Recherche : [EN] - Cyberveille

[Security Update] Incident Details https://jumpcloud.com/blog/security-update-incident-details

17/07/2023 06:44:29

As a result, today we are publishing details of activity by a sophisticated nation-state sponsored threat actor that gained unauthorized access to our systems to target a small and specific set of our customers. Prior to sharing this information, we notified and worked with the impacted customers. We have also been working with our incident response (IR) partners and law enforcement on both our investigation and steps designed to make our systems and our customers’ operations even more secure. The attack vector used by the threat actor has been mitigated.

WormGPT - The Generative AI Tool Cybercriminals Are Using to Launch BEC Attacks https://slashnext.com/blog/wormgpt-the-generative-ai-tool-cybercriminals-are-using-to-launch-business-email-compromise-attacks/

16/07/2023 11:57:45

In this blog post, we'll look at the use of generative AI, including OpenAI's ChatGPT, and the cybercrime tool WormGPT, in BEC attacks.

Microsoft takes pains to obscure role in 0-days that caused email breach https://arstechnica.com/security/2023/07/microsoft-takes-pains-to-obscure-role-in-0-days-that-caused-email-breach/

16/07/2023 01:43:21

Critics also decry Microsoft's "pay-to-play" monitoring that detected intrusions.

Inside the subsea cable firm secretly helping American take on China https://www.reuters.com/investigates/special-report/us-china-tech-subcom/

15/07/2023 14:22:51

SubCom is laying deepwater internet cables to boost U.S. economic and military might, including a secret mission to a remote island naval base, Reuters found.

WormGPT: New AI Tool Allows Cybercriminals to Launch Sophisticated Cyber Attacks https://thehackernews.com/2023/07/wormgpt-new-ai-tool-allows.html

15/07/2023 14:11:42

A new generative AI cybercrime tool called WormGPT is making waves in underground forums. It empowers cybercriminals to automate phishing attacks.

WordPress plugin installed on 1 million+ sites logged plaintext passwords https://arstechnica.com/security/2023/07/wordpress-plugin-installed-on-1-million-sites-logged-plaintext-passwords

15/07/2023 14:00:20

AIOS bills itself as an "all-in-one" security solution. A just-fixed bug undermined that.

AVrecon malware infects 70,000 Linux routers to build botnet https://www.bleepingcomputer.com/news/security/avrecon-malware-infects-70-000-linux-routers-to-build-botnet/

15/07/2023 13:59:09

Since at least May 2021, stealthy Linux malware called AVrecon was used to infect over 70,000 Linux-based small office/home office (SOHO) routers and add them to a botnet designed to steal bandwidth and provide a hidden residential proxy service.

BlackLotus UEFI Bootkit Source Code Leaked on GitHub https://www.securityweek.com/blacklotus-uefi-bootkit-source-code-leaked-on-github/?utm_source=substack&utm_medium=email

15/07/2023 13:56:38

The source code for the BlackLotus UEFI bootkit has been shared publicly on GitHub, albeit with several modifications compared to the original malware.

Designed specifically for Windows, the bootkit emerged on hacker forums in October last year, being advertised with APT-level capabilities such as secure boot and user access control (UAC) bypass and the ability to disable security applications and defense mechanisms on victim systems.

Microsoft changes signing key system breached by Chinese hackers to steal US gov’t data https://therecord.media/microsoft-changes-signing-key-system

14/07/2023 23:22:26

Microsoft has announced changes to a system that was exploited by Chinese hackers over the last month that allowed them to access email accounts and spy on the inner workings of two dozen organizations, including government agencies, a lawmaker’s staff and even Commerce Secretary Gina Raimondo.

ShadowVault is the latest Mac data-stealer malware, reportedly https://www.intego.com/mac-security-blog/shadowvault-is-the-latest-mac-data-stealer-malware-reportedly/

14/07/2023 23:03:01

ShadowVault data stealer Mac malware made headlines in the Apple press this week. Here is what we know about it so far.

Uncovering weaknesses in Apple macOS and VMWare vCenter: 12 vulnerabilities in RPC implementation https://blog.talosintelligence.com/weaknesses-mac-os-vmware-msrpc/

14/07/2023 09:47:57

Cisco Talos discovered 12 memory corruption vulnerabilities in MSRPC implementations on Apple macOS and VMWare vCenter.
- Seven vulnerabilities affect Apple macOS only.
- Two vulnerabilities affect VMWare vCenter.
- Three vulnerabilities affect both.

Chinese hackers breached US government email accounts, Microsoft and White House say | CNN Politics https://edition.cnn.com/2023/07/12/politics/china-based-hackers-us-government-email-intl-hnk/index.html

13/07/2023 08:54:31

China-based hackers have breached email accounts at two-dozen organizations, including some United States government agencies, in an apparent spying campaign aimed at acquiring sensitive information, according to statements from Microsoft and the White House late Tuesday.

Chinese hackers breached U.S. and European government email through Microsoft bug https://therecord.media/chinese-hackers-breached-us-and-european-governments

13/07/2023 00:28:56

A Chinese hacking group exploited a bug in Microsoft’s cloud email service to spy on two-dozen organizations, including some government agencies, the tech giant said late Tuesday.

Loader activity for Formbook "QM18" https://isc.sans.edu/diary/rss/30020

13/07/2023 00:17:50

Loader activity for Formbook "QM18", Author: Brad Duncan

The Spies Who Loved You: Infected USB Drives to Steal Secrets https://www.mandiant.com/resources/blog/infected-usb-steal-secrets

12/07/2023 10:01:01

In the first half of 2023, we observed a threefold increase in the number of attacks using infected USB drives to steal secrets.

Hackers exploit gaping Windows loophole to give their malware kernel access https://arstechnica.com/security/2023/07/hackers-exploit-gaping-windows-loophole-to-give-their-malware-kernel-access/

12/07/2023 09:37:03

Microsoft blocks a new batch of system drivers, but the loophole empowering them remains.

Microsoft Revokes Malicious Drivers in Patch Tuesday Culling https://news.sophos.com/en-us/2023/07/11/microsoft-revokes-malicious-drivers-in-patch-tuesday-culling/

12/07/2023 09:33:30

In December 2022, Microsoft published their monthly Windows Update packages that included an advisory about malicious drivers, signed by Microsoft and other code-signing authorities, that Sophos X-…

Apple & Microsoft Patch Tuesday, July 2023 Edition https://krebsonsecurity.com/2023/07/apple-microsoft-patch-tuesday-july-2023-edition/

12/07/2023 09:30:55

Microsoft Corp. today released software updates to quash 130 security bugs in its Windows operating systems and related software, including at least five flaws that are already seeing active exploitation. Meanwhile, Apple customers have their own zero-day woes again this…

Apple releases emergency update to fix zero-day exploited in attacks https://www.bleepingcomputer.com/news/apple/apple-releases-emergency-update-to-fix-zero-day-exploited-in-attacks/

12/07/2023 09:09:39

Apple has issued a new round of Rapid Security Response (RSR) updates to address a new zero-day bug exploited in attacks and impacting fully-patched iPhones, Macs, and iPads.

KB5029033: Notice of additions to the Windows Driver.STL revocation list - Microsoft Support https://support.microsoft.com/en-us/topic/kb5029033-notice-of-additions-to-the-windows-driver-stl-revocation-list-d330efa5-3fb7-4903-9f0b-3230d31fca38

12/07/2023 08:18:16

The Microsoft Windows Hardware Compatibility Program (WHCP) certifies that drivers, and other products, run reliably on Windows and on Windows certified hardware. First reported by Sophos, and later Trend Micro and Cisco, Microsoft has investigated and confirmed a list of third-party WHCP-certified drivers used in cyber threat campaigns. Because of the drivers’ intent and functionality, Microsoft has added them to the Windows Driver.STL revocation list.

Liens par page

Filtres