022 #EN #Apple #iMessage #backup #iCloud

·malwarebytes.com·Dec 12, 2022

Apple announces 3 new security features

Cisco discloses high-severity IP phone zero-day with exploit code

Cisco has disclosed today a high-severity zero-day vulnerability affecting the latest generation of its IP phones and exposing them to remote code execution and denial of service (DoS) attacks.

#bleepingcomputer #EN #2022 #Cisco #Denial-of-Service #DoS #RCE #Remote-Code-Execution #Zero-Day #CVE-2022-20968

·bleepingcomputer.com·Dec 12, 2022

Cisco discloses high-severity IP phone zero-day with exploit code

Pilfered Keys Free App Infected by Malware Steals Keychain Data

Open-source applications are a practical way to save money while keeping up with your productivity. However, this can be abused by threat actors to steal your data. Find out how one app was used to gather information of Apple users.

#trendmicro #EN #2022 #Open-source #Apple #malware #keychain #keysteal

·trendmicro.com·Dec 12, 2022

Pilfered Keys Free App Infected by Malware Steals Keychain Data

Cryptocurrency Scam - Pig Butchering

A recent cryptocurrency scam has highlighted a need for fraud awareness. The new scam - called “pig butchering” - includes a sophisticated new twist that combines a romance scam with an investment spin. According to the Federal Bureau of Investigation (FBI), the term “pig butchering” refers to a time-tested, heavily scripted, and contact intensive process to fatten up the prey before slaughter.

#michigan.gov #EN #2022 #cryptocurrency #scam #definition #FBI

·michigan.gov·Dec 12, 2022

Cryptocurrency Scam - Pig Butchering

Pulse Connect Secure: A View from the Internet

Pulse Connect Secure is a low-cost and widely-deployed SSL VPN solution for remote and mobile users. Over the years, researchers have found several significant vulnerabilities in the server software, some even resulting in the active exploitation of critical infrastructure by malicious threat actors. In April of 2021, CISA released a report detailing some of these activities, which included exploiting several unknown (at the time) vulnerabilities and resulted in swift action from Ivanti, the Pulse Connect Secure software developer.

#censys #EN #2022 #PulseConnectSecure #VPN #vulnerable #CVE-2021-22893

·censys.io·Dec 10, 2022

Pulse Connect Secure: A View from the Internet

Gaming firm Razer wins lawsuit against IT vendor over data leak, awarded $8.7m in damages

Shipping information and order details of thousands of customers worldwide were leaked in September 2020. Read more at straitstimes.com.

#straitstimes #EN #2022 #Razer #lawsuit #damages #Capgemini

·straitstimes.com·Dec 10, 2022

Gaming firm Razer wins lawsuit against IT vendor over data leak, awarded $8.7m in damages

Hitching a ride with Mustang Panda

Avast discovered a distribution point where a malware toolset is hosted, but also serves as temporary storage for the gigabytes of data being exfiltrated on a daily basis, including documents, recordings, and webmail dumps including scans of passports from Asian, American and European citizens and diplomats applying for Burmese visas, from Burmese human rights activists and Burmese government institutions.

#avast #EN #2022 #MustangPanda #exfiltrated #analysis

·decoded.avast.io·Dec 10, 2022

Hitching a ride with Mustang Panda

New MuddyWater Threat: Old Kitten; New Tricks

MuddyWater, also known as Static Kitten and Mercury, is a cyber espionage group that’s most likely a subordinate element within Iran's Ministry of Intelligence and Security (MOIS). Since at least 2017 MuddyWater has targeted a range of government and private organizations across sectors, including telecommunications, local government, defense, and oil and natural gas organizations, in the Middle East, Asia, Africa, Europe, and North America.

#deepinstinct #MuddyWater #EN #2022 #analysis #malspam #StaticKitten #Mercury

·deepinstinct.com·Dec 10, 2022

New MuddyWater Threat: Old Kitten; New Tricks

Apple rolls out end-to-end encryption for iCloud backups

Apple introduced today Advanced Data Protection for iCloud, a new feature that uses end-to-end encryption to protect sensitive iCloud data, including backups, Photos, Notes, and more.

#bleepingcomputer #EN #2022 #Apple #Backup #E2EE #End-to-end-encryption #iCloud

·bleepingcomputer.com·Dec 7, 2022

Apple rolls out end-to-end encryption for iCloud backups

Mustang Panda Uses the Russian-Ukrainian War to Attack Europe and Asia Pacific Targets

APT group Mustang Panda now appears to have Europe and Asia Pacific targets in its sights. The BlackBerry Research and Intelligence team recently unearthed evidence that the group may be using global interest in the Russian-Ukraine war to deliver PlugX malware via phishing lure to unsuspecting users.

#blackberry #EN #2022 #MustangPanda #Europe #Asia #russia-ukraine-war #PlugX #malware

·blogs.blackberry.com·Dec 7, 2022

Mustang Panda Uses the Russian-Ukrainian War to Attack Europe and Asia Pacific Targets