Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Quotidien Hebdomadaire Mensuel

Quotidien Shaarli

Tous les liens d'un jour sur une page.

Jour précédent
Jour suivant

February 21, 2025

Weathering the storm: In the midst of a Typhoon

Cisco Talos has been closely monitoring reports of widespread intrusion activity against several major U.S. telecommunications companies, by a threat actor dubbed Salt Typhoon. This blog highlights our observations on this campaign and identifies recommendations for detection and prevention.

17:07
talosintelligence, EN, 2025, analysis, Salt-Typhoon
Objet: Secteur du cloud - État de la menace informatique

Le Cloud computing, devenu incontournable pour les secteurs public et privé, favorise la transformation numérique mais offre également de nouvelles opportunités d’attaques et problématiques de sécurité pour les organisations qui l’utilisent.

L'ANSSI observe une augmentation des attaques contre les environnements cloud. Ces campagnes d'attaques, menées à des fins lucratives, d'espionnage et de déstabilisation, affectent les fournisseurs de services cloud (Cloud Service Provider, CSP), en partie ciblés pour les accès qu’ils peuvent offrir vers leurs clients. Elles ciblent également les environnements de clients de services cloud, dont l'hybridation des systèmes d'information générée par l'usage du cloud, augmente la surface d'attaque.

17:04
cert.ssi.gouv.fr, FR, 2025, cloud, rapport, attaques
Meet NailaoLocker: a ransomware distributed in Europe by ShadowPad and PlugX backdoors
  • An unknown threat cluster has been targeting at least between June and October 2024 European organizations, notably in the healthcare sector.
  • Tracked as Green Nailao by Orange Cyberdefense CERT, the campaign relied on DLL search-order hijacking to deploy ShadowPad and PlugX – two implants often associated with China-nexus targeted intrusions.
  • The ShadowPad variant our reverse-engineering team analyzed is highly obfuscated and uses Windows services and registry keys to persist on the system in the event of a reboot.
  • In several Incident Response engagements, we observed the consecutive deployment of a previously undocumented ransomware payload.
  • The campaign was enabled by the exploitation of CVE-2024-24919 (link for our World Watch and Vulnerability Intelligence customers) on vulnerable Check Point Security Gateways.
    IoCs and Yara rules can be found on our dedicated GitHub page here.
16:59
orangecyberdefense, EN, 2025, health, NailaoLocker:, China, campaign, ShadowPad, PlugX, Europe
German election targeted by Russian disinformation, security services warn | The Record from Recorded Future News

Germany’s security services warned on Friday that fake videos circulating online purporting to reveal ballot manipulation in the country’s upcoming federal elections were part of a Russian information operation.

16:56
therecord.media, EN, 2024, Germany, disinformation, Russia, election
Black Basta is latest ransomware group to be hit by leak of chat logs

Cybersecurity researchers are analyzing about 200,000 messages from inside the high-profile Black Basta ransomware operation that were leaked recently.

16:53
therecord, EN, 2025, BlackBasta, ransomware, dataleak, messages, logs
Apple yanks encrypted storage in U.K. instead of allowing backdoor access

Company will no longer provide its highest security offering in Britain in the wake of a government order to let security officials see protected data.

16:31
washingtonpost, EN, 2025, Apple, privacy, encrypted, storage, backdoor
CISA and FBI: Ghost ransomware breached orgs in 70 countries

CISA and the FBI said attackers deploying Ghost ransomware have breached victims from multiple industry sectors across over 70 countries, including critical infrastructure organizations.
#CISA #Computer #Cring #Critical #FBI #Ghost #InfoSec #Infrastructure #Ransomware #Security

07:23
bleepingcomputer, EN, 2025, Ghost, Ransomware, Critical-Infrastructure, Cring, CISA, FBI