Recherche : [EN] - Cyberveille

Ransomware Negotiation: Dos and Don’ts! https://www.neteye-blog.com/2023/09/ransomware-negotiation-dos-and-donts/

05/10/2023 12:07:19

Double extortion ransomware attacks have reached very high numerical values. One of the key elements, when suffering such an attack, concerns the negotiation that can be initiated (not always!) with the ransomware gang. The analysis, carried out by the SEC4U team, of hundreds of negotiations makes it possible to apply a scientific approach to this

CVE: Zero-Day Privilege Escalation in Confluence Server & Data Center https://www.rapid7.com/blog/post/2023/10/04/etr-cve-2023-22515-zero-day-privilege-escalation-in-confluence-server-and-data-center/

04/10/2023 22:04:13

On 10/4/2023, Atlassian published a security advisory on CVE-2023-22515, a privilege escalation vulnerability affecting Confluence Server & Data Center.

Sony confirms data breach impacting thousands in the U.S. https://www.bleepingcomputer.com/news/security/sony-confirms-data-breach-impacting-thousands-in-the-us/#google_vignette

04/10/2023 16:50:10

Sony Interactive Entertainment (Sony) has notified current and former employees and their family members about a cybersecurity breach that exposed personal information.

CVE-2023-4911: Looney Tunables - Local Privilege Escalation in the glibc’s ld.so https://blog.qualys.com/vulnerabilities-threat-research/2023/10/03/cve-2023-4911-looney-tunables-local-privilege-escalation-in-the-glibcs-ld-so#potential-impact-of-looney-tunables

04/10/2023 09:33:44

The Qualys Threat Research Unit (TRU) has discovered a buffer overflow vulnerability in GNU C Library's dynamic loader's processing of the GLIBC_TUNABLES…

Vulnerable Arm GPU drivers under active exploitation. Patches may not be available | Ars Technica https://arstechnica.com/security/2023/10/vulnerable-arm-gpu-drivers-under-active-exploitation-patches-may-not-be-available/?

03/10/2023 21:39:01

Vulnerability allows attackers to tamper with data stored in device memory.

Qualcomm says hackers exploit 3 zero-days in its GPU, DSP drivers https://www.bleepingcomputer.com/news/security/qualcomm-says-hackers-exploit-3-zero-days-in-its-gpu-dsp-drivers/

03/10/2023 17:31:45

Qualcomm is warning of three zero-day vulnerabilities in its GPU and Compute DSP drivers that hackers are actively exploiting in attacks.

Microsoft Defender Flags Tor Browser as a Trojan and Removes it from the System https://deform.co/microsoft-defender-flags-tor-browser-as-a-trojan-and-removes-it-from-the-system/

02/10/2023 21:00:20

Windows users have recently begun mass-reporting that Microsoft's Defender antivirus program, which is integrated into Windows 10 and 11 by default, is

Critical vulnerabilities in Exim threaten over 250k email servers worldwide | Ars Technica https://arstechnica.com/security/2023/09/critical-vulnerabilities-in-exim-threaten-over-250k-email-servers-worldwide/

02/10/2023 18:47:43

Remote code execution requiring no authentication fixed. 2 other RCEs remain unpatched.

Routers have been rooted by Chinese spies US and Japan warn https://www.theregister.com/2023/09/27/us_japan_routers/

30/09/2023 00:51:22

BlackTech crew looking to steal sensitive data traffic

NSA chief announces new AI Security Center, 'focal point' for AI use by government, defense industry https://breakingdefense.com/2023/09/nsa-stands-up-ai-security-center-as-focal-point-for-guiding-ai-use-by-government-defense-industry/

30/09/2023 00:15:23

"We must build a robust understanding of AI vulnerabilities, foreign intelligence threats to these AI systems and ways to counter the threat in order to have AI security," Gen. Paul Nakasone said. "We must also ensure that malicious foreign actors can't steal America’s innovative AI capabilities to do so.”

Vulnerability in popular ‘libwebp’ code more widespread than expected https://therecord.media/libwebp-vulnerability-more-widespread-than-expected

28/09/2023 21:11:47

Initial alerts about a bug in the obscure but widely used libwebp library have expanded into concerns that it affects not only web browsers like Chrome, but also many other common pieces of software.

CVE-2023-42793 https://attackerkb.com/topics/1XEEEkGHzt/cve-2023-42793/rapid7-analysis

27/09/2023 19:28:40

CVE-2023-42793 is a critical authentication bypass published on September 19, 2023 that affects on-premises instances of JetBrains TeamCity, a CI/CD server. Th…

New GPU Side-Channel Attack Allows Malicious Websites to Steal Data https://www.securityweek.com/new-gpu-side-channel-attack-allows-malicious-websites-to-steal-data/

27/09/2023 19:25:15

GPUs from AMD, Apple, Arm, Intel, Nvidia and Qualcomm are vulnerable to a new type of side-channel attack named GPU.zip.

GPU.zip https://www.hertzbleed.com/gpu.zip/

27/09/2023 19:23:47

On the Side-Channel Implications of Hardware-Based Graphical Data Compression

Sony Investigating After Hackers Offer to Sell Stolen Data https://www.securityweek.com/sony-investigating-after-hackers-offer-to-sell-stolen-data/

27/09/2023 19:21:17

Sony has launched an investigation after a ransomware group claimed to have compromised all systems and offered to sell stolen data.

Decade of newborn child registry data stolen in MOVEit mass-hack https://techcrunch.com/2023/09/25/decade-of-newborn-child-registry-data-stolen-in-moveit-mass-hack/

26/09/2023 15:09:08

The breach affecting more than 3.4 million people — including newborns and children — is one of the biggest MOVEit-related hacks of the year.

From ScreenConnect to Hive Ransomware in 61 hours https://thedfirreport.com/2023/09/25/from-screenconnect-to-hive-ransomware-in-61-hours/

25/09/2023 08:51:07

In 2022, The DFIR Report observed an increase in the adversarial usage of Remote Management and Monitoring (RMM) tools. When compared to post-exploitation channels that heavily rely on terminals, such … Read More

PREDATOR IN THE WIRES: Ahmed Eltantawy Targeted with Predator Spyware After Announcing Presidential Ambitions https://citizenlab.ca/2023/09/predator-in-the-wires-ahmed-eltantawy-targeted-with-predator-spyware-after-announcing-presidential-ambitions/

23/09/2023 23:27:02

Between May and September 2023, former Egyptian MP Ahmed Eltantawy was targeted with Cytrox's Predator spyware via links sent on SMS and WhatsApp after Eltantawy publicly stated his plans to run for President in the 2024 Egyptian elections. As Egypt is a known customer of Cytrox's Predator spyware, and the spyware was delivered via network injection from a device located physically inside Egypt, we attribute the attack to the Egyptian government with high confidence.

0-days exploited by commercial surveillance vendor in Egypt https://blog.google/threat-analysis-group/0-days-exploited-by-commercial-surveillance-vendor-in-egypt/

23/09/2023 23:19:50

Last week Google’s Threat Analysis Group (TAG), in partnership with The Citizen Lab, discovered an in-the-wild 0-day exploit chain for iPhones. Developed by the commercial surveillance vendor, Intellexa, this exploit chain is used to install its Predator spyware surreptitiously onto a device.

In response, yesterday, Apple patched the bugs in iOS 16.7 and iOS 17.0.1 as CVE-2023-41991, CVE-2023-41992, CVE-2023-41993. This quick patching from Apple helps to better protect users and we encourage all iOS users to install them as soon as possible.

All thanks to ‘Big Yellow Taxi’: How State discovered Chinese hackers reading its emails https://www.politico.com/news/2023/09/15/digital-tripwire-helped-state-uncover-chinese-hack-00115973

23/09/2023 20:03:27

A recent Chinese-linked hack of U.S. government emails detected in June may have gone unnoticed for much longer were it not for an enterprising government IT analyst.

A State Department cybersecurity expert spearheaded an effort to implant a custom warning mechanism into the agency’s network more than two years ago in anticipation of future hacks, the officials said, shedding new light on how they spotted the breach, top State Department officials told POLITICO.

Liens par page

Filtres