Recherche : [EN] - Cyberveille

Ledger's Web3 Connector library was compromised and replaced with a drainer https://stackdiary.com/ledger-library-confirmed-compromised-and-replaced-with-a-drainer/

14/12/2023 16:21:52

Ledger's software got hit with a serious security problem. banteg, a well-known crypto guy, tweeted that Ledger's library is messed up and now has a "drainer" in it.

Apple will no longer give police users' push notification data without a warrant https://techcrunch.com/2023/12/13/apple-push-notifications-government-warrant/

13/12/2023 18:04:01

Apple says it will now require a judge-approved order before handing over its users' push notification records to government agencies.

Hackers are exploiting critical Apache Struts flaw using public PoC https://www.bleepingcomputer.com/news/security/hackers-are-exploiting-critical-apache-struts-flaw-using-public-poc/

13/12/2023 17:21:24

Hackers are attempting to leverage a recently fixed critical vulnerability (CVE-2023-50164) in Apache Struts that leads to remote code execution, in attacks that rely on publicly available proof-of-concept exploit code.

Ukraine’s intelligence claims cyberattack on Russia’s state tax service https://therecord.media/ukraine-intelligence-claims-attack-on-russia-tax-service

13/12/2023 17:10:41

Ukraine's defense intelligence directorate (GUR) said it infected thousands of servers belonging to Russia's state tax service with malware, and destroyed databases and backups.

CALISTO doxxing : Sekoia.io findings concurs to Reuters’ investigation on FSB-related Andrey Korinets https://blog.sekoia.io/calisto-doxxing-sekoia-io-findings-concurs-to-reuters-investigation-on-fsb-related-andrey-korinets/

13/12/2023 15:30:13

Discover activities linking Korinets to CALISTO doxxing in our investigation. Uncover details from emails, domains & servers used to target UK Parliament & Cambridge University.

Threat actors misuse OAuth applications to automate financially driven attacks https://www.microsoft.com/en-us/security/blog/2023/12/12/threat-actors-misuse-oauth-applications-to-automate-financially-driven-attacks/

13/12/2023 15:25:29

Microsoft Threat Intelligence presents cases of threat actors misusing OAuth applications as automation tools in financially motivated attacks.

Spider-Man And Wolverine Devs Hit By Alleged Ransomware Attack https://kotaku.com/insomniac-games-sony-ransomware-spiderman-wolverine-1851092474

13/12/2023 13:31:19

This would be the third time this year that a Sony-owned company has been breached by hackers

Apple’s new iPhone security setting keeps thieves out of your digital accounts https://www.theverge.com/2023/12/12/23998665/apple-stolen-device-protection-face-touch-id-icloud-account-vulnerability-ios-17-3-beta

13/12/2023 11:57:25

Apple added a feature to iOS 17.3 that appears to address an iPhone security vulnerability that lets thieves steal iCloud accounts using only a user’s iPhone PIN.

AlphV’s bid to report its victim to the SEC could backfire https://readme.synack.com/alphvs-bid-to-report-its-victim-to-the-sec-could-backfire

13/12/2023 09:13:47

The ransomware group AlphV reported a victim to the SEC for failing to report a cybersecurity incident, placing government regulators in a precarious position.

Ukraine's top mobile operator hit by biggest cyberattack of war so far | Reuters https://www.reuters.com/technology/cybersecurity/ukraines-biggest-mobile-operator-suffers-massive-hacker-attack-statement-2023-12-12/

12/12/2023 21:45:10

Ukraine's biggest mobile network operator was hit on Tuesday by what appeared to be the largest cyberattack of the war with Russia so far, knocking out mobile and internet services for millions and the air raid alert system in parts of Kyiv region.

pfSense Security: Sensing Code Vulnerabilities with SonarCloud https://www.sonarsource.com/blog/pfsense-vulnerabilities-sonarcloud/

12/12/2023 21:31:04

Our Clean Code solution SonarCloud discovered multiple vulnerabilities leading to remote code execution on pfSense CE 2.7.0. Let's see how SonarCloud found them and how it can keep your code clean.

One in four apps remain exposed to Log4Shell https://www.theregister.com/2023/12/11/log4j_vulnerabilities/

12/12/2023 19:58:36

Two years after the Log4Shell vulnerability in the open source Java-based Log4j logging utility was disclosed, circa one in four applications are dependent on outdated libraries, leaving them open to exploitation.

Research from security shop Veracode revealed that the vast majority of vulnerable apps may never have updated the Log4j library after it was implemented by developers as 32 percent were running pre-2015 EOL versions.

Sophos backports RCE fix after attacks on unsupported firewalls https://www.bleepingcomputer.com/news/security/sophos-backports-rce-fix-after-attacks-on-unsupported-firewalls/

12/12/2023 18:58:12

Sophos was forced to backport a security update for CVE-2022-3236 for end-of-life (EOL) firewall firmware versions after discovering hackers actively exploiting the flaw in attacks.

50K WordPress sites exposed to RCE attacks by critical bug in backup plugin https://www.bleepingcomputer.com/news/security/50k-wordpress-sites-exposed-to-rce-attacks-by-critical-bug-in-backup-plugin/

12/12/2023 11:31:13

A critical severity vulnerability in a WordPress plugin with more than 90,000 installs can let attackers gain remote code execution to fully compromise vulnerable websites.

Apple Releases Security Updates to Patch Critical iOS and macOS Security Flaws https://thehackernews.com/2023/12/apple-releases-security-updates-to.html

12/12/2023 08:50:45

Apple has released patches for iOS, iPadOS, macOS, tvOS, watchOS, and Safari to address multiple vulnerabilities.

US healthcare giant Norton says hackers stole millions of patients' data during ransomware attack | TechCrunch https://techcrunch.com/2023/12/11/norton-cyberattack-ransomware-hacker-millions/

12/12/2023 08:45:53

Hackers accessed the personal and health data of 2.5 million patients — and employees — during a May ransomware attack.

The EU Just Passed Sweeping New Rules to Regulate AI https://www.wired.com/story/eu-ai-act/

11/12/2023 15:51:09

The European Union agreed on terms of the AI Act, a major new set of rules that will govern the building and use of AI and have major implications for Google, OpenAI, and others racing to develop AI systems.

Amazon sues group that fakes returns so people can get free MacBooks - The Verge https://www.theverge.com/2023/12/8/23993573/amazon-rekk-refund-return-fraud-lawsuit

11/12/2023 15:50:26

Amazon sues REKK, which allegedly helped shoppers get other expensive items for free by hacking and bribing fulfillment center employees to approve fake returns.

Early Warning Notification - the use of Bluetooth trackers for geolocation in organised crime | Europol https://www.europol.europa.eu/publications-events/publications/early-warning-notification-use-of-bluetooth-trackers-for-geolocation-in-organised-crime

11/12/2023 12:34:04

Bluetooth Trackers Exploited for Geolocation in Organised CrimeBluetooth trackers, commonly used for locating personal items and vehicles, have become an unexpected tool in organised crime, according to recent findings reported by Europol in an Early Warning Notification. Typically designed for purposes such as finding lost keys or preventing vehicle theft, Bluetooth trackers are now being leveraged by criminals for geo-locating...

23andMe changes terms of service amid legal fallout from data breach https://www.axios.com/2023/12/07/23andme-terms-of-service-update-data-breach

09/12/2023 18:46:10

Days after a data breach allowed hackers to steal 6.9 million 23andMe users' personal details, the genetic testing company changed its terms of service to prevent customers from formally suing the firm or pursuing class-action lawsuits against it.

Why it matters: It's unclear if 23andMe is attempting to retroactively shield itself from lawsuits alleging it acted negligently.

Liens par page

Filtres