Cyberveilleby Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
page 1 / 2
28 résultats taggé attack  ✕
No Pineapple! –DPRK Targeting of Medical Research and Technology Sector https://labs.withsecure.com/publications/no-pineapple-dprk-targeting-of-medical-research-and-technology-sector
02/02/2023 15:16:56
QRCode
archive.org
thumbnail

During Q4 2022, WithSecure™ detected and responded to a cyber attack conducted by a threat actor that WithSecure™ have attributed with high confidence to an intrusion set referred to as Lazarus Group. Attribution with high confidence was based off of overlapping techniques tactics and procedures as well as an operational security mistake by the threat actor. Amongst technical indications, the incident observed by WithSecure™ also contains characteristics of recent campaigns attributed to Lazarus Group by other researchers.

WithSecure 2023 EN Case-study Report Lazarus attack
NortonLifeLock warns that hackers breached Password Manager accounts https://www.bleepingcomputer.com/news/security/nortonlifelock-warns-that-hackers-breached-password-manager-accounts/
16/01/2023 20:03:14
QRCode
archive.org
thumbnail

Gen Digital, formerly Symantec Corporation and NortonLifeLock, is sending data breach notifications to customers, informing them that hackers have successfully breached Norton Password Manager accounts in credential-stuffing attacks.

bleepingcomputer EN 2023 Password-manager NortonLifeLock breach Norton Password Manager credential-stuffing attack
Schools hit by cyber attack and documents leaked https://www.bbc.com/news/uk-england-gloucestershire-63637883
06/01/2023 15:22:58
QRCode
archive.org
thumbnail

Confidential details including child passport scans and SEN data is published online, the BBC finds.

bbc EN 2023 ViceSociety vice-society schools UK leak ransomware attack education
Guardian hit by serious IT incident believed to be ransomware attack https://www.theguardian.com/media/2022/dec/21/guardian-hit-by-serious-it-incident-believed-to-be-ransomware-attack
21/12/2022 20:00:59
QRCode
archive.org
thumbnail

Incident has hit parts of media company’s technology infrastructure, with staff told to work from home

theguardian EN 2022 incident ransomware attack
Phylum Discovers Dozens More PyPI Packages Attempting to Deliver W4SP Stealer in Ongoing Supply-Chain Attack https://blog.phylum.io/phylum-discovers-dozens-more-pypi-packages-attempting-to-deliver-w4sp-stealer-in-ongoing-supply-chain-attack
02/11/2022 21:03:04
QRCode
archive.org
thumbnail

Last week, our automated risk detection platform alerted us to suspicious activity in dozens of newly published PyPI packages. Here's what we uncovered.

Phylum EN 2022 supplychain PyPI W4SP Stealer Attack
Melting the DNS Iceberg: Taking over your infrastructure Kaminsky style https://sec-consult.com/blog/detail/melting-the-dns-iceberg-taking-over-your-infrastructure-kaminsky-style/
20/10/2022 21:15:06
QRCode
archive.org
thumbnail

Hidden DNS resolvers and how to compromise your infrastructure

sec-consult 2022 Kaminsky attack DNS Hidden resolvers compromise infrastructure technical
Threat Alert: Private npm Packages Disclosed via Timing Attacks https://blog.aquasec.com/private-packages-disclosed-via-timing-attack-on-npm
14/10/2022 09:42:51
QRCode
archive.org
thumbnail

Via timing attacks, threat actors create phony public npm packages masked as private ones to deceive developers into downloading compromised packages

aquasec EN 2022 npm supplychain supply-chain attack timing-attack
Software Supply Chain Attackers; Organized, Persistent, and Operating for over a Year https://medium.com/checkmarx-security/lofygang-aad0c32d801c
10/10/2022 06:26:22
QRCode
archive.org
thumbnail

Checkmarx discovered ~200 malicious NPM packages with thousands of installations linked to an attack group called “LofyGang”.

Medium LofyGang EN 2022 Jossef_Harush npm supply-chain attack
Malicious OAuth applications abuse cloud email services to spread spam https://www.microsoft.com/security/blog/2022/09/22/malicious-oauth-applications-used-to-compromise-email-servers-and-spread-spam/
24/09/2022 00:50:46
QRCode
archive.org
thumbnail

Microsoft discovered an attack where attackers installed a malicious OAuth application in compromised tenants and used their Exchange Online service to launch spam runs.

microsoft EN 2022 Exchange OAuth abuse spam Exchange attack
Record 25.3 Billion Request Multiplexing Attack Mitigated by Imperva https://www.imperva.com/blog/record-25-3-billion-request-multiplexing-attack-mitigated-by-imperva/
21/09/2022 22:49:37
QRCode
archive.org

On June 27, 2022, Imperva mitigated a single attack with over 25.3 billion requests, setting a new record for Imperva’s application DDoS mitigation solution.

While attacks with over one million requests per second (RPS) aren’t new, we’ve previously only seen them last for several seconds to a few minutes. On June 27, Imperva successfully mitigated a strong attack that lasted more than four hours and peaked at 3.9 million RPS.

imperva EN 2022 DDoS RPS attack
Microsoft investigates Iranian attacks against the Albanian government https://www.microsoft.com/security/blog/2022/09/08/microsoft-investigates-iranian-attacks-against-the-albanian-government/
09/09/2022 16:03:03
QRCode
archive.org
thumbnail

Shortly after the destructive cyberattacks on the Albanian government in mid-July, the Microsoft Detection and Response Team (DART) was engaged to lead an investigation into the attacks.

microsoft EN 2022 investigation DART EUROPIUM Albania Iran attack
Stealing Clouds https://www.reuters.com/investigates/special-report/china-cyber-cloudhopper/
04/09/2022 12:56:29
QRCode
archive.org
thumbnail

Reuters shows how Chinese hackers invaded myriad global companies, exposing entrenched weaknesses in Western cyber defenses.

Reuters 2019 Chinese APT10 Cloud attack Cloud-Hopper Ericsson IBM HP
Legitimate SaaS Platforms Being Used to Host Phishing Attacks https://unit42.paloaltonetworks.com/platform-abuse-phishing/
24/08/2022 15:56:47
QRCode
archive.org
thumbnail

Platform-abuse phishing is on the rise. We analyze how attackers use services such as website builders to host phishing pages.

unit42 paloaltonetworks EN 2022 phishing attack SaaS abuse website-builders
Realtek SDK Vulnerability Exposes Routers From Many Vendors to Remote Attacks https://www.securityweek.com/realtek-sdk-vulnerability-exposes-routers-many-vendors-remote-attacks
13/08/2022 19:21:14
QRCode
archive.org

A serious vulnerability affecting the eCos SDK made by Taiwanese semiconductor company Realtek could expose the networking devices of many vendors to remote attacks.

securityweek EN 2022 SDK remote attack vulnerability Rrealtek CVE-2022-27255
Comprehensive Threat Intelligence: Cisco Talos shares insights related to recent cyber attack on Cisco https://blog.talosintelligence.com/2022/08/recent-cyber-attack.html?m=1
11/08/2022 20:22:21
QRCode
archive.org
thumbnail
  • On May 24, 2022, Cisco became aware of a potential compromise. Since that point, Cisco Security Incident Response (CSIRT) and Cisco Talos have been working to remediate.
  • During the investigation, it was determined that a Cisco employee’s credentials were compromised after an attacker gained control of a personal Google account where credentials saved in the victim’s browser were being synchronized.
talosintelligence EN 2022 Cisco attack Google sync password insights
A New Attack Can Unmask Anonymous Users on Any Major Browser https://www.wired.com/story/web-deanonymization-side-channel-attack-njit/
14/07/2022 21:03:17
QRCode
archive.org
thumbnail

Researchers have found a way to use the web's basic functions to identify who visits a site—without the user detecting the hack.

Wired EN 2022 browsers browser vulnerabilities hacking identify attack side-channel
Cloudflare mitigates 26 million request per second DDoS attack https://blog.cloudflare.com/26m-rps-ddos/
15/06/2022 06:54:58
QRCode
archive.org

Last week, Cloudflare automatically detected and mitigated a 26 million request per second DDoS attack — the largest HTTPS DDoS attack on record.

cloudflare 2022 EN DDoS attack
A new vulnerability in Intel and AMD CPUs lets hackers steal encryption keys https://arstechnica.com/information-technology/2022/06/researchers-exploit-new-intel-and-amd-cpu-flaw-to-steal-encryption-keys/
15/06/2022 06:54:19
QRCode
archive.org
thumbnail

Hertzbleed attack targets power-conservation feature found on virtually all modern CPUs.

arstechnica 2022 EN Microprocessors Hertzbleed power-conservation AMD Intel DVFS x86 side-channel attack keys vulnerabilies
PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables https://blog.sonatype.com/pypi-package-ctx-compromised-are-you-at-risk
25/05/2022 06:59:04
QRCode
archive.org
thumbnail

This week, immensely popular PyPI package 'ctx' has been compromised and altered to steal environment variables from its users. Additionally, a forked PHP project 'phpass' also suffered a repo-hijacking attack with the project tained with identical malicious payload.

PyPI ctx PHP supplychain attack sonatype EN 2022 exfiltration steal Supply-chain-security
npm Supply Chain Attack Targeting Germany-Based Companies https://jfrog.com/blog/npm-supply-chain-attack-targets-german-based-companies/
11/05/2022 11:32:33
QRCode
archive.org
thumbnail

The JFrog Security Research team identified and quickly disclosed new npm malicious packages aimed at compromising leading industrial organizations

jfrog 2022 EN Supply Chain supplychain industrial npm attack research
page 1 / 2
1033 links
Shaarli - Le gestionnaire de marque-pages personnel, minimaliste, et sans base de données par la communauté Shaarli - Theme by kalvn - Curated by Decio