Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Quotidien Hebdomadaire Mensuel

Quotidien Shaarli

Tous les liens d'un jour sur une page.

Jour précédent
Jour suivant

November 2, 2023

How Kopeechka, an Automated Social Media Accounts Creation Service, Can Facilitate Cybercrime

In recent years, cybercriminals have become increasingly professional — fraudsters have consistently been improving their skills, making less crucial mistakes, and creating various “as-a-service” businesses to help lower-skilled threat actors launch scams and attacks, allowing the latter to run full cybercrime operations.

There are different types of cybercrime services that exist today, including malware-as-a-service, where cybercriminals develop and sell malware services to other malicious actors; the service also includes creating and spreading malware types such as ransomware on compromised hosts. Meanwhile, other services require the use of multiple social media accounts to be successfully carried out, such as misinformation, spamming, and malware propagation. Indeed, it’s not uncommon for cybercriminals to send thousands of spam messages using thousands of accounts on social media platforms. But how do they manage to automate all of it?

22:13
ltrendmicro, EN, 2023, social-media, Kopeechka, Social, Media, Accounts, Creation, Service, Cybercrime
Mozi botnet goes dark under mysterious circumstances

Researchers speculate that Chinese authorities may be responsible for turning off one of the internet’s most prolific IoT botnets.

21:27
scmagazine, EN, 2023, Mozi, botnet
How a tiny Pacific Island became the global capital of cybercrime

Despite having a population of just 1,400, until recently, Tokelau’s .tk domain had more users than any other country. Here’s why.

18:49
technologyreview, EN, 2023, domain, TLD, Tokelau
FIRST Announces CVSS 4.0 - New Vulnerability Scoring System

FIRST announces CVSS v4.0, the latest version of the Common Vulnerability Scoring System. Discover how this update addresses critical vulnerabilities.

18:22
thehackernews, EN, 2023, CVSS, CVSS4.0, Vulnerability, Scoring, System
Les sanctions américaines et l'assurance cyberattaque

L'assureur qui veut s'opposer au paiement de la prestation d’assurance suite à une cyberattaque, en invoquant les sanctions américaines, doit prouver que la cyberattaque a servi les intérêts d'une entité visée par ces sanctions et qu'il risque ainsi concrètement d'être réprimandé par l'autorité américaine compétente. Le simple fait que le type de logiciel utilisé pour la cyberattaque en question soit habituellement déployé par un groupe de cyberpirates sous sanction (in casu Evil Corp) ne suffit pas pour refuser le paiement de la prestation d’assurance.

16:01
swissprivacy, FR, CH, Suisse, 2023, droit, Tribunal-Fédéral, assureur, assurance, cyberattaque
Microsoft profiles new threat group with unusual but effective practices

Octo Tempest employs tactics that many of its targets aren't prepared for.

11:26
arstechnica, Microsoft, EN, 2023, OctoTempest, practices, Tactics, TTP
Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction

Microsoft has been tracking activity related to the financially motivated threat actor Octo Tempest, whose evolving campaigns represent a growing concern for many organizations across multiple industries.

11:23
microsoft, EN, 2023, analysis, OctoTempest, campaigns, tactics
Boeing says 'cyber incident' hit parts business after ransom threat | Reuters

Boeing , one of the world's largest defense and space contractors, said on Wednesday it was investigating a cyber incident that impacted elements of its parts and distribution business and cooperating with a law enforcement probe into it.

11:16
reuters, EN, 2023, Boing, ransomware
Analyse d’impact relative à la protection des données personnelles: comment faire?

La nouvelle loi sur la protection des données a introduit l’obligation d’établir, dans certains cas, une analyse d’impact relative à la protection des données personnelles (AIPD). Elle vise à identifier préalablement les risques potentiellement élevés pour la personnalité et les droits fondamentaux, afin de prendre les mesures adéquates pour les réduire à un niveau acceptable. Si l’exercice peut faire peur, il suffit de suivre quelques étapes très concrètes.

11:03
smetille, FR, 2023, CH, nLPD, AIPD, protection, risque, analyse