Quotidien Shaarli

On October 23, 2024, Fortinet published an advisory for CVE-2024-47575, a missing authentication vulnerability affecting FortiManager and FortiManager Cloud de…

Mondays are for checking months of logs, apparently, if MFA's not enabled

A new phishing campaign dubbed 'CRON#TRAP' infects Windows with a Linux virtual machine that contains a built-in backdoor to give stealthy access to corporate networks.

Chinese government cyberspies Volt Typhoon reportedly breached Singapore Telecommunications over the summer as part of their ongoing attacks against critical infrastructure operators.

The digital break-in was discovered in June, according to Bloomberg, citing "two people familiar with the matter" who told the news outlet that the Singtel breach was "a test run by China for further hacks against US telecommunications companies."

This one is a privesc bug yielding SYSTEM privileges for any VDI user, which is actually a lot worse than it might initially sound since that’s SYSTEM privileges on the server that hosts all the applications and access is ‘by design’ - allowing an attacker to impersonate any user (including administrators) and monitor behaviour, connectivity.

Russia has long been a military power, a nuclear power, a space power and in recent decades, a cyber power. It has been one of the most capable cyber actors, going back to the late 1990s when Russian state hackers stole classified documents and military research from U.S. universities and government agencies. The stolen documents, if stacked on top of one another, would have been taller than the Washington Monument (555 feet or 169 meters). These incidents, dubbed “Moonlight Maze” as described in Thomas Rid’s book “Rise of the Machines,” marked one of the world’s first advanced persistent threat (APT) attacks. Russia’s intelligence and security agencies continue to operate highly skilled groups of offensive attackers. Those APT groups are spread across its intelligence and security agencies and the Ministry of Defense. They engage in a broad range of cyber and influence operations tied to Russia’s strategic objectives. These include exploiting adversary systems, establishing footholds, conducting cyber espionage operations and running disinformation and misinformation campaigns designed to undermine Western narratives. One of the most effective and long-running Russian groups is Turla, a unit known as Center 16 housed within Russia’s Federal Security Service, or FSB. Researchers found that this group, which is active today, may have been connected with Moonlight Maze.

Etudiant en informatique, fasciné par l’univers des cybercriminels, il est accusé d’avoir lancé des attaques par bourrage d’identifiants à l’automne 2023. Récit d'audience.

In 2023, malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks compared to 2022, allowing them to conduct cyber operations against higher-priority targets. In 2023, the majority of the most frequently exploited vulnerabilities were initially exploited as a zero-day, which is an increase from 2022, when less than half of the top exploited vulnerabilities were exploited as a zero-day.

Malicious cyber actors continue to have the most success exploiting vulnerabilities within two years after public disclosure of the vulnerability. The utility of these vulnerabilities declines over time as more systems are patched or replaced. Malicious cyber actors find less utility from zero-day exploits when international cybersecurity efforts reduce the lifespan of zero-day vulnerabilities.

• Check Point Research is tracking an ongoing, large scale and sophisticated phishing campaign deploying the newest version of the Rhadamanthys stealer (0.7). We dubbed this campaign CopyRh(ight)adamantys.
• This campaign utilizes a copyright infringement theme to target various regions, including the United States, Europe, East Asia, and South America.
• The campaign impersonates dozens of companies, while each email is sent to a specific targeted entity from a different Gmail account, adapting the impersonated company and the language per targeted entity. Almost 70% of the impersonated companies are from Entertainment /Media and Technology/Software sectors.
• Analysis of the lures and targets in this campaign suggests the threat actor uses automation for lures distribution. Due to the scale of the campaign and the variety of the lures and sender emails, there is a possibility that the threat actor also utilized AI tools.
• One of the main updates in the Rhadamanthys stealer version according to claims by the author, is AI-powered text recognition. However, we discovered that the component introduced by Rhadamanthys does not incorporate any of the modern AI engines, but instead uses much older classic machine learning, typical for OCR software.

Kandji's Threat Research team performed an audit on the macOS diskarbitrationd & storagekitd system daemons, uncovering several (now fixed) vulnerabilities