Analysis of a zero-day vulnerability in MOVEit Transfer, and containment and hardening guidance.
"Operation Triangulation" stole mic recordings, photos, geolocation, and more.
Code-signing certificates are supposed to help authenticate the identity of software publishers, and provide cryptographic assurance that a signed piece of software has not been altered or tampered with. Both of these qualities make stolen or ill-gotten code-signing certificates attractive…
Hi all, Today we have very big and important news. Kaspersky experts have discovered an extremely complex, professionally targeted cyberattack that uses Apple’s mobile devices. The purpose of this attack is the inconspicuous introduction of spyware into the iPhones of employees of the company – both top and middle-management. The attack is carried out using
In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Quinton Crist, Guy Lederfein, and Lucas Miller of the Trend Micro Research Team detail a recently patched remote code execution vulnerability in the Microsoft Network File Service (NFS). This bug was originally dis
A threat actor known as Spyboy is promoting a Windows defense evasion tool called
Hidden code in hundreds of models of Gigabyte motherboards invisibly and insecurely downloads programs—a feature ripe for abuse, researchers say.
On May 21, 2023, an online persona named spyboy began advertising an endpoint defense evasion tool for the Windows operating system via the Russian-language forum Ramp. The author claims that the software — seen in a demonstration video as being titled “Terminator” — can bypass twenty three (23) EDR and AV controls. At time of writing, spyboy is pricing the software from $300 USD (single bypass) to $3,000 USD (all-in-one bypass).
Endpoint Detection & Response systems (EDR),
delivered by in-house teams or as part of a managed
service, are a feature of modern intrusion detection
and remediation operations. This success is a problem
for attackers, and malicious actors have worked to
find new ways to evade EDR detection capabilities.
A group of Iranian dissidents, self-described as “GhyamSarnegouni” (meaning "Rise to Overthrow" in Farsi), has claimed responsibility for taking control
A database for the notorious RaidForums hacking forums has been leaked online, allowing threat actors and security researchers insight into the people who frequented the forum.
Trois étudiants avaient fait chanter les responsables du pôle universitaire. Ils ont été interpellés par la police judiciaire avant d’être présentés à un juge d’instruction.
The huge profits of ransomware have led to a rapid evolution and professionalization of the wider cyber crime industry, and the rapid growth of a supporting underground marketplace of products and service providers.
All you need to know about Qilin ransomware and its operations targeting critical sectors.
Group-IB’s Threat Intelligence team infiltrated the Qilin ransomware group in March 2023 and now can reveal inside information about this RaaS program. The blog provides recommendations on how to prevent Qilin’s attacks and will be useful for threat intelligence experts, threat hunters, and corporate cybersecurity teams.
A total 761 people had sensitive personal data hacked during a cyberattack on the education department of the Swiss city of Basel.
ABB recently became aware of an IT security incident that impacted certain ABB systems. ABB started an investigation, retained leading experts, notified certain law enforcement and data protection authorities, and implemented measures to contain and assess the incident. The incident has now been successfully contained.
Tesla a été confronté à une fuite de données très sensibles. Non seulement les rémunérations et les adresses privées de collaborateurs ont été révélées, mais surtout des dysfonctionnements sur la conduite autonome des voitures Tesla.
The Dig research team reveals recently discovered critical vulnerability in GCP CloudSQL service that lead to internal container access and data exposure
Researchers have devised a low-cost smartphone attack that cracks the authentication fingerprint used to unlock the screen and perform other sensitive actions on a range of Android devices in as little as 45 minutes.
