cyberveille.decio.ch

5334 bookmarks

Custom sorting

Nation-state cyberattacks become more brazen as authoritarian leaders ramp up aggression

On February 23, 2022, the cybersecurity world entered a new age, the age of the hybrid war, as Russia launched both physical and digital attacks against Ukraine. This year’s Microsoft Digital Defense Report provides new detail on these attacks and on increasing cyber aggression coming from authoritarian leaders around the world.

#microsoft #EN #2022 #report #authoritarian #leaders #defense

·blogs.microsoft.com·Nov 8, 2022

Nation-state cyberattacks become more brazen as authoritarian leaders ramp up aggression

Insurance giant settles NotPetya lawsuit, signaling cyber insurance shakeup

The settlement last week in a $100 million lawsuit over whether insurance giant Zurich should cover losses Mondelez International suffered from NotPetya may very well reshape the entire cyber insurance marketplace. Zurich initially denied claims from Mondelez after the malware, which experts estimate caused some $10 billion in damages globally, wreaked havoc on its computer networks. The insurance provider claimed an act of war exemption since it’s widely believed Russian military hackers unleashed NotPetya on a Ukrainian company before it spread around the world.

#cyberscoop #EN #2022 #financial #NotPetya #lawsuit #insurance #Zurich #ransomware

·cyberscoop.com·Nov 7, 2022

Insurance giant settles NotPetya lawsuit, signaling cyber insurance shakeup

Inside the global hack-for-hire industry

In a quiet alcove of the opulent Leela Palace hotel in Delhi, two British corporate investigators were listening intently to a young Indian entrepreneur as he made a series of extraordinary confessions. The 28-year-old computer specialist Tej Singh Rathore described his role as a player in a burgeoning criminal industry stealing secrets from people around the world. He had hacked more than 500 email accounts, mostly on behalf of his corporate intelligence clients.

#thebureauinvestigates #EN #2022 #intelligence #hack-for-hire #India

·thebureauinvestigates.com·Nov 7, 2022

Inside the global hack-for-hire industry

Crime group hijacks hundreds of US news websites to push malware

A cybercriminal group has compromised a media content provider to deploy malware on the websites of hundreds of news outlets in the U.S. according to cybersecurity company Proofpoint.

#techcrunch #EN #2022 #SocGholish #malware #proofpoint #TA569 #browser #JavaScript

·techcrunch.com·Nov 6, 2022

Crime group hijacks hundreds of US news websites to push malware

Last Week on My Mac: Home truths about macOS

True or false? Apple supports macOS for three years. Apple’s security updates are sufficient. New versions of macOS are full of bugs. It’s safer to delay upgrading.

#eclecticlight #EN #2022 #macos #apple #security #patching #updates #delay #support

·eclecticlight.co·Nov 6, 2022

Last Week on My Mac: Home truths about macOS

Department for Education warned after gambling companies benefit from learning records database

The Information Commissioner’s Office (ICO) has issued a reprimand to the Department for Education (DfE) following the prolonged misuse of the personal information of up to 28 million children. An ICO investigation found that the DfE’s poor due diligence meant a database of pupils’ learning records was ultimately used by Trust Systems Software UK Ltd (trading as Trustopia), an employment screening firm, to check whether people opening online gambling accounts were 18.

#ICO #UK #EN #2022 #education #PII #students #misuse #data #privacy #records #database #children

·ico.org.uk·Nov 6, 2022

Department for Education warned after gambling companies benefit from learning records database

How Qatar hacked the World Cup

Critics who threatened to expose wrongdoing by Qatar were targeting as part of huge hacking operation

#thebureauinvestigates #EN #2022 #world-cup #fifa #phone-hacking #computer-hacking #qatar #corporate-intelligence #corruption #football #qatar-world-cup #michel-platini

·thebureauinvestigates.com·Nov 6, 2022

How Qatar hacked the World Cup

Apple's Poor Patching Policies Potentially Make Users' Security and Privacy Precarious

Apple's practices regarding security updates are frustrating and perplexing, and may endanger users.

#Intego #2021 #EN #Apple #macOS #patching #policy #endanger

·intego.com·Nov 6, 2022

Apple's Poor Patching Policies Potentially Make Users' Security and Privacy Precarious

Microsoft ties Vice Society hackers to additional ransomware strains

Microsoft tied hackers with the Vice Society ransomware gang to several ransomware strains on Tuesday, noting that the group has been behind a wave of attacks on primary schools and colleges across the world.

#therecord #EN #2022 #vice-society #schools #ransomware #DEV-0832 #Zeppelin #De-RaaSing

·therecord.media·Nov 4, 2022

Microsoft ties Vice Society hackers to additional ransomware strains

Crimson Kingsnake: BEC Group Impersonates…

Recently, we identified a new BEC group leveraging blind third-party impersonation tactics to swindle companies around the world. The group, which we call Crimson Kingsnake, impersonates real attorneys, law firms, and debt recovery services to deceive accounting professionals into quickly paying bogus invoices.

#abnormalsecurity #EN #2022 #BEC #invoices #Crimson-Kingsnake #impersonation #scam

·abnormalsecurity.com·Nov 3, 2022

Crimson Kingsnake: BEC Group Impersonates…

Exploiting Static Site Generators: When Static Is Not Actually Static

Over the last ten years, we have seen the industrialization of the content management space. A decade ago, it felt like every individual and business had a dynamic WordPress blog, loaded up with a hundred plugins to do everything from add widgets to improve performance. Over time, we realised this was a bad idea, as ensuring the security of third-party plugins seemed increasingly impossible.

#assetnote #EN #2022 #Static #hosting #comromise #Netlify

·blog.assetnote.io·Nov 3, 2022

Exploiting Static Site Generators: When Static Is Not Actually Static

Black Basta Ransomware | Attacks Deploy Custom EDR Evasion Tools Tied to FIN7 Threat Actor

Black Basta operational TTPs are described here in full detail, revealing previously unknown tools and techniques and a link to FIN7.

#SentinelOne #EN #2022 #BlackBasta #FIN7 #Research #ransomware #EDR #TTPs

·sentinelone.com·Nov 3, 2022

Black Basta Ransomware | Attacks Deploy Custom EDR Evasion Tools Tied to FIN7 Threat Actor

Malware on the Google Play store leads to harmful phishing sites

A family of malicious apps from developer Mobile apps Group are listed on Google Play and infected with Android/Trojan.HiddenAds.BTGTHB. In total, four apps are listed, and together they have amassed at least one million downloads. Older versions of these apps have been detected in the past as different variants of Android/Trojan.HiddenAds. Yet, the developer is still on Google Play dispensing its latest HiddenAds malware.

#malwarebytes #Mobile-apps-Group #EN #2022 #HiddenAds #malware #Trojan #app #google-play

·malwarebytes.com·Nov 3, 2022

Malware on the Google Play store leads to harmful phishing sites

Malicious App Developer Remains on Google Play

A report shows four Bluetooth-centered apps by the same developer have been downloaded 1 million times combined while containing malicious code.

#gizmodo #EN #google-play #malicious #code #app #Bluetooth-centered

·gizmodo.com·Nov 3, 2022

Malicious App Developer Remains on Google Play

U.S. banks processed about $1.2 billion in ransomware payments in 2021

U.S. banks and financial institutions processed more than $1 billion in potential ransomware-related payments in 2021. * It’s a new record and almost triple the amount that was reported the previous year. * Over half the ransomware attacks are attributed to suspected Russian cyber hackers, according to a new report.

#cnbc #EN #2022 #ransomware #financial #banks #record #ransomware-related #payments #2021

·cnbc.com·Nov 3, 2022

U.S. banks processed about $1.2 billion in ransomware payments in 2021

Nothing PUNY About OpenSSL (CVE-2022-3602)

The Splunk SURGe team shares an outline of their interpretation of the CVE-2022-3602 vulnerability and what you can do to detect it in your environment.

#splunk #EN #2022 #CVE-2022-3602 #OpenSSL #punycode

·splunk.com·Nov 2, 2022

Nothing PUNY About OpenSSL (CVE-2022-3602)

Phylum Discovers Dozens More PyPI Packages Attempting to Deliver W4SP Stealer in Ongoing Supply-Chain Attack

Last week, our automated risk detection platform alerted us to suspicious activity in dozens of newly published PyPI packages. Here's what we uncovered.

#Phylum #EN #2022 #supplychain #PyPI #W4SP #Stealer #Attack

·blog.phylum.io·Nov 2, 2022

Phylum Discovers Dozens More PyPI Packages Attempting to Deliver W4SP Stealer in Ongoing Supply-Chain Attack

New Azov data wiper tries to frame researchers and BleepingComputer

A new and destructive 'Azov Ransomware' data wiper is being heavily distributed through pirated software, key generators, and adware bundles, trying to frame well-known security researchers by claiming they are behind the attack.

#EN #bleepingcomputer #2022 #Azov-Ransomware #researchers #BleepingComputer #Data-Wiper #Security-Researcher #Ukraine

·bleepingcomputer.com·Nov 2, 2022

New Azov data wiper tries to frame researchers and BleepingComputer

Unmasking WindTape - Speaker Deck

The offensive macOS cyber capabilities of the WINDSHIFT APT group provide us with the opportunity to gain insight into the Apple-specific approaches employed by an advanced adversary. In this talk we’ll comprehensively dissect OSX.WindTape, a second-stage tool utilized by the WINDSHIFT APT group when targeting Apple systems. First we’ll discuss the malware’s anti-analysis mechanisms, and then once these have been thwarted, we’ll explore its capabilities. To conclude, we’ll present heuristic methods that can generically both detect and prevent WindTape, as well as other advanced macOS threats.

#patrickwardle #EN #2022 #WINDSHIFT #APT #macOS

·speakerdeck.com·Nov 2, 2022

Unmasking WindTape - Speaker Deck

How we handled a recent phishing incident that targeted Dropbox

We were recently the target of a phishing campaign that successfully accessed some of the code we store in GitHub. No one’s content, passwords, or payment information was accessed, and the issue was quickly resolved. Our core apps and infrastructure were also unaffected, as access to this code is even more limited and strictly controlled. We believe the risk to customers is minimal. Because we take our commitment to security, privacy, and transparency seriously, we have notified those affected and are sharing more here.

#dropbox #EN #2022 #incident #phishing #GitHub

·dropbox.tech·Nov 2, 2022

How we handled a recent phishing incident that targeted Dropbox

Banking Trojan Techniques: Financially Motivated Malware

Understanding banking Trojan techniques can help detect other activities of financially motivated threat groups.

#unit42 #EN #2022 #paloaltonetworks #research #Banking #Trojan #Techniques

·unit42.paloaltonetworks.com·Nov 1, 2022

Banking Trojan Techniques: Financially Motivated Malware

Fodcha Is Coming Back, Raising A Wave of Ransom DDoS

Background On April 13, 2022, 360Netlab first disclosed the Fodcha botnet. After our article was published, Fodcha suffered a crackdown from the relevant authorities, and its authors quickly responded by leaving "Netlab pls leave me alone I surrender" in an updated sample.No surprise, Fodcha's authors didn't really stop updating after the fraudulent surrender, and soon a new version was released. In the new version, the authors of Fodcha redesigned the communication protocol and started to us

#netlab360 #EN #2022 #Fodcha #botnet #DDoS

·blog.netlab.360.com·Nov 1, 2022

Fodcha Is Coming Back, Raising A Wave of Ransom DDoS

Liz Truss's personal phone was hacked by Putin's spies for top messages | Daily Mail Online

One source said that the phone was so heavily compromised that it has now been placed in a locked safe inside a secure Government location.

#dailymail #EN #2022 #Truss #phone #compromised #spy #Russia #England #Government

·dailymail.co.uk·Oct 31, 2022

Liz Truss's personal phone was hacked by Putin's spies for top messages | Daily Mail Online

Dormant Colors browser hijackers could be used for more nefarious tasks, report says

Dormant Colors, a browser extension campaign, was spotted stealing browser data and hijacking search results and affiliation to thousands of sites.

#malwarebytes #EN #2022 #browser #campaign #extension #hijackers

·malwarebytes.com·Oct 31, 2022

Dormant Colors browser hijackers could be used for more nefarious tasks, report says

interview Lockbit administrator

In this interview this person will be identified as LB0 (Lockbit administrator, founding member) * vx-underground conducted this interview over TOX - Text and grammar has been modified to improve legibility

#vx-underground #EN #2022 #interview #Lockbit #administrator

·papers.vx-underground.org·Oct 30, 2022

interview Lockbit administrator

The Hunt for the Kingpin Behind AlphaBay, Part 1: The Shadow | WIRED

It was the largest dark-web drug and crime bazaar in history, run by a technological mastermind who seemed untouchable—until his tech was turned against him.

#wired #EN #2022 #alphabay #dark-web #crime #fbi #darkweb

·wired.com·Oct 30, 2022

The Hunt for the Kingpin Behind AlphaBay, Part 1: The Shadow | WIRED

Inside TheTruthSpy, the stalkerware network spying on thousands • TechCrunch

Leaked data obtained by TechCrunch reveals the notorious network of Android spyware apps tracked locations and recorded calls of Americans.

#techcrunch #EN #2022 #stalkerware #android #mobile-spyware #wiretapping #US #privacy

·techcrunch.com·Oct 28, 2022

Inside TheTruthSpy, the stalkerware network spying on thousands • TechCrunch

What is ransomware-as-a-service and how is it evolving?

Ransomware attacks are becoming more frequent and costlier—breaches caused by ransomware grew 41 percent in the last year, the average cost of a destructive attack rising to $5.12 milllion. What’s more, a good chunk of the cyber criminals doing these attacks operate on a ransomware-as-a-service (RaaS) model.

#malwarebytes #EN #2022 #ransomware-as-a-service #RaaS

·malwarebytes.com·Oct 28, 2022

What is ransomware-as-a-service and how is it evolving?

EDR: Detections, Bypassess and other Shenanigans

EDR or Endpoint Detection and Response refers to an integrated endpoint security solution which continuously monitors end-point user's devices and try to prevent anomalies like Malware, Ransomware by using automated rule based response method.

#fourcore #EN #2022 #EDR #Detections #Bypassess #Endpoint #Detection #Response

·fourcore.io·Oct 28, 2022

EDR: Detections, Bypassess and other Shenanigans

Incident Report: Employee and Customer Account Compromise

On August 4, 2022, Twilio identified accounts of employees who were compromised by a social engineering attack. The attacker then gained access to data for a limited number of customers.

#Twilio #EN #2022 #compromised #postmortem

·twilio.com·Oct 28, 2022

Incident Report: Employee and Customer Account Compromise