Cyberveilleby Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
page 1 / 21
The SessionManager IIS backdoor: a possibly overlooked GELSEMIUM artefact https://securelist.com/the-sessionmanager-iis-backdoor/106868/
30/06/2022 22:25:26
QRCode
archive.org
thumbnail

In early 2022, we investigated an IIS backdoor called SessionManager. It has been used against NGOs, government, military and industrial organizations in Africa, South America, Asia, Europe, Russia and the Middle East.

securelist EN 2022 APT Backdoor Malware Microsoft Exchange Targeted IIS-attacks Vulnerabilities GELSEMIUM
ZuoRAT Hijacks SOHO Routers to Silently Stalk Networks https://blog.lumen.com/zuorat-hijacks-soho-routers-to-silently-stalk-networks/
30/06/2022 09:44:20
QRCode
archive.org
thumbnail

Black Lotus Labs, is currently tracking elements of what appears to be a sophisticated campaign leveraging infected SOHO routers to target predominantly NA and European networks of interest.

lumen EN 2022 SOHO Routers LAN ZuoRAT ruckus151021.py
Facing reality? Law enforcement and the challenge of deepfakes https://www.europol.europa.eu/publications-events/publications/facing-reality-law-enforcement-and-challenge-of-deepfakes#downloads
30/06/2022 08:56:30
QRCode
archive.org
thumbnail

‘Facing reality? Law enforcement and the challenge of deepfakes’ is the first report produced through the Observatory function of the Europol Innovation Lab. The Europol Innovation Lab’s Observatory function monitors technological developments that are relevant for law enforcement and reports on the risks, threats and opportunities of these emerging technologies. The report provides a detailed overview of the criminal use...

europol EN 2022 deepfakes report deepfakes law-enforcement
FBI warns hackers are using deepfakes to apply for jobs https://www.digitaltrends.com/computing/fbi-warns-hackers-are-using-deepfakes-to-apply-for-jobs/
30/06/2022 08:53:05
QRCode
archive.org
thumbnail

Hackers are stealing PII to apply for remote jobs and then using deepfakes to pass the interview.

digitaltrends EN 2022 deepfakes PII jobs interview FBI remote deepfake AI
Unrar Path Traversal Vulnerability affects Zimbra Mail https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/
29/06/2022 21:15:52
QRCode
archive.org
thumbnail

We discovered a vulnerability in Zimbra Enterprise Email that allows an unauthenticated, remote attacker fully take over Zimbra instances via a flaw in unrar.

sonarsource Pathtraversal EN 2022 Zimbra flaw unrar CVE-2022-30333
Conti vs. LockBit: A Comparative Analysis of Ransomware Groups https://www.trendmicro.com/en_us/research/22/f/conti-vs-lockbit-a-comparative-analysis-of-ransomware-groups.html
28/06/2022 20:50:49
QRCode
archive.org
thumbnail

We compare the targeting and business models of the Conti and LockBit ransomware groups using data analysis approaches. This will be presented in full at the 34th Annual FIRST Conference on June 27, 2022.

trendmicro EN 2022 Conti Lockbit malware cyber-crime research cyber-threats endpoints ransomware articles news reports
LockBit 3.0 introduces the first ransomware bug bounty program https://www.bleepingcomputer.com/news/security/lockbit-30-introduces-the-first-ransomware-bug-bounty-program/
27/06/2022 21:09:08
QRCode
archive.org
thumbnail

The LockBit ransomware operation has released 'LockBit 3.0,' introducing the first ransomware bug bounty program and leaking new extortion tactics and Zcash cryptocurrency payment options.

bleepingcomputer EN 2022 Bug-Bounty Extortion LockBit-3.0 Ransomware Zcash
The Untold Story of NotPetya, the Most Devastating Cyberattack in History https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/
27/06/2022 20:10:06
QRCode
archive.org
thumbnail

Crippled ports. Paralyzed corporations. Frozen government agencies. How a single piece of code crashed the world.

Wired EN 2018 russia ukraine NotPetya Cyberattack
Python packages upload your AWS keys, env vars, secrets to the web https://blog.sonatype.com/python-packages-upload-your-aws-keys-env-vars-secrets-to-web
27/06/2022 09:21:55
QRCode
archive.org
thumbnail

Multiple Python packages caught by Sonatype were seen uploading secrets such as AWS keys and environment variables to a web endpoint.

sonatype EN 20022 supplychain Python stealer AWS keys packages loglib-modules pyg-modules pygrata pygrata-utils hkg-sol-utils
The hateful eight: Kaspersky’s guide to modern ransomware groups’ TTPs https://securelist.com/modern-ransomware-groups-ttps/106824/
27/06/2022 09:19:46
QRCode
archive.org
thumbnail

We want to familiarize the reader with the different stages of ransomware deployment and provide a visual guide to defending against targeted ransomware attacks.

securelist EN 2022 TTP Cybercrime Malware-Technologies Ransomware Targeted-attacks TTPs deployment Tactics Techniques Procedures
There Is More Than One Way to Sleep: Dive Deep Into the Implementations of API Hammering by Various Malware Families https://unit42.paloaltonetworks.com/api-hammering-malware-families/
26/06/2022 13:26:06
QRCode
archive.org
thumbnail

Learn about the unique implementations of API Hammering malware samples and how to mitigate them.

unit42 API Hammering EN 2022 malware API-Hammering Zloader BazarLoader
From NtObjectManager to PetitPotam https://clearbluejar.github.io/posts/from-ntobjectmanager-to-petitpotam/
26/06/2022 12:50:46
QRCode
archive.org
thumbnail

Windows RPC enumeration, discovery, and auditing via NtObjectManager. We will audit the vulnerable RPC interfaces that lead to PetitPotam, discover how they have changed over the past year, and overcome some common RPC auditing pitfalls.

clearbluejar 2022 EN PetitPotam RPC Windows audit NtObjectManager explanation
Conti ransomware finally shuts down data leak, negotiation sites https://www.bleepingcomputer.com/news/security/conti-ransomware-finally-shuts-down-data-leak-negotiation-sites/
25/06/2022 04:59:11
QRCode
archive.org
thumbnail

The Conti ransomware operation has finally shut down its last public-facing infrastructure, consisting of two Tor servers used to leak data and negotiate with victims, closing the final chapter of the notorious cybercrime brand.

bleepingcomputer EN 2022 Conti Hive Infrastructure Ransomware Shutdown Tor
NSA, Partners Recommend Properly Configuring, Monitoring PowerShell in New Report https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3069620/nsa-partners-recommend-properly-configuring-monitoring-powershell-in-new-report/utm_source/substack/utm_medium/nsa-partners-recommend-properly-configuring-monitoring-powershell-in-new-report/
25/06/2022 04:43:38
QRCode
archive.org
thumbnail

The National Security Agency (NSA) and partner cybersecurity authorities released a Cybersecurity Information Sheet today recommending that Microsoft Windows® operators and administrators properly

NSA en 2022 PowerShell recommandation information howto guidance Windows Microsoft
7-zip now supports Windows ‘Mark-of-the-Web’ security feature https://www.bleepingcomputer.com/news/microsoft/7-zip-now-supports-windows-mark-of-the-web-security-feature/
25/06/2022 04:39:28
QRCode
archive.org
thumbnail

7-zip has finally added support for the long-requested 'Mark-of-the-Web' Windows security feature, providing better protection from malicious downloaded files.

bleepingcomputer EN 2022 7-Zip Mark-of-the-Web MoTW Windows Microsoft
Raspberry Robin gets the worm early https://redcanary.com/blog/raspberry-robin/
24/06/2022 10:22:25
QRCode
archive.org
thumbnail

Raspberry Robin is a worm spread by external drives that leverages Windows Installer to download a malicious DLL.

redcanary EN 2022 raspberry-robin worm Windows Installer QNAP DLL
The forgotten SUAVEEYEFUL FreeBSD software implant of the EQUATION GROUP https://xorl.wordpress.com/2022/06/22/the-forgotten-suaveeyeful-freebsd-software-implant-of-the-equation-group/
24/06/2022 09:23:37
QRCode
archive.org
thumbnail

I was checking the 2017 ShadowBrokers leaks when I noticed that one of the EQUATION GROUP tools leaked back then has no public references/analysis (at least as far as I can tell). So, here is what …

xorl 2022 EN FreeBSD EquationGroup 2017 implant SUAVEEYEFUL China Japan US analysis
The curious tale of a fake Carrier.app https://googleprojectzero.blogspot.com/2022/06/curious-case-carrier-app.html
24/06/2022 08:22:05
QRCode
archive.org
thumbnail

Although this looks like the real My Vodafone carrier app available in the App Store, it didn't come from the App Store and is not the real application from Vodafone. TAG suspects that a target receives a link to this app in an SMS, after the attacker asks the carrier to disable the target's mobile data connection. The SMS claims that in order to restore mobile data connectivity, the target must install the carrier app and includes a link to download and install this fake app.

googleprojectzero EN 2022 Hermit ios CVE-2021-30983 Vodafone rcslab
Meet the Administrators of the RSOCKS Proxy Botnet https://krebsonsecurity.com/2022/06/meet-the-administrators-of-the-rsocks-proxy-botnet/
23/06/2022 20:32:13
QRCode
archive.org

Authorities in the United States, Germany, the Netherlands and the U.K. last week said they dismantled the "RSOCKS" botnet, a collection of millions of hacked devices that were sold as "proxies" to cybercriminals looking for ways to route their malicious…

krebsonsecurity EN 2022 RSOCKS botnet devices dismantled
Spyware vendor targets users in Italy and Kazakhstan https://blog.google/threat-analysis-group/italian-spyware-vendor-targets-users-in-italy-and-kazakhstan/
23/06/2022 20:19:05
QRCode
archive.org
thumbnail

Today, alongside Google’s Project Zero, we are detailing capabilities provided by RCS Labs, an Italian vendor that uses a combination of tactics, including atypical drive-by downloads as initial infection vectors to target mobile users on both iOS and Android.

GoogleTAG EN 2022 spyware rcslab Italy Kazakhstan Hermit
page 1 / 21
406 links
Shaarli - Le gestionnaire de marque-pages personnel, minimaliste, et sans base de données par la communauté Shaarli - Theme by kalvn - Curated by Decio