Recherche : [E*N] - Cyberveille

CVE-2023-34127 https://attackerkb.com/topics/Vof5fWs4rx/cve-2023-34127

21/08/2023 21:47:28

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SonicWall GMS, SonicWall Analytics enables an authe…

Sneaky Amazon Google ad leads to Microsoft support scam https://www.bleepingcomputer.com/news/security/sneaky-amazon-google-ad-leads-to-microsoft-support-scam/

21/08/2023 20:19:41

A legitimate-looking ad for Amazon in Google search results redirects visitors to a Microsoft Defender tech support scam that locks up their browser.

Brazilian hacker claims Bolsonaro asked him to hack into the voting system ahead of 2022 vote | AP News https://apnews.com/article/brazil-bolsonaro-hacking-inquiry-cc8f890588a5115ff77370d236b3e149

21/08/2023 07:16:26

A Brazilian hacker claimed at a congressional hearing Thursday that then-President Jair Bolsonaro wanted him to hack into the country’s electronic voting system to expose its alleged weaknesses ahead of the 2022 presidential election.

2023-08 Out-of-Cycle Security Bulletin: Junos OS: SRX Series and EX Series: Multiple vulnerabilities in J-Web can be combined to allow a preAuth Remote Code Execution https://supportportal.juniper.net/s/article/2023-08-Out-of-Cycle-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Multiple-vulnerabilities-in-J-Web-can-be-combined-to-allow-a-preAuth-Remote-Code-Execution?language=en_US

20/08/2023 18:21:02

Data Theft Via MOVEit: 4.5 Million More Individuals Affected https://www.databreachtoday.com/data-theft-via-moveit-45-million-more-individuals-affected-a-22810

20/08/2023 18:17:34

The fallout from the Clop cybercrime group's mass theft of data from MOVEit servers continues to increase. Colorado's state healthcare agency alone is now notifying

Chinese Microsoft hackers also hit GOP Rep. Don Bacon of Nebraska https://www.washingtonpost.com/technology/2023/08/14/microsoft-china-hack-congress/

20/08/2023 18:17:05

Rep. Don Bacon tweeted Monday that he had been notified by the FBI that his emails had been hacked.

Threat actors use beta apps to bypass mobile app store security https://www.bleepingcomputer.com/news/security/threat-actors-use-beta-apps-to-bypass-mobile-app-store-security/

19/08/2023 17:23:08

The FBI is warning of a new tactic used by cybercriminals where they promote malicious "beta" versions of cryptocurrency investment apps on popular mobile app stores that are then used to steal crypto.

New Apple iOS 16 Exploit Enables Stealthy Cellular Access Under Fake Airplane Mode https://thehackernews.com/2023/08/new-apple-ios-16-exploit-enables.html

19/08/2023 17:22:46

Cybersecurity researchers have documented a novel post-exploit persistence technique on iOS 16 that could be abused to fly under the radar and maintain access to an Apple device even when the victim believes it is offline.

The method "tricks the victim into thinking their device's Airplane Mode works when in reality the attacker (following successful device exploit) has planted an artificial Airplane Mode which edits the UI to display Airplane Mode icon and cuts internet connection to all apps except the attacker application," Jamf Threat Labs researchers Hu Ke and Nir Avraham said in a report shared with The Hacker News.

Approximately 2000 Citrix NetScalers backdoored in mass-exploitation campaign https://blog.fox-it.com/2023/08/15/approximately-2000-citrix-netscalers-backdoored-in-mass-exploitation-campaign/

19/08/2023 17:20:54

Fox-IT (part of NCC Group) has uncovered a large-scale exploitation campaign of Citrix NetScalers in a joint effort with the Dutch Institute of Vulnerability Disclosure (DIVD). An adversary appears to have exploited CVE-2023-3519 in an automated fashion, placing webshells on vulnerable NetScalers to gain persistent access. The adversary can execute arbitrary commands with this webshell, even when a NetScaler is patched and/or rebooted. At the time of writing, more than 1900 NetScalers remain backdoored. Using the data supplied by Fox-IT, the Dutch Institute of Vulnerability Disclosure has notified victims.

Discord.io confirms breach after hacker steals data of 760K users https://www.bleepingcomputer.com/news/security/discordio-confirms-breach-after-hacker-steals-data-of-760k-users/

19/08/2023 17:20:03

The Discord.io custom invite service has temporarily shut down after suffering a data breach exposing the information of 760,000 members.

The New Frontline of Geopolitics | Understanding the Rise of State-Sponsored Cyber Attacks https://www.sentinelone.com/blog/the-new-frontline-of-geopolitics-understanding-the-rise-of-state-sponsored-cyber-attacks/

18/08/2023 14:35:53

Understanding the complex threat landscape facing businesses today from state-sponsored cyber attacks is crucial to effective cyber defense.

Phishing pages placed on hacked websites https://securelist.com/phishing-with-hacked-sites/110334/

18/08/2023 14:23:35

Scammers are hacking websites powered by WordPress and placing phishing pages inside hidden directories. We share some statistics and tips on recognizing a hacked site.

Users of cybercrime forums often fall victim to info-stealers, researchers find https://therecord.media/cybercrime-forum-users-infected-with-info-stealing-malware

18/08/2023 10:10:54

After analyzing millions of computers infected with info-stealing malware, researchers at Hudson Rock said they identified 120,000 that contained credentials used for logging into cybercrime forums.

Prominent Threat Actor Accidentally Infects Own Computer with Info-Stealer https://www.hudsonrock.com/blog/prominent-threat-actor-accidentally-infects-own-computer-with-info-stealer

18/08/2023 10:10:07

Threat actor “La_Citrix” is known for hacking companies — he accidentally infected his own computer and likely ended up selling it without noticing.

Notorious phishing platform shut down, arrests in international police operation https://www.interpol.int/en/News-and-Events/News/2023/Notorious-phishing-platform-shut-down-arrests-in-international-police-operation

18/08/2023 10:06:18

The platform sold hacking tools to more than 70,000 users in 43 countries

Karma Catches Up to Global Phishing Service 16Shop https://krebsonsecurity.com/2023/08/karma-catches-up-to-global-phishing-service-16shop/

18/08/2023 10:03:36

You've probably never heard of "16Shop," but there's a good chance someone using it has tried to phish you. Last week, the international police organization INTERPOL said it had shuttered the notorious 16Shop, a popular phishing-as-a-service platform launched in 2017…

LinkedIn under attack, malicious hackers seize accounts https://www.tripwire.com/state-of-security/linkedin-under-attack-hackers-seize-accounts

18/08/2023 09:44:31

Security researchers have identified that a widespread LinkedIn hacking campaign has seen many users locked out of their accounts worldwide.

PowerHell: Active Flaws in PowerShell Gallery Expose Users to Attacks https://blog.aquasec.com/powerhell-active-flaws-in-powershell-gallery-expose-users-to-attacks

18/08/2023 08:18:30

Recent findings by Aqua Nautilus have exposed significant flaws that are still active in the PowerShell Gallery's policy regarding package names and owners. These flaws make typosquatting attacks inevitable in this registry, while also making it extremely difficult for users to identify the true owner of a package. Consequently, these flaws pave the way for potential supply chain attacks on the registry's vast user base.

Dark Web Profile: 8Base Ransomware https://socradar.io/dark-web-profile-8base-ransomware/

16/08/2023 21:09:47

In this article, we will focus on 8Base Ransomware, which ranked in the top 5 most active groups last month according to Daily Dark Web...

Raccoon Stealer Announce Return After Hiatus https://cyberint.com/blog/financial-services/raccoon-stealer/

16/08/2023 20:56:01

Raccoon Stealer, the InfoStealer that has been used to obtain 50M+ unique credentials is back with new features and updates.

Liens par page

Filtres