Cyberveille

Charting TA2541's Flight https://www.proofpoint.com/us/blog/threat-insight/charting-ta2541s-flight

15/02/2022 11:43:09

Minaccia Malware prende di mira il settore dell'aviazione e dell'industria aerospaziale https://www.ictsecuritymagazine.com/notizie/minaccia-malware-prende-di-mira-il-settore-dellaviazione-e-dellindustria-aerospaziale/

15/02/2022 11:40:44

I ricercatori di Proofpoint hanno rilevato TA2541, un attore di minaccia persistente che da anni prende di mira i settori di aviazione, industria

Dropping Files on a Domain Controller Using CVE-2021-43893 https://www.rapid7.com/blog/post/2022/02/14/dropping-files-on-a-domain-controller-using-cve-2021-43893/

15/02/2022 11:35:00

On December 14, 2021, during the Log4Shell chaos, Microsoft published CVE-2021-43893, a remote privelege escalation vulnerability affecting Windows EFS.

PrivateLoader to Anubis Loader. By: Jason Reaves and Joshua Platt https://medium.com/walmartglobaltech/privateloader-to-anubis-loader-55d066a2653e

15/02/2022 11:33:10

Intel471 released a report[1] on a loader system being leveraged for distribution of various crimeware malware families: The report mentioned an administrator panel located on the main command and…

PrivateLoader: The first step in many malware schemes https://intel471.com/blog/privateloader-malware

15/02/2022 11:31:39

A full technical breakdown of a prolific pay-per-install service.

Safari Flaws Exposed Webcams, Online Accounts, and More https://www.wired.com/story/safari-flaws-webcam-online-accounts-mic/

15/02/2022 10:39:40

Apple awarded a $100,500 bug bounty to the researcher who discovered the latest major vulnerability in its browser.

Webcam Hacking (again) - Safari UXSS https://www.ryanpickren.com/safari-uxss

15/02/2022 10:38:37

$100,500 Apple Bug Bounty for hacking the webcam via a Safari Universal Cross-Site Scripting (UXSS) bug. CVE-2021-30861, CVE-2021-30975

Objective-See's Blog https://objective-see.com/blog/blog_0x6D.html

15/02/2022 10:35:30

Analyzing OSX.DazzleSpy
A fully-featured cyber-espionage macOS implant

Analyzing a watering hole campaign using macOS exploits https://blog.google/threat-analysis-group/analyzing-watering-hole-campaign-using-macos-exploits/

15/02/2022 10:33:08

To protect our users, TAG routinely hunts for 0-day vulnerabilities exploited in-the-wild. In late August 2021, TAG discovered watering hole attacks targeting visitors to Hong Kong websites for a media outlet and a prominent pro-democracy labor and political group. The watering hole served an XNU privilege escalation vulnerability (CVE-2021-30869) unpatched in macOS Catalina, which led to the installation of a previously unreported backdoor.

Watering hole deploys new macOS malware, DazzleSpy, in Asia https://www.welivesecurity.com/2022/01/25/watering-hole-deploys-new-macos-malware-dazzlespy-asia/

15/02/2022 10:30:34

The website of a Hong Kong pro-democracy radio station was compromised to serve a Safari exploit that installed cyberespionage malware on visitors’ Macs.

SysJoker : un malware pour macOS, Windows et Linux qui opère discrètement depuis des mois https://www.macg.co/macos/2022/01/sysjoker-un-malware-pour-macos-windows-et-linux-qui-opere-discretement-depuis-des-mois-126671

15/02/2022 10:27:08

Un inquiétant cheval de Troie très discret et multiplateformes vient d'être repéré. Baptisé SysJoker et mis en lumière par la firme de sécurité Intezer, il peut cibler autant Windows, Linux que macOS. Pire encore, celui-ci passait sous les radars des antivirus depuis un bout de temps. Les versions Linux et macOS n'étaient jusqu'à présent pas du tout détectées par des sites

Backdoor RAT for Windows, macOS, and Linux went undetected until now | Ars Technica https://arstechnica.com/information-technology/2022/01/backdoor-for-windows-macos-and-linux-went-undetected-until-now/

15/02/2022 10:22:27

Never-before-seen, cross-platform SysJoker came from an "advanced threat actor."

New SysJoker Backdoor Targets Windows, Linux, and macOS https://www.intezer.com/blog/malware-analysis/new-backdoor-sysjoker/

15/02/2022 10:20:18

In December 2021, we discovered a new multi-platform backdoor that targets Windows, Mac, and Linux that we have named SysJoker.

SysJoker analyzing the first (macOS) malware of 2022! https://objective-see.com/blog/blog_0x6C.html

15/02/2022 10:18:34

Earlier today (January 11th), Researchers at Intezer published an report titled, “New SysJoker Backdoor Targets Windows, Linux, and macOS.”

In this report, they detailed a new cross-platform backdoor they named SysJoker. Though initially discovered on Linux, the Intezer researchers shortly thereafter also found both Windows and Mac versions:

"SysJoker was first discovered during an active attack on a Linux-based web server of a leading educational institution. After further investigation, we found that SysJoker also has Mach-O and Windows PE versions." -Intezer

Google Docs Comment Exploit Allows for Distribution of Phishing and Malware https://www.avanan.com/blog/google-docs-comment-exploit-allows-for-distribution-of-phishing-and-malware

15/02/2022 10:06:51

An exploit in the Google Docs comment feature allows hackers to easily spread malware and phishing.

Can You Trust a File’s Digital Signature? New Zloader Campaign exploits Microsoft’s Signature Verification putting users at risk https://research.checkpoint.com/2022/can-you-trust-a-files-digital-signature-new-zloader-campaign-exploits-microsofts-signature-verification-putting-users-at-risk/

15/02/2022 10:03:30

Last seen in August 2021, Zloader, a banking malware designed to steal user credentials and private information, is back with a simple yet sophisticated infection chain. Previous Zloader campaigns, which were seen in 2020, used malicious documents, adult sites and Google ads to infect systems.
Evidence of the new campaign was first seen around early November 2021. The techniques incorporated in the infection chain include the use of legitimate remote management software (RMM) to gain initial access to the target machine.

iPhone flaw exploited by second Israeli spy firm-sources https://www.reuters.com/technology/exclusive-iphone-flaw-exploited-by-second-israeli-spy-firm-sources-2022-02-03/

14/02/2022 13:26:45

A flaw in Apple's software exploited by Israeli surveillance firm NSO Group to break into iPhones in 2021 was simultaneously abused by a competing company, according to five people familiar with the matter.

Israelis didn’t care about NSO and Pegasus – until this scandal https://www.haaretz.com/israel-news/.premium-israelis-didn-t-care-about-nso-and-pegasus-until-this-scandal-1.10595417

14/02/2022 13:24:27

A series of reports into how the Israeli police spied on their own citizens has finally grabbed everyone’s attention – and nowhere more so than among Benjamin Netanyahu’s loyal followers

Le piratage d'une société américaine a des conséquences en Suisse https://www.blick.ch/fr/news/monde/attaque-de-rancongiciel-le-piratage-dune-societe-americaine-a-des-consequences-en-suisse-id17233928.html

14/02/2022 11:08:32

La société américaine iBasis a subi une attaque informatique ces derniers jours. Elle pourrait être utilisée comme transporteur de données appartenant à des opérateurs suisses.

Critical Vulnerabilities in PHP Everywhere Allow Remote Code Execution https://www.wordfence.com/blog/2022/02/critical-vulnerabilities-in-php-everywhere-allow-remote-code-execution/

14/02/2022 08:45:04

On January 4, 2022, the Wordfence Threat Intelligence team began the responsible disclosure process for several Remote Code Execution vulnerabilities in PHP Everywhere, a WordPress plugin installed on over 30,000 websites. One of these vulnerabilities allowed any authenticated user of any level, even subscribers and customers, to execute code on a site with the plugin ...Read More

Liens par page

Filtres