Play, ce nouveau ransomware utilisé contre les Alpes-Maritimes et ITS Group
Les opérateurs de ce rançongiciel ont attendu la fin novembre pour commencer à épingler publiquement leurs victimes et à en divulguer des données. Pour autant, ils sont actifs depuis au moins fin juin.
Libye: la mise en examen de la société française Amesys et l'inculpation de deux cadres, confirmées en appel
La cour d'appel de Paris a confirmé cette semaine (lundi), la mise en examen de la société française Amesys pour complicité d'actes de torture dans l'enquête sur la vente d’un programme de cybersurveillance au régime libyen de Mouammar Kadhafi. Deux des chefs de l'entreprise ont été inculpés, ce qui rend la société complice d'exactions en Libye.
U.S. bans sale and import of some tech from Chinese companies Huawei and ZTE
The five-member FCC said it has voted unanimously to adopt new rules that will block the importation or sale of certain technology products that pose security risks to U.S. critical infrastructure.
Detecting and Fingerprinting Infostealer Malware-as-a-Service platforms
Cyber threat intelligence largely involves the tracking and studying of the adversaries outside of your network. Gaining counterintelligence about your adversaries' capabilities and weaponry is one of the final building blocks for managing a strong cyber defense. In the pursuit of performing this duty, I have been studying how to discover adversary infrastructure on the internet. One good way of doing this has been via leveraging the scan data available through the popular Shodan search engine. If you've not used it before, Shodan periodically scans the entire internet and makes it available for users to query through. It is often used to monitor networks, look for vulnerabilities, and ensure the security of an organization's perimeter.
WhatsApp data leak: 500 million user records for sale
Someone is allegedly selling up-to-date mobile phone numbers of nearly 500 million WhatsApp users. A data sample investigated by Cybernews likely confirms this to be true.
Google pushes emergency Chrome update to fix 8th zero-day in 2022
Google has released an emergency security update for the desktop version of the Chrome web browser, addressing the eighth zero-day vulnerability exploited in attacks this year.
Suisse: Une cyberattaque bloque la comptabilité de milliers de sociétés
Victime du piratage de son hébergeur cloud, le logiciel de gestion d'entreprise Winbiz ne peut pas être utilisé depuis lundi. Le retour à la normale prendra du temps.
Des dizaines de milliers d'entreprises victimes indirectes d'une cyberattaque
Plus de 45'000 PME et près d'un millier de fiduciaires suisses ne peuvent plus utiliser leur logiciel de gestion "Winbiz cloud", accessible en ligne. La faute à une attaque informatique qui a touché l'hébergeur bernois Infopro. La situation devrait perdurer jusqu'à ce week-end.
Nighthawk: An Up-and-Coming Pentest Tool Likely to Gain Threat Actor Notice | Proofpoint US
Key Takeaways * Nighthawk is an advanced C2 framework intended for red team operations through commercial licensing. * Proofpoint researchers observed initial use of the framework in September 2022 by a likely red team. * We have seen no indications at this time that leaked versions of Nighthawk are being used by attributed threat actors in the wild. * The tool has a robust list of configurable evasion techniques that are referenced as “opsec” functions throughout its code. P* roofpoint researchers expect Nighthawk will show up in threat actor campaigns as the tool becomes more widely recognized or as threat actors search for new, more capable tools to use against targets.
ViperSoftX: Hiding in System Logs and Spreading VenomSoftX - Avast Threat Labs
ViperSoftX is a multi-stage stealer that exhibits interesting hiding capabilities. Other than stealing cryptocurrencies, it also spreads the VenomSoftX browser extension, which performs man-in-the-browser attacks.
Nokia warns 5G security ‘breaches are the rule, not the exception’
A majority of 5G network operators experienced up to six cyber incidents in the past year. Defenses are especially lacking for ransomware and phishing attacks.
Why would you want to hack Electric Vehicle Charging Stations?
A Russian zero-day exploit purchase site is interested in tools for hacking of Electric Vehicle Charging Stations. This raises a number of questions. Why would anybody want to hack such targets? Also, why would Russian entities (in particular) be interested in such targets? The best answer to these is “good question!”, and let's put politics aside. Let’s explore the potential cybersecurity risks of electric vehicle charging station, assuming the ability of compromising them at a scale, having some kind of tools. It turns out that this is a fascinating security problem!
Endurance Ransomware Claims Breach of US Federal Government
The WatchGuard Security Team spends a lot of time chasing ransomware extortion groups throughout the dark web. So, it only fits that one of the newer ransomware extortion groups is named Endurance Ransomware. It appears this “group” is one individual known as IntelBroker, who has allegedly breached several entities of the US government and two […]
Threat actors exploiting Twitter changes after Musk takeover, research shows
The Record by Recorded Future gives exclusive, behind-the-scenes access to leaders, policymakers, researchers, and the shadows of the cyber underground.
Control Your Types or Get Pwned: Remote Code Execution in Exchange PowerShell Backend
By now you have likely already heard about the in-the-wild exploitation of Exchange Server, chaining CVE-2022-41040 and CVE-2022-41082. It was originally submitted to the ZDI program by the researcher known as “DA-0x43-Dx4-DA-Hx2-Tx2-TP-S-Q from GTSC”. After successful validation, it was immediately
Exploit released for actively abused ProxyNotShell Exchange bug
Proof-of-concept exploit code has been released online for two actively exploited and high-severity vulnerabilities in Microsoft Exchange, collectively known as ProxyNotShell.
Making Cobalt Strike harder for threat actors to abuse
Cobalt Strike, the popular tool used by red teams to test the resilience of their cyber defenses, has seen many iterations and improvements over the last decade. First released in 2012, it was originally the commercial spinoff of the open-source Armitage project that added a graphical user interface (GUI) to the Metasploit framework to help security practitioners detect software vulnerabilities more quickly.
RedLine is an information stealer which operates on a MaaS (malware-as-a-service) model. This stealer is available on underground forums, and priced according to users' needs.
Peter is an IT manager for a technology manufacturer that got hit with a Russian ransomware strain called "Zeppelin" in May 2020. He'd been on the job less than six months, and because of the way his predecessor architected things,…