Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
page 1 / 59
1170 résultats taggé 2023  ✕
Extracting DDosia targets from process memory https://viuleeenz.github.io/posts/2023/05/extracting-ddosia-targets-from-process-memory/
28/12/2024 11:56:08
QRCode
archive.org

This post is part of an analysis that I have carried out during my spare time, motivated by a friend that asked me to have a look at the DDosia project related to the NoName057(16) group. The reason behind this request was caused by DDosia client changes for performing the DDos attacks. Because of that, all procedures used so far for monitoring NoName057(16) activities did not work anymore.

viuleeenz.github.io EN 2023 analysis NoName057(16) DDoSia NoName057 malware binary digital-forensics exploit-development Reverse-engineering
DDosia Project: How NoName057(16) is trying to improve the efficiency of DDoS attacks https://decoded.avast.io/martinchlumecky/ddosia-project-how-noname05716-is-trying-to-improve-the-efficiency-of-ddos-attacks/
28/12/2024 11:54:33
QRCode
archive.org
thumbnail

The new variant of bots implemented an authentication mechanism to communicate with C2 servers and their proxies. Includes IP address blocklisting, presumably to hinder the tracking of the project.

avast EN 2024 2023 Analysis NoName057(16) DDoSia
2023 Top Routinely Exploited Vulnerabilities | CISA https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-317a
13/11/2024 09:39:18
QRCode
archive.org

In 2023, malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks compared to 2022, allowing them to conduct cyber operations against higher-priority targets. In 2023, the majority of the most frequently exploited vulnerabilities were initially exploited as a zero-day, which is an increase from 2022, when less than half of the top exploited vulnerabilities were exploited as a zero-day.

Malicious cyber actors continue to have the most success exploiting vulnerabilities within two years after public disclosure of the vulnerability. The utility of these vulnerabilities declines over time as more systems are patched or replaced. Malicious cyber actors find less utility from zero-day exploits when international cybersecurity efforts reduce the lifespan of zero-day vulnerabilities.

cisa EN 2024 zero-day vulnerabilities 2023 Routinely-Exploited
2023 Kaspersky Incident Response report https://securelist.com/kaspersky-incident-response-report-2023/112504/
14/05/2024 14:28:22
QRCode
archive.org
thumbnail

The report shares statistics and observations from incident response practice in 2023, analyzes trends and gives cybersecurity recommendations.
#Cybersecurity #Incident #Internal #LockBit #Ransomware #Security #Statistics #Threats #response #services

securelist 2024 2023 EN Threats Cybersecurity Security Incident LockBit response Internal services Statistics Ransomware
DSoS attacks statistics and observations https://qrator.net/blog/details/2023-ddos-attacks-statistics-and-observations
07/04/2024 11:46:27
QRCode
archive.org

he year 2023 turned out to be quite rich in events and trends in the field of cybersecurity. We witnessed a new term "white noise", the development of artificial intelligence led to increased bot activity, which significantly affected commercial companies. We detected signs of a resurgence in popularity of commercial DDoS attacks. The implementation of "remote office" technologies led to the expansion of communication channels and, as a result, increased intensity of attacks. But first things first.

DDoS Attacks by Vectors
The fourth quarter of the past year didn't bring any surprises in terms of the distribution of mixed attacks by vectors. UDP flood once again topped the list with a rate of 60.20%. IP flood came in second at 16.86%. Multivector attacks also made it into the top three with 13.36%. Overall, the distribution was as follows:

UDP flood - 60.20%
SYN flood - 7.26%
IP flood - 16.86%
Multivector attacks - 13.36%

qrator EN 2024 DDoS Attacks Statistics 2023 Year-in-Review
Vulnerabilities Year-in-Review: 2023 https://intel471.com/blog/vulnerabilities-year-in-review-2023
01/04/2024 10:40:32
QRCode
archive.org
thumbnail

In 2023, threat actors continued to exploit a variety of vulnerabilities — both newly discovered weaknesses and unresolved issues — to carry out sophisticated attacks on global organizations. The number of documented software vulnerabilities continued to rise, and threat actors were quick to capitalize on new vulnerabilities and leverage recent releases of publicly available vulnerability research and exploit code to target entities. However, while there was a high number of vulnerabilities released in the reporting period, only a handful actually were weaponized in attacks. The ones of most interest are those that threat actors use for exploitation. In this report, we’ll analyze the numbers and types of vulnerabilities in 2023 with a view to understanding attack trends and how organizations can better defend themselves.

intel471 EN 2024 Year-in-Review 2023 Vulnerabilities
From OneNote to RansomNote: An Ice Cold Intrusion - The DFIR Report https://thedfirreport.com/2024/04/01/from-onenote-to-ransomnote-an-ice-cold-intrusion/
01/04/2024 10:32:27
QRCode
archive.org
thumbnail
  • In late February 2023, threat actors rode a wave of initial access using Microsoft OneNote files. In this case, we observed a threat actor deliver IcedID using this method.
  • After loading IcedID and establishing persistence, there was no further actions, other than beaconing for over 30 days.
  • The threat actor used Cobalt Strike and AnyDesk to target a file server and a backup server.
  • The threat actor used FileZilla to exfiltrate data from the network before deploying Nokoyawa ransomware.
thedfirreport EN 2024 2023 incident incident-analysis IcedID OneNote FileZilla Nokoyawa ransomware
Google: Spyware vendors behind 50% of zero-days exploited in 2023 https://www.bleepingcomputer.com/news/security/google-spyware-vendors-behind-50-percent-of-zero-days-exploited-in-2023/
27/03/2024 14:04:52
QRCode
archive.org
thumbnail

Google's Threat Analysis Group (TAG) and Google subsidiary Mandiant said they've observed a significant increase in the number of zero-day vulnerabilities exploited in attacks in 2023, many of them linked to spyware vendors and their clients.

bleepingcomputer EN 2024 Google Google-TAG Mandiant Spyware Zero-Day 2023
Google Online Security Blog: Vulnerability Reward Program: 2023 Year in Review https://security.googleblog.com/2024/03/vulnerability-reward-program-2023-year.html
22/03/2024 12:13:50
QRCode
archive.org
thumbnail

Last year, we again witnessed the power of community-driven security efforts as researchers from around the world contributed to help us identify and address thousands of vulnerabilities in our products and services. Working with our dedicated bug hunter community, we awarded $10 million to our 600+ researchers based in 68 countries.

security.googleblog EN 2024 reward bug-bounty Google 2023 year
Google Paid Out $10 Million via Bug Bounty Programs in 2023 https://www.securityweek.com/google-paid-out-10-million-via-bug-bounty-programs-in-2023
17/03/2024 16:58:48
QRCode
archive.org

Google on Tuesday announced that it paid out a total of $10 million through its bug bounty programs in 2023, bringing the total amount awarded by the tech giant for vulnerabilities found in its products since 2010 to $59 million.

The total paid out in 2023 is less than the $12 million handed out in 2022, but it’s still a significant amount. The money was earned last year by 632 researchers from 68 countries. The highest single reward was $113,337.

securityweek EN 2024 Google bugbounty 2023 paid
Ransomware Hit $1 Billion in 2023 https://www.chainalysis.com/blog/ransomware-2024/
08/02/2024 07:16:42
QRCode
archive.org
thumbnail

In 2023, ransomware actors intensified their operations, targeting high-profile institutions and critical infrastructure, including hospitals, schools, and government agencies. Major ransomware supply chain attacks were carried out exploiting the ubiquitous file transfer software MOVEit, impacting companies ranging from the BBC to British Airways. As a result of these attacks and others, ransomware gangs reached an unprecedented milestone, surpassing $1 billion in extorted cryptocurrency payments from victims.

Last year’s developments highlight the evolving nature of this cyber threat and its increasing impact on global institutions and security at large.

chainalysis En 2024 Ransomware Statistics 2023 report
Ransomware Cases Increased Greatly in 2023 https://www.sans.org/blog/ransomware-cases-increased-greatly-in-2023/
26/01/2024 17:44:22
QRCode
archive.org

As we move further into 2024, we must be cautious (maybe even fearful!) of ransomware cases increasing even more than in previous years. Though governments around the world are taking more interest in the worldwide threat, we can see from the increase of cases that our actions have not been enough to thwart the ransomware threat. As new groups continue to form, former groups continue to evolve into new brands, and the big players continue to ramp up their efforts, we must remain vigilant and focus on our preparation and early detection capabilities.

sans 2024 EN ransomware 2023 Stats
AI will make scam emails look genuine, UK cybersecurity agency warns https://www.theguardian.com/technology/2024/jan/24/ai-scam-emails-uk-cybersecurity-agency-phishing
24/01/2024 21:36:36
QRCode
archive.org
thumbnail

NCSC says generative AI tools will soon allow amateur cybercriminals to launch sophisticated phishing attacks

theguardian EN 2023 AI scam phishing email gebuine cybercriminals warning UK NCSC
SEC says X account hack was due to SIM swapping https://therecord.media/sec-x-account-takeover-sim-swapping
24/01/2024 08:28:40
QRCode
archive.org
thumbnail

An “unauthorized party” hijacked the cell phone number of the person running the SEC’s X account before taking over the social media feed and posting messages.

In a statement on Monday, an SEC spokesperson explained that two days after the January 9 account takeover, the government agency spoke to its telecom carrier and discovered that someone “obtained control of the SEC cell phone number associated with the account in an apparent ‘SIM swap’ attack.”

therecord EN 2023 SEC X Twitter SIM-swapping hijacked
CVE-2023-46805 https://attackerkb.com/topics/AdUh6by52K/cve-2023-46805/rapid7-analysis
16/01/2024 14:39:31
QRCode
archive.org
thumbnail

Starting January 10, 2024, multiple parties (Ivanti, Volexity, and Mandiant) disclosed the existence of a zero-day exploit chain affecting Ivanti Connect Secur…

attackerkb EN 2023 CVE-2023-46805 Ivanti 0-day API
Le CHU de Nantes victime d’une cyberattaque https://www.ouest-france.fr/societe/cyberattaque/le-chu-de-nantes-victime-dune-cyberattaque-386f2e22-b454-11ee-b2a2-ccb95da3b2ac
16/01/2024 12:26:14
QRCode
archive.org
thumbnail

Le CHU de Nantes est sous le coup d’une cyberattaque depuis la nuit de dimanche 14 à lundi 15 janvier 2024. Le centre hospitalier a vu son réseau internet coupé ce lundi 15 janvier, et ne peut plus recevoir et envoyer de mails en externe.

ouest-france.fr FR 2023 Nantes cyberattaque CHU hôpital
QNAP Patches High-Severity Flaws in QTS, Video Station, QuMagie, Netatalk Products https://www.securityweek.com/qnap-patches-high-severity-flaws-in-qts-video-station-qumagie-netatalk-products/
15/01/2024 07:21:09
QRCode
archive.org

QNAP has released patches for a dozen vulnerabilities in its products, including several high-severity flaws.

securityweek EN 2023 QNAP vulnerabilities High-Severity
CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign https://www.trendmicro.com/en_us/research/24/a/cve-2023-36025-exploited-for-defense-evasion-in-phemedrone-steal.html
12/01/2024 15:25:42
QRCode
archive.org
thumbnail

This blog delves into the Phemedrone Stealer campaign's exploitation of CVE-2023-36025, the Windows Defender SmartScreen Bypass vulnerability, for its defense evasion and investigates the malware's payload.

trendmicro EN 2023 CVE-2023-36025 Phemedrone Stealer
Attack of the week: Airdrop tracing – A Few Thoughts on Cryptographic Engineering https://blog.cryptographyengineering.com/2024/01/11/attack-of-the-week-airdrop-tracing/
12/01/2024 11:33:32
QRCode
archive.org
thumbnail

It's been a while since I wrote an "attack of the week" post, and the fault for this is entirely mine. I've been much too busy writing boring posts about Schnorr signatures! But this week's news brings an exciting story with both technical and political dimensions: new reports claim that Chinese security agencies have developed…

cryptographyengineering EN 2023 Airdrop Cryptographic analysis tracing
SharePoint Pre-Auth RCE chain (CVE-2023–29357 & CVE-2023–24955) | STAR Labs https://starlabs.sg/blog/2023/09-sharepoint-pre-auth-rce-chain/
12/01/2024 10:21:59
QRCode
archive.org
thumbnail

Brief I may have achieved successful exploitation of a SharePoint target during Pwn2Own Vancouver 2023. While the live demonstration lasted only approximately 30 seconds, it is noteworthy that the process of discovering and crafting the exploit chain consumed nearly a year of meticulous effort and research to complete the full exploit chain.
This exploit chain leverages two vulnerabilities to achieve pre-auth remote code execution (RCE) on the SharePoint server:
Authentication Bypass – An unauthenticated attacker can impersonate as any SharePoint user by spoofing valid JSON Web Tokens (JWTs), using the none signing algorithm to subvert signature validation checks when verifying JWT tokens used for OAuth authentication.

starlabs.sg EN 2023 CVE-2023–29357 SharePoint CVE-2023–24955
page 1 / 59
4259 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service par la communauté Shaarli - Theme by kalvn - Curated by Decio