Recherche : [EN] - Cyberveille

Wave of Arrests Hits Cybercriminals https://blog.cyble.com/2023/03/20/wave-of-arrests-hits-cybercriminals/

20/03/2023 15:26:06

Cyble reflects on the identification of a forum administrator and two cybercriminals and how it impacts the wider cybercrime ecosystem.

Pixel Markup vulnerability allows screenshots to be un-redacted https://9to5google.com/2023/03/18/pixel-markup-screenshot-vulnerability/

20/03/2023 07:13:48

Besides the Samsung Exynos modem issue, Android 13 QPR2 with the March 2023 security update fixes a vulnerability with the Pixel’s Markup screenshot tool.

Dubbed “aCropalypse,” Simon Aarons identified and reported this vulnerability (CVE-2023-21036) to Google in early January, with the initial proof-of-concept exploit developed by David Buchanan:

Screenshots cropped using the built-in “Markup” app on Google Pixel devices may be retroactively un-cropped and un-redacted under many circumstances.

Feds Charge NY Man as BreachForums Boss “Pompompurin" https://krebsonsecurity.com/2023/03/feds-charge-ny-man-as-breachforums-boss-pompompurin/

18/03/2023 18:12:21

The U.S. Federal Bureau of Investigation (FBI) this week arrested a New York man on suspicion of running BreachForums, a popular English-language cybercrime forum where some of the world biggest hacked databases routinely first show up for sale. The forum's…

Project Zero: Multiple Internet to Baseband Remote Code Execution Vulnerabilities in Exynos Modems https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html

18/03/2023 02:08:53

In late 2022 and early 2023, Project Zero reported eighteen 0-day vulnerabilities in Exynos Modems produced by Samsung Semiconductor. The four most severe of these eighteen vulnerabilities (CVE-2023-24033 and three other vulnerabilities that have yet to be assigned CVE-IDs) allowed for Internet-to-baseband remote code execution. Tests conducted by Project Zero confirm that those four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker know the victim's phone number. With limited additional research and development, we believe that skilled attackers would be able to quickly create an operational exploit to compromise affected devices silently and remotely.

Google says hackers could silently own your phone until Samsung fixes its modems https://www.theverge.com/2023/3/16/23644013/samsung-exynos-modem-security-issue-project-zero

17/03/2023 21:10:53

You may need to turn off Wi-Fi calling and VoLTE for a bit.

Everything We Know About CVE-2023-23397 https://www.huntress.com/blog/everything-we-know-about-cve-2023-23397?hss_channel=tw-3330464153

17/03/2023 21:07:36

Huntress is tracking CVE-2023-23397, a 0-day that impacts Microsoft Outlook and requires no user interaction to expose user credential hashes.

Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation https://www.mandiant.com/resources/blog/fortinet-malware-ecosystem

17/03/2023 21:06:14

A suspected Chinese actor used a zero-day vulnerability in FortiOS and custom malware for espionage.

BatLoader Continues to Abuse Google Search Ads to Deliver… https://www.esentire.com/blog/batloader-continues-to-abuse-google-search-ads-to-deliver-vidar-stealer-and-ursnif

15/03/2023 21:53:30

Learn more about the BatLoader malware, how we detected the attack, and recommendations from our Threat Response Unit (TRU) to protect your business from…

Microsoft patches zero-days used by state-sponsored and ransomware threat actors (CVE-2023-23397, CVE-2023-24880) https://www.helpnetsecurity.com/2023/03/14/cve-2023-23397-cve-2023-24880/

14/03/2023 23:22:37

For March 2023 Patch Tuesday Microsoft has fixed 2 vulnerabilities actively exploited in the wild (CVE-2023-23397, CVE-2023-24880).

Ransomware Attacks Have Entered a ‘Heinous’ New Phase https://www.wired.com/story/ransomware-tactics-cancer-photos-student-records/

14/03/2023 22:58:12

With victims refusing to pay, cybercriminal gangs are now releasing stolen photos of cancer patients and sensitive student records.

Microsoft’s March 2023 Patch Tuesday Addresses 76 CVEs (CVE-2023-23397) https://www.tenable.com/blog/microsofts-march-2023-patch-tuesday-addresses-76-cves-cve-2023-23397

14/03/2023 22:50:06

Microsoft’s March 2023 Patch Tuesday Addresses 76 CVEs (CVE-2023-23397)Microsoft addresses 76 CVEs including two zero-days exploited in the wild, one of which was publicly disclosed.

CVE-2023-23415 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23415

14/03/2023 22:48:05

Ransomware Group Claims Hack of Amazon's Ring https://www.vice.com/en/article/qjvd9q/ransomware-group-claims-hack-of-amazons-ring

14/03/2023 19:47:22

The group is blackmailing Ring on its site: "There's always an option to let us leak your data," they posted.

Growing cyberattacks on Canada's food system threaten disaster https://financialpost.com/cybersecurity/growing--canada-food-system-threaten-disaster

14/03/2023 14:38:49

Canada's domestic food production system may actually be one of the most glaring cracks in Canada's national defences.
...
Attacking agricultural infrastructure has proven to be an effective part of the Russian playbook so far in its invasion of Ukraine. In June 2022, EU trade counsellor Maud Labat said Moscow has figured out how to wield food as a “geopolitical weapon.”

Prometei botnet improves modules and exhibits new capabilities in recent updates https://blog.talosintelligence.com/prometei-botnet-improves/

13/03/2023 20:51:59

The high-profile botnet, focused on mining cryptocurrency, is back with new Linux versions.

Rogue CyberSecurity Company Employee Tried To Sell Powerful, Stolen iPhone Malware For $50-Million https://josephsteinberg.com/rogue-cybersecurity-company-employee-tried-to-sell-powerful-stolen-iphone-malware-for-50-million/

13/03/2023 20:46:28

An employee of cyberweapon manufacturer, NSO Group, tried to sell advanced malware to unauthorized parties for $50-Million, according to an Israeli indictment unsealed last week against the individual in question. About two years ago, Herzliya-based NSO Group developed a powerful cyberweapon called Pegasus, which operated as malware that exploited three previously unknown vulnerabilities in iPhones […]

GoBruteforcer: Golang-Based Botnet Actively Harvests Web Servers https://unit42.paloaltonetworks.com/gobruteforcer-golang-botnet/

13/03/2023 20:01:14

New Golang-based malware we have dubbed GoBruteforcer targets web servers. Golang is becoming popular with malware programmers due to its versatility.

Czech cybersecurity office labels TikTok a security threat https://www.euractiv.com/section/politics/news/czech-cybersecurity-office-labels-tiktok-a-security-threat/

13/03/2023 12:02:09

The state cybersecurity watchdog issued an official warning and labelled the Chinese application TokTok as a threat, following in the footsteps of the US, the European Commission and Canada.

Ransomware gang posts video of data stolen from Minneapolis schools https://www.bleepingcomputer.com/news/security/ransomware-gang-posts-video-of-data-stolen-from-minneapolis-schools/

12/03/2023 19:01:01

The Medusa ransomware gang is demanding a $1,000,000 ransom from the Minneapolis Public Schools (MPS) district to delete data allegedly stolen in a ransomware attack.

Medusa ransomware gang picks up steam as it targets companies worldwide https://www.bleepingcomputer.com/news/security/medusa-ransomware-gang-picks-up-steam-as-it-targets-companies-worldwide/

12/03/2023 17:53:26

A ransomware operation known as Medusa has begun to pick up steam in 2023, targeting corporate victims worldwide with million-dollar ransom demands.

Liens par page

Filtres