Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
page 1 / 2
37 résultats taggé investigation  ✕
Verisource Services Increases Data Breach Victim Count to 4 Million https://www.hipaajournal.com/verisource-services-data-breach/
04/05/2025 13:15:07
QRCode
archive.org

Verisource Services, an employee benefits administration service provider, has determined that a previously announced data breach was far worse than initially thought and has affected up to 4 million individuals. The Houston, Texas-based company detected a hacking incident on February 28, 2024, that disrupted access to some of its systems. Third-party cybersecurity and incident response experts were engaged to investigate the incident and determine the nature and scope of the unauthorized activity.

The forensic investigation confirmed hackers had access to its network and exfiltrated files on February 27, 2024. At the time of the initial announcement, Verisource Services said names, dates of birth, genders, and Social Security numbers had been stolen. The affected individuals included employees and dependents of clients who used its services, which include HR outsourcing, benefits enrollment, billing, and administrative services.

The data breach was initially reported as affecting 1,382 individuals, but as the investigation progressed, it became clear that the breach was worse than initially thought. In August 2024, the data breach was reported to the HHS’ Office for Civil Rights (OCR) as involving the protected health information of 112,726 individuals. The most recent notification to the Maine Attorney General indicates up to 4 million individuals have been affected, a sizeable increase from previous estimates. The OCR breach portal still lists the incident as affecting 112,726 patients and plan members of its HIPAA-regulated entity clients, although that total may well be updated in the coming days.

Verisource Services explained in the breach notice that the data review was not completed until April 17, 2025, almost 14 months after the security incident was detected. Verisource Services reported the security incident to the Federal Bureau of Investigation, and several additional security measures have been implemented to improve its security posture. Notification letters had previously been sent to some affected individuals; however, the bulk of the notification letters have only recently been mailed. Verisource Services said complimentary credit monitoring and identity theft protection services have been offered to the affected individuals, who will also be protected with a $1,000,000 identity theft insurance policy.

hipaajournal EN 2025 Verisource-Services US forensic investigation Data-Breach Data-Leak
Grafana security update: no customer impact from GitHub workflow vulnerability https://grafana.com/blog/2025/04/27/grafana-security-update-no-customer-impact-from-github-workflow-vulnerability/
02/05/2025 11:45:31
QRCode
archive.org
thumbnail

On April 26, an unauthorized user exploited a vulnerability with a GitHub workflow to gain unauthorized access to tokens, all of which have now been invalidated. At this time, our investigation has found no evidence of code modifications, unauthorized access to production systems, exposure of customer data, or access to personal information.

grafana en 2025 incident investigation vulnerability GitHub workflow unauthorized access tokens
Weaver Ant: Tracking a China-Nexus Cyber Espionage Operation https://www.sygnia.co/threat-reports-and-advisories/weaver-ant-tracking-a-china-nexus-cyber-espionage-operation/
25/03/2025 08:19:10
QRCode
archive.org
thumbnail

Sygnia investigates Weaver Ant, a stealthy China-nexus threat actor targeting telecom providers. Learn how web shells enable persistence and espionage.

sygnia EN 2025 China-nexus telecom investigation WeaverAnt
Virtue or Vice? A First Look at Proliferating Spyware Operations https://citizenlab.ca/2025/03/a-first-look-at-paragons-proliferating-spyware-operations/
20/03/2025 06:49:33
QRCode
archive.org
thumbnail

In our first investigation into Israel-based spyware company, Paragon Solutions, we begin to untangle multiple threads connected to the proliferation of Paragon's mercenary spyware operations across the globe. This report includes an infrastructure analysis of Paragon’s spyware product, called Graphite; a forensic analysis of infected devices belonging to members of civil society; and a closer look at the use of Paragon spyware in both Canada and Italy.

citizenlab EN 2025 investigation Paragon spyware Canada Italy Graphite mercenary
Secure Annex - Enterprise Browser Extension Security & Management Platform https://secureannex.com/blog/buying-browser-extensions/
19/03/2025 21:07:40
QRCode
archive.org
thumbnail

An investigation into buying access to browsers through extensions

secureannex EN 2025 investigation Browser Extension buying extensions
Investigating Anonymous VPS services used by Ransomware Gangs https://blog.bushidotoken.net/2025/02/investigating-anonymous-vps-services.html
16/02/2025 14:40:27
QRCode
archive.org
thumbnail

One of the challenges with investigating cybercrime is the infrastructure the adversaries leverage to conduct attacks. Cybercriminal infrastructure has evolved drastically over the last 25 years, which now involves hijacking web services, content distribution networks (CDNs), residential proxies, fast flux DNS, domain generation algorithms (DGAs), botnets of IoT devices, the Tor network, and all sorts of nested services.

This blog shall investigate a small UK-based hosting provider known as BitLaunch as an example of how challenging it can be to tackle cybercriminal infrastructure. Research into this hosting provider revealed that they appear to have a multi-year history of cybercriminals using BitLaunch to host command-and-control (C2) servers via their Anonymous VPS service.

bushidotoken EN 2025 investigation VPS BitLaunch C2 Ransomware
Tata Technologies says ransomware attack hit IT assets, investigation ongoing https://techcrunch.com/2025/01/31/tata-technologies-says-ransomware-attack-hit-it-assets-investigation-ongoing/
02/02/2025 14:49:28
QRCode
archive.org
thumbnail

India's Tata Technologies has disclosed a ransomware attack affecting its IT assets.

techcrunch EN 2025 Tata ransomware attack investigation
UN aviation agency ‘investigating’ security breach after hacker claims theft of personal data https://techcrunch.com/2025/01/07/un-aviation-agency-investigating-security-breach-after-hacker-claims-theft-of-personal-data/
12/01/2025 20:53:08
QRCode
archive.org
thumbnail

ICAO says the incident was allegedly linked to a hacker 'known for targeting international organizations'

techcrunch EN 2025 Investigation ICAO incident aviation
BeyondTrust Remote Support SaaS Service Security Investigation https://www.beyondtrust.com/remote-support-saas-service-security-investigation
22/12/2024 20:31:38
QRCode
archive.org

BeyondTrust identified a security incident that involved a limited number of Remote Support SaaS customers. On December 5th, 2024, a root cause analysis into a Remote Support SaaS issue identified an API key for Remote Support SaaS had been compromised. BeyondTrust immediately revoked the API key, notified known impacted customers, and suspended those instances the same day while providing alternative Remote Support SaaS instances for those customers.
12/12/24 While the security incident forensics investigation remains ongoing, there are no material updates to provide at this time. We continue to pursue all possible paths as part of the forensic analysis, with the assistance of external forensic parties, to ensure we conduct as thorough an investigation as possible. We continue to communicate, and work closely with, all known affected customers. We will continue to provide updates here until our investigation is concluded.

beyondtrust EN 2024 SaaS Investigation incident API-key root-cause
On These Apps, the Dark Promise of Mothers Sexually Abusing Children https://www.nytimes.com/2024/12/07/us/child-abuse-apple-google-apps.html
09/12/2024 20:49:11
QRCode
archive.org

Smartphone apps downloaded from Apple and Google can allow parents and other abusers to connect with pedophiles who pay to watch — and direct — criminal behavior.

nytimes EN 2024 investigation BigoLive abuse stream child Apps Apple Google pedophiles criminal
iVerify Mobile Threat Investigation Uncovers New Pegasus Samples https://iverify.io/blog/iverify-mobile-threat-investigation-uncovers-new-pegasus-samples
05/12/2024 09:01:20
QRCode
archive.org
thumbnail

iVerify’s Mobile Threat Hunting finds Pegasus spyware is more prevalent and capable of infecting a wide range of devices, not just devices of high-risk users.

iVerify EN 2024 Mobile Threat Investigation Uncovers Pegasus
Pacific Rim: Inside the Counter-Offensive—The TTPs Used to Neutralize China-Based Threats https://news.sophos.com/en-us/2024/10/31/pacific-rim-neutralizing-china-based-threat/
31/10/2024 16:27:18
QRCode
archive.org
thumbnail

Sophos X-Ops unveils five-year investigation tracking China-based groups targeting perimeter devices

sophos EN 2024 investigation China-based perimeter devices TTPs China APT
Swiss identified in Austrian bomb threat investigation https://www.swissinfo.ch/eng/various/swiss-identified-in-austrian-bomb-threat-investigation/87728619
18/10/2024 11:24:46
QRCode
archive.org
thumbnail

Austrian security authorities have identified a Swiss man as the suspect in a series of emails containing bomb threats.

swissinfo EN 2024 emails Austrian bomb-threat investigation Switzerland Austria
Free Russia Foundation to investigate data breach after internal documents published online — Novaya Gazeta Europe https://novayagazeta.eu/articles/2024/09/07/free-russia-foundation-to-investigate-data-breach-after-internal-documents-published-online-en-news
08/09/2024 15:51:06
QRCode
archive.org
thumbnail

One of Russia’s most prominent pro-democracy organisations, the Free Russia Foundation, announced that it was investigating a potential cyberattack on Friday, following a leak of thousands of emails and documents related to its work.

novayagazeta EN 2024 investigation Data-Leak Russia pro-democracy cyberattack
FIN7: The Truth Doesn't Need to be so STARK https://www.team-cymru.com/post/fin7-the-truth-doesn-t-need-to-be-so-stark
24/08/2024 12:11:38
QRCode
archive.org
thumbnail

First and foremost, our thanks go to the threat research team at Silent Push and the security team at Stark Industries Solutions (referred to as “Stark” from this point forwards) for their enthusiastic cooperation in the ‘behind the scenes’ efforts of this blog post.IntroductionIn our opening statement, we also introduce the subject of this post: the cross-team and cross-organization collaborative efforts of Silent Push, Stark, and Team Cymru in taking action against a common and well-known adve

team-cymru EN 2024 FIN7 Stark-Industries-Solutions STARK PostLtd SmartApe investigation
Unmasking Styx Stealer: How a Hacker's Slip Led to an Intelligence Treasure Trove - Check Point Research https://research.checkpoint.com/2024/unmasking-styx-stealer-how-a-hackers-slip-led-to-an-intelligence-treasure-trove/
24/08/2024 12:05:52
QRCode
archive.org
thumbnail
  • Check Point Research (CPR) recently uncovered Styx Stealer, a new malware capable of stealing browser data, instant messenger sessions from Telegram and Discord, and cryptocurrency. Even though it only recently appeared, it has already been noticed in attacks, including those targeting our customers.
  • The developer of Styx Stealer was found to be linked to one of Agent Tesla threat actors, Fucosreal, who was involved in a spam campaign also targeting our customers.
  • During the debugging of Styx Stealer, the developer made a fatal error and leaked data from his computer, which allowed CPR to obtain a large amount of intelligence, including the number of clients, profit information, nicknames, phone numbers, and email addresses, as well as similar data about the actor behind the Agent Tesla campaign.
checkpoint 2024 investigation OPSEC-fail StyxStealer Telegram
stardom dreams, stalking devices and the secret conglomerate selling both https://maia.crimew.gay/posts/gps-track-deez-nuts/
19/08/2024 08:41:02
QRCode
archive.org
thumbnail

people frequently reach out to me with companies to look into. usually it takes me about 10 minutes before i move on for one reason or another—it's not interesting for a story or has good security, for example. i didnt expect anything different when an acquaintance told me about Tracki, a self-proclaimed "world leader in GPS tracking" that they suspected could be used nefariously.

at first glance, Tracki appeared to be a serious company, maybe even one that cared about security. we could never have guessed what was about to unfold before us.

half a year into our investigation, we'd found it all: a hidden conglomerate posing as five independent companies, masked from governments and customers alike through the use of dozens of false identities, US letterbox companies, and an undeclared owner. a 90s phone sex scheme that, through targeting by one of hollywood's most notorious fixers, spiraled into a collection of almost a hundred domains advertising everything from online dating to sore throat remedies. a slew of device-assisted murder cases, on top of potential data breaches affecting almost 12 million users, ranging from federal government officials to literal infants. and most importantly, a little-known Snoop Dogg song. how in the world did we get here?

starting our descent

maia.crimew.gay EN 2024 Tracki shady business investigation stalkerware security analysis sqli leak exploit nyancrimew maia-arson-crimew switzerland hacktivism developer
Threat Actors’ Toolkit: Leveraging Sliver, PoshC2 & Batch Scripts https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/
12/08/2024 06:43:03
QRCode
archive.org
thumbnail
  • In early December of 2023, we discovered an open directory filled with batch scripts, primarily designed for defense evasion and executing command and control payloads. These scripts execute various actions, including disabling antivirus processes and stopping services related to SQL, Hyper-V, security tools, and Exchange servers.
  • This report also highlights scripts responsible for erasing backups, wiping event logs, and managing the installation or removal of remote monitoring tools like Atera.
  • Our investigation uncovered the use of additional tools, including Ngrok for proxy services, SystemBC, and two well-known command and control frameworks: Sliver and PoshC2.
  • The observed servers show long term usage by the threat actors, appearing in The DFIR Report Threat Feeds as far back as September 2023. They have been active intermittently since then, with the most recent activity detected in August 2024.
  • Ten new sigma rules were created from this report and added to our private sigma ruleset
thedfirreport EN 2024 Toolkit investigation open-directory PoshC2 Batch-Scripts
Hacking Millions of Modems (and Investigating Who Hacked My Modem) https://samcurry.net/hacking-millions-of-modems
03/06/2024 21:53:52
QRCode
archive.org
thumbnail

Two years ago, something very strange happened to me while working from my home network. I was exploiting a blind XXE vulnerability that required an external HTTP server to smuggle out files, so I spun up an AWS box and ran a simple Python webserver to receive the traffic from the vulnerable server:

samcurry EN 2024 modem cox investigation
European Commission to open investigation into TikTok, Bloomberg reports | Reuters https://www.reuters.com/technology/european-commission-open-investigation-into-tiktok-bloomberg-news-2024-02-09/
11/02/2024 10:06:57
QRCode
archive.org

the European Commission will open an investigation into TikTok in the coming weeks over concerns that changes the firm made to comply with the bloc's Digital Services Act (DSA) were not enough to protect under-age users, Bloomberg News reported on Friday.
TikTok has not received notice from the European Commission of an investigation and is in regular dialogue with European Union authorities, a spokesperson told Reuters when asked about the Bloomberg report. The EC declined to comment.

reuters EU TikTok DSA investigation
page 1 / 2
4300 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service par la communauté Shaarli - Theme by kalvn - Curated by Decio