Recherche : [2022] - Cyberveille

MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone https://www.microsoft.com/security/blog/2022/08/24/magicweb-nobeliums-post-compromise-trick-to-authenticate-as-anyone/

24/08/2022 19:56:03

Microsoft security researchers have discovered a post-compromise capability we’re calling MagicWeb, which is used by a threat actor we track as NOBELIUM to maintain persistent access to compromised environments.

Legitimate SaaS Platforms Being Used to Host Phishing Attacks https://unit42.paloaltonetworks.com/platform-abuse-phishing/

24/08/2022 15:56:47

Platform-abuse phishing is on the rise. We analyze how attackers use services such as website builders to host phishing pages.

XCSSET Malware Update | macOS Threat Actors Prepare for Life Without Python https://www.sentinelone.com/blog/xcsset-malware-update-macos-threat-actors-prepare-for-life-without-python/

23/08/2022 18:06:06

New domains and new behavioral indicators, but malware authors stick to tried and tested architecture despite Apple’s updates.

Vulnerability in Linux containers – investigation and mitigation https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/

23/08/2022 16:35:39

Operating system access controls, that constrain which programs can open which files, have existed for almost as long as computers themselves. Access controls are still widely used and are more flexible and efficient when compared to cryptographically protecting files. Despite the long history, ther

Break me out of sandbox in old pipe - CVE-2022-22715 Windows Dirty Pipe https://whereisk0shl.top/post/break-me-out-of-sandbox-in-old-pipe-cve-2022-22715-windows-dirty-pipe

23/08/2022 11:23:05

In February 2022, Microsoft patched the vulnerability I used in TianfuCup 2021 for escaping Adobe Reader sandbox, assigned CVE-2022-22715. The vulnerability existed in Named Pipe File System nearly 10 years since the AppContainer was born. We called it "Windows Dirty Pipe".
In this article, I will share the root cause and exploitation of Windows Dirty Pipe. So let's start our journey.

A Dad Took Photos of His Naked Toddler for the Doctor. Google Flagged Him as a Criminal. https://www.nytimes.com/2022/08/21/technology/google-surveillance-toddler-photo.html

22/08/2022 14:27:13

Google has an automated tool to detect abusive images of children. But the system can get it wrong, and the consequences are serious.

THREAT ANALYSIS REPORT: Bumblebee Loader – The High Road to Enterprise Domain Control https://www.cybereason.com/blog/threat-analysis-report-bumblebee-loader-the-high-road-to-enterprise-domain-control

22/08/2022 14:23:16

Cybereason GSOC observed distribution of the Bumblebee Loader and post-exploitation activities including privilege escalation, reconnaissance and credential theft. Bumblebee operators use the Cobalt Strike framework throughout the attack and abuse credentials for privilege escalation to access Active Directory, as well as abusing a domain administrator account to move laterally, create local user accounts and exfiltrate data...

Ransomware Group Claims Access to SCADA in Confusing UK Water Company Hack https://www.securityweek.com/ransomware-group-claims-access-scada-confusing-uk-water-company-hack

21/08/2022 19:20:29

A ransomware group has hit at least one water company in the United Kingdom, but there is some confusion over whose systems were actually breached.

Fake DDoS Pages On WordPress Sites Lead to Drive-By-Downloads https://blog.sucuri.net/2022/08/fake-ddos-pages-on-wordpress-lead-to-drive-by-downloads.html

21/08/2022 10:37:25

We reveal how hackers have begun leveraging fake DDoS protection pages to trick users into downloading remote access trojans (RATs) onto their computers.

Lloyd’s to Exclude Catastrophic Nation-Backed Cyberattacks From Insurance Coverage https://www.wsj.com/articles/lloyds-to-exclude-catastrophic-nation-backed-cyberattacks-from-insurance-coverage-11660861586

20/08/2022 17:31:26

Lloyd’s of London will require its insurer groups globally to exclude catastrophic state-backed hacks from stand-alone cyber insurance policies starting next year.

CVE-2022-27925 https://attackerkb.com/topics/dSu4KGZiFd/cve-2022-27925/rapid7-analysis

20/08/2022 17:29:04

On May 10, 2022, Zimbra released versions 9.0.0 patch 24 and 8.8.15 patch 31 to address multiple vulnerabilities in Zimbra Collaboration Suite, including CVE-2…

Overview of the Cyber Weapons Used in the Ukraine https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/overview-of-the-cyber-weapons-used-in-the-ukraine-russia-war/

19/08/2022 09:58:30

Observing the ongoing conflict between Russia and Ukraine, we can clearly see that cyberattacks leveraging malware are an important part of modern hybrid war strategy.

Bypass phishing detections with Google Translate https://certitude.consulting/blog/en/bypass-phishing-detections-with-google-translate-2/

19/08/2022 09:52:00

A new wave of phishing is currently circulating (a related story from derstandard.at newspaper can be found here). Documents are said to have been sent to you from a scanner, which you can allegedly download, as can be seen in the following image

Making Sense of the Killnet, Russia’s Favorite Hacktivists https://www.linkedin.com/pulse/making-sense-killnet-russias-favorite-hacktivists-flashpoint-intel

19/08/2022 09:42:43

Killnet makes three announcements The past month seemed to be a turning point for the pro-Russian hacktivist group “Killnet”—and it was very eager to tell the world about it. First, on July 27, “Killmilk”—the founder and the head of the group who led its transformation from a DDoS-for-hire outlet i

Disrupting SEABORGIUM’s ongoing phishing operations https://www.microsoft.com/security/blog/2022/08/15/disrupting-seaborgiums-ongoing-phishing-operations/

18/08/2022 15:43:50

The Microsoft Threat Intelligence Center (MSTIC) has observed and taken actions to disrupt campaigns launched by SEABORGIUM in campaigns involve persistent phishing and credential theft campaigns leading to intrusions and data theft.

Operation In(ter)ception: Aerospace and military companies in the crosshairs of cyberspies | WeLiveSecurity https://www.welivesecurity.com/2020/06/17/operation-interception-aerospace-military-companies-cyberspies/

18/08/2022 08:58:19

ESET research uncovers attacks against several high-profile aerospace and military companies in Europe and the Middle East, with several hints suggesting a possible link to the Lazarus group.

North Korean hackers use signed macOS malware to target IT job seekers https://www.bleepingcomputer.com/news/security/north-korean-hackers-use-signed-macos-malware-to-target-it-job-seekers/

18/08/2022 08:54:14

North Korean hackers from the Lazarus group have been using a signed malicious executable for macOS to impersonate Coinbase and lure in employees in the financial technology sector.

An inside view of domain anonymization as-a-service https://medium.com/csis-techblog/inside-view-of-brazzzersff-infrastructure-89b9188fd145

17/08/2022 14:47:33

One, if not the main, challenge with producing good intelligence is to have access to the right information at the right moment. The right telemetry from the right angle helps you to detect and dig…

The Return of LOIC, HOIC, HULK, and Slowloris to the Threat Landscape https://blog.radware.com/security/2022/08/the-return-of-loic-hoic-hulk-and-slowloris/

17/08/2022 13:03:07

CHARGING MY LASER! Since the first quarter of 2022, there has been a significant increase in hacktivism worldwide.

DigitalOcean says customer email addresses were exposed after latest Mailchimp breach – TechCrunch https://techcrunch.com/2022/08/16/digitalocean-emails-mailchimp-breach/

17/08/2022 12:45:34

Cloud giant DigitalOcean says that some customers’ email addresses were exposed because of a recent “security incident” at email marketing company Mailchimp. In a scant blog post dated August 12, just two days after the company’s co-founder and long-time CEO Ben Chestnut stepped down, Mailchimp said a recent but undated attack saw threat actors targeting […]

Liens par page

Filtres