Recherche : [EN] - Cyberveille

Ransomware gang leaks stolen Scottish healthcare patient data in extortion bid https://therecord.media/healthcare-ransomware-data-breach-nhs-scotland

29/03/2024 14:55:55

A cybercrime group has published information stolen from NHS Dumfries and Galloway.

AI bots hallucinate software packages and devs download them https://www.theregister.com/2024/03/28/ai_bots_hallucinate_software_packages/

29/03/2024 10:27:01

Not only that but someone, having spotted this reoccurring hallucination, had turned that made-up dependency into a real one, which was subsequently downloaded and installed thousands of times by developers as a result of the AI's bad advice, we've learned. If the package was laced with actual malware, rather than being a benign test, the results could have been disastrous.

Cybercriminals Transform Raspberry Pi into a Tool for Fraud and Anonymization: GEOBOX Discovery https://www.resecurity.com/blog/article/cybercriminals-transform-raspberry-pi-into-a-tool-for-fraud-and-anonymization-geobox-discovery?ref=news.risky.biz

29/03/2024 10:26:20

Decade-old Linux ‘wall’ bug helps make fake SUDO prompts, steal passwords https://www.bleepingcomputer.com/news/security/decade-old-linux-wall-bug-helps-make-fake-sudo-prompts-steal-passwords/

28/03/2024 22:50:21

A vulnerability has been discovered in the 'util-linux' library that could allow unprivileged users to put arbitrary text on other users' terminals using the 'wall' command.

PyPI halted new users and projects while it fended off supply-chain attack https://arstechnica.com/security/2024/03/pypi-halted-new-users-and-projects-while-it-fended-off-supply-chain-attack/

28/03/2024 22:45:47

Automation is making attacks on open source code repositories harder to fight.

Jeffrey Epstein's Island Visitors Exposed by Data Broker https://www.wired.com/story/jeffrey-epstein-island-visitors-data-broker-leak/

28/03/2024 19:24:13

A WIRED investigation uncovered coordinates collected by a controversial data broker that reveal sensitive information about visitors to an island once owned by Epstein, the notorious sex offender.

Diving Deeper into AI Package Hallucinations https://www.lasso.security/blog/ai-package-hallucinations

28/03/2024 19:07:30

Lass Security's recent research on AI Package Hallucinations extends the attack technique to GPT-3.5-Turbo, GPT-4, Gemini Pro (Bard), and Coral (Cohere).

Lighter Ransomware Locks Users Out of System https://blog.sonicwall.com/en-us/2024/03/lighter-ransomware-locks-users-out-of-system/

28/03/2024 15:26:57

Overview This week, the Sonicwall Capture Labs threat research team analyzed a ransomware calling itself Lighter Ransomware. Upon execution, it opens up a window with a countdown timer instructing the victim to reach out immediately […]

US offers $10 million bounty for info on 'Blackcat' hackers who hit UnitedHealth https://www.reuters.com/technology/cybersecurity/us-offers-10-million-bounty-info-blackcat-hackers-who-hit-unitedhealth-2024-03-27/

28/03/2024 14:53:41

The U.S. State Department on Wednesday offered up to $10 million for information on the "Blackcat" ransomware gang who hit the UnitedHealth Group's tech unit and snarled insurance payments across America.
"The ALPHV Blackcat ransomware-as-a-service group compromised computer networks of critical infrastructure sectors in the United States and worldwide," the department said in a statement announcing the reward offer.

As Threats in Space Mount, U.S. Lags in Protecting Key Services https://www.nytimes.com/2024/03/28/world/asia/as-threats-in-space-mount-us-lags-in-protecting-key-services.html

28/03/2024 12:27:07

The United States and China are locked in a new race, in space and on Earth, over a fundamental resource: time itself.

And the United States is losing.

Global positioning satellites serve as clocks in the sky, and their signals have become fundamental to the global economy — as essential for telecommunications, 911 services and financial exchanges as they are for drivers and lost pedestrians.

Stealing Clouds https://www.reuters.com/investigates/special-report/china-cyber-cloudhopper/?ref=news.risky.biz

28/03/2024 10:08:24

Reuters shows how Chinese hackers invaded myriad global companies, exposing entrenched weaknesses in Western cyber defenses.

Seven Hackers Associated with Chinese Government Charged with Computer Intrusions Targeting Perceived Critics of China and U.S. Businesses and Politicians https://www.justice.gov/opa/pr/seven-hackers-associated-chinese-government-charged-computer-intrusions-targeting-perceived

28/03/2024 10:06:21

Defendants Operated as Part of the APT31 Hacking Group in Support of China’s Ministry of State Security’s Transnational Repression, Economic Espionage and Foreign Intelligence Objectives

Out of the shadows - ’darcula’ iMessage and RCS smishing attacks target USPS and global postal services https://www.netcraft.com/blog/darcula-smishing-attacks-target-usps-and-global-postal-services/

28/03/2024 09:02:01

Chinese-language Phishing-as-a-Service platform ‘darcula’ targets organizations in 100+ countries with sophisticated techniques using more than 20,000 phish ...

Thousands of servers hacked in ongoing attack targeting Ray AI framework https://arstechnica.com/security/2024/03/thousands-of-servers-hacked-in-ongoing-attack-targeting-ray-ai-framework/?comments=1&comments-page=1

28/03/2024 00:21:11

Researchers say it's the first known in-the-wild attack targeting AI workloads.

Flipping Pages: An analysis of a new Linux vulnerability in nf_tables and hardened exploitation techniques https://pwning.tech/nftables/

27/03/2024 22:51:32

A tale about exploiting KernelCTF Mitigation, Debian, and Ubuntu instances with a double-free in nf_tables in the Linux kernel, using novel techniques like Dirty Pagedirectory. All without even having to recompile the exploit for different kernel targets once.

Finland confirms APT31 hackers behind 2021 parliament breach https://www.bleepingcomputer.com/news/security/finland-confirms-apt31-hackers-behind-2021-parliament-breach/

27/03/2024 22:34:48

The Finnish Police confirmed on Tuesday that the APT31 hacking group linked to the Chinese Ministry of State Security (MSS) was behind a breach of the country's parliament disclosed in March 2021.

Google: Spyware vendors behind 50% of zero-days exploited in 2023 https://www.bleepingcomputer.com/news/security/google-spyware-vendors-behind-50-percent-of-zero-days-exploited-in-2023/

27/03/2024 14:04:52

Google's Threat Analysis Group (TAG) and Google subsidiary Mandiant said they've observed a significant increase in the number of zero-day vulnerabilities exploited in attacks in 2023, many of them linked to spyware vendors and their clients.

Recent ‘MFA Bombing’ Attacks Targeting Apple Users – Krebs on Security https://krebsonsecurity.com/2024/03/recent-mfa-bombing-attacks-targeting-apple-users/

27/03/2024 09:56:52

Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple's password reset feature. In this scenario, a target's Apple devices are forced to display dozens of system-level prompts that…

BlueSpy - Spying on Bluetooth conversations https://www.tarlogic.com/blog/bluespy-spying-on-bluetooth-conversations/

26/03/2024 15:58:35

BlueSpy is a proof of concept for exploiting vulnerabilities in Bluetooth headsets and eavesdropping on private conversations

U.S. Sanctions 3 Cryptocurrency Exchanges for Helping Russia Evade Sanctions https://thehackernews.com/2024/03/us-sanctions-3-cryptocurrency-exchanges.html

26/03/2024 10:14:15

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) sanctioned three cryptocurrency exchanges for offering services used to evade economic restrictions imposed on Russia following its invasion of Ukraine in early 2022.

This includes Bitpapa IC FZC LLC, Crypto Explorer DMCC (AWEX), and Obshchestvo S Ogranichennoy Otvetstvennostyu Tsentr Obrabotki Elektronnykh Platezhey (TOEP).

Liens par page

Filtres