Cyberveille

A Noteworthy Threat: How Cybercriminals are Abusing OneNote https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/a-noteworthy-threat-how-cybercriminals-are-abusing-onenote-part-1/

08/03/2023 21:34:33

Threat actors are taking advantage of Microsoft OneNote's ability to embed files and use social engineering techniques, such as phishing emails and lures inside the OneNote document, to get unsuspecting users to download and open malicious files.

CVE-2023-27532 https://www.veeam.com/kb4424?s=09

08/03/2023 19:14:41

Vulnerability CVE-2023-27532 in a Veeam Backup & Replication component allows an unauthenticated user operating within the backup infrastructure network perimeter to obtain encrypted credentials stored in the configuration database. This may lead to an attacker gaining access to the backup infrastructure hosts.

Acer Breached, Hacker Selling Access to 160GB of Stolen Data https://www.pcmag.com/news/acer-breached-hacker-selling-access-to-160gb-of-stolen-data

08/03/2023 10:35:34

The hacker claims the stolen data includes confidential presentations from Acer, along with software files for the company's PC products. Acer says consumer data was not breached.

Sony's Legal Attack on Quad9, Censorship, and Freedom of Speech https://quad9.net/news/blog/sony-s-legal-attack-on-quad9-censorship-and-freedom-of-speech/

08/03/2023 10:30:09

A potentially precedent-setting legal case involving Sony Music and Quad9 may endanger internet freedom of speech and allow unchecked content censorship.

Meta’s LLaMA Leaked to the Public, Thanks To 4chan https://analyticsindiamag.com/metas-llama-leaked-to-the-public-thanks-to-4chan/

08/03/2023 10:27:40

LLaMA, Meta’s latest family of large language models, has been leaked along with its weights and is now available to download through torrents

Sudoedit can edit arbitrary files https://www.sudo.ws/security/advisories/sudoedit_any/

07/03/2023 10:23:35

A flaw in exists in sudo’s -e option (aka sudoedit) that allows a malicious user with sudoedit privileges to edit arbitrary files.
Sudo versions affected: Sudo versions 1.8.0 through 1.9.12p1 inclusive are affected. Versions of sudo prior to 1.8.0 construct the argument vector differently and are not affected.
CVE ID: This vulnerability has been assigned CVE-2023-22809 in the Common Vulnerabilities and Exposures database.
Details: When invoked as sudo -e or sudoedit, sudo can be used to edit privileged files while running the editor as an unprivileged user.

PoC exploit for recently patched Microsoft Word RCE is public (CVE-2023-21716) https://www.helpnetsecurity.com/2023/03/06/cve-2023-21716-poc/

07/03/2023 08:28:32

A PoC exploit for CVE-2023-21716, a critical RCE vulnerability in Microsoft Word that can be exploited when the user previews a specially crafted RTF document, is now publicly available.

Germany and Ukraine hit two high-value ransomware targets https://www.europol.europa.eu/media-press/newsroom/news/germany-and-ukraine-hit-two-high-value-ransomware-targets?mtm_campaign=newsletter

06/03/2023 19:28:27

This ransomware appeared in 2019, when cybercriminals started using it to launch attacks against organisations and critical infrastructure and industries. Based on the BitPaymer ransomware and part of the Dridex malware family, DoppelPaymer used a unique tool capable of compromising defence mechanisms by terminating the security-related process of the attacked systems. The DoppelPaymer attacks were enabled by the prolific EMOTET...

We Found 28,000 Apps Sending Data to TikTok. A Ban Won't Help. https://gizmodo.com/tiktok-ban-joe-biden-28000-apps-sdk-data-china-1850174019

05/03/2023 12:06:06

TikTok’s software development kits could undermine Joe Biden's order to stop internet traffic flowing from federal employees' phones to TikTok within 30 days.

PyPi Packages Deliver Python Remote Access Tools https://www.kroll.com/en/insights/publications/cyber/pypi-packages-deliver-python-remote-access-tools

03/03/2023 16:01:02

While researching initial attack vectors, the Kroll Cyber Threat Intelligence team identified a fully featured information stealer and remote access tool in the python package index that could lead to an intensified threat landscape. Read more.

Credit Suisse breach spills info of high-net-worth clients https://nypost.com/2023/03/02/credit-suisse-breach-spills-info-of-high-net-worth-clients/

03/03/2023 08:56:30

Credit Suisse is telling its clients that sensitive personal information including social security identification and contact details has been compromised.

Biden National Cyber Strategy Seeks to Hold Software Firms Liable for Insecurity https://www.wsj.com/articles/biden-national-cyber-strategy-seeks-to-hold-software-firms-liable-for-insecurity-67c592d6?mod=panda_wsj_author_alert

03/03/2023 08:52:23

Markets have imposed “inadequate costs” on companies that build vulnerable technology, it says.

FACT SHEET: Biden-Harris Administration Announces National Cybersecurity Strategy https://www.whitehouse.gov/briefing-room/statements-releases/2023/03/02/fact-sheet-biden-harris-administration-announces-national-cybersecurity-strategy/

03/03/2023 08:36:52

Read the full strategy here Today, the Biden-Harris Administration released the National Cybersecurity Strategy to secure the full benefits of a safe and secure digital ecosystem for all Americans. In this decisive decade, the United States will reimagine cyberspace as a tool to achieve our goals in a way that reflects our values: economic security…

PDF document

How cybercriminals attack young gamers https://www.kaspersky.com/blog/threats-in-kids-gaming-worlds/

03/03/2023 08:29:22

What cyberthreats target young gamers? An overview of the most well-spread child threats in virtual gaming worlds.

BlackLotus UEFI bootkit: Myth confirmed https://www.welivesecurity.com/2023/03/01/blacklotus-uefi-bootkit-myth-confirmed/

02/03/2023 08:07:20

ESET researchers are the first to publish an analysis of BlackLotus, the first in-the-wild UEFI bootkit capable of bypassing UEFI Secure Boot.

West ill-prepared to deal with evolving cyber threats, report concludes https://www.cardiff.ac.uk/news/view/2699454-west-ill-prepared-to-deal-with-evolving-cyber-threats,-report-concludes

01/03/2023 21:38:48

Hacking and disinformation operation has continued to expand its activity, despite separate interventions in several European countries
PDF

TCG TPM2.0 implementations vulnerable to memory corruption https://kb.cert.org/vuls/id/782720

01/03/2023 21:19:29

Two buffer overflow vulnerabilities were discovered in the Trusted Platform Module (TPM) 2.0 reference library specification, currently at Level 00, Revision 01.59 November 2019. An attacker who has access to a TPM-command interface can send maliciously-crafted commands to the module and trigger these vulnerabilities. This allows either read-only access to sensitive data or overwriting of normally protected data that is only available to the TPM (e.g., cryptographic keys).

Iron Tiger’s SysUpdate Reappears, Adds Linux Targeting https://www.trendmicro.com/en_us/research/23/c/iron-tiger-sysupdate-adds-linux-targeting.html

01/03/2023 21:10:36

We detail the update that advanced persistent threat (APT) group Iron Tiger made on the custom malware family SysUpdate. In this version, we also found components that enable the malware to compromise Linux systems.

Hunting for Honkbox | Multistage macOS Cryptominer May Still Be Hiding https://www.sentinelone.com/blog/hunting-for-honkbox-multistage-macos-cryptominer-may-still-be-hiding/

01/03/2023 21:07:29

A cryptominer that uses the Invisible Internet protocol, Honkbox variants could still be evading some detection solutions.

Lumma Stealer targets YouTubers via Spear-phishing Email | by S2W | S2W BLOG | Feb, 2023 | Medium https://medium.com/s2wblog/lumma-stealer-targets-youtubers-via-spear-phishing-email-ade740d486f7

01/03/2023 20:57:15

Lumma Stealer sellers use the name “LummaC” on an underground forum called XSS, which is based in Russia. The seller has been actively promoting the malware since April 2022. In August of that year…

Liens par page

Filtres