Recherche : [2022] - Cyberveille

Large-scale Analysis of DNS-based Tracking Evasion - broad data leaks included? http://blog.lukaszolejnik.com/large-scale-analysis-of-dns-based-tracking-evasion-broad-data-leaks-included/

27/05/2022 10:55:08

User tracking technologies are ubiquitous on the web. In recent times web browsers try to fight abuses. This led to an arms race where new tracking and anti-tracking measures are being developed. The use of one of such evasion techniques, the CNAME cloaking technique is recently quickly gaining popularity. Our evidence indicates that the use of the CNAME scheme threatens web security and privacy systematically and in general

Exclusive: Russian hackers are linked to new Brexit leak website, Google says https://www.reuters.com/technology/exclusive-russian-hackers-are-linked-new-brexit-leak-website-google-says-2022-05-25/

26/05/2022 18:22:05

A new website that published leaked emails from several leading proponents of Britain's exit from the European Union is tied to Russian hackers, according to a Google cybersecurity official and the former head of UK foreign intelligence.

Guerre en Ukraine : Anonymous déclare la cyberguerre à Killnet, un collectif de hackers pro-russes https://www.20minutes.fr/high-tech/3295971-20220524-guerre-ukraine-anonymous-declare-cyberguerre-killnet-collectif-hackers-pro-russes

26/05/2022 16:55:22

En luttant contre le groupe Killnet, Anonymous espère réduire le nombre d'attaques en ligne portées par ce dernier à l'encontre des gouvernements de plusieurs pays membres de l'OTAN

Anonymous Declares Cyber War Against Pro-Russia Hacker Group Killnet https://www.hackread.com/anonymous-cyber-warfare-pro-russia-hacker-group-killnet/

26/05/2022 16:49:51

The Pro-Russia Hacker Group Killnet recently targeted European institutions, while Anonymous hackers are already claiming to have leaked its data.

New Zoom Flaws Could Let Attackers Hack Victims Just by Sending them a Message https://thehackernews.com/2022/05/new-zoom-flaws-could-let-attackers-hack.html

25/05/2022 08:13:54

Popular video conferencing service Zoom has resolved as many as four security vulnerabilities, which could be exploited to compromise another user over chat by sending specially crafted Extensible Messaging and Presence Protocol (XMPP) messages and execute malicious code.

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables https://blog.sonatype.com/pypi-package-ctx-compromised-are-you-at-risk

25/05/2022 06:59:04

This week, immensely popular PyPI package 'ctx' has been compromised and altered to steal environment variables from its users. Additionally, a forked PHP project 'phpass' also suffered a repo-hijacking attack with the project tained with identical malicious payload.

Remote Code Execution on Western Digital PR4100 NAS (CVE-2022-23121) https://research.nccgroup.com/2022/03/24/remote-code-execution-on-western-digital-pr4100-nas-cve-2022-23121/

24/05/2022 08:22:41

This blog post describes an unchecked return value vulnerability found and exploited in September 2021 by Alex Plaskett, Cedric Halbronn and Aaron Adams working at the Exploit Development Group (EDG) of NCC Group. We successfully exploited it at Pwn2Own 2021 competition in November 2021 when targeting the Western Digital PR4100.

Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices - Microsoft Security Blog https://www.microsoft.com/security/blog/2022/05/19/rise-in-xorddos-a-deeper-look-at-the-stealthy-ddos-malware-targeting-linux-devices/

23/05/2022 09:26:34

Observing a 254% increase in activity over the last six months from a versatile Linux trojan called XorDdos, the Microsoft 365 Defender research team provides in-depth analysis into this stealthy malware's capabilities and key infection signs.

CrateDepression | Rust Supply-Chain Attack Infects Cloud CI Pipelines with Go Malware https://www.sentinelone.com/labs/cratedepression-rust-supply-chain-attack-infects-cloud-ci-pipelines-with-go-malware/

23/05/2022 09:03:56

Software developers using GitLab CI are being targeted with malware through a typosquatting attack, putting downstream users at risk.

Protecting Android users from 0-Day attacks https://blog.google/threat-analysis-group/protecting-android-users-from-0-day-attacks/

22/05/2022 16:26:48

To protect our users, Google’s Threat Analysis Group (TAG) routinely hunts for 0-day vulnerabilities exploited in-the-wild. In 2021, we reported nine 0-days affecting Chrome, Android, Apple and Microsoft, leading to patches to protect users from these attacks.

The IO Offensive: Information Operations Surrounding the Russian Invasion of Ukraine https://www.mandiant.com/resources/information-operations-surrounding-ukraine

21/05/2022 22:51:07

New Mandiant research detailing the various IO activities seen by nation-state actors, resulting from the Russian invasion of Ukraine.

Canada bans Huawei and ZTE from 5G networks over security concerns https://www.bleepingcomputer.com/news/security/canada-bans-huawei-and-zte-from-5g-networks-over-security-concerns/

21/05/2022 22:26:31

The Government of Canada announced its intention to ban the use of Huawei and ZTE telecommunications equipment and services across the country's 5G and 4G networks.

Policy Statement – Securing Canada’s Telecommunications System https://www.canada.ca/en/innovation-science-economic-development/news/2022/05/policy-statement--securing-canadas-telecommunications-system.html

21/05/2022 22:25:38

The Government of Canada has serious concerns about suppliers such as Huawei and ZTE who could be compelled to comply with extrajudicial directions from foreign governments in ways that would conflict with Canadian laws or would be detrimental to Canadian interests.

Fears grow for smaller nations after ransomware attack on Costa Rica escalates https://techcrunch.com/2022/05/20/costa-rica-ransomware-attack/

21/05/2022 09:57:07

The Russia-linked ransomware gang demanded $20 million in ransom — and the overthrow of Costa Rica's elected government. Where does that leave smaller, equally vulnerable nation states?

President Rodrigo Chaves says Costa Rica is at war with Conti hackers https://www.bbc.com/news/technology-61323402?s=09

20/05/2022 12:43:54

The president of Costa Rica says his country is "at war", as cyber-criminals cause major disruption to IT systems of numerous government ministries.
Rodrigo Chaves said hackers infiltrated 27 government institutions, including municipalities and state-run utilities.

Exploiting an Unbounded memcpy in Parallels Desktop https://blog.ret2.io/2022/05/19/pwn2own-2021-parallels-desktop-exploit/

20/05/2022 11:15:52

This post details the development of a guest-to-host virtualization escape for Parallels Desktop on macOS, as used in our successful Pwn2Own 2021 entry. Give...

KillNet: Pro-Russian Hacktivists. https://cyberknow.medium.com/killnet-pro-russian-hacktivists-e916ac7201a3

20/05/2022 11:14:27

The following is a closer look at one of the most active Pro-Russian ‘hacktivist’ groups currently operating during the Ukraine-Russia war…

Killnet Cyber Attacks Against Italy and NATO Countries https://sysdig.com/blog/killnet-italy-and-nato/

20/05/2022 09:45:15

The hacker group Killnet claimed the attacks against Italy. How it's possible to detect the activities of the Mirai botnet used through Falco

New 'Smart' Cheese Rinds Help Fight Parmesan Fraud https://www.foodandwine.com/news/parmigiano-reggiano-fraud-micro-transponder-rinds-digital-label

19/05/2022 09:24:44

Parmigiano Reggiano has used tracking codes for two decades, but now they are going high tech.

Le Centre national pour la cybersécurité deviendra un office fédéral https://www.admin.ch/gov/fr/accueil/documentation/communiques/communiques-conseil-federal.msg-id-88878.html

19/05/2022 09:06:00

Décisions, communications et avis du Conseil fédéral. Les décisions prises par le Conseil fédéral lors de sa séance hebdomadaire sont publiées ici.

Liens par page

Filtres