Quotidien Shaarli

Schneider Electric has confirmed a developer platform was breached after a threat actor claimed to steal 40GB of data from the company's JIRA server.

In a rather novel attack chain, attackers deploy a custom-made emulated QEMU Linux box to persist on endpoints, delivered through phishing emails.

Health care breaches lead to legislation
Highlights of the new standard include:

• Performing and documenting a security risk analysis of exposure
• Documentation of a business continuity plan (BCP)
• Stress test of resiliency and documentation of any planned changes to the BCP
• A signed statement by both the CEO and CISO of compliance
• A third-party audit to certify compliance (no later than six months after enactment)

• ThreatLabz has developed a tool named SmokeBuster to detect, analyze, and remediate infections.
• SmokeBuster supports 32-bit and 64-bit instances of SmokeLoader and versions 2017-2022. The tool is compatible with Windows 7 to Windows 11.
• SmokeLoader is a malware downloader that originated in 2011. The malware is primarily designed to deliver second-stage payloads, which include information stealers and ransomware.
• Despite a major disruption by Operation Endgame in May 2024, SmokeLoader continues to be used by numerous threat groups largely due to numerous cracked versions publicly available on the internet.
• The last four versions of SmokeLoader contain coding flaws that significantly impact an infected system’s performance.

In the last few days, many Tor relay operators - mainly hosting relay nodes on providers like Hetzner - began receiving abuse notices.
All the abuses reported many failed SSH login attempts - part of a brute force attack - coming from their Tor relays.

Tor relays normally only transport traffic between a guard and an exit node of the Tor network, and per-se should not perform any SSH connections to internet-facing hosts, let alone performing SSH brute force attacks.

The president and former prime minister were among targets of hackers selling highly sensitive data.

Le ministère du Travail et de l’Emploi a pris connaissance de la violation du système d’information, porté par un prestataire de services, utilisé par le réseau des Missions locales.

Cette cyber-attaque a eu lieu dans la nuit du 23 octobre 2024 au 24 octobre 2024.

Des investigations sont en cours chez le prestataire pour connaître l’origine de cet évènement. La sécurité des systèmes d’information du réseau des Missions locales elles-mêmes n’est pas en cause.

AEP GmbH was the victim of a targeted cyber attack on October 28, which led to the partial encryption of the company's IT systems. The company's own security systems detected the attack. The company provides information about this on its website.