Quotidien Shaarli

• The Russian autonomous system PROSPERO (AS200593) could be linked with a high level of confidence to Proton66 (AS198953), another Russian AS, that we believe to be connected to the bulletproof services named ‘SecureHost‘ and ‘BEARHOST‘. We notably observed that both network’s configurations are almost identical in terms of peering agreements and their respective share of loads throughout time.
• Amongst the activities shared by the two networks, we noticed that both GootLoader and SpyNote malwares recently changed their infrastructure of command-and-control servers and phishing pages from to Proton66. Additionally, the domains hosting the phishing pages deploying SpyNote were hosted on either one of the two AS and had already been used in previous campaigns delivering revoked AnyDesk and LiveChat versions for both Windows and Mac.
• Regarding the other malicious activities found on PROSPERO’s IPs, we found that throughout September, multiple SMS spam campaigns targeting citizens from various countries were leading to phishing domains hosted on PROSPERO and Proton66. While most phishing templates were usurping bank login pages to steal credit card details, we also noticed that some of them were used to deploy android spywares such as Coper (a.k.a. Octo).
• SocGholish, another initial access broker (IAB) that we found to be hosting a major part of its infrastructure on Proton66, continues to leverage this autonomous system to host fingerprinting scripts contained on the websites it infects. Along SocGholish, we found out that FakeBat, another loader that infects systems through compromised websites, was using the same IPs to host both screening and redirection script

Security research that presents a method to automatically validate credentials against Fortinet VPN servers by uncovering an exploit that attackers can use to compromise countless organizations.

Quatre Américains et un Britannique sont désormais poursuivis pour leur implication dans ce groupe, accusé notamment d’avoir piraté les casinos MGM Resorts. Spécialisé dans l’hameçonnage, ce collectif pourrait être l’émanation d’une vaste communauté de pirates anglophones.

L’attacco è avvenuto il 18 novembre ma è stato comunicato il giorno dopo attraverso l’avviso di un ente che si serve di INPS Servizi

Dans le cadre d'un nouveau projet, le groupe technologique Ruag modifie un smartphone Samsung pour les institutions gouvernementales et les autorités telles que l'armée et les organisations à gyrophare.

Un smartphone appelé "Guardian" est un nouveau projet de communication sécurisée. C'est l'entreprise d'armement Ruag MRO qui en est responsable. Le prototype actuel devrait également fonctionner par satellite dans un avenir proche. Ruag collabore avec Wisekey, une société de sécurité genevoise, pour la connexion par satellite. C'est ce que rapportent plusieurs médias suisses comme le "Walliser Bote" et "Watson".

[Article mis à jour le 19 novembre 2024 à 17h40] Un cybercriminel a mis en ligne, mardi, une base de données contenant les informations hospitalières et personnelles de plus de 750 000 personnes. Celui-ci revendique une fuite de données du logiciel de gestion médicale Mediboard.

Learn how Nautilus threat-hunting operation analyzed attackers exploiting misconfigured JupyterLab for illegal stream ripping with Traceeshark.

L’enseigne de surgelés a averti mardi une partie des clients de son programme de fidélité que leurs données sont dans la nature.