cyberveille.decio.ch

5334 bookmarks

Custom sorting

Michigan school districts reopen after three-day closure due to ransomware attack

Public schools in two Michigan counties are reopening on Thursday after a ransomware attack crippled their ability to function and closed doors to students for three days. All of the public schools in Jackson and Hillsdale counties announced their reopening on Thursday in letters to parents, assuring them that cybersecurity experts, tech officials and law enforcement worked around the clock to restore the systems following outages that began on Monday.

#therecord #EN #2022 #schools #US #ransomware #Public #closed #students

·therecord.media·Nov 17, 2022

Michigan school districts reopen after three-day closure due to ransomware attack

A Comprehensive Look at Emotet’s Fall 2022 Return

Emotet returned to the email threat landscape in early November for the first time since July 2022. It is once again one of the most high-volume actors observed by Proofpoint, distributing hundreds of thousands of emails per day. * Proofpoint observed multiple changes to Emotet and its payloads including the lures used, and changes to the Emotet modules, loader, and packer. * Emotet was observed dropping IcedID. * The new activity suggests Emotet is returning to its full functionality acting as a delivery network for major malware families. * New operators or management might be involved as the botnet has some key differences with previous deployments.

#proofpoint #EN #2022 #Emotet #Return #IcedID

·proofpoint.com·Nov 17, 2022

A Comprehensive Look at Emotet’s Fall 2022 Return

CVE-2022-41622 and CVE-2022-41800 (FIXED): F5 BIG-IP and iControl REST Vulnerabilities and Exposures

Rapid7 discovered several vulnerabilities and exposures in F5 BIG-IP and BIG-IQ devices running a customized distribution of CentOS detailed in F5's Base Operating Systems support article. The affected products are detailed in the vendor advisories below:

#rapid7 #EN #2022 #CVE-2022-41622 #CVE-2022-41800 #F5 #BIG-IP #vulnerabilities

·rapid7.com·Nov 17, 2022

CVE-2022-41622 and CVE-2022-41800 (FIXED): F5 BIG-IP and iControl REST Vulnerabilities and Exposures

Firefox fixes fullscreen fakery flaw – get the update now! – Naked Security

What’s so bad about a web page going fullscreen without warning you first?

#nakedsecurity #EN #2022 #CVE-2022-45407 #CVE-2022-4540 #firefox #mozilla #vulnerability #patch

·nakedsecurity.sophos.com·Nov 17, 2022

Firefox fixes fullscreen fakery flaw – get the update now! – Naked Security

Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester

From mid-June through mid-July 2022, CISA conducted an incident response engagement at a Federal Civilian Executive Branch (FCEB) organization where CISA observed suspected advanced persistent threat (APT) activity. In the course of incident response activities, CISA determined that cyber threat actors exploited the Log4Shell vulnerability in an unpatched VMware Horizon server, installed XMRig crypto mining software, moved laterally to the domain controller (DC), compromised credentials, and then implanted Ngrok reverse proxies on several hosts to maintain persistence.

#cisa #EN #2022 #uscert #csirt #cert #cybersecurity #cyber-security #Log4Shell #VM #APT #Iran #USware

·cisa.gov·Nov 17, 2022

Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester

Cryptex: how a custom iPhone is changing macOS updates – The Eclectic Light Company

Expected in Ventura 13.1 is a new lightweight system for applying security patches. This article explains how it uses cryptexes, already being used in macOS 13.

#eclecticlight #2022 #macOS #updates #security #Cryptex #patches #cryptexes

·eclecticlight.co·Nov 16, 2022

Cryptex: how a custom iPhone is changing macOS updates – The Eclectic Light Company

New RapperBot Campaign – We Know What You Bruting for this Time

FortiGuard Labs provides an analysis on RapperBot focusing on comparing samples for different campaigns, including one aiming to launch Distributed Denial of Service (DDoS) attacks. Read our blog to learn more about the differences observed in this campaign vs previous RapperBot and similar campaigns in the past.

#fortinet #EN #2022 #RapperBot #DDoS-attacks #DDoS #analysis #IoCs

·fortinet.com·Nov 16, 2022

New RapperBot Campaign – We Know What You Bruting for this Time

Videosorveglianza: stop del Garante privacy a riconoscimento facciale e occhiali smart. L’Autorità apre istruttorie nei confronti di due Comuni

L’Autorità ha aperto un’istruttoria nei confronti del Comune di Lecce, che ha annunciato l’avvio di un sistema che prevede l’impiego di tecnologie di riconoscimento facciale. In base alla normativa europea e nazionale, ha ricordato l’Autorità, il trattamento di dati personali realizzato da soggetti pubblici, mediante dispositivi video, è generalmente ammesso se necessario per l’esecuzione di un compito di interesse pubblico o connesso all’esercizio di pubblici poteri.

#garanteprivacy #IT #Italy #privacy #stop #riconoscimento #facciale

·garanteprivacy.it·Nov 16, 2022

Videosorveglianza: stop del Garante privacy a riconoscimento facciale e occhiali smart. L’Autorità apre istruttorie nei confronti di due Comuni

Google Reaches $391.5 Million Settlement With States Over Location Tracking Practices

Attorneys general found that Google violated state consumer protection laws by misleading consumers about its location-data practices, tracking consumers even when their location history setting was turned off.

#wsj #EN #2022 #settlement #privacy #tracking #location #fine #US

·wsj.com·Nov 16, 2022

Google Reaches $391.5 Million Settlement With States Over Location Tracking Practices

Thales position on LockBit 3.0

At this stage, on November 11, 2022, at 3pm (CET time) Thales is able to confirm the following information:

#thalesgroup #EN #ransomware #LockBit3.0 #press-release

·thalesgroup.com·Nov 16, 2022

Thales position on LockBit 3.0

Top Zeus Botnet Suspect “Tank” Arrested in Geneva

Vyacheslav “Tank” Penchukov, the accused 40-year-old Ukrainian leader of a prolific cybercriminal group that stole tens of millions of dollars from small to mid-sized businesses in the United States and Europe, has been arrested in Switzerland, according to multiple sources.

#krebsonsecurity #EN #2022 #Geneva #Penchukov #Zeus #JabberZeus #arrested #Switzerland

·krebsonsecurity.com·Nov 16, 2022

Top Zeus Botnet Suspect “Tank” Arrested in Geneva

CVE-2022-45047: Apache MINA SSHD unsafe deserialization vulnerability

Recently, Apache MINA fixed an unsafe deserialization vulnerability. The bug exists in the class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider, an attacker could exploit this vulnerability to deserialize and thus achieve remote code execution. Track as CVE-2022-45047, the flaw severity is important.

#securityonline #EN #2022 #CVE-2022-4504 #Apache #MINA #SSHD #unsafe #deserialization

·securityonline.info·Nov 16, 2022

CVE-2022-45047: Apache MINA SSHD unsafe deserialization vulnerability

BumbleBee Zeros in on Meterpreter

In this intrusion from May 2022, the threat actors used BumbleBee as the initial access vector from a Contact Forms campaign. We have previously reported on two BumbleBee intrusions (1, 2), and this report is a continuation of a series of reports uncovering multiple TTPs seen by BumbleBee post exploitation operators. The intrusion began with the delivery of an ISO file that contained an LNK and a DLL. The threat actors leveraged BumbleBee to load a Meterpreter agent and Cobalt Strike Beacons. They then performed reconnaissance, used two different UAC bypass techniques, dumped credentials, escalated privileges using a ZeroLogon exploit, and moved laterally through the environment.

#thedfirreport #EN #2022 #bumblebee #case #analysis

·thedfirreport.com·Nov 14, 2022

BumbleBee Zeros in on Meterpreter

Apple Hit With Class Action Alleging It Tracks Users Despite Privacy Assurances

Apple is facing a proposed federal class action alleging that it records users' mobile activity without their consent and despite privacy...

#macrumors #2022 #EN #privacy #Apple-Lawsuits #Apple-Privacy #Apple

·macrumors.com·Nov 14, 2022

Apple Hit With Class Action Alleging It Tracks Users Despite Privacy Assurances

Computer Security Incident Response Teams: Sind sie gesetzlich geregelt? Das Schweizer Beispiel

Computer security incident response teams: are they legally regulated? The Swiss example

#springer #EN #2022 #security #low #GovCert #CH

·link.springer.com·Nov 14, 2022

Computer Security Incident Response Teams: Sind sie gesetzlich geregelt? Das Schweizer Beispiel

Delegating trust is really, really, really hard (infosec edition)

#pluralistic #CoryDoctorow #EN #2022 #trust #Trustcor #CA

·pluralistic.net·Nov 14, 2022

Delegating trust is really, really, really hard (infosec edition)

Internal Documents Show How Close the F.B.I. Came to Deploying Spyware - The New York Times

Christopher Wray, the F.B.I.’s director, told Congress last December that the bureau purchased the phone hacking tool Pegasus for research and development purposes.

#nytimes #EN #2022 #Pegasus #FBI #privacy #US #spyware

·nytimes.com·Nov 14, 2022

Internal Documents Show How Close the F.B.I. Came to Deploying Spyware - The New York Times

LockBit ransomware suspect nabbed in Canada, faces charges in the US

Automation features make LockBit one of the more destructive pieces of ransomware. Federal prosecutors on Thursday charged a dual Russian and Canadian national for his alleged participation in a global campaign to spread ransomware known as LockBit. Mikhail Vasiliev, 33, of Bradford, Ontario, Canada, was taken into custody in late October by authorities in Ontario, officials at Interpol said. He is now in custody in Canada awaiting extradition to the US.

#arstechnica #EN #2022 #LockBit #Canada #member #arrest

·arstechnica.com·Nov 13, 2022

LockBit ransomware suspect nabbed in Canada, faces charges in the US

Compromising Plesk via its REST API

Compromising Plesk via its REST API, CSRF, CORS misconfiguration, add db user, add backdoor, add secret token, cookieless CSRF

#fortbridge #EN #2022 #Plesk #REST #misconfiguration #CSRF #Vulnerability

·fortbridge.co.uk·Nov 12, 2022

Compromising Plesk via its REST API

Exploring ZIP Mark-of-the-Web Bypass Vulnerability (CVE-2022-41049)

Windows ZIP extraction bug (CVE-2022-41049) lets attackers craft ZIP files, which evade warnings on attempts to execute packaged files, even if ZIP file was downloaded from the Internet.

#breakdev #EN #2022 #CVE-2022-41049 #Windows #Mark-of-the-Web #Bypass #Vulnerability #analysis

·breakdev.org·Nov 12, 2022

Exploring ZIP Mark-of-the-Web Bypass Vulnerability (CVE-2022-41049)

PNG Steganography Hides Backdoor

Our deep analysis of the Worok toolset (previously described by ESET Research) reveals the final stage, hidden in a PNG file, that steals data and provides a multifunctional backdoor using the DropBox repository and API.

#avast #EN #2022 #PNG #backdoor #Worok #analysis #toolset #Steganography

·decoded.avast.io·Nov 12, 2022

PNG Steganography Hides Backdoor

Massive ois[.]is Black Hat Redirect Malware Campaign

Learn how attackers are redirecting WordPress website visitors to fake Q&A sites via ois[.]is. Nearly 15,000 websites affected by this malware so far.

#sucuri #EN #2022 #campaign #WordPress #malware #Malicious #SEO #Analysis #ois.is

·blog.sucuri.net·Nov 12, 2022

Massive ois[.]is Black Hat Redirect Malware Campaign

Threat Spotlight: Cyber Criminal Adoption of IPFS for Phishing, Malware Campaigns

The InterPlanetary File System (IPFS) is an emerging Web3 technology that is currently seeing widespread abuse by threat actors. * Cisco Talos has observed multiple ongoing campaigns that leverage the IPFS network to host their malware payloads and phishing kit infrastructure while facilitating other attacks. * IPFS is often used for legitimate

#talosintelligence #EN #2022 #IPFS #Phishing #Malware #Campaigns

·blog.talosintelligence.com·Nov 12, 2022

Threat Spotlight: Cyber Criminal Adoption of IPFS for Phishing, Malware Campaigns

Attacking Apple's Neural Engine

WeightBufs is a kernel r/w exploit for all Apple devices with Neural Engine support. Bugs and Exploit by @simo36, you can read my presentation slides at POC for more details about the vulnerabilities and the exploitation techniques.

#0x36 #EN #2022 #WeightBufs #GitHub #Apple #ios #macos #exploit #NeuralEngine #exploitation #CVE-2022-32845 #CVE-2022-32948 #CVE-2022-42805 #CVE-2022-32899

·github.com·Nov 12, 2022

Attacking Apple's Neural Engine

Prigozhin interests and Russian information operations

TAG highlights four case studies involving Russian IO tied to the Internet Research Agency and Russian oligarch Yevgeny Prigozhin.

#TAG #EN #2022 #GoogleTAG #Russia #information #operations #disifnormation #influence #propaganda #Prigozhin

·blog.google·Nov 12, 2022

Prigozhin interests and Russian information operations

Mysterious company with government ties plays key internet role

TrustCor Systems vouches for the legitimacy of websites. But its physical address is a UPS Store in Toronto.

#washingtonpost #EN #2022 #Trustcore #root #certificate #trust #US

·washingtonpost.com·Nov 9, 2022

Mysterious company with government ties plays key internet role

Microsoft fixes many zero-days under attack

November 2022 Patch Tuesday is here, with fixes for CVE-2022-41091, CVE-2022-41049, CVE-2022-41128 and other actively exploited bugs.

#helpnetsecurity #EN #2022 #zero-days #Patch-Tuesday #CVE-2022-41091 #CVE-2022-41049 #CVE-2022-41128

·helpnetsecurity.com·Nov 9, 2022

Microsoft fixes many zero-days under attack

Abusing windows’ tokens to compromise active directory without touching lsass

During an internal assessment, I performed an NTLM relay and ended up owning the NT AUTHORITY\SYSTEM account of the Windows server. Looking at the users connected on the same server, I knew that a domain administrator account was connected. All I had to do to compromise the domain, was compromise the account. This could be achieved by dumping the memory of the LSASS process and collecting their credentials or Kerberos TGT’s. Seemed easy until I realised an EDR was installed on the system. Long story short, I ended up compromising the domain admin account without touching the LSASS process. To do so, I relied on an internal Windows mechanism called token manipulation. The goal of this blog post is to present how I did it. We will see what access tokens are, what they are used for, how we can manipulate them to usurp legitimate accounts without touching LSASS and finally I will present a tool and a CrackMapExec module that can be used during such assessments. All the source code, binaries and CrackMapExec module can be found here https://github.com/sensepost/impersonate.

#sensepost #EN #2022 #orange #LSASS #CrackMapExec #redteam #impersonate #tokens #abusing #Windows

·sensepost.com·Nov 8, 2022

Abusing windows’ tokens to compromise active directory without touching lsass

The Case of Cloud9 Chrome Botnet

The Zimperium zLabs team recently discovered a malicious browser extension, originally called Cloud9, which not only steals the information available during the browser session but can also install malware on a user's device and subsequently assume control of the entire device. In this blog, we will take a deeper look into this malicious browser extension.

#zimperium #EN #2022 #browser #extension #Cloud9 #malicious #stealer #malware #Analysis

·zimperium.com·Nov 8, 2022

The Case of Cloud9 Chrome Botnet

A cyberattack blocked the trains in Denmark

At the end of October, a cyber attack caused the trains to stop in Denmark, the attack hit a third-party IT service provider. A cyber attack caused training the trains operated by DSB to stop in Denmark the last weekend, threat actors hit a third-party IT service provider. The attack hit the Danish company Supeo […]

#securityaffairs #EN #2022 #Denmark #cyberattack #trains #DSB

·securityaffairs.co·Nov 8, 2022

A cyberattack blocked the trains in Denmark