Recherche : [IoC] - Cyberveille

Ivanti Connect Secure VPN Targeted in New Zero-Day Exploitation https://cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-secure-vpn-zero-day/?hl=en

09/01/2025 08:50:08

Zero-day exploitation of Ivanti Connect Secure VPN vulnerabilities since as far back as December 2024.

On Wednesday, Jan. 8, 2025, Ivanti disclosed two vulnerabilities, CVE-2025-0282 and CVE-2025-0283, impacting Ivanti Connect Secure (“ICS”) VPN appliances. Mandiant has identified zero-day exploitation of CVE-2025-0282 in the wild beginning mid-December 2024. CVE-2025-0282 is an unauthenticated stack-based buffer overflow. Successful exploitation could result in unauthenticated remote code execution, leading to potential downstream compromise of a victim network.

Astrill VPN and Remote Worker Fraud - Spur https://spur.us/astrill-vpn-and-remote-worker-fraud/

23/12/2024 23:09:25

"Recently, various intelligence and threat analysis teams have identified a concerning trend: North Korean state actors are infiltrating companies and organizations around the world in an attempt to facilitate the clandestine transfer of funds to support North Korea’s state apparatus. Specifically, these actors have favored the use of Astrill VPN to obscure their digital footprints while applying for remote positions."

"While it’s been several months since these articles were published, we continue to see reports from our customers of fraudulent re mote worker campaigns originating from Astrill VPN IP addresses."

Threat Intel Accelerates Detection & Response https://www.huntress.com/blog/threat-intel-accelerates-detection-and-response

15/02/2024 14:28:01

Evidence of a pre-existing exploit was rendered when the Huntress agent was added to an endpoint. Within minutes, and in part through the use of previously published threat intelligence, analysts were able to identify the issue and make recommendations to the customer to remediate the root cause.

New macOS malware 'CloudMensis' detected and prevented https://www.jamf.com/blog/cloudmensis-malware/

20/08/2022 10:14:05

Jamf Threat Labs updates Jamf Protect to completely prevent CloudMensis from threatening the security of your macOS fleet.

Il malware EnvyScout (APT29) è stato veicolato anche in Italia https://cert-agid.gov.it/news/il-malware-envyscout-apt29-e-stato-veicolato-anche-in-italia/

09/07/2022 07:00:14

Il malware EnvyScout (APT29) è stato veicolato anche in Italia

Pegasus vs. Predator: Dissident's Doubly-Infected iPhone Reveals Cytrox Mercenary Spyware https://citizenlab.ca/2021/12/pegasus-vs-predator-dissidents-doubly-infected-iphone-reveals-cytrox-mercenary-spyware/

23/05/2022 09:12:33

Two Egyptians—exiled politician Ayman Nour and the host of a popular news program (who wishes to remain anonymous)—were hacked with Predator spyware, built and sold by the previously little-known mercenary spyware developer Cytrox. The phone of Ayman Nour was simultaneously infected with both Cytrox’s Predator and NSO Group’s Pegasus spyware, operated by two different government clients.

New Emotet Infection Method https://unit42.paloaltonetworks.com/new-emotet-infection-method/

16/02/2022 19:57:47

As early as Dec. 21, 2021, Unit 42 observed a new infection method for the highly prevalent malware family Emotet. Emotet is high-volume malware that often changes and modifies its attack patterns. This latest modification of the Emotet attack follows suit.

Liens par page

Filtres