Recherche : [EN] - Cyberveille

Dec0ne/KrbRelayUp: KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings). https://github.com/Dec0ne/KrbRelayUp

27/04/2022 10:54:45

KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings). - GitHub - Dec0ne/KrbRelayUp: KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).

Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/

27/04/2022 10:53:04

Microsoft has discovered several vulnerabilities, collectively referred to as Nimbuspwn, that could be chained together, allowing an attacker to elevate privileges to root on many Linux desktop endpoints. Leveraging Nimbuspwn as a vector for root access could allow attackers to achieve greater impact on vulnerable devices by deploying payloads and performing other malicious actions via arbitrary root code execution.

Kaspersky DDoS report, Q1 2022 https://securelist.com/ddos-attacks-in-q1-2022/106358/

26/04/2022 16:46:44

Against the backdrop of the conflict between Russia and Ukraine, the number of DDoS attacks in Q1 2022 increased by 4.5 times against Q1 2021. A significant proportion of them were by hacktivists.

Zero Tolerance: More Zero-Days Exploited in 2021 Than Ever Before https://www.mandiant.com/resources/zero-days-exploited-2021

24/04/2022 21:47:50

We identified 80 zero-days exploited in the wild in 2021, more than we've seen in any year.

LemonDuck botnet plunders Docker cloud instances in cryptocurrency crime wave https://www.zdnet.com/article/lemonduck-botnet-plunders-docker-cloud-instances-in-cryptocurrency-crime-wave/?taid=62650e16e7253e000130e7db

24/04/2022 10:59:54

Operators of the LemonDuck botnet are targeting Docker instances in a cryptocurrency mining campaign.

When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure https://www.microsoft.com/security/blog/2021/07/22/when-coin-miners-evolve-part-1-exposing-lemonduck-and-lemoncat-modern-mining-malware-infrastructure/

24/04/2022 10:58:21

In this two-part blog series, we expose a modern malware infrastructure and provide guidance for protecting against the wide range of threats it enables. Part 1 covers the evolution of the threat, how it spreads, and how it impacts organizations. Part 2 is a deep dive on the attacker behavior and will provide investigation guidance.

Securing Cloudflare Using Cloudflare https://blog.cloudflare.com/securing-cloudflare-using-cloudflare/

24/04/2022 10:24:54

When a new security threat arises — a publicly exploited vulnerability (like log4j) or the shift from corporate-controlled environments to remote work or a potential threat actor — it is the Security team’s job to respond to protect Cloudflare’s network, customers, and employees. And as security threats evolve, so should our defense system. Cloudflare is committed to bolstering our security posture with best-in-class solutions — which is why we often turn to our own products as any other Cloudflare customer would?

CVE-2022-21449: Psychic Signatures in Java https://neilmadden.blog/2022/04/19/psychic-signatures-in-java/

20/04/2022 13:17:22

The long-running BBC sci-fi show Doctor Who has a recurring plot device where the Doctor manages to get out of trouble by showing an identity card which is actually completely blank. Of course, this being Doctor Who, the card is really made out of a special "psychic paper", which causes the person looking at it…

The More You Know, The More You Know You Don’t Know https://googleprojectzero.blogspot.com/2022/04/the-more-you-know-more-you-know-you.html

20/04/2022 07:58:06

A Year in Review of 0-days Used In-the-Wild in 2021

Pegasus spyware found on 5 French cabinet members' phones https://www.intego.com/mac-security-blog/pegasus-spyware-found-on-5-french-cabinet-members-phones/

19/04/2022 16:55:09

A new report claims that telltale signs of Pegasus spyware have been identified on at least five current French cabinet ministers' mobile phones. The

CatalanGate: Extensive Mercenary Spyware Operation against Catalans Using Pegasus and Candiru https://citizenlab.ca/2022/04/catalangate-extensive-mercenary-spyware-operation-against-catalans-using-pegasus-candiru/

18/04/2022 15:27:16

The Citizen Lab, in collaboration with Catalan civil society groups, has identified at least 65 individuals targeted or infected with mercenary spyware, including members of the European Parliament, Catalan Presidents, legislators, jurists, and members of civil society organisations.

GitHub: Attacker breached dozens of orgs using stolen OAuth tokens https://www.bleepingcomputer.com/news/security/github-attacker-breached-dozens-of-orgs-using-stolen-oauth-tokens/

18/04/2022 09:45:06

GitHub revealed today that an attacker is using stolen OAuth user tokens (issued to Heroku and Travis-CI) to download data from private repositories.

Increased Enterprise Use of iOS, Mac Means More Malware https://www.bankinfosecurity.com/ios-mac-malware-grows-increased-enterprise-use-a-18792

16/04/2022 09:57:28

As use of Apple devices has grown in the enterprise, the company has increasingly become a target for malware threats and other attacks. ISMG spoke with experts and

Researcher uses 379-year-old algorithm to crack crypto keys found in the wild https://arstechnica.com/information-technology/2022/03/researcher-uses-600-year-old-algorithm-to-crack-crypto-keys-found-in-the-wild/

15/04/2022 10:35:16

It takes only a second to crack the handful of weak keys. Are there more out there?

Microsoft Zero-Days, Wormable Bugs Spark Concern https://threatpost.com/microsoft-zero-days-wormable-bugs/179273/

13/04/2022 16:10:01

For April Patch Tuesday, the computing giant addressed a zero-day under active attack and several critical security vulnerabilities, including three that allow self-propagating exploits.

Russia’s Sandworm hackers attempted a third blackout in Ukraine https://arstechnica.com/information-technology/2022/04/russias-sandworm-hackers-attempted-a-third-blackout-in-ukraine/

13/04/2022 09:00:34

The attack was the first in five years to use Sandworm's Industroyer malware.

RaidForums hacking forum seized by police, owner arrested https://www.bleepingcomputer.com/news/security/raidforums-hacking-forum-seized-by-police-owner-arrested/

13/04/2022 08:59:27

The RaidForums hacker forum, used mainly for trading and selling stolen databases, has been shut down and its domain seized by U.S. law enforcement during Operation TOURNIQUET, an action coordinated by Europol that involved law enforcement agencies in several countries.

Git security vulnerability announced https://github.blog/2022-04-12-git-security-vulnerability-announced/

13/04/2022 08:12:27

GitHub is unaffected by the vulnerabilities, but users should be aware of them and upgrade their local installation of Git.

The U.S. is using declassified intel to fight an info war with Russia, even when the intel isn't rock solid https://www.nbcnews.com/politics/national-security/us-using-declassified-intel-fight-info-war-russia-even-intel-isnt-rock-rcna23014

12/04/2022 17:45:04

The Biden administration has broken with precedent by using declassified intelligence in an information war against Russia — even intel that isn’t rock solid.

Industroyer2: Industroyer reloaded https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer-reloaded/

12/04/2022 15:38:40

ESET researchers have responded to a cyber-incident that affected an energy provider in Ukraine and involved ICS-capable malware called Industroyer2.

Liens par page

Filtres