Quotidien Shaarli

The German police have seized infrastructure for the darknet Nemesis Market cybercrime marketplace in Germany and Lithuania, disrupting the site's operation.

We unravel the details of two large-scale StrelaStealer campaigns from 2023 and 2024. This email credential stealer has a new variant delivered through zipped JScript.
#2024 #Campaign #EN #JScript #StrelaStealer #analysis #paloaltonetworks

Last year, we again witnessed the power of community-driven security efforts as researchers from around the world contributed to help us identify and address thousands of vulnerabilities in our products and services. Working with our dedicated bug hunter community, we awarded $10 million to our 600+ researchers based in 68 countries.

Une quarantaine d’établissements scolaires, notamment de région parisienne et de l’académie de Rennes, ont reçu des menaces d’attentat terroriste sur leurs espaces numériques de travail (ENT), mercredi 20 mars. La région Île-de-France a déposé plainte, ce jeudi 21 mars, au cyber-parquet de Paris. Une enquête est ouverte, une brigade spécialisée de la police judiciaire est saisie.

Bishop Fox examines the iSoon data disclosure from an offensive security perspective and an analysis of the platform's capabilities, design, features.

In late 2023 and early 2024, the ransomware ecosystem experienced repeated disruption of its most prolific Ransomware-as-a-Service (RaaS) groups at the hands of international Law Enforcement (LE). Alphv’s dark web data leak site was seized, then unseized, then re-seized in a December 2023 law enforcement operation that seemingly failed to deter the group – until AlphV ultimately claimed to disband via an apparent exit scam, immediately following a high-profile attack against Change Healthcare in March 2024. LockBit experienced a far more dramatic and well-marketed disruption, “Operation Cronos,” in February 2024, leading to the compromise of its infrastructure, internal operational details, and data. While LockBit has ostensibly continued operations, its highly publicized disruption raises the question of whether the group will be able to continue operating and attracting affiliates at the level they once enjoyed.

• Trezor’s official X account was compromised, likely due to a SIM swap attack, and used to promote a fake token presale.
• ZachXBT and crypto security firm Scam Sniffer identified the fraudulent activity, preventing wider user losses.
• Despite compromising Trezor’s account, the hacker only managed to steal a paltry $8,100.

The U.S. Department of Justice in a lawsuit filed Thursday is accusing Apple of discarding user security and privacy protections as part of a broader effort to