Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Quotidien Hebdomadaire Mensuel

Quotidien Shaarli

Tous les liens d'un jour sur une page.

Jour précédent
Jour suivant

July 2, 2024

Cisco NX-OS Command Injection Vulnerability CVE-2024-20399: Insights and Defense Strategies

Discover key insights into the recently disclosed Cisco NX-OS software CLI vulnerability (CVE-2024-20399) affecting numerous Cisco Nexus devices.

18:59
sygnia, EN, 2024, CVE-2024-20399, Cisco, NX-OS, Command, Injection, Cisco, Nexus
Vulnerabilities in CocoaPods Open the Door to Supply Chain Attacks Against Thousands of iOS and MacOS Applications
  • E.V.A Information Security researchers uncovered several vulnerabilities in the CocoaPods dependency manager that allows any malicious actor to claim ownership over thousands of unclaimed pods and insert malicious code into many of the most popular iOS and MacOS applications. These vulnerabilities have since been patched.
  • Such an attack on the mobile app ecosystem could infect almost every Apple device, leaving thousands of organizations vulnerable to catastrophic financial and reputational damage. One of the vulnerabilities could also enable zero day attacks against the most advanced and secure organizations’ infrastructure.
  • Developers and DevOps teams that have used CocoaPods in recent years should verify the integrity of open source dependencies used in their application code.
  • Dependency managers are an often-overlooked aspect of software supply chain security. Security leaders should explore ways to increase governance and oversight over the use these tools.
18:58
evasec, EN, 2024, CocoaPods, Supply, Chain, Attacks, macOS, iOS, CVE-2024-38368
TeamViewer: Hackers copied employee directory data and encrypted passwords

TeamViewer says that a recently discovered breach appears to be limited to its internal corporate IT network. The software company has attributed it to a hacking operation associated with Russian intelligence.

16:44
therecord.media, EN, 2024, TeamViewer, encrypted, passwords, incident, APT29
Halcyon Identifies New Ransomware Operator Volcano Demon Serving Up LukaLocker

Halcyon Identifies New Ransomware Operator Volcano Demon Serving Up LukaLocker
#Demon #Halcyon #Identifies #LukaLocker #New #Operator #Ransomware #Volcano

14:37
Halcyon, Demon, Volcano, Ransomware, New, LukaLocker, Identifies, Operator
Analysis of the Phishing Campaign: Behind the Incident

See the results of our investigation into the phishing campaign encountered by our company and get information to defend against it. 

Here are some key findings:

  • We found around 72 phishing domains pretending to be real or fake companies. These domains created believable websites that tricked people into sharing their login details.
  • The attack was sophisticated, using advanced techniques like direct human interaction to deceive targets.
  • We analyzed several fake websites and reverse-engineered their web-facing application.
  • At the end of the post, you will find a list of IOCs that can be used for improving your organization’s security.
10:56
any.run, EN, 2024, incident, phishing, spear-phishing, IoCs