cyberveille.decio.ch

5334 bookmarks

Custom sorting

Cyberattaque : comment Caen a évité le pire grâce à l’EDR d’HarfangLab

Caen a profité des suites d’un démonstrateur de l'EDR d'HarfangLab en attente de contractualisation pour détecter les prémices du possible déploiement d’un rançongiciel. L’intrusion est avérée, un nettoyage en cours, mais le chiffrement a été évité. Et très probablement le vol de données aussi.

#lemagit #FR #2022 #Caen #EDR #HarfangLab #ransomware

·lemagit.fr·Oct 19, 2022

Cyberattaque : comment Caen a évité le pire grâce à l’EDR d’HarfangLab

SafeBreach Uncovers Fully Undetectable Powershell Backdoor

See how this tool—created by a sophisticated and seemingly unknown threat actor—uses the unique approach of disguising itself as part of a Windows update.

#SafeBreach #EN #2022 #Powershell #Undetectable #IoCs #research

·safebreach.com·Oct 19, 2022

SafeBreach Uncovers Fully Undetectable Powershell Backdoor

A New Attack Surface on MS Exchange Part 4 - ProxyRelay!

Hi, this is a long-time-pending article. We could have published this article earlier (the original bug was reported to MSRC in June 2021 with a 90-days Public Disclosure Policy). However, during communications with MSRC, they explained that since this is an architectural design issue, lots of code changes and testings are expected and required, so they hope to resolve this problem with a one-time CU (Cumulative Update) instead of the regular Patch Tuesday. We understand their situation and agree to extend the deadline.

#devco.re #EN #2022 #CVE-2021-26414 #CVE-2022-21979 #Exchange #Microsoft-Exchange #ProxyRelay

·devco.re·Oct 19, 2022

A New Attack Surface on MS Exchange Part 4 - ProxyRelay!

CVE-2022-42889: Keep Calm and Stop Saying "4Shell"

CVE-2022-42889, which some have begun calling “Text4Shell,” is a vulnerability in the popular Apache Commons Text library that can result in code execution when processing malicious input. The vulnerability was announced on October 13, 2022 on the Apache dev list and originally reported by Alvaro Munoz

#rapid7 #EN #2022 #CVE-2022-42889 #Text4Shell #Apache #Commons #Text

·rapid7.com·Oct 18, 2022

CVE-2022-42889: Keep Calm and Stop Saying "4Shell"

Cyble Phishing ERMAC Android Malware Increasingly Active

CRIL Investigates the resurgence of ERMAC Android Malware as an increasing number of users are falling prey to their phishing attacks.

#cyble #EN #2022 #ERMAC #Android #Malware #phishing #Analysis

·blog.cyble.com·Oct 18, 2022

Cyble Phishing ERMAC Android Malware Increasingly Active

Ransom Cartel Ransomware: A Possible Connection With REvil

Ransom Cartel is ransomware as a service (RaaS) that exhibits several similarities to and technical overlaps with REvil ransomware. Read our overview.

#unit42 #paloaltonetworks #EN #2022 #Ransom-Cartel #REvil #RaaS

·unit42.paloaltonetworks.com·Oct 18, 2022

Ransom Cartel Ransomware: A Possible Connection With REvil

Technical Analysis of BlueSky Ransomware - CloudSEK

BlueSky Ransomware is a modern malware using advanced techniques to evade security defences. It predominantly targets Windows hosts and utilizes the Windows multithreading model for fast encryption.

#cloudsek #EN #2022 #ransomware #IoCs #Analysis #BlueSky

·cloudsek.com·Oct 18, 2022

Technical Analysis of BlueSky Ransomware - CloudSEK

BianLian Ransomware Encrypts Files in the Blink of an Eye

BianLian is a financially motivated threat actor that targets a wide range of industries. It uses the exotic programming language “Go” to encrypt files with unusual speed.

#blackberry #Research #2022 #Ransomware #BianLian #GO #Golang

·blogs.blackberry.com·Oct 18, 2022

BianLian Ransomware Encrypts Files in the Blink of an Eye

Prime minister links drones over Norway to ‘hybrid threats’

Norwegian police and military were busy again this week investigating more unidentified drones seen flying over critical energy infrastructure. After a Russian man was arrested for trying to leave Norway with two drones containing lots of pictures, Prime Minister Jonas Gahr Støre likened the incidents to a new form of “hybrid threats.”

#newsinenglish.no #EN #2022 #drone #Norway #hybrid-threat #Russia

·newsinenglish.no·Oct 17, 2022

Prime minister links drones over Norway to ‘hybrid threats’

New “Prestige” ransomware impacts organizations in Ukraine and Poland

The Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a novel ransomware campaign targeting organizations in the logistics and transportation industry in Ukraine and Poland utilizing a previously unidentified ransomware payload.

#microsoft #EN #2022 #MSTIC #Ukraine #Poland #ransomware #payload #Prestige

·microsoft.com·Oct 14, 2022

New “Prestige” ransomware impacts organizations in Ukraine and Poland

Microsoft Office 365 Message Encryption Insecure Mode of Operation | WithSecure™ Labs

Microsoft Office 365 Message Encryption (OME) utilitises Electronic Codebook (ECB) mode of operation. This mode is insecure and leaks information about the structure of the messages sent and can lead to partial or full message disclosure.

#withsecure #EN #2022 #Security-advisory #365 #office365 #leak #Encryption #ECB #disclosure

·labs.withsecure.com·Oct 14, 2022

Microsoft Office 365 Message Encryption Insecure Mode of Operation | WithSecure™ Labs

New PHP Variant of Ducktail Infostealer Targeting Facebook Business Accounts

ThreatLabz has discovered, hiding in app stores, a PHP variant of the Ducktail infostealer used to hijack Facebook Business accounts.

#zscaler #EN #2022 #Ducktail #Facebook #Infostealer #Analysis

·zscaler.com·Oct 14, 2022

New PHP Variant of Ducktail Infostealer Targeting Facebook Business Accounts

Software Delivery Shield protects the software supply chain

Software Delivery Shield, a software supply chain security solution, can enhance the security posture along the supply chain from dev to production.

#google #EN #blog #cloud #supplychain #supply-chain #solution #dev #shield #announcement

·cloud.google.com·Oct 14, 2022

Software Delivery Shield protects the software supply chain

Threat Alert: Private npm Packages Disclosed via Timing Attacks

Via timing attacks, threat actors create phony public npm packages masked as private ones to deceive developers into downloading compromised packages

#aquasec #EN #2022 #npm #supplychain #supply-chain #attack #timing-attack

·blog.aquasec.com·Oct 14, 2022

Threat Alert: Private npm Packages Disclosed via Timing Attacks

Alchimist: A new attack framework in Chinese for Mac, Linux and Windows

Cisco Talos discovered a new attack framework including a command and control (C2) tool called "Alchimist" and a new malware "Insekt" with remote administration capabilities. * The Alchimist has a web interface in Simplified Chinese with remote administration features. * The attack framework is designed to target Windows, Linux and Mac machines. * Alchimist and Insekt binaries are implemented in GoLang. * This campaign consists of additional bespoke tools such as a MacOS exploitation tool, a custom backdoor and multiple off-the-shelf tools such as reverse proxies.

#talosintelligence #EN #2022 #TheAlchimist #C2 #C&C #attack-framework

·blog.talosintelligence.com·Oct 14, 2022

Alchimist: A new attack framework in Chinese for Mac, Linux and Windows

On Bypassing eBPF Security Monitoring

There are many security solutions available today that rely on the Extended Berkeley Packet Filter (eBPF) features of the Linux kernel to monitor kernel functions. Such a paradigm shift in the latest monitoring technologies is being driven by a variety of reasons

#doyensec #doyensecurity #EN #2022 #vulnerability #exploit #eBPF #bypass #research

·blog.doyensec.com·Oct 13, 2022

On Bypassing eBPF Security Monitoring

Black Basta Ransomware Gang Infiltrates networks via QAKBOT, Brute Ratel, and Cobalt Strike

We analyzed a QAKBOT-related case leading to a Brute Ratel C4 and Cobalt Strike payload that can be attributed to the threat actors behind the Black Basta ransomware.

#trendmicro #EN #2022 #malware #research #network #reports #cyber-threats #QAKBOT #BruteRatelC4 #BlackBasta

·trendmicro.com·Oct 13, 2022

Black Basta Ransomware Gang Infiltrates networks via QAKBOT, Brute Ratel, and Cobalt Strike

POLONIUM targets Israel with Creepy malware

ESET researchers analyzed previously undocumented custom backdoors and cyberespionage tools deployed in Israel by the POLONIUM APT group.

#welivesecurity #EN #2022 #research #POLONIUM #Israel #malware #APT

·welivesecurity.com·Oct 13, 2022

POLONIUM targets Israel with Creepy malware

Malicious WhatsApp mod distributed through legitimate apps

The malicious version of YoWhatsApp messenger, containing Triada trojan, was spreading through ads in the popular Snaptube app and the Vidmate app's internal store.

#securelist #EN #2022 #Trojan #WhatsApp #malicious #Snaptube

·securelist.com·Oct 12, 2022

Malicious WhatsApp mod distributed through legitimate apps

Ransomware : qui paie et pourquoi ?

Assurément passionné, le débat sur l’indemnisation des rançons par les assurances cyber souffre d’absents majeurs : les victimes de cyberattaque avec ransomware ayant cédé au chantage. Mais qui sont-elles ?

#lemagit #FR #2022 #ransomware #cyberattaque #PME #payer

·lemagit.fr·Oct 12, 2022

Ransomware : qui paie et pourquoi ?

The Fresh Phish Market: Behind the Scenes of the Caffeine Phishing-as-a-Service Platform

Bad actors are using a shared Phishing-as-a-Service platform called “Caffeine”.

#mandiant #EN #2022 #Caffeine #Phishing-as-a-Service #Platform

·mandiant.com·Oct 11, 2022

The Fresh Phish Market: Behind the Scenes of the Caffeine Phishing-as-a-Service Platform

New US Executive Order unlikely to satisfy EU law

Today, the US government published an executive order, allegedly limiting US surveillance. This is a first statement by noyb.

#noyb #EN #2022 #EU #US #privacy-shield #privacy #statement #executive-order #surveillance

·noyb.eu·Oct 10, 2022

New US Executive Order unlikely to satisfy EU law

Fake Ransomware Infection Under widespread

Cyble Research and Intelligence Labs analyzes Fake ransomware, a destructive malware capable of wiping out system drives.

#cyble #EN #2022 #Fake #Ransomware #dell.exe #Analysis

·blog.cyble.com·Oct 10, 2022

Fake Ransomware Infection Under widespread

Intel Confirms Alder Lake BIOS Source Code Leak

Intel confirms that 6GB of proprietary BIOS source code for its Alder Lake processors was leaked to the public.

#tomshardware #EN #202 #Alder #Lake #BIOS #Source #Code #Leak #Intel

·tomshardware.com·Oct 10, 2022

Intel Confirms Alder Lake BIOS Source Code Leak

Software Supply Chain Attackers; Organized, Persistent, and Operating for over a Year

Checkmarx discovered ~200 malicious NPM packages with thousands of installations linked to an attack group called “LofyGang”.

#Medium #LofyGang #EN #2022 #Jossef_Harush #npm #supply-chain #attack

·medium.com·Oct 10, 2022

Software Supply Chain Attackers; Organized, Persistent, and Operating for over a Year

On Agent Compromise in the Field

In 2017, a team of New York Times journalists revealed that, beginning in 2010, Beijing’s counterintelligence apparatus had systematically rolled up the CIA’s sources in China.

#thebrushpass #projectbrazen #EN #2022 #China #US #spy #Compromise #2017 #counterintelligence

·thebrushpass.projectbrazen.com·Oct 9, 2022

On Agent Compromise in the Field

Major Mexican Government Hack Reveals Military Abuse and Spying

Hackers infiltrated the Mexican Defense Ministry, publishing millions of emails that detail the military’s growing influence over the civilian government.

#nytimes #EN #2022 #hacktivism #Mexico #leak #Military #Spying #Government

·nytimes.com·Oct 9, 2022

Major Mexican Government Hack Reveals Military Abuse and Spying

Hackers release data after LAUSD refuses to pay ransom

Hackers released data from Los Angeles Unified School District on Saturday, a day after Supt. Alberto Carvalho said he would not negotiate with or pay a ransom to the criminal syndicate.

#latimes #2022 #LAUSD #leak #ransom #school #edu #vice-society

·latimes.com·Oct 9, 2022

Hackers release data after LAUSD refuses to pay ransom

The Majority of PostgreSQL Servers on the Internet are Insecure

At most 15% of the approximately 820,000 PostgreSQL servers listening on the Internet require encryption. In fact, only 36% even support encryption. This puts PostgreSQL servers well behind the rest of the Internet in terms of security. In comparison, according to Google, over 96% of page loads in Chrome on a Mac are encrypted. The top 100 websites support encryption, and 97 of those default to encryption.

#innerjoin.bit.io #EN #2022 #PostgreSQL #research #Insecure #internet #medium

·innerjoin.bit.io·Oct 8, 2022

The Majority of PostgreSQL Servers on the Internet are Insecure

Fake CISO Profiles on LinkedIn Target Fortune 500s

Someone has recently created a large number of fake LinkedIn profiles for Chief Information Security Officer (CISO) roles at some of the world’s largest corporations. It’s not clear who’s behind this network of fake CISOs or what their intentions may…

#krebsonsecurity #2022 #EN #CISO #LinkedIn #fake #profiles

·krebsonsecurity.com·Oct 8, 2022

Fake CISO Profiles on LinkedIn Target Fortune 500s