Recherche : [E*N] - Cyberveille

SIM Swappers Are Working Directly with Ransomware Gangs Now https://www.404media.co/sim-swappers-are-working-directly-with-ransomware-gangs-now/

27/10/2023 13:54:34

Hackers connected to “the Comm,” a nebulous group that includes SIM swappers, are working with ALPHV, a ransomware group that has impacted some of the biggest companies on the planet, including MGM Casinos.

CVE-2023-45498: RCE in VinChin Backup https://blog.leakix.net/2023/10/vinchin-backup-rce-chain/

27/10/2023 13:47:49

CVE-2023-45498/CVE-2023-45499 advisory

Compromising F5 BIGIP with Request Smuggling | CVE-2023-46747 https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/

27/10/2023 13:43:18

Our team identified a request smuggling vulnerability that led to complete compromise of an F5 system with the TMUI exposed.

Chatbot Hallucinations Are Poisoning Web Search https://www.wired.com/story/fast-forward-chatbot-hallucinations-are-poisoning-web-search/

27/10/2023 09:06:26

Untruths spouted by chatbots ended up on the web—and Microsoft's Bing search engine served them up as facts. Generative AI could make search harder to trust.

CCleaner confirms data breach via MOVEit attack https://cybernews.com/news/ccleaner-confirms-data-breach/

27/10/2023 08:58:56

CCleaner, a popular software for cleaning files and Windows Registry entries, has confirmed that attackers accessed some of its customer data.

A cascade of compromise: unveiling Lazarus' new campaign https://securelist.com/unveiling-lazarus-new-campaign/110888/

27/10/2023 08:48:29

We unveil a Lazarus campaign exploiting security company products and examine its intricate connections with other campaigns

Hyundai to hold software-upgrade clinics across the US for vehicles targeted by thieves | AP News https://apnews.com/article/hyundai-kia-theft-software-upgrade-b0ce0c9ccf816ced5df68458ea5ab071

27/10/2023 08:25:07

Hyundai says it will set up “mobile clinics” at five U.S. locations to provide anti-theft software upgrades for vehicles now regularly targeted by thieves using a technique popularized on TikTok and other social platforms.

Winter Vivern exploits zero-day vulnerability in Roundcube Webmail servers https://www.welivesecurity.com/en/eset-research/winter-vivern-exploits-zero-day-vulnerability-roundcube-webmail-servers/

27/10/2023 08:24:41

ESET Research discover campaigns by the Winter Vivern APT group that exploit a zero-day XSS vulnerability in the Roundcube Webmail server and target governmental entities and a think tank in Europe.

StripedFly: Perennially flying under the radar https://securelist.com/stripedfly-perennially-flying-under-the-radar/110903/

26/10/2023 23:06:55

Nobody would even suspect the mining malware was merely a mask, masquerading behind an intricate modular framework that supports both Linux and Windows. The amount of effort that went into creating the framework is truly remarkable, and its disclosure was quite astonishing.

Triangulation: validators, post-compromise activity and modules | Securelist https://securelist.com/triangulation-validators-modules/110847/

26/10/2023 17:49:57

In this report Kaspersky shares insights into the validation components used in Operation Triangulation, TriangleDB implant post-compromise activity, as well as details of some additional modules.
#2023 #APT #Apple #EN #Malware #Malware-Description #Triangulation #analysis #iOS #macOS #securelist #spyware

VMSA-2023-0023 https://www.vmware.com/security/advisories/VMSA-2023-0023.html

25/10/2023 23:47:03

VMware vCenter Server updates address out-of-bounds write and information disclosure vulnerabilities

iLeakage https://ileakage.com/

25/10/2023 23:45:04

We present iLeakage, a transient execution side channel targeting the Safari web browser present on Macs, iPads and iPhones. iLeakage shows that the Spectre attack is still relevant and exploitable, even after nearly 6 years of effort to mitigate it since its discovery. We show how an attacker can induce Safari to render an arbitrary webpage, subsequently recovering sensitive information present within it using speculative execution. In particular, we demonstrate how Safari allows a malicious webpage to recover secrets from popular high-value targets, such as Gmail inbox content. Finally, we demonstrate the recovery of passwords, in case these are autofilled by credential managers.

Hackers can force iOS and macOS browsers to divulge passwords and much more https://arstechnica.com/security/2023/10/hackers-can-force-ios-and-macos-browsers-to-divulge-passwords-and-a-whole-lot-more/

25/10/2023 20:34:57

iLeakage is practical and requires minimal resources. A patch isn't (yet) available.

Now Android and Windows devices aren't safe from Flipper Zero either | ZDNET https://www.zdnet.com/article/now-android-and-windows-devices-arent-safe-from-flipper-zero-either/

25/10/2023 15:51:55

The Bluetooth spam feature that was initially used to inundate, and even crash, iPhones has now been expanded to cover Android and Windows devices.

Citrix warns admins to patch NetScaler CVE-2023-4966 bug immediately https://www.bleepingcomputer.com/news/security/citrix-warns-admins-to-patch-netscaler-cve-2023-4966-bug-immediately/

25/10/2023 08:00:52

Citrix warned admins today to secure all NetScaler ADC and Gateway appliances immediately against ongoing attacks exploiting the CVE-2023-4966 vulnerability.

CVE-2023-4966: NetScaler Critical Security Update Now Available https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/

25/10/2023 07:57:47

CVE-2023-4966 affects NetScaler ADC and NetScaler Gateway and, if exploited, could result in unauthorized data disclosure. Learn more.

Battling a new DarkGate malware campaign with Malwarebytes MDR https://www.malwarebytes.com/blog/business/2023/10/on-the-frontlines-battling-an-in-the-wild-darkgate-infection-with-malwarebytes-mdr

24/10/2023 19:33:26

First publicly reported in 2018, DarkGate is a Windows-based malware with a wide-range of capabilities including credential stealing and remote access to victim endpoints. Until recently, it was only seen being delivered through traditional email malspam campaigns. In late August 2023, however, researchers at Trusec found evidence of a campaign using external Teams messages to deliver the DarkGate Loader.

Citrix Bleed: Leaking Session Tokens with CVE-2023-4966 https://www.assetnote.io/resources/research/citrix-bleed-leaking-session-tokens-with-cve-2023-4966

24/10/2023 15:21:10

It's time for another round Citrix Patch Diffing! Earlier this month Citrix released a security bulletin which mentioned "unauthenticated buffer-related vulnerabilities" and two CVEs. These issues affected Citrix NetScaler ADC and NetScaler Gateway.

Another plastic surgery practice appears to have been hit — this time by Hunters International https://www.databreaches.net/another-plastic-surgery-practice-appears-to-have-been-hit-this-time-by-hunters-international/

24/10/2023 13:48:00

On October 17, the FBI issued a Public Service Announcement, Cybercriminals are Targeting Plastic Surgery Offices and Patients. Five days later, DataBreaches learned that there had been another attack on a plastic surgery practice where patient data had allegedly been stolen and is in danger of being leaked publicly. It would not be surprising if the FBI knew about the attack and that it was the impetus for the newly released PSA.

Tracking Unauthorized Access to Okta's Support System https://sec.okta.com/harfiles

24/10/2023 10:06:31

Okta Security has identified adversarial activity that leveraged access to a stolen credential to access Okta's support case management system.

The threat actor was able to view files uploaded by certain Okta customers as part of recent support cases. It should be noted that the Okta support case management system is separate from the production Okta service, which is fully operational and has not been impacted. In addition, the Auth0/CIC case management system is not impacted by this incident.

Liens par page

Filtres