Cyberveilleby Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
page 1 / 60
The criminal use of ChatGPT – a cautionary tale about large language models https://www.europol.europa.eu/media-press/newsroom/news/criminal-use-of-chatgpt-cautionary-tale-about-large-language-models
27/03/2023 13:18:01
QRCode
archive.org
thumbnail

In response to the growing public attention given to ChatGPT, the Europol Innovation Lab organised a number of workshops with subject matter experts from across Europol to explore how criminals can abuse large language models (LLMs) such as ChatGPT, as well as how it may assist investigators in their daily work.

europol 2023 EN ChatGTP criminal use
Guidance for investigating attacks using CVE-2023-23397 https://www.microsoft.com/en-us/security/blog/2023/03/24/guidance-for-investigating-attacks-using-cve-2023-23397/
27/03/2023 11:09:51
QRCode
archive.org
thumbnail

This guide provides steps organizations can take to assess whether users have been targeted or compromised by threat actors exploiting CVE-2023-23397.

microsoft EN 2023 Guidance investigating CVE-2023-23397 Outlook
France bans all recreational apps from government devices https://www.theregister.com/2023/03/27/france_bans_all_recreational_apps/
27/03/2023 11:02:57
QRCode
archive.org
thumbnail

The government of France has banned TikTok – and all other recreational apps – from phones issued to its employees.

The nation's ministère de la transformation et de la fonction publiques last Friday issued a statement PDF announcing the policy, which minister of transformation and public service Stanislas Guerini justified on grounds that no recreational apps have sufficiently robust security for them to be deployed on government-owned devices.

theregister EN 2023 France TikTok statement government-owned devices ban
Bypassing Qakbot Anti-Analysis https://lab52.io/blog/bypassing-qakbot-anti-analysis-tactics/
27/03/2023 07:31:49
QRCode
archive.org

QakBot is a banking trojan that has been evolving since its first version was discovered in 2008. According to the 2022 report published by CISA, it was one of the most active variants in 2021, and during 2022 and so far in 2023 it has remained quite active. Taking a brief look at the latests news of QakBot it has been updating its tactics constantly, for example, using a Windows zero-day to avoid displaying the MoTW or the most recent one, using OneNote files to drop QakBot.

In this case we are particularly interested in the anti-analysis techniques used by QakBot during the early stages of its execution. These techniques can make malware analysis harder if they are not known, so learning to identify and bypass them is essential to get to see the malware’s operation at its full potential. Furthermore, there are techniques that can replicate / adopt different types of malware, so knowking them opens the door to the study of different samples.

lab52 EN 2023 Qakbot analysis anti-analysis techniques TTP
MacStealer: New macOS-based Stealer Malware Identified https://www.uptycs.com/blog/macstealer-command-and-control-c2-malware
27/03/2023 07:20:11
QRCode
archive.org
thumbnail

Uptycs has already identified three Windows-based malware families that use Telegram this year, including Titan Stealer, Parallax RAT, and HookSpoofer. Attackers are increasingly turning to it, particularly for stealer command and control (C2).

And now the Uptycs threat research team has discovered a macOS stealer that also controls its operations over Telegram. We’ve dubbed it MacStealer.

Uptycs EN 2023 macOS C2 stealer MacStealer Telegram
NCA infiltrates cyber crime market with disguised DDoS sites https://www.nationalcrimeagency.gov.uk/news/nca-infiltrates-cyber-crime-market-with-disguised-ddos-sites
27/03/2023 07:18:17
QRCode
archive.org
thumbnail

The National Crime Agency has today revealed that it has infiltrated the online criminal marketplace by setting up a number of sites purporting to offer DDoS-for-hire services.

Today’s announcement comes after the Agency chose to identify one of the sites currently being run by officers as part of a sustained programme of activity to disrupt and undermine DDoS as a criminal service.

nationalcrimeagency 2023 EN NCA DDoS
Throttling and Blocking Email from Persistently Vulnerable Exchange Servers to Exchange Online - Microsoft Community Hub https://techcommunity.microsoft.com/t5/exchange-team-blog/throttling-and-blocking-email-from-persistently-vulnerable/ba-p/3762078
27/03/2023 07:15:28
QRCode
archive.org
thumbnail

As we continue to enhance the security of our cloud, we are going to address the problem of email sent to Exchange Online from unsupported and unpatched Exchange servers. There are many risks associated with running unsupported or unpatched software, but by far the biggest risk is security. Once a version of Exchange Server is no longer supported, it no longer receives security updates; thus, any vulnerabilities discovered after support has ended don’t get fixed. There are similar risks associated with running software that is not patched for known vulnerabilities. Once a security update is released, malicious actors will reverse-engineer the update to get a better understanding of how to exploit the vulnerability on unpatched servers.

microsoft techcommunity EN 2023 announce Blocking Email Exchange unpatched
La NZZ victime d'un ransomware https://www.ictjournal.ch/news/2023-03-24/la-nzz-victime-dun-ransomware
25/03/2023 22:19:39
QRCode
archive.org
thumbnail

Plusieurs médias alémaniques sont touchés par un ransomware.

ictjournal CH 2023 ransomware NZZ journal médias
Bundesamt für Verfassungsschutz - Counter-intelligence - Joint Cyber Security Advisory https://www.verfassungsschutz.de/SharedDocs/kurzmeldungen/EN/2023/2023-03-20-joint-cyber-security-advisory.html
25/03/2023 22:08:17
QRCode
archive.org

Warning on KIMSUKY Cyber Actor's Recent Cyber Campaigns against Google's Browser and App Store Services

verfassungsschutz EN 2023 KIMSUKY Warning official NorthKorea Germany Google TTPs app
Shining Light on Dark Power: Yet Another Ransomware Gang https://www.trellix.com/en-us/about/newsroom/stories/research/shining-light-on-dark-power.html
25/03/2023 21:11:57
QRCode
archive.org
thumbnail

Another day, another ransomware gang. The Dark Power ransomware gang is new on the block, and is trying to make a name for itself. This blog dives into the specifics of the ransomware used by the gang, as well as some information regarding their victim naming and shaming website, filled with non-paying victims and stolen data.

trellix EN 2023 DarkPower ransomware gang research
Untitled Goose Tool Aids Hunt and Incident Response in Azure, Azure Active Directory, and Microsoft 365 Environments https://www.cisa.gov/news-events/alerts/2023/03/23/untitled-goose-tool-aids-hunt-and-incident-response-azure-azure-active-directory-and-microsoft-365
25/03/2023 11:12:42
QRCode
archive.org

Today, CISA released the Untitled Goose Tool to help network defenders detect potentially malicious activity in Microsoft Azure, Azure Active Directory (AAD), and Microsoft 365 (M365) environments. The Untitled Goose Tool offers novel authentication and data gathering methods for network defenders to use as they interrogate and analyze their Microsoft cloud services. The tool enables users to:

cisa EN 2023 tool AD Azure M365 hunting blueteam check
Raiffeisen, Cler, BCGE... Des données bancaires exposées sur le web, à l'insu des clients https://www.heidi.news/cyber/raiffeisen-cler-bcge-des-donnees-bancaires-ont-ete-exposees-sur-le-web-a-l-insu-des-clients
24/03/2023 10:46:59
QRCode
archive.org
thumbnail

C’est une faille banale qui a exposé les relevés de cartes bancaires de milliers d’entreprises suisses pendant 18 mois. Et ni l’entreprise qui émet les cartes concernées, ni les banques qui les fournissent à leurs clients ne comptent diffuser l’information.
Motif? Le problème a été réglé et les recherches n’ont pas permis d’observer un accès indu aux informations. Une stratégie de communication qui interpelle, à l’heure où la sécurité des données devient un enjeu majeur pour les entreprises.

heidi.news FR 2023 CH faille banale carte bancaire leak
OK, it’s time to freak out about AI https://nonzero.substack.com/p/ok-its-time-to-freak-out-about-ai
24/03/2023 10:39:36
QRCode
archive.org
thumbnail

There are at least two kinds of catastrophe scenarios, and both are getting more plausible

nonzero EN 2023 AI opinion catastrophe plausible
New victims come forward after mass-ransomware attack https://techcrunch.com/2023/03/22/fortra-goanywhere-ransomware-attack/
23/03/2023 22:04:26
QRCode
archive.org
thumbnail

The number of victims affected by a mass-ransomware attack, caused by a bug in a popular data transfer tool used by businesses around the world, continues to grow as another organization tells TechCrunch that it was also hacked.

The City of Toronto told TechCrunch in a revised statement on March 23: “Today, the City of Toronto has confirmed that unauthorized access to City data did occur through a third party vendor. The access is limited to files that were unable to be processed through the third party secure file transfer system.”

techcrunch EN 2023 mass-ransomware attack Clop
Emotet resumes spam operations, switches to OneNote https://blog.talosintelligence.com/emotet-switches-to-onenote/
23/03/2023 21:55:34
QRCode
archive.org
thumbnail
  • Emotet resumed spamming operations on March 7, 2023, after a months-long hiatus.
  • Initially leveraging heavily padded Microsoft Word documents to attempt to evade sandbox analysis and endpoint protection, the botnets switched to distributing malicious OneNote documents on March 16.
  • Since returning, Emotet has leveraged several distinct infection chains, indicating that they are modifying their approach based on their perceived success in infecting new systems.
  • The initial emails delivered to victims are consistent with what has been observed from Emotet over the past several years.
talosintelligence EN 2023 Emotet OneNote
Prompt Injections are bad, mkay? https://greshake.github.io/
23/03/2023 16:47:51
QRCode
archive.org

Large Language Models (LLM) have made amazing progress in recent years. Most recently, they have demonstrated to answer natural language questions at a surprising performance level. In addition, by clever prompting, these models can change their behavior. In this way, these models blur the line between data and instruction. From "traditional" cybersecurity, we know that this is a problem. The importance of security boundaries between trusted and untrusted inputs for LLMs was underestimated. We show that Prompt Injection is a serious security threat that needs to be addressed as models are deployed to new use-cases and interface with more systems.

[PDF DOC] https://arxiv.org/pdf/2302.12173.pdf

greshake EN 2023 Prompt Injections prompt-injection AI
Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours https://securityintelligence.com/posts/patch-tuesday-exploit-wednesday-pwning-windows-ancillary-function-driver-winsock/
22/03/2023 21:39:20
QRCode
archive.org
thumbnail

Dive into the analysis and exploitation of a vulnerability in the Windows Ancillary Function Driver for Winsock for Local Privilege Escalation on Windows 11. More from X-Force Red experts.

securityintelligence EN 2023 PatchTuesday LPE Windows afd.sys CVE-2023-21768 exploit analysis reverseengineering
Journalist opens USB letter bomb in newsroom https://www.bbc.com/news/world-latin-america-65026522
22/03/2023 21:34:00
QRCode
archive.org
thumbnail

Ecuador's government condemns the attack after journalists nationwide are targeted.

Related:

bbc EN 2023 Ecuador USB explosive
Session Cookies, Keychains, SSH Keys and More | 7 Kinds of Data Malware Steals from macOS Users https://www.sentinelone.com/blog/session-cookies-keychains-ssh-keys-and-more-7-kinds-of-data-malware-steals-from-macos-users/
22/03/2023 21:20:20
QRCode
archive.org
thumbnail

Stealing data from Mac devices can unlock the door for both financially-motivated cybercrime and espionage. Learn how recent macOS malware does it.

sentinelone EN 2023 Apple macos Mac stealer stealing attacks
Reversing Emotet Dropping Javascript https://marcoramilli.com/2023/03/22/reversing-emotet-dropping-javascript/
22/03/2023 18:06:29
QRCode
archive.org
thumbnail

Recently (On March 18 2023 at 23:44), a new malspam campaign has been observed in the wild ( HERE ), which caused a significant amount of concern. This campaign is designed to distribute malicious emails, which contain a harmful payload that can infect a user’s system, steal sensitive information, or launch other types of attacks.

marcoramilli EN 2023 Reversing Emotet Dropping Javascript malspam
page 1 / 60
1185 links
Shaarli - Le gestionnaire de marque-pages personnel, minimaliste, et sans base de données par la communauté Shaarli - Theme by kalvn - Curated by Decio