Cyberveille

Students turning to cyberfraud as huge phishing https://www.theguardian.com/technology/2024/apr/18/students-turning-to-cyberfraud-as-huge-phishing-site-infiltrated-police-reveal

18/04/2024 09:51:04

LabHost enabled users to set up websites designed to trick victims into revealing personal information – with 70,000 allegedly duped in the UK

Attackers exploiting new critical OpenMetadata vulnerabilities on Kubernetes clusters https://www.microsoft.com/en-us/security/blog/2024/04/17/attackers-exploiting-new-critical-openmetadata-vulnerabilities-on-kubernetes-clusters/

18/04/2024 08:28:41

Microsoft recently uncovered an attack that exploits new critical vulnerabilities in OpenMetadata to gain access to Kubernetes workloads and leverage them for cryptomining activity.

Unearthing APT44: Russia’s Notorious Cyber Sabotage Unit Sandworm https://cloud.google.com/blog/topics/threat-intelligence/apt44-unearthing-sandworm?hl=en

18/04/2024 07:10:04

APT44 is a threat actor that is actively engaged in the full spectrum of espionage, attack, and influence operations.

Hackers Linked to Russia’s Military Claim Credit for Sabotaging US Water Utilities | WIRED https://www.wired.com/story/cyber-army-of-russia-reborn-sandworm-us-cyberattacks/

18/04/2024 07:08:54

Cyber Army of Russia Reborn, a group with ties to the Kremlin’s Sandworm unit, is crossing lines even that notorious cyberwarfare unit wouldn’t dare to.

Over 500 people targeted by Pegasus spyware in Poland, officials say https://therecord.media/poland-pegasus-spyware-more-than-500-citizens

17/04/2024 13:32:58

Prosecutor General Adam Bodnar says an investigation into Pegasus use by current and former government officials has expanded to hundreds more people than initially reported.

Ivanti warns of critical flaws in its Avalanche MDM solution https://www.bleepingcomputer.com/news/security/ivanti-warns-of-critical-flaws-in-its-avalanche-mdm-solution/#google_vignette

17/04/2024 13:27:39

Ivanti has released security updates to fix 27 vulnerabilities in its Avalanche mobile device management (MDM) solution, two of them critical heap overflows that can be exploited for remote command execution.

Security Brief: TA547 Targets German Organizations with Rhadamanthys Stealer https://www.proofpoint.com/us/blog/threat-insight/security-brief-ta547-targets-german-organizations-rhadamanthys-stealer

17/04/2024 11:57:54

What happened Proofpoint identified TA547 targeting German organizations with an email campaign delivering Rhadamanthys malware. This is the first time researchers observed TA547 use Rhadamanthys,...

Palo Alto - Putting The Protecc In GlobalProtect (CVE-2024-3400) https://labs.watchtowr.com/palo-alto-putting-the-protecc-in-globalprotect-cve-2024-3400/

17/04/2024 11:04:20

Welcome to April 2024, again. We’re back, again.

Over the weekend, we were all greeted by now-familiar news—a nation-state was exploiting a “sophisticated” vulnerability for full compromise in yet another enterprise-grade SSLVPN device.

We’ve seen all the commentary around the certification process of these devices for certain .GOVs - we’re not here to comment on that, but sounds humorous.

DDoS threat report for 2024 Q1 https://blog.cloudflare.com/ddos-threat-report-for-2024-q1

17/04/2024 06:44:03

2024 started with a bang. Cloudflare’s autonomous systems mitigated over 4.5 million DDoS attacks in the first quarter of the year — a 50% increase compared to the previous year.

The US Government Has a Microsoft Problem https://www.wired.com/story/the-us-government-has-a-microsoft-problem/

16/04/2024 20:09:46

Microsoft has stumbled through a series of major cybersecurity failures over the past few years. Experts say the US government’s reliance on its systems means the company continues to get a free pass.

Change Healthcare stolen patient data leaked by ransomware gang https://techcrunch.com/2024/04/15/change-healthcare-stolen-patient-data-ransomhub-leak/

16/04/2024 16:46:00

This is the second group to demand a ransom payment from Change Healthcare to prevent the release of stolen patient data in as many months.

Open Source Security (OpenSSF) and OpenJS Foundations Issue Alert for Social Engineering Takeovers of Open Source Projects https://openjsf.org/blog/openssf-openjs-alert-social-engineering-takeovers

16/04/2024 16:44:29

XZ Utils cyberattack likely not an isolated incident

Réunion en ligne avec un faux chef (technique de deep fake) : fraude au CEO 2.0 https://www.ncsc.admin.ch/ncsc/fr/home/aktuell/im-fokus/2024/wochenrueckblick_14.html

16/04/2024 14:34:08

09.04.2024 - Le service financier d’une entreprise reçoit de son patron une demande de paiement soi-disant urgente. Le CEO explique que si le responsable financier n’effectue pas le paiement dans les plus brefs délais, cela aura de graves conséquences pour l’entreprise, car une commande importante sera perdue. Ensuite, le chef n’est étrangement plus joignable pour répondre à d’autres questions. Tel est le scénario typique d’une fraude au CEO. La plupart du temps, ces attaques ne sont pas très sophistiquées et sont faciles à détecter. L’intelligence artificielle et le deep fake ne s’arrêtent toutefois pas à cette méthode d’escroquerie plutôt simple, comme le montre un exemple récent signalé à l’OFCS.

PuTTY vulnerability vuln-p521-bias https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html

16/04/2024 14:31:00

Every version of the PuTTY tools from 0.68 to 0.80 inclusive has a critical vulnerability in the code that generates signatures from ECDSA private keys which use the NIST P521 curve. (PuTTY, or Pageant, generates a signature from a key when using it to authenticate you to an SSH server.)

Leaked LockBit builder in a real-life incident response case | Securelist https://securelist.com/lockbit-3-0-based-custom-targeted-ransomware/112375/

16/04/2024 14:24:13

Kaspersky researchers revisit the leaked LockBit 3.0 builder and share insights into a real-life incident involving a custom targeted ransomware variant created with this builder.

From Social Engineering to DMARC Abuse: TA427’s Art of Information Gathering | Proofpoint US https://www.proofpoint.com/us/blog/threat-insight/social-engineering-dmarc-abuse-ta427s-art-information-gathering

16/04/2024 14:18:04

Key takeaways  TA427 regularly engages in benign conversation starter campaigns to establish contact with targets for long-term exchanges of information on topics of strategic importance to the No...

CISA: Email from federal agencies possibly accessed in Russian breach of Microsoft https://therecord.media/cisa-microsoft-breach-emergency-directive

15/04/2024 16:35:25

CISA publicly released an emergency directive issued to federal agencies earlier this month, detailing how a breach at Microsoft could have affected the government.

Automating Pikabot’s String Deobfuscation https://www.zscaler.com/blogs/security-research/automating-pikabot-s-string-deobfuscation

15/04/2024 14:26:26

ThreatLabz created an IDA plugin to automate the deobfuscation of Pikabot’s strings.

World-first “Cybercrime Index” ranks countries by cybercrime threat https://www.ox.ac.uk/news/2024-04-10-world-first-cybercrime-index-ranks-countries-cybercrime-threat-level?ref=news.risky.biz

15/04/2024 14:24:56

Following three years of intensive research, an international team of researchers have compiled the first ever ‘World Cybercrime Index’, which identifies the globe’s key cybercrime hotspots by ranking the most significant sources of cybercrime at a national level.

Thousands of Ivanti VPN Appliances Impacted by Recent Vulnerability https://www.securityweek.com/thousands-of-ivanti-vpn-appliances-impacted-by-recent-vulnerability/

14/04/2024 15:35:21

The Shadowserver Foundation identifies thousands of Ivanti VPN instances likely impacted by a recent remote code execution flaw.

Liens par page

Filtres