cyberveille.decio.ch

7898 bookmarks

Custom sorting

As Threats in Space Mount, U.S. Lags in Protecting Key Services

The United States and China are locked in a new race, in space and on Earth, over a fundamental resource: time itself. And the United States is losing. Global positioning satellites serve as clocks in the sky, and their signals have become fundamental to the global economy — as essential for telecommunications, 911 services and financial exchanges as they are for drivers and lost pedestrians.

#nytimes #EN #2024 #threat #satellites #US #China #space

·nytimes.com·Mar 28, 2024

As Threats in Space Mount, U.S. Lags in Protecting Key Services

Stealing Clouds

Reuters shows how Chinese hackers invaded myriad global companies, exposing entrenched weaknesses in Western cyber defenses.

#reuters #EN #2019 #Cloud-Hopper #US #China

·reuters.com·Mar 28, 2024

Stealing Clouds

Seven Hackers Associated with Chinese Government Charged with Computer Intrusions Targeting Perceived Critics of China and U.S. Businesses and Politicians

Defendants Operated as Part of the APT31 Hacking Group in Support of China’s Ministry of State Security’s Transnational Repression, Economic Espionage and Foreign Intelligence Objectives

#justice.gov #EN #2024 #APT31 #China #US #Charged #Espionage

·justice.gov·Mar 28, 2024

Seven Hackers Associated with Chinese Government Charged with Computer Intrusions Targeting Perceived Critics of China and U.S. Businesses and Politicians

Out of the shadows - ’darcula’ iMessage and RCS smishing attacks target USPS and global postal services

Chinese-language Phishing-as-a-Service platform ‘darcula’ targets organizations in 100+ countries with sophisticated techniques using more than 20,000 phish ...

#netcraft #EN #2024 #Phishing-as-a-Service #Darcula #PhasS #iMessage #RCS #USPS

·netcraft.com·Mar 28, 2024

Out of the shadows - ’darcula’ iMessage and RCS smishing attacks target USPS and global postal services

Thousands of servers hacked in ongoing attack targeting Ray AI framework

Researchers say it's the first known in-the-wild attack targeting AI workloads.

#arstechnica #EN #2024 #Ray #AI #framework #attack #ongoing #servers

·arstechnica.com·Mar 27, 2024

Thousands of servers hacked in ongoing attack targeting Ray AI framework

Flipping Pages: An analysis of a new Linux vulnerability in nf_tables and hardened exploitation techniques

A tale about exploiting KernelCTF Mitigation, Debian, and Ubuntu instances with a double-free in nf_tables in the Linux kernel, using novel techniques like Dirty Pagedirectory. All without even having to recompile the exploit for different kernel targets once.

#pwning #EN #2024 #KernelCTF #Mitigation #nf_tables #Linux #exploitation #CVE-2024-1086

·pwning.tech·Mar 27, 2024

Flipping Pages: An analysis of a new Linux vulnerability in nf_tables and hardened exploitation techniques

Finland confirms APT31 hackers behind 2021 parliament breach

The Finnish Police confirmed on Tuesday that the APT31 hacking group linked to the Chinese Ministry of State Security (MSS) was behind a breach of the country's parliament disclosed in March 2021.

#bleepingcomputer #EN #2024 #APT31 #China #Finland #Security #InfoSec #Computer-Security

·bleepingcomputer.com·Mar 27, 2024

Finland confirms APT31 hackers behind 2021 parliament breach

Google: Spyware vendors behind 50% of zero-days exploited in 2023

Google's Threat Analysis Group (TAG) and Google subsidiary Mandiant said they've observed a significant increase in the number of zero-day vulnerabilities exploited in attacks in 2023, many of them linked to spyware vendors and their clients.

#bleepingcomputer #EN #2024 #Google #Google-TAG #Mandiant #Spyware #Zero-Day #2023

·bleepingcomputer.com·Mar 27, 2024

Google: Spyware vendors behind 50% of zero-days exploited in 2023

Recent ‘MFA Bombing’ Attacks Targeting Apple Users – Krebs on Security

Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple's password reset feature. In this scenario, a target's Apple devices are forced to display dozens of system-level prompts that…

#krebsonsecurity #EN #2024 #MFA-fatigue #attack #Apple #MFA-bombing #password

·krebsonsecurity.com·Mar 27, 2024

Recent ‘MFA Bombing’ Attacks Targeting Apple Users – Krebs on Security

BlueSpy - Spying on Bluetooth conversations

BlueSpy is a proof of concept for exploiting vulnerabilities in Bluetooth headsets and eavesdropping on private conversations

#tarlogic #EN #2024 #BlueSpy #Bluetooth #PoC #vulnerabilities #eavesdropping

·tarlogic.com·Mar 26, 2024

BlueSpy - Spying on Bluetooth conversations

Des citoyens traquent les pédocriminels sur les réseaux sociaux avec des faux profils d'enfants

La Team Moore est un collectif citoyen qui pourchasse les pédocriminels sur les réseaux sociaux en créant de faux profils d'enfants. Depuis quelques mois, il est également actif en Suisse. Deux hommes ont déjà été dénoncés aux polices cantonales.

#rts #CH #FR #Team-Moore #pédocriminels #citoyens #justice #faux-profils #Suisse

·rts.ch·Mar 26, 2024

Des citoyens traquent les pédocriminels sur les réseaux sociaux avec des faux profils d'enfants

U.S. Sanctions 3 Cryptocurrency Exchanges for Helping Russia Evade Sanctions

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) sanctioned three cryptocurrency exchanges for offering services used to evade economic restrictions imposed on Russia following its invasion of Ukraine in early 2022. This includes Bitpapa IC FZC LLC, Crypto Explorer DMCC (AWEX), and Obshchestvo S Ogranichennoy Otvetstvennostyu Tsentr Obrabotki Elektronnykh Platezhey (TOEP).

#thehackernews #EN #2024 #sanctions #US #cryptocurrency #Russia #exchanges #Bitpapa

·thehackernews.com·Mar 26, 2024

U.S. Sanctions 3 Cryptocurrency Exchanges for Helping Russia Evade Sanctions

New ZenHammer memory attack impacts AMD Zen CPUs

Academic researchers developed ZenHammer, the first variant of the Rowhammer DRAM attack that works on CPUs based on recent AMD Zen microarchitecture that map physical addresses on DDR4 and DDR5 memory chips.

#bleepingcomputer #EN #2024 #AMD #CPU #Hardware #Memory #RAM #Rowhammer #ZenHammer

·bleepingcomputer.com·Mar 26, 2024

New ZenHammer memory attack impacts AMD Zen CPUs

Why X86 Needs To Die

As I'm sure many of you know, x86 architecture has been around for quite some time. It has its roots in Intel's early 8086 processor, the first in the family. Indeed, even the original 8086 inherits a...

#hackaday #EN #2024 #X86

·hackaday.com·Mar 26, 2024

Why X86 Needs To Die

ZenHammer: Rowhammer Attacks on AMD Zen-based Platforms

Our work shows that it is possible to trigger Rowhammer bit flips on DDR4 devices on AMD Zen 2 and Zen 3 systems despite deployed TRR mitigations. This result proves that AMD systems are equally vulnerable to Rowhammer as Intel systems, which greatly increases the attack surface, considering today’s AMD market share of around 36%… Read

#ETHZ #EN #2024 #ZenHammer #Rowhammer #DDR4 #AMD #Zen2 #Zen3 #attack #study

·comsec.ethz.ch·Mar 26, 2024

ZenHammer: Rowhammer Attacks on AMD Zen-based Platforms

Tycoon 2FA: an in-depth analysis of the latest version of the AiTM phishing kit

Tycoon 2FA has become one of the most widespread adversary-in-The-Middle (AiTM) phishing kits over the last few months.

#sekoia #EN #2024 #Tycoon2FA #phishing #PhaaS #AiTM #phishing-kit #analysis

·blog.sekoia.io·Mar 26, 2024

Tycoon 2FA: an in-depth analysis of the latest version of the AiTM phishing kit

Deactivating Cortex XDR via repair function

It is trivially possible to disable the Cortex EDR as a non-admin user by triggering a repair function. This is only working, if the Tamper Protection is not enforced! TL;DR; Trigger the repair via GUID Disrupt it when EDR is deactivated Done

#badoption #EN #2024 #Cortex #EDR #non-admin #installer #repair #Paloalto

·badoption.eu·Mar 26, 2024

Deactivating Cortex XDR via repair function

US sanctions APT31 hackers behind critical infrastructure attacks

The U.S. Treasury Department has sanctioned a Wuhan-based company used by the Chinese Ministry of State Security (MSS) as cover in attacks against U.S. critical infrastructure organizations. #APT31 #China #Computer #Critical #InfoSec #Infrastructure #Sanctions #Security #USA

#China #Sanctions #InfoSec #Infrastructure #Computer #Security #APT31 #Critical #USA

·bleepingcomputer.com·Mar 26, 2024

US sanctions APT31 hackers behind critical infrastructure attacks

Release: VM Escape Exploit for Parallels Desktop Hypervisor (Pwn2Own 2021)

In April 2021 I participated in Pwn2Own Vancouvver competition as a single player, and successfully demonstrated a 0-day virtual machine escape exploit with code execution on Parallels hypervisor. Today I am finally releasing the exploit source code together with a technical walkthrough video talk that I gave on Zero Day Engineering livestream in November 2021.

#zerodayengineering #EN #2024 #exploit #2021 #0-day #Parallels #Pwn2Own #VM #escape

·zerodayengineering.com·Mar 25, 2024

Release: VM Escape Exploit for Parallels Desktop Hypervisor (Pwn2Own 2021)

Over 170K users hit by poisoned Python package ruse

Supply chain attack targeted GitHub community of Top.gg Discord server

#theregister #EN #2024 #Top.gg #GitHub #Supply-chain-attack #Python

·theregister.com·Mar 25, 2024

Over 170K users hit by poisoned Python package ruse

New Go loader pushes Rhadamanthys stealer

A malicious ad for the popular admin tool PuTTY leads victims to a fake site that downloads malware.

#malwarebytes #EN #2024 #PuTTY #malicious #fake #Go #Rhadamanthys

·malwarebytes.com·Mar 25, 2024

New Go loader pushes Rhadamanthys stealer

APT29 Uses WINELOADER to Target German Political Parties | Mandiant

APT29 used a new backdoor variant publicly tracked as WINELOADER to target German political parties.

#mandiant #EN #2024 #report #APT29 #backdoor #WINELOADER #German #Political #Parties #Germany

·mandiant.com·Mar 25, 2024

APT29 Uses WINELOADER to Target German Political Parties | Mandiant

China blocks use of Intel and AMD chips in government computers, FT reports

China has introduced guidelines to phase out U.S. microprocessors from Intel (INTC.O), opens new tab and AMD (AMD.O), opens new tab from government personal computers and servers, the Financial Times reported on Sunday. The procurement guidance also seeks to sideline Microsoft's (MSFT.O), opens new tab Windows operating system and foreign-made database software in favour of domestic options, the report said.

#reuters #EN #2024 #AMD #Intel #China #government #block #guidance

·reuters.com·Mar 25, 2024

China blocks use of Intel and AMD chips in government computers, FT reports

L’Active Directory et l’exposition Internet au programme du plan de sécurisation des hôpitaux

Deux premiers guichets d’aide du programme de renforcement de la sécurité informatique CaRe viennent d’être ouverts pour les établissements de santé.

#ZDNet #FR #2024 #Frnce #santé #hôpitaux #AD #CaRe #aide #sécurisation

·zdnet.fr·Mar 25, 2024

L’Active Directory et l’exposition Internet au programme du plan de sécurisation des hôpitaux

Air Europa says customer data may have been compromised in October breach

Spanish airline Air Europa (ICAG.L), opens new tab said on Friday personal data of its customers may have been compromised in a security incident that was detected in October last year. The company's investigation showed that name, ID card or passport details, date of birth, telephone number, email address and nationality details could have been leaked, Air Europa told its customers in an email that was seen by Reuters.

#reuters #EN #2024 #Air-Europa #PI #customer #data-breach #leak

·reuters.com·Mar 25, 2024

Air Europa says customer data may have been compromised in October breach

One Man’s Army of Streaming Bots Reveals a Whole Industry’s Problem | WIRED

A rare case in Danish court shows how automated clicks and fake accounts can earn hundreds of thousands of dollars on Apple Music and Spotify. Experts say it’s the tip of the iceberg. #apple #bots #music #spotify #streaming

#music #spotify #apple #streaming #bots

·wired.com·Mar 24, 2024

One Man’s Army of Streaming Bots Reveals a Whole Industry’s Problem | WIRED

IMF Investigates Cyber-Security Incident

The International Monetary Fund (IMF) recently experienced a cyber incident, which was detected on February 16, 2024.

#imf.org #EN #2024 #IMF #cyber #incident #statement #breach #emails

·imf.org·Mar 23, 2024

IMF Investigates Cyber-Security Incident

Change Healthcare ransomware attack disrupting industry nationwide

The reports keep coming in from across the country on how the Change Healthcare ransomware attack that first came to light on Feb. 21 has been impacting the healthcare sector. The case has been called the most severe cyberattack on the healthcare sector in history and has had a great impact since Change Healthcare, owned by UnitedHealth Group, processes 15 billion healthcare transactions annually, affecting 1 in 3 patient records.

#scmagazine #EN #2024 #ransomware #healthcare #Change-Healthcare #US

·scmagazine.com·Mar 23, 2024

Change Healthcare ransomware attack disrupting industry nationwide

Darknet marketplace Nemesis Market seized by German police

The German police have seized infrastructure for the darknet Nemesis Market cybercrime marketplace in Germany and Lithuania, disrupting the site's operation.

#bleepingcomputer #EN #2024 #Nemesis #Germany #Seizure #Darknet #Takedown #BKA #Market

·bleepingcomputer.com·Mar 22, 2024

Darknet marketplace Nemesis Market seized by German police

Large-Scale StrelaStealer Campaign in Early 2024

We unravel the details of two large-scale StrelaStealer campaigns from 2023 and 2024. This email credential stealer has a new variant delivered through zipped JScript. #2024 #Campaign #EN #JScript #StrelaStealer #analysis #paloaltonetworks

#analysis #EN #2024 #JScript #paloaltonetworks #StrelaStealer #Campaign

·unit42.paloaltonetworks.com·Mar 22, 2024

Large-Scale StrelaStealer Campaign in Early 2024